Mimblewimble, The Ultimate Beginner’s Guide

Mimblewimble, The Ultimate Beginner's Guide

Mimblewimble is a protocol that was put forward by an anonymous user in a Bitcoin developers chatroom by the name of Tom Elvis Jedusor (the French name of fictional Harry Potter character, Voldemort). Mimblewimble itself is the name of a spell used to tongue-tie victims in Harry Potter. Jedusor left a link to a whitepaper in which he outlines that by using the Mimblewimble protocol, the scalability, as well as the privacy of the bitcoin network, could significantly be enhanced.

 Mimblewimble & Confidential Transactions

In order to understand the Mimblewimble protocol, the manner in which Mimblewimble transactions are conducted must first be understood.

Mimblewimble transactions are a derivation of another transaction type known as, confidential transactions. Conceived by former Bitcoin developer, Adam Back, confidential transactions allow senders to encrypt the amount of bitcoins they want to send by using what are known as, blinding factors. A Blinding factor is a random value used to encrypt bitcoin amounts in a transaction and is chosen by the sender of a transaction. The selected blinding factor should suitably encrypt the amount being transacted, but should however, not affect the input and output of a transaction.

In a confidential transaction, only the two parties involved are cognisant of the amount of bitcoins being transacted, onlookers cannot know. However, onlookers can still ensure that the transaction is valid by comparing the number of inputs and outputs; if both are the same, then the transaction will be considered valid. Such a procedure ensures that no bitcoins have been created from nothing and is key in preserving the integrity of the system.

Mimblewimble transactions function in a similar way, except, the recipient of a transaction randomly selects a range of blinding factors provided by the sender. This blinding factor is then used as proof of ownership by the receiver, thus, permitting them to spend the bitcoins.

Mimblewimble & CoinJoin

In addition, Mimblewimble transactions also leverage another piece of cryptographic innovation known as CoinJoin. Proposed by Gregory Maxwell, CoinJoin is a mechanism by which payments from multiple spenders are combined to form a single transaction, thus making it difficult for an outside party to determine which payment was intended for which recipient.

CoinJoin works by obfuscating the inputs and outputs of the senders and recipients. Therefore, in relation to Mimblewimble transactions, when combined together, a block would simply consist of: a list of inputs, a list of outputs, and signature data. This offers significant space savings in blocks because other transaction data no longer need to be stored, only inputs and outputs. By subtracting the total inputs from the total outputs, and ensuring that the result is zero, a blockchain built from such a system would be considered valid. This is in contrast to how transactions, and therefore the blockchain, is proved to be valid in the Bitcoin network. In this instance, the whole blockchain must be downloaded and the history of a transaction output analysed in order to ensure its validity.

Cut-through

Cut-through is a feature of Mimblewimble that aggregates intermediary inputs and outputs in chains of transactions in order to allow for smaller block sizes. Outputs from previous transactions are used as inputs in the construction of a new one.

To illustrate, consider the following chain of transactions along with their inputs and outputs:

Alice sends 1 BTC to Bob

(Alice uses 1 input in the construction of her transaction to Bob, resulting in 1 output)

Bob sends 1 BTC to Chris

(Bob then uses 1 input to construct his transaction to Chris, resulting in 1 output)

With the cut-through feature, Mimblewimble allows for the aggregation from 2 inputs and outputs, to just 1 input and output. The ownership of the funds is ensured through the transaction kernel which contains the following information: public key, the signature and mining fee; this kernel is then checked by validators.

In addition, it can be proven that no new funds were created from thin air through the summation of the number of inputs and outputs which should always cancel out. Due to the cut-through feature, it means that a Mimblewimble block may simply only contain:

  • A block header
  • The list of inputs remaining after cut-through
  • The list of outputs remaining after cut-through
  • The transaction kernel
  • Kernel offset

Kernel offset – A kernel offset is a blinding factor that is included in a block to prevent it from being reconstructed by malicious actors.

Whether or not to implement the cut-through feature on a Mimblewimble based protocol is dependent on the node. A node can choose not to perform the cut-through feature on its records of stored transaction, however, that node will then have to expend more disc space in order to maintain a copy of its transactions.

