Mimblewimble Paper Proposes ‘Near Complete’ Bitcoin Anonymity

[Ezekial2517]

21inc’s Balaji S. Srinivasan recently pointed out an interesting paper that proposes to anonymize all Bitcoin transactions. The process is called Mimblewimble, and it prevents the blockchain from broadcasting user information. 

Mimblewimble Proposes to Anonymize All BTC Transactions

The paper written by Tom Elvis Jedusor published on July 19 gives a comprehensive new outlook on the anonymization of Bitcoin transactions. Jedusor explains how Bitcoin exchanges can be monitored and mentions there are companies are being created at this very moment to bolster this activity.

https://news.bitcoin.com/mimblewimble-bitcoin-anonymity/

[1714916497]

1714916497

[1714916497]

1714916497

[ebliever]

What's the catch? (There is always a trade-off - centralization or slower xfers or higher fees or something). EDIT: "The method Jedusor proposes has its own potential downfalls, one of them being the removal of Bitcoin’s script." Ouch.

I value legit anonymity for many reasons.... but coming on the heels of a major bitcoin heist this seems kinda... ironic/

[7788bitcoin]

This is definitely something interesting.... however, it is not important at all. Bitcoin doesn't need anonymity. Those who need it have things to hide...

[Hide_ip112]

I think this is the latest innovation of the bitcoin. But I see it is very unfavourable to be realized, because in this way it is able to provide opportunities to those who make transactions that are prohibited and also passed all those who commit corruption. Perhaps this needs to be fixed, so that it can become a good innovation and successful innovation

[European Central Bank]

This is definitely something interesting.... however, it is not important at all. Bitcoin doesn't need anonymity. Those who need it have things to hide...

that's naïve. people automatically have it when using fiat. if you were using bitcoin for everything you'd pretty soon be longing for some anonymity.

in a full bitcoin world everyone would know what you were earning, what you spent things on, what you paid for things. you might start off pseudo anonymous but one slip up could link your id to all of your addresses.

businesses would have their finances wide open for other businesses to analyse. there are ways to cover your tracks right now but they're not foolproof and i don't reckon people should have to put conscious effort into something so important.

[franky1]

the link is about removing the transparent ledger(the blockchain(7 years of historic data)).
sorry but removing the blockchain out of bitcoin and instead only handle "unspents" is totally ridiculous.

it ruins the "trust" and security that bitcoins cannot be"created" by any other method.
it ruins the security, simply because each block is created with details of the last block. by removing "blocks" then that removes the security.. thus making it easier to fake new data.

the other point is about hiding values of transactions..
this is also a overall risk because if you cant see the amount someone had. you cant validate what you received is real or not. (bitcoin counterfeiting risk)

even if they did remove the history of bitcoin data and hide values of transactions publicly so no one can analyze the history. they can still analyze current data and anyone watching a person in particular will still be able to get information about them.

the easier solution is just to move funds to a new address and then anyone watching you doesnt know if its still you or someone else you made a payment to.

the issue has never ever ever been about bitcoin. but about humans stupidity to make their bitcoin addresses associated with identity
take the guy above named "european central bank" - here is his bitcoin address: 1ALjht7sumDJbbEccjgKkr1cq4zNhRxiB9

it did not take any blockchain analyses to get that info, i did not need to ask him, no one needed to coerce him..

[belmonty]

This is definitely something interesting.... however, it is not important at all. Bitcoin doesn't need anonymity. Those who need it have things to hide...

that's naïve. people automatically have it when using fiat. if you were using bitcoin for everything you'd pretty soon be longing for some anonymity.

in a full bitcoin world everyone would know what you were earning, what you spent things on, what you paid for things. you might start off pseudo anonymous but one slip up could link your id to all of your addresses.

businesses would have their finances wide open for other businesses to analyse. there are ways to cover your tracks right now but they're not foolproof and i don't reckon people should have to put conscious effort into something so important.

Some Bitcoin users need anonymity, and some don't. That's why mixer companies make profits. In a full Bitcoin world nobody buying stuff like a coffee or a McDonald's would care about anonymity, like when they pay for those things with debit cards today. For transactions where people care about anonymity there's already mixers, and there would still be mixers in a full Bitcoin world.

