What are Channel Factories in Bitcoin’s Lightning Network?

Channel factories are an intermediate layer between Bitcoin’s blockchain and the Lightning Network (LN) proposed by Conrad Burchert, Christian Decker, and Roger Wattenhofer in a paper in 2017. Initially called ‘Scalable Funding of Bitcoin Micropayment Channel Networks,’ the concept has become commonly known as ‘channel factories.’

Channel factories are designed to reduce the number of on-chain transactions required for opening and closing LN channels. You can think of them as channel super-highways that can exist between many users without increasing the number of on-chain transactions necessary to open and close channels.

Users can open and close virtually unlimited numbers of channels, having the potential to drastically reduce the on-chain burden of the LN if it scales to a popular global payments network of millions of users.

What are Channel Factories

Background on LN Channels

Opening an LN channel between two participants requires a transaction to fund the channel and open it with commitments of their BTC balances to the Bitcoin blockchain. Once the channel is open and funded, users can exchange BTC back and forth as many times as they wish within the confines of the balance in the channel that is transferred back and forth between them.

The magic is securely updating the channel state balance without publishing on-chain transactions.

Closing the channel also requires an on-chain transaction, where the channel balance is published on the Bitcoin blockchain. However, there are two primary limitations of the bidirectional channel setup.

  1. The requirement for on-chain open/close transactions does not scale well with LN adoption because of the limitations in Bitcoin’s on-chain capacity.
  2. Funds (BTC) are locked into the channel.

First, as the number of users of Bitcoin’s LN increases, the amount of on-chain transactions will also increase drastically — especially if each user is opening multiple channels. Bitcoin’s on-chain transaction capacity can easily handle the LN open/close transactions now, but if it is to reach its desired level of adoption the problem needs to be addressed.

Submarine Swaps

Read: What are Submarine Swaps?

For example, if 1,000 active LN users are seeking to open 5 channels each, then that creates 10,000 on-chain transactions. The more users, the more problematic the strain on Bitcoin becomes.

Second, the fixed amount of BTC in an LN channel is inconvenient, especially when the need to rebalance channels arises or refilling channels is required. Low channel balances are suitable for two interacting parties but are not ideal for peak performance of the LN which would require routing nodes and payments hopping between nodes.

The channel factory paper highlights these two problems and strives to provide a scalable solution where users can create an arbitrary number of channels as part of a group — drastically reducing the costs of blockchain transactions. According to the paper:

“For a group of 20 users with 100 intra-group channels, the cost of the blockchain transactions is reduced by 90% compared to 100 regular micropayment channels opened on the blockchain. This can be increased further to 96% if Bitcoin introduces Schnorr signatures with signature aggregation.”

The part about Schnorr signatures is important as the inclusion of Schnorr Signatures into the Bitcoin protocol is on the horizon and offers a suite of enhanced efficiency and privacy features for the network. Combined with channel factories, Schnorr signatures enable much more compact channel factory transactions when they are published on-chain.

Channel Factories

Channel factories are empirically multi-party micropayment channels that consist of groups of participants creating one-to-one channels off-chain. The same method for broadcasting the close of an LN channel can be optimized to open another channel concurrently. In effect, channel factories leverage this capacity for creating and terminating off-chain channels without the need for broadcasting to the Bitcoin blockchain. According to the paper:

“Funds are committed to a group of other users instead of a single partner and can be moved between channels with just a few messages inside this collaborating group, which reduces the risk, as an unprofitable connection can be quickly dissolved to form a better connection with another partner.”

Channel factories lock in multi-party channel funds using a ‘hook transaction,’ which opens shared ownership of the deposited funds between the parties. The clever component that enables the funding of many multi-party channels is called the ‘allocation,’ where one or many sequential transactions can retrieve the locked funds of the multi-party channel as an input and fund multiple channels with their outputs. According to the paper:

“The allocation effectively replaces the funding transactions of a number of two-party channels.”

The hook enables a user to withdraw their funds from a channel if the other parties become non-cooperative. Opening secondary payment channels within a channel factory are essentially instantaneous as the channel factory itself has a sufficient amount of confirmations — users are creating channels within a channel.

Additionally, channel factories remove the risk among the participating parties using timelocks and an invalidation tree where only one path of the tree is broadcastable following the expiration of the timelocks. No single party or colluding parties can arbitrarily spend the channel factory funds due to restrictions derived from multi-sig.

Settlement consists of the parties in the channel factory cooperatively deciding to close the channel, and only the hook and settlement transaction are published on the blockchain. However, settlement of secondary payment channels falls into three primary options:

  1. Commit final state of the secondary channel to the blockchain.
  2. Update balances within the broader channel factory.
  3. Open a n

The aggregate coordination required for larger channel factories rises, but they still retain the ability to function with only two on-chain transactions despite arbitrary group sizes. The implications of large channel factories are compelling for the organic growth of the LN.

Advantages, Risks, and Future Development

Channel factories are convincing improvements for the LN when considering the limitations in moving funds between channels for rebalancing. Rebalancing problems arise when one party of a bidirectional channel has a lopsided sum of the channel balance, and the other party cannot send them BTC because their end of the channel is too low.

“A new allocation is set up, which replaces every channel with a balanced new one while keeping the total stake of each party the same,” details the paper.

Channel factories can subsequently enable funds to be moved between channels, create new channels, or remove old channels — all without broadcasting to the blockchain.

Channel factories also have unique benefits in complex systems. In Bitcoin’s LN, channel factories have the potential to increase the depth of the connections between large groups of nodes. In effect, this would accelerate the speed of payment hops between nodes that people do not have direct channels open with.

With channel factories, the overlap between large channel factories would enable shorter paths between participants of separate groups, making the LN more distributed while simultaneously strengthening its connections.

Conversely, large channel factories have a notable deficiency. The number of parties capable of closing the channel factory rises in a higher order system and remove the ability to move funds between secondary channels following the broadcast of the hook and settlement transaction to the blockchain.

Such scenarios are not directly malicious — as no user funds are lost or stolen — but can be wielded by base users to increase the mining fees paid for the extra blockchain space that the channel factory requires — causing inconvenience for secondary payment channel users in the process. Cooperative users can decide on settlement solutions outside of publishing the path to the invalidation tree, however.

Overall, channel factories are a convincing proposition for the expansion and scalability of Bitcoin’s LN. The LN’s adoption is rapidly swelling, and channel factories are a practical tool for supplementing the network’s scalability via better on-chain efficiency and rebalancing of secondary payment channels for a more liquid payment ecosystem.

The post What are Channel Factories in Bitcoin’s Lightning Network? appeared first on Blockonomi.

What is Taproot? Technology to Enhance Bitcoin’s Privacy

The general perception of Bitcoin’s privacy has transitioned towards more emphasis on improving it as the market for privacy-oriented cryptocurrencies grows, and more attack vectors for deanonymizing users are unveiled. From Dandelion++ to Chaumian CoinJoins, numerous initiatives are underway to enhance the privacy assurances of the pseudonymous Bitcoin.

In particular, one significant privacy boon for the legacy cryptocurrency, known as Taproot, is expected for inclusion into the protocol following the integration of Schnorr Signatures — which are required as a basis for its implementation.

Originally proposed by Bitcoin developer and cryptographer Gregory Maxwell in January 2018, Taproot expands the smart contract capabilities of Bitcoin while preserving privacy by making standard transactions and more advanced transactions effectively indistinguishable.

The upgrade coincides with several other proposed developments including Schnorr, Graftroot, and MAST — an improvement over P2SH. Some of Bitcoin’s top developers are currently working on a plan to integrate both Schnorr and Taproot as a combined protocol enhancement.

Bitcoin Taproot

P2SH and MAST

Understanding Taproot requires first evaluating a few methods that underpin transactions in the Bitcoin network. Specifically, P2SH (known as pay to script hash) is where coins are locked in a Bitcoin contract containing scripts that define specific conditions that need to be met for the coins to be spent by the owner.

For example, standard transactions require that a private key is produced to verify that the coins can be spent. However, more advanced transactions like multi-sig require that a certain threshold of a group sign a transaction before it can be sent. So, if Alice, Bob, and Charlie are part of a multi-sig party for spending X amount of bitcoins from an exchange fund, a multi-sig P2SH script could require that at least 2 of the 3 participants are required to sign the transaction for the outputs to be spent.

The right to spend specific outputs can correspond to multiple P2SH scripting conditions, but only one needs to be met to authorize a spend.

The conditions of these more advanced transactions are stored in the P2SH script as a hash on the blockchain. However, once the coins are spent, all of the conditions are revealed to the network, whether or not they were the conditions that were met and authorized the spending of the coins. For instance, if the multi-sig 2-of-3 condition is met before another P2SH script condition such as a time lock that also exists, then both the time lock and multi-sig scripts are revealed following the spending of the coins.

This presents privacy problems as not all Bitcoin wallets contain functionality like multi-sig and time lock contracts. Thus, observers can deduce the originating type of wallet of a transaction by eliminating wallets that do not feature advanced P2SH scripting conditions. Numerous conditions can also lead to heavier transactions, reducing scalability.

MAST was designed to improve P2SH by obfuscating the conditions of the script for a transaction. Standing for ‘Merklelized Abstract Syntax Tree,’ MAST obscures the script conditions of a transaction and only reveals the first condition that was met — which was responsible for the valid spent of the coins. MAST cleverly employs Merkle Trees to hash each individual script condition rather than hashing the entire set of conditions. In doing so, a Merkle path can authenticate that a valid condition was met without revealing the other scripting conditions.

Back to the Alice, Bob, and Charlie example. If the P2SH contains both a 2-of-3 multi-sig condition and timelock condition then only the condition that is met first will be revealed. If Alice and Bob sign the transaction, an observer can verify that the 2-of-3 multi-sig condition was met, but they will not know that the P2SH also contained a timelock condition.

Schnorr and Taproot

The primary advantage of Schnorr signatures is their ability to aggregate transactions into a single transaction. Rather than inputs requiring individual signatures, the signatures of multiple transactions can be integrated into a transaction with a single, common signature.

The striking benefit of aggregating signatures is storage savings within each block and subsequent better scalability of the network. However, when applying Schnorr signatures to multi-sig transactions, you allow for Taproot.

By leveraging a trick called ‘threshold signatures’ when Schnorr is applied to multi-sig transactions, participants in the multi-sig can aggregate their signatures and public keys together to spend the coins like any standard transaction. Taproot is an innovation that bridges MAST with this concept where the participants can ‘tweak’ the threshold public key or threshold signature.

Cryptographic Signatures

What are Cryptographic Signatures?

Essentially, they can prove the validity of a spend of a multi-sig transaction script condition without revealing within the broader Schnorr aggregated transaction that their transaction contained complex scripting conditions. As a result, an advanced (multi-sig) transaction can be hidden within an aggregated Schnorr signature as a regular transaction without sacrificing the Merkle path mapping of MAST.

In addition, the transaction does not reveal that it contains a MAST structure.

Schnorr, MAST, and Taproot are viewed as complementary innovations that lead to some fascinating — and more complex — capabilities of Bitcoin transactions.

Bitcoin Core developer Anthony Towns proposed an idea several months later in July 2018 for ‘generalized taproot,’ which would reduce the amount of data required for the initial Taproot proposal. However, he notes:

“As far as deployment goes, I think it makes sense to get an initial schnorr/taproot/mast deployment out first and add graft root/aggregation later. My feeling is there’s no great urgency for generalized taproot, so it would make sense to keep doing schnorr/taproot/mast for now, take time analyzing generalized taproot, and if it seems sane and useful, aim to enable it in a later phase, eg at the same time as graftroot/aggregation”

Taproot is basically ready to be deployed but requires that Schnorr is implemented first or at least in conjunction with Taproot.

Detailed proposals for Schnorr’s inclusion into the Bitcoin Core protocol are already available, however, there doesn’t seem to be a definitive timeline yet for its implementation. The general perception is that Schnorr, MAST, and Taproot will be implemented as a bundle of complementary updates to the protocol.

Schnorr is a significant upgrade for Bitcoin, rivaling that of SegWit. Major updates come with contention and delays among the community, but support behind Schnorr is strong. Developers are working on testing and refining the technical implementation of the upgrade before announcing its final preparation.

Bitcoin developers and the broader community have long been excited about the potential of Schnorr Signature’s integration into the protocol, and it appears that an official date for its inclusion is on the horizon for 2019. Taproot presents some intriguing privacy advantages as a complement to Schnorr and MAST, and the eventual addition of Graftroot even seeks to enhance Taproot by addressing some of its shortcomings in efficiency.  

Bitcoin’s efficiency and privacy have been a focus of the community for years, and meaningful strides have already been made with innovations like SegWit, Stonewall, and Chaumian CoinJoins. Many other proposals will undergo further development throughout 2019, and serve as some compelling improvements to the continually evolving Bitcoin network.

The post What is Taproot? Technology to Enhance Bitcoin’s Privacy appeared first on Blockonomi.

What is Ethereum’s Infura? Scalable Access to Ethereum and IPFS

The decentralized narrative of blockchains and cryptocurrencies draws from their ability to minimize trust across global networks of permissionless participants. There are many components of the development stack that are subject to more centralized designs, however.

Analyzing where developers need to tap into centralized services and technology require evaluating the development process in general, and dapps on Ethereum provide a useful case study. A recent report by Fluence on dapp development highlights how many of the unpolished developer tools and unstable connectivity to blockchains precludes their ability to adequately leverage fully decentralized back-end infrastructure when connecting to the Ethereum blockchain.

What is Infura?

In particular, Ethereum’s Infura was cited by respondents in the survey as the most common method for connecting to the Ethereum blockchain (63 percent) — ahead of development teams running their own full nodes or using other node service providers. Efforts to replace Infura are underway due to the widespread reliance on the centralized layer for plugging into the Ethereum blockchain. So this begs the question, what exactly is Infura?

Accessing Ethereum With Infura

Infura is a scalable back-end infrastructure for building dapps on the Ethereum blockchain. It is a method for connecting to the Ethereum network without having to run a full node, and the service is provided by the company Consensys. The more straightforward interface for tapping into Ethereum is hosted through Amazon cloud servers and is the most commonly method used by dapp developers for connecting to the Ethereum network.

Infura is a collection of full nodes on the Ethereum network that enable developers to connect to these nodes through its interface. As such, a significant portion of dapp traffic runs through Infura — due to its ease of use, no requirement for developers to run a full node locally, and continual maintenance.

The notion of off-loading the need to run a full node is prevalent among developers who can subsequently focus more of their efforts for building dapps on the other areas of their application — rather than consistently managing the full node’s connecting to the network. Infura provides numerous development tools, documentation, and API keys for working with Ethereum — even enabling distributed storage through IPFS. Infura’s IPFS gateway is a useful feature of its design, and the congruency of IPFS with blockchains should continue to fuel the growth of its use among dapp developers.

What is IPFS?

Read: What is IPFS?

Infura also offers a very straightforward dashboard for evaluating network metrics and provides a simple tool for whitelisting smart contracts that a dapp uses. Some of the core components of the Infura infrastructure include a back-end built with both Geth and Parity clients as well as its Ferryman middleware for enhancing the reliability of connecting to the Ethereum blockchain.

Many dapp developers in the Fluence study cited node connectivity and stability as problems that required multiple technical solutions to circumvent. Using Infura can help developers off-load these concerns to a more robust and scalable connection to Ethereum, but it also comes with trade-offs through a persistent reliance on a centralized layer for connecting to the blockchain.

Infura is immensely popular among developers, managing more than 10 billion code requests per day and is used by prominent dapps such as MetaMask, Truffle, and 0X. Its trade-offs are effective for helping to accelerate development on the network, but mounting concerns over Infura’s dominance in connecting to Ethereum have led to numerous projects working to replace the centralized layer.

Centralized Concerns of Infura

Concerns around Infura’s centralization draw from it being hosted on Amazon cloud servers. Since the majority of dapps — including MetaMask — rely on Infura for plugging into the Ethereum blockchain, Infura presents a bottleneck. As a result, Infura represents a single point of failure that also brings with it privacy concerns and a disincentive for developers to run full Ethereum nodes.

If Infura were to crash (e.g., Amazon cuts off service or their servers crash), although unlikely, dapps running on top of it would stop working altogether since they would have no connection to the Etheruem network. Similarly, as a layer through which multiple dapps connect to the network, IP addresses and transaction data (such as wallet addresses) of dapp users can be traced — presenting privacy problems.

Infura’s intuitive interface for managing the connection to the blockchain makes it a practical tool for developers but it also disincentivizes them to run full Ethereum nodes, which leads to reduced decentralization of the network. Full Ethereum clients require the state storage of the blockchain, which contributes significantly to increasing blockchain bloat and storage requirements for running a full node.

Coda Blockchain Bloat

Read: Reducing Blockchain Bloat

The problem lies in the asymmetric incentives for running full nodes for dapp developers. Infura presents a much better option concerning the development process but leads to reliance on a layer that is prone to adverse long-term consequences.

Additionally, full nodes do not receive block rewards as miners do, so the primary incentives to run full nodes from the user’s perspective is to voluntarily contribute to Ethereum’s decentralization along with the better privacy/security assurances that come with running a full node. However, the current incentives for users to run full nodes is not perceived as sustainable as the continual growth of the blockchain will eventually preclude many mainstream consumer computers from being compatible with running a full client.

The general concept of building dapps that rely on centralized services to connect to the decentralized layer is also counterintuitive. The problem is well-known, and multiple projects are working on replacing Infura using incentive models or promoting the use of light clients.

Initiatives to Succeed Infura

Numerous initiatives are underway on Ethereum to reduce reliance on Infura, and Infura is even seeking to reduce their dependence on Amazon along with providing funding for several relevant projects. Although more of a temporary solution, Infura is trying to expand on its cloud service providers by transitioning to multiple providers instead of using purely Amazon cloud hosting.

Other methods for circumventing Infura are predicated on reducing the storage requirements of full nodes or promoting the use of lighter clients for developers. Parity Technologies — a leading Ethereum development company that maintains the popular Parity client — has built and optimized a JavaScript light client in hopes of spurring more adoption of light clients over Infura — known as LightJS.

Another project, called Turbo Geth, reduces the storage requirements of the other primary Ethereum client, Geth. Turbo Geth would make storage requirements and costs for developers running full nodes significantly lower. However, Turbo Geth is a client-specific solution, which is useful in certain cases but does not fulfill larger ambitions to scale Ethereum and make running full nodes more popular.

Broader initiatives need to be tailored to multiple clients and provide incentives for both users and developers to facilitate better decentralization. Proposals such as ‘storage rent’ where users are incentivized for running full nodes have garnered attention among Ethereum researchers, and the concept was initially proposed by Vitalik Buterin.

Similar projects based on incentivizing full node use include VIP Node, which identifies and rewards full clients that are online, and Denode — a project by Chainsafe that provides monetary incentives in a decentralized ecosystem for running full nodes.

Conclusion

Infura has undoubtedly provided an early boon for developers looking to launch dapps on the Ethereum blockchain, and it is likely that significant development on other projects is necessary before the widespread reliance on using Infura to connect to Ethereum is diminished. Although Infura can help developers focus on other aspects of their application’s development by providing a scalable and reliable back-end, dapp user metrics continue to be endemically low.

Until other technologies emerge as viable alternatives to Infura, it is likely that developers will continue to use its services rather than run their own nodes throughout their application’s lifecycle.  

The post What is Ethereum’s Infura? Scalable Access to Ethereum and IPFS appeared first on Blockonomi.

Reducing Blockchain Bloat: Coda Protocol & Instant-Sync Bitcoin Nodes

The ability to reduce the size of a blockchain through pruning or compacting its size presents enormous benefits for the sustainable decentralization of the network and removing the delegation of trust. Reducing the storage burden of full node clients enables users to practically run full nodes without having to purchase higher-end hardware to support running a full client.

Initiatives and proposals to reduce blockchain sizes are increasingly common among cryptocurrencies, including Bitcoin. Similarly, privacy-oriented cryptocurrencies that use more cumbersome transaction constructions add to blockchain bloat faster than more common cryptographic transactions because of the additional proofs tacked onto each transaction.

Cryptocurrencies like Monero and ZCash have recently implemented efficiency upgrades to such transactions, but compact blockchain solutions will likely be needed in the long-term.

Coda Blockchain Bloat

As a result of the growing need to seek solutions to blockchain bloating and faster syncing, several emerging methods for reducing the size of blockchains have come to the forefront of the conversation in decentralization. In particular, some intriguing solutions drawing from zero-knowledge proofs (ZKPs) are in their concept stages or are already testing.

Coda Protocol is one of these projects, which uses zk-SNARKs to compress the size of the blockchain, enabling even mobile clients to run full nodes. Similarly, a recent concept proposal by Tyler Smith details the potential for allowing instant-sync Bitcoin nodes by using ZKPs to produce a full sync of the blockchain with a constant size and in constant time.

Coda Protocol

Coda Protocol is a cryptocurrency coded in OCaml that uses ‘recursive composition of zk-SNARKs’ to compress the entire blockchain to a fraction of the size of traditional blockchain ledgers. The protocol compresses the entire representation of the state of the blockchain into a 1 KB zk-SNARK proof.

The zk-SNARK proof represents the authenticity of the state of the blockchain without nodes needing to store the entire blockchain to validate the ledger. The proof is the only component that needs to be stored — along with a small amount of additional data using a Merkle path from the state’s ledger to an individual’s account.

Coda

Coda refers to the compressed blockchain as a ‘succinct blockchain,’ and the protocol enables a constant-size proof, regardless of the arbitrary amount of computations on the ledger. Rather than blocks containing transactions, they consist of a zk-SNARK that verifies specific transactions exist and transition the state of the ledger.

According to the Coda white paper:

“Nodes can participate in a succinct blockchain protocol without storing anything except for the strongest blockchain and a full or partial state. If a node has these items, they can be certain that the information in whatever state they hold is backed by a blockchain with the strength indicated and that balances have been updated only via a sequence of valid transactions contained in that blockchain.”

The implications of what Coda is working on are compelling. Increasing blockchain sizes will eventually preclude many participants from becoming validators in the network by increasing the hardware costs required to run full nodes. Similarly, full node clients — although operable on average consumer laptops — are not compatible with smartphones because of their lower storage capacities. The ability to have fully validating mobile nodes grants much more powerful decentralization potential by drastically reducing the barrier to access a node that verifies the blockchain.

Another collateral effect of a compressed blockchain is the ability to sync nearly instantly since less than 1 MB of data is required to be downloaded by a node. Coda even provides a fully-verifying state explorer on their website (of their Alpha testnet) that updates in real-time in the browser. The efficiency of a succinct blockchain also enables the network to scale decoupled from the amount of data on the blockchain.

Coda recently announced their Alpha testnet, and the project is a prime example of leveraging the largely untapped power of ZKPs.

Instant-Sync Bitcoin Nodes

Drawing inspiration from Coda and working parallel on a similar concept applied to Bitcoin, Tyler Smith proposed an idea for enabling Bitcoin clients to instantly sync and validate the Bitcoin blockchain with similar constant size and time as the Coda protocol does. Such a solution would remove the need for SPV nodes to delegate trust in the Bitcoin network, vastly improving the efficiency of validating the blockchain in the process.

His concept has already gained traction on Reddit where a meaningful discussion about its potential development and obstacles were debated, a rare occasion on crypto Reddit.

The idea for instant-sync Bitcoin nodes would consist of an overlay network where participants can publish proofs with ‘zk circuits.” According to Smith:

“Instead of baking a particular ZK construction into the Bitcoin protocol we can build an overlay protocol where anybody can produce and publish proofs by processing mined blocks with a ZK circuit that implements Bitcoin’s transition rules. This process would be just like a standard full node syncing, except the state they calculate would be authenticated by the circuit.”

In order to sync, clients would only need to download the most worked state hash, representing the authentic state of the blockchain. Traditional full nodes would function as ‘proof producers,’ but SPV nodes would be able to become validating nodes that can instantly sync with the blockchain rather than relying on full nodes to supplement them with the correct state.

The cumulative PoW could be verified by nodes that are presented with multiple valid states that consist of the UTXO set, block height, PoW, and system state. The state with the most work is the primary chain and the authentic state proof that the node selects without needing to validate the PoW for every block.

Smith notes that a new ecosystem of entities could develop where they are incentivized to provide proofs — such as miners and exchanges. Additionally, he references the improved failure model for SPV nodes:

“In this proposed model, just a single entity providing proofs is sufficient and could be operated by institutions (i.e. non-profits, universities etc) or businesses trustlessly. If all provers are compromised the chain is still secure, but clients that rely on proofs can no longer validate updates. This is a much better failure mode than SPV because nodes are not tricked into accepting an invalid state, they just can’t continue to validate new states until a prover is back online.”

Although promising, some significant hurdles remain. Specifically, the need for more development work on ‘recursive composition of zk-SNARKs’ known as ‘zk circuits,’ and the need for a hard fork to fully implement the proposed features, an arduous proposition for the Bitcoin community’s highly conservative approach to change.

Other Initiatives to Reduce Blockchain Bloat

ZKPs are a relatively new cryptographic method with enormous potential, but they are not the only proposed means for reducing blockchain bloat out there. The recent launches of Grin and BEAM highlight an aspect of Mimblewimble that takes a proactive approach to mitigate an increasing blockchain size as well as the potential for pruning the blockchain.

What is Grin Coin & Mimblewimble?

Read: What is Grin Coin?

Mimblewimble nodes only need to store the current state of the UTXO set rather than the entire blockchain’s history of transactions. Nodes can verify inputs by referencing block headers and dummy outputs, so all the other transaction data is unnecessary. As a result, a Mimblewimble blockchain is much leaner than Bitcoin’s. In fact, Mimblewimble blockchains may not even grow over time depending on whether or not more coins are stored in fewer outputs since only specific unspent transaction outputs are required to be verified.

Outside of the proactive advantages of Mimblewimble, data from the blockchain can be pruned since nodes only require the UTXO commitments.

In Grin’s Github documentation, three contributors (two Harry Potter aliases): Ignotus Peverell, Seamus Finnigan, and Quentin Le Sceller outline several contexts for pruning data.

  • A full node removes already validated data.
  • An SPV mode may not be interested in receiving or retaining all the data.
  • Intended full nodes may act as partially validating (SPV) nodes to become available quicker, even though they eventually become full nodes.

Pruning can only remove data that is not required for state validation, so Mimblewimble protocols would always require that the block headers, kernels, unspent transaction outputs, UTXO MMR and range proof MMR remain intact.

There are other proposed pruning and compact blockchain methods for various cryptocurrencies, and they are not strictly limited to ZKPs or Mimblewimble protocols.

Reducing blockchain sizes or decelerating their growth will become vital as many of the established cryptocurrency chains progressively snowball. The Bitcoin community, in particular, has shown an inclination to make the necessary network adjustments when needed, so it will be interesting to watch how innovations to help mitigate the increasing size of Bitcoin’s blockchain emerge. Instant-sync nodes and succinct blockchains offer a glimpse into the power of the ZKPs, and the future development and application of the novel technology are convincing.

The post Reducing Blockchain Bloat: Coda Protocol & Instant-Sync Bitcoin Nodes appeared first on Blockonomi.

What is the BEAM Coin? Mimblewimble & Grin vs Beam

The Mimblewimble blockchain protocol has been receiving significant attention recently following the launch of its first two full implementations — Grin and BEAM. We already have an overview of Grin and Mimblewimble available, so it is prudent also to evaluate BEAM and identify how it differentiates from its cousin Mimblewimble crypto — Grin.

Both Grin and BEAM are open-source protocols, which launched their mainnets over the last several weeks, with BEAM going live at the beginning of January. Significant hype has followed the Mimblewimble protocol since its anonymous proposal by Tom Elvis Jedusor in 2016, specifically due to the privacy and efficiency enhancements that are inherent with the unique transaction construction model it uses.

What is BEAM Coin?

Although similar, BEAM differs from Grin in several important ways, including its monetary policy, mining, community, and overall governance.

Brief Overview of Mimblewimble

Mimblewimble is a stripped down version of Bitcoin’s protocol designed to change the method for constructing transactions, leading to improved efficiency and privacy in the network. The collateral effect of enhanced privacy is fungibility — a property of a currency that does not distinguish one unit of value between another, as they are all equal.

Mimblewimble uses a combination of Confidential Transactions (CTs) and Pedersen Commitments to allow the receiver of a transaction to generate a ‘blinding factor’ as the signing key for a transaction. Like other privacy-focused transaction methods, CTs are more cumbersome than standard cryptographic transactions in Bitcoin because of the proofs that need to be added to each transaction.

However, Mimblewimble was designed to sidestep the cumbersome nature of CTs by stripping them of their scripting behavior, and in combination with the blinding factors and ‘dummy outputs,’ the protocol can achieve the same level of security and privacy of CTs without the performance issues.

Additionally, Mimblewimble uses a transaction aggregation method similar to CoinJoin that removes the need for storing much of the past transaction data in the blockchain. Transactions within a block in Mimblewimble instead look like a random mix of inputs and outputs, rather than a block iterating a list of correlating inputs and outputs. Nodes can subsequently sync with the blockchain much faster because they rely only on verifying the authenticity of specific inputs rather than the entire blockchain using the native ‘cut-through’ feature of Mimblewimble.

The compacted history of the blockchain contains the block headers, system state, and the output signatures of the ‘dummy outputs.’

The result is a blockchain protocol that confers better privacy and scalability deriving directly from its method for constructing transactions. The blockchain grows at a significantly reduced pace, enabling the more practical operation of full nodes, which has a positive long-term impact on the decentralization of the network.

What is BEAM?

BEAM launched in early January and was the first full Mimblewimble implementation to go live, followed by Grin a couple of weeks later. The protocol for BEAM is written in C++ and expands on the original proposition of Mimblewimble with some additional features. Currently, a GUI wallet for users is available on MacOS, Windows, and Linux.

Development on BEAM was started later than Grin, beginning in March 2018, and has taken a more structured company approach — akin to ZCash — than Grin, which is largely driven by community-funded donations and a core team of developers who have been working with Mimblewimble since its original proposal. BEAM’s focus is on providing a private store of value, tailored towards a user-friendly approach and a startup mindset.

Beam Wallet

BEAM has several features — both under development and working now — that expand on the original Mimblewimble design, including the use of transaction signing via the Schnorr protocol, opt-in auditability, Bright Boson (a working development for atomic swap support with Bitcoin), offline transactions, and hardware wallet integration as part of Bright Boson.

BEAM also emphasizes catering to businesses and separating the platform’s development into two avenues: BEAM Core and BEAM Compliance. BEAM Core focuses on the technical innovation of the network’s design while BEAM Compliance targets the opt-in compliance and auditability aspects of the network. BEAM Compliance is the segment of the project that caters directly to businesses looking for auditability for regulators or auditors while still retaining privacy as an optional feature.

The technical similarities between BEAM and Grin are apparent, as they are both Mimblewimble-based protocols, so evaluating the other areas in how they differ is the best means for distinguishing the two projects.

Grin vs Beam – What are the Differences?

One of the primary differences between BEAM and Grin is their inception and general community/governance approach. BEAM’s governance and development model is a more company-like structured design, similar to ZCash, while Grin draws inspiration more from the Monero model of open-source community members independently working on the project through donations.

Overall, we can separate the main variations between Grin and BEAM into several categories:

  • Monetary Policy
  • Governance/Community
  • Mining
  • Technical Nuances/Direction

Monetary Policy

BEAM’s monetary policy explicitly emphasizes a private store of value rather than a ‘P2P digital cash.’ BEAM’s supply is capped at roughly 263 million BEAM tokens and uses a deflationary emission schedule based on the halving of block rewards over time, similar to Bitcoin. The block reward for the first year is 80 BEAM coins per block and will halve approximately every 4 years until the 133rd year when emission stops.

