
Grin – A private and lightweight mimblewimble blockchain - grincoin
https://grin-tech.org/
======
jmfayard
Does Grin do something concrete and useful?

I ask this question because someone on HN reminded me of this great 2001
article from Joel "Nostramdamus" Spolsky on Blockchain Astronauts:

> Don't let Architecture Astronauts Scare You
> [https://www.joelonsoftware.com/2001/04/21/dont-let-
> architect...](https://www.joelonsoftware.com/2001/04/21/dont-let-
> architecture-astronauts-scare-you/)

> When you go too far up, abstraction-wise, you run out of oxygen. Sometimes
> smart thinkers just don’t know when to stop, and they create these absurd,
> all-encompassing, high-level pictures of the universe that are all good and
> fine, but don’t actually mean anything at all.

> These are the people I call Architecture Astronauts

> The Architecture Astronauts will say things like: “Can you imagine a program
> like Napster where you can download anything, not just songs?” Then they’ll
> build applications like Groove that they think are more general than
> Napster, but which seem to have neglected that wee little feature that lets
> you type the name of a song and then listen to it — the feature we wanted in
> the first place. Talk about missing the point. If Napster wasn’t peer-to-
> peer but it did let you type the name of a song and then listen to it, it
> would have been just as popular.

What's the equivalent for Grin of "that wee little feature that lets you type
the name of a song and then listen to it" ?

~~~
rdl
The product is anonymous/private payments at a distance, without a central
trusted party — ie the holy grail of the cypherpunks, although grin only
approaches this ideal.

The reason Napster made more sense than a single central server is that what
it was doing was explicitly violating copyright law. At the time, there was no
real possibility of licensing music for distribution online, even in a pay per
song model. The only reason RIAA/etc caved and allowed both download services
and streaming services was the success of early private services.

This is like questioning why Silk Road needed all the infrastructure when you
could just list your illegal drugs for sale on eBay.

~~~
yholio
I think it's incredibly naive to believe that the main problem of
cryptocurrency today is the lack of privacy. The ease of which you can launder
crypto is the main obstacle against it's widespread integration into the
financial system. Sure, a Bitcoin transaction might leak an address, an amount
or an IP. So what? Coupling Tor with a trusted coin tumbler, any serious
criminal can hide his tracks, so if cryptocurrency is to become just as good
as "money in the bank", then he is home free. Grin proposes to optimize that
further and provide similar levels of anonymity to average users who don't
really ask for it - talk about missing the point.

The wholly grail of cryptocurrency today is not optimizing anonymity but
gaining legitimacy and working as a payment system parallel to national
currencies while complying with the complex regulations around KYC and
criminal and terrorist financing. These are vigorously enforced in any first
world nation, for sound, historic reasons.

The wholly grail is to opt out of government surveillance while maintaining
social responsibility and capacity to root out bad actors. This will probably
require a mixed, technological, institutional and regulatory response if it is
ever to be realized.

Abstracting the real world away and hiding in your little cryptographic
fantasy governed only by math and not people will leave you with speculative
playmoney in the best case and a dangerous can of worms in the worst.

~~~
koheripbal
> gaining legitimacy and working as a payment system parallel to national
> currencies while complying with the complex regulations

This is an _impossible_ requirement. Every country has different, subjective,
fluctuating, and often vague regulatory requirements. Not decentralized
platform could ever comply.

The reason crypto hasn't taken hold is simply that it doesn't scale. When
enough people use it, the system grinds to a halt. Newer cryptos, like Monero
have made some big steps recently, but there's still a long long long way to
go for scalability.

~~~
yholio
> This is an impossible requirement. Every country has different, subjective,
> fluctuating, and often vague regulatory requirements. Not decentralized
> platform could ever comply.

We first need to acknowledge the need to comply with the spirit of these
regulations and allow some features that national operators can build on to
create legal solutions.

There is a commonality here and there is a international convergence towards
similar regulations. Sure, some countries with particular draconian
legislation could still reject crypto, but there could exist a workable
compromise in most other countries.

I reject this idea that we need to go Full Monty: from one end of the spectrum
(no privacy, complete state control over money and banks) to the other end,
financial anarchy.

~~~
creeble
You may reject the idea, but I don't see how it can be anything _other_ than
what you describe as "financial anarchy".

You either trust national governments and their KYC and AML laws, or you trust
the crypto network and _its_ governance. That is the whole point, as stated by
Satoshi.

If your crypto complies with some least- or greatest-common-denominator of
government laws (as they apply to their national currencies), then what is the
point?

~~~
yholio
The point was not that cryptocurrencies should be state run, rather that the
social values embedded in their algorithmic regulation should respect a wider
set of social values and accommodate applications that can comply with typical
national legislation resulting from those values. See your brother comment for
an alternate perspective, cryptocurrency already embed regulatory frameworks
that reflect social values, for example, the need to control inflation or the
need for financial privacy.

