- There’s some debate on whether the attack is “new” academically. As I note in the post and tweetstorm, the attack has been independently hypothesized by other researchers, Grin developers and myself a while ago. The novelty is in the live demonstration and precise experimental results. Further, it definitely seems to be news to a lot of people who are not in the trenches reading Grin code. Great summaries on this from Balaji and Udi.
- My research claims to break the privacy model (the assumptions of user privacy) and does just that. Breaking the protocol itself would indeed be a different thing.
- There’s some confusion because “Grin doesn’t have addresses, only commitments”. In practice, commitments are isomorphic to Bitcoin with no address reuse. If Bitcoin is enough to keep the flow of transactions private (it is not), why build anything else? With this attack, a Grin block explorer could be built that allows following commitments in exactly the same way Bitcoin UTXOs can be followed on-chain now.
- Right now, if Alice purchases Grin on an exchange and later uses it to shop on a darknet market, a sniffer node will capture a precise, undeniable trail of commitments (starting at the KYCed exchange commitment and ending on the darknet market) that incriminates Alice. Alice would not expect that, because she thinks Grin is “private” and further, public block explorers can’t show that link, only the special sniffer nodes can. This is the key point.
Other Grin developers (1) (2) have taken this work for what it is: a hands-on empirical confirmation that exposes an important research problem. It needs to be known by potential users and fixed for Grin to get wide adoption as a privacy-preserving cryptocurrency.