Importantly, BEAM issues rewards on a per block basis to the BEAM Treasury that are paid out on a monthly basis to the BEAM Foundation including investors, developers, and advisors. This model is similar to ZCash’s Founder’s Reward and is used for funding the ongoing company-based approach of the cryptocurrency. The reward issued to the treasury is 20 coins per block for the first year and decreases to 10 coins per block throughout the next 4 years.

Conversely, Grin is designed as an anonymous currency with an uncapped supply and linear inflation supply schedule designed to maintain a relatively stable price. Rather than a store of value, Grin is predicated more on its use as a fungible and private currency for transactions. A new Grin coin is minted every second, equating to 60 per each 1-minute block, and the overall dilution of the inflation decreases over the years, eventually approaching zero although never actually reaching zero.

The implications of Grin’s monetary policy are intriguing and is a unique perspective in the broader cryptocurrency sector. Grin does not have a treasury, founder’s reward, or company behind it, and instead, relies on donations and voluntary participation through an open-source structure.

Governance / Community

BEAM’s governance and early VC funding resemble a startup approach where full-time developers and contributors are hired in a traditional company setting. The BEAM Foundation currently oversees the project — a non-profit to be set up in Switzerland that will guide the development of the network.

BEAM continually emphasizes usability — particularly with businesses — through its opt-in auditability features which allow businesses to provide financial trails of transactions for auditors/regulators if necessary. Part of its broader BEAM Compliance initiative, the BEAM compliance suite is targeting integrated third-party services and complying with regulations in specific countries. BEAM sought investment from VC firms and is actively seeking development partners as well as the establishment of the BEAM Sovereign Money Foundation this year.

Grin draws more from cypherpunk roots and is focused on a clean and minimal Mimblemwimble implementation with some more experimental components part of its design. The project is entirely community-driven, relying on financial contributions from donors and voluntary development work. The Grin Github repo lists numerous resources for contributing as well as a list of community projects currently ongoing. Grin and Mimblewimble both consistently reference Harry Potter, and many of its lead developers use pseudonyms from the fantasy series.

Beam Mining

Both Grin and BEAM use optimized versions of the Equihash PoW mining algorithm, Cuckoo Cycle and Equihash, respectively.

BEAM targets early decentralization of the network by becoming ASIC-resistant over the first 12-18 months, allowing BEAM to be mined on GPUs. The development team will hard fork the protocol several times to adjust the mining algorithm over the next several years, eventually allowing for ASIC mining. The idea is to give GPU miners a head start over ASICs.

Grin employs a dual-structure mining algorithm with Equihash and Cuckoo Cycle that will enable users to mine the cryptocurrency using GPUs initially, while also allowing for ASIC mining later. Cuckoo is a memory-bound algorithm and will become the primary mining algorithm after two years, enabling the growth of the ASIC mining market once the network’s decentralization matures.

How to Mine Beam Coin

Read: Our Guide to Mining Beam Coin

Technical Nuances / Direction

BEAM cites several of the more experimental initiatives of Grin as one of the differentiating features between the two cryptocurrencies. Despite both being Mimblewimble implementations, Grin and BEAM focus on slightly different technical directions, although they do collaborate between each other.

Some of the nuanced technical differences between the two protocols include:

  • BEAM is written in C++ while Grin is written in Rust.
  • Grin emphasizes a minimal implementation of Mimblewimble.
  • Grin currently only has a CLI wallet. BEAM has a GUI + CLI wallet.
  • Privacy is default and non-optional in Grin. BEAM enables opt-in auditability.
  • Grin takes a more experimental approach in technical developments than BEAM.
  • BEAM enables non-interactive offline transactions via secure BBS system. Grin uses plain text such as email.

BEAM Core is the technical avenue of the BEAM project and has numerous developments in the pipeline over the coming years including:

  • Agile Atom — An API documentation and ecosystem.
  • Bright Boson — Includes atomic swaps with Bitcoin, hardware wallet integration, Android mobile wallet, lightning network PoC, integration with BTCPay Server.
  • Clear Cathode — Mining algorithm hard fork, iOS mobile wallet, web wallet with multisig support, lightning Alpha.
  • Double Doppler — Alternative consensus research, porting BEAM, enhanced wallet security, lightning Beta.
  • Eager Electron — I2P/Tor Integration, BLS signatures, lightning mainnet.

Of note, BEAM experienced a critical vulnerability in its core wallet following its launch, but has now fixed the bug and provided instructions for users to remove their exposure to the vulnerability.

Grin also has numerous innovations on the horizon including:

  • GrinSwap — Atomic swap functionality
  • Confidential Assets
  • Schnorr Signatures
  • Possible ZKP integration
  • BLS Signatures
  • Scripting – Multisig support, time-locked transactions, Lightning Network
  • Hidden nodes/Onion routing
  • Blockchain Pruning
  • Dandelion Protocol optimization

Grin is continually undergoing suggested upgrades and improvements in a more ‘rough consensus’ style, which more can be found on in its community forum and Github repo.

Notably, both Grin and BEAM already employ Dandelion++ as a network-layer privacy enhancement, which is pegged for inclusion into Bitcoin this year as well.

One of the challenges that both Grin and BEAM will face is adequately reaching a level of network decentralization while incentivizing miners to contribute more hash power to the network, securing the chains. Both projects are mitigating ASIC functionality in their early stages, and bootstrapping a PoW-based cryptocurrency is an arduous task. Gathering support of GPU miners in the first couple of years is crucial to decentralization before the ASIC market matures, but both projects need to effectively aggregate sufficient hash power to deter possibilities of malicious chain reorganizations attempts too.

Launches of new protocols also come with inherent criticisms of what constitutes a ‘fair launch.’ The topic is polarizing and can be subjectively interpreted, but Hasu and Arjun Balaji present some excellent analysis on the fair distribution of a launch and how Grin has come about as close as possible to a fair model in today’s market.

Conclusion

Grin and BEAM are the first two full Mimblewimble implementations and bring with them some substantial advantages in privacy and efficiency. The future development of the projects will provide some unique innovation in the broader cryptocurrency narrative toward’s better privacy. Although drawing from the same blockchain protocol, BEAM and Grin have some distinct differences. As they continue to progress, their preferred applications and audiences should emerge.

The post What is the BEAM Coin? Mimblewimble & Grin vs Beam appeared first on Blockonomi.

What Can You Buy With Bitcoin? Guide to Merchants Accepting BTC

Bitcoin’s emergence has seen an incredible amount of speculation about its price. However, the further adoption of Bitcoin as a viable means of payments and acceptance among merchants is what will drive it into the next phase of its development.

Despite Bitcoin’s on-chain structure functioning more of a high-value settlement layer than payments network, numerous merchants already accept Bitcoin as payment. Further, the proliferation of the Lightning Network (LN) — Bitcoin’s second layer payments network — is already showing signs of becoming the scalable infrastructure that Bitcoin needs to function as P2P digital cash. Lightning apps (called Lapps) are rapidly emerging, and their integration with merchants — along with the continued growth of the network — should help expand Bitcoin’s adoption.

What can you Buy with Bitcoin?

With so much speculation surrounding Bitcoin, it’s worth evaluating what you can buy and transact with in Bitcoin for regular, everyday transactions as well as some more fringe use cases.

Merchants That Accept On-Chain Bitcoin Payments

Outside of the characteristic advantages of being able to send Bitcoin to anyone with a Bitcoin wallet with minimal fees and no intermediaries, there are multiple merchants that accept Bitcoin as a legitimate alternative payment method to fiat currencies for goods and services.

From the merchant standpoint, inherent advantages of Bitcoin include reduced transaction fees from major payment network cards, broader market access, and final settlement without chargebacks.

Travel

Several travel platforms that accept Bitcoin payments for booking flights, hotels, and more include Expedia, CheapAir, and BTCTrip. BTCTrip is explicitly designed to find flights and make payments directly in Bitcoin. CheapAir actually accepts Bitcoin through BTCPay Server, a useful free and open-source, self-hosted payment server.

You can even book future space travel tickets on Virgin Galactic’s future travel line in Bitcoin.

Virgin Galactic

Online Products & Applications

Online retailers are where Bitcoin purchases have made their largest footprint so far. Major online retailers like Overstock and Bic Camera (Japan) accept Bitcoin payments directly. Further, Coinbase Commerce enables trivial integration of Bitcoin payments for major e-commerce platform websites including Shopify, WooCommerce, and Magneto 2, which constitute a vast number of ecommerce sites in the world.

Gift card companies eGifter and Gyft also enable purchasing of gift cards in Bitcoin that are redeemable at Amazon and other major retailers. Finally, some sellers on Etsy — the homemade and vintage supply ecommerce platform — also accept Bitcoin directly.

Gold and Silver

Looking to buy gold or silver in Bitcoin? Several companies provide that option too, including JM Bullion, GramGold, and APMEX. GramGold pegs their native coin to one gram of gold, and it can be purchased on exchanges like Kucoin with Bitcoin. APMEX accepts Bitcoin payments for gold under $250,000 and offers custodial services as well.

Cryptocurrency and Gold

JM Bullion even offers a 4 percent discount on gold and silver purchases with Bitcoin.

Real Estate

Real estate — particularly luxury real estate — has emerged as another sector where Bitcoin can be used directly for purchases. Bitcoin Real Estate allows you to buy or sell your home directly in Bitcoin and lists properties worldwide for sale that can be purchased in the legacy cryptocurrency.

Further, numerous real estate companies are accepting purchases of properties in Bitcoin, citing the growing demand for younger investors to pay via alternative methods.

Bitcoin Real Estate

Charities

The direct, transparent, and final nature of Bitcoin transactions also makes it a widely accepted means for donating to charities. Bitcoin Wiki provides a comprehensive list of charitable organizations that accept Bitcoin donations, including Fidelity Charitable, the Human Rights Foundation, and the Binance Charity Foundation.

Other services — like BitGive — are charitable non-profit organizations soliciting donations in Bitcoin as well as USD. Charitable organizations — like the Binance Charity Foundation — are also leveraging the blockchain for auditability and transparency of donations in an attempt to overcome many of the problems associated with the inefficient dispersion of donated funds.

Services

With the help of Blockonomics, WordPress has also helped facilitate the integration of cryptocurrency payments — including Bitcoin — into their ecommerce sites using WooCommerce. WordPress accounts for 32 percent of websites on the Internet and it provides step-by-step instructions on how to integrate your ecommerce store with Bitcoin.

Some other online services that accept Bitcoin are NameCheap — a domain registrar — and ExpressVPN — a popular VPN service for multiple devices.

Sporting Events

The Dallas Mavericks are set to accept Bitcoin payments, and the Sacramento Kings have been accepting Bitcoin since 2014. Further, the Kings even mine Ethereum to fund tech scholarships.

Luxury Goods

Luxury goods have also arisen as a popular area for accepting Bitcoin payments from high-end cars to opulent jewelry.

Post Oak Motors accept Bitcoin payments via BitPay for Bentley’s, Rolls Royces, and Bugatti’s. BitCar even allows for fractional ownership in vehicles, and private dealerships in Orange County allow customers to purchase Lamborghinis in Bitcoin.

Buy a Car with Bitcoin

AntwerpOR accepts Bitcoin payments for diamonds and other jewelry online.

Taxes

In light of recent developments in Ohio, businesses can now pay a variety of taxes directly in Bitcoin. Ohio is the first state to officially implement Bitcoin payments for taxes, and companies need to register with the Office of the Ohio Treasurer. Other states have also been considering similar Bitcoin-enabled tax payments, including Arizona, Illinois, and Georgia. However, it is unclear whether or not the proposed initiatives will be passed at this point.

Lightning Network Apps and Payment Tools

Adoption of Bitcoin for online purchases has mostly been confined to on-chain Bitcoin transactions as the LN is still developing and transitioning to a more mature and user-friendly technology. However, new projects and developments within the LN space are seemingly popping up every day, with some focused on providing viable LN-enabled payments for merchants and others testing out the network’s features with small games and applications.

Payment Services

CoinGate offers a merchant payment gateway that is Lightning-enabled. Similarly, Bitrefill is working on a new project — Thor — to make accessing and using the LN much simpler for mainstream users. Bitrefill allows users to buy vouchers and gift cards directly in Bitcoin and other cryptocurrencies as well as top off prepaid phones and bills.

The Elements Project from Blockstream also provides a c-lightning implementation for a WooCommerce plugin, enabling users with WooCommerce ecommerce online stores to accept lightning payments. Lightning Charge — built on top of c-lightning — is a drop-in solution for accepting lightning payments as well.

Finally, BitcoinLightning.shop is an online store that is lightning-compatible, offering a range of products and built with BTCPay Server and the c-lightning WooCommerce plugin.

Games

Small games are typically some of the first applications to emerge with a novel technology, particularly a payments network like the LN which can facilitate instant micropayments. The most prominent game that blossomed into one of its first well-known projects is Satoshi’s Place, a lightning-powered graffiti artboard where users buy pixels with satoshis — the smallest unit of payment in Bitcoin.

Other games include BitQuest — the first Minecraft server that is cryptocurrency-compatible and supports lightning payments — and Hammerland — an RPG game that uses the LN for in-game payments.

Bitquest

Miscellaneous

Several other LN apps have also emerged recently, such as EClair’s Scala implementation Starblocks — a virtual coffee shop — and tipping tools such as the Slack Tipbot and Elaine Ou’s twitter bot.

The Lightning Desktop App from Lightning Labs and Zap wallet by Jack Mallers are popular full LN implementations available to users today. The Zap wallet is designed as a user-friendly wallet, and is compatible with mobile devices as well.

You can find a comprehensive and evolving directory of Lightning Apps from the Lightning Network Developer community here.

Conclusion

Bitcoin’s volatility currently makes it a hard sell for many merchants to accept it as a viable means of payment. However, there are myriad merchants, services, and online games that already accept Bitcoin payments, and the list is growing. The Lightning Network’s further development and enormous design space should also help garner acceptance by more merchants as useful and fun applications continue to materialize.

The post What Can You Buy With Bitcoin? Guide to Merchants Accepting BTC appeared first on Blockonomi.

Ethereum vs Bitcoin: What are the Differences?

Bitcoin and Ethereum are the two most well-known cryptocurrencies today, with the former the legacy cryptocurrency created by the anonymous Satoshi Nakamoto in 2008 and the latter proposed by Vitalik Buterin in 2013. Although both cryptocurrencies have several similarities, their designs are distinctly different and the application of their networks are tailored towards different use cases.

Understanding the key differences between Bitcoin and Ethereum can provide a better grasp on the broader cryptocurrency and blockchain industry as a whole, as they are both integral components of the market with large open-source communities and influential developments.

Ethereum vs Bitcoin Differences

Comparing the Differences Between Bitcoin and Ethereum

The main difference between Bitcoin and Ethereum stems from their conceptual design. Bitcoin is predicated on becoming a secure, censorship-resistant value system outside of the traditional financial realm while Ethereum is designed as a ‘decentralized world computer’ where Turing-complete functionality enables users to build and run applications on the network through the Ethereum Virtual Machine (EVM).

There are numerous subtle differences between Bitcoin and Ethereum, but generally analyzing the primary variations requires evaluating the following:

  • Transaction Schemes
  • Monetary Policy
  • Smart Contract and Scripting Functionality
  • Mining/Consensus/Development
  • Narrative & Practical Applications

Transaction Schemes

Both Bitcoin and Ethereum employ public-key cryptography for authenticating transactions that are validly signed by the party who retains control of the private keys to access the native cryptocurrency on each network, BTC and ETH, respectively. However, they differ in the structure of their transaction models.

Bitcoin uses what’s called an ‘unspent transaction output’ scheme known as UTXO. Transactions are all linked together in a chain of inputs and outputs, with unspent outputs representing the ‘funds’ that an individual — with a corresponding private key that unlocks a specific amount of BTC — can use to spend as inputs in a new transaction.

Users do not technically own specific BTC, but instead, hold the right to spend a precise amount of unspent transaction outputs in the network. Bitcoin uses ECDSA as its digital signature algorithm for its public-key encryption, and senders digitally sign the hash of a previous transaction in combination with the recipient’s public key to validly construct a transaction.

Conversely, Ethereum uses an account-based model more similar to traditional checking accounts with a bank. Addresses (public keys) in Ethereum contain the transaction information for each ‘account’ where an update to that specific account is considered a state transition. There are two types of account in Ethereum:

  1. Contract Accounts
  2. Externally Owned Accounts

Contract accounts are smart contracts that are run by code and programmed to receive, store, and contact other accounts in the network based on certain inputs.

Externally owned accounts are controlled by users and can send and receive transactions, and sign them with their private keys.

Notably, Ethereum uses ‘gas’ a derivative of the native currency Ether which is appropriated to pay for transactions and computational execution across the network, mainly designed to mitigate spam. Ethereum also uses the ECDSA digital signature algorithm for transactions.

Overall, Bitcoin’s UTXO design is useful for the broader consensus of the network, as all inputs and outputs are linked to each other, and it also provides a more straightforward design of interlocking accounting records that are timestamped in the blockchain. Ethereum selected an account-based model for more considerable space savings, constant light client reference, and other advantages found here. The transactions schemes for both are designed to fit the mold of what each network is attempting to accomplish.

Monetary Policy

The differences in monetary policy are some of the most profound and often overlooked variances between Bitcoin and Ethereum.

Bitcoin’s monetary policy has been set since its creation and is governed by the total cap on the number of BTC available (21 million), halving of block rewards roughly every four years, and the difficulty adjustment of the mining target to ensure a consistent release of blocks approximately every ten minutes. Bitcoin’s emission rate correlates directly to mining, as miners receive newly minted BTC as a block reward for winning the lottery-like consensus round every ten minutes. The emission is deflationary and equates to a diminishing issuance over time.

Bitcoin Halving

Read: What is the Bitcoin Halving?

As a result, Bitcoin is often referred to as ‘digital gold’ because of its high stock-to-flow ratio and scarcity of BTC. Bitcoin’s cemented monetary policy is one of its cardinal advantages.

Ethereum’s monetary policy is more fluid and has not been entirely set in stone yet. While Ethereum still uses mining similar to Bitcoin in a PoW scheme — also with a difficulty adjustment to ensure blocks are created roughly every 12 seconds rather than 10 minutes –, there is an ongoing debate about the network’s monetary policy as the network looks to transition to Proof of Stake (PoS) consensus.

Currently, the circulating supply of ETH is roughly 104,500,000 with a decaying emission targeting low inflation. However, in the Ethereum 2.0 proposed roadmap — known as Serenity — the rough consensus around the emission rate for PoS is between a target of 0.5 – 2 percent and perpetual inflation will accumulate proportionally to ETH holders that choose to stake their ETH as validators.

Bitcoin’s concrete monetary policy is a distinct advantage over Ethereum, as the Ethereum community has prioritized other network components over solidifying its monetary policy throughout the last several years. The transition to PoS is an enormous move by Ethereum, which will be one of the major restructuring projects to watch closely in the broader cryptocurrency sector.

Smart Contracts and Scripting Functionality

Bitcoin has a stripped down and simple scripting language that can be leveraged for useful mechanisms like multi-sig transactions and certain wallet features, but Ethereum is designed explicitly for facilitating Turing-complete smart contracts and decentralized applications on its network.

The eventual growth of sidechains on Bitcoin — like RSK — should confer Turing-complete smart contract functionality to a sidechain tethered to the Bitcoin blockchain, but sidechains are still in their early stages.

Ethereum is the first smart contracts platform with an emphasis on developers building applications (dapps) that run on its decentralized virtual machine. Dapps differ from traditional applications primarily in that they are censorship-resistant, and Ethereum has seen numerous dapps from prediction markets like Augur to collectible games like Cryptokitties since its inception.

Dapps have some interesting implications, but the lack of scalability of decentralized, public blockchain networks at the moment has hindered their adoption, hence, why Ethereum is transitioning to PoS consensus, to enable scalable dapps that can rival centralized applications in performance.

Mining/Consensus/Developments

Bitcoin and Ethereum both are PoW-based public blockchain networks where miners compete to create blocks in an open and competitive market. Bitcoin uses the SHA-256 mining algorithm while Ethereum currently uses the Ethash algorithm. ASIC miners are available for mining both algorithms, and the mining markets for Ethereum and Bitcoin are similarly dominated by large mining pools.

The PoW consensus of Bitcoin and Ethereum allowed both of them to aggregate hash power over the years and become more secure, decentralized networks. PoW mining is an elegant method of money issuance that mitigates against the arbitrary inflation of a currency by creating an open market for mining and confers censorship-resistance to algorithmically predetermined issuance rates of the currency.

Bitcoin Mining

Read: Bitcoin Mining – Is it worth it?

However, PoW mining is exceptionally challenging to bootstrap as it requires establishing network effects and incentivizing miners to mine on the network. Additionally, it is not ideal for Ethereum’s scalability as a smart contracts platform because of its slow on-chain throughput capacity and is why Ethereum is slowly transitioning to a PoS model which enables faster consensus on the network’s state.

Ethereum’s PoS will not be fully implemented for the next couple of years, so it is impossible to project how it will turn out, but many core community members view it as the necessary step for the smart contracts platform.

The scalability problems of Ethereum and Bitcoin have also led to layer two scaling solutions, like Bitcoin’s LN and Ethereum’s Raiden Network. Bitcoin’s scaling challenges are less complicated than Ethereum due to the more substantial complexity of the Ethereum network. Additional proposals for layer two scaling of Ethereum include Plasma and dappchains which would supplement the on-chain throughput of the network by localizing consensus to specific dapps and childchains tethered to the root chain.

Plasma & Raiden Network

Read: Plasma & The Raiden Network: Ethereum Scaling Solutions Explained

Consensus is also critical from the development perspective. Both Bitcoin and Ethereum use open-source improvement proposals from the community. These are BIPs for Bitcoin and EIPs for Ethereum. Users and developers can contribute to both and governance take the shape of an off-chain ‘rough consensus’ for both networks rather than a baked-in on-chain governance protocol. Bitcoin and Ethereum retain the two largest open-source communities in the cryptocurrency sector.

The two communities differ slightly in their approaches, however. Bitcoin’s community has taken a prudent approach emphasizing conservative changing of core components of the protocol in an effort to maintain robustness and sustainability. Ethereum’s open-source community and lead devs are more focused on adapting to network needs by implementing more liberal upgrades/changes to the network, as indicated by the planned shift to PoS consensus.

Time will tell how well Ethereum’s transition plays out, but Bitcoin’s resilience and conservative approach have proven a successful recipe for sustainability for over a decade. Ethereum’s more significant changes come with inherent risk but also potential opportunity to evolve dynamically.

Narrative & Practical Applications

Bitcoin’s narrative has evolved from a fringe digital currency to a high-value settlement layer and digital gold that has a penchant for resilience in the face of persistent criticism, skepticism, and misperceptions. It has become a viable alternative means of value storage and transfer outside of the traditional financial realm and is primarily an invention of money.

Bitcoin users are usually professionally involved with the legacy cryptocurrency or ideologically predisposed to use it out of general aversion to inflationary fiat currencies, or simply use it out of curiosity or necessity. Bitcoin’s community emphasize privacy, robustness, and censorship-resistance, which have led to some innovative developments and applications of Bitcoin.

Bitcoin’s on-chain throughput is not sufficient to support a digital P2P payments network, but the continual progression of its second layer Lightning Network (LN) has the potential to change that.

Ethereum’s community is focused on building a scalable smart contracts platform that is also censorship-resistant and can provide the foundation for a new generation of applications. Ethereum is useful for making dapps that have various use cases. Digital collectibles are provably scare and immutable for games, prediction markets are censorship-resistant, and intermediaries can be removed from sharing economy business models.

Dapps on Ethereum — or any other smart contracts platform — have endemically poor user numbers, so the eventual outcome of Ethereum’s transition to PoS weighs heavily on the success of the platform as a viable means for building, running, and using dapps.

Future Roadmaps

The future roadmaps of Bitcoin and Ethereum are chock-full of innovative ideas and upgrades to the core protocols.

Efficiency and privacy enhancements are the focus of many future Bitcoin upgrades, including the long-awaited incorporation of Schnorr signatures into the protocol and network-layer privacy protections like Dandelion++. Similarly, the LN is poised to continue growing, bringing with it a massive design space for more applications and payment capabilities for merchants looking to use Bitcoin. The proliferation of sidechains — like RSK and Liquid — is also a trend to watch closely in the coming years.

Ethereum’s transition to PoS is clearly the most significant development with the smart contracts platform. The change will come in multiple steps, including the upcoming Constantinople upgrade and eventually the fully live PoS Serenity completion. There are other developments for Ethereum on the horizon too. The potential inclusion of zk-SNARKs into the network can improve efficiency and privacy across the network, and future bridges to networks like Cosmos and Polkadot can help to supplement Ethereum’s scalability.

Conclusion

Bitcoin and Ethereum are the two most established cryptocurrencies today. Bitcoin as the novel digital currency that started a movement, and Ethereum as the smart contracts platform striving to be the foundation for a new generation of applications. Comparing their primary differences allows you to understand what defines the narrative and benefits of both cryptocurrencies.

There are many more nuanced technical differences between Bitcoin and Ethereum, and as always, it is best to do your own research when evaluating cryptocurrencies.

The post Ethereum vs Bitcoin: What are the Differences? appeared first on Blockonomi.

How to Invest in Bitcoin: Complete Beginner’s Guide

Bitcoin’s arrival into the mainstream was accompanied by massive evaluations of altcoins, a short-lived ICO craze, and many  misunderstandings about the vision and potential of Bitcoin. Over the last year, numerous developments have unfolded that give more access to investing in Bitcoin and interacting with the legacy cryptocurrency than ever before.

While access to Bitcoin is still far from being ideal, options for investing in it are significantly greater than they were only several years ago. From the proliferation of exchanges to alternative means of acquiring it, evaluating various ways to invest in Bitcoin is worth your time and effort.

How to Invest in Bitcoin

Bitcoin Price & Market

Bitcoin’s price has been volatile since its inception. Starting from the first purchase of a good or service using 10,000 bitcoins to buy a pizza, Bitcoin’s value has been a rollercoaster ride. Bitcoin’s price skyrocketed towards the end of 2017 and peaked at roughly $20,000 in January 2018, causing a flurry of mainstream media coverage and questions about what precisely the novel digital currency was.

Bitcoin Price Chart

You can use our Bitcoin Price Chart page to view historic prices of BTC

To the majority of the mainstream, Bitcoin’s volatility bears too much risk to invest in it, although millennials have shown a favorable disposition towards swapping their hard earned money for some Bitcoin. Following the meteoric rise in price, Bitcoin — along with the broader crypto market — has been undergoing an extended bear market, where the price currently sits around $3,600.

Investing in Bitcoin has inherent risks that investors need to be aware of before purchasing it, and you can find extensive information on the original cryptocurrency all over the web today. If you’re interested in Bitcoin, the prudent approach is to do your own research and discover whether or not you are willing to enter an emerging market of digital assets that has no precedent. Making small investments is a great way to start and learn about how to interact with wallets without overexposing yourself to the market’s volatility.

If you’re looking to invest in cryptocurrencies in general, choosing Bitcoin should be your first option. Its robustness is unparalleled in the industry and is one of its greatest, if not its cardinal, strength.

The general narrative around Bitcoin that has been molded over the years is that of ‘digital gold,’ where its predetermined issuance rate — controlled by its mining difficulty adjustment and decentralized network — provides significant advantages over fiat currencies in knowing that your investment will not be diluted through arbitrary inflation.

If you’re a newcomer to the Bitcoin and cryptocurrency space, seeking monetary refuge from hyper-inflationary economies, or an advanced user who believes in the ideological aspects of Bitcoin, there are several areas that you need to evaluate when investing in Bitcoin.

What is Bitcoin? Complete Guide

Take a look at our Complete Guide to Bitcoin if you need a primer on the History

Long-term Investing or “Hodling”

Many long-term ‘hodlers’ view Bitcoin as the hardest money available, and choose to store large amounts of their earnings in the cryptocurrency. Doing so presents risks, but from their perspective, it is one of the greatest investment opportunities in history and a legitimate means of value storage and transfer outside of the traditional financial world.

Their belief in Bitcoin as digital gold with a high stock-to-flow ratio is well-founded, and advances like Bitcoin’s LN may eventually enable the network to scale as the P2P digital cash originally envisioned by Satoshi Nakamoto.

Bitcoin Wallets

If you’re looking to store Bitcoin as a long-term investment, the best method to safeguard your coins is using a cold storage hardware wallet. Popular cold storage wallet brands include Trezor and Ledger, and they also offer support for other cryptocurrencies. Cold storage can even be beefed up with multisig services like Casa where signatures from multiple physical devices are required to unlock your stored Bitcoin.

Full Bitcoin clients are also viable means for long-term storage of bitcoins, but not as secure as cold wallet solutions. Besides purely investing in Bitcoin, you can support the decentralization and connectivity of the network by running a full node, which incorporates yourself into the Bitcoin core protocol that stores the entire blockchain.

Short-term holders who are looking to invest in Bitcoin in small amounts out of curiosity or for experimenting with sending/receiving it can opt to use hot and custodial wallets. Third-parties control these wallets, so they are not ideal for security assurances, but are convenient to use and offer excellent user-interfaces for using Bitcoin. Popular custodial wallets include Blockchain Wallet, Copay and BreadWallet.

Bitcoin Paper Wallets

Read our Complete Guide to Bitcoin Wallets for More information

Mining Bitcoin

In the early days of Bitcoin, users could mine Bitcoin on laptops and desktop computers, earning copious amounts of Bitcoin at drastically lower values than what they are today. As such, early mining in Bitcoin turned out to be one of the most lucrative investments ever. However, mining has evolved into a giant industry, where outsized companies like Bitmain and large mining pools like F2Pool and BTC.com dominate the market.

ASIC miners are really the only feasible way to mine Bitcoin today, and hosting your own ASIC rig is a serious investment that requires hardware costs, operating time and electricity. Further, small, independent miners using home-based rigs often have to operate at losses during extended depreciations of Bitcoin’s spot price as profit margins are diminished. However, if you wish to try your hand at Bitcoin mining, there are numerous tutorials for discerning which hardware and software suit your needs and budget.

Cloud mining services also enable users to purchase contracts for ASIC mining rigs within extensive mining warehouses that are operated by a third-party mining company. These companies offer regular returns based on your investment and can be convenient if you wish to earn Bitcoins through mining but do not want to go through the hassle of setting up your own rig. Hashflare and Genesis mining are two popular cloud mining services.

Bitcoin’ mining market is a fascinating component of its broader ecosystem, and adequately understanding how it works, as well as watching its future development is vital to comprehending the legacy cryptocurrency’s larger economics.

Bitcoin Mining Software

Read our guide to the Best Bitcoin Mining Software

Exchanges for Investing in Bitcoin

Exchanges are the most straightforward and popular method for acquiring Bitcoin. There are well over 100 operational Bitcoin exchanges worldwide, but steering clear of exchanges that are known for wash trading and sticking with major reputable exchanges is the most prudent move.

There are several types of exchanges in the cryptocurrency market, including centralized exchanges, decentralized exchanges (DEXs), P2P marketplaces, crypto-to-crypto exchanges, and fiat-to-crypto on-ramps. Adequately understanding the advantages and disadvantages of each is crucial.

Buying Bitcoin with Fiat Currency

First, the difference between crypto-to-crypto and fiat-to-crypto exchanges stems from their regulatory jurisdictions and whether or not they can offer direct trading pairs of Bitcoin with fiat currencies. Coinbase is the most popular fiat-to-crypto on-ramp in the U.S. and requires that users go through regulated KYC/AML processes.

