Abstract
Mimblewimble is a cryptocurrency protocol that promises to overcome notorious blockchain scalability issues and provides user privacy. For a long time its wider adoption has been hindered by the lack of non-interactive transactions, that is, payments for which only the sender needs to be online. Yu proposed a way of adding non-interactive transactions to stealth addresses to Mimblewimble, but this turned out to be flawed. Building on Yu and integrating ideas from Burkett, we give a fixed scheme and provide a rigorous security analysis strenghtening the previous security model from Eurocrypt’19. Our protocol is considered for implementation by MimbleWimbleCoin and a variant is now deployed as MimbleWimble Extension Blocks (MWEB) in Litecoin.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
An exception are recent proposals building on more speculative technology such as recursive zk-SNARKs; cf. https://minaprotocol.com/lightweight-blockchain.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
In Grin this is documented in the grin-wallet documentation: https://raw.githubusercontent.com/mimblewimble/grin-wallet/master/doc/transaction/basic-transaction-wf.png.
In Beam, this is documented in the developer documentation: https://github.com/BeamMW/beam/wiki/Cryptographic-primitives.
- 9.
- 10.
- 11.
- 12.
Note that this is unavoidable for non-interactive transactions: knowing the (sum of) the receivers’ keys is necessary to compute the excess proof \(\sigma \).
References
Bünz, B., Bootle, J., Boneh, D., Poelstra, A., Wuille, P., Maxwell, G.: Bulletproofs: short proofs for confidential transactions and more. In: IEEE S &P 2018, pp. 315–334. IEEE (2018)
Burkett, D.: Offline transactions in Mimblewimble (2020). https://gist.github.com/DavidBurkett/32e33835b03f9101666690b7d6185203
Burkett, D.: One-sided transactions in Mimblewimble (consensus layer) (2021). https://github.com/DavidBurkett/lips/blob/master/lip-0004.mediawiki
Grin Developers: Grin documentation: Intro (2020). https://github.com/mimblewimble/grin/blob/master/doc/intro.md
Grin Developers. Grin documentation: Mimblewimble (2020). https://docs.grin.mw/wiki/introduction/mimblewimble/mimblewimble/#kernel-offsets
Fuchsbauer, G., Kiltz, E., Loss, J.: The algebraic group model and its applications. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018, Part II. LNCS, vol. 10992, pp. 33–62. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-96881-0_2
Fuchsbauer, G., Orrù, M., Seurin, Y.: Aggregate cash systems: a cryptographic investigation of mimblewimble. In: Ishai, Y., Rijmen, V. (eds.) EUROCRYPT 2019, Part I. LNCS, vol. 11476, pp. 657–689. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-17653-2_22
Fuchsbauer, G., Plouviez, A., Seurin, Y.: Blind Schnorr signatures and signed ElGamal encryption in the algebraic group model. In: Canteaut, A., Ishai, Y. (eds.) EUROCRYPT 2020, Part II. LNCS, vol. 12106, pp. 63–95. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-45724-2_3
Jedusor, T.E.: Mimblewimble (2016). https://download.wpsoftware.net/bitcoin/wizardry/mimblewimble.txt
Maxwell, G.: CoinJoin: Bitcoin privacy for the real world, August 2013. BitcoinTalk post. https://bitcointalk.org/index.php?topic=279249.0
Maxwell, G.: Transaction cut-through, August 2013. BitcoinTalk post. https://bitcointalk.org/index.php?topic=281848.0
Maxwell, G.: Confidential Transactions (2015). https://people.xiph.org/~greg/confidential_values.txt
Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system (2008). http://bitcoin.org/bitcoin.pdf
Poelstra, A.: Mimblewimble (2016). https://download.wpsoftware.net/bitcoin/wizardry/mimblewimble.pdf
Pointcheval, D., Stern, J.: Security arguments for digital signatures and blind signatures. J. Cryptol. 13(3), 361–396 (2000)
Seurin, Y.: On the exact security of schnorr-type signatures in the random oracle model. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 554–571. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-29011-4_33
Todd, P.: Stealth addresses (2014). http://www.mail-archive.com/bitcoin-development@lists.sourceforge.net/msg03613.html
Bojja Venkatakrishnan, S., Fanti, G.C., Viswanath, P.: Dandelion: redesigning the bitcoin network for anonymity. CoRR, abs/1701.04439 (2017)
van Saberhagen, N.: CryptoNote v 2.0 (2013). https://cryptonote.org/whitepaper.pdf
Wagner, D.: A generalized birthday problem. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 288–304. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-45708-9_19
Yu, G.: Mimblewimble non-interactive transaction scheme. Cryptology ePrint Archive, Report 2020/1064 (2020). https://ia.cr/2020/1064
Acknowledgements
The first author is supported by the Vienna Science and Technology Fund (WWTF) through project VRG18-002. We would like to thank MWC and David Burkett for the fruitful collaboration; we are also grateful to the anonymous reviewers for their helpful comments.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 International Association for Cryptologic Research
About this paper
Cite this paper
Fuchsbauer, G., Orrù, M. (2022). Non-interactive Mimblewimble Transactions, Revisited. In: Agrawal, S., Lin, D. (eds) Advances in Cryptology – ASIACRYPT 2022. ASIACRYPT 2022. Lecture Notes in Computer Science, vol 13791. Springer, Cham. https://doi.org/10.1007/978-3-031-22963-3_24
Download citation
DOI: https://doi.org/10.1007/978-3-031-22963-3_24
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-22962-6
Online ISBN: 978-3-031-22963-3
eBook Packages: Computer ScienceComputer Science (R0)