HomeWikiHow does MimbleWimble work?

How does MimbleWimble work?

How does MimbleWimble work, the latest protocol that is becoming more and more successful in the crypto world?

It all started in August 2016 when a cyberpunk-style concept with a weird name that looks like a tongue-twister was proposed to the Bitcoin community.

The peculiarity of the project is that it aimed – and still aims – to guarantee almost absolute anonymity for those who carry out operations in cryptocurrencies. What represents an Achilles’ heel for other distributed ledger of the crypto universe, for MimbleWimble is a strong point: scalability.

MimbleWimble: strengths and weaknesses

Precisely because of its dual functionality, confidentiality and scalability, the protocol on which the cryptocurrencies Beam and Grin are based has immediately attracted the interest of the Bitcoin community.

In return, by suppressing the scripts of the operations, MimbleWimble, which takes its name from the “Tongue-Tying Curse” in Harry Potter, gives up other functions, such as the ability to make offline payments and schedule operations.

The ledger does not allow the programming of smart contracts because it does not provide “scripts” – a simple programming language – when validating expenses. Bitcoin contains scripts integrated in the input and output points analysed when the transaction is confirmed. It is imperative that scripts are reviewed and verified.

How does MimbleWimble work in practice?

That’ not the case with MimbleWimble. To overcome the flaw, one of its creators, Andrew Poelstra, claims that it is possible to fix it by using a “scriptless scripts” system. In other words, scripts are made directly by the users involved in the transaction, rather than by the network node machines.

In short, while Bitcoin offers many advantages thanks to its structure it cannot guarantee anonymity. The system works with “pseudonyms”. Although it is impossible to trace the owner of a Bitcoin address, anyone can access the transaction flow of any address.

In bitcoin operations, the old outputs confirm the new ones. The outputs have public key scripts (“PubKeys”) that are independent of each other. In MimbleWimble operations, on the other hand, the outputs have only EC public keys and are devoid of scripts. The difference between new and old output keys is signed by all participants. The outputs (“transaction kernels”) are the only element that needs to be stored on the blockchain.

In MimbleWimble’s white paper written by Tom Elvis Jedusor – another name from the Harry Potter universe – the concepts of CoinJoin and Confidential Transactions are introduced, which aim to solve Bitcoin’s anonymity problem.

The CoinJoin technique and confidential transactions

Like Bitcoin, the protocol is based on the concept of “transactional output”. But in the case of MimbleWimble, each output actually corresponds to an input. The system adds a cryptographic “blindness factor” to the input and output values of the transactions. This makes it possible to “obscure” the destination address of a transaction and also the amount traded.

The CoinJoin technique, proposed by Gregory Maxwell, allows the “mixing” of all the operations carried out on the blockchain, integrating several transactions into a single one. A block in the chain contains a large single transaction. The large size makes it more difficult for an external person to know what was the output corresponding to a certain input and vice versa.

Sender and recipient inputs and outputs are blurred. When MimbleWimble operations are combined, a block consists of an input list, an output list, and an outdated signature. This gives the blocks a certain degree of lightness, as there is no need to store any more redundant data, only input and output.

The differences with the Bitcoin blockchain

By subtracting the total inputs from the total outputs, ensuring that the result gives zero, a blockchain based on this system is considered valid. In the case of Bitcoin the blockchain is validated in a different and more complex way: the whole blockchain has to be downloaded and the history of a transaction has to be analysed.

Unlike the protocols on which Bitcoin runs, here although it is the same blockchain due to a homomorphic encryption method, the sum, the buyer and seller are not disclosed because there are no addresses to go back to in the system. Secrecy is ultimately the keyword.

The concept of confidential transactions, conceived by the former Bitcoin programmer Adam Back, allows the sender of the information to encode the amount of bitcoins they want to send using the “blindness factors” mentioned above. This is a random value, used to encode the sum of bitcoins exchanged in a transaction. But it does not have an impact on the input and output of the operation.

Just as the Tongue-Tying Curse prevents the opponent from speaking and thus uttering spells, in the same way “MimbleWimble prevents the blockchain from communicating the personal information of its users,” explains Tom Elvis Jedusor, which is the real name of Voldemort, Harry’s sworn enemy.

The implementation projects Grin and Beam

The identity of its creator, who has disappeared without a trace, also remains a secret. But the protocol immediately intrigued many of the Bitcoin sphere programmers, including mathematician Poelstra. He published a more detailed version of the white paper on October 6th, 2016, after making a famous presentation at Stanford University on the qualities of MimbleWimble.

Two weeks later, on October 20th just before midnight, a stranger named Ignotus Peverell announced the birth of an open-source MimbleWimble implementation project: Grin.

Again, the references to Harry Potter are clear. Ignotus Peverell is the name of the creator of the invisible cloak and Grin takes its name from a very powerful black magician, Gellert Grindelwald.

Thanks to the collaboration of several developers, who have preferred to remain anonymous, Grin saw the light on January 15th of this year. It’s a light implementation in the sense that it offers the minimum of indispensable functions.

Compared to Monero and Zcash, the project is relatively scalable. But compared to Beam, an even more recent idea than Grin (mid-2018), it doesn’t have certain interesting features, such as time blocks or verifiable wallets.

However, the main difference between the two projects concerns philosophy and not practical functions. Being nobody’s property, Grin has a marked cyberpunk component, while Beam, whose blockchain was launched on January 3rd, 2019, is clearly for profit.

The project was developed open-source and remained so for several years. Its programmers have always remained anonymous. Beam, on the other hand, has a commercial foundation, it is promoted and the team that works there is transparent. Another important difference is that the former has an inflationary monetary policy, while the latter has a deflationary one.

Daniele Chicca
Daniele Chicca
Graduated in foreign languages and literature at the University of Bologna, with a year of undergraduate at the UCL in London. A professional journalist since 2007, in time he specialized in finance, economics, and politics. After three years with Reuters in Milan, he worked for several newspapers, contributing among other things to an increase in progressive traffic on the website Wall Street Italy and offering services of various kinds for Radio Rai and press agencies AGI and TMNews (formerly Apcom). At the moment he is responsible for the drafting, the editorial line and the coordination of an important economic and financial information website.