If the decentralized governance rejects on principle that money laundry is a
social problem, then society through it's various forms of governance might
reject the currency, just as it would reject say, a hyperinflationary
currency.

This is what I mean to say by "going full-crypto-Monty": there is a strong
tendency in the community to reject some important social values without
debate and to try to enforce a political perspective on how society should
work by circumventing the legitimate venue where these political debates are
fought. The more the problem is asserted, the more crypto people double-down
on their utopian narrative and invent new technical measures to circumvent any
social control, such as this here.

~~~
creeble
I respect your position that "going full-crypto-Monty" may cause a crypto
currency to be rejected by a society that values some rules, like anti-money-
laundering.

But crypto currencies were borne out of a distrust for banks and government
money policy, like inflation.

In my view, the fallacy was/is that by putting trust "in the network", these
policies could be avoided, not duplicated. But that's impossible: crypto
currencies merely shift trust to the network operators (who, for financial
gain, become increasingly consolidated), and to the maintainers of the code,
who ultimately determine the rules.

Maybe the point is that with a diversity of currencies, there is a diversity
of policy choice. But that only increases the exchange problem, which defeats
the purpose of a currency (that is, being widely accepted).

~~~
epicwg
Aside from playing with consensus algorithms to get the hash from GPUs rather
than FPGA/ASIC, can you point me to innovative thinking in this area?

Which projects (or, rather, their communities) are doing the most interesting
stuff around achieving widespread distribution? I agree with you that this is
essential for any crypto to truly become viable as money. If Bitcoin has won
the store of value battle at least for now, then that leaves the medium of
exchange game wide open and it won't be ABC/SV.

------
owenversteeg
Oh, this is fantastically cool. This is what cryptos should be. Real
anonymity, no greed, no speculation, just good math. I love it.

That said, the "no amounts" thing is very confusing. Do they mean to say that
the amounts aren't public? Because as far as I can tell, there definitely
_are_ amounts. From the repo: "The block reward is currently set at 60 grin"
\- that's an amount, right? Someone's account is credited with 60 grin. I can
then send 20 of those 60 grin to someone else, who can send them on and so on.

Furthermore, the look-forward to quantum computing is great, and not common
enough in new projects.

~~~
flafla2
From their "Grin for Bitcoiners" article [0]:

    
    
        There are 3 main properties of Grin transactions that make them private:
    
            - There are no addresses.
            - There are no amounts.
            - 2 transactions, one spending the other, can be merged in a block to form
              only one, removing all intermediary information.
    
        The 2 first properties mean that all transactions are indistinguishable from
        one another. Unless you directly participated in the transaction, all inputs
        and outputs look like random pieces of data (in lingo, they're all random
        curve points).
    
        Moreover, there are no more transactions in a block. A Grin block looks just
        like one giant transaction and all original association between inputs and
        outputs is lost.
    

So I think "No more amounts" is simply trying to say that the concept of a
globally-accessible transaction _on_ the blockchain with a verifiable
transaction amount is now gone. Now it's just blocks, which can be many
transactions coalesced together. From later on that page "It's as if when
Alice gives money to Bob, and then Bob gives it all to Carol, Bob was never
involved and his transaction is actually never even seen on the blockchain."
It is not trying to say that this currency is not countable or something like
that (how would that even work?)

[0]
[https://github.com/mimblewimble/grin/blob/master/doc/grin4bi...](https://github.com/mimblewimble/grin/blob/master/doc/grin4bitcoiners.md)

~~~
solarkraft
So s/There are no amounts/Transaction amounts aren't public

?

------
DennisP
They say that it scales mainly with number of users, and per-transaction data
is minor. But they also say it's 100 bytes per transaction, so with 10 tx/sec
you get 31 gigabytes per year, just for the transaction data.

That's not as much of a storage improvement as I expected from mimblewimble.
By comparison, a simple ETH transfer on Ethereum takes 109 bytes:
[https://ethereum.stackexchange.com/questions/30175/what-
is-t...](https://ethereum.stackexchange.com/questions/30175/what-is-the-size-
bytes-of-a-simple-ethereum-transaction-versus-a-bitcoin-trans)

They do say they could optimize Grin's transaction storage further but don't
quantify that. Does anyone here know what the potential is?

~~~
EthanHeilman
Talking about per-transaction data in mimblewimble is tricky because as
different points in a transactions lifecycle it can change in size.

1\. Each transaction comes with a value called a kernel, this kernel is
constant size in the size of the transaction. It does not change with the
number of inputs and outputs of a transaction.

2\. Mimblewimble lets parties non-interactively merge transactions. So if you
have 100 transactions you can merge them together and have only 1 really big
transaction and 1 kernel.

3\. In mimblewimble you only need to keep kernels and unspent outputs to prove
to someone just joining the network that all the rules have been followed
(fixed coin supply, all transactions where correctly authorized). Over time
you can throw away most of that big merged transaction, as it's outputs get
spend and just keep the kernel.

In theory each block should be one big transaction. Thus the size of
blockchain grows with the number of unspent outputs and the number of blocks,
but not the size of those blocks. This also makes validating the blockchain
much faster and under certain circumstances may have privacy benefits.

Mimblewimble it is an important step on the path to scalable blockchains.

