From f358228003f6a1197c4f10d0603762551b555986 Mon Sep 17 00:00:00 2001 From: Dagon Harett <48036047+dagonharett@users.noreply.github.com> Date: Sat, 1 Jul 2023 19:11:27 +0100 Subject: [PATCH 1/2] linkability (open-research-problems): improve and mention practical results Mention that linking Grin's input and output was proven in practice. Overall linkability section improvement (phrasal construction and grammar). --- open-research-problems.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/open-research-problems.md b/open-research-problems.md index 35726d2..253deaa 100644 --- a/open-research-problems.md +++ b/open-research-problems.md @@ -126,13 +126,13 @@ The goal is this research problem is to investigate and develop an asynchronous, Mimblewimble/Grin leverage [confidential transactions](https://en.bitcoin.it/wiki/Confidential_transactions) to hide the identity of the sender and recipients. As such, there are no public amounts or addresses. -However, it is possible for someone listening on the network to build a transaction graph and possibly clustering entities together. +However, it is possible for someone listening on the network to build a transaction graph and possibly cluster entities together. Ivan Bogatyy has shown this attack works in practice, being able to [link 96% of Grin transactions](https://github.com/bogatyy/grin-linkability) broadcasted during the run of his experiment. -Techniques like [Dandelion++](https://arxiv.org/abs/1805.11060) mitigate this issue but are insufficient for a privacy coin. +The [Dandelion++](https://arxiv.org/abs/1805.11060) inspired transaction propagation technique implemented in Grin was insufficient to mitigate the attack. It successfully hides IP addresses but cannot aggregate enough transaction to obscure the transaction graph. This is insufficient for a privacy coin. -A much more promising design is this Mimblewimble [CoinSwap proposal](https://forum.grin.mw/t/mimblewimble-coinswap-proposal) +A much more promising design is the [Mimblewimble CoinSwap proposal](https://forum.grin.mw/t/mimblewimble-coinswap-proposal). -The goal of this research is to investigate ways to obfuscate the Grin transaction and implement such design. +The goal of this research is to investigate ways to obfuscate the Grin transaction graph and implement such design. ### Relevant Papers From 1174b56e363a0300f1da27b06ae9446402680b6e Mon Sep 17 00:00:00 2001 From: Dagon Harett Date: Fri, 12 Apr 2024 18:01:42 +0100 Subject: [PATCH 2/2] linkability (open-research-problems): it was well known beforehand Re-phrase taking into account that: - the linkability issue was well know before being showed in practice - Dandelion++ was never intended to solve linkability per se --- open-research-problems.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/open-research-problems.md b/open-research-problems.md index 253deaa..bb60bf5 100644 --- a/open-research-problems.md +++ b/open-research-problems.md @@ -126,9 +126,9 @@ The goal is this research problem is to investigate and develop an asynchronous, Mimblewimble/Grin leverage [confidential transactions](https://en.bitcoin.it/wiki/Confidential_transactions) to hide the identity of the sender and recipients. As such, there are no public amounts or addresses. -However, it is possible for someone listening on the network to build a transaction graph and possibly cluster entities together. Ivan Bogatyy has shown this attack works in practice, being able to [link 96% of Grin transactions](https://github.com/bogatyy/grin-linkability) broadcasted during the run of his experiment. +However, it is possible for someone listening on the network to build a transaction graph and possibly cluster entities together. Ivan Bogatyy has shown this in practice, being able to [link 96% of Grin transactions](https://github.com/bogatyy/grin-linkability) broadcasted during the run of his experiment. -The [Dandelion++](https://arxiv.org/abs/1805.11060) inspired transaction propagation technique implemented in Grin was insufficient to mitigate the attack. It successfully hides IP addresses but cannot aggregate enough transaction to obscure the transaction graph. This is insufficient for a privacy coin. +Grin implements a [Dandelion++](https://arxiv.org/abs/1805.11060) inspired transaction propagation technique, which, besides the main goal of hiding the source IP address, also aggregates transactions during the stem phase. Unfortunately it cannot aggregate enough transactions to obscure the transaction graph and meaningfully reduce the linkability. A much more promising design is the [Mimblewimble CoinSwap proposal](https://forum.grin.mw/t/mimblewimble-coinswap-proposal).