Priori Incantatem, or Introduction to Mimblewimble

Mimblewimble is an extremely lightweight blockchain protocol that can implemented as both an upgrade to Bitcoin or an independent chain. By taking elliptic-curve cryptography several steps further than Bitcoin, Mimblewimble builds upon a number of techniques such as Confidential Transactions, CoinJoin, and One-way Aggregate Signatures and strips down blockchains of all unnecessary data to bring unprecedented scalability and absolute anonymity

Brief history

On August 2, 2016, a certain Tom Elvis Jedusor posted a link to a paper called Mimblewimble on a bitcoin research channel. Both the name of the author and the title of the paper are references to Harry Potter book series by J. K. Rowling. Tom Elvis Jedusor is the name of Lord Voldemort in the French adaptation, while Mimblewimble is the Tongue-Tying Curse that forbids the target person to tell a certain secret or to incantate. The name of the paper does make sense, as Tom’s proposal offers a seemingly magical solution for privacy issues as well as scalability.

Andrew Poelstra of Blockstream further elaborated the original Mimblewimble paper and published his own version, in which he added further scaling improvements. According to Poelstra’s calculations, Tom’s protocol could reduce a 100Gb blockchain down to only 15Gb. Poelstra claims that his proposition takes this a step further shrinking the blockchain to less than a megabyte.

A few days later someone by the name Ignotus Peverell started a Github project called Grin. These two names are also taken from the Harry Potter books. Ignotus Peverell is the inventor of the Cloak of Invisibility, a magical artefact that renders the wearer invisible, which is quite a suiting name. Grin is a reference to the Gringotts Wizarding Bank. Grin and Beam are the actual implementations of the Mimblewimble protocol.


Mimblewimble is a blockchain protocol that approaches scaling in a way that no other previously proposed solution does. Some chains, for example, sacrifice decentralization by introducing masternodes and coordinators. Others implement first-layer solutions like sharding or second-layer remedies like payment channels, which entails architectural complexities. Mimblewimble, in contrast, offers a stipped back protocol by cutting out all non-essential data.

As we already know, making a transaction requires previously received transaction outputs as an input of a new transaction. Imagine, Alice sends Bob 1 coin, Bob then gives it to Carol, and Carol transacts it to David. The Bitcoin protocol would need to store all the details about each transaction. The Mimblewimble blockchain would record it as Alice sending a coin to David with Bob and Carol approving the transaction. Thus, Mimblewimble cuts out Bob’s and Carol’s transactions, as those are now irrelevant, and the intermediary users are now only authorizers of the Alice-to-David transaction.

What makes it possible is that the fact the total number of coins is always known. Only coinbase transactions create new coins. Note that by ‘coinbase transactions’ I mean transactions by which new coins are minted and rewarded to miners. So each coin has a transaction path from the miner that minted it to the last owner. When verifying a transaction, Mimblewimble makes sure that the sum of the inputs equals the sum of outputs. If I send you 2 coins, you should receive 2 coins as well. Also I need to create a rangeproof that proves that the sum of my inputs is greater than zero. If it wasn’t for the rangeproof, I could ‘send’ you -5 coins, thus creating 5 new coins for myself out of thin air.


Elliptic-curve cryptography

Mimblewimble, like Bitcoin, approaches public-key cryptography through elliptic-curve cryptography (ECC). ECC’s main principle is the fact that given a large number it is very hard to calculate its factors. It is easy to multiply, say, 312 by 89, but it is incredibly hard to figure out these numbers if the only thing we are given is the product, 27,768. ECC applies this principle to much larger numbers.

An elliptic curve is a large set of number belonging to a certain curve on a coordinate plane. ECC cryptography creates a public key by multiplying the private key by a point on an elliptic curve. This is why you can publish your public key without fearing that someone figures out your private key.

No addresses

In Mimblewimble, however, there are no public keys or addresses. Two transacting users only need to find a medium such as e-mail or any type of protocol really to exchange bits of information. During this interaction, the recipient creates a destination for the sender to send the funds to. No one, aside the two transacting parties, will be able to use that data.

No amounts

The Mimblewimble network validates transactions without knowing their amounts. The only thing it must know is that the difference of the sum of inputs and the sum of outputs equals zero. This is achieved by multiplying both the total input amount and the output amount (which are the same) of the transaction by a certain point on an elliptic curve. To further reinforce the security of the system, Mimblewimble uses Pedersen Commitments. A Pedersen Commitment adds another number called a blinding factor to the equation. The blinding factor is a public key multiplied by a point on another elliptic of the same group. The blinding factor both authorizes the transaction and makes it nearly impossible to calculate the amount of funds sent.

