Homomorphic Encryption & Blockchain Crypto-News.net

The Privacy Coin Guide Part 1

As interest picks up in crypto again, I want to share this post I made on privacy coins again to just give the basics of their evolution. This is only part 1, and parts 2 and 3 are not available in this format, but this part is informative and basic.
If you’re looking for a quick and easy way to assess what the best privacy coin in the current space is, which has the best features, or which is most likely to give high returns, then this is not that guide. My goal is to give you the power to make your own decisions, to clearly state my biases, and educate. I really wanted to understand this niche of the crypto-space due to my background and current loyalties[1], and grasp the nuances of the features, origins and timelines of technologies used in privacy coins, while not being anything close to a developer myself. This is going to be a 3-part series, starting with an overview and basic review of the technology, then looking at its implications, and ending with why I like a specific project. It might be mildly interesting or delightfully educational. Cryptocurrencies are young and existing privacy coins are deploying technology that is a work in progress. This series assumes a basic understanding of how blockchains work, specifically as used in cryptocurrencies. If you don’t have that understanding, might I suggest that you get it? [2],[3],[4] Because cryptocurrencies have a long way to go before reaching their end-game: when the world relies on the technology without understanding it. So, shall we do a deep dive into the privacy coin space?

FIRST THERE WAS BITCOIN

Cryptocurrencies allow you to tokenize value and track its exchange between hands over time, with transaction information verified by a distributed network of users. The most famous version of a cryptocurrency in use is Bitcoin, defined as peer-to-peer electronic cash. [5] Posted anonymously in 2008, the whitepaper seemed to be in direct response to the global financial meltdown and public distrust of the conventional banking and financing systems. Although cryptographic techniques are used in Bitcoin to ensure that (i) only the owner of a specific wallet has the authority to spend funds from that wallet, (ii) the public address is linked but cannot be traced by a third party to the private address (iii) the information is stored via cryptographic hashing in a merkle tree structure to ensure data integrity, the actual transaction information is publicly visible on the blockchain and can be traced back to the individual through chain analysis.[6] This has raised fears of possible financial censorship or the metaphorical tainting of money due to its origination point, as demonstrated in the Silk Road marketplace disaster.[7] This can happen because fiat money is usually exchanged for cryptocurrency at some point, as crypto-enthusiasts are born in the real world and inevitably cash out. There are already chain analysis firms and software that are increasingly efficient at tracking transactions on the Bitcoin blockchain.[8] This lack of privacy is one of the limitations of Bitcoin that has resulted in the creation of altcoins that experiment with the different features a cryptocurrency can have. Privacy coins are figuring out how to introduce privacy in addition to the payment network. The goal is to make the cryptocurrency fungible, each unit able to be exchanged for equal value without knowledge of its transaction history – like cash, while being publicly verifiable on a decentralized network. In other words, anyone can add the math up without being able to see the full details. Some privacy solutions and protocols have popped up as a result:

CRYPTONOTE – RING SIGNATURES AND STEALTH ADDRESSES

Used in: Monero and Particl as its successor RING-CT, Bytecoin
In December 2012, CryptoNote introduced the use of ring signatures and stealth addresses (along with other notable features such as its own codebase) to improve cryptocurrency privacy.[9] An updated CryptoNote version 2 came in October 2013 [10](though there is some dispute over this timeline [11]), also authored under the name Nicolas van Saberhagen. Ring signatures hide sender information by having the sender sign a transaction using a signature that could belong to multiple users. This makes a transaction untraceable. Stealth addresses allow a receiver to give a single address which generates a different public address for funds to be received at each time funds are sent to it. That makes a transaction unlinkable. In terms of privacy, CryptoNote gave us a protocol for untraceable and unlinkable transactions. The first implementation of CryptoNote technology was Bytecoin in March 2014 (timeline disputed [12]), which spawned many children (forks) in subsequent years, a notable example being Monero, based on CryptoNote v2 in April 2014.
RING SIGNATURES and STEALTH ADDRESSES

PROS

– Provides sender and receiver privacy
– Privacy can be default
– Mature technology
– Greater scalability with bulletproofs
– Does not require any third-party

CONS

– Privacy not very effective without high volume
-Does not hide transaction information if not combined with another protocol.

COINJOIN

Used in: Dash
Bitcoin developer Gregory Maxwell proposed a set of solutions to bring privacy to Bitcoin and cryptocurrencies, the first being CoinJoin (January 28 – Aug 22, 2013).[13],[14] CoinJoin (sometimes called CoinSwap) allows multiple users to combine their transactions into a single transaction, by receiving inputs from multiple users, and then sending their outputs to the multiple users, irrespective of who in the group the inputs came from. So, the receiver will get whatever output amount they were supposed to, but it cannot be directly traced to its origination input. Similar proposals include Coinshuffle in 2014 and Tumblebit in 2016, building on CoinJoin but not terribly popular [15],[16]. They fixed the need for a trusted third party to ‘mix’ the transactions. There are CoinJoin implementations that are being actively worked on but are not the most popular privacy solutions of today. A notable coin that uses CoinJoin technology is Dash, launched in January 2014, with masternodes in place of a trusted party.
COINJOIN

PROS

– Provides sender and receiver privacy
– Easy to implement on any cryptocurrency
– Lightweight
– Greater scalability with bulletproofs
– Mature technology

CONS

– Least anonymous privacy solution. Transaction amounts can be calculated
– Even without third-party mixer, depends on wealth centralization of masternodes

ZEROCOIN

Used in: Zcoin, PIVX
In May 2013, the Zerocoin protocol was introduced by John Hopkins University professor Matthew D. Green and his graduate students Ian Miers and Christina Garman.[17] In response to the need for use of a third party to do CoinJoin, the Zerocoin proposal allowed for a coin to be destroyed and remade in order to erase its history whenever it is spent. Zero-knowledge cryptography and zero-knowledge proofs are used to prove that the new coins for spending are being appropriately made. A zero-knowledge proof allows one party to prove to another that they know specific information, without revealing any information about it, other than the fact that they know it. Zerocoin was not accepted by the Bitcoin community as an implementation to be added to Bitcoin, so a new cryptocurrency had to be formed. Zcoin was the first cryptocurrency to implement the Zerocoin protocol in 2016. [18]
ZEROCOIN

PROS

– Provides sender and receiver privacy
– Supply can be audited
– Relatively mature technology
– Does not require a third-party

CONS

– Requires trusted setup (May not be required with Sigma protocol)
– Large proof sizes (not lightweight)
– Does not provide full privacy for transaction amounts

ZEROCASH

Used in: Zcash, Horizen, Komodo, Zclassic, Bitcoin Private
In May 2014, the current successor to the Zerocoin protocol, Zerocash, was created, also by Matthew Green and others (Eli Ben-Sasson, Alessandro Chiesa, Christina Garman, Matthew Green, Ian Miers, Eran Tromer, Madars Virza).[19] It improved upon the Zerocoin concept by taking advantage of zero-knowledge proofs called zk-snarks (zero knowledge succinct non-interactive arguments of knowledge). Unlike Zerocoin, which hid coin origins and payment history, Zerocash was faster, with smaller transaction sizes, and hides transaction information on the sender, receiver and amount. Zcash is the first cryptocurrency to implement the Zerocash protocol in 2016. [20]
ZEROCASH

PROS

– Provides full anonymity. Sender, receiver and amount hidden.
– Privacy can be default?
– Fast due to small proof sizes.
– Payment amount can be optionally disclosed for auditing
– Does not require any third-party

CONS

– Requires trusted setup. (May be improved with zt-starks technology)
– Supply cannot be audited. And coins can potentially be forged without proper implementation.
– Private transactions computationally intensive (improved with Sapling upgrade)

CONFIDENTIAL TRANSACTIONS

Used in: Monero and Particl with Ring Signatures as RING-CT
The next proposal from Maxwell was that of confidential transactions, proposed in June 2015 as part of the Sidechain Elements project from Blockstream, where Maxwell was Chief Technical Officer.[21],[22] It proposed to hide the transaction amount and asset type (e.g. deposits, currencies, shares), so that only the sender and receiver are aware of the amount, unless they choose to make the amount public. It uses homomorphic encryption[23] to encrypt the inputs and outputs by using blinding factors and a kind of ring signature in a commitment scheme, so the amount can be ‘committed’ to, without the amount actually being known. I’m terribly sorry if you now have the urge to go and research exactly what that means. The takeaway is that the transaction amount can be hidden from outsiders while being verifiable.
CONFIDENTIAL TRANSACTIONS

