linkability (open-research-problems): improve and mention practical results#264
linkability (open-research-problems): improve and mention practical results#264dagonharett wants to merge 2 commits intomimblewimble:masterfrom
Conversation
…esults Mention that linking Grin's input and output was proven in practice. Overall linkability section improvement (phrasal construction and grammar).
open-research-problems.md
Outdated
| Mimblewimble/Grin leverage [confidential transactions](https://en.bitcoin.it/wiki/Confidential_transactions) to hide the identity of the sender and recipients. As such, there are no public amounts or addresses. | ||
|
|
||
| However, it is possible for someone listening on the network to build a transaction graph and possibly clustering entities together. | ||
| However, it is possible for someone listening on the network to build a transaction graph and possibly cluster entities together. Ivan Bogatyy has shown this attack works in practice, being able to [link 96% of Grin transactions](https://github.com/bogatyy/grin-linkability) broadcasted during the run of his experiment. |
There was a problem hiding this comment.
I think this was unfairly labeled as an "attack" in Bogaty's article. This is just a well known way of gathering information that's already public.
open-research-problems.md
Outdated
| However, it is possible for someone listening on the network to build a transaction graph and possibly cluster entities together. Ivan Bogatyy has shown this attack works in practice, being able to [link 96% of Grin transactions](https://github.com/bogatyy/grin-linkability) broadcasted during the run of his experiment. | ||
|
|
||
| Techniques like [Dandelion++](https://arxiv.org/abs/1805.11060) mitigate this issue but are insufficient for a privacy coin. | ||
| The [Dandelion++](https://arxiv.org/abs/1805.11060) inspired transaction propagation technique implemented in Grin was insufficient to mitigate the attack. It successfully hides IP addresses but cannot aggregate enough transaction to obscure the transaction graph. This is insufficient for a privacy coin. |
There was a problem hiding this comment.
Dandelion++ is mostly used for obfuscating the source of the transaction. We happen to also aggregate transactions during the stem phase, but I don't think this was intended to sufficiently mitigate collecting the information. It was always well understood that's not sufficient for blind aggregation.
|
@dagonharett thanks for the PR! You're right that pre-block MW coinswap is a better technique to obfuscate the graph than dandelion++. I left some comments, mostly that we all understood this information was public and anyone can collect it. This PR might make the reader feel as if this was not expected to happen. |
Re-phrase taking into account that: - the linkability issue was well know before being showed in practice - Dandelion++ was never intended to solve linkability per se
|
@phyro Thanks a lot for the review and sorry for the long delay on my part. I'll stay more alert this time. I decided to keep this PR open as I believe mentioning the practical results (plus the phrasal construction and grammar fixes) still improve the website. |
2 participants
Mention that linking Grin's input and output was proven in practice.
Overall linkability section improvement (phrasal construction and grammar).