Privacy is an important right that we must protect at all times. But not only authoritarian states can attack our privacy, other malicious actors can also use the knowledge about our financial situation against us. For this reason, Privacy Coins and other privacy options might play an essential role in the future of digital money.
One of the main reasons for Bitcoin’s success and popularity, is its trustless design. Instead of trusting humans with clearance and settlement of financial transactions, Bitcoiners opt to trust software protocols. What was particularly revolutionary about Bitcoin was how the network used proof-of-work to stop double-spending attacks and how anyone around the world could validate new transactions and store a copy of the database’s history. Imagine if Credit Suisse or Bank of America not only allowed anyone to see their entire database of transactions, but also allowed anyone to vote on the validity of new transactions.
However, over time becoming a validating node on the Bitcoin network became increasingly expensive and exclusive because of the size of the Bitcoin blockchain. Without heavy investments in computing power, relaying new transactions and storing a copy of the database is impossible. A newcomer to the Bitcoin blockchain needs to spend approximately one week downloading the 277-gigabyte database of existing transactions in order to participate in the validation of new transactions. However, the “blockchain” associated with Bitcoin is only one type of distributed ledger database architecture. There are also other kinds of distributed ledger databases, such as IOTA’s directed acyclic graphs that we explored in the June 2018 edition of the Crypto Research Report. This article discusses a different type of distributed ledger architecture called MimbleWimble that has specific advantages and disadvantages compared to Bitcoin’s blockchain.
What Are Privacy Coins?
In a recent report by the European Union Blockchain Observatory and Forum called, Legal and Regulatory Framework of Blockchains and Smart Contracts, the authors explicitly state that regulators should use blockchain explorers to track transactions and to find out personal information about the senders and receivers of Bitcoin transactions.
While not always identifiable at the moment of the transaction, given enough time and effort, many parties to a transaction can be unmasked. Therefore, at this point there is no question of total impunity for blockchain actors.
Thirdly, however, it cannot be denied that some privacy-focused blockchains, for example Monero or ZCash, can provide bad actors with effective tools for true anonymity. It is important to note that in practice anonymous transactions are currently not widely used: Bitcoin and Ethereum, the most popular platforms, do not support anonymity.
Governments also try to discourage the use of anonymization techniques in blockchain networks by, for example, imposing AML rules, thereby policing the gateway between the worlds of cryptocurrencies and fiat money (see also next section). That said, while anonymisation does not pose a significant enforcement risk on public permissionless blockchains at the moment, should the use of anonymous blockchains spread significantly, it could become a problem.
It seems that providing states with identification tools (potentially under the control of courts or through the private sector on a payment basis) should be a minimum condition necessary for a state’s ability to enforce the responsibility and thus to ensure the impact of the law on human behaviour in the blockchain space.
Many market participants consider fungibility a characteristic of good money. Bitcoin lacks fungibility, which means bitcoins can be traced to their initial transaction when they were mined. Privacy coins are coins that attempt to improve upon Bitcoin’s privacy by hiding the amounts that are traded and the wallet addresses involved in the transaction. Privacy coins use technologies such as coin mixing and confidential transactions. The largest privacy coins include Dash, Monero, Zcash, Grin, Beam, and MimbleWimbleCoin. In 2014, Dash was launched, and it was the first privacy coin on the market. Dash gives each user the option to make each transaction private or not. Dash’s technology uses coin mixing to obscure information about the sending and receiving addresses, and only 2 % of Dash transactions use Dash’s privacy option. The rest of Dash’s transactions are just as traceable as Bitcoin transactions. A few months after Dash came out, a new privacy coin called Monero was released to the market. Unlike Dash, every Monero transaction is private. Blockchain explorers don’t see the amounts being sent in Monero transactions. Monero introduced ring confidential signatures, which provide very strong privacy for Monero users. A few years later, Zcash came out in 2016, and then more recently, in 2018, the MimbleWimble base layer coins Beam and then Grin came out.
