March Progress:

The first code review[1] was submitted on March 15th covering the libmw project! This is where the bulk of the MWEB logic resides, and is completely independent from the existing LTC code in order to make it easier to take the latest fixes and enhancements from bitcoin.

MWEB is a massive enhancement, much larger than any previous upgrade to the LTC network, including SegWit. Not surprisingly, there is a ton of code to review. libmw alone is more than 15k lines of code, and that’s not including the “glue” that ties it into the existing LTC code. Reviewing all of this, and getting it professionally audited is going to take us well into the summer, so please be patient with us all as we painstakingly pore over each line to make sure it is safe and bug free.

The consequences of introducing a bug in consensus code can be quite severe, sometimes even catastrophic. Grin recently suffered the worst kind of attack due to a consensus bug[2]. One of the 2 node implementations used a cache improperly, which led to an invalid transaction being included in a block. This transaction massively inflated the supply for a short period of time. Luckily, Grin++ did not have the bug, so the issue was caught and fixed right away. Forks of Grin were not as lucky…

While I’m certain MWEB will not be vulnerable to any major attacks, the Grin experience was a bit unnerving for me personally. I want to make sure we’re doing everything we can to eliminate possible sources of bugs. The biggest such source is rushing through code, which is something I’ve done a lot of this past 2 months

As a result, I will no longer be committing to exact deadlines. I obviously value transparency a lot, and want to keep everyone as informed as possible, so I will continue to provide estimates (now, in an easy-to-follow timeline at https://wenmweb.com). But these will be no more than estimates, subject to change at any time. This project is too important to rush.

April Tasks:

This month, I will be working on cleaning up LIP-0002 and LIP-0003 based on feedback we received from one of our auditors. I will also be addressing comments on the libmw code review, and continuing to add more tests and documentation to make life easier for reviewers, auditors, and future maintainers. I’ll also be reaching out to more auditors, bitcoin developers, and mimblewimble experts to solicit their review of the design and code.

These next few updates will mostly just involve the same few things over and over: documentation, testing, review, and general housekeeping tasks. But I’ll take advantage of the briefer updates by describing the various perks of MWEB, future directions we can take it, cool projects we can build on top of it, and general reasons why bitcoiners should and will be jealous of Litecoin

[1] https://github.com/litecoin-project/litecoin/pull/703
[2] grin-security/CVE-2021-XXXX.md at 940c9447614237fc2ec6da9e1bb31a5eed7d2573 · mimblewimble/grin-security · GitHub

Thanks @David , appreciate your work and dedication!

Awesome, thank you very much for the update and the timeline site !

Thanks for the update. I’m glad you are going to take your time! We would lose more from a devastating bug than we would from a slightly faster rollout.

A few questions.

1. Are there any parts of libmw that could be factored out as useful code that could be used in other projects to get more instances hammering on the code?

2. Will we have any funds for a bounty programme? Do you foresee having a bounty program while it’s on the testnet?

Hi David! You’re a big smart guy! You are a great fellow in your craft! We all know that we have prepared an amazing rocket for everyone! Litecoin will instantly take off thanks to your work in the crypto technology industry!!! Thank you very much!!!

April Progress:

Documentation

I’ve re-written LIP-0002 based on feedback received. The revised version is available for review here. The LIP-0003 re-write is still in progress.

I’ve also improved some of our code documentation, and will continue to do so over the next few months.

Coding & Testing

Hector Chu has helped a lot these past 2 weeks with testing & coding. He tested the major flows and quickly identified & helped fix a number of bugs. He has also helped with adding functional tests to cover some of the untested & under-tested consensus rules.

I’ve been working through the litecoin side of the code, and doing my own pre-review of the code before submitting it for review. I was able to clean up a lot of the validation and mempool logic to harden it against attacks, as well as fix some bugs in the wallet code.

Reviews & Audits

Hector has finished his review of the libmw code[1]. I’ve addressed a number of the issues he found, and will continue to work through that list over the next few days.

Once the code for Litecoin’s v0.21 release has been reviewed, I’ll merge all of the MWEB code into that branch and submit the 2nd and 3rd code reviews (2nd=validation, mempool, & mining code; 3rd=wallet code).

I’ve also reached out to Quarkslab with the hope that they’ll have capacity to audit the design & code.

[1] https://github.com/litecoin-project/litecoin/pull/703

Instead of going over May’s tasks, which are going to be more of the same, I promised I’d discuss something fun about MWEB instead.

One thing that was proposed to Grin earlier this year by John Tromp was a “CoinSwap” service. If you’ve got a decent understanding of the math behind mimblewimble, then I recommend reading his proposal here.

This CoinSwap proposal aims to improve transaction unlinkability, much like a CoinJoin service does. But existing designs for MW CoinJoin services have a few important limitations. One is they currently require trusting the CJ server operator to not leak your transactions (there may be ways to eliminate that trust, but none have been found yet). Another is that using CoinJoin services have more annoying UX, since you must wait for the CJ server to aggregate enough transactions before the large CJ transaction is finally broadcasted and confirmed on chain.

