Is MWEB private? Could it be implemented on Bitcoin? Is there any plans to do so? What is good or bad about it?
It hides amounts and addresses on-chain. A lot better privacy than the vast majority of blockchains, but it doesn't do anything to hide the transaction graph for an active adversary monitoring the mempool (which you would have to assume) like ring signatures, shielded zk, FCMP does
I don't think there are any plans to use MWEB on Bitcoin but it would be relatively trivial to implement since Litecoin has an almost identical codebase
MWs real strength is it's scalability via "cut-through" though. I think the whole history is like a few hundred MB. The privacy it offers is kind of secondary and a consequence of that. Really good privacy but not the best when compared to other stuff out there right now.
Imo if the goal is private transactions Bitcoin should adopt something like shielded pools on Zcash (which was pretty much made for Bitcoin). It would be roughly as easy to implement, superior privacy to MWEB, preserves the 21 million cap with turnstiles, and it's optional so those who don't trust it wouldn't have to touch it. Scalability is not nearly as good as MWEB though. Shielded client-side validation (Shielded CSV) is another good option from what i understand.
I don't think there are any plans to use MWEB on Bitcoin but it would be relatively trivial to implement since Litecoin has an almost identical codebase
MWs real strength is it's scalability via "cut-through" though. I think the whole history is like a few hundred MB. The privacy it offers is kind of secondary and a consequence of that. Really good privacy but not the best when compared to other stuff out there right now.
Imo if the goal is private transactions Bitcoin should adopt something like shielded pools on Zcash (which was pretty much made for Bitcoin). It would be roughly as easy to implement, superior privacy to MWEB, preserves the 21 million cap with turnstiles, and it's optional so those who don't trust it wouldn't have to touch it. Scalability is not nearly as good as MWEB though. Shielded client-side validation (Shielded CSV) is another good option from what i understand.
21โค๏ธ2โค๏ธ1๐1๐1๐1๐ค1
