MimbleWimble is a privacy-oriented blockchain protocol with mysterious origins. Much like other top privacy cryptocurrencies, MimbleWimble attempts to make transactions completely opaque, while still allowing for external verification.
Additionally, MimbleWimble looks to keep its blockchain’s size on disk as small as possible while maintaining quick verification for all clients.
So far, two privacy cryptocurrencies have launched on top of MimbleWimble technology: Grin and BEAM.
What is MimbleWimble?
The original MimbleWimble whitepaper was released on July 19, 2016, by an anonymous person that signed the whitepaper as “Tom Elvis Jedusor.”
Just a few months after the release of the original whitepaper, another anonymous person stated that they were working on an implementation of MimbleWimble, which would be known as Grin.
The name “MimbleWimble” and the signing name on the whitepaper are both references to JK Rowling’s Harry Potter novels. Where MimbleWimble is a spell that stops its target from being able to speak coherently. And the name “Tom Elvis Jedusor” is an anagram for “Je suis Voldemort”, the name chosen by the antagonist in the French version of the novels.
MimbleWimble has three goals that are outlined in its whitepaper:
MimbleWimble is first and foremost a privacy blockchain protocol. Its designer had a very good understanding of the privacy technologies it is built upon. And using that understanding, MimbleWimble’s designer created a new and more secure strategy that increases transaction privacy to a whole new level. We’ll go into the technical details of this below.
Blockchain size on disk is a major issue for those looking to run full nodes for any cryptocurrency. Put simply, blockchains grow. This growth makes maintaining a large number of nodes more problematic over time.
MimbleWimble’s designer saw blockchain size as a major issue and pushed to make MimbleWimble blockchains as small as possible. The whitepaper states that the technique used could reduce the size of Bitcoin blockchains from a size of 80GB to a size of 30GB. An impressive change, especially given that MimbleWimble maintains user privacy through this size reduction.
Quick to Verify
The last goal MimbleWimble aims for is verification speed. Having a tiny blockchain is only good if the processing power required to verify it is equally tiny.
Cryptocurrency Grin launches on MimbleWimble technology
Cryptocurrency BEAM launches on MimbleWimble technology
How does MimbleWimble’s technology work?
MimbleWimble uses its own transaction and block schemes. They work together to hide transaction data as much as possible while still allowing verification to occur.
Put simply, both use zero-knowledge proofs, with blocks building on the math used in the transaction to further hide the information.
MimbleWimble has no concept of a blockchain address. Rather than tying all outputs to an address, outputs have no data regarding where they came from, and are spent via a private key.
This does mean that the wallets of the involved parties wallets have to talk to each other when making a transaction. But the method of communication and time taken is up to the user. One could, for example, negotiate a transaction using encrypted email.
MimbleWimble’s transactions use zero-knowledge proofs (specifically a mixture of Confidential Transactions and CoinJoin) for security. Outside verifiers can independently prove that no cryptocurrency was created or destroyed over the transaction. This is somewhat similar to how Monero secures its transactions, but with added protection from CoinJoin and the total lack of addresses.
Putting together a MimbleWimble transaction requires communication between both parties as discussed above. The following steps are what happens during that communication:
1. The parties agree on the amount to be transferred.
2. The sender picks the inputs they want to use to create the amount to be transferred and adds together all the blinding factors for that transaction.
3. The sender sends the transaction data to the receiver. The receiver then picks the blinding factors for the outputs of the transactions, adds them together, and sends them back to the sender along with any additional required information.
Once the above steps are complete, the transaction can be sent to the network and confirmed.
In the above steps, I mention a blinding factor. The blinding factor makes up part of the zero-knowledge proof system used in Confidential Transactions. It is the ‘missing part’ or the private key for each input – if you know the blinding factor for a given output, you can spend it. By adding together all the blinding factors for every input in the transaction, you can prove you own all the inputs used in the transaction, but not share the private keys.
Reduced blockchain size and increased verification speed
MimbleWimble blocks are different from the blocks employed in other blockchains. Only unspent outputs and new currency generation are saved. The idea being that you don’t need to know about every transaction ever to verify a blockchain. All you need to know is where all the currency is now, and where it all came from.
Storing just that data increases fungibility, user privacy, and verification speed. Much like above, anyone looking to verify the blockchain simply needs to verify that the sum of the inputs subtracted from the sum of the outputs equal zero.
The downside of MimbleWimble
Unfortunately, with the security that MimbleWimble provides, you lose some of the tech Bitcoin has.
For example, in order for all transactions to be consolidated in blocks, they have to be very similar. And due to the requirement for said similarity, MimbleWimble does not have any sort of script system.
Otherwise, due to the consolidation of transactions, MimbleWimble has no transaction history. Meaning that an external auditor or similar would be unable to monitor transactions directly.
MimbleWimble is a fantastic step forward in privacy crypto. If the upcoming launch of its first implementation GRIN goes well, and no issues are found in the algorithm, MimbleWimble will be a serious competitor in the privacy coin market. My only concern is whether or not the inability for even the owners of the currency to audit where it came from using the blockchain itself will deter large scale users.
Sources and further reading:
Learned something new? Subscribe to the Block Explorer newsletter to get exclusive crypto insights before they appear on the site.