Connect with us

Bitcoin

How Mimblewimble Could Make Bitcoin Work Better

Published

on

Bitcoin

Mimblewimble claims to use a new cryptographic protocol that could revolutionize the way bitcoin works, making it more scalable and private.

The protocol generates a blinding factor that can prove ownership of bitcoins, making private keys unnecessary, and offering a solution to the need to balance bitcoin privacy against fungibility while also improving scalability, according to a white paper that appeared mysteriously on a bitcoin research site authored by a person using a pseudonym.

The author refers to himself as “Tom Elvis Jedusor,” a name taken from the Harry Potter novels.

Bitcoin’s Verification Challenge

Verification

Bitcoin is the first widely used financial system for which all the necessary data to validate the system status can be cryptographically verified by anyone, the white paper notes.

It accomplishes this by storing all transactions in a public database called “the blockchain.” Someone who wants to check this state has to download the whole chain and replay each transaction, checking each one as they go.

It would be easier if an auditor only had to check data on the outputs themselves, but this is not possible since they are only valid if the output is at the end of a chain of prior outputs. The whole blockchain has to be validated to confirm the final state.

Considering that the transactions are cryptographically atomic, the outputs that go into and emerge from every transaction are very clear. The “transaction graph” that results reveals a lot of information and is subjected to analysis by numerous companies whose business model is to monitor and control the lower classes.

This makes it very non-private and even dangerous to use.

Proposed Solutions

Some solutions to this have been proposed, Jedusor notes. Greg Maxwell discovered how to encrypt the amounts so that the graph of the transaction is faceless but still validates the sums. Maxwell also produced CoinJoin, a system for bitcoin users to combine interactively transactions, confusing the transaction graph.

Nicolas van Saberhagen developed a system to blind the transaction entries, further clouding the transaction graph. Shen Noether combined the two approaches to obtain the “confidential transactions” of Maxwell and the “darkening” of van Saberhagen.

These solutions would make bitcoin safe, Jedusor observes. But too much data can make things worse. Confidential transactions require multi-kilobyte proofs on every output. van Saberhagen signatures require every output to be stored forever, as it is not possible to truly tell when they are spent.

Maxwell’s CoinJoin needs interactivity. Yuan Horas Mouton fixed this by making transactions freely mergeable, but he had to use pairing-based cryptography which can be slower and harder to trust. He called this “one-way aggregate signatures” (OWAS).

OWAS combined the transactions in blocks. It could be possible to combine across blocks (perhaps with some glue data) so that when the outputs are created and destroyed, it is as if they never existed, Jedusor notes.

Then, to validate the entire chain, users only need to know when money enters the system (new money in each block as in bitcoin or Monero or peg-ins for sidechains) and final unspent outputs. The rest can be removed and forgotten.

Confidential transactions hide the amounts and OWAS to blur the transaction graph by using less space than bitcoin to enable users to verify the blockchain.

Mimblewimble prevents the blockchain from referencing all of a user’s information, Jedusor observes.

Confidential Transactions

The first step is to remove bitcoin Script. It is too powerful, so it is impossible to merge transactions using general scripts.

Instant transaction

Maxwell’s Confidential Transactions are enough (after some small modification) to authorize the spending of outputs and also to make combined transactions without interaction. This is identical to OWAS, enabling the relaying nodes to take some transaction fee or the recipient to change the transaction fee. Bitcoin cannot do these additional things.

In Confidential Transactions work, the amounts are coded by the following equation: C = r*G + v*H.

C is a Pedersen commitment, G and H are fixed nothing-up-my-sleeve elliptic curve group generators, v is the amount, and r is a secret random blinding key.

Attached to this output is a rangeproof proving that v is in [0, 2^64], so the user cannot exploit the blinding to produce overflow attacks, etc.

To validate a transaction, the verifier will add commitments for all outputs, plus f*H (f being the transaction fee that is given explicitly) and subtracts all input commitments. The result must be 0, proving no amount was created or destroyed overall.

To create such a transaction, the user has to know the sum of the values of r for commitments entries. Therefore, r-values (and their sums) serve as secret keys. If the r output values are made known only to the recipient, an authentication system exists. Unfortunately, by keeping the rule that commits all to add up to zer0, this is impossible since the sender knows the sum of all his r values, and therefore knows the recipient’s r values sum to the negative of that.

Instead, the transaction is allowed to sum to a non-zero value,  k*G, and require a signature of an empty string with this as key, proving its amount component is zero.

