No silver bullets
Tari Protocol Community Update - February 28th, 2020
There is no privacy silver bullet.
In many video games, the right cheat code can make you invincible at no cost. Unfortunately, privacy has no such cheat codes. When designing privacy-centric protocols, tradeoffs are unavoidable. Critical privacy features can materially impact scalability, ease of use, and other factors.
Mimblewimble: the tradeoffs of interactivity
Mimblewimble is a unique, scalable blockchain construction that has meaningful privacy benefits. A properly architected Mimblewimble implementation ensures that no external observer can ever identify the sender, receiver, or value of a transaction on the Tari network.
A well-known limitation with typical Mimblewimble implementations is a requirement for interactivity, which means that for two users to transact on the protocol, the sender and the receiver first need to send each other key pieces of data out-of-band. In other Mimblewimble implementations, this data could be exchanged via email, instant messaging apps like Signal, or even carrier pigeon. These hurdles required for each transaction make for a complicated and confusing end user experience that has led to limited adoption of Mimblewimble protocols thus far.
For the Tari protocol to be useful, it needs to be easy to use, so this tradeoff required the Tari community to invest in figuring out a way to remove this burden for end users. We had to build a native, unified peer-to-peer comms layer that operates behind the scenes and obscures all the interactivity from end users.
With regards to security, interactivity is problematic for cold storage and renders multi-signature transactions complex and nontrivial.
On the flipside, interactivity allows a receiver to know that they are getting inbound coins and to see their exact balance at all times. By contrast, in other privacy-oriented protocols such as Zcash or Monero, the receiver has to dynamically scan the blockchain to detect inbound funds. This process tends to be computationally intensive, scales linearly with the blockchain size, and in practice, can deanonymize users.
Want to learn more about Mimblewimble?
Ask how cut-through doesn’t provide privacy benefits or how more transactions per block increases the anonymity set on our Reddit.
Confidential Assets (technical)