Mimblewimble, a cryptocurrency network that touts itself as being privacy-focused, has taken a bit of a hit in the past few days. However, things came to a head yesterday, when Ivan Bogatyy, a researcher at venture capital firm Dragonfly Capital Partners, exposed some chilling vulnerabilities about Mimblewimble and the GRIN cryptocurrency.
However, Charlie Lee, the creator of popular cryptocurrency Litecoin, is coming to the defense of the network. The entire case began with a blog post published on the issue of Mimblewimble and privacy, where Bogatty explained that by spending just $60 a week on Amazon Web Services, he was able to access the wallet addresses of about 96 percent of the people who sent and received the asset.
MimbleWimble is no good for privacy
The report also contained a rather scathing account of how Mimblewimble works. As Bogatty put it, all transactions on Mimblewimble are put into a single CoinJoin, which leaves anonymity set with all the transactions being located on one block. Unlike other privacy cryptocurrency networks and cons which shield their anonymity sets and transactions, Mimblewimble has this inherent flaw, and he was able to exploit it and access those transaction details.
Summarizing, Bogatty asserted that Mimblewimble is unable to hold a candle to other privacy coins and networks, such as Monero and Zcash.
The paper has gotten attention from several in the crypto space, including Ethereum co-founder Vitalik Buterin, who succinctly criticized Mimblewimble’s choice of an anonymity set. Replying to Bogatyy, Buterin encourage crypto network developers to embrace the Zero-Knowledge Succinct Non-Interactive Argument of Knowledge (zk-SNARK), calling it an example of the only global anonymity sets which can guarantee security.
If your privacy model has a medium anonymity set, it really has a small anonymity set. If your privacy model has a small anonymity set, it has an anonymity set of 1. Only global anonymity sets (eg. as done with ZK-SNARKs) are truly robustly secure. https://t.co/VduwqrbMfs
— vitalik.eth (@VitalikButerin) November 18, 2019
Scalability on MimbleWimble is still critical
Lee, however, is not joining the bandwagon of people who have been all too happy with dumping on Mimblewimble. In reply to the tweet by Bogatyy, the Litecoin boss clarified that Mimblewimble is a network that proves scaling benefits to confidential transactions, with slight unlinkability.
“To get better privacy,” he counseled, “You can still use CoinJoin before broadcasting, and CoinJoin works better with Mimblewimble due to Confidential Transactions and aggregation.
Of course, Les comments were more about self-preservation. Litecoin recently announced that it had started working on integrating MimbleWimble into its network, which will prove LTC users the opportunity to opt into confidential transactions to keep the values of their transfers secure. However, if MimbleWimble now has news of such a security flaw dogging it, the objective of this integration, as well as Litecoin’s hopes of finally crawling out of the shadow of Bitcoin, could be jeopardized.
This isn’t the first time that Lee would be making such a statement. After the MimbleWimble partnership was announced, he made an appearance on Grin Talk, where he clarified that the reason why Litecoin chose to work with the security network was due to its ability to provide security without sacrificing scalability on transactions.