PROS

– Hides transaction amounts
– Privacy can be default
– Mature technology
– Does not require any third-party

CONS

– Only provides transaction amount privacy when used alone

RING-CT

Used in: Monero, Particl
Then came Ring Confidential transactions, proposed by Shen-Noether of Monero Research Labs in October 2015.[24] RingCT combines the use of ring signatures for hiding sender information, with the use of confidential transactions (which also uses ring signatures) for hiding amounts. The proposal described a new type of ring signature, A Multi-layered Linkable Spontaneous Anonymous Group signature which “allows for hidden amounts, origins and destinations of transactions with reasonable efficiency and verifiable, trustless coin generation”.[25] RingCT was implemented in Monero in January 2017 and made mandatory after September 2017.
RING -CONFIDENTIAL TRANSACTIONS

PROS

– Provides full anonymity. Hides transaction amounts and receiver privacy
– Privacy can be default
– Mature technology
– Greater scalability with bulletproofs
– Does not require any third-party

CONS

– Privacy not very effective without high volume

MIMBLEWIMBLE

Used in: Grin
Mimblewimble was proposed in July 2016 by pseudonymous contributor Tom Elvis Jedusorand further developed in October 2016 by Andrew Poelstra.[26],[27] Mimblewimble is a “privacy and fungibility focused cryptocoin transaction structure proposal”.[28] The key words are transaction structure proposal, so the way the blockchain is built is different, in order to accommodate privacy and fungibility features. Mimblewimble uses the concept of Confidential transactions to keep amounts hidden, looks at private keys and transaction information to prove ownership of funds rather than using addresses, and bundles transactions together instead of listing them separately on the blockchain. It also introduces a novel method of pruning the blockchain. Grin is a cryptocurrency in development that is applying Mimblewimble. Mimblewimble is early in development and you can understand it more here [29].
MIMBLEWIMBLE

PROS

– Hides transaction amounts and receiver privacy
– Privacy is on by default
– Lightweight
– No public addresses?

CONS

– Privacy not very effective without high volume
– Sender and receiver must both be online
– Relatively new technology

ZEXE

Fresh off the minds of brilliant cryptographers (Sean Bowe, Alessandro Chiesa, Matthew Green, Ian Miers, Pratyush Mishra, Howard Wu), in October 2018 Zexe proposed a new cryptographic primitive called ‘decentralized private computation.[30] It allows users of a decentralized ledger to “execute offline computations that result in transactions”[31], but also keeps transaction amounts hidden and allows transaction validation to happen at any time regardless of computations being done online. This can have far reaching implications for privacy coins in the future. Consider cases where transactions need to be automatic and private, without both parties being present.

NETWORK PRIVACY

Privacy technologies that look at network privacy as nodes communicate with each other on the network are important considerations, rather than just looking at privacy on the blockchain itself. Anonymous layers encrypt and/or reroute data as it moves among peers, so it is not obvious who they originate from on the network. They are used to protect against surveillance or censorship from ISPs and governments. The Invisible Internet Project (I2P) is an anonymous network layer that uses end to end encryption for peers on a network to communicate with each other.[32] Its history dates back to 2003. Kovri is a Monero created implementation of I2P.[33] The Onion Router (Tor) is another anonymity layer [34]) that Verge is a privacy cryptocurrency that uses. But its historical link to the US government may be is concerning to some[35]. Dandelion transaction relay is also an upcoming Bitcoin improvement proposal (BIP) that scrambles IP data that will provide network privacy for Bitcoin as transaction and other information is transmitted.[36],[37],[38]

UPCOMING

Monero completed bulletproofs protocol updates that reduce RINGCT transaction sizes and thus transaction fee costs. (Bulletproofs are a replacement for range proofs used in confidential transactions that aid in encrypting inputs and outputs by making sure they add to zero).
Sigma Protocol – being actively researched by Zcoin team as of 2018 to replace Zerocoin protocol so that a trusted setup is not required.[39] There is a possible replacement for zk-snarks, called zk-starks, another form of zero-knowledge proof technology, that may make a trusted set-up unnecessary for zero-knowledege proof coins.[40]

PART 1 CONCLUSION OF THE PRIVACY COIN GUIDE ON THE TECHNOLOGY BEHIND PRIVACY COINS

Although Bitcoin is still a groundbreaking technology that gives us a trust-less transaction system, it has failed to live up to its expectations of privacy. Over time, new privacy technologies have arrived and are arriving with innovative and exciting solutions for Bitcoin’s lack of fungibility. It is important to note that these technologies are built on prior research and application, but we are considering their use in cryptocurrencies. Protocols are proposed based on cryptographic concepts that show how they would work, and then developers actually implement them. Please note that I did not include the possibility of improper implementation as a disadvantage, and the advantages assume that the technical development is well done. A very important point is that coins can also adapt new privacy technologies as their merits become obvious, even as they start with a specific privacy protocol. Furthermore, I am, unfortunately, positive that this is not an exhaustive overview and I am only covering publicized solutions. Next, we’ll talk more about the pros and cons and give an idea of how the coins can be compared.

There's a video version that can be watched, and you can find out how to get the second two parts if you want on my website (video link on the page): https://cryptoramble.com/guide-on-privacy-coins/
submitted by CryptoRamble to ethereum [link] [comments]

The Privacy Coin Guide Part 1

As interest picks up in crypto again, I want to share this post I made on privacy coins again to just give the basics of their evolution. This is only part 1, and parts 2 and 3 are not available in this format, but this part is informative and basic.
If you’re looking for a quick and easy way to assess what the best privacy coin in the current space is, which has the best features, or which is most likely to give high returns, then this is not that guide. My goal is to give you the power to make your own decisions, to clearly state my biases, and educate. I really wanted to understand this niche of the crypto-space due to my background and current loyalties[1], and grasp the nuances of the features, origins and timelines of technologies used in privacy coins, while not being anything close to a developer myself. This is going to be a 3-part series, starting with an overview and basic review of the technology, then looking at its implications, and ending with why I like a specific project. It might be mildly interesting or delightfully educational. Cryptocurrencies are young and existing privacy coins are deploying technology that is a work in progress. This series assumes a basic understanding of how blockchains work, specifically as used in cryptocurrencies. If you don’t have that understanding, might I suggest that you get it? [2],[3],[4] Because cryptocurrencies have a long way to go before reaching their end-game: when the world relies on the technology without understanding it. So, shall we do a deep dive into the privacy coin space?

FIRST THERE WAS BITCOIN

Cryptocurrencies allow you to tokenize value and track its exchange between hands over time, with transaction information verified by a distributed network of users. The most famous version of a cryptocurrency in use is Bitcoin, defined as peer-to-peer electronic cash. [5] Posted anonymously in 2008, the whitepaper seemed to be in direct response to the global financial meltdown and public distrust of the conventional banking and financing systems. Although cryptographic techniques are used in Bitcoin to ensure that (i) only the owner of a specific wallet has the authority to spend funds from that wallet, (ii) the public address is linked but cannot be traced by a third party to the private address (iii) the information is stored via cryptographic hashing in a merkle tree structure to ensure data integrity, the actual transaction information is publicly visible on the blockchain and can be traced back to the individual through chain analysis.[6] This has raised fears of possible financial censorship or the metaphorical tainting of money due to its origination point, as demonstrated in the Silk Road marketplace disaster.[7] This can happen because fiat money is usually exchanged for cryptocurrency at some point, as crypto-enthusiasts are born in the real world and inevitably cash out. There are already chain analysis firms and software that are increasingly efficient at tracking transactions on the Bitcoin blockchain.[8] This lack of privacy is one of the limitations of Bitcoin that has resulted in the creation of altcoins that experiment with the different features a cryptocurrency can have. Privacy coins are figuring out how to introduce privacy in addition to the payment network. The goal is to make the cryptocurrency fungible, each unit able to be exchanged for equal value without knowledge of its transaction history – like cash, while being publicly verifiable on a decentralized network. In other words, anyone can add the math up without being able to see the full details. Some privacy solutions and protocols have popped up as a result:

CRYPTONOTE – RING SIGNATURES AND STEALTH ADDRESSES

Used in: Monero and Particl as its successor RING-CT, Bytecoin
In December 2012, CryptoNote introduced the use of ring signatures and stealth addresses (along with other notable features such as its own codebase) to improve cryptocurrency privacy.[9] An updated CryptoNote version 2 came in October 2013 [10](though there is some dispute over this timeline [11]), also authored under the name Nicolas van Saberhagen. Ring signatures hide sender information by having the sender sign a transaction using a signature that could belong to multiple users. This makes a transaction untraceable. Stealth addresses allow a receiver to give a single address which generates a different public address for funds to be received at each time funds are sent to it. That makes a transaction unlinkable. In terms of privacy, CryptoNote gave us a protocol for untraceable and unlinkable transactions. The first implementation of CryptoNote technology was Bytecoin in March 2014 (timeline disputed [12]), which spawned many children (forks) in subsequent years, a notable example being Monero, based on CryptoNote v2 in April 2014.
RING SIGNATURES and STEALTH ADDRESSES

PROS

– Provides sender and receiver privacy
– Privacy can be default
– Mature technology
– Greater scalability with bulletproofs
– Does not require any third-party

CONS

– Privacy not very effective without high volume
-Does not hide transaction information if not combined with another protocol.

COINJOIN

Used in: Dash
Bitcoin developer Gregory Maxwell proposed a set of solutions to bring privacy to Bitcoin and cryptocurrencies, the first being CoinJoin (January 28 – Aug 22, 2013).[13],[14] CoinJoin (sometimes called CoinSwap) allows multiple users to combine their transactions into a single transaction, by receiving inputs from multiple users, and then sending their outputs to the multiple users, irrespective of who in the group the inputs came from. So, the receiver will get whatever output amount they were supposed to, but it cannot be directly traced to its origination input. Similar proposals include Coinshuffle in 2014 and Tumblebit in 2016, building on CoinJoin but not terribly popular [15],[16]. They fixed the need for a trusted third party to ‘mix’ the transactions. There are CoinJoin implementations that are being actively worked on but are not the most popular privacy solutions of today. A notable coin that uses CoinJoin technology is Dash, launched in January 2014, with masternodes in place of a trusted party.
COINJOIN

PROS

– Provides sender and receiver privacy
– Easy to implement on any cryptocurrency
– Lightweight
– Greater scalability with bulletproofs
– Mature technology

CONS

– Least anonymous privacy solution. Transaction amounts can be calculated
– Even without third-party mixer, depends on wealth centralization of masternodes

ZEROCOIN

Used in: Zcoin, PIVX
In May 2013, the Zerocoin protocol was introduced by John Hopkins University professor Matthew D. Green and his graduate students Ian Miers and Christina Garman.[17] In response to the need for use of a third party to do CoinJoin, the Zerocoin proposal allowed for a coin to be destroyed and remade in order to erase its history whenever it is spent. Zero-knowledge cryptography and zero-knowledge proofs are used to prove that the new coins for spending are being appropriately made. A zero-knowledge proof allows one party to prove to another that they know specific information, without revealing any information about it, other than the fact that they know it. Zerocoin was not accepted by the Bitcoin community as an implementation to be added to Bitcoin, so a new cryptocurrency had to be formed. Zcoin was the first cryptocurrency to implement the Zerocoin protocol in 2016. [18]
ZEROCOIN

PROS

– Provides sender and receiver privacy
– Supply can be audited
– Relatively mature technology
– Does not require a third-party

CONS

– Requires trusted setup (May not be required with Sigma protocol)
– Large proof sizes (not lightweight)
– Does not provide full privacy for transaction amounts

ZEROCASH

Used in: Zcash, Horizen, Komodo, Zclassic, Bitcoin Private
In May 2014, the current successor to the Zerocoin protocol, Zerocash, was created, also by Matthew Green and others (Eli Ben-Sasson, Alessandro Chiesa, Christina Garman, Matthew Green, Ian Miers, Eran Tromer, Madars Virza).[19] It improved upon the Zerocoin concept by taking advantage of zero-knowledge proofs called zk-snarks (zero knowledge succinct non-interactive arguments of knowledge). Unlike Zerocoin, which hid coin origins and payment history, Zerocash was faster, with smaller transaction sizes, and hides transaction information on the sender, receiver and amount. Zcash is the first cryptocurrency to implement the Zerocash protocol in 2016. [20]
ZEROCASH

PROS

– Provides full anonymity. Sender, receiver and amount hidden.
– Privacy can be default?
– Fast due to small proof sizes.
– Payment amount can be optionally disclosed for auditing
– Does not require any third-party

CONS

– Requires trusted setup. (May be improved with zt-starks technology)
– Supply cannot be audited. And coins can potentially be forged without proper implementation.
– Private transactions computationally intensive (improved with Sapling upgrade)

CONFIDENTIAL TRANSACTIONS

Used in: Monero and Particl with Ring Signatures as RING-CT
The next proposal from Maxwell was that of confidential transactions, proposed in June 2015 as part of the Sidechain Elements project from Blockstream, where Maxwell was Chief Technical Officer.[21],[22] It proposed to hide the transaction amount and asset type (e.g. deposits, currencies, shares), so that only the sender and receiver are aware of the amount, unless they choose to make the amount public. It uses homomorphic encryption[23] to encrypt the inputs and outputs by using blinding factors and a kind of ring signature in a commitment scheme, so the amount can be ‘committed’ to, without the amount actually being known. I’m terribly sorry if you now have the urge to go and research exactly what that means. The takeaway is that the transaction amount can be hidden from outsiders while being verifiable.
CONFIDENTIAL TRANSACTIONS

PROS

– Hides transaction amounts
– Privacy can be default
– Mature technology
– Does not require any third-party

CONS

– Only provides transaction amount privacy when used alone

RING-CT

Used in: Monero, Particl
Then came Ring Confidential transactions, proposed by Shen-Noether of Monero Research Labs in October 2015.[24] RingCT combines the use of ring signatures for hiding sender information, with the use of confidential transactions (which also uses ring signatures) for hiding amounts. The proposal described a new type of ring signature, A Multi-layered Linkable Spontaneous Anonymous Group signature which “allows for hidden amounts, origins and destinations of transactions with reasonable efficiency and verifiable, trustless coin generation”.[25] RingCT was implemented in Monero in January 2017 and made mandatory after September 2017.
RING -CONFIDENTIAL TRANSACTIONS

PROS

– Provides full anonymity. Hides transaction amounts and receiver privacy
– Privacy can be default
– Mature technology
– Greater scalability with bulletproofs
– Does not require any third-party

CONS

– Privacy not very effective without high volume

MIMBLEWIMBLE

Used in: Grin
Mimblewimble was proposed in July 2016 by pseudonymous contributor Tom Elvis Jedusorand further developed in October 2016 by Andrew Poelstra.[26],[27] Mimblewimble is a “privacy and fungibility focused cryptocoin transaction structure proposal”.[28] The key words are transaction structure proposal, so the way the blockchain is built is different, in order to accommodate privacy and fungibility features. Mimblewimble uses the concept of Confidential transactions to keep amounts hidden, looks at private keys and transaction information to prove ownership of funds rather than using addresses, and bundles transactions together instead of listing them separately on the blockchain. It also introduces a novel method of pruning the blockchain. Grin is a cryptocurrency in development that is applying Mimblewimble. Mimblewimble is early in development and you can understand it more here [29].
MIMBLEWIMBLE

PROS

– Hides transaction amounts and receiver privacy
– Privacy is on by default
– Lightweight
– No public addresses?

CONS

– Privacy not very effective without high volume
– Sender and receiver must both be online
– Relatively new technology

ZEXE

Fresh off the minds of brilliant cryptographers (Sean Bowe, Alessandro Chiesa, Matthew Green, Ian Miers, Pratyush Mishra, Howard Wu), in October 2018 Zexe proposed a new cryptographic primitive called ‘decentralized private computation.[30] It allows users of a decentralized ledger to “execute offline computations that result in transactions”[31], but also keeps transaction amounts hidden and allows transaction validation to happen at any time regardless of computations being done online. This can have far reaching implications for privacy coins in the future. Consider cases where transactions need to be automatic and private, without both parties being present.

