Since I became interested in MimbleWimble I noticed many users struggle with understanding necessary theory behind this idea. I am myself one of those users. I like to learn by writing tutorials and my goal is to prepare a tutorial for each concept that is required to understand MimbleWimble.
It is difficult to read posts that propose ideas related to MW. Of course algebra looks simple, but what how does this algebra relate to transactions or mining is a mystery for most of us. I would like to learn all this, and while doing so explain it with simple examples.
I try to prepare my tutorials as follows:
Keep visual, for example public keys are points and private keys arrows etc.
Code that you can run by yourself is provided with the tutorial.
I try to be explicit with hat does the explained theory practically allows to achieve.
Confidential Transactions (as described originally) @oryhp
…please feel free to make your suggestions. I am open to your feedback!
So far I am still covering the foundations. Things like what is Eliptic Curve, what does it have to do with cryptography, what are hashing functions, what are signatures… Once those are done I would like to explain how transactions are made, then how Cuckoo Cycle works. Maybe even implement a tiny-toy-miner in Python that would produce few blocks with small signature (such as in current tutorials). Feel free to jot your ideas down below!
Tutorials
I will edit this post so that it always has a list of tutorials up to date.
ECC and DH key exchange
Introduction to Eliptic Curve Cryptography (ECC) and Diffie-Hellman (DH) key exchange algorithm. After this reading you will know what does the curve has to do with all this. You will also have a basic idea how two parties can come up with a common shared secret via insecure channel. As examples we show few keys and even brute-force to break them. Those examples are so small you can see them graphically as points and arrows!
Hash functions
So many concepts in cryptography rely on hash functions that it cannot be skipped. In this article I explain the basics of what it means a hash function is secure and what it can be used for. I also attempt to find a collision (and fail even for an insecure one!).
Eliptic Curve Digital Signature Algorithm
In this tutorial Alice receives two messages from Bob, one of them is really suspicious. By using ECDSA algorithm we verify the attached digital signature attached to each message and based on that estimate which one is more likely from Bob!
Symmetric Ciphers
Tutorial on how to protect your secrets with symmetric ciphers and even, how to protect the existence of the secret with hidden volumes. Less relevant for MimbleWimble, however essential if you want to understand how init_secure_api function in the Owner’s API works.
Ideas for future tutorials
Schnorr signatures
Adaptor signatures
Cuckoo Cycle
Toy-MW blockchain with Python miner
… I’m all ears! Write down below what you are interested in!
Wonderful job! Regarding the topics, I’d say that to understand Mimblewimble one first needs to understand what Confidential Transactions were trying to solve and how they solved the problem. The reason this is a prerequisite is because the whole Mimblewimble magic follows from a simple tweak made to the Confidential Transactions idea. Mimblewimble is really just state of the art Confidential Transactions because it upgrades the confidential transactions to make them simpler, more scalable and easier to coinjoin and then realizing that you can use this new form of confidential transactions in a creative way to construct a blockchain which itself is just a single transaction. So if you’re interested in going into MW topics, then I’d add these two:
Confidential Transactions (as described originally)
@oryhp I am suprised you do not link this explenation on github:
I also find the documentation on the grin main website quite good: https://docs.grin.mw/wiki/introduction/mimblewimble/ecc/
It does surprise me though that they do not changed the terms in terminology. E.g. use blinding factor and only once casually mention: “The issue is solved by adding a blinding factor r, which is a random 256-bit integer (range 0 to 2^256, same as a typical private key) used to blind the value so that it can’t be guessed and uncovered.”
The blinding factor is as far as I understand the private-key, which would make reading the documentation much more clear. It took me months before I finally realized that the blinding factor is the/a private-key used to blind the transaction value.
It’s called a blinding factor because that’s the standard name for this variable in Pedersen commitments. It just so happens to also be the secret to spending an output in a MW chain.
I’d personally like to see more people doing their own versions of “What is Grin”. Renzokuken’s blog or a series of posts could be another such source over some time.
I fully understand the reasoning behind the name. It is just that it is not even mentioned that the blinding factor is the/a private-key, only that it has the same range e as a private-key.
So assuming that probably 90% of the people who would read it know a private-key but maybe only a handful of people know what a Pederson commitments are, this would for me have been more logical to emphasize.
Anyhow, It is as you say, the more different versions there are out there, the better and more clear it will become for people of various backgrounds.
I really like this part. For example, use a python notebook to run all steps. In this way you can integrate the code snippets with the visualizations in the output. Also Python is the best language for education purposes in my opinion (I am biased as a Python programmer )
Same for me! However I am not a fan of Python notebooks, I usually attach a GitHub Gist with runnable code that makes plots and outputs.
More than a year ago before I started tech-blogging I was searching for a good way to write tutorials and Jupyter Notebooks were a promising candidate. The two major reasons why I did not go for it was exporting to markdown / html did not work that great and managing citations was also difficult at that time.
At this point I am no longer able to edit the original post, so for the new tutorials I am going to simply append them in a new message.
Schnorr Signatures
Basic visual calculation of a multi-signature. Please don’t ask me how much time I spent searching for generator point that provides sufficiently large prime order group. That’s embarrasing!
I hope you will enjoy it. I will use it as a foundation for more advanced concepts such as adaptor signatures, scriptless scripts, confidential transactions, Pedersen commitments etc.
Pedersen Commitments and Confidential Transactions
In the following tutorial I compute a small finite field and hide some inputs in it. We perform a transaction with change output and show how outputs in the finite field changed. It is a minimal visual example of how hidden amounts would look like. Enjoy!
)