Grin: a lightweight implementation of the MimbleWimble protocol

Currently, many Bitcoin protocol implementations are under development, which will bring many improvements to the end user, in the future.

We have already talked about these new implementations and improvements in a previous article.

In this article we will talk more specifically about the MimbleWimble and Grin, a project which implements it.

MimbleWimble s gaining more and more notoriety among the various possible implementations to improve Bitcoin technology.

First MimbleWimble whitepaper was posted by a user named Tom Elvis Jedusor (French name of Voldemort of the Harry Potter book series by J.K. Rowling) on a bitcoin search channel on July 2016. The title “Mimblewimble” is a curse used in the Deathly Hallows.

At the end of 2016 a user named Ignotus Peverell (original owner of the invisibility cloak, in the Harry Potter characters) started a Github project called Grin, by finally managing to turn the MimbleWimble whitepaper into something real.

The main improvements that Mimblewimble wants to implement on the Bitcoin protocol are: privacy, freedom of choice, democratic access, functionality and sustainable growth over time.


Grin will be based on the privacy, giving it full feasibility of use. It will scale to the increase number of users without focus on number of transactions, with a consequent incredible scalability. All these features will be managed by a simple and streamlined structure. A simple system design will make verification and maintenance over time easier.

Greg Maxwell (source: CoinDesk)

It is the MimbleWimble Rust implementation. First, it was designed as a BTC soft fork, but we can imagine how difficult it would be to start its blockchain. It is inspired by Greg Maxwell’s (bitcoin core dev) confidential transaction.

In the context of mining, the most interesting part of Grin is Cuckoo Cycle Proof-of-Work algorithm.

Cuckoo Cycle is completely ASIC resistant, making it perfect for mining with GPU. This particular algorithm manages to be resistant to ASICs mainly through memory intensity. Using an ASIC-resistant algorithm, Grin developers hope to encourage mining decentralization.


  • Privacy as the project’s foundation. Everything is developed around it. This allows complete functionality without precluding the possibility to selective disclose information as necessary.
  • Scale number of transactions, keeping only a kernel of ~ 100 bytes for historical transactions, with significant space savings compared to other blockchains.
  • Strong and proven cryptography. MimbleWimble is based only on elliptic curve cryptography, and has been tested for decades.
  • Simplicity of design which simplifies verification and maintenance over time. Community-driven, using an ASIC-resistant mining algorithm (Cuckoo Cycle) that encourages decentralized mining.


There are 3 main properties of Grin transactions that make it secure and anonymous.

There are no addresses. There are no amounts. Transactions within the block will not be recognizable, unless you have participated directly in the transaction, all inputs and outputs seem pieces of random data. Furthermore, there are no more transactions in a block. A Grin block looks like a giant transaction and all the original associations between input and output are lost and mixed with others.


As explained in the previous section, thanks to the transaction and the Mimblewimble block format we can merge transactions when one output is spent directly from the input of another.

It’s like if Alice gives money to Bob, and then Bob gives everything to Carol, Bob has never been involved and his transaction is never even seen on the blockchain.

Between the blocks, most of the output ends up being spent sooner or later by another input. So all outputs can be safely removed. And, the whole blockchain can be archived, downloaded and fully verified in a few gigabytes or less (assuming number of transactions similar to bitcoin).

This means that Grin blockchain scales with number of users (unspent output), not on number of transactions. At the moment, there is a warning: a small piece of data (called kernel, over 100 bytes) needs to be around of every transaction. But they are working to optimize it.


With this information above, we understand that the technology behind this project is very interesting. If developed properly, it can replace many other privacies based coins, being much more scalable, light and fast, without forgetting the importance of having a more decentralized mining process thanks to the use of GPUs.


This article was originally written in Italian by Mattia Franzoni and translated in English by Stefania Stimolo for NovaMining.