Grin developer’s response: Factual inaccuracies of “Breaking Mimblewimble’s Privacy Model”, and reaction from Litecoin dev.
Does this mean all Grin transactions are de-anonymized? No… it depends on how it’s used. Similarly, even Bitcoin can be used in a near-anonymous fashion, it’s just harder for most users to do. By default, Grin gives more anonymity to more of its users than Bitcoin, while improving scalability, but having other tradeoffs.
From reading about Grin, I can’t really find a reason why one would use it over Monero. Do you have any arguments for Grin vs Monero?
I’m not sufficiently versed in the details of the tradeoffs to make a judgement one way or the other, especially since both cryptocurrencies change over time through network upgrades. It kinda depends on what you need it for. Monero seems better in terms of privacy, and Grin might scale better. I think they have different tradeoffs, and both are interesting in their own right, both paths worth exploring.
One of the most interesting things about Grin is cut-through, which drastically reduces the size of the blockchain. BTC and XMR both can’t compete on that front, unless I missed some breakthrough in the past year or so.
So, in the next update, make peers broadcast their other peers to each other, and try to avoid all connecting to the same ones. Then the dandelion distribution works again, right? That may create another privacy issue though… perhaps hash them in some way before sharing.
TL;DR Until better alternatives emerge, use Monero or Zcash if you require privacy when transacting.
Something that doesn’t seem to get talked about much is the cost of these anonymization processes. Bitcoin (and Bitcoin-like) transactions are not free, and if you’re doing lots of transactions in the process of anonymization, it seems like that will get expensive. Does anyone know of any sources looking into that aspect?
Shouldn’t the reaction to something like this be “don’t rely on cryptocurrencies for privacy” rather than “use Zcash/Monero instead of this one that’s even more broken than others”?
…no, that’s not really a valid conclusion to draw from this kind of research
Since one implementation had its anonymity downgraded a bit, all other implementations are inherently flawed? I think that is the wrong conclusion to draw here.
Is there a concern with zcash not being private? It seems that the protocol is quite secure (in terms of privacy) when used correctly.
Zk-SNARKS setup could’ve been compromised; the dev tax is also an issue, though not a privacy concern