~~~
DennisP
Aha, so even though there are 100 bytes per transaction, you can merge all the
transactions in the block so it's actually just 100 bytes per block (plus
unspent outputs). Nice.

~~~
tromp
No, it's still 100 bytes per tx. See reply to parent.

------
zamalek
I read the tech spec and it amazes me that there are people who can come up
with this stuff. Completely obvious in hindsight. From the crib notes[1]:

> Grin's emission rate is linear, meaning it never drops.

This sounds more like a real currency, although, without limited supply this
thing won't be going to the moon. The deflationary nature of cryptocurrencies
thus far has been my main criticism as their viability of currencies
(inflation encourages spending, which increases liquidity).

[1]:
[https://github.com/mimblewimble/grin/blob/master/doc/grin4bi...](https://github.com/mimblewimble/grin/blob/master/doc/grin4bitcoiners.md#emission-
rate)

~~~
wmf
Pretty much everyone with knowledge of mainstream (non-Austrian) economics
came up with the idea of non-deflationary cryptocurrency (keynescoins) around
10 years ago. That's how you can tell that everyone who says "it's about
payments/adoption/etc not speculation" is lying because why would they make it
deflationary.

Also, fixed linear emission is pretty much the second worst possible monetary
policy and I think it's basically a way to have plausibly deniable deflation.
If Grin adoption follows an S-curve then 50%/year emission won't be noticeably
different from 0%. (And if it doesn't follow an S-curve then it has failed
anyway.)

~~~
vbs_redlof
A 50% emission rate is incredibly high. Any linear emission rate will tend
towards 0% as the number of coins in circulation gets larger and larger
(assuming none are accidentally lost).

Deflationary money can theoretically work, its just that instead of having the
vendor adjust menu prices every year for inflation, consumers would have to
discount their purchases. For instance, during the 2017 boom, I noticed
friends often paid each other for dinner with Ethereum at large discounts.

Obviously this isn't price efficient, and the mental calculus isn't a great
user experience, but it can work. We would just live in a much more frugal
society which saved a little more. We could have lower defaults as we
underconsume. A credit system probably wouldn't work however as we're
destroyed the concept of time value of money.

Imagine a thirsty tourist in a desert might be unwilling to part with his
Bitcoin for a meal, but willing to do so for a bottle of water as his
instantaneous discount rate for water is far higher at that point in time and
state.

Whether a coin is inflationary or deflationary is a little more nuanced than
simple changes in money supply, and has to do with whether these changes are
unanticipated and how users form inflation expectations. Imagine if Satoshi's
account suddenly awoke and moved, only to burn those coins in another address.
There would be momentary hysteria and selloffs, before inflation expectations
readjusted back to before.

You'll see that price levels are relatively indeterminate without strong
commitments to target inflation rates. In that sense a bank may be better than
a non-sovereign currency at maintaining price stability.

~~~
koheripbal
> A credit system probably wouldn't work however as we're destroyed the
> concept of time value of money.

This is spot on and is the main problem. This destroys all lending, which
prevents various forms of capital investment - the cornerstone of economic
growth.

Like it or not, inflation is a key component to any currency. ...and as you
said, increasing the money supply doesn't even guarentee inflation - but
contracting it absolutely spells deflation - which is death.

 _Ideally_ a "better" cryptocurrency would detect the velocity of money within
its own blockchain, and calculate the _appropriate_ amount of inflation (or
even deflation) to keep the scarcity of currency stable.

If you imagine that a currency is like blood in a body, then as the body grows
(or shrinks), the blood volume must adjust accordingly. Fundamentally, the
function of currency is not to save - it is to spend.

------
rdl
I'm totally sold on privacy as a critical feature of currency long-term, and
that mixes in bitcoin alone are insufficient. Pretty cool to see two
mimblewimble projects launching (beam + grin) which seem to have made some
different tradeoffs.

Dandelion seems like the weak link from a privacy perspective under a
reasonable attacker scenario, though, although it could easily be replaced.

~~~
dhh2106
What are the main differences between beam and grin?

