A more technical infographic about Mimblewimble, a protocol looking to increase anonymity without making a trade-off with scaling.

## Mim-bull-wim-bull

A 3 part infographic explaining Mimblewimble.

### Understanding how a bitcoin transaction works

To understand the protocol, it is important to get a basic understanding of how a bitcoin transaction works. Bitcoins aren’t sent from wallet to wallet, but from transaction to transaction. When sending a transaction to someone you add your UTXO’s (Unspent Transaction Outputs) together to come up with the amount you want to send. This is called an input to a transaction. This input can then be used by the receiver as a new UTXO.

### Bitcoin isn’t anonymous

Bitcoin isn’t anonymous because it spills three secrets The senders address, the receiver address and the amount of bitcoin sent. It spill these for 2 reasons:

**To verify the amount sent = the amount received;**

The amounts are public so the network can verify no money vanished and none was created if the amount sent = the amount received.

**To verify the transaction is sent by the holder of the private key.**

The private key is basically a whole number chosen at random, like a giant password. A public key is the product of a private key and a big number on an elliptic curve. Everyone can verify the public key was originally produced from the private key (and the hash) without needing to know the private key. A public key can be calculated from a private key, but not vice versa because multiplication is easy, reversing it is difficult.

### Mimblewimble is truly anonymous

Mimblewimble fulfills the 2 requirements without spilling the three secrets. It verifies the amount sent = the amount received without disclosing the amount in public. This is done by using a derivation of Confidential Transactions (CT). With CT in bitcoin the inputs and outputs gets multiplied with a big number on an elliptic curve to hide the value but in Mimblewimble it’s a bit different. The protocol still multiplies the value with an elliptic curve point, but it also adds a private key (used as a blinding factor) which is multiplied by another elliptic curve point. This is called a Pederson commitment. This is only valid if the blinding factors for the inputs are the same as for the output. But the sender and receiver have to generate a different blinding key, otherwise the sender would know the receivers blinding factor and could spend his UTXO’s. This way the transaction no longer sums to zero and we have an excess value, which is the result of the summation of both blinding factors. Both the sender and the receiver then use this excess value to create a multi-signature to prove they collectively know this value (They don’t know this value seperately) and to prove the sum of the transaction outputs, minus the inputs, sum to a zero value. If you know the blinding factor for a given output, you can spend it. If you know the blinding factor for the input in the transaction, you can prove you own the inputs used in the transaction, without sharing the private keys.

### Mimblewimble enhances scalability

This method combines various transactions into one big transaction. A block only exists of new inputs, unspent outputs and excess values. It not only combines transactions but also cancels out inputs and outputs. Every single input can disappear (because it comes from an old output) aswell as every spent output. Someone observing the blockchain no longer knows which outputs belong to who and over time it doesn’t have to grow but it can actually shrink if more coins are stored in fewer outputs.