Connect with us

Bitcoin

How Mimblewimble Could Make Bitcoin Work Better

Published

on

Bitcoin

Mimblewimble claims to use a new cryptographic protocol that could revolutionize the way bitcoin works, making it more scalable and private.

The protocol generates a blinding factor that can prove ownership of bitcoins, making private keys unnecessary, and offering a solution to the need to balance bitcoin privacy against fungibility while also improving scalability, according to a white paper that appeared mysteriously on a bitcoin research site authored by a person using a pseudonym.

The author refers to himself as “Tom Elvis Jedusor,” a name taken from the Harry Potter novels.

Bitcoin’s Verification Challenge

Verification

Bitcoin is the first widely used financial system for which all the necessary data to validate the system status can be cryptographically verified by anyone, the white paper notes.

It accomplishes this by storing all transactions in a public database called “the blockchain.” Someone who wants to check this state has to download the whole chain and replay each transaction, checking each one as they go.

It would be easier if an auditor only had to check data on the outputs themselves, but this is not possible since they are only valid if the output is at the end of a chain of prior outputs. The whole blockchain has to be validated to confirm the final state.

Considering that the transactions are cryptographically atomic, the outputs that go into and emerge from every transaction are very clear. The “transaction graph” that results reveals a lot of information and is subjected to analysis by numerous companies whose business model is to monitor and control the lower classes.

This makes it very non-private and even dangerous to use.

Proposed Solutions

Some solutions to this have been proposed, Jedusor notes. Greg Maxwell discovered how to encrypt the amounts so that the graph of the transaction is faceless but still validates the sums. Maxwell also produced CoinJoin, a system for bitcoin users to combine interactively transactions, confusing the transaction graph.

Nicolas van Saberhagen developed a system to blind the transaction entries, further clouding the transaction graph. Shen Noether combined the two approaches to obtain the “confidential transactions” of Maxwell and the “darkening” of van Saberhagen.

These solutions would make bitcoin safe, Jedusor observes. But too much data can make things worse. Confidential transactions require multi-kilobyte proofs on every output. van Saberhagen signatures require every output to be stored forever, as it is not possible to truly tell when they are spent.

Maxwell’s CoinJoin needs interactivity. Yuan Horas Mouton fixed this by making transactions freely mergeable, but he had to use pairing-based cryptography which can be slower and harder to trust. He called this “one-way aggregate signatures” (OWAS).

OWAS combined the transactions in blocks. It could be possible to combine across blocks (perhaps with some glue data) so that when the outputs are created and destroyed, it is as if they never existed, Jedusor notes.

Then, to validate the entire chain, users only need to know when money enters the system (new money in each block as in bitcoin or Monero or peg-ins for sidechains) and final unspent outputs. The rest can be removed and forgotten.

Confidential transactions hide the amounts and OWAS to blur the transaction graph by using less space than bitcoin to enable users to verify the blockchain.

Mimblewimble prevents the blockchain from referencing all of a user’s information, Jedusor observes.

Confidential Transactions

The first step is to remove bitcoin Script. It is too powerful, so it is impossible to merge transactions using general scripts.

Instant transaction

Maxwell’s Confidential Transactions are enough (after some small modification) to authorize the spending of outputs and also to make combined transactions without interaction. This is identical to OWAS, enabling the relaying nodes to take some transaction fee or the recipient to change the transaction fee. Bitcoin cannot do these additional things.

In Confidential Transactions work, the amounts are coded by the following equation: C = r*G + v*H.

C is a Pedersen commitment, G and H are fixed nothing-up-my-sleeve elliptic curve group generators, v is the amount, and r is a secret random blinding key.

Attached to this output is a rangeproof proving that v is in [0, 2^64], so the user cannot exploit the blinding to produce overflow attacks, etc.

To validate a transaction, the verifier will add commitments for all outputs, plus f*H (f being the transaction fee that is given explicitly) and subtracts all input commitments. The result must be 0, proving no amount was created or destroyed overall.

To create such a transaction, the user has to know the sum of the values of r for commitments entries. Therefore, r-values (and their sums) serve as secret keys. If the r output values are made known only to the recipient, an authentication system exists. Unfortunately, by keeping the rule that commits all to add up to zer0, this is impossible since the sender knows the sum of all his r values, and therefore knows the recipient’s r values sum to the negative of that.

Instead, the transaction is allowed to sum to a non-zero value,  k*G, and require a signature of an empty string with this as key, proving its amount component is zero.

The transactions can have as many k*G values as they want, each with a signature, and sum them up during verification.

Creating Transactions

To create transactions, the sender and recipient do the following:

1) The sender and recipient agree on the amount to send. Call this b.

2) The sender creates a transaction with all inputs and change output(s), and gives the recipient the total blinding factor (r-value of change minus r-values of inputs) along with the transaction. The commitments sum to r*G – b*H.

3) The recipient chooses random r-values for his outputs, and values that sum to b minus fee, then adds these to the transaction (including range proof). Now the commitments sum to k*G – fee*H for some k that only the recipient knows.

4) The recipient attaches the signature with k to the transaction, and the explicit fee.

Creating transactions like this supports OWAS already. To demonstrate this, consider two transactions that have a surplus k1*G and k2*G, and the attached signatures with these. Then combine the lists of inputs and outputs of the two transactions, with both k1*G and k2*G to the mix, and it is again a valid transaction. From the combination, it is not possible to know which outputs or inputs are from which original transaction.

Because of this, the block format changes from bitcoin to this information:

1) Explicit amounts for new money (block subsidy or sidechain peg-ins) with whatever else data this needs. For a sidechain peg-in, it may reference a bitcoin transaction that commits to a specific excess k*G value.

2) Inputs of all transactions.

3) Outputs of all transactions.

4) Excess k*G values for all transactions.

Each is grouped together because it does not matter what the transaction boundaries are originally. In addition, lists 2, 3 and 4 should be coded in alphabetical order, since it is quick to check and prevents the block creator from leaking any information about the original transactions.

The outputs are now identified by their hash, rather than their position in a transaction that could easily change. Therefore, it should be banned to have two unspent outputs equal at the same time to avoid confusion.

Merging Transactions

Maxwell’s Confidential Transactions has already been used to create a non-interactive version of his CoinJoin. Another idea is needed. A non-interactive version of this is created to show how it is used with several blocks.

Each block can be seen as one large transaction. To validate it, add the output commitments together, then subtract the input commitments, k*G values, and the explicit input amounts times H. The transactions from two blocks can be combined to form a single block, resulting again in a valid transaction.

The difference is that output commitments have an input commitment equal to it, where the first block’s output is spent in the second block. Both commitments can be removed and still have a valid transaction. There is not even the need to check the rangeproof of the deleted output.

The extension of this idea, all the way from the genesis block to the latest block, shows that each non-explicit input is deleted with its referenced output. All that remains are the unspent outputs, explicit input amounts and every k*G value.

The entire mess can be validated as if it were one transaction by adding all unspent commitments output, subtracting the values k*G, validating explicit input amounts (if there is anything to validate) and subtracting them times H. If the sum is zero, the complete chain is good.

When a user downloads the chain, the following data is needed from each block:

1) Explicit amounts for new money (block subsidy or sidechain peg-ins) with whatever else data this needs.

2) Unspent outputs of all transactions, along with a merkle proof that each output appeared in the original block.

3) Excess k*G values for all transactions.

Bitcoin currently has about 423000 blocks, totaling around 80GB of data on the hard drive to validate everything. The data represents around 150 million transactions and 5 million
unspent, non-confidential outputs.

Each unspent output on a Mimblewimble chain is around 3Kb for rangeproof and Merkle proof. Each transaction adds around 100 bytes: a k*G value and a signature.

The block headers and explicit amounts are negligible. Added together this is 30Gb – with an obscured transaction graph and a confidential transaction.

Also read: Mimblewimble: A stripped down version of bitcoin improves privacy, fungibility and scalability 

Questions and Intuition

The following questions arise.

Q: If you delete the transaction outputs, the user cannot verify the rangeproof and may be a negative amount is created.

A: This is acceptable. For the entire transaction to validate, all negative amounts must have been destroyed. Users have SPV security only that no illegal inflation happened in the past, but the user knows that at this time, no inflation occurred.

Q: If you delete the inputs, double spending can happen.

A: In fact, this means someone may claim that unspent output was spent in the old days. But this is impossible, otherwise the sum of the combined transaction could not be zero.

