Connect with us

Bitcoin

How Mimblewimble Could Make Bitcoin Work Better

Published

on

Bitcoin

Mimblewimble claims to use a new cryptographic protocol that could revolutionize the way bitcoin works, making it more scalable and private.

The protocol generates a blinding factor that can prove ownership of bitcoins, making private keys unnecessary, and offering a solution to the need to balance bitcoin privacy against fungibility while also improving scalability, according to a white paper that appeared mysteriously on a bitcoin research site authored by a person using a pseudonym.

The author refers to himself as “Tom Elvis Jedusor,” a name taken from the Harry Potter novels.

Bitcoin’s Verification Challenge

Verification

Bitcoin is the first widely used financial system for which all the necessary data to validate the system status can be cryptographically verified by anyone, the white paper notes.

It accomplishes this by storing all transactions in a public database called “the blockchain.” Someone who wants to check this state has to download the whole chain and replay each transaction, checking each one as they go.

It would be easier if an auditor only had to check data on the outputs themselves, but this is not possible since they are only valid if the output is at the end of a chain of prior outputs. The whole blockchain has to be validated to confirm the final state.

Considering that the transactions are cryptographically atomic, the outputs that go into and emerge from every transaction are very clear. The “transaction graph” that results reveals a lot of information and is subjected to analysis by numerous companies whose business model is to monitor and control the lower classes.

This makes it very non-private and even dangerous to use.

Proposed Solutions

Some solutions to this have been proposed, Jedusor notes. Greg Maxwell discovered how to encrypt the amounts so that the graph of the transaction is faceless but still validates the sums. Maxwell also produced CoinJoin, a system for bitcoin users to combine interactively transactions, confusing the transaction graph.

Nicolas van Saberhagen developed a system to blind the transaction entries, further clouding the transaction graph. Shen Noether combined the two approaches to obtain the “confidential transactions” of Maxwell and the “darkening” of van Saberhagen.

These solutions would make bitcoin safe, Jedusor observes. But too much data can make things worse. Confidential transactions require multi-kilobyte proofs on every output. van Saberhagen signatures require every output to be stored forever, as it is not possible to truly tell when they are spent.

Maxwell’s CoinJoin needs interactivity. Yuan Horas Mouton fixed this by making transactions freely mergeable, but he had to use pairing-based cryptography which can be slower and harder to trust. He called this “one-way aggregate signatures” (OWAS).

OWAS combined the transactions in blocks. It could be possible to combine across blocks (perhaps with some glue data) so that when the outputs are created and destroyed, it is as if they never existed, Jedusor notes.

Then, to validate the entire chain, users only need to know when money enters the system (new money in each block as in bitcoin or Monero or peg-ins for sidechains) and final unspent outputs. The rest can be removed and forgotten.

Confidential transactions hide the amounts and OWAS to blur the transaction graph by using less space than bitcoin to enable users to verify the blockchain.

Mimblewimble prevents the blockchain from referencing all of a user’s information, Jedusor observes.

Confidential Transactions

The first step is to remove bitcoin Script. It is too powerful, so it is impossible to merge transactions using general scripts.

Instant transaction

Maxwell’s Confidential Transactions are enough (after some small modification) to authorize the spending of outputs and also to make combined transactions without interaction. This is identical to OWAS, enabling the relaying nodes to take some transaction fee or the recipient to change the transaction fee. Bitcoin cannot do these additional things.

In Confidential Transactions work, the amounts are coded by the following equation: C = r*G + v*H.

C is a Pedersen commitment, G and H are fixed nothing-up-my-sleeve elliptic curve group generators, v is the amount, and r is a secret random blinding key.

Attached to this output is a rangeproof proving that v is in [0, 2^64], so the user cannot exploit the blinding to produce overflow attacks, etc.

To validate a transaction, the verifier will add commitments for all outputs, plus f*H (f being the transaction fee that is given explicitly) and subtracts all input commitments. The result must be 0, proving no amount was created or destroyed overall.