Further, exchanges like Coinbase are centralized and custodial platforms, meaning that when your bitcoins are stored on the platform, they are technically not yours as they can be frozen like with a bank account. Other popular fiat-to-crypto exchanges include Kraken, Gemini, BitMEX (not available to U.S. customers), and Bitstamp.

Exchange Reviews

How to Buy Bitcoin Instantly using a Credit or Debit Card

Read our guide on How to Buy Bitcoin with Debit or Credit Card

Crypto to Crypto Exchanges

Crypto-to-crypto exchanges solely offer trading in and out of different cryptocurrencies, with prices of altcoins pegged to Bitcoin or stablecoins like Tether or USDC. These exchanges have been referred to as ‘altcoin casinos’ as they are essentially gambling on price swings of many of the more obscure altcoins available. However, these exchanges sometimes offer excellent trading experiences and can be used to access other cryptocurrencies widely not available on fiat on-ramps. Binance is one the leading cryptocurrency exchanges in the world and is a centralized crypto-to-crypto platform.

Crypto to Crypto Exchange Reviews

Decentralized Exchanges

The differences between centralized and decentralized exchanges are essential for several reasons. First, centralized exchanges have custody over your Bitcoin, just as a bank retains custody over your fiat funds. Second, these exchanges are prone to targeting by hackers, and the sheer scale of hacks on exchanges in 2018 was astounding. It is best practice never to store your Bitcoin on an exchange, even a decentralized one.

Conversely, DEXs are useful for direct exchanges between counterparties, without an intermediary. They do not take custody of funds and also do not require KYC/AML processes for users. Unfortunately, many DEXs do not have enough trading volume to be as liquid as their centralized counterparts, and recent directives by the SEC towards EtherDelta may discourage operators from continually running DEXs outside of legal jurisdictions. Moreover, most DEXs only enable trading between Ether and altcoins that are ERC-20 compatible, not offering Bitcoin functionality. The future growth of atomic swaps should help expand Bitcoin’s prevalence among DEXs, however.

Dex Reviews

Marketplace Exchanges

Other decentralized options for trading Bitcoin for fiat or altcoins include P2P marketplaces such as Bisq, Paxful, HodlHodl, and OpenBazaar. OpenBazaar and Bisq are open-source marketplaces without registration and an emphasis on privacy and security. OpenBazaar also enables users to set up e-commerce stores for listing physical and digital goods/services with payments directly between counterparties in crypto. HodlHodl even offers TESTNET trading without risking actual money.

Volumes on decentralized marketplaces are substantially lower than their centralized counterparts, but they are rapidly gaining traction among privacy proponents and users seeking better security assurances. Similarly, Bitcoin volume metrics sites like CoinDance indicate that decentralized exchange platforms are growing in use in countries with problematic inflation and economic conditions, especially Venezuela.

These platforms offer censorship-resistant avenues for citizens in countries like Venezuela to buy into crypto and fiat currencies that are much more stable than their local currencies.

Alternative Methods for Increased Access Around the World

Access to investing in Bitcoin has never been more abundant, but there are still significant strides that need to be made for access to reach its ideal levels that support a global, decentralized value system. In particular, the primary avenues for acquiring Bitcoin with fiat currencies — through centralized exchanges — are tightly regulated and subject to KYC/AML processes. Decentralized exchanges simply don’t have the volumes or widespread popularity to rival centralized exchanges at the moment.

Most investors in Bitcoin reside in countries where Bitcoin is more of a speculative investment or part of a professional focus rather than stemming from direct needs for an alternative medium of value. In countries like Venezuela, Zimbabwe, and Argentina, the situation for investing in Bitcoin hinges more on a legitimate need to seek alternative currencies due to adverse economic conditions.

Increasing access to such areas of the world is an important initiative, and several developments may broaden access outside of solely the proliferation of decentralized marketplaces.

Bitcoin ATMs

Bitcoin ATMs are one avenue to grant easier access in localities, often available in convenience stores and supermarkets. According to CoinATMRadar, there are more than 4,200 crypto ATMs in the world, dispersed over 76 countries. Leading crypto ATM manufacturers include Genesis Coin and General Bytes. Many ATM services also offer bi-directional buying/selling of cryptocurrencies for fiat currencies. You can even buy Bitcoin at Coinstar machines in select locations in the U.S. now. However, the regulatory frameworks for these services are complicated, and unclear in the U.S. at this point due to cross-state money transmission laws.

Other alternative means for investing in and using Bitcoin include emerging projects focusing on Bitcoin vouchers and credit sticks. Azte.Co — a Bitcoin voucher service — enables people to buy Bitcoin at convenience stores in cash or with debit/credit cards using the Azteco voucher. You can top up a Bitcoin account by simply using the Azteco voucher like you would for topping up a phone, and the details are available on their website.

Other Methods

Similarly, OpenDime is a service where users can physically exchange Bitcoin credit sticks. The credit sticks are secure USB sticks that contain the private key within the device itself. Such functionality enables Bitcoin to be transferred between parties locally with assurances that the private key is not compromised as long as the stick is sealed. Users can even pass around the stick multiple times. OpenDime has some intriguing long-term implications, and its emergence in economies with weak economic conditions will be something to watch closely.

Financial instruments using cryptocurrencies are also on the rise, with services like Celsius Network and BlockFi permitting users to take out loans with their crypto holdings as the underlying collateral. Moreover, lenders on Celsius Network can earn interest through their P2P lending pool that is paid by the borrowers, paid out directly in the crypto that their deposit was made in, including Bitcoin.

Lightning Network

More advanced Bitcoin users who are familiar with its second layer — the Lightning Network — also have the future potential to earn BTC through relay fees and watchtowers. Watchtowers are services that monitor the Bitcoin blockchain for their clients to identify transaction breaches on the LN and issue penalty transactions. Relay fees can be acquired by LN nodes that connect to numerous peers and help route payments through the mesh network for users who are not directly connected with a channel to a party they wish to exchange BTC with. These developments are still in their very early stages, but they offer useful mechanisms for users willing to provide services to LN users to accumulate BTC in fees.

Spending Bitcoin

Numerous avenues for merchants to accept Bitcoin as payment are also available, including Coinbase Commerce that is integrated with major e-commerce platforms like Shopify and WooCommerce. Merchants can opt to retain their BTC as an investment or exchange it directly for fiat.

Open-source projects like Lightning Charge — part of Blockstream’s Elements — are also available for merchants to accept LN BTC payments using a drop-in solution. The LN’s huge design space and its rising number of applications should also further help the network to grow as a means of payment for online purchases over the coming years.

Other more obscure methods for acquiring Bitcoin include Bitcoin puzzles. Bitcoin puzzles are digital art that individuals post to the Internet which contain the private keys to access bitcoins that are locked as the reward for solving the puzzle. They are not exceedingly prevalent, but some of the rewards have been highly lucrative, including a $2 million prize for a puzzle containing 310 BTC late last year.

Traditional Financial Instruments for Investing

Outside of the emerging alternatives for investing in Bitcoin, the convergence of traditional finance and blockchains is also set to create more opportunities for increased exposure to the asset.

Bitcoin ETFs

Bitcoin ETF proposals have been denied by the SEC several times already, but some key decisions are coming up — specifically the VanEck-SolidX Bitcoin ETF proposal decision that was pushed to February. ETFs are investment vehicles for individual or groups of assets that enable investors to speculate on the market price without having to actually own the asset. Bitcoin ETFs would allow more mainstream investors to access Bitcoin through investing in an ETF that is on a regulated exchange without having to purchase Bitcoin directly from a crypto exchange.

Bitcoin ETF

Read our complete guide – What is a Bitcoin ETF?

Bitcoin Futures

Similarly, Bitcoin futures are already available, and investors can long or short the legacy cryptocurrency on regulated futures exchanges, including CBOE and the CME. Bitcoin futures and ETFs are excellent ways for mainstream investors to speculate on the price of Bitcoin while reducing their direct interaction with the cryptocurrency, which often requires technical knowledge to store and use securely.

Increasing regulation of Bitcoin in developed countries is likely to continue at an accelerated pace, and open up broader access to investors hesitant to touch the cryptocurrency using alternative means or unregulated exchanges. Conversely, the hesitation of many other countries to adopt regulatory frameworks for digital assets indicates that alternative means of investing in Bitcoin need to garner more widespread adoption to circumvent any censorship of access to the asset.

Proposals for Bitcoin and other digital asset trading on regulated platforms are already underway in several countries, including Thailand’s TSE which would become one of the first platforms to offer digital asset trading on a major regulated exchange. Eventually, Bitcoin should be offered side-by-side with other conventional financial instruments including CFDs, derivatives, futures, and multiple fiat currency trading pairs on comprehensive platforms.

Binary Options & Contracts for Difference

A large number of brokers now offer Binary Options and Contracts for Difference on a range of Cryptocurrencies, including Bitcoin. If you have traded using one of these types of broker before, you can also use them to trade Bitcoin. The difference between these and a typical exchange is that you do not own the underlying asset, you are merely trading based on price differences.

We have reviewed a lot of brokers here on Blockonomi:

Broker Reviews

Conclusion

Looking back at Bitcoin’s humble origins reveals just how far the cryptocurrency has come. Access for investing in Bitcoin has never been better, and although it comes with inherent risks and a high-barrier to entry, it is slowly cementing itself as a viable means of value transfer and storage outside of the traditional financial realm.

Investing in Bitcoin always requires that you do your own research, and prudently evaluating your options for acquiring it based on your situation will allow you to make the optimal choice for joining a growing community of users, businesses, investors, and developers.

The post How to Invest in Bitcoin: Complete Beginner’s Guide appeared first on Blockonomi.

The History of The Coincheck Hack: One of The Largest Heists Ever

When Coincheck was hacked for a record $530 million (at the time) in January this year, it was right in the midst of the of the late 2017 and early 2018 ICO frenzy.

The sum was astonishing, and even surpassed the infamous Mt. Gox hack of 2014 where more than 850,000 BTC — $460 million and 6% of the total BTC in circulation at the time — was stolen from the leading Bitcoin exchange. It is important to note that in today’s prices, the Mt. Gox hack is valued at roughly $3 billion in stolen BTC, making it substantially larger through a contemporary prism, however.

History of The Coincheck Hack

To really put into perspective just how massive these losses are, both Coincheck and Mt. Gox rank among the largest heists of all time, cryptocurrency or not.

While Mt. Gox shortly filed for bankruptcy following the hack, Coincheck has surprisingly remained in business and was even recently approved as a licensed exchange by Japan’s Financial Services (FSA). Both Mt. Gox and Coincheck, were and are, based in Japan, and the required registration and regulation of exchanges by Japan’s FSA were inspired by the Mt. Gox hack.

Brief History of Coincheck

Coincheck was founded in 2014 in Japan and was one of the most popular cryptocurrency exchanges in the country. Offering a wide variety of digital assets including Bitcoin, Ether, LISK, and NEM, Coincheck was an emerging exchange that joined the Japan Blockchain Association.

Since Coincheck was founded it 2014, it was incidentally not subject to new exchange registration requirements with Japan’s FSA — who rolled out a framework after Mt. Gox –, and eventually was a contributing factor to its poor security standards that led to the hack.

Coincheck was led by President Wakata Koichi Yoshihiro and Chief Operating Office Yusuke Otsuka in the run-up to the hack.

The Coincheck Hack

On January 26th, 2018, Coincheck posted on their blog detailing that they were restricting NEM deposits and withdrawals, along with most other methods for buying or selling cryptocurrencies on the platform. Speculation arose that the exchange had been hacked, and the NEM developers issued a statement saying they were unaware of any technical glitches in the NEM protocol and any issues were a result of the exchange’s security.

Coincheck Hack Blog Post

The Coincheck Blog Post announcing suspension of NEM coin services

Further, NEM devs reiterated that exchanges utilize its Multisig Contract Smart Signing App to provide an additional layer of security requiring multiple exchange managers to sign off on large transactions.

Coincheck subsequently held a high-profile conference where they confirmed that hackers had absconded with 500 million NEM tokens that were then distributed to 19 different addresses on the network. Totaling roughly $530 million at the time — NEM was hovering around $1 then — the Coincheck hack was considered the largest theft in the industry’s history.

Coincheck was compelled to reveal some embarrassing details about their exchange’s security, mentioning how they stored all of the NEM in a single hot wallet and did not use the NEM multisig contract security recommended by the developers.

Coincheck CEO & COO

Coincheck CEO and president Koichiro Wada & COO Yusuke Otsuka at the Coincheck Press Conference

The use of large sums with hot wallets is a notoriously poor security practice. Most exchanges today use a hybrid hot/cold wallet system, with the vast majority of the value stored in the cold wallets and secured via multisig.

The fact that Coincheck was not officially registered with Japan’s FSA also surfaced following the hack. During their conference, the Coincheck representatives showed deep remorse for the loss and pledged to register with the FSA as a result of the incident. The next day, Coincheck announced that they would refund all 260,000 users affected by the hack, and received outspoken support from their community for electing to do so.

Simultaneously, the NEM developers team had tagged all of the NEM stolen in the hack with a message identifying the funds as stolen so that other exchanges would not accept them. However, NEM announced they were ending their hunt for the stolen NEM for unspecified reasons several months later, and speculation persisted that hackers were close to cashing out the stolen funds on the dark web.

The Aftermath

Japan’s exchanges formed a self-regulating cryptocurrency initiative following the incident, and Japan’s FSA issued several business improvement orders to Coincheck.

Mainstream media covered the hack extensively and compared it to similar failures by cryptocurrency exchanges in the past to meet adequate security standards. At the time, most media coverage of cryptocurrencies was centered on their obscure nature, dramatic volatility, and lack of security. Coincheck’s hack fueled that narrative considerably as the sum stolen was eye-popping and the cryptocurrency used — NEM — was unknown to most in the mainstream.

NEM depreciated rapidly following the hack, and the price fell even more throughout 2018, in line with the extended bear market in the broader industry. Currently, NEM is trading at approximately $0.07, a precipitous fall from ATH over $1.60 in early January.

Monex Group acquired Coincheck in April 2018, who then revised the cryptocurrencies that Coincheck would offer once it re-launched and managed the reimbursement of the users affected by the hack. Japan’s FSA has since ramped up its evaluation of cryptocurrency exchanges in the country, but it remains surprising that Coincheck was able to obtain a license and move forward after such a disaster.

Coincheck resumed NEM trading in mid-November and has joined the Japan Network Security Association. The exchange is now open to new registrations.

Comparisons with the Mt Gox Hack

The extent of the Coincheck hack was rivaled by only a few other hacks, notably the Mt. Gox hack. While nominally Coincheck is the largest hack in the industry’s history, the effects of Mt. Gox were significantly more impactful since the stolen funds consisted only of Bitcoin and caused a sustained market correction as well as an ongoing controversy with the stolen funds and founder. Moreover, Mt. Gox squandered 6 percent of the overall Bitcoin circulation at the time in a market that was much less mature than it is today.

The History of the Mt Gox Hack

Read: The History of the Mt Gox Hack: Bitcoin’s Biggest Heist

The current value of the Mt. Gox hack — at $3 billion — outpaces the Coincheck hack’s roughly $36.5 million value now by a substantial margin.

The accumulation of cryptocurrency exchange hacks throughout 2018 was quite extraordinary. Ciphertrace’s Q3 AML report highlights how hackers stole $927 million in the first three quarters of 2018 alone. Further, the report reveals some intriguing insights into the ease with which hackers can liquidate stolen funds via unregulated crypto-crypto exchanges.

According to the report, 97 percent of criminal Bitcoin flowed into exchanges in unregulated countries with weak AML laws. While the report only analyzed Bitcoin, the uncertainty of where the stolen NEM from Coincheck went can be illuminated by the trend of laundering stolen crypto through smaller, unregulated exchanges at discounted prices in Bitcoin or more anonymity-focused cryptocurrencies like Monero and ZCash.

South Korea’s National Intelligence Agency said that North Korean hackers might have been behind the Coincheck heist, but there is no way of confirming whether North Korea was directly responsible.

Lessons Learned

Despite the fallout, Coincheck is now fully operational and registered with Japan’s FSA. Hopefully, the hard lessons learned throughout 2018 will serve as a fundamental improvement to security practices among exchanges in 2019.

Regardless of the ongoings of centralized cryptocurrency exchanges, it is always best practice to retain control of your private keys and never trust third parties with your value. As Nick Szabo accurately prognosticated:

“Trusted third parties are security holes.”

As decentralized exchanges and P2P marketplaces continue to develop, users can only hope that trusted third parties will no longer be necessary components of the future landscape for exchanging digital assets.

The post The History of The Coincheck Hack: One of The Largest Heists Ever appeared first on Blockonomi.

Bitcoin Lightning Network Advances & Hurdles for Payments & Merchant Convenience

The Lightning Network (LN) has made some significant strides throughout 2018. Evaluating just how far Bitcoin’s second layer has come since its launch reveals some impressive developments and a sizeable increase in adoption. With currently more than 18k open channels and nearly 487 BTC total within those channels, the LN is poised for expanding further as a viable P2P payments network.

However, the LN still faces some notable hurdles before it can achieve its full potential and garner further adoption by merchants and users alike. Navigating the problems around rebalancing LN channels and the development of its design space should prove vital steps in the future adoption of the network, and some intriguing solutions are being proposed.

Bitcoin Lightning Network

The Problem of LN Rebalancing

The problem of rebalancing stems from the bidirectional payment channel design of the LN and the requirement for an on-chain funding transaction. The amount that a channel is funded by two parties opening an off-chain LN is predetermined by the parties and is known as the channel commitment.

If Alice and Bob open a channel and Alice deposits 2 BTC while Bob also deposits 2 BTC, then the channel commitment is 4 BTC. Bob and Alice can exchange BTC within this off-chain channel as many times as they would like without fees and near-instant settlement.

However, the amount exchanged is dependent on the balance of the sender as it cannot exceed the sender’s balance, making off-chain LN channels convenient for entities that will fund the channel with a larger value because they will interact through the channel regularly. Conversely, using the LN channel for one-off cases is currently inconvenient as both the funding transaction and closing transaction of the channel require on-chain fees and time to perform.

Where the functional limitations of the rebalancing problem come into play is with users seeking to transact through the LN with multiple parties or parties that they do not have an open channel with. If Alice wants to open a channel with Bob, Charlie, and Daisy, she has to open each channel individually and fund them with a set amount. She cannot process large transactions to any of the parties because her funding is spread out and locked in separate channels, requiring her to consistently open and close new channels based on the evolving dynamics of whom she is paying and how much she is paying them.

The LN approaches this problem by enabling users to transact via chained payment channels in the network using Hash Time-Locked Contracts (HTLCs). Users do not explicitly need to open direct payment channels with other parties they wish to transact with since HTLCs create the possibility of intermediary nodes between two interacting parties functioning as routing nodes.

Eventually, the potential of HTLCs and routing nodes extends the LN capacity to the point where users will not need to open direct channels with anyone on the network, and payments will automatically be routed between users based on the protocol. However, the rebalancing problem is standing in the way of the practical realization of this goal. So what exactly is the problem?

If Alice and Bob wish to transact without opening a direct payment channel, they can do so if Charlie has a payment channel open with both of them.

Alice 2 → 2 Charlie 2 → 2 Bob

In the example above, Charlie has a balance of 2 BTC with both Alice and Bob (4 BTC total) while Alice and Bob both have a balance (sending balance) of 2 BTC with Charlie.

If Alice wishes to send Bob 1 BTC without opening a direct channel with him, she can do so via Charlie as the routing node. However, this requires that all balances in the payment chain update accordingly, leading to following balances below.

Alice 1 → 3 Charlie 1 → 3 Bob

Charlie’s channel with Alice receives 1 BTC to update to 3 BTC while his balance with Bob decreases to 1 BTC because he sent 1 BTC (from Alice) to Bob. Charlie still retains 4 BTC, but his channel with Bob was reduced to 1 BTC. You can see where this is going as transactions become more complex with multiple parties involved.

Eventually, if Alice wishes to send Bob another 1 BTC through the same payment route, Charlie will have 0 BTC in his sending balance with the channel shared with Bob, effectively disabling the routing channel between Alice and Bob because it is unbalanced. They could all simply close their channels and reopen them with new balances, but that method does not scale well and presents inconveniences that merchants would like to avoid.

The resulting dilemma is the rebalancing problem, and it becomes more complex with multiple payment routes stemming from more intermediaries and routing nodes.

Routing nodes receive small fees for their work, so rebalancing is largely their objective in the context of the problem. Several solutions have been proposed for overcoming the rebalancing problem, many of which are clever and offer various advantages and shortcomings.

Solving LN Rebalancing

While there are several proposed solutions available for rebalancing in the LN, none of them are perfect. Providing an example of some of the well-known ones will offer a glimpse into the ongoing innovation in this area. There are two primary types of methods for circumventing the rebalancing issues:

  1. On-Chain
  2. Off-Chain

Let’s evaluate two of the primary methods; splicing for on-chain and circular payments for off-chain.

On-Chain Methods

The most straightforward method is opening and closing channels, refunding them and starting again. However, this costs both on-chain fees and time for each channel (as well as confirmation time on-chain) that Charlie closes and opens, an inconvenient solution. Another solution that uses an on-chain method is known as splicing, which is a slightly more efficient way of leveraging the on-chain open/close functionality.

For example, let’s use the situation where Charlie is left with 1 BTC in his channel with Bob, and Alice wishes to send 1 BTC to Bob again. For the sake of the example, Alice now has 3 BTC in her sending channel with Charlie.

Alice 3 → 3 Charlie 1 → 3 Bob
|
|
Alice 2 → 4 Charlie 0 → 4 Bob

Based on this dynamic, if Alice wants to send Bob 1 BTC more, she cannot because Charlie has no remaining BTC in his sending balance with Bob. Splicing enables Charlie to close his channel with Alice and reopen it in two stages.

  1. Splicing Out
  2. Splicing In

In the splice out, Charlie closes his channel with Alice and refunds it with 3 BTC while retaining 1 BTC on-chain, still equivalent to the 4 total BTC he had earlier. Now, the setup in the channel would look like this:

Alice 2 → 3 Charlie 0 → 4 Bob

1 BTC on-chain (Charlie)

The second stage — splicing in — is where Charlie closes his channel with Bob and adds in the 1 BTC that is on-chain after the splice out, leading to the following dynamic:

Alice 2 → 3 Charlie 1 → 4 Bob

Charlie can now route a 1 BTC or less payment between Alice and Bob again. However, Charlie incurs two separate instances of on-chain fees for both the splice out and splice in. The incurred fees are why Charlie can charge small fees for being the routing node between Alice and Bob.

Overall, splicing is more efficient than closing and reopening the channels between the parties since only Charlie is involved. Despite its increased efficiency, it still incurs costs in fees and requires the confirmation time of an on-chain transaction, not ideal for merchants to rebalance their channel. Fee structures from this model also lead to further rebalancing complexities.

Off-Chain Methods

A separate method for channel rebalancing using an entirely off-chain structure is known as circular payments, and it is best understood with a slightly more complex payment model. Essentially, circular payments are self-payments through a specified routing path where a node rebalances by paying itself through chained off-chain transactions rather than opening a new channel.

For example, Charlie wishes to rebalance his channel with Bob in the chart below. Circular payments can actually work as a triangle because there simply needs to be a minimum of 3 nodes involved.

In the example above, Charlie would send 1 BTC (counter-clockwise) from his channel with Alice to himself through the direction of the arrows, eventually receiving the 1 BTC in his channel with Bob. As a result, Charlie’s sending balance with Bob is now 2 BTC.

Charlie can subsequently route a 2 BTC payment from Alice to Bob in the opposite (clockwise) direction. Alice cannot directly send 2 BTC through her channel with Bob because she only has 1 BTC in the channel, but she can use Charlie to send it to Bob.

With more nodes and channel values, the process can become a self-sustaining ecosystem based on fee structures. Rebalancing nodes are completed entirely off-chain with no need for on-chain transactions. A routing node can rebalance their channel whenever they want, by simply initiating a transaction to itself.

Circular payments come with their caveats too, however. They lead to fees by the routing nodes in the self-payment cycle. The larger the transaction chain, the more fees paid. Nodes still do not need to wait for on-chain transaction confirmation times, but the fee structure can become complicated and is capped by the balances of the routing nodes in the payment chain.

Merchants in such an ecosystem would also aggregate most of the exchanged BTC in circular payments if they were part of the chain for an extended period because they are only receiving rather than paying. Such a system may end up producing competitive routing and unnecessarily large channel balances by non-merchants for it to function consistently.

Other Developments in the LN

Overcoming the rebalancing of LN channels is vital for the ability of the LN to operate without users having to open direct payment channels with one another, one of its most powerful properties. Imagine going to a new coffee shop or fast food restaurant and having to open a payment channel and deposit a specific amount of BTC each time. That method is inconvenient not only for the customer but also the merchant.

Eventually, these solutions should work in concert among other developments to enable users to seamlessly transact using the LN without having to open a direct channel. The only requirement would be that the merchant and customer both have LN-compatible Bitcoin wallets.

As the LN continues to progress, there are several more important components worth mentioning. Specifically, the LN also allows for Onion-routing micropayments for enhanced network-layer privacy and Lightning Labs has made strides in updating the security of their LN desktop app released back in September.

The user experience of the LN is mostly geared towards developers too, at the moment. A high technical barrier to adoption is natural with emerging technologies, but the UI/UX is rapidly improving with the LN already. Pierre Rochard provides some excellent guides on using the LN, especially with Joule — the new LN Chrome extension.

Submarine Swaps

Read: What are Submarine Swaps?

Further, the progression of submarine swaps should also facilitate easier channel refilling and interoperability, an important consideration for increasing the flexibility of the LN among merchants. Blockstream’s recent inclusion of satellite-compatible LN micropayments is also another significant step forward for users without an Internet connection, opening the power of LN to many people without banking access.

Bitcoin’s LN is making noticeable strides in both development and adoption. Rebalancing channels in routing chains present an obstacle for the network to reach its full potential but should end up proving a speedbump in its acceleration towards a viable and ubiquitous P2P payments layer.

The post Bitcoin Lightning Network Advances & Hurdles for Payments & Merchant Convenience appeared first on Blockonomi.

What is Bitcoin Hivemind? Complete Beginner’s Guide

Bitcoin Hivemind — originally Truthcoin —  is an open-source, P2P Oracle protocol and conditional prediction market (PM) proposed by Paul Sztorc (Truthcoin) and designed as a Bitcoin sidechain. Hivemind specifically focuses on governance by addressing problems with multi-factor decision making through a conditional PM.

The protocol targets a primary use within the voting system by reducing the problems of multi-factor decision making among a group of people coming to a consensus on a decision. The concept is highly ambitious but provides some valuable insights into governance and the capabilities of PMs.

Bitcoin Hivemind

Prediction Markets, Information, and Governance

Sztorc gave a presentation on Hivemind at the TAB Conference 2018 in Atlanta earlier this year that is very helpful in understanding the more general vision for the protocol. Sztorc identifies that many blockchain applications do not address a real-world problem, and is ultimately the root cause of their inability to remain relevant or practical.

The primary problem that Hivemind addresses is the concept of information aggregation, and the lack of viable means to adequately aggregate information in the Internet era. Information aggregation does not scale without markets, and PMs — specifically InTrade — have proven their economic viability even before blockchains were available. With blockchains, the repository of information is censorship-resistant and transparent. Further, Hivemind is a Bitcoin sidechain, which crucially transfers the established monetary network effects of the legacy cryptocurrency to the project.

PMs are valuable tools for reaching a decision that is determined by market forces while concurrently removing much of the noise and ambiguity that plagues the decision-making process. Drawing on a similar notion of the “Wisdom of the Crowd” as Augur and Gnosis, Bitcoin Hivemind is empirically a crowdsourcing method for determining the probable outcomes of events that is conferred several benefits of Bitcoin including transparency, robustness, censorship-resistance, and monetary effects.

Practical applications of PMs range from sports gambling to complex governance decisions. While the information that PMs provide is not perfect, it is the least bad as it aggregates data from a multitude of sources, many of whom identify as ‘experts’ and others who just provide useful market information (i.e., financially motivated) leading to insights that would not otherwise be accounted for.

One of the driving concepts of a PM merely is that if you disagree with what the market is revealing, then you are free to take advantage of those margins and bet against the market. A corollary effect of the data aggregated into the blockchain is that it is from sources who are willing to financially stake their opinion or knowledge, cutting through the BS.

PMs are inherently machines for minimizing trust, so their integration with blockchains — which afford the same property — is a natural fit. As such, Sztorc lays out numerous applications of PMs from encouraging whistleblowing to P2P governance structures.

PMs also filter poor information. Users who provide bad information because it does not accurately reflect the result are relieved of their ability to influence the market through substantial financial losses. Users who can curate information precisely and contribute useful data to the market are subsequently rewarded. Importantly, the market handles this correction naturally and there is no need for third parties or coercive practices to affect decision making.

Governance is flawed from the perspective of multi-factor decision making. Multi-factor decision making produces inefficiencies and conflicting criteria for coming to decisions by the influence of taking other perspectives into account. Further, the concept of the arrow impossibility in voting results leads to strategic voting and ‘electability.’ With so much information available, properly aggregating and converging on decisions based on the data is a method for improving the decision-making process.

Overall, Sztorc’s ambitious platform is tied to his strong belief in the power of PMs and how they can provide a method for evolving outdated governance structures.

How Bitcoin Hivemind Works

Hivemind is an exceptionally extensive and sophisticated protocol. For context, the whitepaper is a highly technical 81 pages, and both Andrew Poelstra and Gregory Maxwell were independently hired to review the protocol to evaluate its viability. That being said, we will only overview the concept from a more general standpoint and the primary mechanisms of its functionality.

Sztorc envisions Hivemind as eventually becoming the mechanism for deciding on political and governance issues. However, that process will take time to unfold as users want assurances that PM markets are accurate and reliable. Regardless, Sztorc identifies the three primary properties that are needed to solve governance:

  1. A cheap, reliable source of information.
  2. A method of crunching multi-factorness, specifically electability, back into a single factor.
  3. A way to prevent capture of the above processes by malicious third parties.

 

  1. The cheap and reliable source of information is the prediction market itself. PMs force a clear definition of ambiguous and general topics such as climate change, and converge on a probability, as defined by market pricing. Markets accurately aggregate and curate data for the users. The information is broadcast to everyone online, so it is widely available, and it is free to use.
  2. This is a more complex property to address but is how multi-dimensionality of the PM can reduce the multi-factorness of decision making through increasing relationships and forecasts between probability events, effectively gauging their influence on each other.
  3. This property is essentially censorship-resistance. Hivemind is a Bitcoin sidechain that is merge-mined with Bitcoin, so, the properties of immutability and censorship-resistance are conferred to Hivemind. Moreover, the native and borderless Bitcoin provides a unique medium of value outside of the conventional financial system for the PM.

Hivemind is a Bitcoin sidechain that uses a dual token scheme with Bitcoin functioning as the user layer and VoteCoins as the reputation/employee layer. The value of Bitcoin reflects exactly what it does — a store of value — while VoteCoins are used to indicate user reputation on the platform.

Decisions

Decisions (markets) on the PM must be resolved by voters. In Hivemind, decisions are either boolean or scalar. Voters have to agree on the decision of the outcome using the VoteCoins. The process is very similar to the use of Reputation tokens (REP) in Augur for resolving the outcomes of markets.

Similarly, voters are punished for reporting inaccurate results and rewarded for issuing accurate results.

