One Bad Apple Spoils the Bunch: Transaction DoS in MimbleWimble Blockchains
This addresses a critical security vulnerability for users and developers of privacy-focused blockchain systems like MimbleWimble, though it is incremental as it builds on known features.
The paper identifies a new denial-of-service attack in MimbleWimble blockchains, where combining Dandelion++ and transaction aggregation allows an adversary controlling 10% of nodes to prevent over 45% of transactions from being included in the blockchain.
As adoption of blockchain-based systems grows, more attention is being given to privacy of these systems. Early systems like BitCoin provided few privacy features. As a result, systems with strong privacy guarantees, including Monero, Zcash, and MimbleWimble have been developed. Compared to BitCoin, these cryptocurrencies are much less understood. In this paper, we focus on MimbleWimble, which uses the Dandelion++ protocol for private transaction relay and transaction aggregation to provide transaction content privacy. We find that in combination these two features make MimbleWimble susceptible to a new type of denial-of-service attacks. We design, prototype, and evaluate this attack on the Beam network using a private test network and a network simulator. We find that by controlling only 10% of the network nodes, the adversary can prevent over 45% of all transactions from ending up in the blockchain. We also discuss several potential approaches for mitigating this attack.