What is Grin and MimbleWimble?
This week, we take a look at one of the hottest topics circulating around the cryptocurrency world at the moment: the MimbleWimble protocol, and its first open source implementation, Grin. We explain the appeal of these technologies and why they might very well be the next big thing in digital currency.
The notion that changes need to be made to the Bitcoin Network and protocol in order for it to achieve scalability on a global level is nothing new. Bitcoin is slow, clunky, resource-consuming and at times, expensive to transact. As we frequently discuss here at CoinClarity, the introduction of both SegWit and Lightning Network have done a great deal to help this cause — but what if there was a better solution out there that could not only reduce the information necessary to continue operation of the blockchain, but actually decrease the size of the blockchain as time went on? Better yet: what if it could do this while simultaneously anonymizing each and every transaction it recorded?
That’s what Grin and MimbleWimble are attempting to accomplish, and so far, they’re off to a pretty good start. In this article we discuss both topics one at a time in order to help crypto users get a better idea of what’s going on and help them understand why they’re such a big deal, trying to break them down in the simplest, most basic terms possible. It wasn’t an easy task, and to truly understand how these concepts operate one requires an advanced understanding of cryptography as applied to cryptocurrencies and the blockchain. First, let’s talk a little bit about MimbleWimble.
What is MimbleWimble?
At its essence, MimbleWimble is a design for a blockchain that is quite different from the bitcoin blockchain, and all others for that matter. What does the word “MimbleWimble” mean, and where did it come from? Taken from the Harry Potter series, “Mimblewimble” is a spell that when cast binds an individual’s tongue to keep them from talking about a specific subject; more specifically, to prevent them from casting another spell. This alludes to the fact that by design, all sender, recipient, and transaction information is anonymized and cannot be deduced from looking at the blockchain. These features render MimbleWimble extremely unique in terms of blockchain architectures and makes it is probably the most privacy-centric ledger for a cryptocurrency ever developed.
One of the other interesting things about MimbleWimble is that it can be implemented as a side chain or “soft forked” (a backwards compatible fork) into bitcoin itself, meaning it does not necessarily have to be a competitor to bitcoin, but rather a solution to bitcoin’s scaling problems.
"Segwit, Schnorr signatures, MAST, MimbleWimble, Bulletproofs, Confidential Transactions, Sidechains, Drivechains, Lightning Network, and moar that hasn't been thought of yet. Tell me again how Bitcoin isn't going to scale or have privacy?" – Reddit
— Dennis Parker⚡️ (@Xentagz) November 11, 2018
MimbleWimble blockchains are quite smaller than traditional blockchains as well, which is accomplished by reorganizing and streamlining data considered essential to the function of the blockchain. For instance, instead of including public signature data for every input and output into a transaction, this data is all represented as a single value known as an “elliptic curve point.” This value cannot be generated in any other way other than by the direct combination of all public keys involved in a transaction.
In addition, all spent outputs are removed from the blockchain, thus allowing it to remain lean and manageable. This idea was first expanded upon by Bitcoin Core developer Gregory Maxwell, known as CoinJoin. Though it was never really implemented in bitcoin, the basic idea was this:
Say sender A sends 1 BTC to recipient B, then B sends 1 BTC to recipient C before the initial transaction is confirmed. Does the blockchain really need to know that B ever held 1 BTC at all in order to continue functioning?
The answer is “no.” This idea can be spread to a who series of senders and recipients that have related inputs and outputs that have yet to be confirmed by the blockchain. As explained by Maxwell in a Bitcointalk forum post:
“This transformation is lossless with respect to the final coin ownership, but the intermediate transactions were cut-through. This works even if the original coin ending up in the final outputs came from multiple parties, as they can coinjoin to preserve the final outcome.
Because the replacements are atomic and consume the original inputs this transformation is safe, assuming people in the middle can handle any accounting complications that arise. (E.g. figuring out that their payment really was completed). So you’d want to have a way of signaling ‘I permit you to conflict this transaction with one that pays its children, if you can figure out how’.” – Gregory Maxwell
Thus, as applied to MimbleWimble, this means that data pertaining to spent outputs can be erased from the blockchain entirely, not only keeping the bloat of the blockchain down but allowing it to actually decrease in size if several spent outputs are removed at once. Only one small piece of data (known as a kernel, which is about 100 bytes in size) from each transaction needs to be retained in order for a MimbleWimble blockchain to function and keep accurate records of who owns what.
