Bitcoin Q&A: MimbleWimble and Schnorr signatures


Next question. ‘Anonymous’ asks:
what is your opinion on MimbleWimble? First, a quick explanation for those who don’t know: MimbleWimble is a very interesting proposal that uses some particular mathematical quirks, cryptographic quirks, to create a blockchain that massively reduces the size of blocks, of transactions,
by essentially summarising a lot of information and only keeping the summaries in a way
that you can still verify everything. Everything is validatable and verifiable independently,
but you don’t need to store everything. It also massively increases privacy at the same time.
MimbleWimble is not something that you simply slap on top of Bitcoin, although there are some proposals to adapt it somehow. At the moment, it is running as a testnet,
as a blockchain of its own with its own technology. I believe the currency they’re using on that
testnet is called Grin. But I’m not sure. ‘Lazar’ asks: could you explain and go deeper into digital signature aggregation via Schnorr signatures? To what extent would their application increase Bitcoin anonymity? I’m going to try to explain this. A caveat here, this is a topic I’m not entirely versed on.
I’m going to try my best. Let’s see how it goes. Digital signature aggregation and
Schnorrr signatures are really two different things. Schnorr signatures are a particular type of digital signature. The primary advantage they have over other forms of signatures, is that they’re
shorter and smaller compared to the elliptic curve digital signature algorithm (ECDSA).
The advantage of Schnorr signatures is that they’re more compact, as far as I understand it. Digital signature aggregation, however, is another capability that Schnorr signatures can enable. What they do is allow you to essentially summarise…
I think ‘summarise’ would be the right word. ‘Aggregate’ of course is the word you used.
It’s called digital signature aggregation. But essentially you add all of the signatures together.
I use ‘add’ not in the traditional “1 + 1=2” sense. We’re talking about mathematical operations that are happening in a prime field on an elliptic curve. Nevertheless, for simplistic purposes,
you use a mathematical operation to aggregate all of the signatures in such a way that you can still validate that something has been signed, but you can’t see the individual signature for that item.
Now in the case of Bitcoin, what that does is two things: it saves a lot of space because Schnorr signatures are already more compact. Let’s say you have a transaction which has five inputs and it requires five signatures. Each input needs to be signed, so first you sign them with Schnorr signatures.
Great, now you’ve saved some space! Then you take the five signatures, aggregate them,
and produce just one signature for all five inputs. That one signature is the same compact size as each of the five signatures, so you’ve now decreased the space of the signatures by 80%,
by taking away four out of the five. You have those five signatures aggregated in the same space as one. Then imagine that transaction is some kind of joint transaction, where inputs come from many different individuals providing their own signatures. You’ve aggregated all of those. That way, although you can tell the signature is valid for all of the inputs and it properly corresponds to the public keys of those inputs, you can’t really tell who applied those signatures. As a result, it makes privacy in things like CoinJoin more secure. Again, I probably got some things wrong there. This is a topic that is still in development. The only example of this in use today is in the Elements sidechain, which is a Blockstream project. This is being developed by a whole bunch of people including Greg Maxwell, Adam Back,
and (I believe) Andrew Poelstra, but I might be mistaken. This is still the very early days, but it’s the kind of things that can be added to Bitcoin. Thanks to SegWit and script versioning, it can be added via a soft fork. It will be a way to increase the capacity of the network by compressing the data
rather than increasing the space.

25 thoughts on “Bitcoin Q&A: MimbleWimble and Schnorr signatures”

  1. MIT bitcoin club had a presentation last Tuesday, was well received as best private fast and scalAble model

  2. Thank you for shedding light on these developing improvements upon the Bitcoin blockchain. Can these two concepts be applied to ERC20 tokens?

  3. could you please explain this thing about lightning network, there seems to be a lot of criticism about how lightning network could be taken over and controlled by central authority or governments thus destroying the Essence of Bitcoin, I do not have any computers background could you explain in layman terms.
    Thank you for all your work and videos

  4. rather than increasing the… the space.
    Andreas tried really hard not to metion the forbidden words here.

    BLOCK_SIZE = 1024;

  5. AA… this may hit a spot here or there .. and Better late than never … I'm not in it for the money just for the game . I am in it to descover the systems used . Never a dull moment in the learning Phase .. a pitty that most don't understand a free concept and just have $ signs in their eyes !
    https://youtu.be/WGU_4-5RaxU

  6. re: schnorr sigs – if you want the information, best to get it from the source

    pieter wuille – Schnorr signatures for Bitcoin: challenges and opportunities – BPASE '18

    https://www.youtube.com/watch?time_continue=443&v=oTsjMz3DaLs

  7. Hi, kindly do a video on harshgraph and how people can start making systems like it which are full Byzantine fault tolerant. And can this technology eventually rival bitcoin if it's made completely open source?

  8. Bitcoin has nose dived, companies are abandoning it leaving it a ghost town and governments are outlawing it or putting strict restrictions on it. I saw this coming months ago. But your typical diehard Bitcoin evangelist will remain faithful (more like stupid) until the bitter end.

  9. hello aanbtonop ………… i need help 5 bitcoin for operation spine .. please help me 1WnxWfrdJ14trQNFo7f67dGHxpFrmdMyA

  10. Mr. Antonopoulos. As a citizen of the United States and a citizen of this world. The people need a strong backing! Its seems to me your are the go to man when it comes down to bitcoin and other applications that blockchain offers. We the people need someone like you to stand in and help educate our congressman and other world leaders that play a key roll in todays World economy. I think if some way you could get into a U.N Summit to speek about the worlds future economy. To Express how important this is and how different applications could help improve a individuals security and finances. I feel like the better investment is in the people. If governments dont give this a chance then things, like you know will get very ugly. When I watch your speeches I recognize that you have a unique way that leaves a good taste in people's mouths. Thank god for you & Thank you for doing what you do!

  11. What we need is professionals in the field of security/privacy to create a step by step process to make proven reliable technological changes in our lives and with our devices that will give us the best possible security/privacy as complete system from the ground up, including personal computer operating system, antivirus combination, ad blocker, email, which phones to use, which vpn and or tor, password manager, ways to buy store sell the most recommended cryptos etc, essentially simple standardized list of steps to take in order of practical priority that can be followed by someone new to technology from A-Z, I end up suffering ‘paralysis of analysis’ because I don’t know which options are the best, or most compatible with one another or even where to start

Leave a Reply

Your email address will not be published. Required fields are marked *