Is Mimblewimble auditable?

Chris Dev

June 29, 2019

I was watching Adam Meister's show from yesterday and the topic of privacy in the base layer came up. Bitcoin Benny was asked if he thought privacy should be implemented in the base layer or the second or third layers. Here is his answer:

Before I respond, I want to say that BTC Benny is someone in the space I respect. He follows me on twitter and we have interacted positively before, but just have to respond to this because I don't think he understands how privacy would be implemented in the base layer of Bitcoin. He brings up zcash, which is a strawman argument because anyone who is talking about implementing privacy in the base layer that has any credibility is talking about Mimblewimble.

So his claim is that "as soon as you get the obfuscation of what's there in the base layer, you lose auditability." I guess it depends on what he means by "obfuscation of what's there in the base layer", but if he's talking about Mimblewimble, he's absolutely wrong. He mentioned Zcash later which is a strawman argument because Zcash used highly controversial cryptography that uses COMPLETELY different cryptographic assumptions than Bitcoin, but Mimblewimble, as implemented in MWC, uses the exact same cryptographic assumptions as Bitcoin (ECDSA and Bulletproofs which also use the logarithmic cryptographic assumption). So, the idea that Mimblewimble is not auditable is nonsense. Basically, if you don't trust the auditability of Mimblewimble as implemented in MWC (and grin and beam for that matter), you should not use Bitcoin. If one breaks so will the other. The consequences of a break in Bitcoin would mean that anyone could spend any Bitcoin for which they know the public key. Since an addresses public key is revealed with every transaction, this would completely break Bitcoin and make it unusable on every level. So, to be fair, this is a valid concern, but if the crypto used in Mimblewimble is your concern, you should not use Bitcoin at all either. Maybe use gold instead?

But, on the contrary, Mimblewimble is totally auditable. Every full node audits the entire blockchain on every block just like Bitcoin. Could there potentially be a bug? Sure, but there could also be a bug in the current implementation of Bitcoin as well, in fact there's very real concerns that there is one possible right now. The key to all these things is that there must be a lot of eyes looking at the code and that's why having an exploitable inflation bug in Bitcoin is much less likely than in other blockchains because it has the most eyes on it and because it has the most value. But that is not an argument against Bitcoin implementing the best technology in its base layer.

This is also a reason why I, and others are advocating using testnets to first implement Mimblewimble. That's a big part of what MWC is all about. It is completely infeasible to implement Mimblewimble in Bitcoin right now because it's not ready. In a large part because there could be some hidden, unknown inflation bug that we have yet to discover. After 5 - 10 years of testing in testnets though, it will be battle tested enough to implement.

As a reminder the registration for MWC will be open until July 19, 2019. We are giving away 6 million of the 20 million MWC that will ever exist proportionally to Bitcoin holders who register. No limit, no first come first serve. Click the airdrop link at the top of the page to register now.