CT, OWAS and CoinJoin

Mimblewimble builds on Confidential Transactions, a trick that obfuscates transactions with only the involved parties knowing how much money was sent. However, Confidential Transactions still show transacting parties and the fact that a transaction took place. However, having neither addresses nor amounts, Mimblewimble makes it hard to figure out even if something happened or not. In doing so, Mimblewimble makes its coins absolutely fungible. In addition, Mimblewimble leverages another method called One-way Aggregate Signatures which in turn have been advanced from CoinJoin to merge several transactions into one, thus obfuscating all the inputs and outputs inside a block.

Such a compact way of storage has its drawbacks mainly in the form of limited flexibility. As such Mimblewimble cannot currently support second-layer solutions such as Lightning Network. The protocol does not allow for scripting and therefore smart contracts are much harder to implement. It is also very difficult to perform cross-chain atomic swaps on Mimblewimble, but Beam claims to have found a way.


Grin is a minimal implementation of the Mimblewimble protocol. Currently, Grin is only on testnet and largely an experimental project. It is entirely community-driven project and there will be no ICO or pre-mine. The funding for Grin development is obtained through community donations. Grin uses Cuckoo Cycle proof-of-work algorithm which is claimed to be highly ASIC-resistant.


Beam was announced just a few months ago with its position paper published June 16 2018. Like Grin, Beam will not hold an ICO or pre-mine coins. The development of Beam is backed by a treasury, emitted from every block during the first five years.


Original Mimblewimble paper by Tom Elvis Jedusor

Mimblewimble followup paper by Andrew Poelstra

Mimblewimble presentation by Andrew Poelstra

Introduction to Grin by Ignotus Peverell

Introduction to Elliptic Curve Cryptography

Bitcoin Magazine article

Mimblewimble for Bitcoiners

List of resources


Grin Project

Cuckoo Cycle

Grin forum


Community chat



Beam position paper

Mimblewimble Explained Like You're 12

JIC: Pottermore, to make out all those easter eggs


8,744 USD 0.43%
Volume, 24h
3,497,717,274 USD
153,922,072,217 USD

Related news

Week in Review: Bitcoin Is Unexpectedly Bearish

At press time, bitcoin is trading for just over $8,400. Bitcoin: Bearish All Over Again? This figure marks a drop of roughly $700 over the past few days. The currency is incurring some very strange behavior as of late, though there doesn’t seem to be much of an explanation regarding why this behavior is happening. Let’s start off with the basics. To do this, we must go back to the end of October, when bitcoin was really trapped in a rut following the disappointing opening of Bakkt and the Mark Zuckerberg hearing regarding Libra, Facebook’s new cryptocurrency project. At that time, the currency was traversing through the doldrums and trading in the mid-$7,000 range, a new low considering it had been doing relatively will since the summer despite a few drops here and there. Then came some positive comments regarding blockchain technology from Chinese president Xi Jinping, who said that blockchain had the power to reinvigorate the economy of China and potentially rebuild its infrastructure. He further stated he would do everything in his power to push blockchain innovation within the country. This proved substantial to the bitcoin price, which spiked to nearly $8,600 following the comments. However, from there, Bakkt continued to improve its present status and ultimately found itself trading more than $2 million in bitcoin futures contracts, which also assisted in the currency’s sudden rise to power. BTC once again found itself trading in the $9,000 range – something it hadn’t done since late September. Thus, more than a month passed before the currency was able to regain its stamina. However, as of late, bitcoin appears to be back on bearish terms, having lost several hundred dollars from its price within the last few days. Things started out ugly when during the beginning of the week, BTC fell to about $8,800. People largely dismissed this fall, saying it was only $300, though it did inspire some to keep a watchful eye out. From there, bitcoin fell to $8,600, knocking another $200 of its price, and at the time of writing, another $200 has vanished. What’s Up with the Drops, Lately? It is strange that the currency could once again be falling into negative territory considering all that’s been done to improve it over the past month. At the same time, it’s important to remember that we are, indeed, dealing with bitcoin, which is arguably one of the most volatile assets in existence. Regardless of how high it spikes this seems to be a never-ending problem for what many refer to as “digital gold.” At the same time, there are those that continue to remain adamant about its abilities. One such figure is Tim Draper, who recently commented that the currency would hit $250,000 within the next few years and Tom Lee, who continues to remain positive regarding where BTC’s price can go. The post Week in Review: Bitcoin Is Unexpectedly Bearish appeared first on Live Bitcoin News.
Live Bitcoin News

Hot news

By continuing to browse, you agree to the use of cookies. Read Privacy Policy to know more or withdraw your consent.