NETWORK PRIVACY

Privacy technologies that look at network privacy as nodes communicate with each other on the network are important considerations, rather than just looking at privacy on the blockchain itself. Anonymous layers encrypt and/or reroute data as it moves among peers, so it is not obvious who they originate from on the network. They are used to protect against surveillance or censorship from ISPs and governments. The Invisible Internet Project (I2P) is an anonymous network layer that uses end to end encryption for peers on a network to communicate with each other.[32] Its history dates back to 2003. Kovri is a Monero created implementation of I2P.[33] The Onion Router (Tor) is another anonymity layer [34]) that Verge is a privacy cryptocurrency that uses. But its historical link to the US government may be is concerning to some[35]. Dandelion transaction relay is also an upcoming Bitcoin improvement proposal (BIP) that scrambles IP data that will provide network privacy for Bitcoin as transaction and other information is transmitted.[36],[37],[38]

UPCOMING

Monero completed bulletproofs protocol updates that reduce RINGCT transaction sizes and thus transaction fee costs. (Bulletproofs are a replacement for range proofs used in confidential transactions that aid in encrypting inputs and outputs by making sure they add to zero).
Sigma Protocol – being actively researched by Zcoin team as of 2018 to replace Zerocoin protocol so that a trusted setup is not required.[39] There is a possible replacement for zk-snarks, called zk-starks, another form of zero-knowledge proof technology, that may make a trusted set-up unnecessary for zero-knowledege proof coins.[40]

PART 1 CONCLUSION OF THE PRIVACY COIN GUIDE ON THE TECHNOLOGY BEHIND PRIVACY COINS

Although Bitcoin is still a groundbreaking technology that gives us a trust-less transaction system, it has failed to live up to its expectations of privacy. Over time, new privacy technologies have arrived and are arriving with innovative and exciting solutions for Bitcoin’s lack of fungibility. It is important to note that these technologies are built on prior research and application, but we are considering their use in cryptocurrencies. Protocols are proposed based on cryptographic concepts that show how they would work, and then developers actually implement them. Please note that I did not include the possibility of improper implementation as a disadvantage, and the advantages assume that the technical development is well done. A very important point is that coins can also adapt new privacy technologies as their merits become obvious, even as they start with a specific privacy protocol. Furthermore, I am, unfortunately, positive that this is not an exhaustive overview and I am only covering publicized solutions. Next, we’ll talk more about the pros and cons and give an idea of how the coins can be compared.

There's a video version that can be watched, and you can find out how to get the second two parts if you want on my website (video link on the page): https://cryptoramble.com/guide-on-privacy-coins/
submitted by CryptoRamble to privacycoins [link] [comments]

The Privacy Coin Guide Part 1

As interest picks up in crypto again, I want to share this post I made on privacy coins again to just give the basics of their evolution. This is only part 1, and parts 2 and 3 are not available in this format, but this part is informative and basic.
If you’re looking for a quick and easy way to assess what the best privacy coin in the current space is, which has the best features, or which is most likely to give high returns, then this is not that guide. My goal is to give you the power to make your own decisions, to clearly state my biases, and educate. I really wanted to understand this niche of the crypto-space due to my background and current loyalties[1], and grasp the nuances of the features, origins and timelines of technologies used in privacy coins, while not being anything close to a developer myself. This is going to be a 3-part series, starting with an overview and basic review of the technology, then looking at its implications, and ending with why I like a specific project. It might be mildly interesting or delightfully educational. Cryptocurrencies are young and existing privacy coins are deploying technology that is a work in progress. This series assumes a basic understanding of how blockchains work, specifically as used in cryptocurrencies. If you don’t have that understanding, might I suggest that you get it? [2],[3],[4] Because cryptocurrencies have a long way to go before reaching their end-game: when the world relies on the technology without understanding it. So, shall we do a deep dive into the privacy coin space?

FIRST THERE WAS BITCOIN

Cryptocurrencies allow you to tokenize value and track its exchange between hands over time, with transaction information verified by a distributed network of users. The most famous version of a cryptocurrency in use is Bitcoin, defined as peer-to-peer electronic cash. [5] Posted anonymously in 2008, the whitepaper seemed to be in direct response to the global financial meltdown and public distrust of the conventional banking and financing systems. Although cryptographic techniques are used in Bitcoin to ensure that (i) only the owner of a specific wallet has the authority to spend funds from that wallet, (ii) the public address is linked but cannot be traced by a third party to the private address (iii) the information is stored via cryptographic hashing in a merkle tree structure to ensure data integrity, the actual transaction information is publicly visible on the blockchain and can be traced back to the individual through chain analysis.[6] This has raised fears of possible financial censorship or the metaphorical tainting of money due to its origination point, as demonstrated in the Silk Road marketplace disaster.[7] This can happen because fiat money is usually exchanged for cryptocurrency at some point, as crypto-enthusiasts are born in the real world and inevitably cash out. There are already chain analysis firms and software that are increasingly efficient at tracking transactions on the Bitcoin blockchain.[8] This lack of privacy is one of the limitations of Bitcoin that has resulted in the creation of altcoins that experiment with the different features a cryptocurrency can have. Privacy coins are figuring out how to introduce privacy in addition to the payment network. The goal is to make the cryptocurrency fungible, each unit able to be exchanged for equal value without knowledge of its transaction history – like cash, while being publicly verifiable on a decentralized network. In other words, anyone can add the math up without being able to see the full details. Some privacy solutions and protocols have popped up as a result:

CRYPTONOTE – RING SIGNATURES AND STEALTH ADDRESSES

Used in: Monero and Particl as its successor RING-CT, Bytecoin
In December 2012, CryptoNote introduced the use of ring signatures and stealth addresses (along with other notable features such as its own codebase) to improve cryptocurrency privacy.[9] An updated CryptoNote version 2 came in October 2013 [10](though there is some dispute over this timeline [11]), also authored under the name Nicolas van Saberhagen. Ring signatures hide sender information by having the sender sign a transaction using a signature that could belong to multiple users. This makes a transaction untraceable. Stealth addresses allow a receiver to give a single address which generates a different public address for funds to be received at each time funds are sent to it. That makes a transaction unlinkable. In terms of privacy, CryptoNote gave us a protocol for untraceable and unlinkable transactions. The first implementation of CryptoNote technology was Bytecoin in March 2014 (timeline disputed [12]), which spawned many children (forks) in subsequent years, a notable example being Monero, based on CryptoNote v2 in April 2014.
RING SIGNATURES and STEALTH ADDRESSES

PROS

– Provides sender and receiver privacy
– Privacy can be default
– Mature technology
– Greater scalability with bulletproofs
– Does not require any third-party

CONS

– Privacy not very effective without high volume
-Does not hide transaction information if not combined with another protocol.

COINJOIN

Used in: Dash
Bitcoin developer Gregory Maxwell proposed a set of solutions to bring privacy to Bitcoin and cryptocurrencies, the first being CoinJoin (January 28 – Aug 22, 2013).[13],[14] CoinJoin (sometimes called CoinSwap) allows multiple users to combine their transactions into a single transaction, by receiving inputs from multiple users, and then sending their outputs to the multiple users, irrespective of who in the group the inputs came from. So, the receiver will get whatever output amount they were supposed to, but it cannot be directly traced to its origination input. Similar proposals include Coinshuffle in 2014 and Tumblebit in 2016, building on CoinJoin but not terribly popular [15],[16]. They fixed the need for a trusted third party to ‘mix’ the transactions. There are CoinJoin implementations that are being actively worked on but are not the most popular privacy solutions of today. A notable coin that uses CoinJoin technology is Dash, launched in January 2014, with masternodes in place of a trusted party.
COINJOIN

PROS

– Provides sender and receiver privacy
– Easy to implement on any cryptocurrency
– Lightweight
– Greater scalability with bulletproofs
– Mature technology

CONS

– Least anonymous privacy solution. Transaction amounts can be calculated
– Even without third-party mixer, depends on wealth centralization of masternodes

