Let's Talk Privacy: Mimblewimble vs. Confidential Transactions

Specifically Blockstream’s Confidential Transactions (CT) transactions in the Liquid Network. This article explains CT.

My lager imbued meeting with Adam Back and other bitcoiners in a sushi restaurant in Malta a few weeks back gave me the opportunity to ask the cypherpunk all manner of questions, including what he thought about Mimblewimble (MW).

Adam compared MW privacy to CT, giving me the impression he thought they were more or less the same, and then (IIRC) mentioned something about the former using range proofs whereas the latter uses signatures. To balance my excitement he also mentioned the large MW transaction sizes (in bytes) after I espoused the blockchain trimming cut through stuff which MW offers.

Transactions graphs also came up, these being bad for privacy, as did the obfuscation of transaction amounts; in this context I mentioned MWixnet which I don’t think Adam had heard of.

Fortunately, Adam is familiar enough with MW that my inarticulate phrasing of technical questions was well understood by the English mathematician. He understood what I was saying even though that was not always the case with tables turned.

We spoke of Poelstra at this juncture; the hirsute cryptographer who works at Blockstream but also rewrote the MW paper, and was the first person to react to Tom Elvis Jedusor’s publication of the original MW whitepaper in bitcoin-wizards IRC. But I digress from this topic.

So here are my questions for discussion:

  1. How similar is Mimblewimble to Confidential Transactions. What advantages do they offer over each other, on paper and in implementation (i.e. Grin vs Liquid)?
  2. Could transaction sizes become a problem for MW / Grin?
  3. How to solve transaction graph breaking privacy and how is this handled in Liquid Network, if at all?
  4. Privacy coins are banned from most exchanges, but should Grin be on that list if MW offers similar levels of privacy to Bitcoin’s Liquid Network?

Apologies if these questions have been addressed before, but in the event perhaps some succinct recaps would be useful to others besides myself. I’ll DM Adam with a link to this forum post in case he’d like to chime in and/or correct my recollections, thanks!

4 Likes

Privacy is a human right ,Privacy coins a guarantee of freedom
If the government prohibits privacy coins due to privacy concerns, it is illegal for the government; If the legislative body legislates to prohibit privacy coins, then this law is an evil law that violates natural law.
People have the right to resist such laws.Supporting privacy coins is a rebellion against authoritarian governments, just like the society in Orwell’s 1984 and Aldous Huxley’s Brave New World
Most exchanges dare to break the law for profit, Binance and Gate.io are not fully legal in China and are also illegal in the United States, but they are profitable businesses for coin exchange, so there are still many transactions.
The reason why the exchange removed privacy coins is because there are not many users of privacy coins,If there are as many privacy coin users as Bitcoin users, the exchange will not easily remove privacy coins.
greetings to Adam Back , who is very famous in China with the spread of Bitcoin and cryptocurrencies.

隐私是一种人权,隐私是自由的保障
如果政府因为隐私而禁止隐私币,那是政府违法;如果立法机构立法禁止隐私币,那这种法是恶法,违反自然法的法律。
支持隐私币,就是反抗极权政府,如同奥威尔《1984》和《美丽新世界》中的社会
向亚当贝克问好,随着比特币传播,亚当贝克在中国很有名。

1 Like

I’d be remiss not to whip out the mimblewimble paper which goes into these specific questions:

These solutions are very good and would make Bitcoin very safe to use. But
the problem of too much data is made even worse. Confidential transactions
require multi-kilobyte proofs on every output

Bitcoin today there are about 423000 blocks, totaling 80GB or so of data on
the hard drive to validate everything. These data are about 150 million transactions
and 5 million unspent nonconfidential outputs. Estimate how much space the number of transactions take on a Mimblewimble chain. Each unspent output is around 3Kb for
rangeproof and Merkle proof. Each transaction also adds about 100 bytes: a k*G value and a signature. The block headers and explicit amounts are negligible. Add this together and get 30Gb – with a confidential transaction and obscured transaction graph!

Now, we have used Dr. Maxwell’s Confidential Transactions to create a
noninteractive version of Dr. Maxwell’s CoinJoin, but we have not seen the last of marvelous Dr. Maxwell!

  1. See MW and CT in this chart [1].
  2. Not much for Grin since historical txs only take ~100B on chain.
  3. Handled with MWixnets on Grin, not handled on Liquid.

[1] Scalability vs privacy chart

6 Likes