Next question. ‘Anonymous’ asks:
what is your opinion on MimbleWimble? First, a quick explanation for those who don’t know: MimbleWimble is a very interesting proposal that uses some particular mathematical quirks, cryptographic quirks, to create a blockchain that massively reduces the size of blocks, of transactions,
by essentially summarising a lot of information and only keeping the summaries in a way
that you can still verify everything. Everything is validatable and verifiable independently,
but you don’t need to store everything. It also massively increases privacy at the same time.
MimbleWimble is not something that you simply slap on top of Bitcoin, although there are some proposals to adapt it somehow. At the moment, it is running as a testnet,
as a blockchain of its own with its own technology. I believe the currency they’re using on that
testnet is called Grin. But I’m not sure. ‘Lazar’ asks: could you explain and go deeper into digital signature aggregation via Schnorr signatures? To what extent would their application increase Bitcoin anonymity? I’m going to try to explain this. A caveat here, this is a topic I’m not entirely versed on.
I’m going to try my best. Let’s see how it goes. Digital signature aggregation and
Schnorrr signatures are really two different things. Schnorr signatures are a particular type of digital signature. The primary advantage they have over other forms of signatures, is that they’re
shorter and smaller compared to the elliptic curve digital signature algorithm (ECDSA).
The advantage of Schnorr signatures is that they’re more compact, as far as I understand it. Digital signature aggregation, however, is another capability that Schnorr signatures can enable. What they do is allow you to essentially summarise…
I think ‘summarise’ would be the right word. ‘Aggregate’ of course is the word you used.
It’s called digital signature aggregation. But essentially you add all of the signatures together.
I use ‘add’ not in the traditional “1 + 1=2” sense. We’re talking about mathematical operations that are happening in a prime field on an elliptic curve. Nevertheless, for simplistic purposes,
you use a mathematical operation to aggregate all of the signatures in such a way that you can still validate that something has been signed, but you can’t see the individual signature for that item.
Now in the case of Bitcoin, what that does is two things: it saves a lot of space because Schnorr signatures are already more compact. Let’s say you have a transaction which has five inputs and it requires five signatures. Each input needs to be signed, so first you sign them with Schnorr signatures.
Great, now you’ve saved some space! Then you take the five signatures, aggregate them,
and produce just one signature for all five inputs. That one signature is the same compact size as each of the five signatures, so you’ve now decreased the space of the signatures by 80%,
by taking away four out of the five. You have those five signatures aggregated in the same space as one. Then imagine that transaction is some kind of joint transaction, where inputs come from many different individuals providing their own signatures. You’ve aggregated all of those. That way, although you can tell the signature is valid for all of the inputs and it properly corresponds to the public keys of those inputs, you can’t really tell who applied those signatures. As a result, it makes privacy in things like CoinJoin more secure. Again, I probably got some things wrong there. This is a topic that is still in development. The only example of this in use today is in the Elements sidechain, which is a Blockstream project. This is being developed by a whole bunch of people including Greg Maxwell, Adam Back,
and (I believe) Andrew Poelstra, but I might be mistaken. This is still the very early days, but it’s the kind of things that can be added to Bitcoin. Thanks to SegWit and script versioning, it can be added via a soft fork. It will be a way to increase the capacity of the network by compressing the data
rather than increasing the space.