MimbleWimble in < a tweet: People agree to create a tx exchanging a certain amount. Some add inputs equalling the amount, others create outputs claiming it. Individual in/output amounts hidden. Chain can't know amounts, but can still validate In+Out=0 & No new money created. Fin.
— Yeastplume (@yeastplume) September 17, 2018
In order to MimbleWimble to work successfully as a ledger, the exact sequence of transactions does not need to be publicly verified because the total sum of inputs and outputs must always equal zero, plus the number of new coins mined in each block. Like with bitcoin, coins cannot be artificially created by manipulation of blocks and transactions — unless the network is “51% attacked” and the majority of nodes replace the correct blockchain with an altered version.
The author of the original MimbleWimble whitepaper referred to himself as “Tom Elvis Jedusor,” which is the name of Harry Potter character Voldemort in the French edition of the novel series. The anonymous author posted the white paper using a Tor (“.onion”) website which was taken down long ago, making it impossible to find out where the site was located or who created it. However, the idea was so compelling that it immediately sparked interest among several Bitcoin Core developers that began testing its validity and feasibility as blockchain for a cryptocurrency.
Mimblewimble: when you take Confidential Transactions (CT), strip it of scripting behavior, & use the 'blinding keys' as signing keys, you get a more private, more efficient scheme. It has the magical properties of CTs w/o the performance hit & w/o compromising security.
— Chjangø Unchained ⛓ (@chjango) January 18, 2019
What is Grin?
Grin is a cryptocurrency that uses an implementation of the MimbleWimble protocol. A few months after the single appearance of Tom Elvis Jedusor, another Harry Potter-related pseudonym appeared on the same IRC channel to announce that they had developed the first open source implementation of MimbleWimble, which was Grin. A repository published on GitHub by “Ignotus Peverell” contained the software necessary to begin testing a beta net version of Grin, and thus Grin was born.
First block found! https://t.co/KCmVHTYoWu
— 😶 (@grinMW) January 15, 2019
A little more than 2 years and 2 months later, after a very thorough period of beta testing and developing, the Grin main net was launched, on January 15th, with the original MimbleWimble white paper as written by Jedusor expanded upon by Andrew Polestra of WPS Software. Though Jedusor and Peverell are accredited with the invention of MimbleWimble and Grin, it was Polestra’s guidance and perseverance in realization of the idea that helped bring Grin to fruition. In his updated version of the white paper, Polestra introduces MimbleWimble and Grin as the following:
“Mimblewimble is a design for a cryptocurrency whose history can be compacted and quickly verified with trivial computing hardware even after many years of chain operation. As a secondary goal, it should support strong user privacy by means of confidential transactions and an obfuscated trans30 action graph.
This precludes such functionality as zero-knowledge contingent payments, cross-chain atomic swaps and micropayment channels. Further research is needed to emulate these functionalities on top of Mimblewimble…” – Andrew Polestra
Happy birthday to Grin for mining the first block! The next blocks will take awhile as the difficulty readjust from the high https://t.co/GG2DfcoOO0#grin $grin #Mimblewimble pic.twitter.com/nUZ1nyCxj6
— tmlee (@tmlee) January 15, 2019
Though it is possible to mine the coin using Windows, most mining and wallets that have already been developed are for iOS and Linux, with a C++ wallet still in the works. Grin can already be traded on a few different exchanges, but investors should be reminded that the project is still highly experimental, and due to the coin’s initially high rate of emission (60 coins generated every 60 seconds), the coin will be highly inflationary at first, with a strong potential of decreasing in price before a reasonable estimate of its actual value can be determined.
Don't get burnt by MimbleWimble hype.
On the dawn of @grinMW's MainNet launch, we're witnessing the birth of truly fungible, trustless P2P cash.
Despite the long term promise of $GRIN, short term prospects of fair launch PoW coins are grim.
