In the Harry Potter books, the tongue-tying curse was a brilliant way to stump other wizards in a duel. Shut them up and they couldn’t cast another spell at you. The MimbleWimble curse, and its promise of silence, is part of the mysterious inspiration behind a new kind of blockchain technology that every fan of cryptocurrency is suddenly talking about. Besides its curiously compelling origins, it could hold a solution to something that many people see as one of the biggest limitations of Bitcoin and similar blockchains: the difficulty of keeping transactions truly private.
Recommended for You
In July 2016, someone using the name Tom Elvis Jedusor (the real name of Lord Voldemort, the main villain in the Harry Potter universe, in the French edition) posted a link to a text file in a chat room frequented by Bitcoin researchers. Voldemort’s document described MimbleWimble, a blockchain system that would hide the identifying information associated with Bitcoin transactions.
“I call my creation Mimblewimble because it is used to prevent the blockchain from talking about all user’s [sic] information,” wrote Jedusor.
There are parallels with the genesis of Bitcoin in Jedusor’s sudden and short appearance on the scene. Bitcoin’s pseudonymous creator, Satoshi Nakamoto, did something similar. After dropping a paper describing how to make “peer-to-peer electronic cash” on an e-mail message board for cryptographers, he stuck around for a while to communicate with Bitcoin’s earliest team of developers—and then disappeared. Unlike nearly every other cryptocurrency, Bitcoin has no figureheads, a feature its strongest adherents say is essential to true decentralization.
The same can be said for one of the first new currencies built on a blockchain that implements MimbleWimble. The person who started Grin is also pseudonymous, going by the name Ignotus Peverell (the original owner of Harry’s invisibility cloak), and has never been seen. Peverell recently used a text-to-speech program to address attendees at a Grin conference.
Grin officially launched on January 15, and mining the coin is already proving popular. Eric Meltzer, an investor for crypto-focused Primitive Ventures, recently estimated that $100 million of “mostly VC money” has already been invested in Grin mining operations. Grin actually wasn’t the first MimbleWimble coin to go live: another one, called Beam, launched January 3. Unlike Grin, Beam has been set up to run more like a “classical startup” in that it has raised money from investors and pays salaries.
So what’s the big appeal besides the fun backstory? Unlike real cash, Bitcoin and other cryptocurrencies might appeal to privacy advocates, but they are not fully anonymous. Users are represented on the blockchain by strings of numbers and letters, called addresses. Researchers have developed sophisticated techniques for linking addresses to real-life identities and tracking their every transaction. Law enforcement and government officials have started using these techniques to track down and monitor blockchain transaction records.
Jedusor’s MimbleWimble paper combined several ideas for achieving private transactions that had been already bubbling up within the Bitcoin research community, says Andrew Poelstra, a mathematician at Blockstream, a Bitcoin-focused startup. Poelstra had experience working on some of the core concepts in Jedusor’s paper. When it first started getting attention two years ago, he was one of a very few people who could connect the dots and see what Jedusor was getting at. “I realized that this had a lot of potential,” he says. But there were too few equations and “a lot of hand waving.” So he decided to write a more “precise” description of MimbleWimble’s novel capabilities. Shortly after that, Ignotus Peverell appeared and launched the Grin project.
MimbleWimble uses cryptographic techniques both to keep transactions private and to dramatically shrink the size of the blockchain. In Bitcoin, every transaction is actually a collection of data that includes so-called inputs and associated “unspent outputs.” When outputs are spent, they become inputs for the next transaction, and so on. Validating the blockchain requires downloading and storing all the data tracking every input and output all the way back to Bitcoin’s genesis. Validators essentially replay every single transaction, running the chain from beginning to end. That means they must store and process around 200 gigabytes of blockchain data, a number that will only continue to grow. Bitcoin has been criticized for the immense amount of energy it wastes to process transactions.
The math underlying MimbleWimble makes it possible to remove the “vast majority” of that historic blockchain data while still letting users fully verify the chain, wrote Poelstra. It does this in part by combining data from multiple transactions into smaller data sets that network participants can verify cryptographically, without needing to see the transaction amounts or any information that publicly identifies the senders and recipients. MimbleWimble achieves privacy without adding lots more data to the chain, unlike existing so-called privacy coins like Monero and Zcash, so advocates have suggested that coins based on it could be more scalable alternatives.
Whatever the reason, MimbleWimble and Grin have generated lots of interest within the cryptocurrency community. Even some prominent “Bitcoin maximalists,” a term that refers to people who generally do not approve of other coins, have praised them.
Not all are on board, though. Ian Miers, a researcher at Cornell University and a founding scientist for Zcash, has pointed out ways that adversaries could reverse-engineer MimbleWimble transaction records and potentially identify users. And some have criticized the fact that Grin’s currency will never be capped. That runs counter to an ideology popular within the Bitcoin community in favor of limiting the supply (Bitcoin’s supply is capped at 21 million).
As intriguing as the backstory and the technology are, it’s still very early days for MimbleWimble. Now that it’s in the wild, it will be tested. If it doesn’t deliver, the Bitcoin comparisons will quickly be forgotten.
Become an MIT Technology Review Insider for in-depth analysis and unparalleled perspective.Subscribe today