~~~
jarodym
Grin, academics and early bitcoiners second attempt at digital cash.

Community funded. Pure mine. Rust, inflationary economics, cuckoo cycles. No
governance, but that is debatable. Small team making decisions. What is that?

Beam, entrepreneur team. Had a presalethat allowed them to put devs on the
project full time and blow past Grin in material output. It’s not a “pre-sale”
but it is. They pay back the investors through splitting the block reward
(founder’s reward) over the first five years. Then spin that into a
foundation, C++, cuckoo cycles.

Give Beam a chance before you say it’s a scam. They are good people. I don’t
agree with what people are saying about them, despite disagreeing with their
approach. Talk to them before making up your mind. They have sound arguments
that founder’s will understand, and ideologues like me disagree with.

~~~
xkarga00
> Community funded. Pure mine. Rust, inflationary economics, cuckoo cycles. No
> governance, but that is debatable. Small team making decisions. What is
> that?

Somebody has to do the work to bootstrap and develop the network. Whom do you
expect to govern the project? Governance meetings are public, bi-weekly, in
the Gitter Lobby chat, you are free to join.

Also since I am into nitpicking, economics are inflationary for the first
couple of decades gradually switching to deflationary (1 grin per second
forever).

------
josh2600
When thinking about a cryptocurrency, there are a bunch of different attack
surfaces (to name a few):

* client (wallet)

* network from client to node (network)

* node

* network node to node (consensus)

* ledger

Each one has a different attack surface and threat model. Mimblewimble is a
neat solution to the ledger, at rest, threat model. I still think zcash is the
king right now when it comes to privacy, but obviously mimblewimble is a cool
approach to scaling. It’s a really fascinating space.

~~~
knocte
When you compared ZCash and MimbleWimble, you forgot to mention that the
latter doesn't need a trusted setup like the former needed.

~~~
josh2600
The trusted setup is the major problem with Zcash, but it’s much more private
than MW (assuming you believe the setup).

I’m not gonna spend a lot of time arguing on here, but I think it’s worth
closely studying these systems as they’re fascinating. All anonymity focused
systems have tradeoffs, just like more commonly understood distributed
systems.

~~~
rdl
The big privacy concern I see with MW is the exchange of blinding factor, and
there are some arbitrarily good solutions to that if you make other tradeoffs.

With ZCash I'm willing to trust the trusted setup (even if it was imperfect);
the issue is that people don't actually use shielded addresses/privacy
protecting transactions much.

~~~
ianmiers
The biggest privacy issue with grin is it doesn't hide the transaction graph.
See their own write up[0] which offers a very good and nuanced privacy
discussion. This means, for example, you can be tracked by colluding vendors.
Or can be identified when trying to accept payments anonymously.

I don't think blinding factors are as much of an issue.

Zcash setup doesn't matter for privacy. The larger issue is as you said,
adoption of private transactions.

[0][https://github.com/mimblewimble/docs/wiki/Grin-Privacy-
Prime...](https://github.com/mimblewimble/docs/wiki/Grin-Privacy-Primer)

~~~
xkarga00
RSA accumulators is an active area of research that will help with unlinking
inputs and outputs, see the grin forum thread for more discussion:

[https://www.grin-forum.org/t/benedikt-bunzs-utxo-
commitments...](https://www.grin-forum.org/t/benedikt-bunzs-utxo-commitments-
rsa-accumulators/1045)

~~~
ianmiers
It really doesn't help with that unless you use a completely different
protocol and assume trusted setup. At which point, just use zcash, it will
have smaller and faster to verify transactions. Trust me, I've been working
with RSA accumulators for privacy in Bitcoin since 2011.

~~~
rdl
Ah, I didn't see how the blinding factor was being used (the code is actually
easier to understand than the paper). This has approximately the same
linkability as monero, inferior to zcash (complex) or chaumian tokens (hyper-
efficient, but centralized per-currency, although currencies can be
permissionless).

------
seibelj
This is a very well-known blockchain project that people in the industry have
been watching, so I’m happy it has surfaced here without the usual “blockchain
is 110% useless” commentary HN is known for. It is a very interesting
experiment.

~~~
peteretep
> the usual “blockchain is 110% useless”

Are there any projects that you consider to be a success that currently use a
distributed blockchain?

I suspect like most people my skepticism comes not from the inherent
technology but in all actual deployments so far.

A system that solves scaling, doesn’t appear to be a questionable pyramid
scheme, and had even a few of the advantages of the existing financial system
would be welcomed.

~~~
gpm
> Are there any projects that you consider to be a success that currently use
> a distributed blockchain?

Would you object to me saying "bitcoin" (edit: I should be clear that I'm
primarily referring to market value and making money for those involved with
this one)?

