Litecoin has positioned itself as the digital silver to Bitcoin’s digital gold. Although it’s a code fork of Bitcoin, Litecoin is still a unique network that has maintained a top spot in the crypto-asset landscape since its inception. Many have thought of Litecoin as a complement to Bitcoin, a hedge on the failure of Bitcoin, and/or a live test-net for Bitcoin because of its vast similarities. For instance, Segregated Witness (SegWit) was first implemented in Litecoin, adding empirical support for the case that SW could be implemented safely in the Bitcoin protocol.
In this post we’ll go over a highly anticipated and interesting proposal being actively worked on by Litecoin developers. Through LIP2 and LIP3, the Litecoin community is looking to implement a blockchain design known as “Mimblewimble” (MW). The MW protocol has already been implemented successfully in two lesser known public blockchains: Beam and Grin. Litecoin would be the third and the most well known network to implement MW to date.
MW was proposed by a pseudonymous programmer going by the name “Tom Elvis Jedusor”. Harry Potter fans might catch the references. The purpose of the MW proposal is to improve the privacy, fungibility, and scalability of blockchains. Three incredibly hard problems, ostensibly improved with one protocol.
Due to the characteristics of blockchains like Bitcoin and Litecoin, their transaction histories are fully transparent and can be examined by anyone with an internet connection. Although these transactions do not have names attached to them, sophisticated parties can use tools and techniques to figure out a lot of information about who is sending to who, when they are or were transacting, and how much is being exchanged. This ability hurts the privacy of Litecoin’s users and reduces LTC’s fungibility considerably.
Maintaining a full transaction history also puts limitations on a blockchain’s scalability. Miners only validate transaction outputs (coins) that have a valid history that stretches all the way back until the very moment those particular outputs (coins) were created. This means the proper functioning of the network depends on participants keeping their own copy of the full transaction history of the network. To check the true validity of any transaction tied to any outputs (coins), one would have to have the entire transaction history at their disposal. Over time, storing all of this information adds up, putting stress on the operators running the network, which raises the difficulty of joining the network.
The MW protocol enables a blockchain to only keep a history of when outputs (coins) are created, forget about a whole timeline of transactions, and hide the amounts being transacted, all while still validating the current set of unspent outputs (coins). In other words, operators of the network do not need to keep a full detailed history to confirm a transaction is in fact valid. This improves privacy and fungibility by obscuring an on-lookers ability to see the relationship between transactions, and it simultaneously improves scalability by limiting the growth of a blockchain.
Privacy & Fungibility
Mimblewimble builds on the properties of Elliptic Curve Cryptography (ECC) that other cryptocurrencies like Litecoin rely on. The current version of Litecoin requires the value of transactions to be publicly transparent so that miners can check that no counterfeit supply was created in any given transaction. The creator of MW was able to show mathematically that we actually don’t need to know the amounts involved in a transaction to check for counterfeit supply. Using the properties of elliptic curves and multiplication we can verify a transaction does not create an invalid supply of coins (outputs) without knowing the amount involved in the transaction. The creator of MW also showed that private keys could be the mechanism used to obscure the amounts as well as prove ownership over those amounts.
Two key concepts used by Mimblewimble to achieve privacy are:
- The math required to validate a transaction can be achieved without knowing any of the amounts associated with the transaction.
- The private key could be used to obscure those amounts as well as prove ownership.
This isn’t complete anonymity, but it does improve privacy and fungibility for users by making it more difficult to know whose transaction is whose, and how much was transacted.
Cut Throughs: Scalability
The MW protocol also allows miners to eliminate a lot of transaction data over-time, making blocks smaller and more compact and thus slowing down the growth of a blockchain substantially. In a pre-mimblewimble world all of this transaction data would have to be saved forever by other blockchains unless they made serious changes to their protocol. The elimination of transaction data and reductions in block size allows for greater throughput on a MW powered chain without experiencing the same trade-offs as other traditionally designed blockchains would experience.
Similar to a MW transaction, all that needs to be checked in a block is that ownership of coins have been proven and that the block did not add new supply (other than what’s allowed by the coinbase transaction). Because of this, the standard need in traditional blockchains to match inputs and outputs can be eliminated. All that needs to be checked in a MW block is that the overall sum of the inputs and outputs cancels out to zero. Eliminating this need to match inputs and outputs means less data is needed which leads to a much more compact block than blocks in a traditional chain.
This helps scalability in two ways:
- The information a node in a Mimblewimble powered blockchain needs to store is comparatively tiny; a blockchain thats a few gigabytes could be reduced to a blockchain of a few hundred megabytes (gigabyte = 1000 megabytes)
- New nodes can join very quickly and easily because only a small amount of information needs to be known by that node to be in sync with the network
What’s also interesting about adding MW to Litecoin is how it’s going to be implemented.
In 2013 a Bitcoin developer introduced a new concept for scaling Bitcoin called “auxiliary blocks”, which are now referred to as extension blocks. Although the concept has generated excitement and continued development in the Bitcoin development community, it has never been included in the Bitcoin protocol.
Extension blocks are blocks that are attached to blocks on the main chain and do not form their own chain. These blocks run parallel to the main chain, but do not have a blockheader (proof of work) and there is no coinbase transaction like in a block on the main chain. Like a sidechain, a lot of new features could be added to extension blocks. Litecoin developers have used extension blocks as the mechanism to implement MW because it allows users to opt-in to mimblewimble, and it lays the groundwork to add additional features in the future.
The motivation behind the original extension (auxiliary) blocks was to add capacity to the Bitcon blockchain while avoiding a contentious hard fork. Extension blocks provided a workaround because they could be implemented via a soft fork, which makes it backwards compatible. Backwards compatibility means old nodes, or parties who disagree with the extension blocks proposal, don’t have to upgrade to include the extension blocks. They’ll never see them, still be able to mine, and still be compatible with the network.
Litecoin node operators will be able to do the same. The network will be able to opt-in to two big changes, and if certain nodes don’t want to upgrade they absolutely don’t have to and will still be a part of the network.
Litecoin will be able to substantially increase its scalability with Mimblewimble and extension blocks as well as offer more privacy and fungibility to its users through MW. The network will have also laid the foundation for the future inclusion of other innovations via extension blocks if these improvement proposals are accepted by a large portion of the network.
We’re happy to support Litecoin users and look forward to the network’s continued development.