About a year ago, we published an analytical article titled “MimbleWimble: The Good and The Bad”. The analysis highlighted some major limitations of the MimbleWimble privacy protocol.
Specifically, we demonstrated how a dedicated observer could easily monitor the network and trace the transactions to build a transaction graph:
“…..The confirmed block will have a smaller number of inputs and outputs mixed together in a way that makes it more difficult to recognize the sides of a specific transaction. However, it is possible and probably easy for anyone to keep recording all the transactions from the unconfirmed transaction pool. This data could be used to build detailed transaction graphs of the network.”
But what is a transaction graph?
When a user performs a transaction, they simply spend payments (UTXO) they received before to pay someone else (a new UTXO). When this someone spends their UTXO to a third person, there is a graph that can be created linking the first and third users. This means that by revealing this TX graph, the history of each payment can be known. For example, it is becoming a routine to perform this kind of analysis, e.g. TokenAnalyst tracing the source of a $1B transaction.
Many crypto users think that MimbleWimble, as a privacy-enhancing protocol, can hide this information which, as we pointed out in our article, is incorrect.
MW hides TX amounts but is, by design, weak in hiding the transaction graph. At the time we wrote our article, the Grin Network was not launched yet, so it was not possible to validate this prediction.
The Validation of MW Weakness
This week, Ivan Bogatyy published the results of an attack he executed on the Grin network. The attack was exactly as the article predicted; Ivan modified the code for multiple nodes on the Grin network to record all possible transactions these nodes observe. From that information, it was possible to trace and build the transaction graph linking 96% of Grin transactions.
Ivan has also provided good examples of why this transaction graph reconstruction can be a huge problem that disqualifies MimbleWimble-based currencies from being considered true privacy-maintaining currencies. The simple reason, if we were to put together an equation, would look something like:
The fundamental misunderstanding of MW privacy features can lead individuals to use it in transactions they wouldn’t use Bitcoin for (as they understand that Bitcoin’s privacy guarantees are currently limited). However, as MW privacy is also inherently limited, it is of utmost importance to educate the public about these limitations. Both our article and Ivan’s work should be understood in this context.
Grin devs shouldn’t consider this research as an attack on Grin, as the tone of their response reveals it was received as such. These devs have done a commendable job implementing MW without VC funding. The quality of their implementation speaks for itself and they deserve immense respect for their work.
⚡️ Gaming on Lightning
Bitcoin Bounty Hunt is a Lightning-native multiplayer FPS game. It's funded via Ad-Hodl auctions, includes an integrated Neutrino wallet, and has players battling each other to win sat(oshis) bounties.
As Matt Odell tweeted, poker without skin in the game is boring. Similarly, as online gaming increasingly becomes more mainstream, having real value assets (like satoshis) makes games more engaging and meaningful.
⚡️Zap Desktop 0.6.0-Beta
Zap Desktop just released a new update that includes features such as Inurl-withdraw support, global password, invoicing and activity history improvements, and message signing. You can read the complete list here. You can also find a comprehensive tutorial that helps you get set up here.
Though Zap has been seeing continuous growth for a while now, recently, the product's growth has been spiking outside of the US - particularly in the Middle East. Zap Desktop is preferred over Zap Mobile because the mobile version requires users to submit personal information to Apple and Google in order to use their app platforms. Zap Desktop avoids that level of KYC which largely explains its significant uptick in number of users outside of the US.
🔹 InstaDapp DAI Migration Tool
The InstaDapp team quickly spinning up a user-friendly tool to migrate to the new version of MakerDao is one interesting signal of how interoperable the Ethereum DeFi ecosystem has become. Using this tool, CDPs and Single-collateral DAI (SAI) can be easily converted to the newer Vault and multi-collateral DAI with minimal interruption.
🔹 First Ethereum 2.0 Explorer
In preparation for the launch of ETH 2.0 in Q1 2020, Bitfly, the owner of the Ethermine mining pool, has announced the first explorer for ETH 2.0. The explorer will be open source, allowing other entities to develop it further or to launch their own explorer version. Currently, the explorer currently displays the Prysmatic Labs testnet.
💰 Monero's Security Compromised
The official website of Monero, one of the most well-known cryptocurrencies, was compromised. The attacker replaced the binaries required to operate on the network with malicious versions that stole victims' coins. The attacker counted on the fact that most users don't check the validity of the binary by validating the hash of the downloaded binary. Luckily, the attack was quickly discovered and the website served compromised binaries for less than an hour.
💰 Cosmos Ecosystem Welcomes Its First DeFi Project: Kava
After some technical obstacles and a rescheduled launch, the DeFi project Kava has launched its Tendermint network in the Cosmos ecosystem. Kava aims to provide an alternative to Ethereum's DeFi ecosystem. The goal is to support multiple assets including BTC, XRP, ATOM and Binance's BNB. It will be interesting to see if Cosmos and Kava can dethrone Ethereum as DeFi's leading protocol.
Disclosure: Token Daily Capital and/or its partners may have exposure to some of the cryptocurrencies mentioned in this newsletter.