Based on blockchain technology, most cryptocurrencies have an open and public ledger of transactions. While this is required for these systems to work, it comes with a significant downside: Privacy is often quite limited. Analytics companies and other interested parties — let’s call them “spies” — have ways to analyze the public blockchains and peer-to-peer networks of cryptocurrencies like Bitcoin, to cluster addresses and tie them to IP addresses or other identifying information.
Still, unsatisfied with Bitcoin’s privacy potential, several cryptocurrency projects have launched with the specific goal to improve on Bitcoin’s privacy features over the years. And not without success. Several of these “privacycoins” are among the most popular cryptocurrencies on the market today, with four of them taking top-50 spots in coin market capitalization rankings.
That said, Bitcoin does have some privacy features which, as this month’s cover story details, have been improving in recent months and are set to further improve in the near future. This miniseries compares different privacycoins to the privacy offered by Bitcoin and to the privacy offered by other privacycoins.
In part 5: The upcoming Mimblewimble implementations Grin and Beam
In the summer of 2016, a person under the pseudonym “Tom Elvis Jedusor” (the evil wizard Voldemort’s real name in the French Harry Potter novels) published a white paper, to be mysteriously dropped in a Bitcoin research chat channel. In it, he described a proposal called “Mimblewimble” (a reference to a Harry Potter spell), which presented a radical slimming-down of the Bitcoin protocol.
Now, two years later, two projects are close to realizing versions of the Mimblewimble protocol, which will be launched as separate cryptocurrencies.
The first project is developed by a group of mostly pseudonymous volunteer contributors, several of which are using Harry Potter-related screen names — like “Ignotus Peverell,” who started the project. They call their upcoming cryptocurrency “Grin” (yet another Harry Potter reference), which is being implemented in the coding language Rust. Similar to projects like Bitcoin and Monero, Grin will not be maintained by any specific company or foundation, nor will it do an ICO or anything of the sort; instead, the project accepts donations. Once launched, miners will be able to mine one coin (“grin”) per second on average, and (unlike Bitcoin) this rate will never decrease. Grin is currently being tested and is roughly expected to launch in early 2019.
The second project was announced more recently and is called Beam. Beam is being implemented in coding language C++ (like Bitcoin Core). More comparable to Zcash, Beam will be launched and maintained by a for-profit company with the same name (currently headed by Israeli entrepreneur Alexander Zaidelson), though this maintaining role should later transition to a non-profit foundation. Beam will also have a founders’ reward: the Beam company and foundation will receive 20 percent of all newly mined coins for the first five years. It’s not yet announced what Beam’s emission schedule will look like, but (unlike Grin and like Bitcoin) it will be capped. Beam is also being tested right now and is scheduled to launch in December 2018.
Mimblewimble combines versions of several cryptographic tricks designed for Bitcoin. In addition, it utilizes some clever math to completely strip down what typical blockchains look like.
The first trick is Confidential Transactions (CT), which will also be deployed on Blockstream’s Liquid sidechain for Bitcoin. Confidential Transactions let users blind (or hide) the amounts that are involved in a transaction so that only the sender and receiver know how much money is involved. Using a cryptographic trick called the Pedersen commitment, anyone else can still perform math on the blinded amounts. This lets them verify that the sending and receiving end of the transaction equal out, and hence that no coins were created out of thin air.
The second trick is CoinJoin, originally proposed by Bitcoin Core contributor Gregory Maxwell. CoinJoin combines several transactions into one big transaction, where all senders send money to all receivers. If done right, this obfuscates which addresses (“inputs”) are paying which addresses (“outputs”).
In the Mimblewimble protocol, however, this is taken a big step further. By combining CT and CoinJoin with more clever math, Mimblewimble gets rid of traditional private keys, public keys and addresses, only keeping inputs and outputs (these are technically not the same thing as addresses). It also gets rid of the traditional signature per transaction, which is essentially replaced with a little bit of “excess transaction data” proving ownership of the coins.
Interestingly, Mimblewimble miners take all individual transactions that would have been included in a block and instead turn the…