The transactions can have as many k*G values as they want, each with a signature, and sum them up during verification.

Creating Transactions

To create transactions, the sender and recipient do the following:

1) The sender and recipient agree on the amount to send. Call this b.

2) The sender creates a transaction with all inputs and change output(s), and gives the recipient the total blinding factor (r-value of change minus r-values of inputs) along with the transaction. The commitments sum to r*G – b*H.

3) The recipient chooses random r-values for his outputs, and values that sum to b minus fee, then adds these to the transaction (including range proof). Now the commitments sum to k*G – fee*H for some k that only the recipient knows.

4) The recipient attaches the signature with k to the transaction, and the explicit fee.

Creating transactions like this supports OWAS already. To demonstrate this, consider two transactions that have a surplus k1*G and k2*G, and the attached signatures with these. Then combine the lists of inputs and outputs of the two transactions, with both k1*G and k2*G to the mix, and it is again a valid transaction. From the combination, it is not possible to know which outputs or inputs are from which original transaction.

Because of this, the block format changes from bitcoin to this information:

1) Explicit amounts for new money (block subsidy or sidechain peg-ins) with whatever else data this needs. For a sidechain peg-in, it may reference a bitcoin transaction that commits to a specific excess k*G value.

2) Inputs of all transactions.

3) Outputs of all transactions.

4) Excess k*G values for all transactions.

Each is grouped together because it does not matter what the transaction boundaries are originally. In addition, lists 2, 3 and 4 should be coded in alphabetical order, since it is quick to check and prevents the block creator from leaking any information about the original transactions.

The outputs are now identified by their hash, rather than their position in a transaction that could easily change. Therefore, it should be banned to have two unspent outputs equal at the same time to avoid confusion.

Merging Transactions

Maxwell’s Confidential Transactions has already been used to create a non-interactive version of his CoinJoin. Another idea is needed. A non-interactive version of this is created to show how it is used with several blocks.

Each block can be seen as one large transaction. To validate it, add the output commitments together, then subtract the input commitments, k*G values, and the explicit input amounts times H. The transactions from two blocks can be combined to form a single block, resulting again in a valid transaction.

The difference is that output commitments have an input commitment equal to it, where the first block’s output is spent in the second block. Both commitments can be removed and still have a valid transaction. There is not even the need to check the rangeproof of the deleted output.

The extension of this idea, all the way from the genesis block to the latest block, shows that each non-explicit input is deleted with its referenced output. All that remains are the unspent outputs, explicit input amounts and every k*G value.

The entire mess can be validated as if it were one transaction by adding all unspent commitments output, subtracting the values k*G, validating explicit input amounts (if there is anything to validate) and subtracting them times H. If the sum is zero, the complete chain is good.

When a user downloads the chain, the following data is needed from each block:

1) Explicit amounts for new money (block subsidy or sidechain peg-ins) with whatever else data this needs.

2) Unspent outputs of all transactions, along with a merkle proof that each output appeared in the original block.

3) Excess k*G values for all transactions.

Bitcoin currently has about 423000 blocks, totaling around 80GB of data on the hard drive to validate everything. The data represents around 150 million transactions and 5 million
unspent, non-confidential outputs.

Each unspent output on a Mimblewimble chain is around 3Kb for rangeproof and Merkle proof. Each transaction adds around 100 bytes: a k*G value and a signature.

The block headers and explicit amounts are negligible. Added together this is 30Gb – with an obscured transaction graph and a confidential transaction.

Also read: Mimblewimble: A stripped down version of bitcoin improves privacy, fungibility and scalability 

Questions and Intuition

The following questions arise.

Q: If you delete the transaction outputs, the user cannot verify the rangeproof and may be a negative amount is created.

A: This is acceptable. For the entire transaction to validate, all negative amounts must have been destroyed. Users have SPV security only that no illegal inflation happened in the past, but the user knows that at this time, no inflation occurred.

Q: If you delete the inputs, double spending can happen.

A: In fact, this means someone may claim that unspent output was spent in the old days. But this is impossible, otherwise the sum of the combined transaction could not be zero.

An exception is that if the outputs amount to zero, it is possible to make two that are negatives of each other, and the pair can be revived without anything that breaks. So to prevent consensus problems, outputs 0-amount should be banned. Just add H at each output.

They all amount to at least 1 at present.