It's morally ambiguous at best, but what about "dark net markets"?

Or if we just don't worry about morality, "cryptolockers"?

Of course the latter two are really just consequences of us having a
reasonable secure and (seemingly) anonymous currency. The fact that bitcoin
enabled them perhaps says more about the state of the rest of the world than
bitcoin itself.

~~~
wpietri
I would probably object to Bitcoin counting.

Its original notion was "peer-to-peer electronic cash". As best I can tell,
there's almost no significant legal use beyond speculation. [1] Even prominent
Bitcoin advocates have admitted it isn't a good currency. [2] Illegal use is
self-limiting; if Bitcoin becomes mainly known as the crime currency, it'll be
truly screwed, as governments everywhere will further crack down on conversion
and use, driving off investors, developers, business partners, etc.

I think it's especially obvious how much it's failed as e-cash when you
compare it with M-Pesa, an African e-money system. [3] It started just a year
before Bitcoin, but does something like 100x the transaction volume and is
wildly popular in a number of countries.

[1] E.g., [https://www.nytimes.com/2018/04/16/nyregion/new-york-
today-l...](https://www.nytimes.com/2018/04/16/nyregion/new-york-today-living-
on-bitcoin.html)

[2] E.g., [https://avc.com/2017/08/store-of-value-vs-payment-
system/](https://avc.com/2017/08/store-of-value-vs-payment-system/)

[3]
[https://en.wikipedia.org/wiki/M-Pesa](https://en.wikipedia.org/wiki/M-Pesa)

~~~
arisAlexis
Bitcoin is the most transparent form of money invented and in circulation.
That's why a number of studies you can find online place criminal activity
quite low. Who wants a trackable currency vs dollars?

~~~
chx
It's a very interesting thing to call it "money". It's ... not. Not unless you
want to call every scarce good money. This has bene rehearsed many a time over
the years. It's too volatile but be usable as a unit of account, it's not
backed by a nation state and it can't be used to create credit. These are all
important functions of money and Bitcoin has none of it.

And no, it's not a Ponzi scheme either, it's a new kind of scam:
[https://prestonbyrne.com/2017/12/08/bitcoin_ponzi/](https://prestonbyrne.com/2017/12/08/bitcoin_ponzi/)

~~~
arisAlexis
not being controlled by any government and not being able to create it out of
thin air for credit is a feature not a bug. but if you are calling bitcoin
scam in 2019 I don't think we can have a rational argument.

~~~
wpietri
It's a feature for a very small number of people with a quasi-religious
aversion to government-backed money. It's also a feature for criminals. But
both historically and currently, the great majority of people seem to quite
like currencies backed by well-run governments.

~~~
arisAlexis
for criminals see the root of the comment you are commenting on. fact: it's
not popular among them.

~~~
wpietri
Not being controlled by a government is a feature for all criminals. Bitcoin
has other issues that make it less popular for criminals, though.

~~~
arisAlexis
I don't get the sequence of your thought. Not being controlled by a government
is a feature of a global currency such as the IMF currency. Or Gold. Do you
think a global currency not controlled by one entity is good for criminals?
Why? How?

~~~
chx
[https://www.imf.org/en/About/Factsheets/Sheets/2016/08/01/14...](https://www.imf.org/en/About/Factsheets/Sheets/2016/08/01/14/51/Special-
Drawing-Right-SDR)

> The SDR serves as the unit of account of the IMF and some other
> international organizations.

> The SDR is neither a currency

And gold is not a currency either. It's a scarce good, nothing less nothing
more.

~~~
arisAlexis
It was an example.

------
fsiefken
How does Grin compare to using Blackbytes on the Byteball directed acyclic
graph (DAG)? [https://medium.com/byteball/private-
textcoins-6a2288d80757](https://medium.com/byteball/private-
textcoins-6a2288d80757)

