MimbleWimble, a protocol focused on fungibility, privacy, and scalability, was released in the wild in July 2016 on IRC channel #-wizards by pseudonymous Tom Elvis Jedusor. The paper proposed a novel way of combining transactions to improve the privacy features in a public .
Jedusor’s paper was built on the work of another from 2013 using one-way aggregate signatures (OWAS), which required a novel cryptographic primitive, , which wasn’t well trusted in academia. It also drew inspiration from Confidential Transactions and CoinJoin, two privacy proposals by Core developer .
The original MimbleWimble paper used the same elliptic curve cryptography uses, catching the attention of many researchers including , a mathematician and applied cryptographer at Blockstream, who further improved on the MimbleWimble white paper, releasing a in October 2016. Poelstra’s work has long been focused on privacy, having worked on Confidential Transactions and scriptless scripts in .
Originally, it was envisioned that MimbleWimble could either be integrated as an upgrade to or exist as a sidechain, but , co-founder of Blockstream and a Core developer, clarified some of the challenges to integrating it as a backwards-compatible change on a:
“Introducing mimblewimble into in a backwards-compatible way would be a difficult exercise. It may not be impossible, but it would be hard. I think the way if people were experimenting with this, I would expect it to be an experimental separate chain or sidechain. In a sidechain we would not introduce a new but it would be a separate chain. There are some downsides to mimblewimble. In particular, it does not have a scripting language…a scripting language is very neat to play with, but it has a privacy downside. Mimblewimble takes this to the other side where you have very good privacy but at the expense of no other features any more.”
The trade-off made by MimbleWimble excludes an expressive scripting language, which allows for innovations such as payment channels (e.g., the Lightning Network) and cross-chain atomic swaps, both of which launched in in 2017. Since then, two separate implementations of the MimbleWimble protocol have emerged, both with different considerations around community, ethos, funding, and technical details.
The first implementation, , which has become synonymous with MimbleWimble, was released just a few days after Poelsta’s position paper. Pseudonymous , the original owner of Harry’s invisibility cloak, created the Github project ignopeverell/grin, where he provided a of the protocol written in Rust, in addition to posting his vision for the project’s ethos.
In March 2017, Peverell posted to Grin and MimbleWimble (as the name is now stylized), which serves as the principle reference to the protocol’s specification today. To date, the project is still maintained by a group of mostly anonymous developers, several of whom have taken on Harry Potter pseudonyms in line with the original ethos of the project (including Luna Lovegood, Seamus Finnigan, and Percy Weasley). The first Grin testnet was launched in November 2017 and the project is currently on testnet 4, the last before the project’s mainnet launch.
The second implementation, , is a project started in March 2018 and was formally announced on the one year anniversary of the original Mimblewimble paper release. BEAM was presented in a (along with a fully functional node and client) and took on a more formal structure , in stark contrast to Grin’s anarchic, open-source ethos. The BEAM team is led by CEO , an Israeli entrepreneur.
With a defined management/engineering team, pre-, a formal foundation, and founder’s tax, BEAM took a very different approach to present a competitive alternative to Grin in the market. In addition to creating the formal structure around the project, the BEAM team made different technical choices to Grin, including decisions related to the monetary policy and hashing algorithm (which are explored below).
BEAM launched in early January 2019 with a on hash-rate.
Understanding bitcoin’s UTXO model and cryptographic primitives
Note: This, by no means serves as a comprehensive introduction to or cryptography, but provides enough context such that the uninformed reader should be able to follow along.
From the earliest days, privacy and fungibility have been core concerns of users. Through complex network analysis and analysis, has seen many attempts to de-anonymize transactions. While have emerged where privacy is a top priority (e.g., and Zcash), has also seen significant privacy and fungibility improvements at both the protocol layer and the transaction layer.
Both Grin and BEAM use the same unspent transaction output (UTXO) model that uses, in contrast to other account-based such as .
When 90k satoshis are sent via new transactions TX1 and TX2, two outputs are generated (40k and 50k satoshis respectively) to an address with an amount determined by the sender.
, Grin, and BEAM all allow for this through the use of. At a very high-level, a hash function allows you to take an input, apply a cryptographic hash function or CHF (which is a standard transformation) and get a fixed-size output (called a digest). This is illustrated below.
Most importantly: the magic of CHFs represent an asymmetry between an attacker and a defender. What does this mean? It’s really easy to hash an input, but really, really hard (impossible in human-time with the world’s supercomputers) to reverse a digest to get the original input. This is a good thing: the majority of the world’s internet security assumptions, from passwords to public/private keys are hashed and the assumption holds until we have meaningfully powerful quantum computers.
Published at Sun, 13 Jan 2019 18:12:42 +0000