ZEROCOIN

Used in: Zcoin, PIVX
In May 2013, the Zerocoin protocol was introduced by John Hopkins University professor Matthew D. Green and his graduate students Ian Miers and Christina Garman.[17] In response to the need for use of a third party to do CoinJoin, the Zerocoin proposal allowed for a coin to be destroyed and remade in order to erase its history whenever it is spent. Zero-knowledge cryptography and zero-knowledge proofs are used to prove that the new coins for spending are being appropriately made. A zero-knowledge proof allows one party to prove to another that they know specific information, without revealing any information about it, other than the fact that they know it. Zerocoin was not accepted by the Bitcoin community as an implementation to be added to Bitcoin, so a new cryptocurrency had to be formed. Zcoin was the first cryptocurrency to implement the Zerocoin protocol in 2016. [18]
ZEROCOIN

PROS

– Provides sender and receiver privacy
– Supply can be audited
– Relatively mature technology
– Does not require a third-party

CONS

– Requires trusted setup (May not be required with Sigma protocol)
– Large proof sizes (not lightweight)
– Does not provide full privacy for transaction amounts

ZEROCASH

Used in: Zcash, Horizen, Komodo, Zclassic, Bitcoin Private
In May 2014, the current successor to the Zerocoin protocol, Zerocash, was created, also by Matthew Green and others (Eli Ben-Sasson, Alessandro Chiesa, Christina Garman, Matthew Green, Ian Miers, Eran Tromer, Madars Virza).[19] It improved upon the Zerocoin concept by taking advantage of zero-knowledge proofs called zk-snarks (zero knowledge succinct non-interactive arguments of knowledge). Unlike Zerocoin, which hid coin origins and payment history, Zerocash was faster, with smaller transaction sizes, and hides transaction information on the sender, receiver and amount. Zcash is the first cryptocurrency to implement the Zerocash protocol in 2016. [20]
ZEROCASH

PROS

– Provides full anonymity. Sender, receiver and amount hidden.
– Privacy can be default?
– Fast due to small proof sizes.
– Payment amount can be optionally disclosed for auditing
– Does not require any third-party

CONS

– Requires trusted setup. (May be improved with zt-starks technology)
– Supply cannot be audited. And coins can potentially be forged without proper implementation.
– Private transactions computationally intensive (improved with Sapling upgrade)

CONFIDENTIAL TRANSACTIONS

Used in: Monero and Particl with Ring Signatures as RING-CT
The next proposal from Maxwell was that of confidential transactions, proposed in June 2015 as part of the Sidechain Elements project from Blockstream, where Maxwell was Chief Technical Officer.[21],[22] It proposed to hide the transaction amount and asset type (e.g. deposits, currencies, shares), so that only the sender and receiver are aware of the amount, unless they choose to make the amount public. It uses homomorphic encryption[23] to encrypt the inputs and outputs by using blinding factors and a kind of ring signature in a commitment scheme, so the amount can be ‘committed’ to, without the amount actually being known. I’m terribly sorry if you now have the urge to go and research exactly what that means. The takeaway is that the transaction amount can be hidden from outsiders while being verifiable.
CONFIDENTIAL TRANSACTIONS

PROS

– Hides transaction amounts
– Privacy can be default
– Mature technology
– Does not require any third-party

CONS

– Only provides transaction amount privacy when used alone

RING-CT

Used in: Monero, Particl
Then came Ring Confidential transactions, proposed by Shen-Noether of Monero Research Labs in October 2015.[24] RingCT combines the use of ring signatures for hiding sender information, with the use of confidential transactions (which also uses ring signatures) for hiding amounts. The proposal described a new type of ring signature, A Multi-layered Linkable Spontaneous Anonymous Group signature which “allows for hidden amounts, origins and destinations of transactions with reasonable efficiency and verifiable, trustless coin generation”.[25] RingCT was implemented in Monero in January 2017 and made mandatory after September 2017.
RING -CONFIDENTIAL TRANSACTIONS

PROS

– Provides full anonymity. Hides transaction amounts and receiver privacy
– Privacy can be default
– Mature technology
– Greater scalability with bulletproofs
– Does not require any third-party

CONS

– Privacy not very effective without high volume

MIMBLEWIMBLE

Used in: Grin
Mimblewimble was proposed in July 2016 by pseudonymous contributor Tom Elvis Jedusorand further developed in October 2016 by Andrew Poelstra.[26],[27] Mimblewimble is a “privacy and fungibility focused cryptocoin transaction structure proposal”.[28] The key words are transaction structure proposal, so the way the blockchain is built is different, in order to accommodate privacy and fungibility features. Mimblewimble uses the concept of Confidential transactions to keep amounts hidden, looks at private keys and transaction information to prove ownership of funds rather than using addresses, and bundles transactions together instead of listing them separately on the blockchain. It also introduces a novel method of pruning the blockchain. Grin is a cryptocurrency in development that is applying Mimblewimble. Mimblewimble is early in development and you can understand it more here [29].
MIMBLEWIMBLE

PROS

– Hides transaction amounts and receiver privacy
– Privacy is on by default
– Lightweight
– No public addresses?

CONS

– Privacy not very effective without high volume
– Sender and receiver must both be online
– Relatively new technology

ZEXE

Fresh off the minds of brilliant cryptographers (Sean Bowe, Alessandro Chiesa, Matthew Green, Ian Miers, Pratyush Mishra, Howard Wu), in October 2018 Zexe proposed a new cryptographic primitive called ‘decentralized private computation.[30] It allows users of a decentralized ledger to “execute offline computations that result in transactions”[31], but also keeps transaction amounts hidden and allows transaction validation to happen at any time regardless of computations being done online. This can have far reaching implications for privacy coins in the future. Consider cases where transactions need to be automatic and private, without both parties being present.

NETWORK PRIVACY

Privacy technologies that look at network privacy as nodes communicate with each other on the network are important considerations, rather than just looking at privacy on the blockchain itself. Anonymous layers encrypt and/or reroute data as it moves among peers, so it is not obvious who they originate from on the network. They are used to protect against surveillance or censorship from ISPs and governments. The Invisible Internet Project (I2P) is an anonymous network layer that uses end to end encryption for peers on a network to communicate with each other.[32] Its history dates back to 2003. Kovri is a Monero created implementation of I2P.[33] The Onion Router (Tor) is another anonymity layer [34]) that Verge is a privacy cryptocurrency that uses. But its historical link to the US government may be is concerning to some[35]. Dandelion transaction relay is also an upcoming Bitcoin improvement proposal (BIP) that scrambles IP data that will provide network privacy for Bitcoin as transaction and other information is transmitted.[36],[37],[38]

UPCOMING

Monero completed bulletproofs protocol updates that reduce RINGCT transaction sizes and thus transaction fee costs. (Bulletproofs are a replacement for range proofs used in confidential transactions that aid in encrypting inputs and outputs by making sure they add to zero).
Sigma Protocol – being actively researched by Zcoin team as of 2018 to replace Zerocoin protocol so that a trusted setup is not required.[39] There is a possible replacement for zk-snarks, called zk-starks, another form of zero-knowledge proof technology, that may make a trusted set-up unnecessary for zero-knowledege proof coins.[40]

PART 1 CONCLUSION OF THE PRIVACY COIN GUIDE ON THE TECHNOLOGY BEHIND PRIVACY COINS

Although Bitcoin is still a groundbreaking technology that gives us a trust-less transaction system, it has failed to live up to its expectations of privacy. Over time, new privacy technologies have arrived and are arriving with innovative and exciting solutions for Bitcoin’s lack of fungibility. It is important to note that these technologies are built on prior research and application, but we are considering their use in cryptocurrencies. Protocols are proposed based on cryptographic concepts that show how they would work, and then developers actually implement them. Please note that I did not include the possibility of improper implementation as a disadvantage, and the advantages assume that the technical development is well done. A very important point is that coins can also adapt new privacy technologies as their merits become obvious, even as they start with a specific privacy protocol. Furthermore, I am, unfortunately, positive that this is not an exhaustive overview and I am only covering publicized solutions. Next, we’ll talk more about the pros and cons and give an idea of how the coins can be compared.

