Grin & Beam: Privacy, MimbleWimble & Competition in Trade-offs
This January has finally seen mainnet launches of two implementations of the novel MimbleWimble privacy-focussed payment protocol come to fruition. MimbleWimble was first introduced to the crypto-community back in 2016, when the protocol was outlined in a pseudonymous paper shared on the bitcoin-wizards IRC channel. The paper was submitted by a user known as Tom Elvis Jedusor, who promptly logged off after dropping a tor link to the document.
The last few years have seen a great deal of research focussed on improving privacy features within Bitcoin and the wider world of cryptocurrencies, to tackle the distinct lack of anonymity and resultant fungibility concerns present in many existing cryptocurrencies. The UTXO based model used in Bitcoin has privacy failings related to the public nature of both addresses and transaction inputs and outputs. As a result, this has been an area of focus for a number of talented researchers and has resulted in some fascinating applications of cryptography to tackle the issue. Early iterations included centralised mixing services, but these have various inherent limitations. In the last few years, more promising developments include enhanced implementations of CoinJoin and Confidential Transactions (CT).
MimbleWimble maintains the UTXO model, but no addresses or transaction amounts are included on the blockchain. Instead, a confidential transaction model is used by which the validity of a transaction can be verified cryptographically, without divulging information on the contents of said transaction. This is achieved through what is known as a Pedersen Commitment, using a form of zero-knowledge proof in place of transaction inputs and outputs. Confidential transactions have been an area of focus for the team at Blockstream, and last year they released the final version of a paper outlining an enhancement to the original Confidential Transaction model through the use of compact “bullet-proofs”.
Furthermore, privacy is also enhanced in MimbleWimble through a transaction cut-through model, based upon the ideas of CoinJoin, which is employed to obfuscate the history of a transaction, such that chain analysis cannot be used to concretely tie multiple transactions together in a transaction graph.
Fast forward to 2019 and the well-received anonymous cryptocurrency proposal has now been implemented by two separate teams, with each making very different trade-offs to realise their aims. The similarities between the Grin and BEAM projects essentially start and finish with their focus on implementing the protocol outlined in the MimbleWimble paper, and the two projects have ultimately taken very different paths in pursuit of the goal of developing a functioning cryptocurrency based upon it.
The Grin project was launched very soon after the original MW paper was released to the world, as an incomplete implementation written in Rust via a Github repository under the name Ignotus Peverell. Despite this mysterious inception, the project garnered a great deal of support from some well-respected names within the Bitcoin development community, including Blockstream researcher Andrew Polestra, who wrote a paper extending upon the original MimbleWimble proposal outlined by the pseudonymous Tom Elvis Jedusor.
Grin has been approached as a community-led open-source project, with a number of anonymous contributors who have followed the lead of the original MW creator and taken names from the Harry Potter series. The original MW proposal was done using the real name of Voldemort in the French version of the books, Ignotus Peverell is the original owner of Harry’s invisibility cloak and MimbleWimble is itself a tongue-tying spell from the popular series by British author J.K Rowling.
Following two years of development in one of the more active Github repositories for any cryptocurrency project, the Grin genesis block was created on January 15th, and a successful launch followed with the first block found after just over 90 minutes. In the hours that followed the initial difficulty level steadily adjusted down to bring blocktime closer to the 1-minute target, and at the time of writing over 7000 blocks have now been successfully mined.
Grin uses a proof-of-work algorithm known as Cuckoo Cycle, and a form of this algorithm called Cuckatoo31+ has been established with fixed rules to encourage the development of ASICs. This appears to have been a successful tactic, with the first ASIC device focussed on Grin already announced in the days following the initial launch of the mainnet. Grin also eschews the use of a hard-cap on units, instead opting for an emission curve that maintains a modest level of inflation in the very long-term, with around 2% inflation after 40 years, compared to Bitcoin which will be well below 0.1% by then.
In a world with thousands of alternative cryptocurrencies, the launch of Grin seems to have grabbed the attention of a number of high-profile Bitcoin proponents, many of whom have rarely shown any interest in most altcoins. Even the BitcoinTalk forums, which have been an important space for Bitcoin discussion since it’s earliest days, have chosen to accept Grin donations, with administrator Theymos integrating Grin payments and making it the first alternative to Bitcoin to be accepted on the site.
The Beam project, which launched in March 2018, has been pursued under what is essentially a start-up model, very similar in some respects to Z-Cash. Lead by CEO Alexander Zaidelson, an Israeli entrepreneur, the Beam project has taken a starkly different approach to Grin, with the project’s initial development taking place without source code being made publically available. The full C++ code is now fully open-source and hosted on Github, with community involvement beginning to grow.
The team took a pre-sale approach to fund initial development under what resembles a start-up model, with a small cohort of investors providing seed funding to facilitate the creation of the Beam codebase. These early investors will be rewarded directly from mining rewards, as the protocol includes a mechanism by which a proportion of the block reward is allocated to a Treasury and formal Beam foundation for the first five years. The treasury’s funds are then allocated to the development team, advisors, foundation and pre-launch investors respectively, and this funding mechanism has seemingly allowed the project to develop at an impressive pace, particularly in comparison to Grin, which has been in development since 2016.
The Beam treasury is awarded 20 of the 100 beams per each block mined for the first year post-launch, dropping to 10 for years two through five. The total supply of Beam is capped at 262.8m, which would be reached by year 133. In a quest to maintain ASIC resistance in the near-term, Beam has opted to plan for two hard-forks to adjust the Equihash mining algorithm used at both 6 and 12 months after launch. This is designed to ensure that GPUs are adequate to mine the chain in its early stages before ASICs can be developed which would make the GPUs unsuitable.
Releasing a cryptocurrency based on a complex novel architecture into the real world is a uniquely challenging endeavor and the Beam team have diligently resolved a couple of minor issues since the launch, including the propagation of an invalid block which temporarily brought the chain to a halt until a fix was implemented. In the continuing post-launch development, Beam intends to make it easier for users to provide optional transparency, such that transaction information can be validated for business and compliance purposes. This will likely be of interest to the more corporate participants in the cryptocurrency ecosystem, to whom optional reporting capabilities in a privacy focussed project could be a necessity.
MimbleWimble is arguably one of the most exciting and innovative approaches to constructing a cryptocurrency protocol that has been used since Bitcoin, and perhaps Monero or Ethereum. This has likely contributed to the impressive level of community interest that has been generated by both projects implementing the protocol. The choices made by the teams behind each project look set to make their growth an interesting experiment in the trade-offs between different governance models utilised in bootstrapping a new cryptocurrency protocol, and the competing projects will be fascinating to observe over the coming months and years. Despite launching in direct competition, there doesn’t appear to be any negativity between the opposing teams and they appear to be broadly supportive of one another, with participants primarily excited to finally have implementations of MimbleWimble out in the wild.