------
CatheryneN
It's not just privacy that appealing about Grin, it's designed to scale based
on usage. Grin is designed so that its network doesn’t get dragged to a
standstill when transaction volume increases. This was the core issue in the
Bitcoin block-size debate: there were more transactions than could fit into a
1Mb block. As long as there’s a restrictive block size limit, there will be a
capacity issue. A dirty little secret is that to get around scalability
issues, almost all payment processors and exchanges do off-chain transactions.
Which begs the question: why bother using a cryptocurrency with blockchain?
It’s a slippery slope. Increasing usage will of course increase transaction
volume. To ensure that a block size can continue to accommodate volume
increases, you have to streamlining each block by trimming transactions.
MimbleWimble/Grin maintains that if an output spends an input, you no longer
have to keep them because they cancel each other out. This greatly cuts down
the amount of data you have to store and process. The only data that nodes
keep is unspent outputs and block headers. Instead of thinking of blockchain
capacity in terms of number of transactions, MimbleWimble/Grin is designed to
grow with the number of users using cut-through. The streamlined blocks make
growth sustainable over time as the transaction data set does not continue to
get bigger. This increases privacy since transaction data gets removed and it
also enables fungibility. That's the scalability answer Grin brings, in
addition to privacy by default.

~~~
woobilicious
You're very much wrong, Grins innovation is not removing the hard block size
limit, that many other coins don't have.

There's nothing stopping Bitcoin scaling to 100MB blocks with today's
hardware, the problem is long term blockchain growth, and validation times,
that sort of thing.

Grins innovation is the entire blockchain is can be shrunk using algebraic
reduction, unlike other cryptocurrencies that scale linearly with total
transaction amount, Grin only saves unspent transactions and a small proof of
the total history of the coin since it's mining date.

This means that a 100GB ledger could be reduced down to 100s of MB of its
size, and be a just as provably secure as the original unreduced ledger.

------
rkowal
This was released recently [https://medium.com/@CryptoProfG/grin-money-
explained-4-explo...](https://medium.com/@CryptoProfG/grin-money-
explained-4-exploring-grins-monetary-model-e48b1761653 )

— Exploring Grin’s Monetary Model: Grin’s monetary model gives it medium of
exchange and store of value features; community, demand and usage have to do
the rest

Check out the charts at the bottom BTC USD gold & Grin vairous comparisons

------
wiradikusuma
If it doesn't allow people to speculate (no ICO, no mining), how would people
be interested to use it? (bootstraping)

Note: I don't know anything about blockchain.

~~~
WRONgG
It isn't that there is no mining, they stated that there is not pre-mining, so
no mining before the tech is released. This is a regular hype technique used
by shit coins in the past (ditto to the ico method).

They have a mining tool that runs on OSX and Linux 64 on their GitHub.

The premise is that they want it to be an actual currency as opposed to a
glorified stock option.

~~~
democracy
Yeah, it is a pipe-dream. To be useful you need to be able to buy/sell it -
which means going to exchanges. Once you are on exchanges you are a volatile
asset or a "glorified stock option" and a part of unregulated gambling
platform.

~~~
knocte
Exchanges are not just to gamble. Imagine you start using MimbleWimble in your
daily life: e.g. you're a freelancer and you decide you want to get paid in
Grin. At some point you will need to convert your Grin to fiat currency just
to do some typical purchases that are usually not possible to pay with crypto
(e.g. rent? groceries?). For this, you need an exchange. It's not gambling,
it's a temporary necessity.

~~~
Nursie
> Imagine you start using MimbleWimble

With that name, nope, never.

~~~
swift532
MimbleWimble is a protocol, not a coin. Grin, though I'd still say it's a bit
funny sounding, is acceptable. The backstory of how it was released and why
it's called MimbleWimble is pretty cool.

------
fwip
> Grin has no amounts and no addresses.

So how do I pay somebody?

~~~
EthanHeilman
Payments are interactive like credit cards. They require that either both
parties are online or that there is some hosted bulletin board that will hold
transactions data until you come online.

~~~
ndnxhs
Credit cards have addresses and they aren't online. Simply knowing the number
on a card is sufficient to withdraw from it.

~~~
EthanHeilman
My understanding of how Credit cards work:

1\. Alice has a secret called a credit card number.

2\. To pay Bob she shares this secret with Bob.

3\. Bob then contacts the credit card company and asks to transfer funds from
Alice's account to Bob's account. This is authorized using the secret that
Alice gave to Bob.

If Bob or some party acting on his behalf Alice can not receive this secret
from Alice Bob can't get paid by Alice. As you point out if Alice gives the
credit card secret to Bob, Bob can withdraw funds from Alice's account while
she is offline. This is exactly the same in Mimblewibble. If you give a third
party your Mimblewibble secret that third party would be granted the ability
withdraw your funds while you are offline.

~~~
Nursie
Internet transactions, right now, yup.

'normal', customer-present transactions are more involved. They involve Bob
sending a set of transaction data to Alice's card, which the card then signs
with an embedded private key, so that Bob can't just keep asking for more.

Unless you still use magnetic stripes. I'm looking at you USA...

------
mrspeaker
Out of interest I built the client, and ran `grin` and it says "mainnet not
ready yet - use floonet". Does that mean it's in some kind of "test mode"
where the "grins" are not real? How do things change over to mainnet?

~~~
seibelj
Mainnet launch is Jan 15. Testnet mode until the genesis block is mined.

~~~
JumpCrisscross
Is floopnet testnet?

~~~
otoburb
Yes, floonet is the testnet.

