Grin Coin And MimbleWimble: An Introductory Guide
What Are Grin And MimbleWimble?
Grin coin is an implementation of the MimbleWimble protocol. Grin aims to be a scalable privacy coin that has no addresses, no amounts, and is therefore less storage intensive than other privacy coins and digital currencies.
The coin has an anonymous founder, has been developed by the community, and Grin is slated to have a fair proof-of-work launch in Q1 2019. Its mining algorithm is currently ASIC-resistant, meaning you can mine Grin with your laptop.
The MimbleWimble protocol is a design for a blockchain-based ledger where there are no addresses and the data storage required is minimized. It is a private-by-default blockchain that is also scalable and uses elliptic-curve cryptography that has been tested for decades. When compared to Bitcoin, MimbleWimble only needs to store 10% of the data requirements which means that it is more scalable, less centralized, and significantly faster.
Grin and MimbleWimble: History
On August 2nd, 2016 a text file was posted anonymously in a Bitcoin development forum outlining the early-stage of the MimbleWimble whitepaper. The purpose was to soft fork this design for a blockchain-ledger into Bitcoin as a solution to the scaling problem and to add private transactions. On October 20th, 2016 a different anonymous developer posted on the same forum that he was working on an implementation of MimbleWimble – it was called Grin.
When Satoshi first wrote the Bitcoin whitepaper its purpose was to become a peer-to-peer electronic cash system. High transaction fees and opportunity costs of using bitcoin have transformed its major use case into being more of a store of value.
Right now, crypto is lacking a true currency to act as a medium of exchange between parties because no coin has all four cornerstone properties of global, fiat-free digital cash: price stability, scalability, decentralization, and privacy. Grin’s implementation of MimbleWimble hopes to solve these four areas differently and more effectively than any other currency-focused digital asset available today.
Private transactions are imperative to have fungible tokens, which are needed in a currency used as a medium of exchange. In the case of Bitcoin, some investors will actually pay a premium for tokens with no previous transaction history, and in the future we may see an economy where bitcoins that have ever been associated with nefarious addresses may be harder to move. In general, why would you ever want all of your purchases to be transparent for everyone in the world to see? There are privacy, security, and personal risks associated with doing so.
Grin was the first project to implement MimbleWimble and the community-based project launched its testnet in November 2017. The fourth and final testnet before launching the mainnet now has its own branch and is ready for release. My best estimate is that we will see a Grin mainnet launch in early 2019.
The project is called Grin as a nod to Gringotts Wizarding Bank in Harry Potter.
How does MimbleWimble work?
Understanding MimbleWimble requires a basic understanding of Bitcoin’s unspent transaction output (UTXO) model:
If Alice sends 1 bitcoin to Bob she’s not just transferring a 1 bitcoin balance to him like a cash society, which looks like:
- Alice -1 Bitcoin
- Bob +1 Bitcoin
That makes sense doesn’t it? But that’s not how bitcoin accounting works. Every transaction is made up of a bundle of inputs and outputs that go from one person to another. So, Alice’s 1 bitcoin transaction to Bob her wallet software is bundling up inputs from previous bitcoin transactions that make up the 1 bitcoin she is sending Bob. Sometimes there can be hundreds of inputs in this transaction, and each transaction needs to be individually signed by the wallet software. As you can see, this adds a lot of data to the blockchain and becomes cumbersome. Alice’s transaction might look more like this:
- Alice – [0.2+0.1+0.7], where the [X+Y+Z] are previous transactions that need to be bundled and validated by Alice’s wallet.
It’s a bit intricate, but this is a proven consensus model that has been shown to be secure. Other models provide security that is more experimental.
MimbleWimble changes this bitcoin model by creating one multisignature for all of the inputs and outputs. The parties involved in a transaction create one public multisignature key that can verify the transaction. There are no addresses in the system because two parties engaging in a transaction share what’s called a “blinding factor” where only those two parties know they are engaging in a transaction; keeping the privacy of the network.
A blinding factor is a shared secret between the two parties that encrypts the inputs and outputs in that specific transaction as well as the transacting parties’ public and private keys. MimbleWimble utilizes a Pedersen commitment scheme where full nodes subtract the encrypted amounts on the sending side of transactions (inputs) from the encrypted amounts on the receiving side of transactions (outputs).
A balanced equation means that no coins were created out of thin air – and the node never has to know what the transaction amounts were.
The biggest change here from Bitcoin is native privacy where all values are fully obscure and there are no reusable or identifiable addresses. The only verification that is needed is that no new money is created and that the parties engaging in the transaction have ownership of their keys. Both of these processes are done using a blinding element to obscure the values; relying on multiplying and adding secret factors to obscure real values.
Here’s a really simple example of how a blinding element in cryptography works:
1+2=3 // 1+2-3=0
This is just a simple balanced equation to show no new money was created (rearranged to show that the balance is net zero).
Here a secret number of 5 is multiplied to all variables, which obscure the original values.
The values and blinding factor are now private and you can still prove that no new money was created.
Where MimbleWimble gets creative is that the blinding element is actually a combination of the transacting parties’ private and public keys, so with that one equation I can prove that no money was created and that I’m the owner of the keys.
At the end of the transaction you’re given a multisignature header of this transaction. This is much lighter than publically keeping all of the inputs and outputs on a full node for the entire blockchain and excess data is just thrown out.
A problem with Bitcoin and Ethereum right now is the decreasing number of units running full nodes. Decentralization requires parties to run full nodes. A full node hosts the entire blockchain history, which becomes more storage intensive each day.
In Bitcoin, this requires downloading all of the inputs and all of the outputs from all transactions, which becomes exponentially larger as time goes on because there are smaller and smaller inputs to bundle.
Fewer full nodes means the blockchain is more centralized and prone to manipulation. Lightweight nodes on both platforms can verify transactions, but they need to be served by full nodes to connect to their networks. The Ethereum blockchain, for example, is over 1TB in size, and the number of full nodes are decreasing since the incentive to run a full node is just to keep the integrity of the network.
This is evidenced by the user growth of Infura – a service on Ethereum that helps dApps handle read-requests by running a full node.
Bitcoin can currently mimic the privacy function of MimbleWimble using what’s called CoinJoin, but this is not the default and therefore has several security issues. Some implementations use a central server that requires you to trust an intermediary with your bitcoin, so it’s not a true, native implementation.
What is Grin Coin?
Grin is a privacy coin implementation of MimbleWimble on its own blockchain that is being developed using the Rust programming language, renowned for speed and scalability in networking applications. When asked why Grin wasn’t coded in a language that everyone is comfortable like C++, the lead developer said, “When you write code in Rust, it does exactly what you think it’s going to do, every time” and that “Because Grin uses rust [this] frees up time to focus on the actual issues.”
Like Bitcoin, Grin uses Proof of Work (PoW) mining, but with a different algorithm called Cuckoo Cycle, which has shown to be ASIC resistant. It manages to be resistant to ASICs because it is memory intensive. Currently, the design is placeholder ASIC resistant, and will become ASIC friendly gradually over the course of several years. Grin has also made slight changes to MimbleWimble to make the design ‘quantum resistant’ and the coin can be mined with your CPU at home; encouraging decentralization among miners.
Solo mining the testnet, which is live right now, will net you approximately 1/1000 blocks using a new Macbook Pro (2018 i9) and a Raspberry Pi or an SSD disk is enough to run a full node right now. This means that it will be cheap and easy to run a full node, and new nodes will be able to sync up with the network quickly and efficiently. Keep in mind that this will likely become more competitive when the mainnet launches.
The main tenets of the project are:
- Privacy as a default
- Scalable transactions by storing a fraction of data
- Proven cryptography that has been tested for decades
- Simple design for peer-to-peer transactions
- Community-driven with a focus on decentralized development and mining
Grin, unlike Bitcoin, does not enable Script, which makes it more of a design to send value from one person to another rather than programmable money. Grin developers are working on implementing Script functionality and claim that they can achieve atomic swaps and multi-sig transactions already
One criticism that has been leveled at the system right now is that two parties both need to be online to engage in a transaction, whereas in bitcoin I can send anyone bitcoin if I have their public key and they can still receive it when they are offline. This sounds like a major flaw, but it is not true. It originates from a misunderstanding of how the word “interactive” is used in cryptography, which just conveys that a back-and-forth is required and not that the 2 parties must be online at the same time.
There is no founder of the project and the project aims to have a fair launch. According to the community funding principles, there will never be an ICO and the launch will be pre-announced, open, and fair with no pre-mine or any other “funny business”.
There will be no percentage of mining rewards going to the developers and no acceptance of capital with an expectation of profit or undue influence on the decision-making process of the project.
Grin has been developed by ad hoc part time community developers, and raised a total of $55k in community donations to have a developer give full-time attention to the project. The funding process has been incredibly transparent and can be found here. Recently, the developers have identified that they will need approximately $80k for security audits prior to launch.
A new Grin token is issued every second and it’s likely to stay that way forever. The block reward is 60 grin with a block target each minute. This gives the project a predictable monetary policy where the dilution becomes smaller each year.
After 10 years there will be less than 10% inflation, after 20 years less than 5%, after 25 years less than 4% and so on… Some analysts believe that set supply currencies, such as bitcoin, are experimental because we don’t know how miners and the market will react when block rewards disappear and miners only rely on transaction fees for funding.