[Snorek]

This is definitely something interesting.... however, it is not important at all. Bitcoin doesn't need anonymity. Those who need it have things to hide...

Edward Snowden: "Arguing that you don't care about the right to privacy because you have nothing to hide is no different than saying you don't care about free speech because you have nothing to say"

Source: https://mic.com/articles/119602/in-one-quote-edward-snowden-summed-up-why-our-privacy-is-worth-fighting-for#.kIdhVkssC

[franky1]

Some Bitcoin users need anonymity, and some don't. That's why mixer companies make profits. In a full Bitcoin world nobody buying stuff like a coffee or a McDonald's would care about anonymity, like when they pay for those things with debit cards today. For transactions where people care about anonymity there's already mixers, and there would still be mixers in a full Bitcoin world.

to add to your point. in a "full bitcoin world" where LN is used for small/frequent purchases.. LN is basically a multisig address that many people put funds into and they all sign the transaction when they outputs are all going to where they should.

this is the same as mixing/coinjoin principle. thus LN is automated mixing

[franky1]

This is definitely something interesting.... however, it is not important at all. Bitcoin doesn't need anonymity. Those who need it have things to hide...

Edward Snowden: "Arguing that you don't care about the right to privacy because you have nothing to hide is no different than saying you don't care about free speech because you have nothing to say"

Source: https://mic.com/articles/119602/in-one-quote-edward-snowden-summed-up-why-our-privacy-is-worth-fighting-for#.kIdhVkssC

arguing that you dont care about the right to privacy because you have nothing to hide is no different from walking around naked while having CCTV in your bedroom and a police officer watching you make dinner

[calkob]

It nearly sounds to good to be true, i hope it is the case as this will be a great thing.

[franky1]

It nearly sounds to good to be true, i hope it is the case as this will be a great thing.

risking the security of things like the ledger accounting system purely to pretend it will solve anonymity is bad,,
you cant solve anonymity if people are going to freely throw their information out to the public

calkob: 1Bacvw8HTp1svvhTuZCDV73ZpTTVD2KprE
it did not take any blockchain analyses to get that info, i did not need to ask you, no one needed to coerce you.. yet there is an address that can help anyone link you to bitcoin

the whole pseudo-anonymity of bitcoin is because no matter what you do to bitcoin, you cannot fix the human factor

[Kprawn]

The more Bitcoin becomes anonymous, the more it will struggle with opposition from the governments world wide. The masters wants control and anonymity takes control away from them. So we

should consider this negative tradeoff, if we want to go that route. {full anonymity} I see a situation where banks and governments will be joining forces in the future to control all money, with the help

of Blockchain based technologies. They will also hamper the progress of all public Blockchain based crypto currencies.  

[franky1]

The more Bitcoin becomes anonymous, the more it will struggle with opposition from the governments world wide. The masters wants control and anonymity takes control away from them. So we

should consider this negative tradeoff, if we want to go that route. {full anonymity} I see a situation where banks and governments will be joining forces in the future to control all money, with the help

of Blockchain based technologies. They will also hamper the progress of all public Blockchain based crypto currencies.  

i think bitcoin doesnt need to change.. multisig (coinjoin/LN) is the future of that as its then built in mixer by default.

EG
10 people connect to a bitpay LN hub.. all month they buy starbucks, train tickets, sandwiches
at the end of month its all signed off and broadcast to the network
all the chain sees is 10 payments in and lump sum payments to starbucks, rail company and a sanwich bar.. no way of telling who paid what to who, or when or how many times.. as its been aggregated into slimer transactions

[TippingPoint]

the easier solution is just to move funds to a new address and then anyone watching you doesnt know if its still you or someone else you made a payment to.

Yes.  For most users, this is all that is necessary.  And some users improve on it slightly by sending the big chunks to multiple smaller chunk addresses, of random "payment" sizes, at different times.  And they generally avoid reconnecting them.  Experienced users also recognize the benefits of a reliable and anonymous poker site where BTC can be deposited, and different amounts later withdrawn to different addresses, with no fees.