~~~
tromp
As many other things in Grin (the name itself derives from
[http://harrypotter.wikia.com/wiki/Gringotts_Wizarding_Bank](http://harrypotter.wikia.com/wiki/Gringotts_Wizarding_Bank)),
the testnet name is Harry Potter inspired:
[http://harrypotter.wikia.com/wiki/Floo_Network](http://harrypotter.wikia.com/wiki/Floo_Network)

------
maufl
As far as I understood, the transactions must be build interactively between
sender and receiver. This would mean that you could only send grin to people
how are online. Is this correct? And if so, is this going to change?

~~~
samatman
That isn't correct, but it's an easy conclusion to draw.

What this means is that both parties must participate in a transaction. With
Bitcoin, and hence with most blockchains, you can send to an address; that
address can be a cold wallet, or could not exist at all, in which case your
cybercoins are gone.

With MimbleWimble both parties must participate (interact) to form a
transaction, but this can happen asynchronously.

In other words, both parties must be online, but not necessarily at the same
time.

~~~
koheripbal
Without having a semantic debate, I think the point is that since there are no
static addresses, parties cannot _send_ money in a one-way transaction. Every
transaction must have a handshake. Those two people could be in person, or
online, but they don't need to be connected to the grin network until either
wants to post the transaction.

> you can send to an address; that address can be a cold wallet, or could not
> exist at all

I don't think this is accurate since the other party must participate.

~~~
samatman
I think you probably missed the beginning of that sentence, which was
contrasting e.g. Bitcoin with the MimbleWimble approach.

The difference between 'both parties must be online at the same time' (true
of, say, a phone call) and 'both parties must participate, even if it's during
different weeks' is a substantive difference, I only wished to indicate that
MW requires the latter, not the former.

------
EvilMonkeyMat
I can't really see how it's better than Monero. From their website:

Monero uses ring signatures, ring confidential transactions, and stealth
addresses to obfuscate the origins, amounts, and destinations of all
transactions.

~~~
rdl
My understanding, which may be incorrect:

The "anonymity set" of a monero transaction is just the number of fake values
created in it. This is a fairly small number. If you're willing to put the
effort in, you can trace all of them.

For MW, the the anonymity set is either "all users of system" (if you don't
believe in a global network observer) or "all users of system who exchanged
parameters in a given set".

~~~
AndrewBissell
In addition to this, Monero has the same "linearly growing blockchain history"
scaling problem that bitcoin does. fluffypony has floated the idea of a
mimblewimble sidechain for Monero.

------
lehnberg
(Shameless plug:) Those of you who care to follow the project can subscribe to
[https://grinnews.substack.com](https://grinnews.substack.com) for weekly
updates.

------
epicwg
The two main reasons imo why Grin is important are not only the privacy, which
is well covered here, but also the on-chain scaling implications.

We won't know till it's actually used, but there could be orders of magnitude
greater on chain scalability for this BTC while retaining proof of work...

This is a major accomplishment and both Grin and Beam are major steps forward
for crypto.

~~~
democracy
"We won't know till it's actually used" \- haha, which in crypto world means
NEVER

------
nadahalli
There is some discussion on their forum on how to set the appropriate
difficulty for the genesis block, and how to estimate the number of miners
that will be around at the beginning. Good reading: [https://www.grin-
forum.org/t/genesis-block-message/250](https://www.grin-forum.org/t/genesis-
block-message/250)

~~~
tromp
More up-to-date discussion at
[https://github.com/mimblewimble/grin/issues/2121](https://github.com/mimblewimble/grin/issues/2121)

------
headsoup
One thing I don't see from the mainpage, who is the actual intended audience
that will facilitate adoption?

All I see is 'everyone' and well that's rather vague.

What's the actual value statement other than anonymity? Because being more
efficient at the same thing seems of marginal value if the same thing does not
have significant demand otherwise...

~~~
EthanHeilman
Because it is cool cryptography! Grin isn't a company. In this case it seems
better to build something like this and see who uses it rather than attempting
to convince strangers on the internet that they need it for X, Y, and Z
reasons.

~~~
headsoup
Thanks for the clarification, it does seem to have some interesting potential
if a good use cases arises