There's a video version that can be watched, and you can find out how to get the second two parts if you want on my website (video link on the page): https://cryptoramble.com/guide-on-privacy-coins/
submitted by CryptoRamble to CryptoCurrencies [link] [comments]

The Privacy Coin Guide Part 1

As interest picks up in crypto again, I want to share this post I made on privacy coins again to just give the basics of their evolution. This is only part 1, and parts 2 and 3 are not available in this format, but this part is informative and basic.
If you’re looking for a quick and easy way to assess what the best privacy coin in the current space is, which has the best features, or which is most likely to give high returns, then this is not that guide. My goal is to give you the power to make your own decisions, to clearly state my biases, and educate. I really wanted to understand this niche of the crypto-space due to my background and current loyalties[1], and grasp the nuances of the features, origins and timelines of technologies used in privacy coins, while not being anything close to a developer myself. This is going to be a 3-part series, starting with an overview and basic review of the technology, then looking at its implications, and ending with why I like a specific project. It might be mildly interesting or delightfully educational. Cryptocurrencies are young and existing privacy coins are deploying technology that is a work in progress. This series assumes a basic understanding of how blockchains work, specifically as used in cryptocurrencies. If you don’t have that understanding, might I suggest that you get it? [2],[3],[4] Because cryptocurrencies have a long way to go before reaching their end-game: when the world relies on the technology without understanding it. So, shall we do a deep dive into the privacy coin space?

FIRST THERE WAS BITCOIN

Cryptocurrencies allow you to tokenize value and track its exchange between hands over time, with transaction information verified by a distributed network of users. The most famous version of a cryptocurrency in use is Bitcoin, defined as peer-to-peer electronic cash. [5] Posted anonymously in 2008, the whitepaper seemed to be in direct response to the global financial meltdown and public distrust of the conventional banking and financing systems. Although cryptographic techniques are used in Bitcoin to ensure that (i) only the owner of a specific wallet has the authority to spend funds from that wallet, (ii) the public address is linked but cannot be traced by a third party to the private address (iii) the information is stored via cryptographic hashing in a merkle tree structure to ensure data integrity, the actual transaction information is publicly visible on the blockchain and can be traced back to the individual through chain analysis.[6] This has raised fears of possible financial censorship or the metaphorical tainting of money due to its origination point, as demonstrated in the Silk Road marketplace disaster.[7] This can happen because fiat money is usually exchanged for cryptocurrency at some point, as crypto-enthusiasts are born in the real world and inevitably cash out. There are already chain analysis firms and software that are increasingly efficient at tracking transactions on the Bitcoin blockchain.[8] This lack of privacy is one of the limitations of Bitcoin that has resulted in the creation of altcoins that experiment with the different features a cryptocurrency can have. Privacy coins are figuring out how to introduce privacy in addition to the payment network. The goal is to make the cryptocurrency fungible, each unit able to be exchanged for equal value without knowledge of its transaction history – like cash, while being publicly verifiable on a decentralized network. In other words, anyone can add the math up without being able to see the full details. Some privacy solutions and protocols have popped up as a result:

CRYPTONOTE – RING SIGNATURES AND STEALTH ADDRESSES

Used in: Monero and Particl as its successor RING-CT, Bytecoin
In December 2012, CryptoNote introduced the use of ring signatures and stealth addresses (along with other notable features such as its own codebase) to improve cryptocurrency privacy.[9] An updated CryptoNote version 2 came in October 2013 [10](though there is some dispute over this timeline [11]), also authored under the name Nicolas van Saberhagen. Ring signatures hide sender information by having the sender sign a transaction using a signature that could belong to multiple users. This makes a transaction untraceable. Stealth addresses allow a receiver to give a single address which generates a different public address for funds to be received at each time funds are sent to it. That makes a transaction unlinkable. In terms of privacy, CryptoNote gave us a protocol for untraceable and unlinkable transactions. The first implementation of CryptoNote technology was Bytecoin in March 2014 (timeline disputed [12]), which spawned many children (forks) in subsequent years, a notable example being Monero, based on CryptoNote v2 in April 2014.
RING SIGNATURES and STEALTH ADDRESSES

PROS

– Provides sender and receiver privacy
– Privacy can be default
– Mature technology
– Greater scalability with bulletproofs
– Does not require any third-party

CONS

– Privacy not very effective without high volume
-Does not hide transaction information if not combined with another protocol.

COINJOIN

Used in: Dash
Bitcoin developer Gregory Maxwell proposed a set of solutions to bring privacy to Bitcoin and cryptocurrencies, the first being CoinJoin (January 28 – Aug 22, 2013).[13],[14] CoinJoin (sometimes called CoinSwap) allows multiple users to combine their transactions into a single transaction, by receiving inputs from multiple users, and then sending their outputs to the multiple users, irrespective of who in the group the inputs came from. So, the receiver will get whatever output amount they were supposed to, but it cannot be directly traced to its origination input. Similar proposals include Coinshuffle in 2014 and Tumblebit in 2016, building on CoinJoin but not terribly popular [15],[16]. They fixed the need for a trusted third party to ‘mix’ the transactions. There are CoinJoin implementations that are being actively worked on but are not the most popular privacy solutions of today. A notable coin that uses CoinJoin technology is Dash, launched in January 2014, with masternodes in place of a trusted party.
COINJOIN

PROS

– Provides sender and receiver privacy
– Easy to implement on any cryptocurrency
– Lightweight
– Greater scalability with bulletproofs
– Mature technology

CONS

– Least anonymous privacy solution. Transaction amounts can be calculated
– Even without third-party mixer, depends on wealth centralization of masternodes

ZEROCOIN

Used in: Zcoin, PIVX
In May 2013, the Zerocoin protocol was introduced by John Hopkins University professor Matthew D. Green and his graduate students Ian Miers and Christina Garman.[17] In response to the need for use of a third party to do CoinJoin, the Zerocoin proposal allowed for a coin to be destroyed and remade in order to erase its history whenever it is spent. Zero-knowledge cryptography and zero-knowledge proofs are used to prove that the new coins for spending are being appropriately made. A zero-knowledge proof allows one party to prove to another that they know specific information, without revealing any information about it, other than the fact that they know it. Zerocoin was not accepted by the Bitcoin community as an implementation to be added to Bitcoin, so a new cryptocurrency had to be formed. Zcoin was the first cryptocurrency to implement the Zerocoin protocol in 2016. [18]
ZEROCOIN

PROS

– Provides sender and receiver privacy
– Supply can be audited
– Relatively mature technology
– Does not require a third-party

CONS

– Requires trusted setup (May not be required with Sigma protocol)
– Large proof sizes (not lightweight)
– Does not provide full privacy for transaction amounts

ZEROCASH

Used in: Zcash, Horizen, Komodo, Zclassic, Bitcoin Private
In May 2014, the current successor to the Zerocoin protocol, Zerocash, was created, also by Matthew Green and others (Eli Ben-Sasson, Alessandro Chiesa, Christina Garman, Matthew Green, Ian Miers, Eran Tromer, Madars Virza).[19] It improved upon the Zerocoin concept by taking advantage of zero-knowledge proofs called zk-snarks (zero knowledge succinct non-interactive arguments of knowledge). Unlike Zerocoin, which hid coin origins and payment history, Zerocash was faster, with smaller transaction sizes, and hides transaction information on the sender, receiver and amount. Zcash is the first cryptocurrency to implement the Zerocash protocol in 2016. [20]
ZEROCASH

PROS

– Provides full anonymity. Sender, receiver and amount hidden.
– Privacy can be default?
– Fast due to small proof sizes.
– Payment amount can be optionally disclosed for auditing
– Does not require any third-party

CONS

– Requires trusted setup. (May be improved with zt-starks technology)
– Supply cannot be audited. And coins can potentially be forged without proper implementation.
– Private transactions computationally intensive (improved with Sapling upgrade)

CONFIDENTIAL TRANSACTIONS

Used in: Monero and Particl with Ring Signatures as RING-CT
The next proposal from Maxwell was that of confidential transactions, proposed in June 2015 as part of the Sidechain Elements project from Blockstream, where Maxwell was Chief Technical Officer.[21],[22] It proposed to hide the transaction amount and asset type (e.g. deposits, currencies, shares), so that only the sender and receiver are aware of the amount, unless they choose to make the amount public. It uses homomorphic encryption[23] to encrypt the inputs and outputs by using blinding factors and a kind of ring signature in a commitment scheme, so the amount can be ‘committed’ to, without the amount actually being known. I’m terribly sorry if you now have the urge to go and research exactly what that means. The takeaway is that the transaction amount can be hidden from outsiders while being verifiable.
CONFIDENTIAL TRANSACTIONS

