Topic: What If We Implement the Mimblewimble on the Bitcoin network (Read 163 times)

I really find this confusing. Making my transaction visible shouldn't be privacy in anyway, but rather a better explanation for decentralization, where everything is in plane site, and everyone can see it clearly. And we know that decentralization also signifies transparency.


Yeah, it has worked really well on LTC. But as the crackdown on mixers keep increasing and more mixers getting ban, I think the Bitcoin community would be left with no choice than to do something about privacy. At least, the government won't have any say on the implementation (if there is any), since we just need majority of the developers to agree.

No; people would still want to obfuscate the transaction graph, which MW by itself doesn't do (transaction boundaries are visible in the mempool). But they'd use an MW-specific mixer design [1] that offers many advantages over bitcoin mixers.

[1] https://bitcointalksearch.org/topic/m.56288711

Works well in LTC as proof of concept.

I don't see why Bitcoin could not add MWEB and give users privacy tools.

One of the reason is probably the mixers and coinjoin services would lose there income as people stopped using them.

This is more of a reason you would not see it added.

There's no need to hide that fact if all txs use MW.

If you want privacy, then obviously everything should be confidential.
And with MW, you're not explicitly trying to hide; you're using a more scalable blockchain protocol that just happens to come with significant privacy benefits.

Why not have a 100-of-100 multisig on a confidential amount, where nobody knows there are 100 ppl involved?

Privacy isn't about being less or more suspicious. It's about being incapable to de-anonymizing the outputs, ergo hold the financial activity private. You'll have to define what "plain sight" means. A coinjoin is visible in "plain sight", yet it can provide sufficient levels of privacy and might be considered "suspicious" according to this definition.

The former hides the inputs. The latter hides the amount. Both are good for privacy.

That's your best course, since hiding in people with no privacy will inevitably de-anonymize you as well. Think of the Tor example. If you use Tor, you're in the "hidden users" group, even though you can use your ISP's IP address, and belong to the "all users" group with "stronger anonymity set", which is obviously false.

I think never. Or rather: not in a way, that was originally proposed by the creators of MimbleWimble. If anything, those things should be wrapped into existing transactions, to hide the fact, that someone is even trying to use MimbleWimble (the principle of "always was there, since 2009" is a good method of activating things, to hide them properly).

No, because if you can look at some transaction, and see, that the amount is "confidential", then it does not make it less suspicious. It is actually the opposite: if you want privacy, then everything should be visible in plain sight (except for things like private keys). Then, if you have a regular transaction, and nobody knows, that it is "focused on privacy", then you are safer, than if you are explicitly trying to hide.

Think about it in this way: if you have 1 BTC, and a single Schnorr signature, then what is safer? To have that amount explicitly stated on-chain, and hide the fact, that there are 100 people, each having 0.01 BTC, and doing 100-of-100 multisig? Or to have 100 separate outputs with unknown amount, marked as "confidential"?

In the first case, nobody even knows, that there are 100 people involved. And by doing simple things, you can pretend, that you are just getting 0.01 BTC from some exchange, and nobody will notice anything suspicious. Imagine how powerful that model could be, if you could only see a single output with 21 million coins, and only know, that the signature is valid.

In the second case, you are explicitly in a group of "people trying to hide", so your coins are not in a group of "all users", but in a group of "hidden users" instead. That means, your anonymity set is lower, and you are more exposed, like a man, trying to hide in bushes, instead of walking normally in a crowd.

IIRC it isn't really feasible to implement this in Bitcoin, though the details have slipped my mind, so here's an old thread discussing this matter:

https://bitcointalksearch.org/topic/transaction-cut-through-281848

The original post is regarding transaction cut-throughs in general, but the later posts then touch upon MimbleWimble as well.

The topic of this post might sound crazy, but I just have to give it such title based on my curiosity and opinions I seek from the BTT community. some weeks back, I saw a thread here on BTT which states and I quote:

https://bitcointalksearch.org/topic/edward-snowden-final-warning-for-bitcoin-5495138

Bitcoin as we all know is not anonymous, but rather pseudonymous. which means privacy is not 100%. from the quoted post above by Edward Snowden, where he urge the Bitcoin community to take Bitcoin privacy seriously, he clearly knows what he is talking about, as they've been recent development on how Bitcoin transactions are tracked and people's privacy not been guaranteed.

To so many people, Bitcoin privacy might not be important, while to several numbers of people including myself, we all see the need for it's implementation. The question is when will this implement be done by the Bitcoin community?.

As a curious person that I am, I saw the need to make my own research, to see if anything could be done, at least we've seen how the Lightening Network has caused so many changes since it's implementation. I came across what they call the Mimblewimble protocol.

The Mimblewimble protocol which is used for the MWC( native coin) and several others, uses a special protocol which developers believes it works like a spell  . Cryptocurrency transactions that operates under this spell are completely anonymous, fungible and scalable( what so many seek). The Mimblewimble is different from privacy coin from what I have gathered as a result of difference in scabiliity. But it also have it's own disadvantage such as pron to quantum computing attacks, which does not make LN prone free either.

This protocol looks quite better to me, for the implementation of privacy on Bitcoin, just as we've seen the Lightening Network.

Do you think the Mimblewimble protocol can give Bitcoin the privacy it's users seek ?.