Markets

The PM is the primary component of the system. Users can buy and sell ‘states’ of the world with Bitcoin leading to speculation and P/L on positions about future events. States are mutually exclusive, a vital consideration of removing market information ambiguity. Markets can either be ‘trading’ or ‘closed,’ and buying and selling of positions can be performed with an automated bookmaker.

The multi-dimensionality of Hivemind’s PM enables users to trade on both the probability of each state and the relationship between dimensions, such as an elected official and the implementation of a specific trade policy later.

Market decisions are divided into branches which consist of their own parameters and VoteCoins. Ballots are all of the matured decisions on a specific branch and make up the voter matrix which is a stack of the ballots for each voting cycle.

The outcome is the calculated and final result for each decision as determined by the algorithm underlying the process in the market. Reputation-based coins (VoteCoins) are then re-distributed based on the results of the round of voting within a branch.

The white paper subsequently dives into temporal economics, coordination games, and single value decomposition as part of voting strategies, which are out of the scope of this article.

Mining

Hivemind is merge-mined with Bitcoin, granting it the use of Bitcoin’s robust infrastructure. Miners can actually mine Hivemind at virtually no additional costs, making it an easy choice for miners to secure the sidechain. Further, miners cannot censor the creation of markets or votes on the platform.

Authoring Activity

Any user is capable of creating a prediction market if they can pay for it in BTC. There are two primary phases to creating a market:

  1. Authoring Decisions
  2. Adding The Market

All the decisions are added to the blockchain independently. Authors subsequently need to provide seed capital to provide initial market liquidity and “make the market.” Authors benefit from the market’s creation and its use but are also responsible for enforcing the market and all resource costs associated with making it.

Trading Activity

Trading activity should theoretically converge on the market price of an event’s likely “state,” but such accuracy requires a highly liquid and active market, something which takes time to develop — particularly when it is a PM built on a novel technology like Bitcoin.

Trading is confidential and censorship-resistant, and traders can even transfer shares to other addresses.

The rest of the paper focuses on the ‘scalability and customizability via branching’ and ‘implementation details,’ which are out of the scope of this article as well but you can find more information on here (articles 3 and 4).

Prediction Market Hurdles

Luckily, Augur provides a valuable live use case for evaluating the viability of decentralized prediction markets. The primary advantage that decentralized prediction markets have over centralized markets is censorship-resistance. Traditional markets — such as InTrade — were censored, and buying of positions were not confidential, as they are in Hivemind.

Augur

Read: What is Augur?

Censorship-resistance is vital for numerous reasons, although concerns about Deadpools were realized when they started popping up with prominent public figures on Augur because nobody controls markets that are made. Such is the trade-off for censorship-resistance.

One of the problems Augur has faced is liquidity. The volumes simply are not enough to match centralized services, yet. Much of this can be attributed to the novel nature of cryptocurrencies and the high barrier to entry but, liquidity problems are an established issue among PMs. Liquidity is problematic to address because it requires fostering adoption of not only a novel technology but the concept of PMs becoming a ubiquitous means of decision making. A transition of that size is likely far-fetched to a considerable portion of the population.

Interestingly, Sztorc addresses concerns about adoption and why people should use prediction markets in his in-depth FAQ section. He states:

“Firstly, Authors (who bear the economic cost of Market-Creation) are rewarded with a slice of transaction volume. Recreational speculation is likely in markets covering sports and politics, arbitrage transactions are likely in markets tracking a price index, and in many cases, individuals will just disagree with each other passionately enough to begin wagering (global warming, gun control, etc.).”

He also cites an essay by Robin Hanson detailing how the public might be interested in paying for useful information. Additionally, Sztorc argues that market revelations may be privately beneficial to individuals and collaboration among them can lead to assurance contracts for pooling info-demand.

Finally, one of the most significant hurdles — not just with PMs — in the larger cryptocurrency and blockchain space is the Oracle Problem. How do you map real-world information into a blockchain through a trust-minimized source in a scalable manner?

Unfortunately, the Oracle Problem is still a problem, and it is clearly a complicated issue that may take some bright minds significant time to eventually iron out, if at all possible.

Conclusion

Hivemind is an intriguing project that has been around for a while, albeit under the name Truthcoin. Sztorc is also behind Drivechains, something he recently announced the test version of for Bitcoin.

Prediction markets are powerful, and coupled with the sustainable and novel legacy cryptocurrency, Bitcoin, there is some serious potential to enhance governance mechanics and decision making among the general public.

The post What is Bitcoin Hivemind? Complete Beginner’s Guide appeared first on Blockonomi.

Distributed Public Key Infrastructure & REMChain Proof-of-Service Consensus

Public Key Infrastructure (PKI) is a system of issuance, storage, and verification for digital certificates and public key management. PKI is a foundation of secure communication over the Internet and is prevalent among both human-to-human interactions and machine-to-machine communication.

PKI is an excellent front-line security deterrent against various forms of hacking including phishing and man-in-the-middle attacks but recent developments such as SIM Swapping — that penetrate 2FA — have led to some severe data breaches. A major contributing factor to the ability of hackers to perform attacks that mimic or circumvent digital certificate issuance is the centralized nature of the traditional PKI structure.

Remme

Traditional PKI systems rely on Certificate Authorities (CA) to process the registration and issuance of digital certificates typically via asymmetric (public-key) encryption. However, CA’s are subject to unauthorized certificate replication as seen with Symantec’s — a popular CA — issue with Google authentication certificates, and Google’s subsequent revocation of any Symantec certificates.

Moreover, phishing attacks — aided by black SEO and malvertising — can harvest user 2FA details where reliance on SSL/TSL is susceptible to non-self-signed certificates obtained through services such as LetsEncrypt. Users typically do not notice the subtle differences in whether or not the certificate shown is fully verified. DNS-hijacking can also lead to hackers creating new SSL/TLS certificates for fake sites (via IP address) by using a CA that references a DNS entry to prove ownership.

Attacks based on gaming the PKI infrastructure typically rely on manipulating the centralized nature of CAs. REMME — the enterprise-grade access management platform — is utilizing a public blockchain (REMChain) and X.509 self-signed digital certificates for enhanced authentication and securitization of user access. With the security of cryptocurrency exchanges at a premium, analyzing REMChain and its consensus for secure storage, issuance, and validation of digital certificates provides some excellent insight into leveraging blockchains for improved security and user authentication.

How The Protocol Works

REMME uses a public blockchain as the replacement for the CA within a distributed PKI infrastructure, critically decentralizing the ecosystem that powers digital certificate authentication. REMChain is open-source and based on Hyperledger Sawtooth’s blockchain implementation.

REMME’s distributed PKI (dPKI) is designed to reduce central points of failure, with the role of the CA played by the blockchain and accurately maintained through a proprietary Proof-of-Service consensus performed by Masternodes in the network. The REMChain functions as the distributed storage layer for the certificates state (valid or revoked), hash, public key, and expiration date.

Remchain Consensus

Before diving into the consensus, it is essential to evaluate the overall flow of digital certificate issuance, storage, and authentication.

Certificate Issuance

  1. A digital certificate is generated on a REMChain light node (user device).
  2. The user sends a request to REMChain to store the public key of the digital certificate on the blockchain.
  3. The Masternodes go through the Proof-of-Service consensus process, and the certificate is signed, integrated with the private key of the certificate, and returned to the user device.
  4. The certificate state, hash, public key, and expiration date are stored on-chain.

Certificate Verification

  1. Certificate owner sends public part of the certificate to REMChain Masternodes for a request to access.
  2. Masternodes reference the validity (state) of the digital certificate on the REMChain along with its expiration date.
  3. Server grants certificate access to the user if valid authentication.

Certificate Revocation (i.e., device stolen)

  1. Certificate owner sends public part of the certificate to REMChain Masternodes requesting revocation of the certificate.
  2. User signs transaction with a key corresponding to certificate proving ownership.
  3. Masternodes reference validity of certificate on REMChain
  4. Masternodes changes certificate state to revoked/invalid if successful.

The Masternodes perform the proper authentication and referencing of certificates on the REMChain as part of the consensus layer in the network. Called proof-of-service, REMChain’s consensus is a hybrid of proof-of-stake and reputation incentives among the Masternodes and “committees.”

Masternodes effectively control the verification and revocation of digital certificates on REMChain. Specific incentive and design structures are necessary to ensure that Masternodes come to an agreement on the state of the REMChain without certain Masternodes gaining undue influence in the system.

REMChain approaches this with a pseudorandom algorithm generation of which Masternodes participate in each round of consensus (i.e., when they sign each block). The participants in a round of consensus are a pseudorandomly selected group of Masternodes known as a committee. Each committee consists of 10 Masternodes who have an increased probability of joining a committee for each round (and subsequently gaining a portion of the block reward) through a bet and reputation mechanism.

First, Masternodes may only qualify for joining a committee by being an active Masternode, which requires a deposit of 250K REMChain tokens into their Reputation account. Masternodes also have an Operational account which they may withdraw tokens from and perform atomic swaps with ERC-20 tokens, but 250K tokens need to remain in the Reputation account for the node to be active.

Configuring a Masternode requires the 250K token deposit in the Reputation account along with the generation of a public/private key pair where the public key corresponds to the address for both the Reputation and Operational accounts.

Masternodes that are configured with a higher amount of staked tokens will become more likely to be selected to a committee from the initialization of the Masternode. However, the primary mechanism for determining the pseudorandom committee selection are the bets and reputation of the Masternodes.

The Reputation account consists of the 250K token deposit (from the Operational account), and the reward for consensus operations within REMChain. The Operational account is comprised of the ability to transfer tokens between accounts on REMChain, withdraw tokens from the Reputation account, exchange with ERC-20 tokens via atomic swaps, make bets, and pay network fees.

A new committee is formed after the propagation and validation of each block. The committee selection algorithm includes the following information:

  • The hash-code of the latest block.
  • List of all Masternodes.
  • Reputation in Reputation Account of each Masternode.

For each round of consensus, each Masternode in the committee sends a bet along with its own variant of the upcoming block of batched transactions (including the requests for storing digital certificates/public keys) to the rest of the committee for approval. Each block contains a request’s public key and the bet.

The committee determines the block confirmation corresponding to the proposed blocks, and the selected block’s proposing Masternode is rewarded accordingly. The committee is then changed after the consensus round of block confirmation, and the process starts over again.

The reward for the Masternode whose block was selected by the committee contains payments from clients for maintaining their digital certificate public keys, bets of the other Masternodes in the committee, transaction fees, and obligatory network fees from the other committee nodes.

Masternodes that leave the rewards in their Reputation account will not be able to withdraw them directly but can accumulate tokens in the account, increasing the likelihood of being selected to the committee again in a positive feedback loop. Otherwise, the Masternode can withdraw the tokens to the Operational account and transfer them elsewhere.

The pseudorandom, reputation, and bet methodology within the consensus reduces potential attacks from an entity owning multiple Masternodes as well as mitigating the harm an entity with a large number of tokens can have on the network.

Maintaining a dPKI infrastructure through a public blockchain affords much greater security guarantees than a centralized CA issuer/register.

The primary benefits of a dPKI include:

  • Transparency of who was assigned which digital certificate.
  • Instantly revoked certificates.
  • Certificate extensions logged by the public ledger.
  • Issued certificates can be tracked and verified on the public ledger.

Importantly, the costs on the service provider’s end (i.e., an exchange) are reduced, and users do not experience complex UI/UX additions. Instead, users may log in via a standard interface where the dPKI functions as a back-end security layer on top of the 2FA already present with most exchanges.

Use Cases

A dPKI has multiple applications that can provide exceptional security benefits to several industries. Two of the major applications that REMME explicitly identifies are:

  1. Cryptocurrency Exchanges
  2. IoT Devices

REMME has partnered with Changelly — the popular exchange service — for securing their authentication protocol through dPKI infrastructure. Phishing attacks are prevalent on cryptocurrency exchanges, with warnings directly from exchanges consistently emphasized across the market. REMME also provides an extensive research report identifying trending vulnerabilities within exchange authentication processes.

Concerns over IoT machine-to-machine (M2M) authentication security are well-founded. Instances of hacking cars — especially with the proliferation of IoT-connected self-driving cars — are frighteningly real. REMME identifies one of the root causes of the problem as PKI infrastructure for M2M authentication not being adequate to support more than simple password login models. Eventually, a future of automated identification for car sharing and micropayments for an IoT ecosystem requires a robust dPKI infrastructure to function securely.

Conclusion

Many of the primary advantages of blockchains stem from their distributed, transparent and permanent nature. Centralized models of security authentication via digital certificate issuance and verification are susceptible to a new generation of attacks. REMChain employs a public blockchain in place of the traditional Certificate Authority to minimize the trust within a broader dPKI infrastructure aimed at providing a layer of robust and transparent security.

The post Distributed Public Key Infrastructure & REMChain Proof-of-Service Consensus appeared first on Blockonomi.

Beginner’s Guide to Cosmos: The Tendermint-Based Blockchain Ecosystem

Cosmos is an upcoming modular framework and Tendermint-based blockchain platform designed as an ecosystem for application-specific blockchains to plug into. Cosmos is designed around the concept of standardizing communication between various blockchains that are part of its broader ecosystem to facilitate interoperability.

The project is undoubtedly ambitious, and the mainnet is expected to be released sometime in 2019. Tendermint is unique in that it functions as a multi-chain framework for other blockchains, while still utilizing its own consensus — Proof-of-Stake (PoS) — based on Tendermint core.

Cosmos

Scalability and interoperability are two of the most consequential developments for the larger cryptocurrency sphere, and Cosmos addresses both. However, bootstrapping an innovative, production-ready PoS network with some sophisticated nuances is exceptionally challenging, especially considering that large-scale PoS consensus networks are not practically proven as sustainable yet.

Background on Cosmos

The development of Cosmos is supported by the Swiss-based Interchain Foundation, with Cosmos being their first project. Many of the developers working on Cosmos are from the company behind the underlying Tendermint blockchain engine, All in Bits. Notably, Jae Kwon — who initially proposed Tendermint in 2014  — is one of the leading developers and is a board member at the Interchain Foundation.

Cosmos raised roughly $16.8 million in its ICO that ended in April 2017. Since then, the project has undergone a methodical development process. The Game of Stakes (GoS) testnet is set to go live shortly, followed by an audit of the recently released SDK and the eventual mainnet launch. More details are available on their roadmap.

Technical Details

Cosmos is a modular framework for parallel blockchains to plug into the primary hub called the Cosmos Hub. The Cosmos Hub is the first blockchain within the network and functions as the connecting medium between the various zones in the system. The zones consist of both private and public blockchains which are all interconnected via the Inter-Blockchain Communication (IBC) protocol.

Image Credit – Cosmos Blog

Cosmos is built on the Tendermint engine, which is comprised of two primary parts:

  1. Tendermint Core – BFT Proof-of-Stake Consensus Engine
  2. Application BlockChain Interface (ABCI) – BFT replication of dapps in multiple programming languages.

Tendermint core underlies the consensus of the Cosmos Hub, and subsequently the broader network for managing a standardized exchange of tokens between zones. It is important to note that blockchains plugged into Cosmos retain their consensus sovereignty, and do not forfeit it to the larger Cosmos PoS consensus.

What is Tendermint

Read: What is Tendermint?

The ABCI is language-agnostic and enables developers to build the application portion of their blockchain in any language, and it will run on top of the Tendermint consensus engine. The ABCI is a vital boundary between the Tendermint consensus engine and the Cosmos SDK for building applications. The SDK is a layered framework built over the low-level existence of the ABCI to enable developers to create advanced applications without needing to navigating the logical complexities of the low-level environment.

Cosmos defines the three conceptual layers of a blockchain as:

  1. Networking – Transaction propagation (i.e., gossip protocol)
  2. Consensus – Validator node agreement on transactions
  3. Application – Updating the state of transactions and processing transactions

Tendermint couples the network and consensus layers to allow developers to build blockchains and run applications much easier on top of a generically-powered engine. This is one of the core concepts of Cosmos that allows it to function as an environment for parallel blockchains to plug into. Developers only need to focus on the application layer.

The ABCI is the interface between the packaged Tendermint core (network and consensus layers) and the application layer. Importantly, the ABCI uses a socket protocol to enable the consensus engine to manage application state running in another consensus process. According to the Cosmos documentation:

“Cosmos can thus support a wide variety of currencies and scripting languages like those found in Bitcoin, Ethereum, ZeroCash, CryptoNote, and more.”

The underlying Tendermint core is highly flexible and compatible with both public and private blockchains. Moreover, developers can enjoy the near-instant finality and high performance of Tendermint, which is designed to scale.

The IBC is the standardized communication protocol across the network. Standardization is powerful and allows for interoperability and enhanced scalability (i.e., Internet protocols). The IBC is a set of semantics for messaging between blockchains with independent consensus algorithms. According to the Cosmos SDK Github repository:

“The core IBC protocol is payload-agnostic. On top of IBC, developers can implement the semantics of a particular application, enabling users to transfer valuable assets between different blockchains while preserving the contractual guarantees of the asset in question – such as scarcity and fungibility for a currency or global uniqueness for a digital kitty-cat.”

IBC requires blockchains with fast finality — such as PoS blockchains — to be natively supported among connecting blockchains. However, the IBC can be implemented with a peg-zone blockchain that has a slower consensus — such as PoW — described with Ethermint below. More details on the IBC are available in its specification paper.

The IBC is natively supported by Tendermint-based zones and facilitates a standardized format for token transfers across the network, between different blockchains. This is similar to a universal atomic swap protocol within the network. It is important to distinguish that the IBC is only natively supported by Tendermint-based blockchains along with those that have fast-finality consensus algorithms, including variants of PoS.

Ethermint is written in Go and will be the first peg zone that is an implementation of the Ethereum Virtual Machine (EVM) on top of the Tendermint engine. Cosmos enables this by leveraging the ABCI of the Tendermint protocol which allows for applications in any language to be run on the Tendermint engine. In this case, they replicated the Ethereum code base and made Cosmos fully compatible with Ethereum’s Web3 interface. Developers can even use Truffle to port over applications and smart contracts directly to Cosmos.

Building applications on top of a blockchain is a difficult task. Application frameworks provide the much-needed resources and tools to facilitate a better developing experience and is why Cosmos recently launched their SDK.

The Cosmos SDK

The Cosmos SDK is an ABCI framework written in Golang and is designed for supporting the development of multi-asset PoS blockchains, Proof-of-Authority (PoA) blockchains, and applications on top of them.

The primary purpose of the SDK is to reduce the complexities in building the ABCI for common blockchain functionality and allowing developers to focus on customizable applications within a standardized framework. The modular structure of the SDK is layered over the low-level ABCI and provides a suite of tools and resources for developers. It was built for Gaia, the first implementation of the Cosmos Hub and the mainnet launch will follow an audit of the SDK code as well as the completion of the Game of Stakes PoS testnet.

Image Credit – Cosmos Blog

The SDK is built using object-capability principals for optimal security against potentially malicious third-party modules that developers use when making their modules as part of the SDK open framework. Cosmos provides extensive resources on their SDK in the SDK documentation for developers looking to get a head start building applications on the platform once it goes live.

Lotion JS is the Cosmos SDK alternative framework that is built in JavaScript and allows blockchain apps to be built in the language. It is much smaller than the SDK framework and is designed as a foundation for focused modules to be built on top of.

The Future of Interoperability

Interoperability with blockchains is pegged as the natural next step for the industry following scalability. However, projects like Cosmos that are built to scale from launch as interoperable frameworks offer some intriguing insights into what a future landscape of interoperable blockchains may look like.

Determining how Cosmos will play out is exceedingly challenging, especially considering its reliance on PoS consensus and the pending results from its Game of Stakes testnet. PoS is notoriously difficult to reason about and is predisposed to a subjective interpretation of immutability.

The timeline for the mainnet launch of Cosmos is uncertain, but along with Polkadot — a similar multi-chain framework — could provide a useful measurement into the mechanics of standardized communication and token swaps between blockchains. If successful, Cosmos will offer an entirely novel environment for developers and users to launch and interact with scalable, decentralized applications.

The post Beginner’s Guide to Cosmos: The Tendermint-Based Blockchain Ecosystem appeared first on Blockonomi.

What is Nano’s Block-Lattice Architecture? Complete Beginner’s Guide

Nano is a low-latency cryptocurrency designed as a feeless payments network that is built using an innovative block-lattice architecture. Formerly known as Raiblocks, Nano users’ chain of transactions are actually their own blockchain rather than functioning as a prototypical crypto public address.

The direct benefits of the block-lattice structure are instant transactions, low fees, and high processing capacity. Using a Delegated Proof of Stake (DPoS) consensus, Nano achieves rapid finality and a drastically smaller blockchain size compared to other proof-of-work chains.

Conversely, the structure of the block-lattice system within the context of the network design offers little incentive for participation, and the network remains highly centralized.

Nano Block-Lattice Architecture

Background on Nano

Nano was founded by Colin LeMahieu in 2015 with the release of the white paper as an improvement over Bitcoin regarding P2P digital payments. Designed as a highly scalable network, Nano’s narrative is one of a currency and P2P payments network. Nano is tailored for consumer and merchant adoption as well as micropayments as its primary functions.

Nano’s BrainBlocks implementation is a testament to its design as a consumer payments network and digital currency for both online and in-store point-of-sale transactions.

Despite the wide selection of wallets, tools, and practical applications of Nano as a payment network, its adoption is struggling to garner adequate support to be considered such. Nano’s 24-hour transaction volume — according to their network metrics — is only $2.8 million, at the time of this writing. For context, Bitcoin’s 24-hour adjusted transaction volume is just under $2 billion, and it is more of a high-value settlement layer than payment network. Moreover, VISA — a legacy payment network — processes more than 150 million transactions per day.

Irrespective of its current adoption as a payment network, Nano’s no fee, scalable, and instant transactions are enabled explicitly by its block-lattice architecture.

The Block-Lattice

The Nano white paper identifies that there are three fundamental components of a currency that need to be satisfied for it to function effectively:

  1. Easy transferability
  2. Non-Reversible
  3. Limited or no fees

Nano achieves these three properties by overcoming the scalability problem endemic with on-chain scaling debates (i.e., block size) by making each account its own blockchain, part of a blockchain-lattice. The block-lattice design choice has important consequences, including that the concept of a shared, distributed ledger does not apply. Instead, the network is a group of independent non-shared blockchains where nodes use signature checking to agree that only account chain owners can update the state of their respective chain. Users can subsequently update the state of their ledgers asynchronously, allowing for near-instant transactions with minimal overhead.

Image Credit – Nano Whitepaper

The Nano genesis account chain initially contained all of the NANO coins. The genesis balance is fixed (following 60.8 percent of the supply intentionally destroyed in 2017), and NANO is sent to account chains through send transactions that are registered on the genesis account chain. The initial genesis account balance can never be exceeded by the sum of all of the account chains in the network.

The send transaction mentioned earlier is part of the two-part transaction system of Nano. Every transaction requires a send transaction and a receive transaction. Send transactions deduct the corresponding balance from the sender’s account chain an encodes it into the latest block of that chain. This is a crucial component of the system because nodes only need to store the latest block for each account chain without sacrificing validation of correctness. The receive transaction adds the corresponding balance to the receiver’s account chain and similarly encodes the balance into the block.

Block Lattice Visualization

Block Lattice Visualization, Image from Hackernoon

Nano identifies several advantages to the two-phase transaction system including sequencing incoming transfers that are asynchronous, enabling small transactions that can fit in UDP packets, improving ledger pruning, and isolating settled from unsettled transactions.

The latency of the network and asynchronous nature of transactions means there is no standard process for agreeing on which transaction arrived first if an account chain receives multiple transactions from different accounts. Nano approaches this by employing a design-time agreement where the receiving account chain retains control over deciding which incoming transaction arrived first. Moreover, transactions are differentiated as either settled or non-settled. Settled means a receive block has been generated and the balance encoded while non-settled means the balance of the receiver has not been updated yet.

Senders of transactions need to create a send block, which is immutable after confirmation. Funds are deducted from the account chain balance once the send block is broadcast to the network and are considered pending until the receiving account chain creates a receive block for the transaction. Once a receive block is generated, the transaction is settled and the amount added to the receiver’s balance. A transaction is considered verified once if the block does not exist in the account chain already (either send or receive), the account owner signs the transaction, the previous block is the head block of the account chain, and the computed hash meets the PoW requirement.

Nano employs proof-of-work (PoW) in a manner similar to Adam Back’s Hashcash design. However, PoW is used in Nano solely to mitigate spam and not for reaching consensus.

Image Credit – Nano Whitepaper

Account chains are initiated by sending an open transaction to the genesis account chain. Balances are maintained by measuring the balances of the send block and the preceding block. Subsequently, high volumes of blocks are easily downloaded. The ledger’s storage requirements are significantly less than other cryptocurrencies and, as a result, the hardware requirements for nodes are minimal.

Nano is actually based on a Directed Acyclic Graph (DAG) where consensus using DPoS is reached via a balance-weighted vote on conflicting transactions. Account-chain holders are assigned a representative as part of the DPoS voting system on conflicting transactions. Due to this design, it may seem easy to launch a Sybil attack where a malicious entity obtains multiple account chains. However, voting is balance-weighted, meaning that the costs of performing a Sybil attack directly correlate to the total stake in the network (i.e., the sum of account balances) rather than the number of account chains under control.

Image Credit – Nano Whitepaper

In summary, the block-lattice structure enables a near-instant transaction, zero fees, and high scalability. The novel architecture is impressive and has some clear advantages; however, the lack of fees is part of a broader incentive design problem that likely is hindering its adoption.

Achieving a Scalable Payments Network

Nano’s block-lattice architecture affords it a unique processing ability for consumer/merchant payments either online or at point-of-sale. Further, Nano is well-suited for the future materialization of micropayments. Despite its promise, Nano suffers from a notable incentive problem.

Since open send transactions pull NANO directly from the genesis account chain, it is the only means of deriving NANO from the network. Therefore, the lack of fees means there is no incentive for on-chain activity, such as mining in PoW or staking in PoS.

Representative nodes in the consensus system do not receive rewards for their work either, so their only incentive to secure the network is through a preference for some other reason, perhaps ideological or because they have a large stake in NANO and want the price to increase eventually.

Additionally, decentralization would provide better guarantees of immutability and censorship-resistance, but approximately 94 percent of voting balance-weight is controlled by 1 percent of the account chains.

With an incentive design driven primarily by utility as a P2P payment system, Nano needs to compete with and surpass legacy payment systems without a viable and sustainable incentive mechanism for participating in the network. PoW as a consensus mechanism for securing a blockchain is the only practically proven sustainable model for cryptocurrencies so far. PoW is an elegant form of money issuance that is based on free-market competition and involves a real-world cost (computation via electricity) to create the currency (i.e., Bitcoin). In Nano, money issuance is tied directly to the popularity of the network as a means of payment (because it relies on utility as its incentive design), since all newly issued NANO is derived from the genesis account with open send transactions.

Removing the incentive of participants who secure the network entirely is uncertain territory.

Conclusion

The narrative of Nano as a P2P payment network and digital currency is supported by the impressive capabilities that its block-lattice structure confer. However, its struggle in adoption as a payment medium is compounded by a lack of on-chain incentive structure for participants in the network resulting from the block-lattice design.

The post What is Nano’s Block-Lattice Architecture? Complete Beginner’s Guide appeared first on Blockonomi.

What is ZCash’s Sapling Upgrade? Everything You Need to Know

ZCash is one of the most popular privacy-oriented cryptocurrencies available today. It is an open-source project that is the first large-scale cryptocurrency implementation of zk-SNARKs, the advanced zero-knowledge proof (ZKP) technology enabling anonymous shielded transactions in the network.

One of the significant problems that privacy-oriented cryptocurrencies like ZCash and Monero face are that their enhanced cryptographic designs for obfuscating transaction information on a public ledger are much more cumbersome than typical cryptographically signed transactions. As such, their blockchains are more burdensome on memory, and they are not as practical for users, particularly mobile users.

ZCash Sapling

Sapling is an impressive upgrade for the ZCash network that primarily focuses on improving the efficiency of zk-SNARKs for shielded transactions. Sapling was activated on at block 419,200 on October 29th, 2018 and has been humming along since.

Background on ZCash and zk-SNARKs

ZCash was released in 2016 by founder Zooko Wilcox and has rapidly emerged as one of the leading privacy cryptocurrencies along with Monero. ZCash is predicated on some of the most advanced cryptography available, known as zero-knowledge proofs. ZCash’s ZKP integration focuses explicitly on a form known as zk-SNARKs, which have become a popular topic among a variety of groups and have been dubbed “crypto magic.”

What are Zero-Knowledge Proofs

Read: What Are Zero-Knowledge Proofs?

ZCash is the first major network-scale implementation of zk-SNARKs. The abbreviation zk-SNARKs stands for “Zero-Knowledge Succinct Non-Interactive Argument of Knowledge,” and they are a particular form of zero-knowledge proofs. Using a zk-SNARK enables a prover to prove to a verifier that a statement about specific information is true without having to reveal any details about the information to the verifier.

ZCash’s implementation of zk-SNARKs is with cryptographic transactions. In a public and transparent blockchain like Bitcoin, transactions are validated using the sender/receiver addresses along with the input and output values as part of the UTXO model. ZCash is also a public blockchain but allows for shielded transactions that use zk-SNARKs to prove that the conditions necessary for a transaction to be valid have been satisfied, without revealing any details about the sender, receiver, or amount transferred.

ZK-Snarks Guide

Read: What is zk-SNARKs?

It is important to note that shielded transactions are not the default setting in ZCash and need to be selected deliberately instead of the default transparent addresses.

For a zk-SNARK proof to be considered valid, it needs to contain three properties:

  1. Input values sum to the outputs for the shielded transaction.
  2. Sender proves he/she has the corresponding private key of the inputs.
  3. Private spending keys are linked to the whole transaction, removing the ability of a third-party to modify the transaction if they do not know the private spending keys.

Shielded transactions also need to satisfy the commitment scheme used for zk-SNARKs where — similar to the concept of key images in Monero — nullifiers of commitments cannot be re-used, and each unique nullifier is stored in every node in the blockchain network to ensure this. Several other assertions also need to be proven true such as each input note requiring a revealed commitment and that collisions between output nullifiers with any other nullifiers are computationally infeasible.

ZCash also employs a set of proving and verifying keys for checking and creating proofs. Controversially, this requires a trusted setup (called a public parameter ceremony in ZCash) where the keys are generated publicly and shared with all network participants. ZCash’s trusted setup required participants to generate a public/private key pair concurrently and subsequently destroy the private key. The public key is the public parameter key that miners use to verify shielded transactions and users employ to create shielded transactions. The issue with the trusted setup design is that if an attacker used the private key, then the malicious entity could create counterfeit ZCash that would look valid to the network. The attacker would not be able to compromise anonymity on the network, however.

Naturally, such a problem is cause for concern by many, which is why ZCash has been comprehensive in detailing the ceremony to provide the highest level of assurance.

The proof generation model in ZCash with zk-SNARKs is verified easily, but it offloads the vast majority of computation to the creator of a shielded transaction. As a result, shielded transactions are very cumbersome, where the process can take 40 or more seconds and can require 1 GB of memory. Severe cases of creating shielded transactions have taken as long as 7 minutes and needed 3 GB of memory. It is important to note that shielded transactions are not the default setting in ZCash largely because of this consideration. Transparent addresses are the default setting, and users need to select shielded transactions to utilize zk-SNARKs deliberately.

The major takeaway from analyzing the use of zk-SNARKs in ZCash is that transaction details are entirely anonymous and encrypted on the public blockchain. The implications of this are enormous and can be useful in everything from anonymous blockchain-based voting schemes to decentralized identity verification.