PROS

– Hides transaction amounts
– Privacy can be default
– Mature technology
– Does not require any third-party

CONS

– Only provides transaction amount privacy when used alone

RING-CT

Used in: Monero, Particl
Then came Ring Confidential transactions, proposed by Shen-Noether of Monero Research Labs in October 2015.[24] RingCT combines the use of ring signatures for hiding sender information, with the use of confidential transactions (which also uses ring signatures) for hiding amounts. The proposal described a new type of ring signature, A Multi-layered Linkable Spontaneous Anonymous Group signature which “allows for hidden amounts, origins and destinations of transactions with reasonable efficiency and verifiable, trustless coin generation”.[25] RingCT was implemented in Monero in January 2017 and made mandatory after September 2017.
RING -CONFIDENTIAL TRANSACTIONS

PROS

– Provides full anonymity. Hides transaction amounts and receiver privacy
– Privacy can be default
– Mature technology
– Greater scalability with bulletproofs
– Does not require any third-party

CONS

– Privacy not very effective without high volume

MIMBLEWIMBLE

Used in: Grin
Mimblewimble was proposed in July 2016 by pseudonymous contributor Tom Elvis Jedusorand further developed in October 2016 by Andrew Poelstra.[26],[27] Mimblewimble is a “privacy and fungibility focused cryptocoin transaction structure proposal”.[28] The key words are transaction structure proposal, so the way the blockchain is built is different, in order to accommodate privacy and fungibility features. Mimblewimble uses the concept of Confidential transactions to keep amounts hidden, looks at private keys and transaction information to prove ownership of funds rather than using addresses, and bundles transactions together instead of listing them separately on the blockchain. It also introduces a novel method of pruning the blockchain. Grin is a cryptocurrency in development that is applying Mimblewimble. Mimblewimble is early in development and you can understand it more here [29].
MIMBLEWIMBLE

PROS

– Hides transaction amounts and receiver privacy
– Privacy is on by default
– Lightweight
– No public addresses?

CONS

– Privacy not very effective without high volume
– Sender and receiver must both be online
– Relatively new technology

ZEXE

Fresh off the minds of brilliant cryptographers (Sean Bowe, Alessandro Chiesa, Matthew Green, Ian Miers, Pratyush Mishra, Howard Wu), in October 2018 Zexe proposed a new cryptographic primitive called ‘decentralized private computation.[30] It allows users of a decentralized ledger to “execute offline computations that result in transactions”[31], but also keeps transaction amounts hidden and allows transaction validation to happen at any time regardless of computations being done online. This can have far reaching implications for privacy coins in the future. Consider cases where transactions need to be automatic and private, without both parties being present.

NETWORK PRIVACY

Privacy technologies that look at network privacy as nodes communicate with each other on the network are important considerations, rather than just looking at privacy on the blockchain itself. Anonymous layers encrypt and/or reroute data as it moves among peers, so it is not obvious who they originate from on the network. They are used to protect against surveillance or censorship from ISPs and governments. The Invisible Internet Project (I2P) is an anonymous network layer that uses end to end encryption for peers on a network to communicate with each other.[32] Its history dates back to 2003. Kovri is a Monero created implementation of I2P.[33] The Onion Router (Tor) is another anonymity layer [34]) that Verge is a privacy cryptocurrency that uses. But its historical link to the US government may be is concerning to some[35]. Dandelion transaction relay is also an upcoming Bitcoin improvement proposal (BIP) that scrambles IP data that will provide network privacy for Bitcoin as transaction and other information is transmitted.[36],[37],[38]

UPCOMING

Monero completed bulletproofs protocol updates that reduce RINGCT transaction sizes and thus transaction fee costs. (Bulletproofs are a replacement for range proofs used in confidential transactions that aid in encrypting inputs and outputs by making sure they add to zero).
Sigma Protocol – being actively researched by Zcoin team as of 2018 to replace Zerocoin protocol so that a trusted setup is not required.[39] There is a possible replacement for zk-snarks, called zk-starks, another form of zero-knowledge proof technology, that may make a trusted set-up unnecessary for zero-knowledege proof coins.[40]

PART 1 CONCLUSION OF THE PRIVACY COIN GUIDE ON THE TECHNOLOGY BEHIND PRIVACY COINS

Although Bitcoin is still a groundbreaking technology that gives us a trust-less transaction system, it has failed to live up to its expectations of privacy. Over time, new privacy technologies have arrived and are arriving with innovative and exciting solutions for Bitcoin’s lack of fungibility. It is important to note that these technologies are built on prior research and application, but we are considering their use in cryptocurrencies. Protocols are proposed based on cryptographic concepts that show how they would work, and then developers actually implement them. Please note that I did not include the possibility of improper implementation as a disadvantage, and the advantages assume that the technical development is well done. A very important point is that coins can also adapt new privacy technologies as their merits become obvious, even as they start with a specific privacy protocol. Furthermore, I am, unfortunately, positive that this is not an exhaustive overview and I am only covering publicized solutions. Next, we’ll talk more about the pros and cons and give an idea of how the coins can be compared.

There's a video version that can be watched, and you can find out how to get the second two parts if you want on my website (video link on the page): https://cryptoramble.com/guide-on-privacy-coins/
submitted by CryptoRamble to ethtrader [link] [comments]

RiB Newsletter #12 – ZK-Rustups

This month, what strikes us most is the proliferation of Rust cryptography, and especially zero-knowledge proof, projects. Even blockchains that aren’t primarily implemented in Rust are increasingly looking to Rust for their crypto. So many of these are springing up that we’ve lost track, so we spent some time doing a survey of the world of Rust crypto and zero-knowledge proofs, and what we found kind of blew us away! For Rust blockchain developers there are an overwhelming number of choices for their crypto building blocks. Here are some of them.
By a rough counting, 13 of the top 50 blockchains by market cap are using Rust in some way, whether primary implementations, alternate or unofficial implementanions, libraries, support code, or research projects. Those projects are: Bitcoin, Ethereum, Bitcoin Cash, Cardano, Stellar, Crypto.com, Ethereum Classic, IOTA, Zcash, Ontology, 0x, Algorand, Qtum. While reviewing these it’s notable that while an increasing number of blockchain projects are using Rust, few of the top projects are primarily implemented in Rust (the exception being Crypto.com). Yet, of course.
This month Rust-behemoth Polkadot launched their mainnet. Congrats to Parity and Polkadot contributors.


https://rustinblockchain.org/newsletters/2020-06-03-zk-rustups/
submitted by Aimeedeer to rust [link] [comments]

