What is MimbleWimble?
MimbleWimble is a new, lightweight blockchain protocol that is both scalable and enables private transactions. It achieves this by means of some powerful cryptography and a different approach to recording value compared to Bitcoin’s blockchain.
Now ten years old, Bitcoin was and remains absolutely groundbreaking. As the original implementation of blockchain technology, it enables users to transfer value directly online, peer-to-peer, without the need for middlemen like banks or payment processors, for the first time in human history.
Unspent outputs (UTXOs)
While Bitcoin is remarkable, it is also inefficient in the way it operates. When a user sends BTC to a recipient, they are not simply changing an entry on a database like a bank might update your balance. Instead, you are selecting one or more batches of coins that you have previously received; proving that you genuinely own them; and then lodging an entry on the blockchain that registers part or all of each of these to their new owner.
These batches of coins are known as ‘unspent outputs’, or UTXOs. You can think of them a little like pots of sand, with each grain being a satoshi – the smallest unit of a bitcoin (0.00000001 BTC). You might hold dozens or hundreds of pots of sand of different sizes, and when you pay someone else you can split or combine pots in whatever way you want. But you must prove, by means of your private key, that you own each pot. And to prove that you are the rightful owner, you must prove that the person who sent you each pot was the rightful owner, and so on, back to the point where the coins were first mined into existence.
That, in turn, means the nodes that maintain the Bitcoin network have to keep a copy of every transaction that has ever been made between every Bitcoin user since the very beginning. That requires a large and rapidly-growing amount of storage space, and it requires the computational resources to plough through the data to check that new transactions are legitimate. In addition, the requirement that every transaction is stored forever means that bitcoin – despite its reputation – is far from private. The information is there for anyone to see.
A new approach
MimbleWimble was proposed in 2016 by an anonymous developer, in response to these issues of privacy and scalability. ‘Tom Elvis Jedusor’ (the French version of Tom Riddle, Lord Voldemort’s name as a schoolboy in the Harry Potter books) dropped a link to his ideas in a Bitcoin developers’ chatroom. You can read the paper here, though it’s not very accessible unless you’re familiar with cryptography and other aspects of blockchain technology. ‘MimbleWimble’ is named after a tongue-tying spell from Harry Potter, incidentally, because the MimbleWimble blockchain is structured to prevent it giving up its secrets.
Like Bitcoin, MimbleWimble combines several different technologies to entirely new effect. In this case, it enables a step-change up from previous blockchain solutions. MimbleWimble’s use of cryptography and its approach to recording transactions means that no amounts and no addresses need to be stored on the blockchain; while other privacy-focused blockchains seek to obscure this key transaction information, MimbleWimble manages to avoid storing it at all. UTXOs are not registered to an address, as they are in Bitcoin, and proving you own them does not involve making sensitive data publicly available; similarly, the size of the transaction is shielded by cryptographic proofs that simply demonstrate that no new coins have been created, and that the transaction is therefore legitimate – not who is sending how much to whom.
Two other features improve scalability and privacy. Transaction cut-through prunes out transactions that are not needed. This means the whole blockchain can be treated much like a single large block with many inputs and many outputs, rather than a long sequence of inputs and outputs, many of which offset and cancel each other out. If Alice sends Bob 100 coins and Bob sends them all back to Alice, that transaction might as well never have happened; similarly, if Alice sends Bob 100 coins and Bob sends Charles 100 coins, Bob can be left out of the accounts altogether. Extend that approach across the whole blockchain and MimbleWimble not only improves privacy by chopping out redundant txs, but slims the blockchain down in the process.
Finally, MimbleWimble’s network uses a protocol called ‘Dandelion’, which helps to hide who is broadcasting a transaction. The package of data first takes several hops from one random node to another, before it is broadcast more widely to the network, making it extremely difficult to know where it originated.
Opportunities and challenges
These features make MimbleWimble a very promising protocol, and one that will doubtless be used by many new blockchain projects and incorporated into existing ones. Grin and Beam both implemented it in their platforms in January 2019, and Charlie Lee has considered using it for confidential transactions on Litecoin.
However, MimbleWimble’s differences from previous iterations of blockchain technology also raise potential difficulties that will need to be overcome. For example, because both parties to a transaction must exchange some data (a ‘blinding factor’) to hide the amount being transferred, both wallets must be online at some point to agree and sign this information. In many cases, the data will be exchanged in real time and the transaction finalised then and there, much like handing over cash in person. But in other instances, connecting to receive money will be inconvenient, and the need to be connected at some point rules out cold storage in the conventional sense. A different approach will also need to be taken to scripting, which enables functionality like multi-signature addresses and the Lightning Network in Bitcoin. This is important, since second-tier solutions will be needed to improve throughput – MimbleWimble’s scalability is higher than Bitcoin’s, but not enough for it to underpin a form of everyday currency.