Sapling Upgrade

Sapling was conceived in 2016 and started as a pet project that developed into a full-blown innovative upgrade to a sophisticated anonymity technology in the ZCash blockchain network. The primary problem that Sapling addresses are the bulky nature of zk-SNARKs, and correspondingly, shielded transactions on the network. Sapling improves the efficiency of zk-SNARK proof creation to broaden the potential adoption of the cryptocurrency.

Notably, Sapling required another trusted setup (public parameter generation ceremony) which is also what the ZCash team was looking to improve upon. The Powers of Tau ceremony was held between November 2017 and April 2018 and ZCash completed the Multi-Party Computation (MPC) for Sapling in May to finalize the Sapling zk-SNARK parameters.

Sapling drastically reduces the amount of time and memory needed for constructing zk-SNARKs. According to ZCash, the time requirements for constructing a shielded transaction decreased by 90 percent and the memory requirements by 97 percent. This means shielded transactions can be conducted in several seconds with only 40 MB memory.

Sapling also allowed for the hardware that constructs the zk-SNARK proof to be independent of the hardware that signs the transaction, providing much more flexibility to users in sending shielded transactions. Improved keys known as full viewing keys also allow shielded address owners to view incoming and outgoing transaction details without compromising their private spend key. Finally, Sapling also integrated the BLS12-381 elliptic curve that improves upon the existing Barreto-Naehrig elliptic curve construction. The new elliptic curve implementation is more efficient than the previous one used, improving the performance and verification time of zk-SNARK proofs.

The successful upgrade to Sapling has some vital implications for the future of the ZCash cryptocurrency network. One of the primary goals of the ZCash developers — as articulated by Sean Bowe — is to make shielded transactions cheap and practical enough for all users to be able to leverage them as the default setting of ZCash. Doing so would enable ZCash to have a greater design space –like in Bitcoin –, where better applications and features can be built on top of the protocol layer.

Sapling is a major step in reducing the barriers to using ZCash and emphasizing its strengths with privacy. The efficiency enhancements of Sapling make ZCash shielded transactions viable on mobile devices and does not limit them to specific desktop hardware users. Moreover, integrating shielded ZCash transactions on exchanges and for vendors is now much more viable.

Privacy-Oriented Coins Trending Towards Increased Practicality for Users

ZCash’s Sapling upgrade mirrors a similar efficiency improvement for privacy-oriented cryptocurrency network Monero. Monero recently integrated bulletproofs — a form of zero-knowledge proofs — into its protocol, and the resulting improvements in transaction size and fees were immense. Transaction sizes and fees dropped by more than 95 percent, and the upgrade was a resounding success, similar to Sapling.

Privacy Cryptocurrencies

Read: Privacy Coins: Beginner’s Guide to Anonymous Cryptocurrencies

The Sapling upgrade and Monero’s bulletproof upgrade represent a growing trend of privacy-oriented cryptocurrencies increasing the efficiency of their once-cumbersome anonymity-preserving transactions. By reducing the problems in transaction size, creation speed, and transaction fees, these networks are transitioning to a new stage of development where they are focusing on building the foundation for user-friendly applications and mobile ubiquity.

The consequences of this cannot be understated. Improving the design space of these anonymous cryptocurrencies is exceptionally appealing to many users who are not familiar with how to use more complex cryptocurrencies but share the same privacy values as the developers. Further, merchant vendors can interact with anonymous transactions, and fees may drop low enough for anonymous micropayments to become a reality.

Privacy and security will likely be the main focus of anonymous cryptocurrencies as it is a continually evolving effort, but their recent inclination to focus on efficiency is a promising sign.

The post What is ZCash’s Sapling Upgrade? Everything You Need to Know appeared first on Blockonomi.

What is Bitcoin? The Ultimate Guide for Beginners

Bitcoin is the original cryptocurrency released in 2009 as open-source software. It is a digital currency predicated on cryptographically secure transactions, a proof-of-work consensus model, and a decentralized, P2P distributed ledger network. Bitcoin’s distributed ledger is the first blockchain — a shared and distributed timestamped ledger of data blocks connected through a chain of cryptographic hashes — and solved the double spend problem that had plagued previous iterations of digital currencies.

Bitcoin is a decentralized medium of exchange, high-value settlement layer, and store of value that exists outside of the traditional financial system. The network is entirely P2P, and there are no intermediaries or centralized control. Proponents of Bitcoin view it as the first truly “free” money from centralized control and the proliferation of its network’s hash power, and general network effects have solidified its position as a sovereign-proof medium of value exchange.

What is Bitcoin? Complete Guide

Since its inception, Bitcoin has fueled the growth of an entire industry of cryptocurrencies. Many of these currencies are forks of the Bitcoin protocol while others have developed into full Turing-complete smart contracts platforms. Bitcoin’s narrative has evolved throughout its lifetime and has been subject to polarizing debates and contentious network protocol decisions.

Despite the wild west like atmosphere within the broader cryptocurrency industry and often polarizing nature of the communities, Bitcoin has emphatically remained resilient. With a decade of experience under its belt, the legacy cryptocurrency has shown a penchant for conservative change that has led to remarkable stability, decentralization, and transparency in spite of the criticisms it has faced over the course of its existence.

Bitcoin has emerged as an exceptional technological feat, and its future implications along with the growing industry it sparked are profound.

The History of Bitcoin

Bitcoin was released by a person or group of people using the pseudonym Satoshi Nakamoto on October 31, 2008, to the Cypherpunk mailing list as a white paper titled “Bitcoin: A Peer-to-Peer Electronic Cash System.” The identity of Satoshi Nakamoto is still unknown, despite numerous attempts by people to claim the identity of the obscure Bitcoin creator.

The genesis block — launching the Bitcoin mainnet — was mined on January 3rd, 2009 with a reward of 50 BTC (Bitcoin ticker symbol) and a text message embedded in the coinbase transaction:

“The Times 03/Jan/2009 Chancellor on brink of second bailout for banks.”

The message was a headline pulled from the British newspaper The Times following the Global Financial Crisis of 2008 where banks were bailed out by their respective governments (i.e., the U.S. and UK) after being a leading cause of the crisis themselves. The comment is derived from the instability of the fractional-reserve banking system in general. The headline symbolizes the widely accepted concept behind Bitcoin, an immutable, uncensorable, and decentralized medium of value exchange free of the endemic problems within traditional financial systems and governments.

Satoshi Nakamoto

Satoshi Nakamoto was active on email threads, community forums, and the open-source Bitcoin repo for a little more than a year after initially releasing the white paper and went dark in December 2010. The Nakamoto Institute provides a comprehensive compilation of emails, forum posts, code updates, and other interactions that people had with Satoshi Nakamoto. If you’re looking to further your understanding of Satoshi’s vision, that is an excellent place to begin.

Who is Satoshi Nakamoto

Read: Who is Satoshi Nakamoto? We Look at The Possible Candidates

Following Satoshi’s disappearance, the lead development of Bitcoin’s protocol was handed over to a group of developers. Notably, Gavin Andresen was a lead core developer and created the Bitcoin Foundation in 2012 to support the development of the network.

Over the years, Bitcoin has experienced innumerable contributions from the open-source community and members of the core development team. Currently, Wladimir J. van der Laan leads the release process, and the MIT Digital Currency Initiative funds some of Bitcoin’s development.

Bitcoin Adoption

Bitcoin’s adoption has been slow and methodical. In 2011, WikiLeaks began using Bitcoin following a lack of options for receiving other currencies stemming from pressure by the U.S. government on payment processors and other financial entities. Satoshi Nakamoto was against the notion of WikiLeaks using Bitcoin as it would draw unwanted attention from governments to a network that was still in its nascent stages and susceptible to attack.

Throughout 2012 and 2013 Bitcoin saw adoption by BitPay — the Bitcoin payment processor — and WordPress as use for payment for the service. Bitcoin had its first major bear market in 2012, declining by more than 40 percent to around $4 per BTC.

The year 2013 was eventful for Bitcoin as popular exchange Coinbase started gaining traction at the time, after being founded in 2012. Notable events in 2013 included China banning financial institutions from using Bitcoin, the FBI seizing approximately 26,000 BTC from the Silk Road dark market, and the U.S. government starting to take notice of Bitcoin as it seized several accounts on the Mt. Gox exchange. Digital asset trading platform Shapeshift was also launched in 2013 by Erik Voorhees with funding from Roger Ver and Barry Silbert.

In February 2014, the largest Bitcoin exchangeMt. Gox — shut down due to technical issues. Soon after, the exchange filed for bankruptcy following the loss of roughly 744,000 BTC that had been stolen in an extended hack. The hack compounded an already ongoing bear market that ended up lasting for more than a year — commonly known as Crypto Winter — with the price dropping 83 percent from its high of $1,149 to a low of $197.

The History of the Mt Gox Hack

Read: The History of the Mt Gox Hack: Bitcoin’s Biggest Heist

Coinbase raised $75 million in a funding round in 2015 which also contained consequential developments such as the launch of smart contracts platform Ethereum and the number of merchants accepting Bitcoin exceeding 100,000.

Major cryptocurrency exchange Bitfinex was hacked in 2016 for nearly 120,000 BTC. Along with the Mt. Gox attack, the Bitfinex hack was indicative of a larger trend in hacking exchanges that continued into 2018 and is expected to surpass $1 billion in stolen funds this year alone. Bitcoin started gaining more traction among more mainstream users in 2016, with the popular game distribution platform Steam accepting Bitcoin payments and the network’s hash rate exceeding 1 exahash/sec.

The events in 2017 launched Bitcoin into the mainstream and the broader cryptocurrency industry along with it. Bitcoin’s price surged towards the end of 2017 along with the broader markets fueled by massive speculation on ICOs launched on the Ethereum network. Bitcoin’s price peaked at roughly $20,000, and mainstream media coverage was rampant on price speculation.

Bitcoin Cash Hard-Fork

Bitcoin’s first major polarizing event also took place in August 2017, when Bitcoin Cash hard-forked the protocol to follow a different vision of Bitcoin than the original chain, predicated on increasing the block size as a mechanism for on-chain scaling. The surge in mainstream activity of Bitcoin led to a series of issues with a backed up mempool, high fees, and general frustration with using the network for payments. This highlighted Bitcoin’s scaling problem and led to the accelerated development of its second layer scaling solution, the Lightning Network (LN).

At the protocol level, SegWit was also introduced in late 2017 as a method for helping increase the efficiency of digital signature storage within blocks and alleviate some of the scaling concerns. SegWit also set up the protocol for the planned transition from ECDSA digital signatures to Schnorr signatures.

Bitcoin Developments

This year has had several significant and intriguing developments for Bitcoin. Despite the extended bear market and precipitous decline of Bitcoin’s price to roughly $4,300 at the time of this writing, vital developments at both the protocol layer and applications on top of it are becoming consistent. Moreover, the growth of the LN is gaining steam and services and applications built on top of it are helping foster greater adoption of Bitcoin as a bidirectional micropayments medium.

As of today, a dual narrative of Bitcoin’s on-chain transactions as a large-value settlement layer and the layer two LN as the payments network using Bitcoin has emerged. Privacy-preserving solutions such as Dandelion, security and privacy-focused wallets like Samourai, and self-sovereign payment processing tools like BTCPay server have become vital tools for retaining the initial vision of Bitcoin as an uncensorable, private, and secure medium of value exchange. Bitcoin has an ample design space, and the future development on top of the core protocol could leverage Bitcoin as an immutable and secure settlement layer. Examples of services connected to the Bitcoin blockchain include Blockstream’s recently released Liquid Sidechain, an inter-exchange settlement network. Optimism may be fading in the markets, but these downturns are often touted as crucial periods of development of both the core community and underlying technology.

Bitcoin has also seen widespread — in the purview of legacy finance — acceptance as at least an alternative financial asset. While statements from banks and financial executives mostly still miss the core concept of Bitcoin, the fact that it is accepted and pegged for listing on major financial platforms as an ETF is an enormous step in general awareness from its humble cypherpunk beginnings.

Bitcoin Technical Design

Bitcoin is a permissionless, open-source cryptocurrency network maintained by a community of contributors via its BIP proposal system. The network is secured via a proof-of-work (PoW) consensus mechanism — known as Nakamoto Consensus –, is decentralized, cryptographically secured via the ECDSA digital signature scheme, and utilizes an unspent transaction output (UTXO) transaction scheme. Game theory mechanics also play a prominent role in the network, and its technical design is rolled into the larger dynamics of the incentive system.

Analyzing Bitcoin’s technical design requires separating and evaluating the primary components of the network independently.

Transactions in Bitcoin

Bitcoin employs an abstract transaction model optimized for security and linkability known as the unspent transaction output (UTXO) scheme. All transactions are chained together where bitcoins actually move from transaction to transaction in the form of inputs and outputs rather than to and from addresses. Bitcoin’s UTXO transaction scheme is also a method of Triple-Entry Bookkeeping.

Image Credit – Bitcoin Whitepaper

Transactions function as a chain of digital signatures. Bitcoin employs ECDSA as its digital signature. Owners transfer BTC to another owner via digitally signing the hash of a previous transaction along with the public key of the recipient and adding them to the end of the transaction. Recipients — as is inherent with cryptographic signatures — can trivially verify the validity of the chain of digital signatures used to send the BTC. Therefore, inputs of a Bitcoin transaction end up as outputs which are then spent as inputs in an ongoing process. Users effectively do not own actual BTC; instead, they own the right to spend to a specific number of outputs.

Transactions must adhere to 3 fundamental rules in Bitcoin:

  1. Every transaction must prove that the sum of inputs is greater than the sum of outputs.
  2. Every referenced input must be valid and not spent yet.
  3. Transactions must contain the signature matching the owner of the input for every input.

The UTXO model provides several direct benefits for Bitcoin.

  • Concerning scalability, it is much simpler than an account-based model for a decentralized network.
  • It enables the overall consensus mechanism to remain simple due to the linkability of inputs and outputs.
  • Creates an interlocked system of accounting records that are immutably stored and timestamped every 10 minutes and is practically impossible to change.

The UTXO model in Bitcoin also allows transactions to be processed in parallel since they refer to independent inputs. The mempool of Bitcoin are the transactions waiting to be confirmed on the network. Bitcoin only handles roughly 5 – 6 transactions per second (TPS) on-chain, so transactions that are not processed immediately reside in the mempool until they are picked up by miners and included into blocks. A backlogged mempool was a major problem at the height of the cryptocurrency frenzy towards the end of 2017 where it led to exceptionally high fees and slow confirmation times.

Bitcoin also has a native, stripped down scripting language for implementing payment functionality. The proliferation of applications, sidechains, and other technical components with Bitcoin has led to an increase in the use of the scripting language for specific payment functionalities.

Bitcoin’s Blockchain

Bitcoin is the original blockchain. Bitcoin’s blockchain is a series of cryptographically linked data blocks that contain the transaction data. A new block is mined by miners roughly every 10 minutes, and blocks are usually 1 – 1.5 MB in size that can hold upwards of 3,000 transactions at capacity. Transactions broadcast to the network are incorporated into blocks by miners in a process called Nakamoto PoW Consensus (outlined in the next section) which validates the transactions and secures them via computational work.

The original block was the Genesis block mined by Satoshi Nakamoto and contained the text message within the coinbase transaction. The coinbase transaction is the first transaction in a block that is created by the miner and allows them to claim the block reward for mining the block as well as 100 bytes for arbitrary data. Transactions contained within blocks are continually hashed and paired in a binary hash tree known as a Merkle Tree until the root hash is reached, which represents all of the transactions in the block and is stored in the block header.

Image Credit – Bitcoin Whitepaper

Each block stores the root hash of the previous block, thus cryptographically linking all of the blocks, hence the name blockchain. The ledger of blocks is entirely public, transparent, and digitally timestamped. The root hash of the current block header represents the state of the entire Bitcoin blockchain, from the Genesis block up to the current block.

Transactions within a block cannot be modified without modifying all of the transactions within that block as well as all of the following blocks due to the cryptographic linkage of the Merkle roots between blocks. This gives Bitcoin its immutability property.

Full node clients store the entire blockchain locally and propagate transactions across the network. Further, they assist new nodes in catching up to the state of the Bitcoin blockchain and provide the necessary data for SPV nodes to function correctly. SPV nodes are light clients called (Simple Payment Verification) nodes and do not store the entire blockchain. Rather, they rely on full nodes to provide them with an accurate picture of the blockchain. An experimental version of a new light client protocol called Neutrino was recently proposed and is being developed by Lightning Labs.

A Bitcoin block contains 5 fields:

  1. Magic Number – Always has a value of 0xD9B4BEF9
  2. Blocksize – Size of block
  3. Blockheader – Contains 6 parts
  4. Transaction Counter – Positive integer
  5. Transactions – List of transactions

The Blockheader contains 6 parts:

  1. BlockVersion – Version of the block that changes with upgrades
  2. hashPrevBlock – 256-bit hash of previous block header
  3. hashMerkleRoot – 256-bit hash based on all transactions in the block
  4. Time – Current timestamp (UTC)
  5. Bits – Current target that changes when the difficulty is adjusted
  6. Nonce – 32-bit number starting at 0 that plays a vital role in mining.

Naturally, in a decentralized P2P network of pseudonymous users, the inherent problem arises of how to ensure that the state of the blockchain is accurate. Overcoming this issue means ensuring, with extremely high probability, that the transactions included in mined blocks are not double spent. This is one of the major achievements of Bitcoin as it solved the double spend problem using a computationally intensive proof-of-work model called Nakamoto Consensus.

Nakamoto PoW Consensus and Mining

Proof-of-work (PoW) consensus is what was proposed by Satoshi Nakamoto as a method to implement a distributed timestamped server (blockchain) on a P2P basis. Satoshi derived his PoW model from Adam Back’s Hashcash design which was used to mitigate email spam by requiring small computations. Bitcoin’s PoW consensus has come to be known as Nakamoto Consensus, and it solved the double spend problem.

Achieving consensus in a decentralized network of nodes like Bitcoin requires a Byzantine Fault Tolerant (BFT) algorithm. Nodes are free to join and leave the network anonymously at will, so it needs to handle arbitrary behavior by malicious nodes. Previous iterations of BFT algorithms — such as pBFT — do not scale well and require a large communication overhead. Further, the round-robin format for selecting the leader node was not compatible with many of the goals of Bitcoin’s structural design.

Satoshi built Bitcoin’s PoW consensus algorithm on the block leader selection method of a lottery-like system where miners compete to solve a computationally intensive puzzle. The winner of that round (~10 minutes) wins the block reward and then the round restarts. A value known as a nonce is incremented until a value is found that gives a block’s hash and begins with a number of zero bits.

What is Nakamoto Consensus

Read: What is Nakamoto Consensus? Complete Beginner’s Guide

The point of PoW consensus is to make it costly — from a computational resource perspective — to mine a block, with the tangible cost coming in the form of electrical energy expended to produce the computation attempting to mine the block. One of the essential passages from the original Bitcoin white paper that lays the foundation for PoW consensus in Bitcoin and its overall security is:

“The proof-of-work also solves the problem of determining representation in majority decision making. If the majority were based on one-IP-address-one-vote, it could be subverted by anyone able to allocate many IPs. Proof-of-work is essentially one-CPU-one-vote. The majority decision is represented by the longest chain, which has the greatest proof-of-work effort invested in it. If a majority of CPU power is controlled by honest nodes, the honest chain will grow the fastest and outpace any competing chains. To modify a past block, an attacker would have to redo the proof-of-work of the block and all blocks after it and then catch up with and surpass the work of the honest nodes.”

A work difficulty targeting an average of 6 blocks per hour is based on a moving average to ensure the timely mining of blocks while compensating for increasing hardware speed. The resulting PoW model relies on the security assumption that a significant amount of work was invested into mining a block. Also it assumes that the majority of nodes in the network are not compromised due to the massive incentive to NOT compromise the chain as well as general pBFT assumptions based on the probability of arbitrary node behavior.

The miner that wins the block subsequently broadcasts the block to its peer nodes who propagate the block across the network for confirmation among the nodes. Once the block is confirmed, the round restarts and transactions are included into candidate blocks by miners until one finds the nonce value. The higher up the blockchain (block height), the more unlikely it is to change a block below the current height. The general assumption is that it is computationally infeasible to modify a block in Bitcoin after 6 block confirmations on top of that block.

Bitcoin Mining

Miners invest substantial amounts of capital into hardware equipment to mine Bitcoin, and their rewards for doing so are directly in Bitcoin. The game theoretics of the system are designed so that attempting to attack the network is unsustainably costly. Hacking the Bitcoin network would require implementing a 51 percent attack, where a malicious entity would retain 51 percent or more of the network’s hash power and could arbitrarily validate invalid transactions or double spend. However, the odds of sustaining a 51 percent are extremely low, and the net result is not worth the costs. According to GoBitcoin.io, the hardware costs alone of conducting a 51 percent attack on Bitcoin are currently more than $8 billion, at the cheapest rate.

Some key components of the mining process in Bitcoin include:

  • Based on the SHA-256 hashing algorithm
  • Block difficulty readjusts every 2016 blocks (roughly every 2 weeks)
  • Block reward is halved every 210,000 blocks (~ every 4 years)
  • Current block reward is 12.5 BTC
  • There are 1,800 BTC generated per day currently

Bitcoin’s mining process also plays a vital role in the issuance of the currency. Mining is the only way to produce Bitcoin. Due to the halving of the reward every 210,000 blocks, Bitcoin is a deflationary currency since there will only ever be 21 million BTC in existence. As a result, the final BTC will be mined in the year 2140. The mining process and its correlation to money issuance also have some crucial implications. Money issuance has historically been very difficult to balance, and Nic Carter provides a useful analysis of the PoW mining market:

“This is the under-appreciated elegance of PoW – it’s a mechanism to deliver tokens to the market with very minimal intermediation. If you disagree, you are free to enter the market as a miner and capture those margins you think exist!”

Bitcoin’s PoW mining is also highly sustainable and robust, as demonstrated by its nearly decade-long dominance among cryptocurrencies. However, PoW is only sovereign-proof when there are sufficient miners and hash power contributing to the network. Many upstart altcoins using PoW simply cannot match Bitcoin’s established network effects that drive its increasingly powerful network hash power.

Bitcoin Mining

Read: Bitcoin Mining, Is it Worth it?

The Lightning Network

The Lightning Network (LN) is Bitcoin’s layer two, off-chain scaling solution. It is built on top of the core protocol and consists of a mesh network of bidirectional payment channels. The term off-chain is used because transactions are not processed directly on-chain which needed to be included in blocks and verified by miners in the network at a pace of 5 – 6 TPS.

The LN leverages Bitcoin’s smart contract functionality through hash time-locked contracts to achieve a decentralized, scalable payments network. Payment channels are open and closed between two parties by publishing an on-chain transaction. However, once a channel is open between two participants, they can complete as many transactions as they want between each other privately off-chain as long as the initial deposit they opened the channel with does not run out.

Read: Lightning Network: the 2nd Layer, Off-Chain Scaling Proposal for Bitcoin

Developments within the LN include atomic swaps and submarine swaps between Bitcoin’s on-chain clients and LN clients. All LN clients are Bitcoin clients, but not all Bitcoin clients have LN functionality. The LN is currently live and rapidly gaining traction.

Bitcoin’s LN is looking to be the solution to Bitcoin’s scalability problem and provide the infrastructure for micropayments and merchant processing of the original cryptocurrency. As a result, the on-chain transaction layer of Bitcoin may function as a low fee and efficient medium for high-value transfers with unparalleled finality compared to legacy payment rails.

Lightning Labs is one of the leading innovators in LN technology along with several other companies and following their updates and blog is an excellent way of staying up to date on LN developments.

Bitcoin Governance

Governance has emerged as one of the most intriguing concepts within cryptocurrencies, notably Bitcoin. As a decentralized network, governance is a challenging proposition and one which presents an unprecedented task. Bitcoin has historically taken a conservative approach to change with lead developers and the broader community showing a commitment to reliability and security first.

There is no on-chain voting mechanism baked into Bitcoin’s protocol, so it follows a rough consensus off-chain governance model. Generally, we can define Bitcoin’s governance as the process by which agreement is achieved on decisions such as upgrading the protocol, how technical details are implemented, and how the rules are eventually enforced. Within this model are 3 primary groups:

  1. Developers
  2. Users
  3. Miners

Developers

The core Bitcoin developers exercise substantial control over the protocol and the future direction of the network. They are the primary keepers of the core protocol code, and many of them have been working on Bitcoin for years. Moreover, developers/innovators such as Gregory Maxwell and Adam Back have contributed to prominent and sophisticated cryptographic enhancements for the network and the larger cryptocurrency space as a whole.

Decisions on logistical dynamics such as the timing of upgrades to the core protocol are mainly in control of the core developers. Such authority has also come with criticisms, however. Many developers and users view the power of the core developers as too influential. Despite the objections, the core developers’ persistence of a conservative approach to change has permeated throughout the community and created an obscure but effective form of Taleb’s minority rule.

The incentives for core developers in governance is to maintain a healthy and secure Bitcoin network. Many of them likely have a substantial stake in the protocol, and the position is a preeminent role in the larger cryptocurrency developer community. Most importantly, Bitcoin core devs show a penchant for parallel ideological values to the most vocal Bitcoin proponents focusing on privacy, security, and censorship-resistance. Bitcoin developers have also pushed for reduced occurrences of hard forks, which should be minimized due to their tendency to increase the social attack surface of blockchains.

Community developers (i.e., not core devs) can propose protocol improvements, actively participate in discussion, and even build network enhancements via the Bitcoin Improvement Proposal (BIP) system. Open-source projects are powerful, and the capabilities of a driven community of contributors are unbounded. The Linux Foundation is a testament to the power of open-source technology and Bitcoin’s nearly decade-long existence is emerging as another profound example.

Pierre Rochard provides an excellent analysis of the technical components of how improvements are researched, proposed, implemented, deployed, and enforced in Bitcoin.

Users

Many users of Bitcoin are intrigued by the concept of the underlying technology and place a strong emphasis on privacy. Other users are in it just for price speculation or for a store of value rivaling gold. Whatever the reason for entering the Bitcoin space, it has really never been better for the user than it is now. For users seeking a reprieve from inflationary government-issued currencies, Bitcoin is a viable alternative as a store of value and medium of exchange, despite its scalability and volatility shortcomings.

As a speculative asset, Bitcoin’s price volatility is fantastic but risky. The majority of the core Bitcoin community, however, is likely participating for ideological reasons or pure curiosity, particularly privacy and the notion of a decentralized value system outside of government and other coercive means of control.

Users as part of the governance model play the important role of both running nodes in the network (some of them) and acting as the gauge for the direction of the design space which Bitcoin applications build within, on top of the protocol layer. The proliferation of applications, businesses, and payment structures should continue at an accelerated pace. Users are the metric for how the perception of the application layer’s direction is determined. Centralized payment processors — like BitPay — have fallen out of favor with many users while other options — like BTCPay server — are rising. Moreover, desires for further privacy enhancements, preferences for more non-custodial wallet options, better fiat-to-crypto on-ramp options, decentralized exchanges, and improved liquidity have led to the accrual of applications and services that were distant dreams only a few years ago.

Users do not have a significant direct effect on protocol upgrades or cryptographic enhancements. However, they indirectly affect such decisions by influencing the business entities and merchants that play a significant role in the broader sentiment of the direction of the network.

Miners

The primary goals of miners are to secure the network and make a profit. The value from their work increases with rising Bitcoin prices, and they can project future block rewards based on their hash power correlation to the overall network’s hash power. Balancing coordination and incentives is challenging for miners, but it has remained remarkably sustainable so far.

Fred Ehrsam provides some in-depth analysis on the aligning of incentives within the Bitcoin ecosystem. Buck Perley compares miners to the judicial system within a federated governance model where miners decide whether or not to adopt new protocol upgrades. Miners can refuse to adhere to new protocol upgrades proposed by developers and remain on the chain that does not implement them. Conversely, their adoption of protocol enhancements — through running the new node software — signals consensus among the miners and developers on new features.

Image Credit – Buck Perley

Bitcoin’s game theoretic design dictates that it is in the best interest of all participants in the network (miners, developers, users) to maintain trust in the system. However, some incentives are misaligned such as miners wanting to increase future transaction fees to increase profit while users wish to lower fees. Bitcoin has remained reliable for a decade because of its ability to balance incentives and reduce the effect of asymmetries. The mining industry is still young, however. Whether or not more competition will emerge or the market will trend towards centralization is yet to be seen.

Bitcoin Economics

Bitcoin is a deflationary medium of value exchange that is viewed through several different lenses. The amount of BTC issued per block mined is cut by 50 percent every 4 years and is referred to as “halving.” This will continue until the year 2140 when Bitcoin reaches its total fixed supply of 21 million. The current block reward is 12.5 BTC, and the circulating supply is currently around 17,393,600.

The issuance of bitcoins through a PoW mining mechanism solves one of the most fundamental problems of issuing new currencies. Mining relies on an open and competitive market of miners to mint the coin rather than printing the money out of thin air, which leads to inflation. Fostering adoption of a new currency is difficult, but when you create a competitive market for its issuance, then participants are incentivized to participate in the issuance process and the price approaches equilibrium much more naturally than centralized control models.

Bitcoin’s economic and decentralized design largely follows the Austrian School of Economics thought. This is in contrast to the Keynesian economics and fractional-reserve banking system of most modern economies.

Bitcoin is often viewed as “sound money” that is issued at a predictable rate and not subject to centralized control. Bitcoin has inherent disadvantages when compared to fiat currencies, such as monetary sovereignty and tailoring monetary policy to the needs of the economy due to lack of control over it. However, the notion that Bitcoin is supposed to replace fiat currencies entirely is overly ambitious and does not take into account specific nuances of local currencies that have multiple benefits. Bitcoin is more of an evolved Internet money designed to circumvent many of the endemic problems that plague traditional finance and lead to corruption, coercion, and unsustainable monetary policy. As recently articulated by Hasu — an independent Bitcoin researcher:

“Bitcoin proponents are driven by a collective interest in exploring how we can evolve money for a better society, and how we can make the global financial system more stable and distributed.”

Bitcoin’s economic design is novel because it exists outside of the financial system. It is as truly “free” money but also still a sort of advanced social experiment. Bitcoin has remained remarkably robust throughout its lifetime, but the coming years should shed more light on how effective its economical design is as it continues to evolve and garner more widespread adoption.

Evolving Bitcoin Narratives

Bitcoin’s narrative has evolved several times since its inception as an obscure cypherpunk project to a burgeoning technology at the forefront of innovation and contentious debate. Tribalism over perceptions of what the cryptocurrency should be have shaped many of the narratives throughout its history, but several factions today simply view Bitcoin through different prisms, depending on their level of interaction with the legacy cryptocurrency. The two primary schools of thought on Bitcoin are:

  1. Censorship and tamperproof-resistant store of value and settlement layer
  2. P2P Digital Cash

The debate between these two camps stems primarily from the protocol level and whether or not the future of Bitcoin’s on-chain processing capacity should be built around a P2P digital cash network with larger blocks or a high-value settlement layer akin to a flexible, digital gold.

Proponents of Bitcoin’s on-chain layer as a settlement layer view it as an uninflatable, censorship-resistant, secure, and decentralized medium of high-value exchange. Finality in settlements of transactions is much quicker than traditional mediums, and the low fees make the process extremely efficient. Moreover, proponents of this ideology view the LN as the necessary scaling solution for using Bitcoin as P2P payments network instead of on-chain scaling. Integrating more nuanced technical enhancements such as Schnorr signatures for aggregated multisigs and SegWit for effective scaling are also the position of this camp.

