Topic: Mimblewimble Paper Proposes ‘Near Complete’ Bitcoin Anonymity (Read 2399 times)

That is why Monero is better. Monero aims to improve on existing cryptocurrency design by obscuring sender, recipient and amount of every transaction made as well as making the mining process more egalitarian. Monero's blockchain protects privacy in three ways. Ring signatures enable the sender to hide among other transaction outputs, stealth addresses hide the receiving address of the transaction and RingCT hides the amount of the transaction. As a consequence, Monero features an opaque blockchain. This is sharp contrast with transparent and traceable blockchain used by Bitcoin. Thus, Monero is said to be "private, optionally transparent".

Start @ https://github.com/dewdeded/GrinHelper

Hey,
is there any update about this project ?

Minimal implementation of the MimbleWimble protocol: https://github.com/ignopeverell/grin

I have nothing to hide, I have much to protect.

The "you have things to hide" argument is authoritarian pablum.  It presumes that the law enforcement is ever present and entirely protective.  It assumes that you can never protect yourself.  Does the person who says this leave their valuable objects in clear view in their car overnight.  Do they walk around naked?
Privacy is important for so many reasons, it is not about wrongdoing, it is about survival in a civil society.

I have seen this argument used over and over and it is annoying because people seem to not think it over when they say it. This is about our privacy and it is our right. Some people do not think like you, some of us actually want our privacy and our family's privacy protected. If you are going to say such things do not speak as if you are speaking for everyone.

MimbleWimble is a proposal for an altcoin or sidechain.
It calls itself bitcoin out of hubris but isn't.
It is baffling me how people accept that.

Who's to say it'll ever be ready? xmr has a use case right now. it may not be perfect but it's the best option at present for what people want. but if there ever is a properly anonymous layer for bitcoin then most of xmr's appeal is gonna be gone. depends on how good and solid the layer is. it might be too compromised.

I believe this is something we can think about when Bitcoin's anonymity and fungibility has indeed improved.
Right now many things just exist on the paper.Therefore XMR is very useful and has it's right to exist.
I myself see many of those altcoins as a kind of testnet."Which features are great and should be implemented in Bitcoin if possible?".
And I'm sure many BTC devs are looking at it the same way.

Would it be possible to build sidechains on a mimblewimble chain with the lack of scripts?

I give you that one, but even if it cannot be directly linked to someone.. it might be narrowed down, if this person continuously and more or less at the same time, visit this same merchant day after

day. If you do want to stay anonymous, I would say that you should mix up your schedule and the pattern of their spending to help you stay more anonymous. You could also use different wallets for

the same thing, if you want to be that desperate or paranoid about it.

Once this is ready, what will be the point of XMR? And don't get me wrong I love that coin, but let's get realistic, Bitcoin is king and as long as Bitcoin be used anonymously, markets will keep using it, and we will have segwit soon, after segwit we will have sidechains, and with sidechains, the implementation of MW could render useless all of those niche "anonymous coins", as a result, Bitcoin marketcap will go up, and will strenghten his position as the de-facto crypto even more.

In that case, can you provide to us here a journal of all your recent cash transactions? 

I just read the paper and I can't say I like the proposed solution. I'm no Bitcoin expert but it seems to me that this would introduce a number of weaknesses to the network. For starters, I don't like the idea of outputs being omitted from the ledger. It is true that the vast majority just take up space but without them a clear path for a transaction cannot be traced. I also think that anonymity should not be over-emphasized, the real game-changing feature of the blockchain is its utter transparency, the fact that everything is permanently recorded into a ledger that cannot be tampered with.

andytoshii. you do realise your spending alot of time theorizing extra code to mess with bitcoin verification and block confirmations.. when something like lightening network would be the better platform to achieve all of your desires, without risking the basic rules of bitcoin

Unfortunately it would probably be reasonable to expect that every unmerged transaction was visible to surveillance companies (although CT does still protect the amounts). Although I'm sure services would pop up that take in transactions, merge them, then publicize them after merging (and it'd be so easy to set up such a service that they wouldn't all be in cahoots or NSA-controlled).

Absolutely...

Just look at this Post by Theymos today on 'Scaling quickly' in /r/Bitcoin, in which he proposes to pretty much centralize Bitcoin and allow a "federated sidechain" to help allow people to transact quickly with the use of an "unlimited block size".