To create such a transaction, the user has to know the sum of the values of r for commitments entries. Therefore, r-values (and their sums) serve as secret keys. If the r output values are made known only to the recipient, an authentication system exists. Unfortunately, by keeping the rule that commits all to add up to zer0, this is impossible since the sender knows the sum of all his r values, and therefore knows the recipient’s r values sum to the negative of that.

Instead, the transaction is allowed to sum to a non-zero value,  k*G, and require a signature of an empty string with this as key, proving its amount component is zero.

The transactions can have as many k*G values as they want, each with a signature, and sum them up during verification.

Creating Transactions

To create transactions, the sender and recipient do the following:

1) The sender and recipient agree on the amount to send. Call this b.

2) The sender creates a transaction with all inputs and change output(s), and gives the recipient the total blinding factor (r-value of change minus r-values of inputs) along with the transaction. The commitments sum to r*G – b*H.

3) The recipient chooses random r-values for his outputs, and values that sum to b minus fee, then adds these to the transaction (including range proof). Now the commitments sum to k*G – fee*H for some k that only the recipient knows.

4) The recipient attaches the signature with k to the transaction, and the explicit fee.

Creating transactions like this supports OWAS already. To demonstrate this, consider two transactions that have a surplus k1*G and k2*G, and the attached signatures with these. Then combine the lists of inputs and outputs of the two transactions, with both k1*G and k2*G to the mix, and it is again a valid transaction. From the combination, it is not possible to know which outputs or inputs are from which original transaction.

Because of this, the block format changes from bitcoin to this information:

1) Explicit amounts for new money (block subsidy or sidechain peg-ins) with whatever else data this needs. For a sidechain peg-in, it may reference a bitcoin transaction that commits to a specific excess k*G value.

2) Inputs of all transactions.

3) Outputs of all transactions.

4) Excess k*G values for all transactions.

Each is grouped together because it does not matter what the transaction boundaries are originally. In addition, lists 2, 3 and 4 should be coded in alphabetical order, since it is quick to check and prevents the block creator from leaking any information about the original transactions.

The outputs are now identified by their hash, rather than their position in a transaction that could easily change. Therefore, it should be banned to have two unspent outputs equal at the same time to avoid confusion.

Merging Transactions

Maxwell’s Confidential Transactions has already been used to create a non-interactive version of his CoinJoin. Another idea is needed. A non-interactive version of this is created to show how it is used with several blocks.

Each block can be seen as one large transaction. To validate it, add the output commitments together, then subtract the input commitments, k*G values, and the explicit input amounts times H. The transactions from two blocks can be combined to form a single block, resulting again in a valid transaction.

The difference is that output commitments have an input commitment equal to it, where the first block’s output is spent in the second block. Both commitments can be removed and still have a valid transaction. There is not even the need to check the rangeproof of the deleted output.

The extension of this idea, all the way from the genesis block to the latest block, shows that each non-explicit input is deleted with its referenced output. All that remains are the unspent outputs, explicit input amounts and every k*G value.

The entire mess can be validated as if it were one transaction by adding all unspent commitments output, subtracting the values k*G, validating explicit input amounts (if there is anything to validate) and subtracting them times H. If the sum is zero, the complete chain is good.

When a user downloads the chain, the following data is needed from each block:

1) Explicit amounts for new money (block subsidy or sidechain peg-ins) with whatever else data this needs.

2) Unspent outputs of all transactions, along with a merkle proof that each output appeared in the original block.

3) Excess k*G values for all transactions.

Bitcoin currently has about 423000 blocks, totaling around 80GB of data on the hard drive to validate everything. The data represents around 150 million transactions and 5 million
unspent, non-confidential outputs.

Each unspent output on a Mimblewimble chain is around 3Kb for rangeproof and Merkle proof. Each transaction adds around 100 bytes: a k*G value and a signature.

