A Cryptographer Named After Harry Potter's Archenemy is Helping Solve Bitcoin's Biggest ProblemsIn what could become the latest strange-but-true chapter in bitcoin’s history, an anonymous cryptographer named after Harry Potter’s arch nemesis has put forth a proposal experts believe could help solve major issues facing the network.
Authored by ‘Tom Elvis Jedusor’ (Voldemort's name in the French versions of the book), the Harry Potter references in the paper don’t stop there. The proposal itself, posted to chat channels earlier this August, is named ‘Mimblewimble’ after a tongue-tying curse meant to render an opponent silent.
Yet despite the allusions to the popular fantasy series, the paper has real-world implications, outlining how cryptographic privacy and signature techniques could be combined to enable new benefits. Experts soon saw past the imagery and began to take the ideas seriously, with Blockstream mathematician Andrew Poelstra, for example, being one of the first to remark in IRC discussions that it didn’t seem like a “total crank.”
More serious conversation would follow, as bitcoin developers have been more broadly searching for a long-term scalability and anonymity solutions. Many of these same developers now feel that the anonymously posted idea could advance discussions of how these challenges can be solved.
Bitcoin Core contributor Bryan Bishop told CoinDesk:
“[We’re] talking very seriously about Voldemort as a serious cryptographer that submitted an obviously insightful development.”
Scalability potential
Today, scalability is seen as an area where bitcoin, and all blockchains, need improvement.
Bitcoin developers have thus far rallied around the Lightning Network, an off-chain payments channel, as a way to “scale” the platform from roughly 7-transactions per second to Visa-level payments. But Mimblewimble could offer an alternative way to slim down the blockchain.
With bitcoin, users need to download the full transaction history (not a small amount of data) to verify that everything checks out.
“In Mimblewimble, you can actually cut out all of the middle transactions. Imagine that every block has a single transaction,” Poelstra said. “When you’re syncing the blockchain all this historical data, it doesn’t quite go away, but it’s compressed a lot.”
“That’s the innovation of Mimblewimble. It scales with how much the system is being used currently, rather than how long the system has been going,” he added.
Poelstra also noted that the proposal offers “much more than ‘better scaling.’”
No more privacy, scalability tradeoff?
And then there’s privacy.
Because the blockchain is an open ledger that anyone can read or write to, bitcoin is not as anonymous as it has been framed over the years. This is unappealing both to privacy advocates and businesses that want to use bitcoin, but don’t want their financial information on display to competitors or the rest of the world.
With most privacy methods proposed so far for bitcoin, there’s a tradeoff between scalability and privacy. One of the downsides of Confidential Transactions, a technique that developers are currently experimenting with on a sidechain, is that it requires larger transaction sizes.
“These solutions are very good and would make bitcoin very safe to use. But the problem of too much data is made even worse. Confidential Transactions require multi-kilobyte proofs on every output, and van Saberhagen signatures require every output to be stored forever, since it is not possible to tell when they are truly spent,” the proposal explains.
Mimblewimble offers a way around this by combining a couple of older cryptographic techniques suggested for bitcoin: signature aggregation and Confidential Transactions.
With signature aggregation, it’s possible to squeeze all the signatures from a single block into one. This could potentially reduce the size of the blockchain, while not compromising on the security of the transactions.
Confidential Transactions, proposed by Bitcoin Core developer Greg Maxwell, are the other piece of the puzzle, providing a method of shielding the transaction amounts so that only the sender and recipient can see how much is transferred.
Mimblewimble mashes these two techniques together.
“Basically it’s a way of combining the benefits of those two solutions into one package. We can aggregate all the signatures together and we can also get the privacy benefits of confidential transactions,” Bishop explained.
Future development
Developers seem excited enough about the proposal, so much so that Bishop says someone (though probably not its anonymous inventor) will likely present the idea at the Scaling Bitcoin conference in Milan, Italy, next month.
But challenges remain. One big issue with Mimblewimble is that doesn’t work with bitcoin’s current scripting language.
“It cannot be deployed to bitcoin as is,” Bishop explained. “It would require turning off all these amazing features that are widely used by everyone.”
Mimblewimble only can work with a simpler system where transactions are sent directly to another party and nothing more complicated than that. In other words, planned upgrades like smart contracts and micropayments channels are incompatible with Mimblewimble, at least as it is currently described.
Further, Poelstra said it could be implemented in an altcoin or one day on a pegged sidechain. But it’s also possible that other developers will come up with another clever idea for implementation.
“Developers haven’t even begun to think through the unique ways this could be deployed,” Bishop concluded, adding:
”I imagine we’re going to see a lot of creative ideas for this in the future.”
coindesk