An exception is that if the outputs amount to zero, it is possible to make two that are negatives of each other, and the pair can be revived without anything that breaks. So to prevent consensus problems, outputs 0-amount should be banned. Just add H at each output.

They all amount to at least 1 at present.

Future Research

Here are some questions that cannot be answered at the time of this writing.

1) What script support is possible? One would need to translate script operations into some discrete logarithm information.

2) Users are required to check all k*G values when in fact all that is needed is that the sum is of the form k*G. Instead of using signatures, is there another proof of discrete logarithm that could be combined?

3) There is a denial-of-service option when a user downloads the chain. The peer can give gigabytes of data and list the wrong unspent outputs. The user will see that the results do not add up to 0, but cannot tell where the problem is.

For now, maybe the user should just download the blockchain from a Torrent or something where the data is shared between many users and is reasonably likely to be correct.

Images from Shutterstock.

Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink.

Rate this post:

Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is considered a failure either way.
0 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 5 (0 votes, average: 0.00 out of 5)
You need to be a registered member to rate this.
Loading...

3.9 stars on average, based on 8 rated postsLester Coleman is a veteran business journalist based in the United States. He has covered the payments industry for several years and is available for writing assignments.




Feedback or Requests?

1 Comment

1 Comment

  1. Ade

    September 4, 2016 at 11:25 pm

    Is that you Dr Satoshi ?

You must be logged in to post a comment Login

Leave a Reply

Analysis

Crypto Update: Coins Extend Weekly Losses as Altcoins Still Glued to Support Levels

Published

on

We are having another broadly negative session so far in the cryptocurrency segment, with most of the majors sporting limited losses, and with only a few coins showing relative strength. While the picture is far from being disastrous, we have seen some technical deterioration in the top coins, as Ripple is still bleeding lower, and as Ethereum fell below the $200 price level again.

DASH/USD, 4-Hour Chart Analysis

The likes of Litecoin, Dash, EOS, IOTA, NEO, and ETC are still weak from a technical perspective, and although some of the minor coins are still faring somewhat better, at least short-term, the overall picture remains overwhelmingly bearish.

Bitcoin’s stability is still a plus for bulls here, but with no sign of meaningful bullish momentum among the top digital currencies, traders should remain defensive even with regards to the relatively stronger coins.


BTC/USD, 4-Hour Chart Analysis

The most valuable coin is trading slightly lower amid the segment-wide drift lower, but the $6275 support is still well below the current level, and the volatility in BTC’s market continues to be very low. A move below would warn of a test of the $6000 and $5850 levels, and for now, the short-term sell signal is still in place in our trend model despite Bitcoin’s stability.

The next major support zone below $5850 is found between $5000 and $5100, while resistance is ahead at $6500, $6750, and $7000.

Ripple’s Weakness Casts a Shadow on the Market

XRP/USD, 4-Hour Chart Analysis

Ripple hasn’t been able to hold last week’s gains, and the coin moved below $0.46 this week, warning of a coming test of the $0.42 level, and a possible resumption of its broader downtrend after its surge in September.

Below $0.42 support levels are found near $0.375 and $0.355, and further weakness could soon lead to a downgrade in our trend model with regards to the long-term outlook, with strong resistance levels still ahead near $0.51, $0.54, and $0.57.

LTC/USD, 4-Hour Chart Analysis

Litecoin has been one of the stronger coins so far today, but from a broader perspective, it remains relatively weak and the $51 support level looks more and more vulnerable. A break below primary support would likely lead to a test of the bear market low near $47, with the next major support zone below that found at $44.

The broad declining trend is clearly intact, in the coin and traders and investors shouldn’t enter new positions here, with our trend model being negative on all time-frames, and with strong resistance levels ahead near $56, $59, and $64.

ETH/USD, 4-Hour Chart Analysis

Ethereum continues to show relative weakness, and although remained stable in recent days, the broader setup hints on a likely test of the bear-market low. The coin drifted below the $200 level today, but volatility remains low, and trading activity is still very light.

The currency remains on sell signals on all time-frames, even as the immediate outlook is rather neutral, with key support found near $180, $170, and $160, and with strong resistance zones ahead near $235 and $260.

Featured image from Shutterstock

Disclaimer:  The analyst owns cryptocurrencies. He holds investment positions in the coins, but doesn’t engage in short-term or day-trading, nor does he hold short positions on any of the coins.

Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink.

Rate this post:

Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is considered a failure either way.
0 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 5 (0 votes, average: 0.00 out of 5)
You need to be a registered member to rate this.
Loading...

4.6 stars on average, based on 380 rated postsTrader and financial analyst, with 10 years of experience in the field. An expert in technical analysis and risk management, but also an avid practitioner of value investment and passive strategies, with a passion towards anything that is connected to the market.




Feedback or Requests?

Continue Reading

Bitcoin

Bitcoin Price Eyes Further Consolidation as Bakkt Sets Date for BTC Futures Contracts

Published

on

Bitcoin’s price has shown little movement over the last 24 hours, as low-volume, low-volatility trading supported a gradual consolidation for the world’s leading cryptocurrency. Meanwhile, the Intercontinental Exchange (ICE) has set a new date for the launch of Bakkt, a proprietary cryptocurrency trading platform.

BTC/USD Update

The bticoin price hovered within a narrow range on Tuesday, picking up where it left off at the start of the week. At press time, BTC was valued at $6,462.49, having declined 0.4% compared with Monday. The leading digital currency is trading at an $80 premium on Bitfinex.

Trade volumes have picked up slightly over the past 24 hours but remain well below $4 billion, according to CoinMarketCap. The $4 billion threshold is generally viewed as the minimum exchange-traded volume bitcoin needs to generate any kind of meaningful rally.

Bitcoin’s underlying volatility is once again approaching yearly lows. Over the past 30 days, the bitcoin volatility index has averaged 1.65%, according to bitvol.info. This figure conveys daily fluctuations in bitcoin’s open price.

According to CBOE Options Institute instructor Kevin Davitt, bitcoin has exhibited less price volatility than some of Wall Street’s biggest technology stocks. In a recent conversation with MarketWatch, Davitt explained how bitcoin’s 20-day historical volatility (HV) was lower than that of Amazon (AMZN), Netflix (NFLX) and Nvidia (NVDA). In fact, bitcoin’s 20-day HV has fallen nearly as low as Apple’s (AAPL).

ICE Sets Date for Bakkt

The owner of the New York Stock Exchange has set a date of Dec. 12 for the launch of its upcoming cryptocurrency trading platform. Bakkt will initially offer physically settled bitcoin futures contracts by mid-December, a move that could bring more institutional traders into the fold.

According to a notice issued on Monday, Bakkt’s new product is called the Bitcoin (USD) Daily Futures Contract. The contract size is one bitcoin, with prices quoted in U.S. dollars to two decimal places. A minimum price movement of $2.50 per bitcoin has been set. Block trades executed at a minimum of $0.01 per bitcoin are also permitted.

Investors who purchase a bitcoin futures contract will have physical units of the coin deposited into their account on settlement. Existing bitcoin futures markets offered by CBOE and CME are cash-settled as opposed to physically settled.

ICE’s first foray into cryptocurrency was announced back in August after it announced an ambitious plan to bring blockchain solutions to mainstream investors and consumers. The platform, which is backed by Microsoft, Boston Consulting Group and Starbucks, is “designed to serve as a scalable on-ramp for institutional merchant and consumer participation in digital assets, by promoting greater efficiency, security and utility,” according to CEO Jelly Loeffler.

Disclaimer: The author owns bitcoin, Ethereum and other cryptocurrencies. He holds investment positions in the coins, but does not engage in short-term or day-trading.

Featured image courtesy of Shutterstock.

Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink.

Rate this post:

Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is considered a failure either way.
0 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 5 (0 votes, average: 0.00 out of 5)
You need to be a registered member to rate this.
Loading...

4.6 stars on average, based on 649 rated postsSam Bourgi is Chief Editor to Hacked.com, where he leads content development for one of the world's foremost cryptocurrency resources. Over the past eight years Sam has authored more than 10,000 articles and over 40 whitepapers in the fields of labor market economics, emerging technologies, cryptocurrency and traditional finance. Sam's work has been featured in and cited by some of the world's leading newscasts, including Barron's, CBOE and Forbes. Contact: sam@hacked.com Twitter: @hsbourgi




Feedback or Requests?

