The transparent nature of Bitcoin is what allows it to be a decentralized cryptocurrency. There is a public ledger and we can all agree on the transactions that have occurred in the Bitcoin network by looking at it, removing the need for a trusted third party to give that confirmation. However, this same transparency brings along some issues. The lack of privacy can scare off regular users as well as companies that do not want their finances to be available to the competition. Fugibility issues also arise when a specific coin can be singled out due to its past history and refused as payment because of it.
Despite the tools that are available, such as bitcoin mixers, p2p exchanges and the ability to use Bitcoin through Tor, these are not perfect.
Other cryptocurrencies have employed multiple methods that seek to solve this issue, including the implementation of master nodes, ring signature and most recently, zk-snarks. However, these require the user to convert his Bitcoins into an alternative cryptocurrency that is always more volatile. This can also be an issue
However, there are multiple projects that are being worked on in order to bring a higher degree of privacy to Bitcoin. One of these is called MimbleWimble, a proposal for a bitcoin-like blockchain that could be implemented as a sidechain or potentially (in the far future) as an extension block scheme that would be like an integrated sidechain.
Mimblewimble leverages previous concepts like Confidential Transactions and "one-way aggregate signatures" (OWAS) to provide private transactions and better scalability which contrasts with previous proposals, where a tradeoff between privacy and scalability takes place. However, the proposal also removes some of Bitcoin’s functionalities. Let’s take a look.
What is Mimblewimble?
One of the major differences between Bitcoin and Mimblewimble is that Mimblewimble supports Confidential Transactions. In a Bitcoin transaction, everything is public. We can see the input and output values and we can verify the transaction as being valid if these add up (the sum of the inputs is the sum of the outputs).
In the confidential transactions system, all the values are homomorphically encrypted with random strings of numbers called “blinding factors.”. This means that the values cannot be seen directly, they are rather encrypted in a manner that allows the math to be done with ciphertext, generating an encrypted result that, when decrypted, matched the result of the operations performed in plain text. This means that the values are encrypted, but that it's possible to calculate that all the output values minus all the input values add up to zero and verify that a transaction is valid.
Here, transactions also include information with which receivers can decrypt the amounts. In confidential transactions both the sender and receiver know the blinding factor.
In Mimblewimble, the receiver of a transaction generates the blinding factor which is used to prove ownership of the bitcoins. And the way it does this is through this "excess value", which is the the difference between the inputs and outputs. This excess value is a set of random numbers that ensure that only the person who generated the blinding factor (the receiver) can spend the bitcoins. So, the blinding factors do not add up to zero anymore, but rather to another amount that is like a private key.
“The way to think about this is that the excess is a multisignature key, basically. It's a multisignature key with the owner of all inputs and the owners of all outputs.”
Mimblewimble also gets rid of individual transactions by advancing on a previous concept, CoinJoin (but by making it non-interactive). Instead of containing transactions, Mimblewimble blocks will only have a list of new inputs, a list of new outputs and a list of signatures which are created from the aforementioned excess value.
Since the values are homomorphically encrypted, nodes can verify that no Bitcoins are being created or destroyed. The excess value signatures will in turn prove that all the transactions are valid, since they only add up if the whole transaction does.
In this scheme, neither the values or the destination of the transactions are known, since the inputs and outputs are all contained in a block and are not separated, each output could be destined for every other input with no way of associating one to the other.
One of the most exciting things about Mimblewimble is that it’s a scalable solution. If it were to be active on Bitcoin since day one, the blockchain would be somewhat bigger (a few GB) than it is now. However, when compared to other solutions like Confidential Transactions, it’s a very positive result, since CT activated since day one would add up to about a TB of blockchain data.
However, Mimblewimble also has disadvantages as it removes Bitcoin’s functionalities by removing scripts. However, developers are researching ways of allowing Bitcoin to retain its functionalities in the Mimblewimble scheme. Nevertheless, if it is to be implemented it most likely will be as a sidechain or a separate altcoin.