Paper 2022/265

Non-interactive Mimblewimble transactions, revisited

Georg Fuchsbauer, TU Wien
Michele Orrù, University of California, Berkeley

Mimblewimble is a cryptocurrency protocol that promises to overcome notorious blockchain scalability issues and provides user privacy. For a long time its wider adoption has been hindered by the lack of non-interactive transactions, that is, payments for which only the sender needs to be online. Yu proposed a way of adding non-interactive transactions to stealth addresses to Mimblewimble, but this turned out to be flawed. Building on Yu and integrating ideas from Burkett, we give a fixed scheme and provide a rigorous security analysis strenghtening the previous security model from Eurocrypt'19. Our protocol is considered for implementation by MimbleWimbleCoin and a variant is now deployed as MimbleWimble Extension Blocks (MWEB) in Litecoin.

Note: Full version for AC'22 proceedings.

Available format(s)
Cryptographic protocols
Publication info
A minor revision of an IACR publication in ASIACRYPT 2022
cryptographic protocols e-cash mimblewimble
Contact author(s)
georg fuchsbauer @ tuwien ac at
michele orru @ berkeley edu
2022-09-23: last of 3 revisions
2022-03-02: received
See all versions
Short URL
Creative Commons Attribution


      author = {Georg Fuchsbauer and Michele Orrù},
      title = {Non-interactive Mimblewimble transactions, revisited},
      howpublished = {Cryptology ePrint Archive, Paper 2022/265},
      year = {2022},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.