[andytoshi]

I value legit anonymity for many reasons.... but coming on the heels of a major bitcoin heist this seems kinda... ironic/

Bitcoin right now has abysmal privacy properties, and yet even these don't seem have helped in tracking down the executor of the BFX heist. (Perhaps this will change, of course, it is still early days.) It certainly is not going to help getting the money back. In general, people who want to do illegal things are able to be anonymous about it, often taking huge losses in the process -- maybe it costs you 50% to launder money, but if you stole all the money in the first place, this is acceptable. Meanwhile people who are just trying to live their lives cannot afford to be taking huge haircuts all the time, don't get the anonymity that criminals can afford, and wind up being screwed by the poor privacy properties of whatever payment system they're using.

This is definitely something interesting.... however, it is not important at all. Bitcoin doesn't need anonymity. Those who need it have things to hide...

There is an old article by Mike Hearn called merge avoidance which describes many reasons that financial privacy is important for ordinary people. For businesses the consequences are even more severe; you cannot run a business with entirely public accounts.

Add as others have said, "you don't get to choose what things you need to hide".

I think this is the latest innovation of the bitcoin. But I see it is very unfavourable to be realized, because in this way it is able to provide opportunities to those who make transactions that are prohibited and also passed all those who commit corruption. Perhaps this needs to be fixed, so that it can become a good innovation and successful innovation

See my above comment about criminals already being able to hide their activity, since they value this more and have more money to burn.

the link is about removing the transparent ledger(the blockchain(7 years of historic data)).
sorry but removing the blockchain out of bitcoin and instead only handle "unspents" is totally ridiculous.

It is already possible to delete all historic data in Bitcoin and track only the unspent outputs. You will not be able to help others join the network with full security, and you would not've be able to join the network yourself without validating this data. But it hardly seems ridiculous on its face that it could be validated more cheaply than downloading all of it.

it ruins the "trust" and security that bitcoins cannot be"created" by any other method.

It does not. Can you say more about why you think this? The paper explicitly addresses why inflation remains impossible.

it ruins the security, simply because each block is created with details of the last block. by removing "blocks" then that removes the security.. thus making it easier to fake new data.

The paper does not talk about removing blocks at all. Did you read it?

the other point is about hiding values of transactions..
this is also a overall risk because if you cant see the amount someone had. you cant validate what you received is real or not. (bitcoin counterfeiting risk)

Are you familiar with confidential transactions? This is an existing technology that has been in use on the sidechain Elements Alpha for over a year now, and is exactly what the MW paper uses.

even if they did remove the history of bitcoin data and hide values of transactions publicly so no one can analyze the history. they can still analyze current data and anyone watching a person in particular will still be able to get information about them.

This is largely addressed by the use of OWAS and CT, which again is discussed in the paper itself. (Note that MW's mechanism for doing OWAS is novel and not related to the one in that link.)

the easier solution is just to move funds to a new address and then anyone watching you doesnt know if its still you or someone else you made a payment to.

Can you paste an address that will allow me to learn the blockchain's chainstate with full security and without complete history, while also hiding its transaction graph even from people who have the full blocks? If not, can you say how somebody would make one?

[yenxz]

In case the full purchase Bitcoin world there is nothing like a coffee or McDonald will care anonymity , such as when they pay for things with a debit card at the moment. For transactions in which people care about the anonymity of existing mixers and mixer in the world still will be full Bitcoin

[franky1]

andytoshi,

the "paper" actually says

Then, to
validate the entire chain, users only need to know when money is entered into
the system (new money in each block as in Bitcoin or Monero or peg-ins for
sidechains [6]) and final unspent outputs, the rest can be removed and forgotten.

which is an act of pruning / removing the history..
so my premiss was that part of the paper was not just about mixing coins, not just about hiding values but also pruning/removing the transaction history.

which. has risks..

secondly even if pruning didnt happen, which you suggested the paper never suggests.. my premiss is that you can still analyze the transactions even without knowing the values just by tracking who pays who due to the history remaining.. meaning the only way to be "near complete" anonymity would be to remove the history.

which, has risks..