Conversely, supporters of Bitcoin as P2P digital cash via on-chain scaling are primarily the Bitcoin Cash community. However, Bitcoin Cash recently just hard forked into Bitcoin ABC and Bitcoin SV, and the consequences of this split have not been realized yet. Microtransactions are a vital part of Internet commerce, and supporters of Bitcoin as a P2P digital cash view this as Satoshi’s true vision. However, scaling on-chain comes with many trade-offs that are hard to rationalize in the long-term. Bitcoin Cash has fallen behind Bitcoin largely for this reason.

Image Credit – Hasufly and Nic Carter – Visions of Bitcoin

The current sentiment of Bitcoin as a high-value settlement layer and long-term store of value is the dominant view in the broader community. Analyses by Hasufly/Nic Carter and Murad Mahmudov/Adam Tache cover the topic of changing narratives in Bitcoin extensively and are excellent for further understanding how Bitcoin’s perception has evolved over the years.

The Bitcoin Community

Bitcoin’s community has grown substantially since its cypherpunk beginnings and blossomed into an open-source society of innovative thought, technical development, and creativity. Polarizing topics and tribalism are prevalent in the community, however. Despite this, the larger goal for Bitcoin — no matter what narrative you believe — is a binding ideology that many share. When you strip down the arguments over technical implementations, soft forks, hard forks, and other issues, the values that many core community members share are the same. Primarily, these values are privacy, censorship-resistance, and the belief in sound money free from coercive control.

One of the most intriguing concepts within Bitcoin is the idea that it is socially scalable, a concept created by Nick Szabo in his Unenumerated blog post “Money, Blockchains, and Social Scalability.” To quote a summary of his position:

“Social scalability is the ability of an institution –- a relationship or shared endeavor, in which multiple people repeatedly participate, and featuring customs, rules, or other features which constrain or motivate participants’ behaviors — to overcome shortcomings in human minds and in the motivating or constraining aspects of said institution that limit who or how many can successfully participate. Social scalability is about the ways and extents to which participants can think about and respond to institutions and fellow participants as the variety and numbers of participants in those institutions or relationships grow. It’s about human limitations, not about technological limitations or physical resource constraints.”

Szabo explains that Bitcoin’s technical shortcomings were a brilliant trade-off with something more valuable, the social scalability of a public and decentralized medium of value exchange. Such a system removes the inherent need of people to implicitly trust third parties, which he also defines as security holes. Trust-minimization of Bitcoin and the ability of participants to benefit from its existence without being adversely affected by coercion, in a system they don’t need to understand why or how it works, is an enormous feat. Bitcoin’s ability to confer this opportunity to participants and exist as a socially scalable foundation for value exchange is a binding principle within the community that assuredly has contributed to its growth over the years.

Social Scalability

Read: What is Social Scalability and How Does It Apply to Cryptocurrencies?

Bitcoin has the strongest and most established network effects out of any cryptocurrency community. There are nearly 1 million subscribers on the main Bitcoin subreddit, and a University of Cambridge study placed the number of active cryptocurrency users worldwide between 2.9 and 5.8 million, with Bitcoin accounting for the vast majority.

Topics are often polarizing within the Bitcoin community, and while it is often driven by a passion for the underlying movement, it has become toxic in many instances as well. The ongoing feud between the recent Bitcoin Cash hard fork camps — particularly between Roger Ver and Craig Wright — is a recent high-profile example of this toxicity.

The Bitcoin community also receives criticism from outside its borders, mainly with mainstream media, gold bugs, certain economists (i.e., Nouriel Rubini), and fervent supporters of the fractional-reserve banking system, such as banks and other financial executives. Mainstream media coverage of Bitcoin, and cryptocurrencies in general, is worse than subpar and tends to only focus on price movements. The media’s influence on public perceptions of technology and thought is profound, so the Bitcoin community’s challenges in overcoming ignorance about the principles the community is striving for are formidable.

The Regulatory Landscape

The global regulatory landscape of cryptocurrencies is diverse and still forming. In the U.S., action and definitive positions by the SEC, IRS, and CFTC have been frustratingly slow, especially for business entities and exchanges in the industry. The SEC has made several comments on cryptocurrencies — particularly ICOs — and their intention to pursue fraudulent or illegal securities. Recently, a landmark case with Airfox and Paragon signaled the potential retroactive evaluation of ICOs.

Concerns over ICOs do not involve Bitcoin, however. The SEC has actually made several comments saying that Bitcoin is not a security. Further, several rulings have confirmed with the CFTC that Bitcoin is considered — at least at the federal level — a commodity. Bitcoin ETFs are pending approval by the SEC, and a sizeable portion of media focus has been placed on this development. Bakkt — an upcoming Bitcoin futures contracts platform — recently delayed its launch until January 2019, but the popular opinion is that the platform will attract broad interest from institutional finance with Bitcoin.

Bitcoin ETF

Read: What is a Bitcoin ETF: Complete Beginner’s Guide

Considering the amount of technological innovation that has come with Bitcoin, it would be inferior judgment by the U.S. government to inhibit its growth through regulatory restrictions. Many developments in Bitcoin are fostering greater adoption through more friendly user-interfaces, better wallet applications, metrics, and exchange functionality. Hindering their growth through red tape would be detrimental to the wider industry’s growth. However, it is becoming more clear that the regulatory environment will likely let Bitcoin proliferate in the U.S.

Distaste for increasing KYC/AML procedures with cryptocurrencies has also led to numerous decentralized exchanges and P2P marketplaces, privacy enhancements at the protocol level, privacy-oriented wallet services like Samourai, and cold storage wallets like Ledger and Trezor. The emphasis on privacy, security, and autonomy from governments will inevitably persist with the core community and are how many of the more novel technologies and solutions come about in Bitcoin.

Future Bitcoin Developments

Bitcoin is under constant development and adaptation. The future roadmap has some intriguing and sophisticated concepts that should prove vital to the sustainability of the network and its narrative direction.

Following the BIP system is the best way to stay on top of looming upgrades and technical proposals, but it is time-consuming and developer-oriented. Other methods for staying in the loop include following prominent Bitcoin figures on social media, using the Bitcoin subreddits, and digesting content from cryptocurrency news sites like Coindesk.

The continued development of Bitcoin’s Lightning Network is one of the major trends to watch closely over the coming months and years, as it could allow Bitcoin to function as a P2P payments system and high-value settlement layer concurrently. Schnorr signatures are also a significant implementation pegged for integration into the protocol in 2019. Schnorr signatures are considered the best cryptographic signature available and have been a primary target of the core developers to add to the protocol for several years.

The growth of atomic swaps and submarine swaps are also crucial as they can allow for cross-chain (including LN) functionality between Bitcoin and other blockchains. There are myriad of developments happening within the Bitcoin community, and it is always best to do your own research.

Bitcoin Resources for Learning More

Resources on learning more about Bitcoin are seemingly endless at this point, but here is a list of various types of resources that contain all levels of information.

The Bitcoin Whitepaper: Bitcoin: A Peer-to-Peer Electronic Cash System – Satoshi Nakamoto

Books

Blogs

Digital Currency or Related Projects Before Bitcoin

  • Bitgold – Nick Szabo — Cryptocurrency pioneer and smart contracts creator
  • Hashcash – Adam Back
  • B-Money – Wei Dai
  • DigiCash – David Chaum
  • E-Gold – Douglas Jackson and Barry Downey

General Resources

News Sites

Network Metrics

Online Courses

Conclusion

From humble 2008 origins and an anonymous founder, Bitcoin has emerged as one of the most innovative technologies in modern times. Bringing with it an entire industry, Bitcoin has spawned a movement towards sound money, enhanced privacy, and censorship-resistance from coercive authorities.

Bitcoin has come a long way, and it still has a long way left to go.

The post What is Bitcoin? The Ultimate Guide for Beginners appeared first on Blockonomi.

Bitcoin’s Lightning Network: The Neutrino Protocol & Recent Developments

Bitcoin’s second layer scaling solution — the Lightning Network (LN) — has made some significant strides in 2018, despite the extended bearish sentiment in the markets. Many developers view these types of market downturns as vital periods of growth for both the underlying technology and the core community.

The LN has been flourishing over the last few days, despite the recent negative downtrend in the crypto markets once Bitcoin broke its support. The value capacity of the LN (sum of channel values) is currently around $2 million (~441 BTC) and the number of open channels at roughly 15,800. As of the time of this writing (11/21), this marks a considerable increase from only a few days ago on 11/17. Since then, the sum of the channel value leaped from 232 to 441 BTC, and the number of open channels surged from approximately 14,300 to 15,800.

Bitcoin Lightning Neutrino Protocol

Reasons for the surge in activity and value aside, evaluating some recent developments — particularly the Neutrino Protocol and BTCPay server — offers some intriguing insights into the growing LN.

Lightning Labs and The Neutrino Protocol

Lightning Labs has been at the forefront of innovation when it comes to the LN. Their Lightning Network Daemon (LND) is a comprehensive implementation of the LN and includes several back-end chain services, like Neutrino, which is an experimental light client. The LND complies with the continually evolving Lightning Network specifications (BOLTs) standards and is tailored towards developers looking to get their feet wet with the LN.

Neutrino is a privacy-preserving light wallet client designed with an emphasis on using the LN. It is written in Go and utilizes compacted block filters to improve upon the SPV bloom filtering (BIP 37) light client implementation that has been the standard among Bitcoin light clients for several years. The Neutrino protocol is still in the experimental phase, so it is not recommended for using at the capacity you would use the full LND client at the moment.

The primary problems that Neutrino addresses are the leakage of information with bloom filters in SPV nodes that can be used to deanonymize users and to provide a more user-friendly experience while retaining a non-custodial, secure and decentralized wallet.

Neutrino is designed to minimize bandwidth and storage on the client side while preserving privacy on the full nodes that serve the light clients. It achieves this through a mechanism where GSC filters are used to represent addresses corresponding in a specific block, which are a much more compressed version of a block than the source block. Low-bandwidth devices (i.e., mobile phones) can subsequently determine if transactions within a newly minted block are relevant to the user’s wallet. If a block contains relevant transactions, then the Neutrino client downloads the corresponding block, but only the transaction data, not the signatures or witness data. The client can then scan and update its transaction information with the process completed by the user’s wallet software rather than a random node, an important privacy consideration.

Submarine Swaps

What Are Submarine Swaps? Send Bitcoin from Mainnet to Lightning Network & Back

Syncing of Neutrino clients follows a modified version of the current BIP 37 SPV client process where the client downloads the chain of block headers rather than the actual blockchain like with a full client. However, the Neutrino client simultaneously downloads a chain of filter headers where a GSC filter corresponds to each block. The Neutrino client — based on analysis of relevant transactions within blocks — downloads the transaction data of the block if the corresponding GSC filter contains the relevant transaction data.

Neutrino clients require much less bandwidth due to GSC compression and actually reduce the computational load on full nodes since filters sent to Neutrino clients only need to be computed once for all of its users. The client also contains new protections for resolving conflicting transaction information and reduces local storage requirements by discarding previous block headers once validated during the syncing process.

Neutrino is still in its early stages, so it should be used with caution. The Neutrino Github explicitly warns about using the experimental protocol and details several major issues with the protocol so far. The official BIP proposals referencing Neutrino are BIP 157 and BIP 158. Lightning Labs also provides an extensive blog post on the Neutrino Protocol and its projected developments.

Future developments in Neutrino include block filter retrieval from outside Bitcoin’s network and potentially integrating the GSC block filter hash directly into the block header via a soft fork. Eventually, the goal is for Neutrino to build the foundation for a next generation of wallet applications to be built on top of.

Another notable development regarding Neutrino surfaced when Bitcoin developer at Bitcoin Advisory — Pierre Rochard — proposed a Microsoft Excel plug-in for the Lightning Network. The plug-in utilizes a Neutrino client and enables users to trivially paste wallet addresses and pay other users on Excel via the LN. These types of LN advances are vital to facilitating the adoption of the technology as Excel is one of the most widely used accounting software tools in the world.

BTCPay Server Developments

BTCPay server has become a popular open-source cryptocurrency payment processor, focusing primarily on Bitcoin. It is a non-custodial invoicing system that conforms to the invoice API of BitPay and effectively allows users to become their own Bitcoin and LN payment processors, either through a self-hosted server or third-party server.

BTC Pay

BTCPay, Image from Bitcoin Wiki

Applications can be built on top of it, and several have already created in-store point-of-sale systems using BTCPay server. The primary advantages of using BTCPay server include direct control of funds, use of the LN (can even process payments for other users), lower fees, and universally compatible invoices.

An interesting application of BTCPay server was announced earlier this month by IndieSquare. They developed a Unity SDK that uses the BTCPay server for game developers to create in-game stores and in-app purchases via the LN. Developers can subsequently retain complete control over the payment processing for game stores or purchases while utilizing an invoicing UI for multiple games.

IndieSquare even provides a guide to add an in-game shop UI for game project asset “Survival Shooter” that uses the LN and BTCPay server. BTCPay server is tailored towards developers, but its proliferation should help to reduce concerns around censorship by payment processors stemming from compliance issues.

The Future Lightning Network

Bitcoin has an ample design space for building on top of it and creating user-friendly applications that should help foster greater adoption of the technology. The LN has come a long way since its inception. Recent developments show a trend towards much more viable applications and self-sovereign technical implementations — such as BTCPay Server — that grant users the privacy, decentralization, and security without sacrificing too much on the UI/UX front.

The recent growth of the network over the last week is significant, symbolizing that people are interested in using the LN despite bearish sentiment in the broader market. Such trends typically go unnoticed by mainstream media but prove to be crucial gauges of adoption as the underlying technology continues to evolve.

Lightning Labs notes that it has been six years since the last Bitcoin improvement proposal emphasizing mobile platforms. Neutrino offers an enhancement to several of the problems facing most Bitcoin light clients and their shortcomings in security, privacy, and usability. With increasingly common advancements refining the LN experience, the LN is poised to continue on its trajectory to a scalable payment network solution for Bitcoin.

The post Bitcoin’s Lightning Network: The Neutrino Protocol & Recent Developments appeared first on Blockonomi.

An In-Depth Look at The Potential of Blockchain-Based Virtual Real Estate

Blockchain technology has been speculated as a viable infrastructure for the real estate industry for several years. Recently, a luxury condo in Manhattan was tokenized on the Ethereum blockchain as part of a broader trend towards the tokenization of both fungible and non-fungible assets such represented by the likes of securities and real estate, respectively.

However, one of the more intriguing concepts within blockchain networks and cryptocurrencies stems from the virtual arena. Virtual real estate — such as on Decentraland — offers a compelling case for an open and decentralized virtual economy.

Blockchain Virtual Real Estate

A History of Virtual Property

Virtual property derives its history from video games. Video gamers were some of the first to pick up on the potential of cryptocurrencies as a result of their similarities to in-game virtual currencies from games like World of Warcraft to Entropia. Most virtual property in these games tends to come in the form of tradeable skins or upgrades such as in Call of Duty or Counter-Strike also, but virtual property has also remained a lucrative endeavor for some.

For instance, a man sold his Entropia virtual property for a reported $635,000 all the way back in 2010. Ethereum was not even built yet, and Bitcoin was blooming as a fringe crypto-anarchist project. As a result, the $635,000 property was predicated on the notion that it wasn’t even provably scarce or could be subject to arbitrary behavior by the game publisher.

Since 2010 and with the advent of blockchains and cryptocurrencies, virtual items have emerged with a renewed vigor as blockchains afford them the properties of verifiable scarcity and decentralized, P2P exchange. Marketplaces like Wax and OpenSea have materialized into open mediums for exchanging non-fungible gaming items such as CryptoKitties or Gods Unchained cards.

Despite Ethereum grappling with current scaling problems, there are some exciting projects with some admittedly odd long-term implications being built on the platform. While perhaps not yet ready for the mainstream, Decentraland and its immersion with other protocols like Aragon may offer a futuristic — and lucrative — glimpse of the market for virtual real estate within an interactive 3D world.

Virtual Reality and a Demand for Virtual Real Estate

According to a 2018 report on the Virtual Reality (VR) market released in April, the global VR Market was valued at $3.13 billion in 2017 and is projected to reach $49.7 billion by 2023 at a CAGR of 58.54 percent over that 5-year period. One of the most compelling forms of VR is the “Immersive” VR experience that can be used for anything from augmenting educational experiences to improving PTSD in post-war military members.

The entertainment side of immersive VR comes more tailored to experiences focusing on gamers. These platforms have even translated to blockchains, with Decentraland representing the prime example on Ethereum. The Block recently provided some excellent analysis on the extent of Decentraland’s recent flurry of economic activity and why people may be targeting virtual real estate.

Decentraland Guide

Read: What is Decentraland?

Parcels of land on Decentraland are divided into LAND non-fungible tokens that can be purchased with fungible MANA tokens on the platform. While activity from January 2018 until October 2018 was low — roughly $23.5 million spent –, the highest price paid for a parcel of land was $175,000. Further, data derived from NonFungible.com by The Block reveals that the average price per LAND token is approximately $602.

These prices are also within the context of a very early-stage project that has limited gameplay and a high barrier to entry as it is currently geared towards developers. So why virtual real estate and why pay $175,000 for one parcel of virtual real estate?

The answer may not be very straightforward this early in VR technology, but it essentially comes down to scarcity and interactive immersion. As the gaming industry progresses, virtual worlds will become more and more realistic. Games like Red Dead Redemption 2 are incredibly popular for this very reason. Moreover, games like Minecraft with their sandbox-style environment — similar to Decentraland — are some of the most popular games out there with issues of kids becoming addicted to the games an actual problem. When you throw in an uncensorable, decentralized ledger with provable scarcity, and its own native currency that is teeming with potential, you have a powerhouse product.

Non-Fungible Tokens

Read: What Are Non-Fungible Tokens? 

How Lucrative will it Become?

Decentraland will likely not be the only blockchain-based VR 3D immersion game for long. However, analyzing the early-stages of how users and developers build property and cities, go to casinos, and exchange value with each other over an entirely virtual medium has some fascinating implications. Primarily, two components of virtual real estate are the most interesting:

  1. How lucrative can it become?
  2. Will it become a testing environment for concepts like fractionalized ownership and technological innovation?

The potential for virtual real estate to become highly lucrative is real. When considering how blockchain-based, provably fair casinos can be built into a world like Decentraland, where the value derived from that virtual casino can actually translate to tangible value outside of the game, it becomes difficult to place a limit on imagining various interactions within the virtual world. The permanent record of ownership and provable scarcity within a game on a blockchain plays a crucial role too. Real estate is scarce and mirroring that same rarity and value within a virtual realm through a non-fungible standard such as ERC-721 has profound effects on whether or not users will view virtual property as a legitimate long-term investment.

The ability of a virtual reality game built on a blockchain to become a testing environment for a myriad of technical and financial concepts is also absorbing. Fractionalized ownership has been floated as a method for divvying up a commercial real estate among smaller investors, made possible by the flexibility of tokens representing ownership in the property. Applying the concept outright in the real-world would assuredly bring some problems with it, so a medium like Decentraland could prove an exceptionally useful testing environment for working out the kinks in governance that fractionalized ownership necessitates. Subsequently, the viability of specific instances of fractionalized ownership could be determined, such as transferring another ERC-721 non-fungible asset like a digital art piece to Decentraland and testing its fractionalized ownership capabilities.

If we extend the testing environment plausibility of a platform like Decentraland to even technological innovations such as integration with VR headsets, then the boundaries are really being pushed. Finally, governance may prove to be one of the most challenging aspects of decentralized communities. A virtual landscape predicated on public and open standards can provide the type of sandbox for experimenting with governance models without the inherent polarization and negative effects that come with doing so in the real world. Yes, the medium is entirely virtual, but that does not necessarily mean people act completely different than they would under the confines of the Rule of Law. The complexity of governance is why practically experimenting with new models is indeed one of the few legitimate shots at finding a mechanism that works. The consequences don’t have to be redefining established institutions and democratic foundations like representative democracy, but more subtle realizations in distributed network off-chain consensus.

Conclusion

Virtual real estate may be some time away from becoming a normal component within the blockchain and cryptocurrency ecosystem, but its potential to become so is there. Whether as an experimental ground for standardized public interactions between users seeking to monetize the virtual landscape or just gamers who are addicted to Minecraft and want to build scarce items, virtual real estate offers some promising ideas.

The post An In-Depth Look at The Potential of Blockchain-Based Virtual Real Estate appeared first on Blockonomi.

What is Ethereum? Beginner’s Guide to This Decentralized Computing Platform

Ethereum Guide

Bitcoin is the legacy, original cryptocurrency that launched an entire industry of innovation predicated on blockchain technology and its accompanying field of technical and economic mechanics. Primarily envisioned as a store of value and medium of value exchange outside of the jurisdiction of governments or third parties, Bitcoin’s application focuses on providing individual economic freedom through creating a novel financial technology.

However, the application of blockchain technology, cryptography, distributed computing, and economics in a system such as Bitcoin’s only was the tip of the iceberg to a future industry of vast potential. Ethereum opened the door to the potential of utilizing blockchain technology for a wide variety of applications.

What is Ethereum?

Pegged as a distributed world computer, Ethereum is an open-source, public blockchain and decentralized computing platform featuring turing-complete smart contract functionality. Proposed in late 2013, by a then 19 year old Vitalik Buterin, as a platform that could hypothetically leverage the blockchain to store and execute computer programs across an international network of distributed nodes, Ethereum has become the most well-known and established cryptocurrency outside of Bitcoin.

Ethereum Guide

The History of Ethereum

Ethereum has a long, controversial, and highly significant history that has had a major impact on shaping the modern cryptocurrency sphere. The white paper proposed by Vitalik in late 2013 was the beginning of the Ethereum era.

Outlined as a distributed world computer for executing and storing computer programs, the goal was to create a distributed computing platform that took full advantage of the potential afforded by blockchain technology. As Vitalik puts it in the introduction of his paper:

“What Ethereum intends to provide is a blockchain with a built-in fully fledged Turing-complete programming language that can be used to create “contracts” that can be used to encode arbitrary state transition functions, allowing users to create any of the systems described above, as well as many others that we have not yet imagined, simply by writing up the logic in a few lines of code”

The systems that he “describes above” in the quote refer to common applications (dapps) built on top of the Ethereum blockchain today such as on-chain digital assets (ERC-20 tokens), non-fungible assets, decentralized exchanges, on-chain identity and reputation systems, peer-to-peer gambling, decentralized autonomous organizations (DAOs), and most notably, smart contracts.

Smart contracts are the primary feature of Ethereum and are basically self-executing programs that facilitate the exchange of anything of value on the network, immutably stored on the blockchain. They execute when specific conditions are met and are outside the influence of third parties or censorship and have no downtime, as long as the Ethereum network is functioning.

The general ambition of the project outlined in the white paper as well as the technical expertise of its young founder attracted the attention of many in the cryptocurrency space. The platform’s core innovation became known as the “Ethereum Virtual Machine” (EVM) and is a turing-complete software that runs on the Ethereum network, enabling anyone to run any program, regardless of the programming language, on the Ethereum blockchain. The result is the potential to create a vast array of decentralized applications all on a single platform.

The early development of Ethereum began in early 2014 with Vitalik and a small team including Anthony Di Iorio, Charles Hoskinson, and Mihai Alisie. The project began through the Swiss company Ethereum Switzerland GmbH and subsequently through the Swiss non-profit Ethereum Foundation.

Vitalik Buterin

Read our Profile of Vitalik Buterin

At the time, Joseph Lubin was the COO at Switzerland GmbH and helped to found the Ethereum Foundation. He remains a prominent figure in the cryptocurrency community as the founder of ConsenSys.

In July 2014, Ethereum underwent a crowdsale where more than $14 million was raised from July-August. In September of the same year, the Ether (the Ethereum currency) was distributed to the investors and development team, while the remaining funding went to the Ethereum Foundation.

In July 2015, the first mainnet, experimental release of Ethereum was launched and labeled the “Frontier” release. The first major upgrade to the Ethereum platform was released in March 2016 as “Homestead” and was the first upgrade to be considered stable, focusing on gas pricing, security, and transaction processing. At the time, critics of Ethereum were still wary about its security and stability as although being a Turing complete platform offers a substantial amount of potential development applications, it also brings with it some serious and potentially fatal security concerns.

The DAO

Despite security concerns, on the wave of excitement from the community, The DAO, a decentralized autonomous organization functioning as an investor directed VC fund was created. The DAO raised approximately $150 million through contributions from over 11,000 people and was seen as novel, self-executing combination of smart contracts designed to function as a decentralized investment vehicle.

Infamously, the DAO was hacked in June 2016 when unknown users were able to exploit a vulnerability in its code and were able to move $50 million into a different DAO (known as the Dark DAO). Further, once public, others users used the same vulnerability to divert the remaining funds into a third DAO called the White Hat DAO.

What is a DAO?

Read more about DAO’s and the DAO Hack

The resulting fallout was intense and highly polarizing. Two sides emerged with one side claiming that the immutability of the blockchain and the core tenet of “code as law” could not be broken while the other side argued for hard forking the protocol to return investors’ funds and eliminate the hackers’ access to the funds on the original Ethereum blockchain.

Eventually, Vitalik Buterin announced in July 2016 that miners had agreed on the hard fork and the fork was imminent. However, a minority of miners were still holding out and held steadfast in their convictions on not forking the protocol, which they saw us undermining the core principle of the platform. Thus, Ethereum was forked and the new chain became known as Ethereum and the old, unforked chain became known as Ethereum Classic, effectively splitting the Ethereum community.

As time progressed, the majority of businesses, developers, miners, and users favored the Ethereum (forked) chain and is the current chain named Ethereum with the 2nd highest market cap and a vast community behind it. Ethereum Classic (ETC) remains a popular cryptocurrency too, however, with the team behind ETC implementing the same upgrades as the Ethereum chain and actively developing the platform as well.

Ethereum vs. Ethereum Classic

Ethereum vs Ethereum Classic: What’s the Differences

The most recent major upgrade to Ethereum came in the form of “Metropolis – Byzantium”, which is the first part of a two-part Metropolis upgrade that is supposed to lay the foundation for the transition of Ethereum to its Proof-of-Stake upgrade “Casper”, as well as its eventual sharding implementation.

Ethereum has been at the forefront of the recent scaling problems in the broader cryptocurrency industry. Plagued by high gas fees and slow transaction times, Ethereum is facing serious concerns about its ability to scale to meet the demands of thousands of dapps running on its platform and a sufficient high-throughput capacity to support a vast network of decentralized participants.

The proposed solutions are set to come in the aforementioned Casper upgrade and its eventual transition to sharding, a unique horizontal database architecture partitioning method designed to alleviate network congestion and help the network to scale.

How Does Ethereum Work?

The Ethereum Virtual Machine (EVM) is a Turing-complete software that runs on the Ethereum network. It executes scripts across a distributed network of computers and enables the execution and storage of everything from smart contracts to DAOs. Functionally, Ethereum allows developers to build decentralized applications on top of it. This can include games, distributed registries, organizations, and many more.

The design behind Ethereum, based on the white paper, is intended to follow the principles of:

  • Simplicity – The protocol should be as efficient as possible, even at the cost of data storage or time inefficiencies.
  • Universality – An internal Turing-complete scripting is provided language that a developer can use to program any smart contract or transaction type.
  • Modularity – Ethereum protocol should be designed to be as modular and separable as possible.
  • Agility – The protocol is not set in stone and any opportunities to improve the protocol architecture or the EVM in scalability or security will be exploited.
  • Non-Discrimination/Non-Censorship – The protocol should not attempt to actively restrict or prevent specific categories of usage.

Benefits of Ethereum

The benefits of Ethereum not only as a blockchain-based platform itself but also compared to other blockchain-based platforms includes:

  • Immutability – A third party cannot make any changes to data.
  • Corruption/Tamper Proof – Censorship is unfeasible with the PoW consensus of the vast and decentralized network agreeing on its global state.
  • Security – The combination of the PoW consensus, cryptographic techniques used in the transaction model, and lack of a central point of failure protects the network against hacking and manipulation.
  • No Downtime – Applications, smart contracts, organizations, etc all running on the Ethereum blockchain are always running and cannot be turned off.

Disadvantages of Ethereum

As a Turing-complete platform, Ethereum is susceptible to vulnerabilities that can be exploited through the complexity of the primary programming language used in smart contracts, Solidity. Smart contract security has become a major concern and the DAO hack was the revelatory event that led to mainstream concerns of the long-term viability of smart contracts moving forward.

Ethereum also places a large focus on Security and Decentralization over Scalability. While scalability solutions are in the works and on the horizon, the low-throughput capacity and high gas costs for Ethereum at the moment make it inconvenient for mainstream users looking for free use of applications that they are accustomed too, as well as for developers building applications, where gas costs have become prohibitively high in some instances.

Transaction Model

Ethereum uses an account-based model, similar to a modern banking model for users, rather than the UTXO model of Bitcoin. The global state of Ethereum is divided into these accounts, which consist of 20-byte addresses and where each transaction of value or information between accounts is considered a state transition.

An Ethereum account contains 4 fields. The nonce, ether balance, contract code, and storage. There are two types of accounts, externally owned accounts and contract accounts. Externally owned accounts are user accounts which are controlled by private keys, does not contain any code, and can be used to create and sign transactions. A contract account is a smart contract, run by code and receives messages that allow to store messages and code as well as contact other contracts and externally owned accounts.

Ether is the currency of the Ethereum platform while Gas is the derivative of Ether used to pay for transactions and computations across the network. Ethereum chose the account-based model over the UTXO model of Bitcoin for a number of reasons, which you can find more in-depth information on here.

Ethereum Mining

Ethereum mining is in many ways similar to Bitcoin mining. However, there is a primary difference where the Ethereum blockchain not only stores the transaction list of the blockchain, but also the most recent state of the network.

Ethereum also employs the use of Patricia Trees rather than Merkle Trees as part of its blockchain state regulation. Patricia Trees are a modified form of Merkle Trees that enables Ethereum to efficiently store and adjust the state of the blockchain in each block.

Some other notable features of the Ethereum blockchain and mining include:

  • 12 second block time
  • Ethash Mining Algorithm (Uses DAG)
  • Static Block Reward of 3 ETH
  • Miners compensated for gas expended in block.
  • Extra reward for including Uncles as blocks.

How to Mine Ethereum

Find out more about Ethereum Mining in our Complete Guide

Consensus

Ethereum currently employs a modified Nakamoto Consensus Proof-of-Work (PoW) consensus model. The PoW consensus in Ethereum is extremely secure as the network consists of thousands of decentralized nodes across the world.

Mining in the PoW model of Ethereum utilizes the Ethash (DAG) algorithm which is designed to hash a fast verifiability time. Additionally, large scale miners get comparatively little benefit from larger operations due to the large memory requirements of the algorithm.

This model will eventually be replaced by a Proof-of-Stake consensus implementation with the upcoming Casper upgrade.

Beginner’s Guide to Ethereum Casper

Read more about Ethereum Casper

Smart Contracts & Dapps

Smart contracts and the ability of developers to build decentralized applications on Ethereum is its most prominent feature. From building dapps that function as games to teams releasing their own ERC-20 tokens on Ethereum, a multitude of significant developments in the broader cryptocurrency industry have been enabled by leveraging this functionality of the EVM.

Solidity is currently the primary programming language used to write smart contracts and build dapps, however, Ethereum is currently experimenting with a new Beta programming language known as Vyper that is supposed to be a much simpler, secure, and auditable language for smart contracts in order to mitigate some of the complexity deficiencies surrounding Solidity.