Figure 1: Performance of Privacy Coins, 2016–2020
However, the developers of privacy coins face design choices that each have unique tradeoffs. For example, Monero is more private than Dash because the transaction amount is hidden, but Monero is less scalable because it takes more resources to run a full node, which makes it less censorship-resistant. Another tradeoff is between being able to prove a coin is scarce and having privacy features. Blockchains that obscure the amounts being transacted have difficulty determining the total amount of coins in circulation. In a recent interview on the Academic Blockchain Podcast with the Chief Technology Officer of Ledger, Demelza Hays discussed Zcash’s “inflation bug.” Zcash’s inflation bug makes it impossible for anyone to actually calculate the total amount of coins in existence. This means that there could be an infinite amount of coins in existence, which goes against one of the pillars of a good money in the digital age, namely, scarcity. However, the MimbleWimble protocol uses mathematical proofs involving excess values of intermediate transactions to prove that all debits and credits in the ledger sum to zero.
Figure 2: Year-to-Date Return of Privacy Coins
But what is MimbleWimble? In 2016, an anonymous person released the MimbleWimble protocol to increase Bitcoin’s scalability and privacy. MimbleWimble is a way to sign and validate transactions without needing to validate each historical transaction and to include the inputs of a transaction into a new transaction’s hash. This drastically reduces the size of the blockchain. Proponents originally proposed MimbleWimble as a sidechain or soft fork to Bitcoin; however, the current implementations of the MimbleWimble protocol are by new cryptocurrencies that created new blockchains including Grin, Beam, and MWC, that elegantly apply MimbleWimble in the base layer.
During 2019 and into 2020, much of the MimbleWimble hype had died down along with the market caps of Grin, currently about $19 million, and Beam, currently about $16 million. MimbleWimbleCoin (MWC) forked from Grin in November 2019 and hit a low of $0.25 per coin with less than a $2 million market cap in early December. However, since December, the market cap of MWC has grown 6,100 %. The MWC market cap is currently around $125 million and has been consolidating over $100 million for most of the past two months. By market cap, MWC is currently the 3rd largest privacy coin behind Monero and Zcash and the 13th largest proof-of-work coin behind Bitcoin Gold and Decred. MWC is currently traded on Hotbit, Bitforex, Whitebit, Trade Ogre, and Toktok.
The two ideas that form the basis for MimbleWimble stem from the Blockstream co-founder Gregory Maxwell’s work on “Confidential Transactions” and “CoinJoin.” Confidential transactions use encryption so the public blockchain doesn’t show the amount of coins being sent or received in a transaction. For example, in Bitcoin, anyone can see the amount of Bitcoin that is sent in each transaction. However, in MWC, the public cannot see how much is being sent even though verification can be done of adherence of the transaction to the consensus rules to, for example, prevent double-spending and enforcing the total number of coins. The second innovation that the MimbleWimble protocol uses is CoinJoin. This means that multiple transactions in the network are merged into one transaction so that blockchain forensics cannot discern the real sender and real receiver of a specific transaction.
Figure 3: The Newest Privacy Coin on the Market: MimbleWimbleCoin
However, there are disadvantages of the MimbleWimble protocol as well. For example, the MimbleWimble protocol doesn’t allow extensive scripting. Fortunately, there has been significant research done since then, and with MimbleWimble these types of scripts and applications are possible: Multi-signature transactions, time locks, atomic swaps, and hashed time-locked contracts which are the building block of payment channels and Lightning Network. Another large disadvantage of coins that use the MimbleWimble protocol including Grin, Beam, and MWC is that currently these blockchains aren’t widely used. Until more people use these coins and more people send transactions, the benefit of privacy from their use may be limited.
In the coming week we will take a closer look at MimbleWimble and also talk to the developers behind MWC. In doing so, we will also look in detail at how a MimbleWimble transaction actually works and what benefits it brings.
