Privacy by default: MimbleWimble

By starke_kunst | art of crypto | 2 Dec 2019

One of the trends in the cryptocurrency industry that I keep an eye on is anonymous cryptocurrencies. I want to dedicate to this a separate series of articles and start it with the analysis of the MimbleWimble protocol and its two implementations. Today we’ll take a look at the MimbleWimble protocol itself.

MimbleWimble is a blockchain protocol that provides anonymity and scalability by verifying that all transactions are valid without having to store the entire chain history.

The name “MimbleWimble” is taken from a book about Harry Potter, as some people in crypto community love such things👍

A bit of history

The protocol was originally proposed in 2016 by “Tom Elvis Jedusor” (the French name of Lord Voldemort also comes from Harry Potter). The proposal aroused interest among the crypto community, and the original technical documentation was later improved.

Tom’s Whitepaper “Mimblewimble” was a bitcoin blockchain proposal that was purely theoretically and should increase confidentiality, scalability and interchangeability.

In the same 2016, Ignotus Peverell (the first owner of an invisibility cloak) launched a repo on Github called "Grin", and began to develop the first MimbleWimble implementation.

How does it work?

The main architecture of MimbleWimble is taken from Bitcoin, excluding scripts and UTXO model but with the addition of Confidential Transactions and the concept of end-to-end transfers. The result is a compressible and opaque blockchain.

In the MimbleWimble protocol, no information about any transaction is available to third parties who would not participate in the transaction. The concept of MimbleWimble uses the elliptic curve method of signing transactions, which is the basis of bitcoin.

During each transaction the MimbleWimble protocol verifies that 

- the transaction did not create new funds without revealing the actual amounts (Verification of zero sums);

- the parties involved in the operation have confirmed the ownership of their private keys (Possession of private keys).

It was assumed that MimbleWimble could be integrated into the bitcoin codebase via soft fork or exist as a side chain, but later these proposals were declined due to the certain difficulties.

In MimbleWimble, there are no addresses familiar to Bitcoin users - instead, two wallets exchange data with each other. This data is visible only to participants in the transaction, while they do not even have to be online at the same time. Blocks do not list individual transactions, but they are combined into a single transaction with mixed inputs and outputs. Thus, viewing a single block will not give us any information about individual transaction. So, transactions in MimbleWimble are a variant of CoinJoin coin mixing technique.

Thus, transactions are being processed, but:

  • their meaning is not disclosed,
  • there are no addresses,
  • there is no open information in the block.

MimbleWimble also works on scalability in its own way. The blockchain deletes old and unnecessary transactions. The protocol safely removes expended outputs by aggregating intermediate transactions, so the blockchain size is drastically reduced. The protocol uses a method called “end-to-end”.

Pushing that further, between blocks, most outputs end up being spent sooner or later by another input. So all spent outputs can be safely removed. And the whole blockchain can be stored, downloaded and fully verified in just a few gigabytes or less (assuming a number of transactions similar to bitcoin).

A MimbleWimble transaction consists of the following components:

  • a set of inputs that reference a set of previous outputs,
  • a set of new outputs,
  • transaction fee,
  • core transaction.

The structure of transactions demonstrates a crucial tenet of Mimblewimble: strong privacy and confidentiality guarantees.

So in the MimbleWimble block, transactions are represented only by their core, because ownership is confirmed through the core. This architecture allows MimbleWimble to be more scalable and provide a faster response.

Also developers, this idea is actually derived from Greg Maxwell's Confidential Transactions, which is itself derived from an Adam Back proposal for homomorphic values applied to Bitcoin.

Protocol Implementation

Initially, the protocol was considered as a Bitcoin sidechain or as a separate blockchain using its consensus protocol, but not its token. However, over time, the developers concluded that the best solution would be to create a separate coin. So, there are two implementations of this protocol: Grin and Beam. Each implementation adheres to different approaches to the community, philosophy, financing and technical specifications. I will tell you more about both of them in my future articles.

Also, not long ago, Litecoin Foundation developers published two proposals for improving the protocol (LIP-0002 and LIP-0003), which provide for the integration of MimbleWimble technology to ensure Litecoin’s transaction privacy.

If it gets accepted, users will be able to use the new confidential transaction format through Extension Blocks, which will be on "a side-chain like layer alongside canonical Litecoin blocks". So we will get the third implementation of MimbleWimble.

What do you think about MimbleWimble? Feel free to comment below and subscribe to my blog for future articles👌

How do you rate this article?



art of crypto
art of crypto

art of crypto

Send a $0.01 microtip in crypto to the author, and earn yourself as you read!

20% to author / 80% to me.
We pay the tips from our rewards pool.