Continue Reading

Analysis

Crypto Update: Coins Turn Lower After Choppy Weekend

Published

on

The major cryptocurrencies are slightly lower today in early trading, as Sunday’s modest rally faded away without major technical progress. Most of the coins are stuck in narrow trading ranges, and last week’s spike well above the current price levels, as buyers failed to take control of the market.

That said, we haven’t seen strong negative momentum either, and although the bearish long-term setups remain intact, there is no immediate danger of new bear market lows in the segment.

Patience is still the name of the game for crypto investors, since there is no evidence of a broader trend change that would justify a more constructive investment position. Our trend model is on sell signals across the board on both time frames, and the bearish pressures are still apparent on the charts, even considering the lengthy consolidation period. Given the negative long-term trends, odds still favor a test of the lows in most case, particularly in the light of the lack of bullish leadership.

IOTA/USD, 4-Hour Chart Analysis

While most of the majors are still above the lows hit just before the Tether-turmoil, there are several relatively weak coins that could lead the market lower in the coming weeks. Especially Ethereum, Liteocin, Dash, and EOS point a negative picture of the market, while Ripple and Bitcoin are still the most encouraging form a bullish standpoint, even as they also failed to signs of bullish momentum.


BTC/USD, 4-Hour Chart Analysis

Bitcoin is back near the $6400 level today, after drifting towards the $6500 resistance during yesterday’s rally,  but the coin is still well clear of the $6275 support level, trading clearly within last Monday’s range. Our trend model continues to be on a short-term sell signal, while the long-term picture is still neutral for the largest digital currency.

Traders and investors still shouldn’t enter positions here with further resistance levels ahead near $6750 and $7000 and with support levels below $6275 found near $6000, $5850 and between $5000 and $5100.

Altcoins Slightly Lower as Stellar Fails to Break Out

XRP/USD, 4-Hour Chart Analysis

Ripple and Stellar have been showing some positive signs last week, but they both failed to make significant technical progress, confirming the segment-wide selling pressure. Ripple is threatening to move below the $0.42-$0.46 level, despite the rally above its triangle consolidation pattern, and a break below $0.42 would likely trigger a test of the $0.355 support.

For now, the short-term sell signal remains in place due to the lack of follow-through, and traders should be cautious with new positions. Strong resistance is still ahead at $0.51, $0.54, $0.57, while further, weak support is found near $0.375.

Stellar/USD, 4-Hour Chart Analysis

Stellar is trading very close to the key long-term support zone near $0.24 that has been dominating trading for several weeks, and despite the rally attempts, the coin is still not out of its bear market. That said, should a broader trend change occur, Stellar would likely be among the leaders of renewed advance, but for now, traders and investors should still stay away from the coin.

The declining long-term trend is intact, with strong resistance levels ahead near $0.265 and $0.2835, while support levels are found near $0.235, $0.21, and $0.1935.

ETH/USD, 4-Hour Chart Analysis

Ethereum is still stuck in a very narrow range after the weekend, with the $200 support/resistance level still being in the center of attention. The bearish broader setup is unchanged in ETH’s market, with the coin still being relatively weak among the majors.

Traders and investors shouldn’t open new positions her, with further support found near $180, $170, and $160, and with strong resistance zones ahead near $235 and $260.

Featured image from Shutterstock

Disclaimer:  The analyst owns cryptocurrencies. He holds investment positions in the coins, but doesn’t engage in short-term or day-trading, nor does he hold short positions on any of the coins.

Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink.

Rate this post:

Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is considered a failure either way.
0 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 5 (0 votes, average: 0.00 out of 5)
You need to be a registered member to rate this.
Loading...

4.6 stars on average, based on 380 rated postsTrader and financial analyst, with 10 years of experience in the field. An expert in technical analysis and risk management, but also an avid practitioner of value investment and passive strategies, with a passion towards anything that is connected to the market.




Feedback or Requests?

Continue Reading

Recent Comments

Recent Posts

A part of CCN

Hacked.com is Neutral and Unbiased

Hacked.com and its team members have pledged to reject any form of advertisement or sponsorships from 3rd parties. We will always be neutral and we strive towards a fully unbiased view on all topics. Whenever an author has a conflicting interest, that should be clearly stated in the post itself with a disclaimer. If you suspect that one of our team members are biased, please notify me immediately at jonas.borchgrevink(at)hacked.com.

Trending