Future Research

Here are some questions that cannot be answered at the time of this writing.

1) What script support is possible? One would need to translate script operations into some discrete logarithm information.

2) Users are required to check all k*G values when in fact all that is needed is that the sum is of the form k*G. Instead of using signatures, is there another proof of discrete logarithm that could be combined?

3) There is a denial-of-service option when a user downloads the chain. The peer can give gigabytes of data and list the wrong unspent outputs. The user will see that the results do not add up to 0, but cannot tell where the problem is.

For now, maybe the user should just download the blockchain from a Torrent or something where the data is shared between many users and is reasonably likely to be correct.

Images from Shutterstock.

Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink.

Rate this post:

Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is considered a failure either way.
0 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 5 (0 votes, average: 0.00 out of 5)
You need to be a registered member to rate this.
Loading...

3.9 stars on average, based on 8 rated postsLester Coleman is a veteran business journalist based in the United States. He has covered the payments industry for several years and is available for writing assignments.




Feedback or Requests?

1 Comment

1 Comment

  1. Ade

    September 4, 2016 at 11:25 pm

    Is that you Dr Satoshi ?

You must be logged in to post a comment Login

Leave a Reply

Analysis

Crypto Update: Coins Fall After a Quiet Weekend

Published

on

The cryptocurrency segment stabilized this weekend after a technically important breakdown that shifted the short-term outlook to clearly bearish. While the stability was a small plus for bulls, the lack of bullish momentum and the fact that the majors remained below key resistance levels meant that most of the coins remained on sell signals in our trend model. As for the long-term signals, Monero, Ripple, and Bitcoin are the only majors on neutral signals in the still overwhelmingly bearish market.

XMR/USDT, 4-Hour Chart Analysis

Bitcoin continued to fare better than the largest altcoins, but although the most valuable coin made the most technical progress, briefly reclaiming the $6275 level, it also remained in a bearish short-term setup. The total value of the market is stuck near the $200 billion mark, and with Ethereum still being in a steep long-term downtrend and with Ripple giving back a large chunk of its recent gains, sellers are still clearly in control of the market.

BTC/USD, 4-Hour Chart Analysis

Bitcoin’s relative stability continues to be the most encouraging sign in the segment, but the coin is clearly below the previously dominant broad triangle pattern following last week’s breakdown. The technical deterioration means that a test of the key long-term zone near $5850 is increasingly likely, especially as the weak bounce ran out of steam near the $6275 level.

While a weaker support zone is found near $6000, the short-term sell signal is in place in our trend model, and traders shouldn’t enter new positions here. Further resistance is ahead at $6500, $6750, and $7000, while the next major support zone is found between $5100 and $5100.

Ripple Tests $0.42, Ethereum Capped by the $200 Level

XRP/USDT, 4-Hour Chart Analysis

Ripple got back up to the key $0.42 level after plunging below $0.38, but the resistance level halted the bounce and, and the coin is still close to falling back to the previously dominant broad declining trend. XRP is trading right at the declining trendline of the triangle consolidation pattern that developed after the September rally, and bulls would need a sustained break-out above the pattern for a renewed buy signal.

Support levels are found at $0.375 and $0.35, while resistance is ahead in the $0.42-$0.46 and near $0.51 and $0.54, and traders shouldn’t enter new positions here.

ETH/USD, 4-Hour Chart Analysis

Ethereum is still among the weakest majors, and it couldn’t get back above the $200 level during the weekend. ETH remains on sell signals on both time-frames, since the declining trendlines are clearly intact, despite the recent lengthy consolidation period.

Primary support is found at $180, with further zones near $170 and $160, while resistance above $200 is ahead at $235 and $260, and traders and investors should still stay away from the coin.

LTC/USD, 4-Hour Chart Analysis

Litecoin also only managed a weal bounce after the key breakdown below the $56 support, and although it initially respected the $51 level, another test is very likely, and odds favor a break below support given the strong bearish pressures.

A break below the primary support level would warn of the test of the $47 low from August, with the next level of interest being the $44 support, while further resistance above $56 is found at $59 and $64. The coin is on sell signals on both time-frames and traders and investors shouldn’t enter new positions here.

Featured image from Shutterstock

Disclaimer:  The analyst owns cryptocurrencies. He holds investment positions in the coins, but doesn’t engage in short-term or day-trading, nor does he hold short positions on any of the coins.

Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink.

