Litecoin Core Developers Investigating MimbleWimble and Extension Blocks Technologies.

Just a week after the announcement that the Litecoin Core team would be implementing Confidential Transactions, they have now indicated their interest in another privacy and scalability solution; MimbleWimble (MW). MW has recently gained greater market interest and been pushed to the forefront with its first real world implementation in Beam and Grin.

MW, a proposal named after a curse from the Harry Potter universe, was created by an individual using a pseudonym from the same series, Tom Elvis Jedusor (Tom Riddle in French) was originally published on 19 July, 2016.

Litecoin Creator, Charlie Lee had previously mentioned in various conversations his interest and hesitation with MW but had hoped that the community would adopt the change if it proved to be a worthwhile upgrade to the network. With the release of the first MW coins, Grin and Beam, we now have a working version in the wild on which to further assess the technology. The Core Development team lead by Adrian Gallagher have initiated talks with ‘Guy Corem’ and the Beam team about MW, Extension blocks and potentially integrating the tech into Litecoin.

We have started exploration towards adding privacy and fungibility to Litecoin by allowing on-chain conversion of regular LTC into a Mimblewimble variant of LTC and vice versa. Upon such conversion, it will be possible to transact with Mimblewimble LTC in complete confidentiality.
It is our joint intention to publish any and all the work done as part of the project under a permissive open source license to let the community benefit from it.

What is MimbleWimble?

MW is partially a variant on Confidential Transactions where the value sent over the network is obfuscated yet verifiable as the inputs and outputs retain addition as a property. Those outside arent able to seem the amounts involved but can be sure the transaction is valid and that the particiapant are not attempting to spend coins which are not available.
MW in a similar vein uses blinding where the receiver of the transaction selects a random blinding factor from the sender, this factor is then used as proof of ownership allowing them to spend the coins.

MW also makes use of another idea from a proposal called CoinJoin where multiple parties combine their coins into single a transaction, making it harder to know which input was intended for the corresponding outputs. It goes one step further by effectively compressing all transactions into a single large transaction within a block, this provides greater privacy to the routing of coins and also increases the amount of transaction we can fit into a block, as less data is required than if these were all done separately.

CoinJoin has existed for a while, however, the main reason there has not been more uptake is because it’s not enforced and with low participation it takes significantly longer for enough people to join a transaction.

While this sounds great it’s best to remember this technology is still very new and has not been robustly tested so there may be unforeseen issues along side concerns around threats from quantum computing and the soundness of coins using MW. Beam has taken steps to reduce this however, using switch commitments to alleviate any potential fallout if the worst were to happen.

(the ability) to switch existing commitments, e.g., recorded in the blockchain, from computational bindingness to statistical bindingness if doubts in the underlying hardness assumption arise. This switch trades off efficiency for security.
-Tim Ruffing and Giulio Malavolta (Switch Commitments:
A Safety Switch for Confidential Transaction)

Extension Blocks

Extension Blocks (Auxiliary Blocks) (EB) were first proposed by Bitcoin Developer Johnson Lau is 2013. EB aimed to provide an effective blocksize / capacity increase to the network and allow room for further growth via further soft forking meaning no network split. It was also opt in meaning users would not be forced to used EB if they did not want to.

An Extension Block is created for each block on the blockchain and looks just like a regular block but without a header. The Merkle Root from the EB would be included in the coinbase of the main block, linking them together.

All upgraded nodes will check whether the bitcoins are correctly transferred from the main chain to the aux chain
People can transfer aux chain bitcoins like in the main chain. Miners can also collect fee in the aux chain using the same mechanism as the main chain. The only difference is there is no generation bonus in aux chain.
- Johnson Lau

A concern with EB is that it is not backwards compatible, a majority of nodes would need to upgrade to the new system or as in the word of Lau:

Since old nodes will not see the aux block, the aux block could be indefinitely big.
 The OP_AUX outputs look like anyone-can-redeem so old nodes won’t complaint.