It seems that some of the original people who were apart of this project have become so worried about complying with the government in order for bitcoin to be somewhat accepted in the world of commerce.  It's just... not good, let's put it that way.

definitely a good point, plus you have to think about it in a way of realizing that the more and more you as a citizen give up your rights to privacy to the government and any other authoritative powers that be, the more and more leverage they can use on you to manipulate society in general.

For example, look at the supreme court ruling that money is a form of free speech. At first people might not have been able to connect the dots of what this would do in terms of politics (which manipulates society), but it most certainly did and is right now with corrupt politicians lobbying for corrupt corporations.

You can also say the same for the net neutrality debate between everyone and the FCC... and yadda yadda yadda.

Point being, while you can say that people should have their funds all out in the open and easily traceable because only criminals want to hide their money transactions is ridiculous.  But, I for one, don't really think MimbleWimble is a true anonymous solution for Bitcoin... so I guess it really doesn't matter.  If ALL transactions aren't anonymous by default with mixing them, then no transaction is anonymous.

What kind of blockchain analysis could one reasonably expect with this scheme? It seems to make regular blockchain analysis just from looking at the blockchain close to impossible, but what about someone that monitors the network in real time? Couldn't you make the connection between inputs and outputs before they get into a block?

Can you describe these risks?

I did not suggest that "pruning doesn't happen" in the paper. Again, can you describe these risks? What do you mean by "who pays who"? Ignoring the question of associating people to outputs when all outputs are uniformly random curvepoints, how does one even associate the outputs with the inputs?

That's correct, this is me. But MW does not support using static addresses like this, it is required for people to send me money that I interact with them, and then why would I use the same keys if I have to interact anyway?

Why would they loop through themselves? If they want to take all the fee they can do that in one shot. Then good luck for them trying to relay the transaction further with no remaining fee.

andytoshi,

the "paper" actually says
which is an act of pruning / removing the history..
so my premiss was that part of the paper was not just about mixing coins, not just about hiding values but also pruning/removing the transaction history.

which. has risks..

secondly even if pruning didnt happen, which you suggested the paper never suggests.. my premiss is that you can still analyze the transactions even without knowing the values just by tracking who pays who due to the history remaining.. meaning the only way to be "near complete" anonymity would be to remove the history.

which, has risks..

onto the main topic
although there are brand names like "coinjoin" and "OWAS" being thrown about.. proposes to solve the mixing and also the former need of a substantial 'userbase' to be affective(prior to OWAS)

i think what would actually happen in reality is people would just use lightning network hubs to do their mixing, where hubs by default are populated by many users where an end settlement transaction contains lots of aggregated payments to different people. no one will know if X bought 200 car tires or just one Porsche. did someone buy 500 cups of starbucks coffee or a 0.1% company stake in starbucks inc, where it wont easily show who bought what due to the aggregation while the channels were open.

thus separate scripts and services, softforks and data bloat wont be necessary compared to when lightning network does a similar mixing job by default. much like depositing funds into an exchange now. and withdrawing in 10 minutes.. you wont get the same coin-taint back. this method already does not require bloated transaction scripts or softforks or worries of popularity. because the service is usually populated and holding reserves anyway

even hiding the values. as i said before wont stop analysts finding info about someone if they wanted to.. just knowing who your got funds from is usually enough.. EG silkroad taint doesnt matter how much it is just the fact of having coins originating from there is enough

no bitcoin code would solve removing links of personal info to a bitcoin address. especially when people publicly hand out personal info freely
EG without any real work, no coercion, no begging or bribing of information, i found this.
1Andrew5Jgks6cziRiqgWShg1nr1igky1r
Andrew Sydney Poelstra
rasied in canada but then went to texas for a bit

and dont get me started on the concept of relay nodes tweaking the transaction to add in their own address to take a fee.. that in itself can send tx's looping through a collection of nodes owned by one person to add in many addresses to siphon off funds from the transaction itself, or spark a civil war of nodes fighting each other to be the last in line before a mining pool accepts it to ensure other relay nodes dont tweak one address out to replace it with their own..

again alot of science and lots of proposed changes to how bitcoin 'could' work in the paper.. but in reality i think LN will be what people use most as a second layer option and not much would change at bitcoins blockchain ledger layer