The block headers and explicit amounts are negligible. Added together this is 30Gb – with an obscured transaction graph and a confidential transaction.

Also read: Mimblewimble: A stripped down version of bitcoin improves privacy, fungibility and scalability 

Questions and Intuition

The following questions arise.

Q: If you delete the transaction outputs, the user cannot verify the rangeproof and may be a negative amount is created.

A: This is acceptable. For the entire transaction to validate, all negative amounts must have been destroyed. Users have SPV security only that no illegal inflation happened in the past, but the user knows that at this time, no inflation occurred.

Q: If you delete the inputs, double spending can happen.

A: In fact, this means someone may claim that unspent output was spent in the old days. But this is impossible, otherwise the sum of the combined transaction could not be zero.

An exception is that if the outputs amount to zero, it is possible to make two that are negatives of each other, and the pair can be revived without anything that breaks. So to prevent consensus problems, outputs 0-amount should be banned. Just add H at each output.

They all amount to at least 1 at present.

Future Research

Here are some questions that cannot be answered at the time of this writing.

1) What script support is possible? One would need to translate script operations into some discrete logarithm information.

2) Users are required to check all k*G values when in fact all that is needed is that the sum is of the form k*G. Instead of using signatures, is there another proof of discrete logarithm that could be combined?

3) There is a denial-of-service option when a user downloads the chain. The peer can give gigabytes of data and list the wrong unspent outputs. The user will see that the results do not add up to 0, but cannot tell where the problem is.

For now, maybe the user should just download the blockchain from a Torrent or something where the data is shared between many users and is reasonably likely to be correct.

Images from Shutterstock.

Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink.

Rate this post:

Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is considered a failure either way.
0 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 5 (0 votes, average: 0.00 out of 5)
You need to be a registered member to rate this.
Loading...

3.9 stars on average, based on 8 rated postsLester Coleman is a veteran business journalist based in the United States. He has covered the payments industry for several years and is available for writing assignments.




Feedback or Requests?

1 Comment

1 Comment

  1. Ade

    September 4, 2016 at 11:25 pm

    Is that you Dr Satoshi ?

You must be logged in to post a comment Login

Leave a Reply

Analysis

Crypto Update: Coins Retreat After Rally Attempt

Published

on

While yesterday the major cryptocurrencies recovered their weekend losses and bounced back above their prior lows, the bounce got halted before changing the short-term technical setup. As the world is focused on today’s key Brexit vote, trading volumes are once again very low, but the lack of bullish follow-through is a warning sign for traders here even considering the low level of trading activity.

We haven’t seen signs of a developing leadership in recent days, with correlations remaining high and with the top coins failing at the first major levels of resistance for now. That said, should the coins hold above yesterday’s lows and push above consolidation range, the formation of a bear-trap pattern is still possible even as odds still favor the continuation of the bear market.

In light of the short- and long-term setups, traders and investors should still stay away from entering new positions, with our trend model still being on sell signals on both time frames for the majority of the top coins.

BTC/USD, 4-Hour Chart Analysis

While the breakdown in Bitcoin got bought yesterday, the bounce failed to reach the $3850 level and the most valuable coin is still hovering near the $3600 level, leaving both the neutral short-term, and of course, the long-term sell signal intact in our trend model.

A move above $3850 would be a positive sign for bulls, but odds still favor a negative outcome and a likely test of the $3000 level in the coming weeks, so even short-term traders should still away from entering new positions here. Further, weaker support is found near $3250, with resistance ahead between $4000 and $4050, and near $4450.

ETH/USD, 4-Hour Chart Analysis

Although Ethereum briefly topped the $130 level after plunging below the $120 support, a failed breakdown pattern hasn’t been confirmed in the previously leading coin, and the short-term sell signal remains in place in our trend model.

With the bearish long-term picture in mind, and with the oversold short-term momentum readings now cleared, the outlook for the coin remains negative, even as the resumption the counter-trend rally is still a possibility here. Further support below $120 is found between $95 and $100, while resistance is ahead at $160 and near $180.

