Cryptology ePrint Archive: Report 2020/1064

Mimblewimble Non-Interactive Transaction Scheme

Gary Yu

Abstract: I describe a non-interactive transaction scheme for Mimblewimble protocol, so as to overcome the usability issue of the Mimblewimble wallet. With the Diffie–Hellman, we can use an Ephemeral Key shared between the sender and the receiver, a public nonce R is added to the output for that, removing the interactive cooperation procedure. And an additional one-time public key P' is used to lock the output to make it only spendable for the receiver, i.e. the owner of P'. The new data R and P' can be committed into the bulletproof to avoid the miner’s modification. Furtherly, to keep Mimblewimble privacy character, the Stealth Address is used in this new transaction scheme. All the cost of these new features is 66-bytes additional data (the public nonce R and the one-time public key P') in each output, and 64-bytes additional signature data in each input. That is about 12% payload size increasing in a typical single input double outputs Mimblewimble transaction.

Category / Keywords: public-key cryptography / Mimblewimble, Stealth address, Bitcoin, Grin, Confidential transaction, Privacy

Date: received 2 Sep 2020

Contact author: gary yu at gotts tech

Available format(s): PDF | BibTeX Citation

Note: Initial version of mimblewimble non-interactive transaction scheme design.

Version: 20200903:082857 (All versions of this report)

Short URL: ia.cr/2020/1064


[ Cryptology ePrint archive ]