Hacker News new | past | comments | ask | show | jobs | submit login

The biggest privacy issue with grin is it doesn't hide the transaction graph. See their own write up[0] which offers a very good and nuanced privacy discussion. This means, for example, you can be tracked by colluding vendors. Or can be identified when trying to accept payments anonymously.

I don't think blinding factors are as much of an issue.

Zcash setup doesn't matter for privacy. The larger issue is as you said, adoption of private transactions.

[0]https://github.com/mimblewimble/docs/wiki/Grin-Privacy-Prime...




RSA accumulators is an active area of research that will help with unlinking inputs and outputs, see the grin forum thread for more discussion:

https://www.grin-forum.org/t/benedikt-bunzs-utxo-commitments...


It really doesn't help with that unless you use a completely different protocol and assume trusted setup. At which point, just use zcash, it will have smaller and faster to verify transactions. Trust me, I've been working with RSA accumulators for privacy in Bitcoin since 2011.


Ah, I didn't see how the blinding factor was being used (the code is actually easier to understand than the paper). This has approximately the same linkability as monero, inferior to zcash (complex) or chaumian tokens (hyper-efficient, but centralized per-currency, although currencies can be permissionless).


Why can’t you just do self to self transactions before/after each external transaction, and split/aggregate to standardized values (to start, let’s assume the entire system only allows payments of exactly 100 units each).


Self to self txs could help obscure the tx graph when held at Dandelion nodes ready to aggregate with any other tx passing through the stem.

Standardizing values makes no sense since amounts are already invisible.


Let’s assume Alice is an antagonist coordinating with Carol to unmask bob.

How many self to self tx does bob need to do to hide from Alice and carol?


I believe it depends on how much of the network the adversary can monitor, and high a confidence Alice/Carol need in Bob’s identity to take action. If the action is “subject him to additional off-chain scrutiny”, the bar is presumably lower than “criminal conviction or assassination solely on this evidence”.

The more I learn about MW the less suitable it seems for my goals.


I think Alice and Carol need knowledge of 2 tx with Bob to coordinate a common ancestor; that's it.

If you imagine the ledger like a deck of cards, there is probably a point where all txo's are shuffled (and we can likely make a conjecture that after N shuffles, the position of any txo is unknown, it's just hard to gauge how many shuffles we need to do for real privacy guarantees. If you want 6 sigma privacy, you might need to wait a very long time).




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: