Mimblewimble. The technology behind BEAM
If you are a Harry Potter fan, you have probably come across the phrase “Mimblewimble” before. It is a tongue-tying curse that stops its target from talking about a specific topic or subject.
Mimblewimble is now a famous phrase in the cryptocurrencies world as well. In crypto-jargon it refers to the name of a newly trending protocol. The Mimblewimble protocol relies on strong cryptographic primitives. It provides an excellent framework for a blockchain that has good scalability, privacy, and fungibility.
In this guide, we are going to explore this innovative protocol. We’ll talk about what it is, how it works, its main applications, and the top players who’ve already implemented it.
The idea has been around for decades, although the name and its application to cryptocurrencies are recent.
Mimblewimble uses a form of elliptical-curve cryptography that requires smaller keys than other cryptography types. In a network that is using the Mimblewimble protocol, there are no addresses on the blockchain and the network’s data storage is highly efficient.
Mimblewimble requires only about 10% as much data storage as the Bitcoin network. This makes Mimblewimble highly scalable for storing the blockchain, significantly faster and less centralized. Furthermore, the nature of the protocol allows for private transactions that are highly anonymous (more about this later).
Harry Potter fans rejoice! Another reference has made its way from the fictional world of magic into the one we actually live in. The Mimblewimble Whitepaper was first published in July 2016 on the Bitcoin research channel under the pseudonym ‘Tom Elvis Judisor’ – the French name for the man who became Harry Potter’s nemesis, Voldemort.
Shortly after the whitepaper was published, near the end of 2016, another anonymous author using the pseudonym ‘Ignotus Peverell’ (the original owner of the invisibility cloak from the Harry Potter universe) started a Github project with using the Mimblewimble protocol. This project is called Grin, which released its Mainnet on January 15, 2019. Mimblewimble has also been implemented on another newly introduced application called. We will cover both Grin and Beam later in this article.
To understand Mimblewimble, you first need to understand Bitcoin’s UTXO (unspent transaction output) model. If you are paying with fiat, a transaction would go as follows:
If Alice gives Bob 1 USD
Alice: -1 USD
Bob: +1 USD
It’s not the same in the Bitcoin network. BTC transactions are made of several inputs and outputs that go from the sender to the receiver. If you’ve checked your recent Bitcoin transactions, you’ve probably seen both inputs and outputs from your account on the blockchain.
Bitcoin works as follows:
Alice wants to send 1 BTC to Bob. Instead of just deducting one Bitcoin from Alice’s wallet, the network bundles up multiple inputs from previous BTC transactions that were sent to Alice to balance the one coin Alice sends to Bob. Therefore, this Bitcoin transaction could look something like this:
Alice: – (0.1+0.25+0.35+0.3) BTC where A+B+C+D are all inputs that have been bulked together
Bob: + 1 BTC
In this example, Alice’s 1 BTC was made up of four inputs. But there are cases in the Bitcoin network when one transaction has hundreds of inputs. Furthermore, if the sum of the inputs is greater than the transaction amount, the transfer will create an additional output. This way, the first output will include the exact amount that will go to the receiver, and the rest will be returned to the sender. As every transaction has to be individually signed by wallet software, the network has to process tons of data. This process is highly inefficient.
This is where Mimblewimble truly starts to shine. As mentioned before, the protocol utilizes a much more efficient system that eliminates the need for inputs and outputs. The UTXO model is replaced by one multi-signature model for all inputs and outputs. These are called Confidential Transactions. If Alice wants to send Bob a coin, both Alice and Bob create a multi-signature key that is used to verify the transaction.
Confidential Transactions use the Pedersen Commitment scheme, meaning there are no addresses required. Instead, the parties share a ‘blinding factor.’ The blinding factor encrypts the inputs and outputs of the transaction, along with both parties’ public and private keys. This blinding factor is shared secretly between the two parties engaged in the transaction. Due to the blinding factor replacing addresses, only the two parties to a transaction know that they were involved in that transaction. This keeps the privacy of the network extremely high.
The Pedersen Commitment scheme works as follows:
Full nodes deduct the encrypted amounts from both the inputs and outputs, creating a balanced equation that proves that no coins were produced out of thin air. The node does not know the actual amount of the transaction at any point during the process.
The only verification needed for the Mimblewimble protocol is to check that no new coins were created and that the parties taking part in the transaction have ownership of their keys. Both verification processes use the blinding factor to keep the transaction value private. Here is an example of the process:
The above simple example shows that no new coins were created – indicating that the net balance is zero.
A secret number (10) – the blinding factor – is added to this calculation and is multiplied by all variables. This is used to obscure the original values.
In this equation, both the blinding factor – which was 10 in the second equation – and the values remain private while still allowing others to verify that no new coins were created in the transaction.
With Mimblewimble, the blinding factor is a combination of the public and private keys. This way, in addition to proving that no new coins were created, the parties can prove that they are the owners of their keys.
The parties to the transaction are both given a multi-signature header at the end of the transaction. This multisig header consists of all the inputs and outputs that were merged during the transaction.
When it comes to scalability, the most important feature of the Mimblewimble protocol is ‘Cut Through.’
A single block consists of hundreds of transactions as well as plenty of information that needs to be stored on the blockchain. However, these blocks can be compressed with Mimblewimble’s Cut Through feature as a large part of the information can be removed from the blocks without risking the security of the blockchain.
Here’s a simple example:
In this case, a typical block has two UTXOs. The first UTXO will hold the input for 1 BTC and reflects how it got to Alice. The output for the first UTXO is the result of the transaction, which verifies that the Bitcoin is now owned by Bob. The second UTXO consists of the output of the first UTXO – which is now the input of the second UTXO – and the output of the second transaction to Charles.
Mimblewimble eliminates the output of the first transaction and the input of the second transaction. This means there is only one input and one output needed to verify how Alice got her 1 Bitcoin and how Charles received his.
This compresses the size of the blockchain, making Mimblewimble much lighter in terms of required data storage.
As of January 2019, two ASIC-resistant coins have implemented the Mimblewimble protocol. Grin has been in development since late 2016. The Mainnet was launched on January 15, 2019. Beam also already has a working Mainnet.
While the two coins use the same protocol – Mimblewimble – there are also vast differences between them. Beam has a corporate structure. The company has collected VC funding and hired a development team. This has helped them to win the development race against Grin. Beam’s foundation relies on the percentage of the block rewards it receives to support the development of its network. It will shift from its current corporate structure to a true non-profit foundation in 2019, while the company will move to build business use cases on top of the Beam currency. On the other side of the coin, Grin has a governance structure aligned with cyberpunk ideology that aims to empower community-driven decentralization. There’s no ICO or token pre-mining, and the developers are all volunteers.
The two coins differ in usability and their audiences as well. Beam has a more “professional” stance in regards to the cryptocurrency’s use-cases. Their development team has built a simple e-wallet interface that is aimed at being user-friendly and implementable on different operating systems (including Mac, Windows, and Linux). This way, the ordinary crypto enthusiast can access the Beam blockchain. Grin, on the other hand, is not as user-friendly. The coin only works with a command-line wallet, which is primarily accessible to more tech-savvy users.
Grin utilizes the ‘Rust’ programming language, while Beam was coded in C++. This is not a significant difference between the two currencies. The same can’t be said of the economic models they employ. Beam’s goal is to be used as an anonymous store of value, where Grin developers argue that their coin should be used as a “currency” instead of a store of value. Grin supporters don’t want to “unfairly reward” early adopters; instead, they aim to increase adoption.
When it comes to mining, both currencies use the modified versions of the Equihash algorithm. While both coins are ASIC-resistant, their goals are different. Grin seeks to fully implement their version of Equihash (Cuckoo Cycle) within two years. Beam wants to use an ASIC-resistant mining algorithm for 12 months to give GPU miners a head start.
Now, let’s see how these two coins compare to the three most popular privacy coins: Zcash, Monero, and Dash.
According to critics, Zcash’s ring signatures and zk-SNARK’s are too computationally intensive, which results in slow and expensive transactions (compared to Beam and Grin).
Monero uses ‘mixins’ to keep transactions private. According to one analyst, 64% of all inputs do not contain mixins – meaning those transactions are not actually private. Other researchers have argued that up to 80% of Monero transactions could be traced.
Dash is considered the most centralized of all privacy coins. This centralization makes a cryptocurrency less private. While Dash does have advantages in terms of its scalability, people who wish to remain entirely anonymous will probably be discouraged from using the coin because of its increased centralization.
While Monero and Zcash are popular privacy coins that are widely used in the crypto community, their networks could definitely be improved by implementing new technologies such as Mimblewimble.
If the creators of more mainstream coins (which can include non-anonymous currencies, such as Bitcoin) move more in the direction of Grin and Beam, cryptocurrencies can become private and anonymous again.
