Non-follow-up Cryptocurrencies reveal the secret of your transactions
What do you know about the non-follow-up Cryptocurrencies? In the Harry Potter world, many intriguing spells prevent others from telling your secrets. The name of one of these spells is MimbleWimble or “tongue-in-cheek” spell. Of course, MimbleWimble is also a name for Cryptocurrencies privacy technology. Someone finally had to inject some magic into the world of Cryptocurrency! In an article, Wired Magazine has explored and discussed non-follow-up Cryptocurrencies and the coins’ privacy.
Non-follow-up Cryptocurrencies, good or bad
The first coins to use the technology were Grin and Beam, both of which were released in January last year, but after an independent researcher launched an attack according to him, The privacy model is fundamentally paralyzed, discussions arose in which the privacy of the original protocol of the two coins had been questioned. Proponents of the protocol say the vulnerabilities can be repaired. These shortcomings of the MimbleWimble Protocol and the vulnerabilities of currencies such as Monero and Zcash remind us once again how difficult it is to safeguard the privacy of the Cryptocurrency.
Non-follow-up Cryptocurrencies | Private lives
The coins’ privacy or non-follow-up Cryptocurrencies are our response to the non-privatization of bitcoin. For most people, bitcoin is an anonymous currency, but both law enforcement and criminals are aware of this theory. If we put the fact that all bitcoin transaction data is publicly available alongside targeted subpoenas that force exchanges to collect their customers’ information, we find that identifying address owners is no problem at all.
In fact, for many, it has become a big business. Data from the Federal Employment System (Transactions over 3000$ Oversight System) shows that institutions such as the FBI and the National Security Agency spend millions of dollars annually to develop software that helps them track transactions. That is why in recent years Dark Web activists have been using non-follow-up coins to remain anonymous.
Florian Trame of Stanford University explains this:
“Keeping these transactions anonymous and private is much more difficult than properly executing cryptographic codes. For example, the MimbleWimble protocol does a part of its job of protecting privacy by aggregating a large number of transactions in a non-intrusive package. Using this method makes it much harder for detectors to identify the transaction owner.”
Dandelion is one of the components used in Grin and Beam coins that guarantees this aggregation [in transactions] before sending it to other nodes in the network. Dandelion’s method is to first identify a stem of interconnected nodes into which the transactions are combined, and then to form a flower that propagates the transactions to the network.
What do professionals say about Non-follow-up Cryptocurrencies
Former Google engineer Ivan Bogatyy says this protocol is also vulnerable because the attacker can launch a node that can track all other node transactions. In all cases, this supernode can (almost) steal transaction information regardless of nodes and before the aggregation, and can identify both parties to the payment.
Giulia Fanti, a professor at Carnegie Mellon University and one of the dandelion designers, said the attack represents one of the known limitations of MimbleWimble:
“I think the attack was more of a surprise to ordinary users than people who worked on the technology.”
Part of the problem, he says, is that these coins have not yet gained much popularity and use. It can be surmised that more transactions will result in faster aggregation, making it more difficult for Supernode to capture transactions that are left unattached. Fanti points out that this principle applies to many anonymous technologies that usually rely on hiding within a set.
Of course, the developers of these Harry Potter coins believe the attack is not that serious. The Grin Development Group says they are fully aware that the MimbleWimble Privacy Protocol is lacking and are working on a solution to the problem. On the other hand, the development team says they have already been able to somehow fix the problem by using fake transactions that increase the efficiency of the integration process.
Andrew Miller, a professor at the University of Illinois and a member of the Board of Directors of the ZCash Foundation, says:
“But it is useful to show how a hypothetical attack can be both cheap and effective. This [attack] changes the arguments around these coins. The attack was not difficult at all and showed how widespread the problem is on the current scale of the network.”
The bad news about side channels
Florian Tramer, who works at Stanford as a cryptography researcher, says that MimbleWimble, as a relatively young protocol, still cannot guarantee the privacy of its users like methods used in coins like Monero and Zcash. He went on to say that these currencies have a long history and rely more on the methods they have passed including ring signatures and zero-knowledge proofs.
“The biggest problem is our expectations of privacy from various technologies.”
According to him, even if the problem is solved, the field of privacy is still very complex. He recently launched attacks against Monero and Zcash that didn’t even need to target these coins’ luxurious cryptographic methods to succeed. He added:
“This is exactly where developers spend most of their effort, but when you look at the overall picture of these devices and how they interact, you’ll notice that data privacy and anonymity are much more difficult to execute Encryption codes properly.
Tramer and his colleagues developed a network security attack test called a side-channel attack that targets communications between transactions that must be private and also external (public) networks. A wallet has to scrutinize each of the destination and source individually to determine them because of the encryption details of the transactions.
The Tramer team designed this attack based on observing different methods of wallets to investigate the encryption of transactions to determine their destination and their correct origin. A competitor or adversary can gain a lot of information by carefully examining these minor differences in network scheduling and behavior. The attacker can identify the recipient of any anonymous transaction on the network using the Tramer attack method and then determine the IP address of the computer owner of the private keys associated with that public address (wallet).
Non-follow-up Cryptocurrencies | Monero and Zcash Non-follow-up Cryptocurrencies
Tramer says he has explained the vulnerabilities to the Monero and Zcash teams and is pleased to see their action to solve the problem speed up. Monero’s solution to this problem was simple because it was designed in a way that the network and the wallet were not interconnected. The overlap of codes, in this case, was a hole to close.
Zcash had a more difficult task in this case because the wallet and network operation are connected. The reason is that it goes back to the origins of the Zcash network that designed it by adding its privacy technologies to the Bitcoin blockchain instead of building its blockchain.
“Part of the attack came from a client that did not consider anonymity and user privacy issues when it was created. This is, of course, a problem that the Zcash team is well aware of.”
These problems have now been resolved, and non-follow-up coins are still much more anonymous than bitcoin transactions that can be monitored and tracked even years after they are made. Miller says the coin user community needs to monitor such attacks more closely to keep them functional. The leak of such information when communicating with software to pay for online services with Monero, Zcash, or Grin currencies can be very worrying.
In the end, Tramer added, these attacks are almost new, but have gradually gained the attention of the public. Private coins have a very strong cryptographic core, but ultimately their practical application will ensure that they remain 100% secure.
ExPay 24 provides safe and secure services in the shortest time possible. Our services include exchanging cryptocurrencies such as Ethereum, Ripple, Tron, Bitcoin, Tether, Monero and Litecoin to Matercard, Google Play, Webmoney, iTunes and also other various services. Your orders will be placed 100% automatically. Contacts us for more information.