Rate this post:

Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is considered a failure either way.
2 votes, average: 5.00 out of 52 votes, average: 5.00 out of 52 votes, average: 5.00 out of 52 votes, average: 5.00 out of 52 votes, average: 5.00 out of 5 (2 votes, average: 5.00 out of 5)
You need to be a registered member to rate this.
Loading...

4.6 stars on average, based on 374 rated postsTrader and financial analyst, with 10 years of experience in the field. An expert in technical analysis and risk management, but also an avid practitioner of value investment and passive strategies, with a passion towards anything that is connected to the market.




Feedback or Requests?

Continue Reading

Altcoins

A Few Lessons From Last Week

Published

on

There is an adage on Wall Street.  It is quite old. It was passed down to me from my grandfather last Wednesday.  It goes something like this. When the cops raid the brothel, they take everybody including the piano player.  

No matter when the notion originated, it applies directly, and painfully, to last week’s experience with stocks, bonds and crypto assets. Between early Wednesday and Thursdays New York closing, most major US indices dropped a fast five percent.  Friday showed a tepid rebound with the tech heavy NASDAQ posting a 2.3% one day recovery followed by the S&P 500 with a meager 1.2% upward move. Otherwise there wasn’t much good happening.

The story in crypto land wasn’t any better.  In truth it was worse. Taking just the two big guys during the same Wednesday/Thursday time period, things were dismal.  Bitcoin lost 6% in price before staging a weak 1.1% recovery on Friday. Ether dropped 15.6% on Wednesday, then managed a 3.2% Friday bounce.

Nobody escaped untouched unless you were a short seller in which case, congrats! Having lots of company is hardly any consolation for having to deal with investment losses, even if there are only accounting losses.  Nevertheless, everyone who had the ability to read understood the stock market was on a record breaking binge and thus vulnerable.

The only binge connected to crypto prices was a 10 month long hangover from the record levels of late last year.  So should the Wall Street adage be applied here making crypto take on the role of piano player? Or to present the question in a different way, is the piano player merely an innocent victim of being in the wrong place at the wrong time?

The Stock Market Correction Is Not Over

Stock market corrections are never pleasant but many veteran strategist consider them to be a necessary and even healthy part of the investment process.  Last week’s 5% drop was not even pronounced enough to qualify as a bona fide correction. That requires something even more than the 8%+ drop that took place back in February.  

In the very short term, there is little in economic news that is likely to upset the market this coming week but that doesn’t change the fact that interest rates are putting pressure in bond prices and $80 oil prices aren’t helping the inflation picture either.  Finally, there is the uncertainty created by the midterm elections. Making short run market predictions is a fools game, but this one is an exception.

What Does This Say About Crypto Values?

After events of the last week where already depressed crypto values get beaten down even further than stocks and bonds, that is not a good sign.  One of the reasons for this had to be last weeks report from Diar Ltd. showing how Coinbase’s active customers have dropped 80% from record levels of $24 billion in the fourth quarter of last year to $3 billion in the third quarter of 2018.  News of this study was reported by Bloomberg on Wednesday. So this could well have been the fundamental culprit. If so, the timing could not have been better for the short sellers.

No Longer Trending?

The folks at Diar Ltd. are spot on in their analysis but does this mean the end for crypto? Don’t count on it.  In fact there is a positive side to their findings. The most important point is the crypto prices (except for Wednesday) have become increasingly stable.  This stability will serve long term investors well as it will calm the nerves of regulators and merchants inclined to use crypto as a medium of exchange.

The drop off in activity at Coinbase is not surprising.  Speculators have lost interest. Recently we wrote an article about the competition for investor attention between crypto and cannabis.  There is loads of anecdotal evidence suggesting that this is contributing to crypto interest declining.

Here is just two points to remember.  This week on October 17, cannabis becomes legal for the first time throughout Canada. Investors are acutely aware of this bonanza.  During one of the worst weeks in the stock market, US listed cannabis stocks like Medmen Enterprises (MMNFF: $5.84) gained 35% while APHRIA (APHQF: $14.65) added over 13%.  Both stocks experienced greatly accelerated volume. This is an example of just two of many cannabis opportunities that are challenging crypto for investment capital. So the piano player may not be so innocent: he could just be smoking a little ganja.

Featured image courtesy of Shutterstock. 

Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink.