onto the main topic
although there are brand names like "coinjoin" and "OWAS" being thrown about.. proposes to solve the mixing and also the former need of a substantial 'userbase' to be affective(prior to OWAS)

i think what would actually happen in reality is people would just use lightning network hubs to do their mixing, where hubs by default are populated by many users where an end settlement transaction contains lots of aggregated payments to different people. no one will know if X bought 200 car tires or just one Porsche. did someone buy 500 cups of starbucks coffee or a 0.1% company stake in starbucks inc, where it wont easily show who bought what due to the aggregation while the channels were open.

thus separate scripts and services, softforks and data bloat wont be necessary compared to when lightning network does a similar mixing job by default. much like depositing funds into an exchange now. and withdrawing in 10 minutes.. you wont get the same coin-taint back. this method already does not require bloated transaction scripts or softforks or worries of popularity. because the service is usually populated and holding reserves anyway

even hiding the values. as i said before wont stop analysts finding info about someone if they wanted to.. just knowing who your got funds from is usually enough.. EG silkroad taint doesnt matter how much it is just the fact of having coins originating from there is enough

no bitcoin code would solve removing links of personal info to a bitcoin address. especially when people publicly hand out personal info freely
EG without any real work, no coercion, no begging or bribing of information, i found this.
1Andrew5Jgks6cziRiqgWShg1nr1igky1r
Andrew Sydney Poelstra
rasied in canada but then went to texas for a bit

and dont get me started on the concept of relay nodes tweaking the transaction to add in their own address to take a fee.. that in itself can send tx's looping through a collection of nodes owned by one person to add in many addresses to siphon off funds from the transaction itself, or spark a civil war of nodes fighting each other to be the last in line before a mining pool accepts it to ensure other relay nodes dont tweak one address out to replace it with their own..

again alot of science and lots of proposed changes to how bitcoin 'could' work in the paper.. but in reality i think LN will be what people use most as a second layer option and not much would change at bitcoins blockchain ledger layer

[andytoshi]

andytoshi,

the "paper" actually says

Then, to
validate the entire chain, users only need to know when money is entered into
the system (new money in each block as in Bitcoin or Monero or peg-ins for
sidechains [6]) and final unspent outputs, the rest can be removed and forgotten.

which is an act of pruning / removing the history..
so my premiss was that part of the paper was not just about mixing coins, not just about hiding values but also pruning/removing the transaction history.

which. has risks..

Can you describe these risks?

secondly even if pruning didnt happen, which you suggested the paper never suggests.. my premiss is that you can still analyze the transactions even without knowing the values just by tracking who pays who due to the history remaining.. meaning the only way to be "near complete" anonymity would be to remove the history.

which, has risks..

I did not suggest that "pruning doesn't happen" in the paper. Again, can you describe these risks? What do you mean by "who pays who"? Ignoring the question of associating people to outputs when all outputs are uniformly random curvepoints, how does one even associate the outputs with the inputs?

no bitcoin code would solve removing links of personal info to a bitcoin address. especially when people publicly hand out personal info freely
EG without any real work, no coercion, no begging or bribing of information, i found this.
1Andrew5Jgks6cziRiqgWShg1nr1igky1r
Andrew Sydney Poelstra
rasied in canada but then went to texas for a bit

That's correct, this is me. But MW does not support using static addresses like this, it is required for people to send me money that I interact with them, and then why would I use the same keys if I have to interact anyway?

and dont get me started on the concept of relay nodes tweaking the transaction to add in their own address to take a fee.. that in itself can send tx's looping through a collection of nodes owned by one person to add in many addresses to siphon off funds from the transaction itself, or spark a civil war of nodes fighting each other to be the last in line before a mining pool accepts it to ensure other relay nodes dont tweak one address out to replace it with their own..

Why would they loop through themselves? If they want to take all the fee they can do that in one shot. Then good luck for them trying to relay the transaction further with no remaining fee.

[2_Thumbs_Up]

What kind of blockchain analysis could one reasonably expect with this scheme? It seems to make regular blockchain analysis just from looking at the blockchain close to impossible, but what about someone that monitors the network in real time? Couldn't you make the connection between inputs and outputs before they get into a block?