MimbleWimble wiki, MimbleWimble review, MimbleWimble history, MimbleWimble motto, MimbleWimble ownership MimbleWimble news, what is MimbleWimble MimbleWimble wikipedia
MimbleWimble designer, MimbleWimble sales, MimbleWimble facts

MimbleWimble is a blockchain protocol developed secretly to compress blockchains, scale transactions, and provide privacy. The MimbleWimble white paper was placed by someone called Tom Elvis Jedusor (Voldemort's French name in J.K. Rowling's Harry Potter book series) on a Bitcoin research channel in July 2016. [1]

One of the major differences between Bitcoin and Mimblewimble is that Mimblewimble supports confidential transactions. In a Bitcoin transaction, everything is public. We can see the input and output values and we can verify the transaction as being valid if these add up (the sum of the inputs is the sum of the outputs). In the confidential transactions system, all the values are homomorphically encrypted with random strings of numbers called “blinding factors.”. This means that the values cannot be seen directly, they are rather encrypted in a manner that allows the math to be done with ciphertext, generating an encrypted result that, when decrypted, matched the result of the operations performed in plain text. This means that the values are encrypted, but that it's possible to calculate that all the output values minus all the input values add up to zero and verify that a transaction is valid.

Here, transactions also include information with which receivers can decrypt the amounts. In confidential transactions both the sender and receiver know the blinding factor.

In Mimblewimble, the receiver of a transaction generates the blinding factor which is used to prove ownership of coins. And the way it does this is through this "excess value", which is the the difference between the inputs and outputs. This excess value is a set of random numbers that ensure that only the person who generated the blinding factor (the receiver) can spend the coins. So, the blinding factors do not add up to zero anymore, but rather to another amount that is like a private key.

The way to think about this is that the excess is a multisignature key, basically. It's a multisignature key with the owner of all inputs and the owners of all outputs.

Mimblewimble also gets rid of individual transactions by advancing on a previous concept, CoinJoin (but by making it non-interactive). Instead of containing transactions, Mimblewimble blocks will only have a list of new inputs, a list of new outputs and a list of signatures which are created from the aforementioned excess value.

Since the values are homomorphically encrypted, nodes can verify that no Bitcoins are being created or destroyed. The excess value signatures will in turn prove that all the transactions are valid, since they only add up if the whole transaction does.

In this scheme, neither the values or the destination of the transactions are known, since the inputs and outputs are all contained in a block and are not separated, each output could be destined for every other input with no way of associating one to the other.

One of the most exciting things about Mimblewimble is that it’s a scalable solution. If it were to be active on Bitcoin since day one, the blockchain would be somewhat bigger (a few GB) than it is now. However, when compared to other solutions like Confidential Transactions, it’s a very positive result, since CT activated since day one would add up to about a TB of blockchain data.

However, Mimblewimble also has disadvantages as it removes Bitcoin’s functionalities by removing scripts. However, developers are researching ways of allowing Bitcoin to retain its functionalities in the Mimblewimble scheme. Nevertheless, if it is to be implemented it most likely will be as a sidechain or a separate altcoin.

At the end of 2016, someone named Ignotus Peverell (the original owner of the invisibility cloak, if you know your Harry Potter characters) started a Github project called Grin, and began turning the MimbleWimble paper into something real. Andrew Poelstra, a mathematician at Blockstream, presented on this work in January 2017 at Stanford University's Blockchain Protocol Analysis and Security Engineering 2017 conference. More recently, Ignotus posted a technical introduction to MimbleWimble and Grin. It took me a while to wrap my head around MimbleWimble. The more I internalized it, the more hopeful I became that something more magical than bitcoin could appear. I will attempt to explain MimbleWimble and why what it proposes – privacy, freedom of choice, equal access, fungibility, and sustainable growth over time – are so important.


It's very apparent how valuable it is when you lose it or when someone violates it. In my 20s, I was stalked. A person whom I had met in passing on a military base waited for me after work and surreptitiously followed me home.

He did this for several weeks – all unbeknownst to me – until one day he knocked on my door and told me he had been following me and professed his undying love. I immediately slammed the door and called the local and military police. I lived alone in the woods and was so freaked out that I moved.

Only someone who has been stalked can understand how frightening this experience was. To this day, it affects many of my behaviors to guard my privacy.

Physical trespass of privacy is often preceded by online privacy violations. Recent events, such as Congress granting ISPs (internet service providers) the right to sell your personal information – browsing habits, app usage history, purchasing habits, location data – are very concerning.

As Luke Mulks from Brave elegantly wrote, "[Y]our digital data trail is the evidence of your human presence online. Your data is valuable, private, and most important, it's yours."

What's available

If we cannot rely on our legislature to protect our constitutional rights (can we rely on them for anything anymore?), technology needs to intercede to make it harder for greedy capitalists to put your privacy up for sale.

Privacy extends to what to share publicly about what we buy or whom we donate to. These transactions should not be open for all to see.

Women, especially those trying to escape repressive social or economic conditions, have a dire need to stay anonymous. That's a fundamental flaw in bitcoin: every transaction and address balance is available for the world to watch and track.

There are some things you can do to hide your transaction, such as tumbling, but you need to go out of your way to use them and they are breakable. Privacy oriented cryptocurrencies like monero and zcash improve privacy significantly.