— NM (@ByteSizeCapital) January 15, 2019
It is best to remember that Grin is unlike anything else that the crypto market has seen before, and along with potential rewards for early adoption of this innovative piece of technology come risks of its failure via some undiscovered bug or flaw in its software. Let’s quickly go over a comparison of Grin to BTC, as it is important to understand the differences between the two coins.
Ways in Which Grin is Like Bitcoin:
- Is a cryptocurrency that uses a blockchain-based ledger system
- Is secured by Proof of Work (PoW)
- Miners are incentivized by coin rewards
- Has regular block times with auto-adjusting mining difficulty levels
Ways in Which Grin is Unlike Bitcoin:
- Uses a massively prune-able blockchain in which spent outputs are deleted, and neither sender/receiver or transaction amount information is stored
- Uses a different hashing algorithm (cuckARoo29 instead of SHA256D)
- Miner rewards remain consistent (no reward halving, unlimited supply)
- Block time lengths are 1 minute instead of 10
- All sender/receiver and transaction amount information is encrypted
- Does not use addresses in the classical sense, but rather an IP addresses or end-to-end cryptographically secured service (such as a Keybase or Grinbox address)
It is the first and last of these differences that really sets Grin apart from bitcoin and most other coins, and what makes it an exciting development in the world of cryptocurrency.
Now, let’s quickly summarize the pros and cons of Grin; it’s important to remember that there are indeed cons, and why this new piece of software needs to be approached with caution before going “all in” as an investor.
Grin Pros and Cons
Pros: Highly anonymous (no addresses or amounts recorded to the blockchain), fast (60 second block times), scalable (size of blockchain is dependent on amount of active users rather than amount of addresses).
Cons: sacrifices some functionality (scripting), highly experimental and may contain some bugs or coding flaws, not necessarily a proven store of value.
Grin payments require a three-way process that also renders it a bit different from bitcoin and any other cryptocurrency transaction. These can be done automatically through an IP address or keybase, or can be conducted manually:
- Sender runs grin wallet send -m file -d FILE.txt GRIN_AMOUNT, which creates the file FILE.txt.
- Sender gives FILE.txt to the recipient.
- Recipient runs grin wallet receive -i FILE.txt, which creates another file FILE.txt.response.
- Recipient gives FILE.txt.response to the sender.
- Sender runs grin wallet finalize -i FILE.txt.response, and the transaction is finalized.
As we mentioned earlier, there are no addresses in Grin. Instead, two wallets communicate with each other to exchange data, during which the recipient creates and sends an address to the sender. Obviously, this is also different from what cryptocurrency users are used to. Grin requires that recipients be aware of incoming transactions. This is a process that can be automated but if it is not, Grin cannot be sent to another user until the recipient verifies incoming receipt from the sender.
What’s Under the Hood
The information stored in a Grin block is also pretty different; mainly because it is a much smaller set of data than stored in a bitcoin block. Here’s what the information in a Grin block looks like:
|Age||2019-01-17, 23:33:46 UTC|
|Total Kernel Offset||143f49480626e10d126d12a5b33d4732455c6b11343344ddcec63c22fa2f0170|
|Block Reward||60 grin|
What transaction inputs look like:
What transaction outputs look like:
Once an input/output has been entirely spent, it is retroactively removed from the Grin blockchain, thus reducing the overall size of the blockchain. The final component, and always necessary to include in the blockchain, kernels, look like this:
In short, Grin and MimbleWimble are revolutionary new developments in the field of cryptocurrency which make the most out of the cryptographic principles initially employed by bitcoin. Grin is a drastic departure from pre-existing Proof of Work coins and solves a few major issues from which bitcoin suffers: scalability, speed, and privacy. That being said, it is still in its very early stages and has a long way to go before it can prove itself to be a technically sound, trustworthy and widely-adopted model for a cryptocurrency, and investors should be aware of these factors before plunging head-first into it.
Further resources for understanding Grin and MimbleWimble:
A Short History of MimbleWimble on Medium
MimbleWimble for Bitcoiners on Medium
Introduction to MimbleWimble and Grin on GitHub
Andrew Polestra’s PowerPoint Presentation of MimbleWimble and Grin on YouTube