If Ethereum is able to scale to meet mainstream application and throughput demands, the possible iterations of dapps on the platform are endless. Developers will have new avenues to monetize their creations, users will not be burdened with expensive and inefficient third-parties, and eventually applications (and even blockchains) will become interoperable with each other, empowering an entirely new paradigm of application development and innovation.

The Future of Ethereum

Ethereum seems invariably placed, alongside Bitcoin, as the center of the cryptocurrency world. With standards being proposed and implemented on the Ethereum network, a vast and dedicated community of developers and various other contributors behind it, and a vocal, talented leader in Vitalik Buterin leading the way, the Ethereum future looks bright.

Ethereum remains at the bleeding edge of innovation in the industry with developments such as its planned transition to sharding seen as some of the most daunting tasks out there, not just in the blockchain field either, but the larger technical community as well. Ethereum also lists a number of future technologies they are actively or potentially developing that include:

  • Saving Wallets
  • Crop Insurance
  • Decentralized Data Feed
  • Multisig Escrow
  • Cloud Computing
  • P2P Gambling
  • Prediction Markets (i.e. Augur)
  • Decentralized Marketplaces (i.e. 0x)

Not only is the Ethereum team developing groundbreaking innovations, but the larger community that participates in the network in the form of developing their own projects, within the confines of the Ethereum network, are also making significant contributions. Some interesting and exploratory uses of Ethereum include projects such as Aragon, 0x, Augur, Golem, and Loom Network.

Conclusion

Ethereum is one of the most important and popular platforms in the blockchain/cryptocurrency industry today. As tech talent continues to migrate to the space, adoption becomes more mainstream, and scaling solutions are implemented, Ethereum looks to remain the distributed world computer for the decentralized applications of tomorrow.

The post What is Ethereum? Beginner’s Guide to This Decentralized Computing Platform appeared first on Blockonomi.

Implementing Blockchain for Voting: An Indepth Look at the Technical Issues

Blockchain Voting

The viability of blockchain-based voting systems has been highly contentious. At a technical level, blockchains and their associated technology — such as cryptography and distributed storage systems like IPFS — provide some unique advantages that legacy voting systems don’t employ. The current criticisms of blockchain-based voting systems largely stem from their functionality as online/e-voting models that have received their fair share of criticism over the years as vulnerable to hacking and manipulation.

At the core of the debate that proponents of blockchain voting systems are pushing is that developing innovative solutions using the technology do not necessarily have to be perfect, as long as they simply improve upon the current model. Alex Tapscott recently penned an Op-Ed in the New York Times leading up to the recent midterm elections about online voting systems. The piece was met with stiff resistance by academics and political pundits, but it highlighted some important consequences of a secure and anonymous online voting system underscored by a P2P blockchain system.

Blockchain Voting

According to the preliminary analysis of voter participation in the midterms by the U.S. Elections Project, roughly 49 percent of eligible voters participated in the election. While this is an unprecedented amount of participation in midterm elections, it is still only 49 percent of eligible voters. Online voting systems — predicated on a blockchain — can improve voter participation by easing access to the process, avoiding administration and counting errors (see the ongoing situation in Florida), and ensuring the authenticity of results based on cryptographic guarantees of security.

There are problems still facing blockchain-based voting systems, however. Implementing the technology is not a silver bullet to cure all voting woes in democratic systems. Some of the major concerns facing blockchain voting systems include validating identity, falsifying votes for voters who did not vote, and issues with the potential to deanonymize voters.

The implementation of blockchain voting is usually tied to some new method for voting at a larger scale. For instance, liquid democracies, carbon voting, and other systems are often tethered to a blockchain model as a proposed better method than the current system. While interesting, these concepts are not the primary concern of this piece and bring with them their own forms of advantages, disadvantages, and contentious debate. Analyzing blockchain voting systems at a technical level requires emphasizing the fundamental components of any authentic democratic voting system followed by looking at some recent practical examples.

The Fundamental Components of a Democratic Voting System

A blockchain voting model would require all of the same guarantees that any democratic election system has. Particularly when referencing an e-voting system, these include:

  • Completeness/Finality of Results
  • Robustness and Authenticity of the System (Cryptographic guarantees on fraud, tampering, etc.)
  • Eligibility (secure, fast, accurate identity verification system)
  • Verifiability
  • Unreusable Votes
  • Anonymity

Analyzing the potential of a blockchain e-voting system requires viewing the model through the prism of preserving the above components that democratic elections strive to achieve.

Completeness/Finality of Results

This refers specifically to the notion that all eligible voters are accepted as able to vote, and all votes are counted correctly. Finality is a concern in modern voting systems where different voting machine software and identification requirements often lead to recounts in tight races. Removing this inefficiency is key to improving the authenticity and acceptance of results.

Robustness and Authenticity of the System

Simply put, voter confidence in election systems — even in developed democracies — is astoundingly poor. According to a Harvard report in 2016, only 29 percent of Americans were confident ballots nationwide would be counted correctly. Preventing tampering and reducing the ability of fraudulent voters to affect the system is an arduous task with a long historical precedent of challenges.

Eligibility

This mainly refers to only legitimate voters being able to vote. Instances of dead people voting and illegal voting remain problems today.

Verifiability

Vote auditing, or the ability for anyone to verify that the outcome is the legitimate sum of all eligible votes cast. This concept applies both to the voter that they can be sure their vote was counted and to the general universality of anyone being able to verify the overall outcome is authentic.

Unreusable Votes

Voters can vote only once. Applies to elections of representatives, referendums, initiatives, etc.

Anonymity

One of the essential components of any democratic voting system, voter anonymity protects them from post-election retribution or coercion at the time of voting. Coercion through “vote buying” is still a concern though and solutions such as blind signatures and multi-faceted private key/password combinations as voting receipts have been floated as solutions.

The above categories are necessary — at least to a certain extent — to accurately and successfully achieve a democratic election result.

Implementing a Blockchain Voting Model

In a straightforward voting system, we can assume there are at least 3 primary entities participating:

  1. Voters
  2. Authorities
  3. Counters

Importantly, the vital component where a blockchain-based system can have the largest impact is uncoupling the authority entity from the counter entity. The precise reason for doing so only requires a quote from Joseph Stalin to understand why:

“It’s not the people who vote that count. It’s the people who count the votes.”

Counting of ballots is typically run by the authority (i.e., government) so removing the relationship between the two can provide crucial assurances to voters in regards to confidence in the election’s integrity. Such manipulation may not be prevalent in developed democracies, but it is well-established as a common problem in the developing world, particularly where there is exceptionally inadequate infrastructure.

At the start of a traditional voting process, voters cast their ballots to electronic voting machines or paper ballots at polling places. The counters tally these votes and store them in a centralized database overseen by the authority.

A blockchain voting model removes the connection between counters and authority by uploading votes directly to the blockchain itself, a P2P ledger network with no intermediary. The digital medium for vote casting is the blockchain rather than a database controlled by an authority. A public blockchain would be the optimal choice for such elections, especially a decentralized ledger such as Bitcoin or Ethereum.

Within such a system, there would only be two primary participating entities, the voter and the authority. The counter would be eliminated, and the authority could simply tally the votes through an accessible and transparent blockchain rather than relying on various polling places and machines to report results to a siloed database. Voters would be able to cast votes directly through their phones or on their computers. However, these mechanisms for voting would require two sets of data:

  1. The Actual Votes
  2. Identification Documents

Identification documents would need to be validated by the authority — which leaves open potential manipulation still — but could eventually be replaced by whitelisted identities verified through a distributed identity protocol. For now, decentralized identity services are just not developed or ubiquitous enough to function adequately in such a system so the authority (government) would function as the verifier of voter identity. Potential falsification of identities and variations of Sybil attacks loom over blockchain voting implementations.

Rather than votes being directly uploaded to the blockchain, they could be encrypted and stored in a distributed file system such as IPFS. Subsequently, the hashes of the votes could be stored on the blockchain that correlates to their IPFS location. Using IPFS would save storage space, making the voting more scalable on the public ledger while also providing an initial layer of identity obfuscation. A reasonable concern with this process is anonymity though. Voters could potentially be deanonymized through IP mapping or other network-layer tracing methods that connect their vote to their identity. However, developments in zero-knowledge proofs for anonymous but verifiable voting and network-layer privacy protections such as Dandelion offer some promising potential for preserving privacy on this front.

Additionally, Zcoin — who recently completed a Thailand primary election on their blockchain with over 127,000 votes — implemented Shamir’s Secret Sharing Scheme to ensure that no single entity could decrypt voter information. All of the participating authorities (Thai Election Commission, Democratic Party, candidates) would have to sign off unanimously on decrypting the voting data.

ZCoin Guide

Read: What is ZCoin?

Following the election, finality would happen significantly faster than traditional systems. For reference, Zcoin achieved final results in the primary within 12 hours. Current methods require recounts and other inefficiencies that extend election counting periods and reduce voter confidence.

The universal verifiability of votes could also occur in a much more straightforward manner than legacy voting systems. Auditability of elections through the IPFS hash on the blockchain ensures that the outcome is the legitimate sum of all votes cast. However, individual verifiability is more complicated when attempting to maintain anonymity and is an active area of research for blockchain voting mechanisms. Proposed methods to overcome this issue include having the voter generate a public/private key pair at the time of voting that ensures individual verifiability while not revealing any details about the voter’s identity.

Crucially, robustness and authenticity of votes can be assured through the cryptography of blockchain protocols. With votes tethered to a transaction — such as in Zcoin — votes have the same guarantees as any transaction not to be double spent or manipulated, guaranteed by digital signatures

Overall, a blockchain voting system has the potential to meet the requisite fundamental components of any democratic election process. There are obvious shortcomings in regards to anonymity and eligibility of voters, but advanced and standardized technical implementations such as ZKPs and decentralized identity protocols can help to overcome these shortcomings in the long-run. The current question of blockchain voting is whether or not it’s possible. Eventually, the question should transition to whether or not government authorities are willing to give up control over the process.

What is IPFS?

Read: What is IPFS?

Recent Developments in Blockchain Voting

There has been a spate of recent developments in blockchain experimentation with voting mechanisms, both on large and small scales. Zcoin — mentioned earlier — successfully completed the world’s first large-scale blockchain voting system for Thailand’s Democratic Party primary election.

They successfully reached finality of results within 12 hours with more than 127,000 votes accounted for. Zcoin is now looking into furthering anonymity guarantees with a P2P blockchain voting network by using ZKPs.

Several startups such as Follow My Vote and Voatz are also researching and developing blockchain-based voting solutions. Smaller scale experiments with blockchain voting included a small case with West Virginia during the recent U.S. midterms where 150 citizens voted through a blockchain app.

Other initiatives include Democracy Earth, who has built an open-source framework for blockchain-based governance and voting schemes predicated on various forms of liquid democracy. Their 2016 case study for a digital referendum on Colombia’s Diaspora provides some intriguing insights into the ongoing debate about voting structures and what future developments may look like.

Blockchain voting is an exhaustive topic with an array of material on it that covers everything from democratic ideals to technically employing a protocol for voting in a P2P network. Zcoin’s large-scale test of blockchain voting was the first of its kind, and it was just revealed on November 13th. There is still much research and development work to be performed before blockchain voting systems become viable. Obstacles are naturally going to exist for integrating a novel technology with a fundamental component of democracy, but there is some definite potential to improve upon current models that are clearly underwhelming.

The post Implementing Blockchain for Voting: An Indepth Look at the Technical Issues appeared first on Blockonomi.

What are the Paxos & Raft Consensus Protocols? Complete Beginner’s Guide

Paxos & Raft Consensus Protocols

Paxos and Raft are two well-known consensus protocols that have been around for a long time and remain vital to understanding state machine replication in distributed computer systems. Paxos is actually a family of protocols that rely on a group of differing assumptions depending on the system while Raft is an alternative consensus to Paxos designed to be more understandable.

Comprehending both Paxos and Raft is very helpful in furthering knowledge of how distributed consensus protocols work in cryptocurrencies such as proof of work and practical Byzantine Fault Tolerance.

Paxos & Raft Consensus Protocols

Background on Paxos and Raft

Paxos was initially proposed in 1989 and distinguished itself as a particularly elegant method of proving safety for fault-tolerant distributed consensus. Despite its initial novelty, Paxos is often viewed as challenging to understand due to its broad assumptions and complex behavior.

Raft was developed as a more understandable alternative to Paxos that essentially is equivalent to Paxos in performance and fault-tolerant guarantees. There are extensive resources available on both Paxos and Raft, and they are studied and used broadly in a variety of applications and systems today.

Some of the more well-known practical uses of Paxos are within Google’s NewSQL Database Spanner and the IBM SAN Volume Controller for storage visualization services.

Raft has several open-source reference implementations in multiple languages including Go, Java, C++, and Rust.

What is Paxos?

Consensus in a distributed fault-tolerant system is agreeing on one result among a group of unreliable participants. Paxos is a family of consensus algorithms that make various trade-offs between assumptions about the processors, participants, and messages in a given system. The protocol guarantees safety and is often employed where the durability of large data sets is required.

Asynchronous consensus protocols cannot guarantee both safety and liveness, so they all come with their own inherent trade-offs. Paxos was one of the first distributed fault-tolerant consensus protocols to guarantee safety and attempts to produce liveness by ensuring that a proposed value is eventually selected by the group of participants in a consensus round.

There are three roles in Paxos consensus, known as agents:

  1. Proposers
  2. Acceptors
  3. Learners

The goal of consensus is for a group of participants to come to an agreement on a single value per each round. A round of consensus begins when a proposer sends a proposed value to a group of acceptors. Acceptors may accept the proposed value by a given proposer, and once a certain threshold is met, then that value is approved by the network.

However, for consensus to work correctly, the first condition of Paxos is:

“Acceptors must accept the first proposed value that they receive.”

This leads to the problem of several proposers sending proposed values that are accepted by acceptors, but all of them accept no majority value since they are accepting the first proposed value. Paxos solves this by uniquely indexing each proposed value that an acceptor receives which allows them to accept more than one proposal.

A unique number defines each proposal, and the network selects a value once a specific proposed value is accepted by the majority of acceptors, known as the chosen value. Multiple proposals can be chosen, but it is necessary to validate the safety property by guaranteeing that these proposals all have the same value. As per Leslie Lamport’s definition of the required second condition of Paxos that ensures safety:

“If a proposal with value v is chosen, then every higher-numbered proposal that is chosen has value v.”

Communication in the network is asynchronous, so it is possible that certain acceptors have not received the chosen value, which is fine as long as conditions 1 and 2 are not violated.

Proposers employ certain restrictions as messages to sets of acceptors along with the values. These are called prepare requests and contain 2 primary requests:

  1. Promise never to accept a proposal less than n (n is the new proposal number)
  2. Respond with the proposal with the highest number less than n that the acceptor has accepted.

According to Lamport:

“If the proposer receives the requested responses from a majority of the acceptors, then it can issue a proposal with number n and value v, where v is the value of the highest-numbered proposal among the responses or is any value selected by the proposer if the responders reported no proposals.”

Proposers subsequently send an accept request which is acknowledged by the acceptors. The proposer then sends a commit message to the acceptors who can either ignore (without compromising safety) or indicate the success of the value commit. Once a certain threshold of acceptors has committed the value, then the protocol for that consensus round terminates and externalizes the value.

The intricate design of Paxos is that it can accept values when a majority of nodes agree despite other nodes ignoring or denying a proposed value. This differs from previous iterations of consensus that required all nodes to agree and were subject to blockage of the protocol from the failure of single nodes.

As long as the proposal numbers are unique, Paxos can select a value that guarantees safety. It is important to note that an acceptor only needs to remember the highest numbered proposal it has accepted. Conversely, a proposer can always abandon a proposal as long as it does not reissue a proposal with the same unique number.

Breaking down the roles of the proposer and acceptor in the protocol is as follows:

Proposer

  • Submit proposal n to acceptors along with prepare request, wait for a majority to reply.
  • If the majority of acceptor reply they agree, they will reply with the agreed value. If majority reject, then abandon and restart the process.
  • Proposer subsequently sends a commit message with n and value if the majority accepts.
  • If the majority of acceptors accept the commit message, protocol round completes.

Acceptor

  • Receive proposal and compare it to the highest numbered proposal already agreed to.
  • If n is higher then accept the proposal, if n is lower then reject the proposal.
  • Accept subsequent commit message if its value is the same as a previously accepted proposal and its sequence number is the highest number agreed to.

Proposals can make multiple proposals but need to follow the algorithm for each proposal individually.

Finally, the role of the learners is to discover that a majority of acceptors have accepted a proposal from the proposers. A distinguished learner is selected that propagates the chosen value to the other learners in the network. Variations of this process can be used where either all acceptors inform corresponding learners of their decisions or acceptors respond to a distinct set of learners who then propagate the message to the rest of the learners.

Formally, the Paxos algorithm distinguishes a leader (proposer) for each round that is required to make progress. Acceptors can acknowledge the leadership of a proposer which allows Paxos to be used to select a leader within a cluster of nodes. Paxos may stall if two proposers are competing for the leader position with no agreement on which one is the leader, however. It is unlikely that this state of non-termination will persist though.

What is Raft?

Raft was created as a more understandable version of Paxos with the same fault-tolerance and performance guarantees. Raft also improves on building practical implementations of protocols on top of it. Due to Paxos’ complexity, it is not useful for providing a solid foundation to develop on top of. Raft is similar to Paxos, so comparing the two requires a brief breakdown of how Raft simplifies the Paxos process.

Raft employs a leader and follower model based on the assumption that a cluster of nodes only has one elected leader. The leader manages the log replication across the participating nodes and is replaced once it fails or disconnects.

A leader is also elected when the algorithm begins. To give leader selection some context, it plays a vital role in consensus and is distinguishable in specific algorithms. For instance in Nakamoto Proof of Work, leader selection is achieved through the lottery-like mining process for each round, which is approximately every 10 minutes. In Practical Byzantine Fault Tolerance (pBFT), leader selection is performed through a round-robin style format.

What is Nakamoto Consensus

Read: What is Nakamoto Consensus?

Raft selects the leader through a process initiated by a candidate node. If candidates do not receive communication during a phase known as the election timeout, then they vote for themselves after increasing their term-counter and broadcast it to the other nodes. Candidates become followers of other candidates who have a term number at least as large as theirs, and this ripple effect continues among the nodes until one candidate receives a majority of followers.

The leader controls log replication among the nodes where it sends the client request commands to its followers. If a majority of followers confirm replication, then the request is committed. Followers also apply the commits to their local state machines.

Raft retains fault-tolerance from nodes subject to failure or a leader failure by having a new leader force its followers to duplicate its own logs. Any entries that do not agree with each other are deleted, maintaining consistency of log replication.

Leader candidates are required to have a more up-to-date log than follower logs. If a candidate’s log is less up-to-date than a potential follower (a voter in this context), then the candidate is rejected.

Overall, Raft deconstructs consensus into 3 individual sub-problems:

  1. Leader Election
  2. Log Replication
  3. Safety

The consensus protocol uses a strong leader, meaning that the leader node in Raft exerts substantial influence on the process while remaining restricted by the confines of the protocol. As a result, Raft is more straightforward in design than Paxos.

Conclusion

Paxos and Raft are important consensus protocols that are core components of the larger distributed fault-tolerance ecosystem. While not directly employed in cryptocurrencies, the consensus protocols used in cryptocurrency networks derive many of their characteristic assumptions from the design of both Paxos and Raft.

The post What are the Paxos & Raft Consensus Protocols? Complete Beginner’s Guide appeared first on Blockonomi.

Broadcasting Bitcoin Transactions with Radio Transmissions & TxTenna

Bitcoin Radio Transmissions

The concept of broadcasting Bitcoin transactions over radio transmissions has been around for several years. In 2017, the notion was expanded on in a proposal by crypto pioneer Nick Szabo and Elaine Ou detailing the benefits that radio transmissions using shortwave frequencies could have on Bitcoin’s network resilience.

Recently, TxTenna launched, enabling offline Bitcoin transactions through a collaboration of GoTenna — the radio mesh network communication company — and Samourai Wallet, the privacy and security-focused Bitcoin wallet.

Mainstream media understanding of Bitcoin is still underwhelming, so it is not surprising that offline Bitcoin transaction capabilities have flown under the radar. However, they represent an intriguing and compelling opportunity for off-grid broadcasts of signed Bitcoin transactions. Essentially, Bitcoin’s network infrastructure does not need to be in place for nodes to interact. The future implications of this are considerable and can have a particularly positive effect in disaster areas and political regimes where censorship is ubiquitous.

Bitcoin Radio Transmissions

Understanding How Weak-Signal Radio Communications for Bitcoin Work

Szabo and Ou’s proposal outlines weak-signal high-frequency radio waves as a mechanism to increase the multi-homing of the Bitcoin network. By increasing the diversity of node connections, the network can become much more resilient, which enables a more isotropic (i.e., trust-minimized) network.

The direct goals of such a model are to reduce potential modification problems associated with mesh relays, enable censorship-resistant participation (The Great Firewall of China does not stop radio broadcasts), allow participation of SPV nodes without Internet connections, and provide the ability to select a more diverse access structure set.

TxTenna employs Ultra High-Frequency (UHF) radio waves as part of GoTenna’s already established UHF radio mesh network that was originally designed for communication in remote or disaster areas. UHF radio waves are primarily propagated through line-of-sight, meaning they are blocked by mountains, large hills, buildings, and other significant obstacles. However, they are commonly used in television broadcasts, walkie-talkies, and GPS. They are typically used for local region communication as they have a shorter range than other available methods.

UHF radio broadcasts from GoTenna devices work in a P2P mesh network where a node sends out a signal looking for other nodes nearby with the intention of finding the intended recipient. If the recipient is not directly found, the node sends out a burst broadcast within its range (~ 0.5 – 4 miles) to find other nodes. Nodes use the network’s routing protocol to determine the optimal route to reach the intended recipient and then remember the defined path between the two communicants.

TxTenna utilizes the same functionality of GoTenna’s mesh network with a slight optimization. The GoTenna device connects to the Samourai Wallet, and then sends a UHF radio signal looking for peers. However, the transmission is searching for an Internet-connected GoTenna device rather than an intended recipient through the UHF radio mesh network. Transactions can be broadcast directly from the Samourai Wallet app which then hops between GoTenna devices until the broadcast finds one that is connected to the Internet.

The initial transaction — broadcast from a device not connected to the Internet and through UHF radio wave to the GoTenna mesh network — is subsequently confirmed on the Bitcoin blockchain by the online TxTenna (GoTenna) user that automatically broadcasts the transaction to the regular (Internet-connected) Bitcoin network. A private confirmation message is then relayed back to the original TxTenna transaction sender. Essentially, a user can send a Bitcoin transaction without being connected to the Internet.

Samourai Wallet is also one of the most privacy-conscious Bitcoin wallets out there, implementing advanced schemes such as Stonewall, Richochet, and PayNyms to augment user privacy and security.

Bitcoin Privacy

Read: Stonewall & Samourai Wallet: Enhancing Bitcoin’s Privacy

GoTenna devices are widespread too. There are more than 100k GoTenna devices sold, and their mesh network nodes are sprawling in diverse locations across the U.S. and Europe. Eventually, the proliferation of UHF radio off-grid Bitcoin transactions could become common, increasing the capacity of the mesh network and feasibility for regular users to send transactions through such a medium.

Benefits and Future Potential of Off-Grid Bitcoin Transactions

The direct benefits of UHF off-grid Bitcoin transactions — such as with TxTenna — are straightforward and promising. Restrictive ISPs and mobile carriers can be subverted, multiple hops through TxTenna devices obfuscate your physical location and SIM identifiers, and air-gapped Bitcoin broadcasts are enabled. Moreover, data packets sent through a mesh network are not retained by relayers, only the intended recipient.

The repealing of net neutrality by the U.S. Federal Communications Commission earlier this year has also led to a surge in interest around mesh networks and radio broadcast technologies. Where services like TxTenna can really make a substantial impact — even now — is in oppressive regimes where censorship resistance is widespread and severe.

For instance, users of TxTenna in China could broadcast transactions through a TxTenna/GoTenna mesh network device without connecting to the Internet, substantially improving their privacy by subverting the Great Firewall of China (GFC). The potential of the GFC under China’s government to deanonymize users of Bitcoin was explicitly outlined in a recent report produced by a collaborative effort of Princeton and FIU.

Off-grid Bitcoin transactions also have enormous potential for disaster-stricken areas, as recently seen in Puerto Rico with Hurricane Maria. Minimal access to the Internet effectively removes any notion of online banking and flexibly exchanging value. Sending Bitcoin transactions through UHF radio frequency — where TxTenna nodes could even be set up in an emergency relief response — has the potential to allow natural disaster victims to receive funding from family members abroad or charitable donations without needing the requisite network infrastructure.

Puerto Rico Crypto

Read: Puerto Rico Sol: Cryptocurrency Utopia or Pipe Dream?

Technologies that increase Bitcoin’s network resilience are not just relegated to UHF radio mesh networks either. Blockstream has been researching and developing a satellite network for broadcasting the Bitcoin blockchain worldwide 24/7 for the opportunity for everyone in the world to use Bitcoin and assist in overall network protection and resiliency. Blockstream Satellite reduces Bitcoin’s dependence on the Internet, lowering barriers to entry and further increasing multi-homing of the network.

Notably, Samourai Wallet, TxTenna, and Blockstream Satellite are all open-source projects.

As Bitcoin continues to develop, enhanced privacy features are emerging left and right. TxTenna and UHF radio wave off-grid transactions are assuredly a much different approach than protocol enhancements but nonetheless, are vital improvements. The infrastructure for functional mesh networks (i.e., sufficient UHF nodes) is relatively only available in several developed areas in the world like the U.S. and Europe, currently. However, the potential for that to change rapidly is real. A growing multi-homing Bitcoin network as outlined by Szabo and Ou offers a dynamic view of the future potential of Bitcoin’s resilience and perhaps a glimpse into its future network topology.

The post Broadcasting Bitcoin Transactions with Radio Transmissions & TxTenna appeared first on Blockonomi.

Stonewall & Samourai Wallet: Enhancing Bitcoin’s Privacy

Bitcoin Privacy

Privacy is a continuously evolving struggle that is aptly demonstrated by Bitcoin’s consistent improvement proposals and innovative techniques for providing users with enhanced privacy. Stonewall is a clustering analysis protection concept initially proposed by privacy-focused Samourai Wallet back in May.

Mapping user addresses through transaction clustering is challenging but possible with many emerging blockchain forensic companies such as Chainalysis. Stonewall makes the task of linking transaction inputs to outputs in Bitcoin much more difficult by making transactions seem like a CoinJoin transaction when in reality, they’re not.

Bitcoin Privacy

Features such as Stonewall are not as significant privacy protections as zero-knowledge proofs or confidential transactions. However, they represent a growing initiative by wallet teams to provide complementary and default privacy features that were previously not readily available to more mainstream users without technical backgrounds.

Background on Samourai Wallet and CoinJoin

Samourai Wallet emerged as a non-custodial wallet service emphasizing user privacy and security. The wallet integrates numerous advanced privacy features including Stonewall, PayNyms, and Tor + VPN support. Privacy-oriented wallets are increasingly in demand — especially for Bitcoin — following revelations among more mainstream users about specific deanonymizing techniques that are possible.

There have been several publications focusing on forensic techniques for mapping Bitcoin user IP addresses and linking transaction inputs and outputs that can be used to identify transaction flows of users. The proliferation of blockchain forensics companies such as Chainalysis and CipherTrace has led to further progression in the field. Luckily, several innovative privacy protection methods have been developed in response to growing threats to Bitcoin user privacy.

Samourai Wallet

From network level protections such as the Dandelion Protocol to coin mixing concepts like CoinJoin, Bitcoin is addressing privacy, security, and fungibility concerns head-on.

CoinJoin was initially proposed by Greg Maxwell and is a relatively well-established technique in the cryptocurrency field for mixing transactions. The basic application of CoinJoin is:

“When you want to make a payment, find someone else who also wants to make a payment and make a joint payment together.”

There are several variations of CoinJoin, some more complex and others more straightforward. Signatures within a Bitcoin transaction are entirely independent of each other, meaning that users can agree on a set of inputs to spend and a set of outputs to pay to and subsequently merge signatures after separately signing a transaction. Once all signatures are provided, the transaction is validated, effectively muddling the origin of inputs and outputs in a transaction.

Many of the initial services using CoinJoin had centralized services, a security hole. These services would be where users negotiated transactions they wished to join. Further, CoinJoin transactions are not very efficient.

The looming implementation of Schnorr signatures can have a net positive effect on CoinJoin transactions, however. Schnorr signatures would allow for much more efficient CoinJoin transactions, meaning smaller size transactions and lower fees by enabling users to combine transactions and signatures into one. Moreover, wallets could potentially seek to integrate CoinJoin as a primary feature after Schnorr signatures are integrated with Bitcoin, increasing privacy for everyone. The more users of CoinJoin in Bitcoin, the greater the net privacy effects for all users in the network, even those not using the service.

Stonewall

Stonewall is intriguing because it does not actually use CoinJoin, it only seems like it does. However, two wallet Stonewall in Samourai will contain real CoinJoin transactions between two interacting parties who trust each other.

Stonewall transactions produce higher entropy than standard Bitcoin transactions which subsequently make chain analysis more expensive for automated analysis and challenging for a human to analyze a transaction graph. Stonewall is not as strong of a privacy feature as other techniques such as Confidential Transactions (CTs), but it is important for reducing the information available for blockchain forensics and making chain analysis rely more on probability assumptions.

Stonewall transactions are made to look like people are combining their transactions into one by adding an arbitrary number of inputs and outputs to a regular Bitcoin transaction. To an outside observer, the transaction would look like a CoinJoin one, making it challenging and less effective to rely on standard blockchain analysis assumptions about the transaction.

Stonewall transactions are designed to achieve a Boltzmann score of more than zero. Boltzmann is a script that returns the entropy of a transaction by providing a metric for the linkability of inputs and outputs using blockchain analysis mapping techniques. Stonewall was designed to replace BIP126 in the original Samourai Wallet implementation after shortcomings that could lead to less entropy in transactions were discovered.

Overall, Stonewall assists in polluting the blockchain analysis process as a default feature of the Samourai Wallet. Stonewall does not occur for every transaction necessarily, but it is also more frequent than the initial BIP126 implemented by Samourai.

Understanding how to stay ahead of cutting-edge analysis techniques requires constantly evolving how transactions are manipulated. Stonewall is a useful tool for enhancing user privacy and subsequent fungibility in Bitcoin but augmenting Stonewall and adapting to the shifting privacy landscape will continue to be necessary.

Advancing Bitcoin’s Privacy

There have been several advances in Bitcoin’s privacy over the course of the last year with some important innovations still in development or on the horizon. Privacy is a constant battle, and with Bitcoin’s established dominance in the industry, it will continue to be a target for deanonymizing users.

Privacy in Bitcoin is not only important as a matter of ideological preference between users. Fungibility is a vital concept to its sustainability and maintaining adequate privacy from chain analysis is necessary to achieve that fungibility. The Lightning Network adds a layer of user privacy between two transacting parties off-chain, but on-chain transactions require continual obfuscation from both blockchain and network level transaction mapping.

Network privacy technologies such as Tor and VPN work well but still have their deficiencies. Dandelion offers another network level privacy protection, but techniques for unmasking users and identifying “dirty” bitcoins will continue to adapt to these new privacy solutions.

Advances in cryptographic obfuscation techniques such as confidential transactions (CTs) and zero-knowledge proofs show significant potential. CTs are already implemented in the recently launched Liquid from Blockstream, and it will be interesting to watch how the development of zero-knowledge proofs and optimizations like bulletproofs continue to progress in the broader industry.