Advantages of Mimblewimble

Mimblewimble, particularly when compared to Bitcoin, possess three distinctive advantages:

  • Anonymity
  • Fungibility
  • Scalability

Anonymity – Initially, Bitcoin was labelled as a truly anonymous digital currency, however, this has been proven to not be the case. Because each user on the Bitcoin network is represented by a public address, their transaction history can be traced using a block explorer. If a link between a public address and a real-life user were ever to be established, other users would be able to know exactly who it was they were transacting with. This is in contrast to Mimblewimble, which has no addresses or transaction history, thus, making it impossible for a user’s anonymity to be compromised.

Fungible – Fungibility refers to the ability for one unit of a good or currency to be interchangeable for another unit, e.g. the U.S. dollar is fungible because 1 dollar can be exchanged for another one without loss of value. Conversely, because bitcoins can be tracked through an open and accessible blockchain, if those bitcoins were ever used for, or gained by, illicit activity, they may be labelled as “tainted”. Merchants may refuse to accept these tainted bitcoins, and thus, they may become less valuable when compared to other bitcoins. Exchange without loss of value is no longer possible, i.e. these bitcoins are said to be non-fungible. Once again, this proves to not be an issue for Mimblewimble as there exists no wallet addresses, making it impossible to track where a cryptocurrency may have originated from.

Scalability – The Bitcoin network was mired in a scaling debate in mid to late 2017 that saw a hard fork occur to form a new cryptocurrency known as Bitcoin Cash. The argument revolved around the best way to scale Bitcoin as blocks being mined by miners were regularly reaching the block size limit of 1 MB. The symptom of the scaling issue showed itself when transaction fees reached an all-time-high of 52 dollars on the 21st December 2017. The resolution of the scaling debate largely presented itself in the form of SegWit as well as the implementation of Layer 2 solution known as the Lightning Network. The Mimblewimble protocol architecture is more scalable than its Bitcoin counter part due to transactions taking up less space in a block, this space saving is particularly accentuated when the cut-through feature is performed.

Mimblewimble & Privacy Coins (Monero, Dash, Zcash)

Due to the privacy offered by the Mimblewimble protocol, it is often compared to other privacy coins such as: Monero, Dash and Zcash. The manner in which these cryptocurrencies provide users with privacy is as follows:

Monero – Perhaps the most well-known privacy cryptocurrency, Monero is a project that utilises several technologies in order to provide its users with an increased level of transactional privacy. Those technologies include: stealth addresses, ring confidential transactions (RingCT) and ring signatures. For example, Ringt CT works by hiding the value of funds that are being transacted on the blockchain using a cryptographic proof. The net result of Monero’s efforts is a cryptocurrency that provides users with true anonymity.

Dash – Dash is another currency that offers advance privacy features. Through its PrivateSend function, users can mix funds with others on the network, therefore making it difficult for a third party to determine where the funds originated from. The masternodes that operate on the Dash network conduct the coin mixing process.

Zcash – Founded by Zoko Wilcox, Zcash is another digital currency that offers a serious privacy solution in the form of zk-SNARKs. zk-SNARKs work by encrypting transaction data and then verifying that the transaction data is accurate without having to reveal any information. Such a technology is quickly proving to be a viable solution to the issue of privacy.

The key issue with many of the privacy coins listed above, particularly with regards to Monero and Zcash, is the additional size of the transaction. Because additional cryptography needs to be performed on a user’s transaction in order to grant it additional privacy, it makes transaction sizes larger. The result of this are fuller block sizes which brings into question the scalability of these networks. In contrast, Mimblewimble provides inherent transactional privacy due to the removal of addresses as well as the aggregation of inputs and outputs.

Implementations of Mimblewimble (Grin & Beam)

In the same way that Bitcoin is a protocol and Bitcoin Core is an implementation of it, there are currently two implementations of the Mimblewimble protocol. Those include:

  • Grin
  • Beam

Grin

Grin is a cryptocurrency that was founded by an unknown individual who currently operates under the pseudonym, Ignotus Peverell (another fictional character from the Harry Potter series). The Grin mainnet went live on January 15th 2019 and was free of an ICO, pre-mine or founder’s reward. It embodies many of the properties of the Mimblewimble protocol described above and as such it possesses none of the following:

  • No addresses
  • No visible transaction amounts
  • No transaction history
  • No fixed supply

Grin offers two types of proof-of-work algorithms whereby miners can mine on algorithm: cuckARoo29 or cuckAToo31+. cuckARoo29 is aimed at GPU miners, whereas cuckARoo31+ is aimed at ASIC miners, both are derived from Cuckoo Cycle algorithm. When mining the Grin cryptocurrency, miners must include the following in the block header:

Grin is built in programming language, Rust; it is a community-backed project and thus relies on donations for funding.

