An Idealized Model for the Formal Security Analysis of the Mimblewimble Cryptocurrency Protocol

Mimblewimble is a privacy-oriented cryptocurrency technology that provides security and scalability properties that distinguish it from other protocols. Mimblewimble’s cryptographic approach is based on Elliptic Curve Cryptography which allows verifying a transaction without revealing any information about the transactional amount or the parties involved. Mimblewimble combines Confidential transactions, CoinJoin, and cut-through to achieve a higher level of privacy, security, and scalability. In our previous work ([2], [26], [25]), we have presented and discussed these security properties and presented a model-driven verification approach in order to guarantee the correctness of the protocol implementations. In particular, we have proposed an idealized model that is essential to the described verification process. In that formal setting, we say that a transaction is valid if it is balanced, all output range proofs are valid and the kernel signature is valid for the excess. However, no formal and precise definition was given to the signature requirement. In this paper, we put forward an extension of our model to enable signatures. We specify a signature scheme that allows us to develop several properties and lemmas we have defined on our initial idealized model. The definition of a valid transaction is extended accordingly.