Privacy-oriented wallets like Samourai offer some unique advantages over other Bitcoin wallets. Clever privacy integrations such as Richochet help to increase fungibility by introducing additional transaction hops, and Samourai’s work as part of TxTenna will allow for offline UHF radio wave transactions utilizing the GoTenna mesh network.

Bitcoin’s privacy is a topic that will persist as paramount to the success and sustainability of the legacy cryptocurrency. Methods for unmasking users, tracking transactions inputs and outputs, and mapping transaction messages across the network will continue to progress. However, the Bitcoin community has shown a determined resilience to mitigating these efforts by building some fascinating and clever solutions that give users the privacy they seek.

The post Stonewall & Samourai Wallet: Enhancing Bitcoin’s Privacy appeared first on Blockonomi.

What is The Stellar Consensus Protocol? Complete Beginner’s Guide

Stellar Consensus Protocol

The Stellar Consensus Protocol (SCP) is the underlying consensus algorithm of the Stellar Network that functions as a provably safe construction of Federated Byzantine Agreement (FBA). Stellar’s network implements many similar mechanisms for distributed fault tolerance across a financial network as other cryptocurrencies with some distinct variations.

Stellar Consensus Protocol

The SCP is derived from the concept of Byzantine Agreements (BA) and tailored towards a decentralized and permissionless network using quorums and quorum slices. Understanding the SCP requires a brief history of BAs and how they compare to FBAs followed by a description of quorums and quorum slices, the federated voting model, and finally the commit/abort ballot system of the SCP protocol itself.

Byzantine Agreements and Federated Byzantine Agreements

Byzantine Agreement is Byzantine fault tolerance of distributed computing systems that enable them to come to consensus despite arbitrary behavior from a fraction of the nodes in the network. BA consensus makes no assumptions about the behavior of nodes in the system. Practical Byzantine Fault Tolerance (pBFT) is the prototypical model for Byzantine agreement, and it can reach consensus fast and efficiently while concurrently decoupling consensus from resources (i.e., financial stake in PoS or electricity in PoW).

Practical Byzantine Fault Tolerance

Read: What is Practical Byzantine Fault Tolerance?

However, BA (pBFT) does not scale well and requires a large communication overhead between all the participating nodes. Further, the system needs unanimous agreement on membership of the network to mitigate Sybil attacks.

Federated Byzantine Agreement was introduced by the SCP white paper and explicitly addresses the limitations of BA by fostering a consensus protocol that guarantees the following:

  • Decentralized Control
  • Flexible Trust
  • Low Latency
  • Asymptotic Security

One of the primary consequences of FBA compared to BA is that an FBA system is open to nodes joining in a permissionless setting rather than through a closed (permissioned) membership list.

FBA comes to agreement on state updates using a unique slot where update dependencies between nodes are inferred. Nodes must agree on the slot update in each round of consensus. However, since the system is open to nodes joining and leaving the network at will, a majority-based quorum consensus mechanism will not work. Instead, the FBA in the SCP employs quorum slices that are subsets of quorums that are capable of convincing particular nodes of an agreement.

According to the Stellar blog:

“The key difference between a Byzantine agreement system and a federated Byzantine agreement system (FBAS) is that in FBA each node chooses its own quorum slices.”

Quorums and quorum slices will be discussed in more detail below, but the major takeaway here is that individual nodes can independently decide which other nodes (participants) they trust for information. Therefore, SCP is the first BA protocol to give each participant maximum freedom in selecting whom to trust.

Quorums and Quorum Slices

A quorum is defined as a set of nodes needed to reach an agreement in a distributed system. When nodes attempt to reach an agreement, they communicate with each other (under the assumption no messages are forged — cryptography comes in here) and concur that an update on the state is valid once a specific threshold of nodes in agreement is met.

Quorum slices are the subsets of a quorum that are capable of convincing particular nodes of an agreement, meaning that a node can rely on multiple sets of nodes asserting statements. A node can depend on numerous slices for information, and this trust can be based on information from outside of the system. Notably, trust is set up within the node’s config file, allowing for the dynamic formation of quorum slices and subsequent decentralization.

As an example:

Node A can determine that it does not trust banks, resulting in the need for another quorum slice that Node A trusts to come to an agreement with banks. Once an agreement is reached, a quorum is formed. The graphic below is excellent for better understanding this example. Node 7 (and 8) would represent Node A that does not trust banks.

Image Credit – David Mazieres Presentation at Google

Traditional BA requires that all nodes accept the same slices, rather than discerning sources of trusted information for themselves. As such, there is no way to distinguish slices and quorums, requiring a closed and permissioned member access to the network.

The FBA model relies on individual nodes to choose their own sets of quorum slices, effectively enabling the organic and more decentralized formation of quorums that rely on individual decisions, hence the name “federated.” In discussing safety and liveness in the FBA protocol, we need to evaluate quorum intersection and disjoint quorums.

According to the SCP white paper:

“A protocol can guarantee agreement only if the quorum slices represented by function Q satisfy a validity property we call quorum intersection.”

Quorums intersect if they share a node. Good quorums share nodes and lead to overlapping quorums. Nodes are responsible for ensuring that their selection of quorum slices do not violate quorum intersection and typically requires that nodes select slices that are conservative and lead to large quorums.

When quorums do not intersect, they are known as disjoint quorums. Disjoint quorums are bad quorums that can lead to contradictory statements that undermine consensus. To ensure a proper slice selection process, nodes need to balance safety and liveness.

Nodes lack safety when they externalize values that contradict other nodes. Nodes lack liveness when they are blocked on the way to agreement. The Federated Voting model plays a critical role in the nodes coming to agreement on a statement.

Federated Voting

Federated Voting is the method by which the SCP agree on statements made by participants. Overall, there are two sets of messages exchanged between nodes, and the two message rounds can be subdivided into agreement states of unknown, accepted, and confirmed. Notably, voting in a federated environment must accommodate open membership, which makes the process more complicated than a closed system.

The federated voting process consists of 4 phases:

  1. Initial Voting
  2. Acceptance
  3. Ratification
  4. Confirmation

Initial voting is where nodes vote for a specific statement that they assert is valid and that they will not vote for contradictory statements. However, this still leaves open the possibility for the node to change its vote if enough of the other participating nodes — that a node trusts — vote for another valid message. Votes in this stage are technically preliminary votes.

Acceptance is the stage where a node accepts a statement based on whether or not that specific node has accepted a contradictory statement or a v-blocking set of nodes that are in quorum slices with that node (quorum intersection) accept a statement. If the node has not accepted a contradictory statement or a v-blocking set of nodes vote to accept a statement, then the statement is accepted by the node.

Ratification is where all members of a quorum vote to accept a statement. If they do, then the statement is ratified by the nodes. Going back to the Node A that does not trust banks, if the nodes that Node A shares a quorum slice with in addition to other nodes that it trusts vote to accept a statement, then it is ratified by Node A.

Confirmation is system-wide agreement on a statement. The system agrees on a particular statement once a sufficient threshold of messages is processed across the network. Nodes propagate acceptance messages across the network from nodes within their quorum. These messages can influence other nodes to accept the message even if they had accepted a different initial message. Finally, a round of confirmation messages is broadcast to confirm the message, concluding the round of voting.

The voting mechanism is complicated, but Stellar offers some excellent resources on how to map it out more effectively. They provide a “Galactic Consensus” graphic for a broader overview as well as a useful blog post using the Lunchtime Example. For a technical deep dive, you can read the Federated Voting section of the SCP Paper.

The Stellar Consensus Protocol

The SCP is the implementation of the Federated Byzantine Agreement Protocol designed to minimize the instances of blocked agreement and to neutralize them through a ballot system. The SCP protocol is comprised of 2 primary sub-protocols, the nomination protocol, and the ballot protocol.

For each consensus slot, the nomination protocol produces candidate values. Eventually, every node can deterministically generate a convergence value for each slot. However, they cannot know when the convergence occurs, and malicious nodes may be able to reset the nomination process.

The ballot protocol is executed once nodes agree that the nomination protocol has converged. In the ballot protocol, a ballot is tied to the candidate value, and a node must commit or abort the value tied to that ballot. To avoid agreement blocking, nodes can abort certain votes and move on to another. Conversely, nodes can vote to commit a ballot, which externalizes the value associated with that ballot to the consensus slot.

At a high-level, the way in which the SCP treats each slot independently is similar to single-slot consensus in Paxos, just with many separate instances.

There are no blocked states in the SCP with quorum intersection. Befouled nodes — nodes which rely heavily on bad nodes — can even be bypassed through a dispensible set mechanism where good nodes can ratify statements without the cooperation of befouled nodes. Befouled nodes also cannot undermine the consensus.

Both the nomination protocol and ballot protocol contain some highly complex details for specific scenarios such as split votes. These details are available in the SCP paper as well.

One of the limitations of the SCP is that it can only guarantee safety if nodes choose adequate quorum slices. Additionally, security issues in federated systems such as widely trusted nodes leveraging their positions for unethical advantages is a possibility. For instance, if banks are relied on by a vast swathe of nodes, then they may have an information advantage not available to other nodes in the network.

Conclusion

Overall, the SCP is the first provably safe consensus protocol that can provide decentralized control, low latency, flexible trust, and asymptotic security. Different forms of consensus all come with their trade-offs, but the SCP maintains a high level of effectiveness for quickly coming to a consensus in a distributed, permissionless network without sacrificing safety.

The post What is The Stellar Consensus Protocol? Complete Beginner’s Guide appeared first on Blockonomi.

How Formal Verification Can Reduce Bugs & Vulnerabilities in Smart Contracts

Formal Verification in Smart Contracts

The formal verification of smart contracts is an emerging trend in the cryptocurrency space focused on reducing the instances of bugs and vulnerabilities of smart contracts that have led to numerous high-profile hacks and endemic security concerns.

Formal verification has a wide variety of applications in regards to hardware and software systems. It has become exceedingly important as the complexity of systems increases, particularly with hardware. In blockchain networks, the litany of smart contract vulnerabilities and exploits have led to a need for improved smart contract programming and auditing.

Formal Verification in Smart Contracts

Background on Formal Verification

Formal verification uses formal methods to check whether or not a design of a hardware or software system meets a specific set of properties. Formal methods are a particular type of mathematical technique for the specification, development, and verification of both hardware and software systems. Using formal methods to prove or disprove the correctness of intended algorithms is known as formal verification.

Martin Davis is credited with developing the first computer-generated mathematical proof back in 1954. The concept started gaining traction in the 1960s for verifying the correctness of computer programs in early languages such as Pascal and Java. Following some high-profile computer bugs, such as the Pentium FDIV Bug in 1994, the sentiment that formal verification needed to be ubiquitous started snowballing.

Testing a software or hardware system can be broken down into two general phases:

  1. Validation
  2. Verification

Validation is determining whether the product meets the user’s needs.

Verification is testing whether or not the product conforms to the specifications.

Verification consists of producing an abstract mathematical model that correlates to the design specifications of the product (i.e., algorithm, hardware chip) while the formal methods used to generate the model mainly stem from theoretical computer science fundamentals.

The use of formal verification has become extremely important in hardware systems, where it is used by almost every major hardware manufacturer to ensure the robustness of their products. However, its use is not nearly as prevalent in software as it is in hardware, which is mainly attributed to the commercial nature of hardware manufacturing.

However, that dynamic is beginning to change with the advent of blockchains and cryptocurrencies where considerable transfers of value are autonomously executed across a decentralized network. With more value at stake than traditional systems, the correctness of smart contracts has become a pressing concern.

A brief history of smart contract exploits is all it takes to understand the consequences of simple vulnerabilities in contract code.

Why Use It For Smart Contracts?

According to a recent study performed on nearly 1 million Ethereum smart contracts, 34,200 of them were flagged as vulnerable, in 10 seconds per contract. That staggering number was reached by analyzing trace vulnerabilities of smart contracts including:

  • Finding contracts that lock funds indefinitely
  • Contracts that leak funds carelessly to arbitrary users
  • Contracts that can be killed by anyone

Along with the general logical complexity and novelty associated with programming smart contracts for blockchains, their immutable nature — once they’re committed to the blockchain — makes vulnerabilities potentially much more damaging.

Brian Marick and Daejun Park provide an excellent analysis of smart contract vulnerabilities and how formal verification can help mitigate their instances. Essentially, there are typically two ways that a developer can fail to get what they want from a smart contract.

  1. Misunderstood intent
  2. Making a mistake when implementing that intent

Many of these standard errors can lead to enormous sums of locked up funds like with the Parity wallet or with Ethereum’s recursive send exploit in the DAO incident. Formal verification is used as a way of mathematically confirming that specific vulnerabilities will not lead to damaging exploit vectors.

A formal specification is used as the precise output or result that a smart contract is looking for, which a computer can check. Verification subsequently takes place once the contract compiles to the bytecode and the formal verification proves that the compiled bytecode implements the specification. However, manually performing formal verifications is an arduous process and sometimes comes with its own mistakes. Even verifying formal proof results can come with its nuances.

Tools like the Coq Proof Assistant have been developed to help facilitate the mechanized proofs about the properties of programs and is currently used by several emerging cryptocurrencies with the languages they use embedded into Coq.

While smart contract auditing provides a much-needed layer of assurance through code reviews, formal verification of smart contracts can help to reduce instances of vulnerabilities through mathematical analysis further. With smart contracts becoming more prevalent, it seems natural that the application of formal verification will become more widespread in the industry.

Current Applications of Formal Verification

Several platforms are either integrating formal verification already or plan on doing so soon. Evaluating the safety and security of smart contracts that operate within these platforms will be vital to gauging their effectiveness in stemming critical vulnerabilities.

Zilliqa

Zilliqa is a high-throughput blockchain designed to host scalable and secure decentralized applications (dapps). Several of the technical developers behind Zilliqa were authors of the earlier study that uncovered the thousands of smart contract weaknesses.

Zilliqa

Zilliqa uses a new programming language called Scilla, designed by members of the Zilliqa team and some other affiliates. Scilla is an intermediate-level language that is embedded in the Coq Proof Assistant. It is intended to be a translation target for higher-level languages for performing analysis and verification before contracts are compiled to bytecode.

Tezos

Tezos is written in OCaml and its smart contract language is Michelson, based on OCaml. OCaml was selected because of its functional programming offerings of speed, unambiguous syntax and semantics, and capabilities for implementing formal proofs. Tezos also uses the Coq Proof Assistant for facilitating formal verification of smart contracts.

Tezos Guide

Arthur Breitman — the Tezos co-founder — posted details regarding the verification of some Michelson contracts in Coq, including a multi-sig contract on their testnet last year. Tezos recently launched, so its application of formal verification should provide an excellent gauge for the state of improved security of smart contracts using the method. Whether or not exploits that have plagued Solidity contracts will play out in Tezos will take some time to unfold but evaluating how secure smart contracts become on Tezos could be very indicative of a continuing trend.

Cardano

Cardano is written in Haskell and its smart contract language is Plutus, which is based on Haskell.

Cardano Guide

Cardano is designed with a Cardano Computation Layer (CCL) that consists of 2 layers:

  1. A formally specified virtual machine and language framework
  2. Formally specified languages that facilitate verification of smart contract code

The goal is to create an environment that streamlines the process of guaranteeing that a contract functions as designed without catastrophic vulnerabilities. Notably, Cardano does not use a bounded stack design like Ethereum’s EVM, so not worrying about stack arithmetic flow allows it to formally verify smart contracts much easier.

Ethereum

Ethereum has been researching the incorporation of formal verification for quite some time, with several projects investigating its potential. One such publication, “Making Smart Contracts Smarter,” focuses on smart contract bugs and suggests ways to mitigate them, including improving the operational semantics of Ethereum to foster formal verification.

Ethereum Guide

Gas limits in Ethereum make it challenging to implement formal verification. Further, the only way to know the meaning of a Solidity program is to compile it into bytecode. The compiler changes rapidly, so verification tools would need to adjust to the rate of change as well. Considering Ethereum’s established network and history, formal verification of smart contracts in Ethereum would ostensibly provide the best gauge for their effectiveness in mitigating vulnerabilities were formal verification to become widely used in the network.

Conclusion

Formal verification is a highly complex and arduous task. Despite this, it has become a universal standard in the hardware industry and is likely to continue gaining momentum in the software space. Blockchains and cryptocurrency networks — where high-value transfers are common — will assuredly accelerate this effect. Measuring the positive impact of formal verification of smart contracts will likely take several years to unfold as we are only seeing the beginnings of what should become a much broader trend in the industry.

The post How Formal Verification Can Reduce Bugs & Vulnerabilities in Smart Contracts appeared first on Blockonomi.

How Formal Verification Can Reduce Bugs & Vulnerabilities in Smart Contracts

Formal Verification in Smart Contracts

The formal verification of smart contracts is an emerging trend in the cryptocurrency space focused on reducing the instances of bugs and vulnerabilities of smart contracts that have led to numerous high-profile hacks and endemic security concerns.

Formal verification has a wide variety of applications in regards to hardware and software systems. It has become exceedingly important as the complexity of systems increases, particularly with hardware. In blockchain networks, the litany of smart contract vulnerabilities and exploits have led to a need for improved smart contract programming and auditing.

Formal Verification in Smart Contracts

Background on Formal Verification

Formal verification uses formal methods to check whether or not a design of a hardware or software system meets a specific set of properties. Formal methods are a particular type of mathematical technique for the specification, development, and verification of both hardware and software systems. Using formal methods to prove or disprove the correctness of intended algorithms is known as formal verification.

Martin Davis is credited with developing the first computer-generated mathematical proof back in 1954. The concept started gaining traction in the 1960s for verifying the correctness of computer programs in early languages such as Pascal and Java. Following some high-profile computer bugs, such as the Pentium FDIV Bug in 1994, the sentiment that formal verification needed to be ubiquitous started snowballing.

Testing a software or hardware system can be broken down into two general phases:

  1. Validation
  2. Verification

Validation is determining whether the product meets the user’s needs.

Verification is testing whether or not the product conforms to the specifications.

Verification consists of producing an abstract mathematical model that correlates to the design specifications of the product (i.e., algorithm, hardware chip) while the formal methods used to generate the model mainly stem from theoretical computer science fundamentals.

The use of formal verification has become extremely important in hardware systems, where it is used by almost every major hardware manufacturer to ensure the robustness of their products. However, its use is not nearly as prevalent in software as it is in hardware, which is mainly attributed to the commercial nature of hardware manufacturing.

However, that dynamic is beginning to change with the advent of blockchains and cryptocurrencies where considerable transfers of value are autonomously executed across a decentralized network. With more value at stake than traditional systems, the correctness of smart contracts has become a pressing concern.

A brief history of smart contract exploits is all it takes to understand the consequences of simple vulnerabilities in contract code.

Why Use It For Smart Contracts?

According to a recent study performed on nearly 1 million Ethereum smart contracts, 34,200 of them were flagged as vulnerable, in 10 seconds per contract. That staggering number was reached by analyzing trace vulnerabilities of smart contracts including:

  • Finding contracts that lock funds indefinitely
  • Contracts that leak funds carelessly to arbitrary users
  • Contracts that can be killed by anyone

Along with the general logical complexity and novelty associated with programming smart contracts for blockchains, their immutable nature — once they’re committed to the blockchain — makes vulnerabilities potentially much more damaging.

Brian Marick and Daejun Park provide an excellent analysis of smart contract vulnerabilities and how formal verification can help mitigate their instances. Essentially, there are typically two ways that a developer can fail to get what they want from a smart contract.

  1. Misunderstood intent
  2. Making a mistake when implementing that intent

Many of these standard errors can lead to enormous sums of locked up funds like with the Parity wallet or with Ethereum’s recursive send exploit in the DAO incident. Formal verification is used as a way of mathematically confirming that specific vulnerabilities will not lead to damaging exploit vectors.

A formal specification is used as the precise output or result that a smart contract is looking for, which a computer can check. Verification subsequently takes place once the contract compiles to the bytecode and the formal verification proves that the compiled bytecode implements the specification. However, manually performing formal verifications is an arduous process and sometimes comes with its own mistakes. Even verifying formal proof results can come with its nuances.

Tools like the Coq Proof Assistant have been developed to help facilitate the mechanized proofs about the properties of programs and is currently used by several emerging cryptocurrencies with the languages they use embedded into Coq.

While smart contract auditing provides a much-needed layer of assurance through code reviews, formal verification of smart contracts can help to reduce instances of vulnerabilities through mathematical analysis further. With smart contracts becoming more prevalent, it seems natural that the application of formal verification will become more widespread in the industry.

Current Applications of Formal Verification

Several platforms are either integrating formal verification already or plan on doing so soon. Evaluating the safety and security of smart contracts that operate within these platforms will be vital to gauging their effectiveness in stemming critical vulnerabilities.

Zilliqa

Zilliqa is a high-throughput blockchain designed to host scalable and secure decentralized applications (dapps). Several of the technical developers behind Zilliqa were authors of the earlier study that uncovered the thousands of smart contract weaknesses.

Zilliqa

Zilliqa uses a new programming language called Scilla, designed by members of the Zilliqa team and some other affiliates. Scilla is an intermediate-level language that is embedded in the Coq Proof Assistant. It is intended to be a translation target for higher-level languages for performing analysis and verification before contracts are compiled to bytecode.

Tezos

Tezos is written in OCaml and its smart contract language is Michelson, based on OCaml. OCaml was selected because of its functional programming offerings of speed, unambiguous syntax and semantics, and capabilities for implementing formal proofs. Tezos also uses the Coq Proof Assistant for facilitating formal verification of smart contracts.

Tezos Guide

Arthur Breitman — the Tezos co-founder — posted details regarding the verification of some Michelson contracts in Coq, including a multi-sig contract on their testnet last year. Tezos recently launched, so its application of formal verification should provide an excellent gauge for the state of improved security of smart contracts using the method. Whether or not exploits that have plagued Solidity contracts will play out in Tezos will take some time to unfold but evaluating how secure smart contracts become on Tezos could be very indicative of a continuing trend.

Cardano

Cardano is written in Haskell and its smart contract language is Plutus, which is based on Haskell.

Cardano Guide

Cardano is designed with a Cardano Computation Layer (CCL) that consists of 2 layers:

  1. A formally specified virtual machine and language framework
  2. Formally specified languages that facilitate verification of smart contract code

The goal is to create an environment that streamlines the process of guaranteeing that a contract functions as designed without catastrophic vulnerabilities. Notably, Cardano does not use a bounded stack design like Ethereum’s EVM, so not worrying about stack arithmetic flow allows it to formally verify smart contracts much easier.

Ethereum

Ethereum has been researching the incorporation of formal verification for quite some time, with several projects investigating its potential. One such publication, “Making Smart Contracts Smarter,” focuses on smart contract bugs and suggests ways to mitigate them, including improving the operational semantics of Ethereum to foster formal verification.

Ethereum Guide

Gas limits in Ethereum make it challenging to implement formal verification. Further, the only way to know the meaning of a Solidity program is to compile it into bytecode. The compiler changes rapidly, so verification tools would need to adjust to the rate of change as well. Considering Ethereum’s established network and history, formal verification of smart contracts in Ethereum would ostensibly provide the best gauge for their effectiveness in mitigating vulnerabilities were formal verification to become widely used in the network.

Conclusion

Formal verification is a highly complex and arduous task. Despite this, it has become a universal standard in the hardware industry and is likely to continue gaining momentum in the software space. Blockchains and cryptocurrency networks — where high-value transfers are common — will assuredly accelerate this effect. Measuring the positive impact of formal verification of smart contracts will likely take several years to unfold as we are only seeing the beginnings of what should become a much broader trend in the industry.

The post How Formal Verification Can Reduce Bugs & Vulnerabilities in Smart Contracts appeared first on Blockonomi.

What are Grin and MimbleWimble? Complete Beginner’s Guide

What are Grin and MimbleWimble

Grin is an upcoming cryptocurrency project focused on privacy, scalability, and fungibility that is built by implementing a MimbleWimble blockchain with some various optimizations. MimbleWimble is a fascinating stripped down blockchain protocol proposed by Tom Elvis Jedusor in July 2016 and has gained traction among many Bitcoin and privacy proponents.

Grin is an open-source project that offers a refreshing list of things that it will not do, many of which are contrary to the ongoing developments in the cryptocurrency market. To understand Grin and how it works, it is vital to first understand MimbleWimble and its advantages.

What are Grin and MimbleWimble

What is MimbleWimble?

Initially proposed in 2016 by Tom Elvis Jedusor and subsequently revised by Adam Poelstra a few months later, MimbleWimble is a blockchain protocol that mixes several innovative technologies to radically change how transactions are constructed in Bitcoin and reduce the size of the blockchain.

MimbleWimble primarily addresses two areas:

  1. Privacy
  2. Scalability

As a result of its inherent privacy, MimbleWimble (and subsequently Grin) have strong fungibility.

Privacy

Transactions in MimbleWimble are opaque but can still be validated appropriately despite there being no addresses and the amounts transacted are entirely hidden. MimbleWimble relies on the properties of Elliptic Curve Cryptography (ECC) to structure transactions based on the verification of zero sums and possession of private keys.

Elliptic Curve Cryptography

Read: What Is Elliptic Curve Cryptography? 

Verifying transactions with Mimblewimble requires that the sum of transaction outputs minus the sum of the inputs is always equal to zero. This is accomplished using Confidential Transactions that prove a double-spend or creation of new funds did not occur with a transaction while concurrently obfuscating the actual amounts in the transaction. MimbleWimble derives their concept for this from Confidential Transactions (CTs) by Greg Maxwell.

Ownership proof in MimbleWimble relies on blinding factors which are essentially the private keys of the users and excess values that are part of the transaction kernel. This blinding factor can be leveraged to prove ownership of the value in a transaction without revealing its values.

The concept of validating transactions without knowing any of the values transacted mirrors zero-knowledge proofs and RingCTs employed in ZCash and Monero, respectively.

There are no addresses in MimbleWimble, however. Instead, two wallets communicate with each other to exchange data where the recipient creates and sends an address to the sender. Only the participants can see this data and the information is not reusable by outside parties. The participating parties don’t even need to be online at the same time.

Further, the blocks in the blockchain do not list separate transactions (even if they are obfuscated – i.e., Monero), rather they are aggregated into a single transaction with mixed inputs and outputs. Viewing a block would provide no insights into a specific transaction. Transactions in MimbleWimble are effectively a non-interactive variant of CoinJoin that cannot be separated from each other.

To summarize, nodes can verify the authenticity of transactions without revealing the values being transferred, there are no addresses, and no identifiable information in a transaction.

Scalability

The approach that MimbleWimble takes to scalability is much more direct than more complicated layer two solutions or increasing on-chain throughput capacity. Instead, MimbleWimble relies on eliminating old and unnecessary transactions on the blockchain to improve efficiency.

Specifically, the protocol removes spent inputs on the blockchain over time by aggregating intermediary transactions together so that the size of blockchain is drastically reduced. The protocol uses a method called cut-through. A MimbleWimble transaction consists of the following components:

  • Set of inputs that reference and spent a set of previous outputs
  • A set of new outputs (Pedersen Commitments)
  • Transaction Kernel which contains a kernel excess and the transaction signature.

In a MimbleWimble block, cut-through transactions are only represented by their transaction kernel, and all outputs look the same because they are just large numbers that are impossible to differentiate. According to the MimbleWimble introduction on the Grin Github:

“Similarly to a transaction, all that needs to be checked in a block is that ownership has been proven (which comes from transaction kernels) and that the whole block did not add any money supply (other than what’s allowed by the coinbase). Therefore, matching inputs and outputs can be eliminated, as their contribution to the overall sum cancels out…..Note that all transaction structure has been eliminated and the order of inputs and outputs does not matter anymore. However, the sum of all outputs in this block, minus the inputs, is still guaranteed to be zero.”

As a result, it is impossible to tell which input is matched with which output while still preserving the ability to validate the transactions within a block. Nodes can further validate blocks by cross-referencing the sum of money created through mining with the total supply.

The type of pruning afforded by MimbleWimble allows for the protocol to become much more scalable, with users able to quickly sync with the network. Importantly, the whole chain state can be validated similar to a full node, even if no users retain the majority of the historical blockchain data.

What is Grin?

Grin is a cryptocurrency implementation of MimbleWimble designed to provide privacy, fungibility, and scalability. Describing Grin from a technical perspective contains substantial overlap with the previously mentioned MimbleWimble, so it is best to emphasize other components such as consensus and monetary policy.

Grin retains the privacy and fungibility features of MimbleWimble where there are no addresses, transactions amounts, and transactions can be merged removing all intermediary information. Further, blocks in Grin — like MimbleWimble — contain no transactions and the block just looks like one big transaction.

All spent outputs in Grin can also be safely removed, allowing a drastically reduced blockchain size. Users can download and verify the blockchain significantly faster than other cryptocurrencies. As a result, Grin can scale with the number of users rather than the number of transactions.

Grin’s Cuckoo Proof-of-Work Consensus

Grin does not implement a flashy new consensus mechanism like proof of stake to achieve consensus. Instead, it goes back to the bread and butter of PoW using the Cuckoo Cycle algorithm.

Cuckoo style PoW was selected to mitigate against the Bitcoin-style “hardware arms-race” by making it ASIC resistant. Cuckoo Cycle is a memory-bound algorithm, making it viable for CPUs and increasing its decentralization.

The difficulty of mining in the network is based on the current hash power and is designed to average a fast block time of around 60 seconds. You can find extensive information on Cuckoo Cycle PoW in the white paper by John Tromp and Grin mining on the Grin Github.

Grin’s Dandelion Implementation

Grim implements the Dandelion Protocol to increase its network layer privacy through its improved transaction message propagation method. The Dandelion Protocol helps protect against several recent attack vectors elucidated in academic papers about deanonymizing users by mapping IP addresses based on how a transaction message spreads from its origin.

Grin uses a slightly modified version of Dandelion to aggregate transactions that fits with the transaction merging of MimbleWimble.

What is The Dandelion Protocol?

Read: What is The Dandelion Protocol?

Monetary Policy of Grin

An interesting component of cryptocurrencies that has developed recently is monetary policy. Grin aims to be more of a currency for transacting than a store of value, currently different from Bitcoin. In doing so, it has created a monetary possible that is designed to make the currency’s value more stable.

Grin uses a linear supply schedule of inflation where the overall supply is unlimited, and the model encourages spending rather than hodling. Grin’s inflation rate starts high and subsequently falls to below 10 percent after a decade and to eventually to near-zero. The block reward is fixed over time.

Myles Snider offers an excellent analysis of the potential implications of Grin’s monetary policy.

Current Status of the Project

Grin released its Testnet V4 pre-release last month, and the cryptocurrency is expected to launch sometime in 2019. Grin has flown under the radar compared to more high-profile projects in the mainstream despite integrating some of the most cutting-edge technologies in the industry.

Quietly, there is significant anticipation around Grin from privacy proponents and other Bitcoin supporters. MimbleWimble is a relatively well-known concept when it comes to the more technical aspects of cryptocurrencies, and Grin’s use of the MimbleWimble protocol gives it some compelling potential.

Grin is also compatible with Schnorr signatures that can produce multi-signature outputs. Schnorr signatures are widely considered to be the best cryptographic signature, and their integration with Bitcoin is supposed to occur in 2019.

Technical components aside, Grin’s monetary policy also is intriguing considering the consequences its structure may have on the use of the cryptocurrency as more of a currency than a store of value.

Grin is open to contributions from developers and is definitely worth watching as it continues to evolve.

The post What are Grin and MimbleWimble? Complete Beginner’s Guide appeared first on Blockonomi.