Grin (GRIN)

From CryptoWiki

(Redirected from Grin)

Total supplyNo cap


  • Announced on:
  • Mainnet release:
  • Based in:
  • Privacy crypto (although their privacy is debated, as showed below) that came out of the Mimblewimble community. Is simmilar to Beam, which is launched around the same time.
  • An atmosphere of friendly competition between the two has taken shape since Beam’s announcement – though it’s occasionally tipped into outright resentment from each side. Nowadays, though, Beam’s code is public, and the two projects are feeding back on each other as well. For example, Beam even partially funded Grin’s security audit.
  • Whereas Grin followed a highly principled, cypherpunk ideology – including no token premine or ICO, as well as volunteer-based development – Beam sought VC funding and hired a team of developers to work on the software full-time, allowing it to speed ahead of Grin in its implementation.
  • Is developed by a group of mostly pseudonymous volunteer contributors, several of which are using Harry Potter-related screen names — like “Ignotus Peverell,” who started the project. They call their upcoming cryptocurrency “Grin” (yet another Harry Potter reference), which is being implemented in the coding language Rust. Similar to projects like Bitcoin and Monero, Grin will not be maintained by any specific company or foundation, nor will it do an ICO or anything of the sort; instead, the project accepts donations.


  • Grin is currently being tested and is roughly expected to launch in early 2019. Grin, which prides itself on its large community, has been under active development since 2016. UPDATE: Launched in 2019 and had its first hard fork towards v2.0.0 successfully.



Token allocation


Token Details



  • Whitepaper can be found [insert here].
  • Code can be viewed [insert here].
  • Built on:
  • Programming language used:

Transaction Details

How it works

  • Grin combines Equihash with another proof-of-work algorithm, named Cuckoo Cycle, which is intended to block the use of ASICs by making the algorithm less predictable. After two years, Grin will settle on Cuckoo Cycle permanently, with the belief that ASIC hardware will have become more affordable by that time.


  • Once launched, miners will be able to mine one coin (“grin”) per second on average, and (unlike Bitcoin) this rate will never decrease. Currently, a new token is issued every second. This is due to the project’s belief that sustained issuance will stabilize the value of the currency.

“We want Grin to be a currency, not a ‘store of value’ (whatever that actually means in the ridiculously volatile crypto space),” Yeastplume said.  “We want to encourage use, and we don’t want to unfairly reward early adopters with an arbitrary deflationary halving schedule.”


Liquidity Mining

Layer Two

Different Implementations


Other Details

Privacy Method being used

"Transaction building over TOR Hidden Services merged. Improves privacy during the tx building process, generates a receiving address, and resolves port forwarding / NAT traversal requirements."

Privacy 'failure'

Privacy concept Mimblewimble “is fundamentally flawed,” claimed Ivan Bogatyy of Dragonfly Research. “Using only $60/week of AWS spend, (using 'sniffer nodes') I was able to uncover the exact addresses of senders and recipients for 96% Grin transactions in real time. The problem is inherent to Mimblewimble, and I don’t believe there’s a way to fix it."

"To counter, Mimblewimble developers insisted recently Bogatyy’s supposed attack is in actuality “the well-documented and discussed transaction graph input-output-linkability problem. This is not new to anyone on the Grin team or anyone who has studied the Mimblewimble protocol. Grin acknowledged the ability to link outputs on chain in a Privacy Primer published on its public wiki in November 2018, before mainnet was launched. This problem encompasses Ian Mier’s ‘Flashlight attack,’ which we have listed as one of our Open Research Problems.”

Devs further described Dragonfly assertions as “factually inaccurate,” full of “logical leaps that are not substantiated via the network analysis exercise that is described.” 

They keyed upon six points in attempting to shut down Bogatyy’s assertions. Mimblewimble itself doesn’t have addresses to be linked in the first place, and instead coins are exchanged through one-time outputs. As such, Dragonfly couldn’t link addresses because there are none, which is not a small point as Bogatyy assumed governments could track users through his linkability attack. Nearly 100% collection of network transactions seems outstanding and compelling at first read, but Grin devs aren’t sure “what exactly is being identified here or what else the author is able to accomplish with this information,” they retorted."

"Mimblewimble anonymizes transactions through batching inputs per block, like a CoinJoin. After mixing the numbers associated with a sender in a pool of similar transactions, equivalent values are spit out on the other side as unidentifiable outputs. Styled a confidential transaction (CT), this process typically works pretty well once it scales to a large enough anonymity set, wherein the sheer number of inputs shields the knowledge about the outputs after a mixing. In CT, the amount and public addresses are never exposed, mainly because addresses don’t exist in the Mimblewimble universe, just transaction inputs and outputs.

The first two cryptocurrencies based on Mimblewimble launched in January 2019: grin and beam. But, for both coins, "transaction graphing" remains a problem.