~~~
democracy
It was sarcasm

------
tapirl
I really don't understand many people's view on cryptocurrency. It looks they
think anonymity is most important feature of cryptocurrency. This is
ridiculous. There are already too much anonymity in fiats. The principle of
cryptocurrency should be the contrary: transparency.

~~~
sparkie
People have different needs for privacy.

For example, you don't want your colleagues learning how much you earn, nor
does your employer. In a centralized banking system there is a level of
privacy because the employer trusts the bank won't divulge the information
because they have legal requirements and a reputation. When you take away the
central party, now everyone can learn what everyone else gets paid. Without an
equivalent level of privacy, very few people will ever consider using Bitcoin
for payroll.

People also do not want their lives monitored so they can be sold
advertisements or be forced to behave in certain ways by their peers. It's
none of an employer's business what their employees spend their money on after
they have been paid for work. Increasingly, we are seeing some employers make
judgements about the people they pay because they do not share the "correct"
political thinking of the employer. The whole thing is becoming absurd.

Transparency of the ledger is what is important. You need to know that
somebody didn't make money out of thin air, or double-spend. If you can do
this while keeping the actual transaction data private, most people would
rather have private transactions if given the choice.

Fiat doesn't have a great deal of anonymity from law enforcement. For most
people, nearly everything but small transactions can be known. Even cash can
be traced from ATM->Person->Shop->Bank. The notes have unique ID codes, and
the biggest denomination of note (say, a $100 bill) usually goes straight from
bank to bank with only the 2 people between the transaction, because these are
not issued directly as change. You can be sure the bank makes a record of
every note and who withdrew/deposited it. Moving large amounts of money
through the fiat system is extremely difficult, _unless you 're a bank_. The
banks have a monopoly on the ability to launder large amounts of money, and
they certainly make use of it!

~~~
xorcist
> you don't want your colleagues learning how much you earn

Public servants have their salaries public in many parts of the world. There
is something to be said for transparency.

Some places even have all tax information public so this information is
accessible on literally everyone.

------
jedimastert
Having never heard of "mimblewimble" before, I though I was going to see a
parody cryptocoin riffing on how oversaturated the market is combined with how
ridiculous some buzzwords are.

------
jcoffland
How does Grin protect against double spend? What keeps two valid transactions
spending the same coins from both being accepted?

~~~
tromp
Like Bitcoin, Grin checks that inputs are in the UTXO set, and removes them
from this set. Beyond that, a double spend would also invalidate the check
that sum of coinbases equals sum of UTXO.

------
Traminer
Ok, it's a first inplementation of mimblewimble, but we're still talking about
MINING/PoW.. That's a pity

------
GutenYe
Looks like uses some same techs as Monero. (Confidential Transactions, no
amount, no address)

~~~
zik
It's mathematically different from Monero, and is thought to be significantly
more secure. It also has some very interesting properties like allowing the
blockchain to be represented in a totally different way, using only a tiny
amount of data.

~~~
garmaine
It is not thought to be significantly more secure. It runs on the same
cryptographic assumptions as monero, but with a de novo implementation that
hasn’t received very much review.

~~~
zik
It's thought to be less susceptible to tracability analysis than Monero.

[1] [https://arxiv.org/pdf/1704.04299/](https://arxiv.org/pdf/1704.04299/)

[2]
[https://eprint.iacr.org/2017/338.pdf](https://eprint.iacr.org/2017/338.pdf)

------
NoblePublius
Fundamentally incompatible with anything resembling AML, no? North Koreans
rejoice!

~~~
koheripbal
Kind of like physical cash - which is what crypto is. It's odd that people
think any form of cash would "conform to AML" \- an impossible requirement for
anything decentralized.

It's like saying tires don't conform to speed limits.

~~~
NoblePublius
You have to move physical cash. And they have dogs at airports just for
finding it.

------
bob_paulson
amazing how you keep avoiding to talk about the other mw implementations.
simply amazing.

------
mr_woozy
How does one get mainnet grin?

~~~
WRONgG
You can't until the release on Jan 15th

------
qertoip
Mainnet launch is Jan 15.

------
Quanttek
Can anyone please tl;dr what's so special about Grin and how it achieves that?

~~~
nope96
It may scale really, really well "The state a given node in a MimbleWimble
blockchain needs to maintain is very small (on the order of a few gigabytes
for a bitcoin-sized blockchain, and potentially optimizable to a few hundreds
of megabytes)."

[https://github.com/mimblewimble/grin/blob/master/doc/intro.m...](https://github.com/mimblewimble/grin/blob/master/doc/intro.md)

Also, anonymous transactions.

Downside: you cannot "send coins to an address" as in bitcoin, you must have
interaction with the other party to create a transaction.

~~~
mr_woozy
Doesn't this just mean adoption is easily farmed out to various communication
protocols that do it better? (Signal, Whatsapp, Telegram, Threema). Basically
handing them a ready-made drop-in cryptocurrency system ?

~~~
rdl
Hurts anonymity if you have to do peer to peer transfers of the file, plus you
have issues around resending/etc. (payments are somewhat different from other
messages). Even with IM-based exchange, I'd probably use something else and
then pass a message instead.

------
StreamBright
"Without censorship or restrictions."

Great so fraud is a built in feature.

~~~
silur
I call censorship and unrestricted control over my funds a form a fraud :)

