Is Bitcoin’s Curse Looming on The Horizon?
By CCN.com: MimbleWimble, named after a curse from the Harry Potter book series, is a protocol, much like Bitcoin’s blockchain, that contains improved privacy features derived from multiple technologies, some more established than others.
Key components in MimbleWimble are:
(a) Elliptic Curve Cryptography (ECC), which enables private-public key encryption – a way to prove you know something without revealing the content of the encrypted information;
(b) Confidential Transactions, which allows for public verification of the transaction without revealing any significant details, like the amounts or addresses – which, in essence, do not really exist in MimbleWimble, but I’ll get to that later;
(c) CoinJoins, through a mechanism called anonymity set that enables transactions from multiple senders to be batched into a single transaction; and
(d) Dandelion, an improved gossip protocol network that contains increased privacy working mechanics, by using hops in-between nodes before publicizing the transaction to the neighboring nodes.
History has taught me any technology represents a means to achieve an end, and the purpose of MimbleWimble is quite similar to Bitcoin’s: to allow for value to be transferred and stored in a decentralized manner, privately and without intermediaries.
A Brief History of MimbleWimble
My goal today is to explain to non-magical folk how this technology works and why are there so many prominent cryptocurrency enthusiasts, such as Bitcoin Core developers Andreas Antonopoulos and Jimmy Song or authors like Chris Dixon and Daniel Jeffries, discussing the hypothesis of MimbleWimble becoming a serious side-chain protocol, by exponentially improving on Bitcoin’s privacy features.
The initial MimbleWimble whitepaper was drafted by Tom Jedusor in 2016, with clear references to Greg Maxwell’s work on confidential transactions and CoinJoin, as well as to a previous anonymous paper posted in 2013 introducing one-way aggregate signatures, a functionality which obfuscates inputs and outputs, similar to CoinJoin.
The first MimbleWimble implementation, Beam, was fully released on January 3 and is now live and minable. This means anyone can join to support the network – although in order to do so, one does require both specific hardware, in this case, a GPU processor, and some technical savviness to understand how to set up a node.
Anyhow, the oldest implementation of Milmblewimble (and the one I will focus my attention on), is called Grin.
The first Grin testnet was launched in November 2017, and the project is currently live, since January 15. The Grin repository is currently maintained by anonymous developers and does not have a clear business model just yet, whilst Beam is a much more hierarchical and organized structure, like Blockstream for example.
Both are aiming to achieve the same goal, which is to provide a live and functional network for MimbleWimble.
The Blueprint of Privacy
As mentioned a couple of times already, the purpose MimbleWimble serves is to improve users privacy, as transactions cannot be linked to a specific IP, which is one of the current bottlenecks with Bitcoin. Not only that, but the way MimbleWimble works allows for close-to-infinite scalability.
Before we get into the whole scalability ordeal, let’s see how MimbleWimble combines the technologies mentioned initially.
Firstly, both implementations chose to use an ASIC-resistant algorithm, such as Cuckoo Cycle (in Grin) or Equihash Pow (Beam) to promote a higher degree of decentralization while adopting a secure model (a: ECC).
Secondly, when a transaction is broadcast, it will hop to a number of other neighboring nodes before being broadcast to the entire network (d: Dandelion). Remember what I mentioned in the beginning? No one knows the inputs and outputs (b: Confidential Transaction).
Well, good luck trying to find the originator, as each additional hop means an additional node you need to inspect (c: CoinJoin), including its connections – an almost impossible task to accomplish with a set of 3 to 4 hops per transaction.
Thirdly (and lastly), the MimbleWimble blockchain is bound to the number of users using the network, not to the number of transactions/addresses, so you can already imagine the impact on scaling the network: nodes only need to register block headers for current UTXO (unspent transactions), not for the entire chain. Plus, this means there are neither addresses nor transactions.
Right – But How Does MimbleWimble Actually Work?
The first time I read the whitepaper, it did seem…magic!
However, after many failed attempts, I understood how users could transact with neither addresses nor amounts – not an easy accomplishment if you ask me.
The validation of MimbleWimble transactions relies on two basic properties:
- Verification of zero sums. The sum of outputs minus inputs always equals zero, proving that the transaction did not create new funds, without revealing the actual amounts.
- Possession of private keys. Like with most other cryptocurrencies, ownership of transaction outputs is guaranteed by the possession of ECC private keys. However, the proof that an entity owns those private keys is not achieved by directly signing the transaction.
Simply put, because there are no amounts as the sum of the inputs and outputs is zero, and because users don’t need to sign any transaction with their private keys, there is no need for actual addresses.
What matters in the end are UTXOs or unspent transactions.
A Final Look at MimbleWimble
MimbleWimble has the potential to significantly reduce both transaction costs and blockchain size, where other blockchains necessarily would have to grow over time, the required MimbleWimble dataset does not, which would solve the scaling problem.
From a technological point-of-view, MimbleWimble is a rather intriguing protocol that could offset a new wave of blockchain development. If Grin (and now Beam) can prove this consensus model based on opaque transactions works properly without addresses, amounts, or signatures, we could finally have a serious contender to the king, Bitcoin (and to established privacy coins).
The main points the protocol promotes, and its advantages when compared to, Bitcoin are:
- Extremely good scalability, as the great majority of transaction data can be eliminated over time without compromising security.
- Increased privacy by mixing and removing transaction data.
- Faster node sync time, as the nodes would connect with the rest of the network very efficiently.
Let’s see what the future holds for both Grin and Beam; will this novel technology do serious damages to prominent privacy coins like Monero, Zcash, and Monaco?
Disclaimer: The views expressed in the article are solely that of the author and do not represent those of, nor should they be attributed to CCN.
Featured image from Shutterstock.