mimblewimble team mailing list archive

[John Tromp <john.tromp@xxxxxxxxx>]

hi Luke,

> current crypto-currencies with the exception of monero are based
> around the principle of hiding... so of course they are being hunted
> and hounded.  monero and i believe grin-coin at least provide both
> privacy *and traceability*, such that an individual may *prove* to
> their local tax authorities that yes they accepted the transaction,
> but that they can also prove that the transaction was completed
> *outside of their jurisdiction*.

Are you talking about transactions that the user reports to the authorities
in the first place? In that case the user would simply not report transactions
that are "inside the jurisdiction", whatever that means.

> in reading the mimblewimble whitepaper i noticed that it said that
> spammers can carry out a denial-of-service attack by flooding the
> network with "wrong unspent outputs".  the proposed solution was to
> download the blockchain from a torrent or from multiple users.

The whitepaper at
https://download.wpsoftware.net/bitcoin/wizardry/mimblewimble.txt has
this paragraph:

3. There is a denial-of-service option when a user downloads the
chain, the peer can give
   gigabytes of data and list the wrong unspent outputs. The user will
see that the result
   do not add up to 0, but cannot tell where the problem is.

which to be honest I do not quite understand. The user normally
downloads the chain
by requesting blocks from peers, starting with just the headers which
can be checked for proof-of-work.
Having identified the chain of headers with the most work (cumulative
difficulty), the user then requests
the full blocks one or a few at a time. If any of them have bad data,
then the user would reject them,
and ban the peer that provided it with the bad block. I don't see how
the user would receive "gigabytes"
of bad data in this model, unless all peers (s)he connects to are malicious.

regards,
-John