This becomes even more confusing when you add in that lightning network will reduce the number of on-chain transactions that will require mining fees. A tail emission of infinite inflation ensures that miners are infinitely incentivised to secure the chain.
This monetary policy aims to support a digital cash that transitions into a digital gold when inflation nears 0% and doesn’t reward speculators nearly as much as a pre-mine. The stock to flow ratio, which is a ratio for commodities where inventory is divided by the amount produced annually, will be incredibly low in the first few years after launch; reducing the opportunity cost of selling Grin and encouraging spending.
Discouraging “hodling” should improve the coin’s distribution patterns and drive the network’s Gini coefficient closer to zero (a statistical dispersion of wealth). That’s the economic theory behind the monetary policy, but I still think there will be speculation and hoarding, making Grin a good investment. Things usually don’t go according to academic principles in this industry.
To conclude, MimbleWimble and Grin are still in an experimental stage, but here are the strengths and weaknesses of the project:
- Natively private
- Socially scalable (lightweight)
- ASIC resistant mining that is CPU compatible (proven cryptography with cuckoo cycle)
- No ICO or pre-mine
- Anonymous founding team with focus on community development
- Nodes need to be online to transact
- No Script or any programming language
- Many strong competing coins (ZEC, XMR, BTC, BCH)
How does this compare to competitors?
Right now I believe Monero and Zcash are the two strongest privacy coin projects out there based on their privacy technology. Some critics will argue that the problem with these coins are that ring signatures and zk-SNARKs are incredibly computationally intensive, which makes the transactions bulky, slow, and expensive relative to Grin.
One analyst noted that in the case of XMR, the software allows users to configure the default number of “mixins” to include in each transaction. 64% of all transaction inputs do not contain mixins at all, which means there is no privacy to the user, and there is also a privacy risk to other users. Other researchers have cited that close to 80% of Monero transactions can be traced.
With ZCash, users have the option to send transparent or shielded transactions, and transparent transactions are the default. Shielded transactions are computationally more complex, more expensive to send, and more data intensive for the blockchain. Since inception only 2.8% of all ZEC volume has been shielded with zk-SNARKs and it’s unlikely that ZEC would scale if 100% of its transactions were shielded. It’s my belief that true fungibility is best achieved when privacy is the default.
MimbleWimble and Grin are experimental, and XMR and ZEC are very strong privacy projects, but the important takeaway is that these projects are not perfect, and MimbleWimble could improve on their supposed weaknesses in bulky transactions, lack of scalability, and non-native privacy.
It’s possible that the anonymous founders of MimbleWimble and Grin recognized that leaving Bitcoin and never making himself known was the best thing Satoshi ever did for the network because it allowed development to continue in a decentralized fashion without everyone focusing on a leader.
Leadership in crypto can be seen as a liability. For example, there are many people who criticize Vitalik for stunting the growth of Ethereum because development hinders on one person’s intellect since he’s been painted in a God-like image by his followers.
Project founders offer a central point of failure or success in a project, and Grin doesn’t have that. MimbleWimble and Grin may have prominent community leaders, just like Bitcoin and Monero, but these aren’t founders who have privileged access to equity with pre-mines or ICOs. We’ve also seen that highly concentrated networks do not seem to be compliant with the SEC, as per William Hinman’s speech because tokens are more “security-like” when a concentrated few parties exert outsized influence on the network.
ZCash, which is seen to be a major Grin competitor, does have a founding figure. At ZCon0 ZEC’s founder, Zooko, provided details about his founder reward. He receives about 2000 ZEC per month which at current prices is approximately $250k USD – that’s almost $3M USD per year. A centralized, corporate model like this is what we’re used to in Western capitalism (and it’s been proven to work well in traditional equity markets), but having an anonymous founder and a focus on community development is a better strategy to avoid being classified as a security.
Nerd alert: What’s with the Harry Potter references?
As mentioned, Grin and MimbleWimble were created anonymously – just like Bitcoin. The creators did so by using pseudonyms related to Harry Potter and the references are intertwined throughout the coin’s history.
In the series, MimbleWimble is the tongue-tying curse originally used by Gilderoy Lockhart to teach his students to better defend themselves in the Duelling Club.
The original dot onion link that was shared in the Bitcoin development forum introducing MimbleWimble was posted by “Tom Elvis Jedusor”, which is an anagram of Voldemort in French.
Then, “Ignotus Peverell”, the wizard that invented the invisibility cloak, posted the Github link to his implementation of MimbleWimble called Grin a few months later.
This article was updated to reflect the fact that following testnet 4, Grin will not be ASIC-resistant forever.
The author is invested in Bitcoin, which is mentioned in this article.