Beam

Beam is another cryptocurrency based on the Mimblewimble protocol and is built using programming language, C++, however it does have intentions to switch over to Rust. It is headed by entrepreneur, Alexander Zaidelson, Beam released its mainnet on January 3rd 2019. Similar to Grin, its release did not include an ICO or premine, however, Beam did secure venture capital funding.

It utilizes the proof-of-work mining algorithm, Equihash, with each block produced containing 1000 transactions, with a generation time of approximately 1 minute. In the first year, the block reward currently stands at 80 BEAM, with that falling to 40 BEAM in years 2 to 5. In year 6, this block reward will fall to 25 BEAM, with halving occurring every four years until the year 129. After year 133, there will no longer be a block reward.

Beam employs a treasury model whereby in the first 5 years, 20 BEAM from the block reward will be issued to the treasury. In the years 2 to 5, this number will fall to 10 BEAM. The purpose of this model is to repay Beam investors, incentivize the development team and fund the Beam Foundation.

To promote decentralized mining on the Beam network, the protocol plans to stay ASIC resistance by performing hard forks when necessary.

Price Performance

Grin

As shown in the graph below, Grin began trading at a price of $9.96 in January 27th but has since experienced a depreciation in price of nearly 75% to $2.58 as of March 20th.

Grin Chart

Beam

As is indicated in the chart below, Beam began trading on January 17th and experienced a sharp rise in price as well as a subsequent decline. However, since beginning trading at a price of $0.58 compared to the current price of $0.72 as of Marh 19th, the BEAM cryptocurrency has appreciated by 25%.

Beam Chart

The price action of both protocols has remained largely negative; however, Beam has shown to be a shining light between the Mimblewimble based protocols by delivering a 25% return on investment. Additional time is still needed for the respective protocols to continue to build on their projects and attract individuals to their community.

Roadmap

Grin

Grin does not have an official roadmap, however, there are a plethora of technologies that it could make use of in order to add further value to its network. Those technologies include:

  • Smart contracts
  • Payment channels (similar to the Lightning Network)
  • Atomic swaps (the cross-chain exchange of one cryptocurrency for another)
  • Onion routing (a technique for anonymous communication over a network)

Implementation of these technologies to the Grin network would provide an additional level of functionality as well as another value proposition to potential users.

Beam

Of the two protocols, Beam has the more defined roadmap. The roadmap for the year of 2019 is as follows:

  • Agile Atom (Jan-Feb) – Release payments & exchange API
  • Bright Boson (March) – Beam to Bitcoin atomic swap
  • Clear Cathode (June) – Proof-of-work algorithm change
  • Double Doppler (September) – Research alternative consensus mechanism
  • Eager Electron (December) – Proof-of-work algorithm change

Beam Roadmap

The key takeaways from the roadmap is that even though the original Beam network was built using programming language C++, it does have intentions to switch over to Rust. Furthermore, there are two planned proof-of-work algorithm changes, which is in line with the developer’s desires to keep the network ASIC resistant.

Conclusion

The theoretical space savings, as well as the privacy, offered through the use of the Mimblewimble protocol is evident. By pruning the blockchain of unnecessary transaction data, scalability becomes less of an issue because more transactions can be included in a single block. Due to the obfuscation of inputs and outputs, as well as the elimination of public addresses in Mimblewimble transactions, true anonymity, as opposed to pseudonymity, is achieved.

Currently, Mimblewimble can only be integrated into the Bitcoin network as a soft fork, or as a sidechain. On this sidechain, users would be able to move bitcoins onto it and transact with an increased level of privacy.

Through the use of cryptographic innovations such as confidential transactions, CoinJoin and the cut-through feature, Mimblewimble offers a strong scaling solution, as well as an increased level of privacy.

There are currently two main implementations of Mimblewimble, those being Grin and Beam. Both were launched in January of 2019 and are seeking to innovate in different ways.

Even though this technology may one day prove to be a viable alternative to the protocols we see today, further testing is still underway in order ensure its validity and capability of handling a high number of transactions per second.