Rate this post:

Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is considered a failure either way.
2 votes, average: 5.00 out of 52 votes, average: 5.00 out of 52 votes, average: 5.00 out of 52 votes, average: 5.00 out of 52 votes, average: 5.00 out of 5 (2 votes, average: 5.00 out of 5)
You need to be a registered member to rate this.
Loading...

4.4 stars on average, based on 112 rated postsJames Waggoner is a veteran Wall Street analyst and hedge fund manager who has spent the past few years researching the fintech possibilities of cryptocurrencies. He has a special passion for writing about the future of crypto.




Feedback or Requests?

Continue Reading

Bitcoin

Bitcoin Price Treads Water as Market Eyes Maturity

Published

on

Bitcoin’s price hovered within a narrow range on Sunday, as plunging trade volumes kept rally caps in check following a rocky end to the previous week.

BTC/USD Update

The bitcoin price fluctuated within a $70 range on Sunday, reaching a high of $6,3399.30 on Bitfinex. At the time of writing, BTC/USD was valued at $6,368 for a gain of 0.6%.

Narrow price action was accompanied by a sharp drop in trading volumes, with market turnover approaching the lowest level of the year. Over the last 24 hours, bitcoin’s trade volume on exchanges has declined by 25% to $3 billion, according to CoinMarketCap. That represents roughly one-third of total market turnover. BitMEX, a derivatives market, processed 16% on bitcoin’s trade volumes on Sunday. Bithumb saw nearly 5% of the daily turnover.

Since falling to the low $6,200 range on Thursday, bitcoin’s price has been slowly tracking upwards. A firm price bottom near $6,000 suggests that the path of least resistance is higher in the short term.

At current prices, bitcoin has a total capitalization of $109.2 billion, accounting for 54% of the entire market. The combined market value of all digital currencies is holding steady above $202 billion, based on latest available data.

Bitcoin Market Maturing

Despite the recent bout of selling pressure, bitcoin has established a fundamentally sound price floor and is exhibiting significantly less volatility than previous market cycles. This is not only corroborated by the bitcoin volatility index, which is currently tracking near yearly lows, but in earlier research published in a high-profile journal called Chaos: An Interdisciplinary Journal of Nonlinear Science.

In a study titled “Bitcoin market route to maturity? Evidence from return fluctuations, temporal correlations, and multiscaling effects,” Polish researchers examined bitcoin’s price action over a six-year period. Although they spotted irregularities early on, the researchers concluded that bitcoin’s “rates of return fluctuated according to the inverse cubic law,” which is a method of analyzing a market’s maturity. This means cryptoassets like bitcoin are increasingly behaving like mature markets such as stocks, commodities and fiat currency.

Bitcoin’s maturity was “particularly evident in the last six months of the examined period” between November 2017 and April 2018. As Hacked previously reported, the launch of bitcoin futures last December has had a stabilizing impact on the market despite arguments to the contrary by the Atlanta Federal Reserve and others.

Against this backdrop, it is reasonable to assume that bitcoin’s price action will show a greater tendency of following established technical patterns now that the market has a longer historical precedent. While this could mean lower prices for longer, a maturing and stabilizing market is positive in the long run.

Disclaimer: The author owns bitcoin, Ethereum and other cryptocurrencies. He holds investment positions in the coins, but does not engage in short-term or day-trading.

Featured image courtesy of Shutterstock.

Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink.

Rate this post:

Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is considered a failure either way.
2 votes, average: 5.00 out of 52 votes, average: 5.00 out of 52 votes, average: 5.00 out of 52 votes, average: 5.00 out of 52 votes, average: 5.00 out of 5 (2 votes, average: 5.00 out of 5)
You need to be a registered member to rate this.
Loading...

4.6 stars on average, based on 643 rated postsSam Bourgi is Chief Editor to Hacked.com, where he specializes in cryptocurrency, economics and the broader financial markets. Sam has nearly eight years of progressive experience as an analyst, writer and financial market commentator where he has contributed to the world's foremost newscasts.




Feedback or Requests?

Continue Reading

Recent Comments

Recent Posts

A part of CCN

Hacked.com is Neutral and Unbiased

Hacked.com and its team members have pledged to reject any form of advertisement or sponsorships from 3rd parties. We will always be neutral and we strive towards a fully unbiased view on all topics. Whenever an author has a conflicting interest, that should be clearly stated in the post itself with a disclaimer. If you suspect that one of our team members are biased, please notify me immediately at jonas.borchgrevink(at)hacked.com.

Trending