GrinCon0 — An enchanting night of magic, algorithms, and cryptoanarchy

Last night in Berlin, Harry Potter presented his magical cryptocurrency Grin founded on privacy, anonymity, fungibility and the MimbleWimble spell

If you don’t know about Grin already you can read an intro article.

Grin logo compliments of https://github.com/mimblewimble/docs/wiki/Nomenclature-BS

Last night was the first ever conference on Grin and MimbleWimble hosted at c-base in Berlin. I first learned about Grin a couple weeks ago at IDEO CoLab in San Fransisco. After a couple hours of research, reading, and setting up a testnet node I was in love with the MimbleWimble vision and bought my tickets the next day to attend GrinCon0. I was drawn to how deeply committed the community is to the original Bitcoin values (to help liberate personal freedom in society, not be a store of value!), how experimental their tech is at every level of the stack, and their holistic intentions focusing on society as a whole not just technical minutia.

Before going into the conference I want to shout out c-base for being one of the dopest buildings I’ve ever been to. It is one of the first hackerspaces in the world and the entire building is retro-fitted to be a crashed spaceship. The mission of all c-base members is to help the ship fly again and explore space. There is a bioscanner in the entrance that makes sure you don’t have bionic implants, a crashed satellite sits in the basement running an IPFS node, signs warning about aliens are all over and in case of emergency there are mock sci-fi guns along the walls to protect yourself. And they have a bar inside the workspace next to some arcades with sensors around the building showing how active the bar is.

Now back to Grin

GrinCon0 Recap

You can view the full lineup and talks and watch the livestreams at GrinCon.org

I was an hour or two late to the event so this is an incomplete summary but I did my best. The conference was from 5pm-10pm on a Friday night which is a great gatekeeping mechanism for the shillers and investors 😂. As I mentioned the vibe in the place was great and it was surprisingly packed, maybe 50–80 people in total. There were great talks by the founders and core devs of Grin with some demos of community projects like alpha-stage mobile wallets. I’ll give a quick recap of the three Grin specific talks of the night — the Cuckoo cycle proof of work algorithm, Dandelion transaction aggregation + obfuscation, and general usability of Grin including wallets.

Cuckoo Cycles

Cuckoo seemed to be the biggest interest of everyone at the event. The Cuckoo PoW algorithm design is focused on mandatory random memory access, minimal computation per memory access, and time-memory trade offs. They also hope to make it ASIC friendly. Cuckoo mining is made up of a few different parts — cuckoo hashtables, cuckoo cycles, graph trimming, and dynamic graph sizing for difficulty.

In a very simplified explanation the algorithm is essentially looking for a path through a maze to receive it’s reward. A bit more technical explanation is cuckoo-cycles are an edge-set for a cuckoo hashtable graph where the directed edges eventually come back to the initial index where the path search began. Computing this edge set is the “work” being put into the system. In the Grin implementation of Cuckoo they use 42 cycles for a number of reasons. For an in-depth description of the algo you can review the code or read the whitepaper.

P.S. Cuckoo has been proposed for Bitcoin as well

Dandelion

Even though MW is designed to prune and obfuscate transactions one can still trace which inputs are transformed to which outputs reconstructing the transaction graph. This is easy enough using an archival node that records all transactions as they propagate through the network.

The purpose of Dandelion is to (A) aggregate transactions to prevent tracing the original senders IP and (B) remove transaction inputs and outputs before being broadcast to the network which prevents backlinks and tracking.

(A)The first goal of Dandelion is achieved in two steps:

1. Stemming— Each node sends the transaction to exactly one randomly selected peer on the network

2. Fluffing — The transaction is propagated across the network and sent to all peers

All transactions start by stemming and each node decides to continue stemming or switch to fluffing. This reduces the chance that an archival node will receive the first relay stem protecting the original IP behind the relayers.

(B) MimbleWimble’s transaction offset, which cancels out inputs and outputs in a group of transactions with basic arithmetic allows us to inexorably remove and mix them. This means if you did find the origin of a transaction it would be impossible to determine which inputs and outputs it contained. This is how backlinking and identifying members of the network over time through reconstructing the transaction graph is prevented. This is automatically done in between blocks in MimbleWimble, Dandelion achieves this before that data is even accessible to other miners and put on the blockchain.

Dandelion presentation, README, PR into Grin

Wallets and Usability

Because Grin is a p2p system and there are no addresses to ship money over the network to all transactions are “interactive”. This means that both you and I have to send a transaction back and forth to each other confirming the amounts and signing it before we eventually commit the transaction to the blockchain. This also means transactions can be made offline or async!

There are a lot of UX considerations when instead of a 1 step process of me signing a transaction which gets sent to your address as in Bitcoin, Grin has an N + 1 step process where N is the amount of people involved in the transaction. If four of us go out to dinner and we all want to pay the bill together each one of us would have to sign the transaction (plus the restaurant to receive the coins) and an extra step once we have all signed to send it to the blockchain.

Although this is slightly more complicated there are some benefits as well. Each of us is capable of independently sending and receiving coins in one step with multiple payouts in one transaction. I might owe you $10 for the Uber over and your bill is $15, I could simply pay an extra 10 and you only pay 5 or if we wanted to I can pay my dinner, pay you 10, and you can pay the full price of your dinner without anyone else in the transaction needing to know that was taking place or affecting how they sign the transaction. How you manage this pipeline, or if you work around it somehow, is a big challenge for Grin compared to other blockchains that have notoriously terrible UX already. And this is just one example of different design patterns required for Grin.

Conclusion

Grin and MimbleWimble are working on amazing pieces of tech which personally, as an anarchist, reignite my passions for joining blockchain. There has been a lot of progress and growth for the project in the past year and there are a lot of updates coming soon to Grin and MimbleWimble. Most importantly Grin is about to launch to mainnet, a full security audit is underway, and the wallet is getting a much needed update. To stay up to date you can signup for the Grin Newsletter.

P.S. Grin has some of the best swag I’ve ever seen.

Resources

The Myth of MimbleWimble — As told by Andrew Poelstra

MW + Grin Intro

Grin repo — They are actively looking for contributors!!!

MimbleWimble Whitepaper V1.0

MimbleWimble Whitepaper V2.0

Cuckoo Cycle PoW Algorithm