Scalability vs privacy chart

tromp · December 23, 2020, 1:26pm

Chart showing chainsize growth rate (in terms of size of historical 2-input 2-output tx / 100 bytes)
versus privacy leaks. CT=Confidential Transactions. MW=Mimblewimble. RingCT=CT+ring signatures.
MWCS = MW + Coinswap as in https://forum.grin.mw/t/mimblewimble-coinswap-proposal.
Lelantus would sit at 46 (x 100 bytes) for the BEAM implementation (both inputs and outputs shielded).
Halo-2 sits at a whopping 81 (x 100 bytes) without memos.

Privacy leaks
 
amounts+     |
addresses+   |     BTC
i/o-links    |
             |
             |
addresses+   |                          CT
i/o-links    |
             |
i/o-links    | MW
             |
decoys       | MWCS                        RingCT     Seraphis
none         |                         ZkSNARK
              
             0  2  4  6  8  10 12 14 16 18 20 22 24 26 28   growth rate

oryhp · December 23, 2020, 2:30pm

Good idea coming up with this way to present the Y axis. I wouldn’t mind a chart like this on the website to see what kind of a tradeoff MW is.

Anynomous · December 23, 2020, 2:40pm

Looks good.
It would be simpler to just show chain size on one axis and privacy on the other axis, but that would indeed remove a lot of details that are relevant such as in which way privacy is improved. Converting so many approaches into any privacy score would be very subjective.
Still it would be nice to have such a simplified graph as well since it immediately makes clear that Grin (and other MW coins) are king in the combination of privacy+scalability. I think the combination of such as simplified graph, plust the graph you have right now in table format, would be best for the website.

oryhp · December 23, 2020, 2:52pm

Perhaps having the Y axis be transparency score would be nice. Grin would be left most on X axis and with a relatively small transparency so it would be placed bottom left.

Edit: the Y axis is exactly what I said it would be nice. I need some sleep.

tromp · December 23, 2020, 3:20pm

I made the Y axis less uniform to reflect relative importance of different privacy leaks.
Also added a Halo2 datapoint according to discussion in https://forum.zcashcommunity.com/t/where-would-halo2-fit-in-this-chart

david · December 23, 2020, 5:57pm

What do you mean by “historical?” Do you just mean already spent? If so, this chart is deceptive. It would be better to compare against bitcoin’s tx history and not just exclude UTXOs (which are still quite large).

Also, are you ignoring MMRs? Each kernel alone, when including MMR hashes, is over 160 bytes. I get that it can be rebuilt on the fly, but that’s not what we do in practice, so is that really a fair comparison?

tromp · December 23, 2020, 6:30pm

Yes, I mean contribution of old transaction with spent outputs to IBD size. Asymptotically, the UTXO set will be an ever smaller fraction of all txos.

david · December 23, 2020, 6:34pm

How hard would it be to provide the values if we base it off of bitcoin’s current tx history? I think it would be a good comparison to see how long it will take until we see the real scalability benefits from grin.

Roelsmajor · December 24, 2020, 2:52am

What about ardor chainsize? I saw on twitter they have just released a new full node. Can it be compared? Because if I’m not mistaken the previous version is only full node for verification. There is no android wallet + full node. The android application will link it to the web wallet.

tromp · December 24, 2020, 7:24am

I never heard of it, but AFAICT, Ardor has no chainsize improvements over Bitcoin, and would thus occupy the same spot?!

oryhp · January 2, 2021, 3:23pm

Where would Lelantus be on this chart? I personally feel that perhaps it’s more relevant than RingCT because if you do choose a path that adds bloat to your chain, you might as well get a higher anonymity set

Mokhtar · January 30, 2021, 5:02pm

can we add the Mingle jingle to this graph ?

tevador · January 30, 2021, 5:36pm

It would be just to the right of MW, at 3 on the horizontal axis.

tromp · January 30, 2021, 6:26pm

MJ is a scalability vs interactiveness tradeoff, rather than a scalability vs privacy tradeoff, so it’s not that interesting for this chart.
Plus there is not enough space to separate it from MW:-(

satoshocrat · April 23, 2021, 7:10pm

Can someone post a direct link to the chart please? I can’t seem to get it to share correctly It always references the coin swap proposal post ty

tromp · April 23, 2021, 7:49pm

The chart is just preformatted text, part of the OP at https://forum.grin.mw/t/scalability-vs-privacy-chart

satoshocrat · April 24, 2021, 2:46am

“https://i.imgur.com/OYseY3D.png”

Mactavish · May 23, 2021, 10:52pm

what are input and outputs can you give me an article that explaine this for noobs?

NewJack777 · May 23, 2021, 11:09pm

loi · February 14, 2023, 9:30am

I am interested in combination of MimbleWimble + CoinWitness-like solution.
As far as I have researched, using recursive SNARKs/STARKs for full chain validation is intractable for current blockchain architecture [1].
Has anyone thought about verification of compressed blockchain via (recursive) SNARKs/STARKs?

[1] Reducing Participation Costs via Incremental Verification for Ledger Systems https://eprint.iacr.org/2020/1522.pdf

Topic		Replies	Views
Let's Talk Privacy: Mimblewimble vs. Confidential Transactions Development and Technical Discussion	3	93	April 29, 2025
Mimblewimble/Lelantus Hybrid Protocol Research	2	676	September 16, 2019
Mimblewimble Whitepaper V2 Research	5	1420	January 17, 2021
Why Grin/Mimblewimble	26	1310	May 1, 2021
Improvement Proposal: Confidential Assets Development and Technical Discussion	8	776	December 30, 2019

Scalability vs privacy chart

Related topics