Major upgrade to MWC MQ (MWC Message Queue) released today - Privacy Enhancement

Chris Dev

August 29, 2019

We are happy to announce today that with the latest release of mwc713 (our command line wallet, which is also the backend to our desktop wallet), we will support a new version of mwcmq that is much more secure than the previous one. The original version of mwcmq was forked from a grin wallet. But before we get into the specifics, I wanted to cover a little background and explain why this upgrade is so important.

As many are aware, one of the distinguishing features of Mimblewimble is that it has no addresses and no amounts. This is why it is very private. There's really no way to track how much was sent or who it was sent to, even if the user doesn't take any precautions. But lack of addresses has it's downsides as well. How do you send funds to someone without an address? Well, that's the question that Grin wallets have been grappling with since its launch. Initially, the grin full node wallet, supported file based transfers that required users to download and transfer files from sender to receiver and back to sender again. This process was difficult so the grin wallet also supported http/https transfers. The problem with this was that most users can't host a webserver as they are on a home network and have no way to allow others to connect to them. Even if it were possible, it would be a security risk to open up firewalls and allow connections onto desktop computers.

With all this going on, a project called "Vault713" (after the famous vault in the Harry Potter novels) was created to make a wallet called wallet713 that supported a backend called "Grinbox". Grinbox is a message queue and basically allows users to connect to public servers and transfer mimblewimble files back and forth automatically. No special internet connection is needed and everything is done for the user automatically. It also gives the user an address that can be used to receive payments. The only people who are aware of this address are the sender and receiver though and it's not stored in the Mimblewimble blockchain, as it would be with Bitcoin. So, this is a great idea and it quickly became one of the hottest wallets in the Grin space. Back in February, when we were starting out, we decided to fork the wallet713 wallet and create what we call "mwc713". This is the core wallet that is used in the backend of the MWC GUI wallet.

At the time we forked walelt713 and grinbox, there was still no Windows support. We knew they were working on it so we thought we would eventually get it. Otherwise, we would implement it ourselves. As it turned out, they did add Windows support a few months back, but with one major deficiency. The Windows support for wallet713 does not allow for connecting to the message queue service via SSL. This means that anyone who is on the network can snoop on the traffic and see which addresses are sending and receiving payments. While the contents of the messages are still encrypted, anyone on the network would be able to see the addresses in clear text. The bug only affects Windows, but if you are on Mac or Linux and you send to someone that is on Windows, you lose privacy as well. Since we estimate about 75% of our users are on Windows, it essentially means very few transactions would actually be encrypted.

We assumed that this was temporary, but since there have been no checkins to the wallet713 repository for a month and a half it seems that wallet713 might stay in this state indefinitely. Since one of the major selling points of Mimblewimble is the added privacy we thought we needed to fix this problem. Unfortunately, the fix was not easy because the websocket library that wallet713 was using was the underlying problem. We had to shift to writing our own SSL connections to implement what we are now calling mwcmq(s) or secure mwcmq. We also had to write a new backend. In the process we simplified a lot of things and believe we will also improve user experience with these upgrades. As an example, another issue with Grinbox is that when you send a transaction, there is no indication as to whether the recipient received the transaction or not. We added a "lastSeen" message that indicates whether the address that is to receive the transaction has been connected recently. If the user has not been seen in the last couple of minutes, a warning is reported to the user. All of these features will find their way into our GUI wallet and improve the user experience over time and we will continue to actively develop mwcmqs and mwc713 to add both privacy and usability features.

While we're talking about all this, one might ask: isn't mwcmqs (and Grinbox for that matter) a centralized service? Yes it is, but all it can see are the addresses in the transaction. Those addresses can be changed on every transaction to hide who's transacting with whom. In addition, anyone can run an mwcmqs server so if others want to run it separately that's certainly possible. All the code is released open source. Shortly, we will be implementing federation so that if you are connected to server A and want to send funds to someone connected to server B, that will be possible without actually connecting to server B as well. As with everything there are tradeoffs and mwcmqs is no exception. When privacy is of the utmost importance we still recommend using file based transfer, but mwmqs is very convenient and still very private and we think it will be very popular.

While we don't have an exact timeline for getting all these features into the GUI wallet, we hope to have it there by mainnet launch in early November, but if not it will be implemented shortly there after.

The release of mwc713 can be found here:

Documentation on the new mwcmqs address feature is here: