Exploring MimbleWimble Now It’s Live
In my previous piece I broke down how MimbleWimble was expected to work when it came out via the v0.21.2 upgrade to Litecoin: https://www.linkedin.com/pulse/how-mimblewimble-work-litecoin-tara-annison
Since then, the upgrade has gone live and there are now (at the time of writing) almost 800 LTC (~$51,000 worth) in the extension blocks and being used for privacy enabled transactions.
This piece will break down how these transactions are working under the hood, using some mainnet transaction examples. However before we dive straight in, let’s just run through what this upgrade is and what it’s looking to achieve.
Before this upgrade, it was possible to see the sender, recipient and amount for all Litecoin transactions. However with the introduction of MimbleWimble Extension Blocks (MWEB) it’s now possible for people to move some of their litecoin from the main chain into a parallel highway, and this allows them to transfer the pegged-in litecoin in an anonymous way.
So how do you get some litecoin into this parallel highway?
To move some of your litecoin (LTC) from the main blockchain (which remains a fully transparent chain) you must create a pegging in transaction. This is where you send your litecoin to a special anyone-can-spend address that only the miner is then able to make use of. We’ll discuss how they do this in a moment.
The above is an example of someone pegging in just over 84 LTC which they’re looking to use within the extension blocks to conduct transactions privately.
For every entity looking to move funds into MWEB there will be a distinct transaction in the block, each with a different recipient address.
However this doesn’t mean that the funds are within the extension blocks and available to use for further transactions. Instead there is a special type of transaction within the block which must then ‘process’ these pegging in transaction. This is called an Integrating Transaction or more commonly a HogEx (full name: Hogwarts Express Transaction) and is always the last transaction in the block.
For block 2,268,029 which is where the above peg in transaction was, we can see the HogEx details below.
The first sender address represents the movement of MWEB litecoins from the previous extension block to the new extension block (the ltc1g7w5j… recipient address) and the second sender address represents the pegging in transaction above.
As such the HogEx moves funds from one extension block to the next and also allows the amount of pegging-in LTC to top the extension block balance up. This ‘topping up’ within the HogEx is referred to as an MWEB coinbase transaction since its ‘creating’ litecoins for use in the extension blocks. In line with this main chain activity, there is also a transaction within the extension block itself which will send the amount from the pegging in transaction to the user’s ltcmweb1 stealth address, and so from the next block onwards the user will be able to move funds from that stealth address to any other ltcmweb1 or standard ltc address.
However as well as moving funds into the extension blocks, it’s also possible to move them back out. This is called a pegging out transaction. It does not exist as a separate transaction within the block but is within the HogEx itself — noted as an output.
The below example shows the HogAddrs in red, the pegging in transaction referenced in green and then also a pegging out transaction in yellow.
As such this is an entity withdrawing 0.00497490 LTC from the extension blocks to their address. It’s not possible to know whether this person put in 0.1 LTC, 1 LTC or even 100 LTC to the extension blocks, or even how many MimbleWimble transactions they conducted in private within the extension blocks. This information is not available on chain and provides transaction privacy for participants who peg in their litecoin to the MimbleWimble Extension blocks.
If you’re looking to conduct private transactions within these extension blocks then you’ll need to use Litecoin Core to generate a MimbleWimble stealth address, which starts with the prefix ltcmweb1. This is not an address in the typical crypto sense and it cannot be found within the block data, instead to see associated activity with it you need the viewing key. This means that the recipient cannot see the sending address unless they have that viewing key. Likewise nodes on the network who are validating and processing mweb stealth address transactions cannot see amounts or addresses for the transaction, only that within the transaction the ismweb field is set to true.
On the topic of mweb transaction processing, nodes who help with this still collect fees, just as they do for transparent Litecoin transactions. This is why there is a transaction fee on some HogExs — because there’s been MimbleWimble activity in the extension block.
Whereas where there is no MimbleWimble activity in an extension block, the transaction fee is 0 LTC.
When we break down what this looks like at a block data level, you’ll note that in the block header information as well as the standard fields, there is now a section for mweb related activity:
This is because the MimbleWimble Extension Block approach is not a sidechain or state channel but instead implemented as some data appended to each main chain block. As such all MimbleWimble transactions (whether ltcmweb1 to ltcmweb1, or ltcmweb1 to/from standard ltc address, enter the mempool and are processed alongside transparent Litecoin transactions. However the magic of MimbleWimble is that the sender, recipient and transaction amount stays hidden when operating within the extension block part of the chain.
You might then question how scalable this approach is since MWEB transactions are typically much bigger than a standard LTC transaction (due to the inbuilt privacy elements). However the expectation is that with transaction cut thoughts (as noted in my first piece: https://www.linkedin.com/pulse/how-mimblewimble-work-litecoin-tara-annison) this will actually make MWEB transactions half the size of a standard transaction.
At just a week after the launch of this monumental upgrade and it is great to see members of the community embrace this new functionality and start to build out tooling and observability for it. Time will tell how the proportion of private vs transparent activity changes on Litecoin and we’ll start to see how exchanges adapt to this new privacy optionality. However my prediction is that we’re moving into a world where previously transparent chains will start to introduce privacy-orientated features, and so the strict distinction between privacy chains and transparent chains will become a thing of the past. It’s therefore going to be important that crypto-services learn to adapt and embrace this changing layer 1 approach, so that privacy-related transactions are not seen as something to ban or be fearful of but analysed alongside other on-chain and off-chain data to built up a more accurate picture of any risk.
Originally published at https://www.linkedin.com.