Altcoins Still Stuck in Downtrends Across the Board

LTC/USD, 4-Hour Chart Analysis

Litecoin’s rally stooped near the upper boundary of last week’s consolidation range, and although the coin is safely above the key $30-$30.50 support zone, the momentum of the bounce is waning. The bearish long-term forces still seem to be dominant, and the coin is well below the primary resistance level near $34.50, so our trend model remains on sell signals on both time-frames. Further strong resistance ahead near $38 and $44 and with support is found near $26 and $23.

XRP/USDT, 4-Hour Chart Analysis

Ripple experienced a brief period of relative stability after the weekend sell-off, but that didn’t change the bearish overall picture for the coin, and technicals are still hostile for bulls here. The coin continues to hover around the $0.32 price level, but we still expect a move below $0.30 in the coming weeks with a test of the bear market lows being the most likely scenario.

Another strong support level is found near the $0.26 level, with resistance ahead near $0.3550, $0.3750, and in the key long-term zone between $0.42 and $0.46.

XMR/USDT, 4-Hour Chart Analysis

Monero is also among the weaker majors and although it bounced back together with the broader market, it failed to sustainably recapture the $45 level, and it remains in clear short- and long-term downtrend. Our trend model is o sell signals on both time-frames as well, and the re-test of the bear market low just below $38 seems very likely in the coming weeks.

Featured image from Shutterstock

Disclaimer:  The analyst owns cryptocurrencies. He holds investment positions in the coins, but doesn’t engage in short-term or day-trading, nor does he hold short positions on any of the coins.

Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink.

Rate this post:

Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is considered a failure either way.
3 votes, average: 4.67 out of 53 votes, average: 4.67 out of 53 votes, average: 4.67 out of 53 votes, average: 4.67 out of 53 votes, average: 4.67 out of 5 (3 votes, average: 4.67 out of 5)
You need to be a registered member to rate this.
Loading...

4.7 stars on average, based on 441 rated postsTrader and financial analyst, with 10 years of experience in the field. An expert in technical analysis and risk management, but also an avid practitioner of value investment and passive strategies, with a passion towards anything that is connected to the market.




Feedback or Requests?

Continue Reading

Bitcoin

Top 3 Price Prediction Bitcoin, Ripple, Ethereum: The pump doesn’t get any quality jump

Published

on

  • Sterile climbs yesterday that didn’t manage to change the scenario in the short term.
  • The ETH/BTC retrieves the bullish scenario but lacks the strength to develop it.
  • It is a bipolar market that can change the mood at any time and any direction.

The crypto market experienced a generalized rise led by the Ethereum yesterday at the end of the European session. The ETH/BTC chart followed the expected roadmap, and after touching the extension of the bullish trend, it rose sharply to get back above the main trend line. It also reached the resistance level at 0.0350 BTC per ETH.

This upside movement is positive news for the market since the leadership of the Ethereum is necessary for the market to continue moving away from the lows.

The market continues to be in a delicate situation since the main Crypto actors do not manage to get far enough away from the relative minimum prices, so that security, which is the basis of optimism, floods the minds of traders.

BTC/USD 240 Minute Chart

The BTC/USD is currently trading at the $3.645 price level. Yesterday it left a high of $3.708, stopping at short-term moving averages and resistance to price congestion.

Today, the BTC/USD is moving slightly lower, and it is very likely that at some point during the day the price will drop to the $3,600 support (price congestion support). The second support level is at $3,470(price congestion support). Should the BTC/USD lose this support level, it would re-enter the relative lows zone with the third support level target at $3,300 (price congestion support).

If bulls reappear, the first resistance level at $3,700 (price congestion resistance, EMA50, and SMA200) is the most important in the short term and exceeding it would greatly facilitate bullish continuity. The second resistance level for the BTC/USD is at $3,787 (SMA100), an intermediate level on the way to the third resistance level at $3,900(congestion resistance). If the BTC/USD can overcome this third resistance level, it would be free of moving averages, which would also become support and support price rises.

