Scalability vs privacy chart

Chart showing chainsize growth rate (in terms of size of historical 2-input 2-output tx / 100 bytes)
versus privacy leaks. CT=Confidential Transactions. MW=Mimblewimble. RingCT=CT+ring signatures.
MWCS = MW + Coinswap as in https://forum.grin.mw/t/mimblewimble-coinswap-proposal.
Lelantus would sit at 46 (x 100 bytes) for the BEAM implementation (both inputs and outputs shielded).
Halo-2 sits at a whopping 81 (x 100 bytes) without memos.

Privacy leaks
 
amounts+     |
addresses+   |     BTC
i/o-links    |
             |
             |
addresses+   |                          CT
i/o-links    |
             |
i/o-links    | MW
             |
decoys       | MWCS                        RingCT     Seraphis
none         |                         ZkSNARK
              
             0  2  4  6  8  10 12 14 16 18 20 22 24 26 28   growth rate
21 Likes

Good idea coming up with this way to present the Y axis. I wouldn’t mind a chart like this on the website to see what kind of a tradeoff MW is.

1 Like

Looks good.
It would be simpler to just show chain size on one axis and privacy on the other axis, but that would indeed remove a lot of details that are relevant such as in which way privacy is improved. Converting so many approaches into any privacy score would be very subjective.
Still it would be nice to have such a simplified graph as well since it immediately makes clear that Grin (and other MW coins) are king in the combination of privacy+scalability. I think the combination of such as simplified graph, plust the graph you have right now in table format, would be best for the website.

Perhaps having the Y axis be transparency score would be nice. Grin would be left most on X axis and with a relatively small transparency so it would be placed bottom left.

Edit: the Y axis is exactly what I said it would be nice. I need some sleep. :see_no_evil:

I made the Y axis less uniform to reflect relative importance of different privacy leaks.
Also added a Halo2 datapoint according to discussion in https://forum.zcashcommunity.com/t/where-would-halo2-fit-in-this-chart

What do you mean by “historical?” Do you just mean already spent? If so, this chart is deceptive. It would be better to compare against bitcoin’s tx history and not just exclude UTXOs (which are still quite large).

Also, are you ignoring MMRs? Each kernel alone, when including MMR hashes, is over 160 bytes. I get that it can be rebuilt on the fly, but that’s not what we do in practice, so is that really a fair comparison?

Yes, I mean contribution of old transaction with spent outputs to IBD size. Asymptotically, the UTXO set will be an ever smaller fraction of all txos.

1 Like

How hard would it be to provide the values if we base it off of bitcoin’s current tx history? I think it would be a good comparison to see how long it will take until we see the real scalability benefits from grin.

What about ardor chainsize? I saw on twitter they have just released a new full node. Can it be compared? Because if I’m not mistaken the previous version is only full node for verification. There is no android wallet + full node. The android application will link it to the web wallet.

I never heard of it, but AFAICT, Ardor has no chainsize improvements over Bitcoin, and would thus occupy the same spot?!

1 Like

Where would Lelantus be on this chart? I personally feel that perhaps it’s more relevant than RingCT because if you do choose a path that adds bloat to your chain, you might as well get a higher anonymity set

can we add the Mingle jingle to this graph ?

It would be just to the right of MW, at 3 on the horizontal axis.

1 Like

MJ is a scalability vs interactiveness tradeoff, rather than a scalability vs privacy tradeoff, so it’s not that interesting for this chart.
Plus there is not enough space to separate it from MW:-(

3 Likes

Can someone post a direct link to the chart please? I can’t seem to get it to share correctly It always references the coin swap proposal post ty

The chart is just preformatted text, part of the OP at https://forum.grin.mw/t/scalability-vs-privacy-chart

“https://i.imgur.com/OYseY3D.png”

what are input and outputs can you give me an article that explaine this for noobs?

5 Likes

I am interested in combination of MimbleWimble + CoinWitness-like solution.
As far as I have researched, using recursive SNARKs/STARKs for full chain validation is intractable for current blockchain architecture [1].
Has anyone thought about verification of compressed blockchain via (recursive) SNARKs/STARKs?

[1] Reducing Participation Costs via Incremental Verification for Ledger Systems https://eprint.iacr.org/2020/1522.pdf

1 Like