Community Submission - Author: William M. Peaster.
Mimblewimble (MW) is a blockchain design that employs a novel way of structuring and storing transactions. It’s a different implementation of a Proof of Work (PoW) blockchain that allows for increased privacy and better network scalability.
The Mimblewimble design was introduced in mid-2016 by pseudonymous Tom Elvis Jedusor. Although he managed to share the core ideas, the first Mimblewimble document left some questions open. This led Blockstream researcher Andrew Poelstra to study and improve the original concept. Soon after, Poelstra wrote a paper entitled Mimblewimble (published in October 2016).
Since then, many researchers and developers are studying the possibilities of the MW protocol. Some say that implementing it on Bitcoin would be quite difficult, though technically possible. Poelstra and others believe Mimblewimble may eventually improve the Bitcoin network as a sidechain solution.
How Mimblewimble Works
Mimblewimble changes the traditional model of blockchain transactions. It allows for a blockchain to have a more compact history, which is easier and faster to download, synchronize, and verify.
In a MW blockchain, there are no identifiable or reusable addresses, meaning that all transactions look like random data to an outsider. The transaction data is only visible to their respective participants.
So, a Mimblewimble block looks like one large transaction rather than a combination of many. This means that blocks can be verified and confirmed, but they give no details about each transaction. There is no way to link individual inputs with their respective outputs.
Consider the following example. Alice receives 5 MW coins from her mom and 5 from her dad. Then, she sends those 10 coins to Bob. The transactions are verified, but their details aren’t public. The only thing Bob knows is that Alice sent him 10 coins, but he can’t tell who previously sent those to Alice.
To move the coins on a Mimblewimble blockchain, the sender and receiver must exchange verifying information. So we still need Alice and Bob to communicate, but they aren’t required to be online at the same time for the transaction to happen.
Also, Mimblewimble employs a feature called cut-through, which reduces the block data by removing redundant transaction information. So instead of recording each input and output (from Alice’s parents to her, and from Alice to Bob), the block would only record one input-output pair (from Alice’s parents to Bob).
Technically, the Mimblewimble design supports and extends the concept of Confidential Transactions (CT), proposed by Adam Back in 2013 and implemented by Greg Maxwell and Pieter Wuille. Simply put, CT is a privacy tool that hides the amounts of blockchain transfers.
Mimblewimble vs. Bitcoin
The Bitcoin blockchain has maintained the data of every transaction since the genesis block, meaning that anyone is able to download and verify its public history - transaction by transaction.
In contrast, a Mimblewimble blockchain only keeps the essential information - while also providing more privacy. The validators make sure that no unusual activity happens (e.g., double spending), and that the amount of coins in circulation is accurate.
Other than that, Mimblewimble removes the Bitcoin scripting system, which is a list of instructions that defines how transactions are structured. The script removal allowed MW blockchains to be more private and scalable. More private because addresses can’t be traced at all, and more scalable because the blockchain data is smaller.
So, another key difference between Bitcoin and Mimblewimble is the relative data size of their blockchains - which is related to the previously discussed cut-through feature. By removing unnecessary transaction data, Mimblewimble requires less computational resources.
Advantages
Blockchain size
As mentioned, Mimblewimble allows for data compression, reducing the overall blockchain size. Nodes can verify transaction history much faster, using considerably less resources. Besides, it’s easier for new nodes to download and synchronize with a MW blockchain.
The reduced costs to join the network and run a node may eventually lead to a more diversified and distributed community, which would likely reduce the centralization of mining common in many PoW blockchains.
Scalability
Eventually, Mimblewimble may be used as a sidechain solution that could be attached to Bitcoin or another parent chain. The MW design may also improve the performance of payment channels, such as the ones used by the Lightning Network.
Privacy
The removal of the Bitcoin scripting system, combined with the use of Confidential Transactions brings a high level of user privacy, obfuscating the details of transactions.
In addition, coins that are based on Mimblewimble blockchains can be considered fungible. The property of fungibility is what makes every unit of a coin interchangeable with any other unit of the same coin (they are indistinguishable).
Limitations
Transaction throughput
Confidential Transactions tend to reduce transaction throughput significantly due to the larger data size. So when compared to a non-private system, a blockchain that uses CT has more privacy but lower TPS rates (transactions per second).
Still, we may say that the compact size of MW makes up for the TPS limitation caused by the Confidential Transactions. It's also worth noting that the transaction throughput depends on other factors, such as block size and frequency.
Not quantum-resistant
Generally speaking, the Mimblewimble protocol is not resistant to quantum computers as it relies on relatively simple properties of digital signatures. But, a mature quantum computer is still decades away, and cryptocurrencies using Mimblewimble will likely find ways to prevent quantum attacks in the coming years. In fact, some solutions are already being experimented with (e.g., Switch Commitments).
Closing thoughts
The introduction of Mimblewimble marks a notable milestone in blockchain history. On the one hand, the cut-through feature makes MW networks cheaper and easier to scale. On the other hand, the MW protocol may be implemented as a sidechain or payment channel solution, allowing for more privacy and scalability.
So far, a few blockchain projects are working with the Mimblewimble design, including the Litecoin team. Grin and Beam are two other examples. While Grin is a community-driven project working on a lightweight proof of concept of the MW protocol, Beam adopts a startup-like approach. While both projects are based on Mimblewimble, they are technically distinct as each has a particular way of implementing the MW design.
An open question, for now, is whether Mimblewimble can achieve a significant level of reliability and adoption. It is an exciting and promising idea, but also very young. As such, the potential use cases are under investigation, and the future of Mimblewimble remains uncertain.