The MACD at 240 Minutes shows a bullish profile after yesterday’s gain but continues on the negative side of the indicator. It is necessary that the lines go into the positive zone to be able to see continued rises.

The DMI at 240 Minutes shows how after yesterday’s rise, the bears and bulls were at similar levels of activity, a tie that today seems to opt for the bears but without getting an advantage over the bulls that poses a bearish development.

ETH/USD 240 Minute Chart

The ETH/USD pair is currently trading at the $128.90 price level. After yesterday’s rally, it failed to break above the $130 price congestion resistance level, but it did break above the SMA100. Much better than Bitcoin.

The look at this time in the morning in Europe also seems to support a day of falls, although in this case, they could be minimal thanks to the support you can find in the simple average (SMA100) at $126.79.

In case the ETH/USD pair loses the first support level, the second support at $115 (price congestion support) is the next price target. A fall of this magnitude would be technically devastating and would complicate any bullish development in the medium term because it would drag down the exponential and simple averages and move down the resistance level. The third support at $110 (price congestion support), would see the beginning of a new bearish stretch and could be seen new relative lows.

Above the current price, the first resistance level is at $130 (price congestion resistance), followed a little higher by the EMA50 at $132.80. The third resistance level at $142 (price congestion resistance and SMA200) is the most important, as Ethereum would be free of resistance by moving averages that would become support and facilitate the rises.

The MACD in 240 minutes shows a bullish profile but still moving in the bearish zone of the indicator. The inclination and opening between lines support possible increases, but the crossing of the zero levels of the indicator will make sales appear.

The 240-minute DMI shows the bears taking some advantage over the bulls early in the session after pairing yesterday. Both sides of the market show a significant level of trend strength, which can lead to increased volatility.

XRP/USD 240 Minute Chart

The XRP/USD pair is currently trading at the $0.33 price level after leaving yesterday’s high of $0.343 at the 50-period exponential moving average. It then dropped and held above the $0.335 support level (price congestion support).

The XRP/USD is currently losing that level, which now becomes resistance and is heading towards the second support level at $0.32(price congestion support). The XRP should not miss this second level of support, because it would lose all bullish potential and enter a strongly bearish environment that would target to the third level of support at $0.308 (price congestion support).

Above the current price, the first resistance is at $0.335 (price congestion resistance). The second resistance level is at $0.345(EMA50 and price congestion resistance). The third resistance level is at $0.36 (price congestion resistance), but targeting order to reach it, XRP/USD should first exceed the SMA100 and the SMA200. The maximum difficulty level that if overcome would open a perfect scenario to see consistent rises in the medium term.

The MACD in 240 Minutes shows an upward cross profile although with less upward inclination than Bitcoin or Ethereum. It also moves on the bearish side of the indicator, so the upside potential is limited.

The 240 Minute DMI shows a tie between bears and bulls. Yesterday’s rise put the bulls ahead, but morning falls have made them lose strength, and now it is the bears who are trying to take control of the situation.

Featured image courtesy of Shutterstock.

Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink.

Rate this post:

Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is considered a failure either way.
1 vote, average: 5.00 out of 51 vote, average: 5.00 out of 51 vote, average: 5.00 out of 51 vote, average: 5.00 out of 51 vote, average: 5.00 out of 5 (1 votes, average: 5.00 out of 5)
You need to be a registered member to rate this.
Loading...

3.6 stars on average, based on 6 rated posts




Feedback or Requests?

Continue Reading

Bitcoin

Bitcoin’s Price Recovery Stalls as BitMEX Shuts Down U.S. Accounts

Published

on

Bitcoin’s rally stalled on Tuesday after Hong Kong futures exchange BitMEX announced it was closing U.S. accounts amid growing regulatory scrutiny. As Hacked reported since November, BitMEX has emerged as the biggest virtual market for BTC trades based on percentage of daily trade volumes.

