This powerful tech underpins Grin and Beam – two of the most exciting crypto projects of the moment.
Bitcoin is incredible tech, but it has its limitations. It’s slow, and it’s a resource hog. This is due to the way the protocol works. When you send coins, you are not updating your balance or the recipient’s balance. Instead, you are cryptographically proving that you own coins in the sending address, and then registering the ‘output’ to the new owner using the recipient’s address.
In order to prove you own coins, your Bitcoin wallet has to plough through the entire blockchain, checking each output to see if you are the legitimate current owner – tracing that ownership right from when the coins were first mined into existence, through every previous owner to the present day and your address. That requires that full nodes hold the whole blockchain, and have the computational resources to trawl through it. It also means that every address and every amount transacted are stored on the blockchain, which is totally transparent. While bitcoin can be relatively private if used carefully, in practice information is almost always leaked and the public nature of the blockchain means anyone can get their hands on that data.
Mimblewimble was proposed back in 2016 as a new kind of blockchain solution that addressed these problems. It’s named after a tongue-tying spell in the Harry Potter books, because the blockchain doesn’t give up information about its users. Like Bitcoin, Mimblewimble was proposed by an anonymous developer – this one calling himself Tom Elvis Jedusor (the French version of Tom Marvolo Riddle, Lord Voldemort’s schoolboy name). It won’t surprise you to learn that they’re not the only Harry Potter references in the Mimblewimble (MW) world. You can find the MW white paper here – though it’s really just a text file, hardly as comprehensive and well-articulated as Satoshi’s Bitcoin paper. But it does the job, and it has caught a lot of interest, because the ideas within it are exceptional.
MW is a collection of technologies, much like Bitcoin itself built on existing ideas like Adam Back’s HashCash and public key cryptography but combined them in new ways. The white paper is dense, technical and frankly a little disorganised, so it’s not for the uninitiated. Some of the major features are as follows.
No addresses. Using MW, you prove ownership of outputs using a private key. However, those outputs are not registered to an address, like in Bitcoin, and when publicly verifying you own them, you do not have to leave sensitive information (like addresses) on the blockchain.
No amounts. MW takes a ‘zero sum’ approach, whereby you only have to prove that no new coins have been created (and that the transaction is therefore legitimate), not how much was sent. So long as outputs minus inputs equals zero, that’s all that matters. So neither addresses nor amounts of coins are stored on the blockchain at all.
Scalability. MW uses a neat feature called transaction cut-through, which essentially condenses all the transactions in the blockchain into one single, large transaction. This is a little like a central bank carrying out settlement for commercial banks at the end of the day. Money might move backwards and forwards many times between thousands of different recipients, but all that really matters is the net difference. If Alice sends Bob some coins, and Bob sends all of those coins on to Charles, Bob doesn’t need to be in the blockchain at all. This means there’s far less information stored on the blockchain than there is for Bitcoin, which improves privacy and reduces the storage space required.
Dandelion. This is an upgraded network protocol that also improves privacy. Instead of a node simply broadcasting a transaction to the network, that data first takes several steps from one randomly-selected node to another, until the last one in the ‘stem’ of the dandelion, at which point it’s dispersed more widely. The result is it’s very hard to know where that transaction has come from.
In short, Mimblewimble appears to offer the best of both worlds, combining both scalability and privacy – something that other privacy protocols have so far dismally failed at. There are drawbacks, or ‘features’, perhaps. Because there is a need for both parties to agree and sign a transaction (to confirm the ‘blinding factor’ that helps obscure the amount transferred), both wallets need to be online for the transaction to be finalised. You can’t just send coins to an address, like bitcoin – which also has implications for cold storage. And Bitcoin’s scripting language had to be removed, so different implementations will need to find workarounds for features like multi-sig and the Lightning Network – which will be needed if it is to be used as cash, because its throughput isn’t that much better than Bitcoin’s.
Overall, though, this is some incredibly exciting tech. We’ll be looking at two specific implementations, Grin and Beam, in the coming weeks, and it wouldn’t surprise us if Mimblewimble became a very popular approach for many more new blockchain platforms.
Red hot news, scorching wit and searing opinion pieces from Crypto Inferno.