It has been recognized that neither Litecoin nor Bitcoin is yet fulfill all the properties of sound money. The major deficiency at the moment is the lack of fungibility, which means that all coins are yet be very interchangeable. The lack of fungibility and privacy are one and the same, you cannot ultimately have one without the other. This is the reason why.
Recently, due to the transparency of Litecoin, you can easily track coins along the blockchain. This lack of privacy means that if your coins were previously owned by someone involved in illicit activity, then merchants and exchanges could treat your coins as inferior to others, for example, coinbase coins, which are those that are newly created from the mining process. The fact that your coins and their history are not private means they can be separated and are not interchangeable.
In other to solve this, Lee has suggested quite a number of improvements that should at least solve this problem. Currently, suggestions range from Confidential Transactions (CTs) and Bulletproofs to MimbleWimble and Extension Blocks. It would be nice if the final proposal will include a mixture of these features.
CONFIDENTIAL TRANSACTIONS (CTs)
Confidential Transactions (CTs) were previously a proposal for Bitcoin led by Adam Back, Pieter Wuille, Gregory Maxwell and Andrew Poelstra. Confidential Transactions are a form of range proof, a cryptographic method that prevents double spending. They are able to hide the type of assets and amounts. Consequently, one party cannot see how many coins the other has and onlookers cannot invariably decode the size/number of transactions. In normal Litecoin transactions, all output and input values are publicly displayed. Thus, it is simple to verify transactions by ensuring that the total value of inputs and outputs are equal to zero. Confidential Transactions however, hides all these values while it authenticates that all other nodes balance of outputs and inputs equals zero.
LIMITATIONS OF CONFIDENTIAL TRANSACTIONS (CTs)
It is also unfortunate that transaction sizes in confidential transactions are somewhat larger than normal ones. On their own, they stand at 3.5-5.5 KB. This is in comparison to just 300-400 bytes in a normal Litecoin transaction. Thus, both Litecoin and Bitcoin would experience a noticeable reduction in their throughput capacity and also witness a significant increasein fees. And also, while transaction amounts are hidden, sender and receiver addresses will still be visible. Ultimately, Confidential Transactions demand a significant trade off in scalability with only limited improvements to fungibility and privacy.
Bulletproofs are set to perform a more efficient range proofs. They can compress the size of Confidential Transactions and as a result limit the scalability limitations that Confidential Transactions imposes. Bulletproofs reduce the initial Confidential Transaction size of 3.7-5.5 KB down to approximately 700 bytes. Monero recently upgraded to Bulletproofs. In this regard, Litecoin would benefit significantly from using a tested technology.
MimbleWimble is a design proposal that has been around over the years. When it was initially released by it’s anonymous creator, it challenged many existing assumptions around blockchain design. MimbleWimble is not just an upgrade you can implement into Litecoin, however, It is actually a good alternative to the Litecoin design itself and needs additional structures.
CRYPTOGRAPHY BUILDING BLOCKS
MimbleWimble uses a somewhat similar design to that of Confidential Transactions. Both MimbleWimble and Confidential Transactions obtain their privacy abilities from the use of blinding factors and Pedersen Schemes. A Pedersen commitment Scheme is a cryptographic algorithm and such schemes allow you to guarantee some information like transaction amounts, while hidden from all other parties. The commitment ensures that you cannot manipulate the information at a later date. The only way the information can be shown is through disclosure of a blinding factor, which is ultimately a random sequence of numbers. With normal Confidential Transactions, the sender creates this blinding factor, while in MimbleWimble, the receiver creates the factor. This factor poses as proof of coins and it is similar to how CTs allow for the sum of all inputs and outputs to be proven to be equal, MimbleWimble runs all this through a multisignature. In the current iteration of Litecoin, the keys for each input sign transactions. But, in MimbleWimble something likely to a multisignature key passes as a mass public key for all those involved in a transaction. This is obtained by subtracting the total value of all the input keys from the total corresponding value of all the output keys. This means that we can validate an ample sum of transactions collectively using this multisignature and it’s similar to how CoinJoin works.
Scaling this up to a MimbleWimble block, we end up with a block consisting of just a series of inputs, outputs, and multisignatures. These multisignatures are all that is needed to verify transactions. This alternative model eliminates the need for new nodes to download all the transaction data on the current Litecoin blockchain.
LIMITS TO THE COSTS OF PRIVACY
The major outcome of all this is that we have amply increased privacy without enduring a large increase in the size of transactions and blocks. We can also hide the number of coins in a transaction as well as making it very hard to track the receiver and sender.
What makes MimbleWimble very unique is that it has solved the usual trade off that we see between scalability versus privacy and fungibility. For example, both Cash and Monero, when used for their privacy purposes, have the trade off of outrageously large transactions and high fees. Hitherto, no blockchain project has been able to achieve strong privacy and fungibility without causing a significant reduction in throughput. MimbleWimble, although, could be the first solution for this dilemma. In reality, this means we can now have private and fungible cryptocurrency that is ready for masses.
THE LIMITATIONS OF FUNCTIONALITY
One major red mark of this alternative design is that Litecoin scripting will not run with MimbleWimble due to the elimination of signatures from individual inputs. Poelstra has stated that while this does limit many smart contract capabilities, there are also ways around this by using multisignature, time lock transactions, and unidirectional payment channels.
Another upgrade that might be coming to Litecoin in 2019 is Taproot. This is a Maxwell invention which, along with it’s brother Graftroot, is set to darken regular transactions from multisignature transactions. This will blur the lines between layer one and layer two transactions. And so doing, it will be impossible to differentiate between transactions on the Litecoin blockchain and those on the Lightning Network. Thus, if I pay you over the Lightning Network or execute a smart contract, the activity will be somewhat similar to me paying you with a basic Litecoin transaction.
Just like Scriptless Scripts, these upgrades are very dependent on Schnorr Signatures. Also, a lot of Bitcoin developers are working on Bitcoin Improvement Proposals (BIPs) that combine Schnorr and Taproot. Taproot actually builds on another upgrade called MAST (Merkelized Abstract Syntax Trees) that introduces space efficient smart contracts through scripts back into Litecoin. These smart contracts had previously been blocked because of their excessive size and the possible fright that they might clog up the network. But, MAST leaves smart contracts vulnerable because it does not really obscure them to look the same as regular blockchain transactions. Taproot solves this.
And of course, Taproot and MAST will not be compatible in any of the MimbleWimble extension blocks, since MimbleWimble cannot support scripting. Rather, these upgrades will just be limited to Litecoin foundation blocks.
After all these outstanding breakthroughs, we are still faced with the threat of quantum computing.
Confidential Transactions and MimbleWimble use Pedersen Commitments in their range proofs to encrypt transaction values while avoiding double spending. But, they are ultimately not quantum resistant. And if broken, they would allow for an infinite amount of new coins to be mined, undermining Litecoin’s inflation controls. However, the development team is in partnership with the Beam project to help integrate Switch Commitments into a MimbleWimble implementation through extension blocks on Litecoin. Switch Commitments are significantly a safety mechanism that can provide protection against quantum advances that threaten Pedersen Commitments.
Litecoin is has once again proven that it is at the forefront of implementing cutting edge blockchain innovations. If the development team pull off a successful upgrade from this vast variety of proposals, they will have fulfilled the final property of sound money missing from Litecoin and Bitcoin which is fungibility and also with it’s privacy.