BTC/USD Update

The bitcoin price notched a session high of $3,572.87 on Tuesday, according to CCN’s data feed. It was last seen hovering just below $3,700, having gained 2.8% over the past 24 hours. However, it should be noted that bitcoin rose sharply in the late morning of Monday’s session, so the 24-hour price tracker is a bit skewed.

Bitcoin’s sudden rally on Monday was significant for technical traders eyeing the $3,550-$3,500 support level. A breach below this level would have devastating consequences and likely lead to a re-test of the December low near $3,100.

Bitcoin’s short-term momentum indicators have improved since Monday’s rally attempt. The following chart, which is based on Bitstamp price data, highlight the momentum shift based on the RSI and MACD.

Trading in BTC reached $5.7 billion on virtual exchanges, according to CoinMarketCap. Volumes have increased sharply this year as long-dormant bitcoin accounts become active again. Dormant accounts began moving their coins in October, leading to a sharp rise in bitcoin’s circulating supply. More on this story: Bitcoin Likely Headed Lower as Whales Activate Long-Dormant Accounts.

BitMEX Closes U.S. Accounts

One of the world’s fastest growing cryptocurrency exchanges has pulled the plug on its North American market, citing increased regulatory scrutiny in the United States and the Canadian province of Quebec.

The decision, which was reported by CCN and the South China Morning Post, came in direct response to regulatory crackdowns targeting unlicensed cryptocurrency exchanges. In addition to ceasing operations in the U.S. and Quebec, BitMEX has advised clients in North Korea, Iran, Syria, Cuba, Sudan and Sevastopol (Crimea) against holding positions or trading on the platform.

BitMEX rose to prominence in the latter half of 2018 as traders began shorting bitcoin in record amounts. During the depths of the bear market in November and December, as much as one-third of bitcoin’s virtual exchange volume was processed on BitMEX. Spot markets accounted for the rest.

Last month, BitMEX CEO Arthur Hayes told the Unchained podcast that 24/7 markets represent the wave of the future and that other financial instruments will soon follow cryptocurrencies in around-the-clock trading. His firm processed nearly $1 trillion in trading volume over the past year.

More: Cryptocurrencies Still Recovering Strong After Monday Rally; BitMEX Sees 24/7 Trading as the Future

Disclaimer: The author owns bitcoin, Ethereum and other cryptocurrencies. He holds investment positions in the coins, but does not engage in short-term or day-trading.

Featured image courtesy of Shutterstock.

Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink.

Rate this post:

Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is considered a failure either way.
2 votes, average: 5.00 out of 52 votes, average: 5.00 out of 52 votes, average: 5.00 out of 52 votes, average: 5.00 out of 52 votes, average: 5.00 out of 5 (2 votes, average: 5.00 out of 5)
You need to be a registered member to rate this.
Loading...

4.6 stars on average, based on 736 rated postsSam Bourgi is Chief Editor to Hacked.com, where he leads content development for one of the world's foremost cryptocurrency resources. Over the past eight years Sam has authored more than 10,000 articles and over 40 whitepapers in the fields of labor market economics, emerging technologies, cryptocurrency and traditional finance. Sam's work has been featured in and cited by some of the world's leading newscasts, including Barron's, CBOE and Forbes. Contact: sam@hacked.com Twitter: @hsbourgi




Feedback or Requests?

Continue Reading

Recent Posts

A part of CCN

Hacked.com is Neutral and Unbiased

Hacked.com and its team members have pledged to reject any form of advertisement or sponsorships from 3rd parties. We will always be neutral and we strive towards a fully unbiased view on all topics. Whenever an author has a conflicting interest, that should be clearly stated in the post itself with a disclaimer. If you suspect that one of our team members are biased, please notify me immediately at jonas.borchgrevink(at)hacked.com.

Trending