|
|
|
|
|
|
by sgp_
1599 days ago
|
|
|
It's not comparable though. The simplified (though slightly wrong) way to think about Grin is that its privacy is like Monero but without Monero's ring signatures. Its transaction graph privacy is quite weak. While the author of this article makes some mistakes, here's an example of that weakness: https://medium.com/dragonfly-research/breaking-mimblewimble-... Grin developers said in response: > The Grin team has consistently acknowledged that Grin’s privacy is far from perfect. While transaction linkability is a limitation that we’re looking to mitigate as part of our goal of ever-improving privacy, it does not ‘break’ Mimblewimble nor is it anywhere close to being so fundamental as to render it or Grin’s privacy features useless. Hiding addresses and amounts is certainly better than Bitcoin, but the transaction graph privacy offered by Grin is significantly weaker than Monero. It's not the same. |
|
|
We present a coin shuffling proposal with the following properties:
Users submit self-spends throughout the day. No interaction needed for shuffling.
Shuffling is performed at the end of the day by a set of mixnodes that cannot steal any coins.
Invalid self-spends are automatically filtered out. No need to abort or restart the shuffling.
As long as at least one mixnode is honest, then no one learns the input output links.
The size of the shuffle is limited only by blocksize and could easily be over a thousand.
Each shuffle only grows the chainsize by a small constant (~100 byte per mixnode), thanks to MW cut-through.
Widespread use of the protocol would leave the transaction graph mostly obscured.