A well-connected sniffer node can sit on either side of the CoinJoin in what is called “linking.” Built on the same peer-to-peer (P2P) network as bitcoin, nodes communicate changes to the ledger from one to another and a sniffer can pick out how transactions move by being well-connected to its peers. In fact, Bogatyy said it only took 200 of the 3,000 current peers on the grin blockchain to flesh out 96 percent of transaction sender and receiver addresses at the small cost of a $60 per week subscription to Amazon Web Services.

The Grin Foundation’s Open Research Problems page on GitHub publicly cited the problem as a point for future research along with analysis from Token Daily’s Mohamed Fouda over a year ago. Moreover, grin has never promised full anonymity, but only CT with the possibility of adding anonymity features down the road.

“While some technical experts guessed that the vulnerability likely exists, I don't think anyone knew the extent,” Bogatyy said in an email. “Before I ran the experiments, I couldn't know myself it would be 96 percent.”

Noting the trouble with transaction graphing long ago, beam developers have implemented numerous amendments to Mimblewimble, including decoy outputs to break linkability, according to beam developer Guy Corem. “Beam and Grin developers were aware of transactions linkability from way before mainnets launched,” Corem said in a Telegram message. “[Bogatyy] didn't look at Beam's implementation. For example, in his technical write-up, he wrongfully stated that the decoys aren't being spent.” 

Decoy improvements or not, Bogatyy remains unimpressed. Following transactions through whisper nodes remains too easy even with the added protections, Bogatyy said. “Ultimately, the best version of decoy-heavy Mimblewimble would look like a worse version of Monero,” Bogatyy said on his GitHub page. (It should be noted that no privacy coins are listed in Dragonfly’s portfolio.)

As Miers (form Zcash) points out, you can still trace grin transactions regardless if they have addresses or not.

“It’s like you have a map of some part of New York City but you just don’t which part because all the street names are missing. But the moment someone tells you the name of one intersection on the map, you can work out the rest,” Miers said. “The attack on Grin created this map with blank streets. You need one more step to give out the names, but that is the easy part.” Furthermore, once you know a transaction’s beginning and end points, it doesn’t matter to anyone how much you spent, just that you spent it somewhere. “So the world will learn you paid Pornhub or bought a lambo, but they won't directly know for how much,” said Miers. “It isn't useful unless it's combined with much stronger privacy technology.”

Grin's Lehnberg wrote on Medium:

"Grin is still very young and has yet to reach its full potential. Eleven months into mainnet, there is low network usage. In the last 1000 blocks, 22% contained only a single tx (and 30% contained no tx), meaning their inputs and outputs are trivially linkable. This won’t change until there’s greater network usage, but it still does not imply that sender and receiver identities are revealed." Grin’s development team has only gone so far as to say the issue could reveal “entities,” not individuals. “It's one thing to say, ‘oh this theoretical attack is really straightforward and easy to carry out,’ it's another to actually do it,” Lehnberg said on Telegram.

While the two sides may disagree over the technicals, Miers remains positive about Mimblewimble but characterizes grin as only a footnote in privacy coins' history. “Grin is a project that shows a lot of promise, but right now it isn’t accurate to call it a privacy coin or even a privacy project,” Miers said."


Oracle Method being used

Their Other Projects







  • Can be found [Insert link here].



"Grin has just suffered a 51% attack on its blockchain. According to a Nov. 7 tweet from crypto mining group 2Miners, an unknown group accumulated 57.4% of the total hash power of the Grin (GRIN) network on Saturday evening. 2Miners only had control of 19.1% of GRIN’s hash power, while sparkpool miners came in third at 18.9%. Data from GrinScan shows the attackers were able to reorganize at least one forked block, at 23:17 UTC on Nov. 7."


Projects that use or built on it


Coin Distribution

Pros and Cons



Team, Funding, Partnerships, etc.


  • Full team can be found [here].
  • The privacy technology underpinning the coin was posted to a bitcoin IRC chat in 2016 by someone called Tom Elvis Jedusor (Voldemort’s real name in the French version of Harry Potter), who then disappeared. It’s possible that Jedusor is also Ignotus Peverell, who posted an introduction to Mimblewimble and its Grin implementation on Github in March 2017.

According to the open-source code repository Github, its primary core developers are:

  • Ignotus Peverell; (aka Igno) Pseudonymous Grin founder Ignotus Peverell has stepped away from the project, reassuring the privacy coin’s community that it is in “safe hands.” The move has sparked inevitable Satoshi Nakamoto comparisons. He did forget (16-10-2019) to give the domain to the community: " domain has expired. Ignotus Peverell - if you're reading this [ed: pretty sure Ignotus is a POW reader!] , please get in touch with us or renew the domain. The community is working on mitigations, but we'd like to retain control of the domain if possible. We've provisionally redirected to a new project website, until we regain control of the old domain."
  • Antioch Peverell
  • Gary Yu
  • hashmap
  • Quentin Le Sceller
  • Yeastplume.
  • Daniel Lehnberg; dev