CoinSwaps merely swap a single output for a different one of the same value (minus a very small fee). There’s no need to link any of your inputs together, risking revealing your identity to the CJ server operator. And you don’t have to trust any single server to preserve your privacy, since that trust can easily be spread over a large number of CoinSwap servers, with the requirement that only one of them needs to be honest in order to protect the privacy of all of the participants.

And this can all happen behind the scenes without any user interaction! When your wallet identifies new coins that were sent to you, it can automatically send those coins to the CoinSwap service to be trustlessly replaced with a different coin, so that once they’re mixed, even the person who sent you the coins won’t even be able to tell when or if you’ve spent them. The same can be done automatically for your change outputs when you send coins, or can just periodically be done by your wallet to ensure you’ve got clean coins.

The design appears to work as is, but I’m optimistic it can be improved even further to allow dynamic selection of coinswap operators. In its current form, the coinswap server list must be static. But if we allow the ability to easily add coinswap operators, you could always just add an additional one if there’s ever any fear that the existing servers have been compromised.

It’s worth keeping an eye on CoinSwaps. They help eliiminate Mimblewimble’s greatest weakeness (transaction linkability), and can easily be integrated into MWEB wallets, which means this is an excellent opportunity for someone to build a profitable business, while improving LTC’s fungibility at the same time.

CoinSwap is super interesting. Damn, I wish, I’d have some time to dig deep into MWEB. It’s amazing what all of you do and I hope some BTC and Grin developers will also help in the code review. The more eyes look at the code the better.

Hi David - Thanks for the update along with sharing the possibility of CoinShares to aid in privacy.

Let us know how we can help!

Is there a write-up detailing what level of privacy (and how) MWEB will provide to the users?

CoinSwaps sound like exactly what we need and will really add to the killer feature list. Awesome news =]

Hello David,

Novice here. I have a question that in no way meant to be a criticism is really coming from me trying to understand the project. With the rollout of MWEB is there any concern of how companies like paypal may perceive this privacy feature?

Nice I support the idea by David

CoinSwap sounds friggin perfect! I’m a new recruit, portfolio severely down since buying in but I believe in LTC, and the amount of work that the developers have got going on, both in this forum and on various subreddits, is astounding. And props to Charlie for giving LTC major brand recognition!!

MWeb will bring serious fungibility to Litecoin, it’s an extremely exciting development, and to know how much code and how much painstaking work goes into it makes me that much more excited for its implementation!

From what I understand mweb will be an opt-in feature, though I’m not sure how that will effect the feelings of potential users.

Can someone please explain to me why coinswap is so interesting, if there are options to use dex for LTC (e.g. thorchain)?

They’re unrelated. Coinswap is a privacy technology used to obscure the ownership & origins of coins. DEXes (like Thorchain) are for converting between different asset types.

Thank you very much for the clarification. So it is not about swapping between currencies but within LTC for privacy purposes. It’s clear now, and I agree: a great feature. Thank you for all the work!

May Progress:

Coding & Testing

We’ve made the following significant improvements to the code over this past month:

1. Unified the build process to support existing release strategies. We originally intended on sharing the libmw codebase with Grin++, so the new code used a different technology (cmake) for managing builds than the existing litecoin code.
   That plan turned out to be unworkable due to significant differences in the Grin and MWEB protocols, so there was no longer a reason to continue using 2 different build management solutions.
   We’ve stopped using cmake entirely now, and just include the libmw code as part of the existing (automake) build. We’ve also downgraded from C++ 17 to C++ 14 to support gitian builds, which is how we generate verifiable releases.

2. Removed superfluous interfaces and boilerplate code. This also stemmed from the fact that we no longer need to share logic with Grin++.
   We had a rigid interface layer that prevented us from calling the existing litecoin code from within the new libmw library, which resulted in the need to duplicate serialization, logging, and other infrastructure code within libmw.
   Since litecoin is now the only consumer of libmw, we were able to eliminate this artificial separation, resulting in less code (and hopefully fewer bugs) overall.

3. Working automated builds for multiple platforms. The automated builds are working again for linux, and now also a windows build is being generated with each code commit.
   This has allowed for quicker feedback from changes, and opened the door for non-developers to help out with testing without needing to build the code themselves.

Reviews & Audits

We’re still struggling to get developers to review the libmw code. The code has changed quite a bit since the PR was first submitted though, so I will likely be closing it and creating a number of new, smaller, and hopefully more digestible PRs over the coming weeks.

I met with Quarkslab yesterday to discuss what we need audited, and I will continue to work with them over the next week or two while they gather what they need to do their initial assessment & estimate for the audit.

We remain on track for activation around the end of the year, barring no major surprises from the auditors

Nice work. We appreciate the continued updates & progress being made.

Excellent! Would also love to understand what EB features will become available outside MW, if any. The community appreciates your diligence David, Litecoin Facebook group is reacting positively to this update ((no suprise))