In monero, the transaction is not natively private, but relies on ring signatures to mask exchanges. Zcash leverages a technology called zk-snarks to build private transactions, which is a huge improvement.

However, it still requires a lot of extra resources to build a confidential transaction, so most users still issue their transactions "in the clear" (clear vs shielded counts).

The big change

MimbleWimble is natively private.

There are no ring signatures or zero-knowledge proofs on top of a transparent bitcoin-like transaction. In a MimbleWimble transaction, all values are fully obscured. There are no reusable or identifiable addresses. Every transaction looks the same to an outside party.

The two properties verified in a MimbleWimble transaction are:

  1. No new money is created
  2. The parties sending money must prove ownership of their keys.

To verify no new money has been created, you must demonstrate that the sum of outputs minus the inputs equals zero. To verify key ownership, the transacting parties must legitimately prove their public and private keys exist to authorize the transaction.

MimbleWimble uses a blinding element to obscure all values – transaction amounts and keys – while holding true basic mathematical facts. The blinding element relies on multiplying and adding secret factors to obscure real values.

For example, let's say I have a transaction with these amounts:

(1) 17 + 12 = 29 The balanced equation shows no new money was created, complying with property 1) above. The equation remains true if I apply a secret blinding number (eg 11) to all terms.

(2) 17*11 + 12*11 = 29*11 Without knowing my secret number 11, you would have a hard time guessing what the original transaction values are in this equation.

(3) 187 + 132 = 319 In equation (3), I've managed to keep both the values and blinding number private while still allowing others to verify I have not created new money in my transaction.

Freedom of choice

By obscuring all values, MimbleWimble provides full privacy and gives you the choice of what to reveal. It's similar to donor levels in various non-profits. You'll see the range a donation was made for, but you don't necessarily know the exact donation.

Both the donor and the non-profit know exactly how much was donated, but no one else needs to know.

This "right to privacy gives us the ability to choose which parts in this domain can be accessed by others, and to control the extent, manner and timing of the use of those parts we choose to disclose." [2]

Equal access

Another aspect of bitcoin that disturbs me greatly is there is little opportunity left for an average person to participate in securing the network. The requirement of a highly specialized and expensive chip for bitcoin mining – the ASIC – has almost eliminated anyone from becoming a bitcoin miner, whose primary responsibility is validating transactions and placing them into blocks.The mining community is now heavily centralized and this has greatly contributed to bitcoin's woes. The ability to grow over time while still providing equal opportunity to participate are key tenets of Ignotus' Grin implementation of MimbleWimble. Grin is designed to be ASIC resistant, so that anyone who wants to try mining can buy a widely available GPU chip at a local Best Buys or online for a reasonable price.

Ability to grow over time

Another way to safeguard equal access over time is to ensure the blockchain network doesn't get dragged to a standstill when transaction volume increases.

This is the core issue in the bitcoin block-size debate: there are more transactions than can fit into a 1Mb block. As long as there's a restrictive size limit, there will be a capacity issue. A dirty little secret is that to get around scalability issues, almost all payment processors and exchanges do off-chain transactions. Which begs the question: why bother using a cryptocurrency with blockchain?

Increasing usage will increase transaction volume. So how do you ensure that a block size can continue to accommodate volume increases? By streamlining each block.

MimbleWimble maintains that if an output spends an input, you no longer have to keep them because they cancel each other out. This greatly cuts down the amount of data you have to store and process.

The only data that nodes keep is unspent outputs and block headers. Instead of thinking of blockchain capacity in terms of number of transactions, MimbleWimble is designed to grow with the number of users. The streamlined blocks make growth sustainable over time as the transaction data set does not continue to get bigger.

This increases privacy since transaction data gets removed and it also enables fungibility.


Fungibility is the ability for equal units to be interchangeable.

Let's say I give you a dollar – either as a coin or a paper note. The Federal Reserve prints the paper dollar and the US Mint produces the coin dollar, but both are equal. Neither is lesser or greater than the other and you can chose to use a dollar coin or bill interchangeably.

This is a key characteristic of currency: equal units must be interchangeable, or fungible. The US dollar is fungible. Bitcoin is not.

The bitcoin blockchain keeps every single input and output forever and so each coin carries a legacy. It's similar to equation (9) above.

Another dirty little secret is that when picking which transactions to process – in addition to the fee – payment processors, miners, and exchanges will look at the inputs (ie 7+3+5+4+2) to assess the quality of the transaction. The consequence is one bitcoin is not fungible with another.

The most valued bitcoins are called 'coinbase transactions', which are the ones created when a block is found. They are newly minted and 'clean' and some parties pay a premium to buy them. A hierarchy in coin quality develops. The consequence is, if you receive bitcoins that have inputs that are tainted (e.g. they have been used in a dark market), spending them may become increasingly difficult.

In MimbleWimble, because the (7+3+5+4+2) inputs and outputs are all discarded when spent, each coin is exactly equal to the other. In other words, MimbleWimble coins are interchangeable and fungible.

See also

Homomorphic encryption

All information for MimbleWimble's wiki comes from the below links. Any source is valid, including Twitter, Facebook, Instagram, and LinkedIn. Pictures, videos, biodata, and files relating to MimbleWimble are also acceptable encyclopedic sources.
Other wiki pages related to MimbleWimble.