Why you should invest in OCEAN Protocol

Why I am investing in Ocean Protocol
tl;dr
Unlocking data for AI
Partnered with; Unilever, Roche, Johnson&Johnson, Aviva, MOBI (BMW, Ford, GM)
Currently at $0.03, IEO price $0.12, ICO price $0.2.
Staking coming Q2.
THE PROBLEM
The world has a data problem. The more we create, the more we are forced to entrust it all to fewer data monopolies to profit from.
Data is also siloed, and generally hosted on proprietary databases across vast systems, geographies and business units. Whilst there have been fixes and APIs that have helped improve the sharing of corporate and public data, fundamentally this doesn’t change the fact that client-server architecture and corporate IT networks are inherently designed to prevent data sharing.
Regulation and privacy laws combine to make organisations concerned about sharing data both internally and publicly unless forced to do so. The Health Insurance Portability and Accountability Act (HIPAA) in the US or the Data Protection Act in the UK explicitly state how and what data can and cannot be shared. But these are complicated policies. The technical difficulty of implementing them, combined with bad UX means people err on the side of caution when approaching these issues. There is simply no incentive to outweigh the risk and hassle of sharing data.
Even where sharing is encouraged, current infrastructure makes monetising data through open source licensing complex and equally difficult to enforce. So ultimately, you are left with two options: give your data away for free (which what most individuals do) or hoard it and see if you can make sense of it at some time in the future (which is what most companies do). Neither is very efficient or effective.
The consequence is a few increasingly powerful companies get the vast majority of data at little cost, and large amounts of valuable data are sat dormant in siloed databases.
Simply put, there is no economic incentive to share data. This is a massive issue in the AI market (expected to be worth $70 billion in 2020 according to BoA Merrill).
The best AI techniques today, such as deep learning, need lots (and lots) of quality and relevant datasets to deliver any kind of meaningful value. Starving most new entrants (such as startups and SMEs) of the ability to compete.
AI expertise and talent is expensive and hard to come by, typically concentrating within organisations that already have the data to play with or promise to generate vast quantities of it in the future. Companies like Google, Facebook, Microsoft and Baidu swallow up almost all the best talent and computer science and AI PhDs before they even come onto the jobs market.
This creates a self-propagating cycle, increasingly benefiting a few established organisations who are able to go on to dominate their respective markets, extracting a premium for the priviledge. Think of Facebook & Google in the Ad Market, Amazon for Retail, now imagine that happening across every single industry vertical. Data leads to data network effects, and subsequent AI advantages which are extremely hard to catch up with once the flywheel starts. The way things are going, the driver-less car market will likely consolidate around one single software provider. As old industries like education, healthcare and utilities digitize their operations and start utilizing data, the same will likely happen there too.
The benefits of the 4th Industrial Revolution are in the hands of fewer and fewer organisations.
Currently the expectation is that companies, rather than trying to compete (if they want to stay in business), are expected to concede their data to one of the big tech clouds like Amazon or Microsoft to be able to extract value from it. Further extending the suppliers’ unfair advantage and increasing their own dependency. Look at autonomous vehicles, German manufacturers unable to compete with Silicon Valley’s AIs for self driving cars could be left simply making the low-value hardware whilst conceding the higher-value (and margin) software to companies that drive the intelligence that control them.
I’ve always argued companies don’t want Big Data. They want actionable intelligence. But currently most large organisations have vast dumb data in silos that they simply don’t know what to do with.
But what if…
they could securely allow AI developers to run algorithms on it whilst keeping it stored encrypted, on-premise.
And open up every database at a ‘planetary level’ and turn them into a single data marketplace.
Who would own or control it? To be frank, it would require unseen levels of trust. Data is generally very sensitive, revealing and something you typically would not want to share with your competitors. Especially in say, consumer health how could that be possible with complex privacy laws?
What’s needed is a decentralised data marketplace to connect AI developers to data owners in a compliant, secure and affordable way. Welcome to Ocean Protocol.
Why decentralised and tokenised?
Primarily because of the need for the provenance of IP, affordable payment channels, and the ensure no single entity becomes a gatekeeper to a hoard of valuable data. Gatekeeper, in the sense that they can arbitrarily ban or censor participants but also to avoid the same honeypot hacking problems we encounter in today’s centralised world.
But aren’t there already decentralised data market projects?
The Ocean team have focused their design on enabling ‘exchange protocols’, resulting in massive potential for partnerships with other players in the domain. As investors in IOTA, understanding how this could work with their Data Marketplace is an interesting case in point.
INNOVATIONS
What we like most about Ocean is they have been deploying many of the constituent parts that underpin this marketplace over the last 4 years via a number of initiatives which they are now bringing together into one unified solution:
(digital ownership & attribution) (high throughput distributed database to allow for high throughput transactions) (Scalability – build on proven BigchainDB / IPDB technology for “planetary scale”) (blockchain-ready, community-driven protocol for intellectual property licensing)
What is being added is a protocol and token designed to incentivize and program rules and behaviours into the marketplace to ensure relevant good quality data is committed, made available and fairly remunerated. The design is prepared for processing confidential data for machine learning and aggregated analysis without exposing the raw data itself. Ocean will facilitate in bringing the processing algorithms to the data through on-premise compute and, eventually, more advanced techniques, like homomorphic encryption, as they mature.
OCEAN Token
Think of the Ocean Token as the ‘crypto asset’ that serves as the commodity in the data economy to incentivise the mass coordination of resources to secure and scale the network to turn in to actionable intelligence.
If Ocean is about trading data, can’t it use an existing cryptocurrency as its token, like Bitcoin or Ether?
While existing tokens might serve as a means of exchange, the Ocean protocol requires a token of its own because it uses its a specific form of monetary policy and rewards. Users get rewarded with newly minted tokens for providing high quality, relevant data and keeping it available. This means the protocol requires control over the money supply and rules out using any existing general purpose protocols or tokens. Furthermore, from the perspective of Ocean users, volatility in an uncorrelated token would disrupt the orderly value exchange between various stakeholders in the marketplace they desire.
OCEAN Data Providers (Supplying Data)
Actors who have data and want to monetise it, can make it available through Ocean for a price. When their data is used by Data Consumers, Data Providers receive tokens in return.
OCEAN Data Curators (Quality Control)
An interesting concept to Ocean is the application of curation markets. Someone needs to decide what data on Ocean is good and which data is bad. As Ocean is a decentralised system, there can’t be a central committee to do this. Instead, anyone with domain expertise can participate as a Data Curator and earn newly minted tokens by separating the wheat from the chaff. Data Curators put an amount of tokens at stake to signal that a certain dataset is of high quality. Every time they correctly do this, they receive newly minted tokens in return.
OCEAN Registry of Actors (Keeping Bad Actors Out)
Because Ocean is an open protocol, not only does it need mechanisms to curate data, it needs a mechanism to curate the participants themselves. For this reason a Registry of Actors is part of Ocean, again applying staking of tokens to make good behaviour more economically attractive than bad behaviour.
OCEAN Keepers (Making Data Available)
The nodes in the Ocean network are called Keepers. They run the Ocean software and make datasets available to the network. Keepers receive newly minted tokens to perform their function. Data Providers need to use one or more Keepers to offer data to the network.
BRINGING IT ALL TOGETHER
Ocean is building a platform to enable a ‘global data commons’. A platform where anyone can share and be rewarded for the data they contribute where the token and protocol is designed specifically to incentivise data sharing and remuneration.
So let’s see that in the context of a single use-case: Clinical Trial Data
Note: that this use-case is provided for illustrative purposes only, to get a feel for how Ocean could work in practice. Some of the specifics of the Ocean protocol have yet to be finalised and published in the white paper, and might turn out different than described here.
Bob is a clinical physician with a data science background who uses Ocean. He knows his industry well and has experience understanding what types of clinical data are useful in trials. Charlie works at a company that regularly runs medical trials. He has collected a large amount of data for a very specific trial which has now concluded, and he believes it could be valuable for others but he doesn’t know exactly how. Charlie publishes the dataset through Ocean and judging its value (based on the cost to produce and therefore replicate), as well as his confidence in its overall quality, he stakes 5 tokens on it (to prove it is his IP, which if people want to use they must pay for). Charlie uses one of the Keeper nodes maintained by his company’s IT department. Bob, as a Data Curator of clinical trial data on Ocean, is notified of its submission, and sees no one has challenged its ownership. By looking at a sample he decides the data is of good quality and based on how broad its utility could be he stakes 10 Ocean tokens to back his judgement. Bob is not alone and quickly a number of other Data Curators with good reputation also evaluate the data and make a stake. By this point a number of AI developers see Charlie’s dataset is becoming popular and purchase it through Ocean. Charlie, Bob and the other curators get rewarded in newly minted tokens, proportional to the amount they staked and the number of downloads. The Keeper node at Charlie’s company regularly receives a request to cryptographically prove it still has the data available. Each time it answers correctly, it also receives some newly minted tokens. When Bob and Charlie signed up to join Ocean, they staked some tokens to get added to the Registry of Actors. Eve also wants to join Ocean. She stakes 100 tokens to get added to The Registry of Actors. Eve is actually a malicious actor. She purchases Charlie’s dataset through Ocean, then claims it’s hers and publishes it under her own account for a slightly lower price. Furthermore, she creates several more “sock puppet” accounts, each with some more tokens staked to join, to serve as Data Curators and vouch for her copy of the dataset. Bob and Charlie discover Eve’s malice. They successfully challenge Eve and her sock puppet accounts in the Registry of Actors. Eve and her sock puppet accounts get removed from the Registry of Actors and she loses all staking tokens.
APPROACH, TRACTION & TEAM
I am greatly encouraged by the fact that Ocean were aligned to building what we term a Community Token Economy (CTE) where multiple stakeholders ( & ) partner early on to bring together complementary skills and assets.
As two existing companies (one already VC backed) they are committing real code and IP already worth several million in value*.
*This is an important point to remember when considering the valuation and token distribution of the offering.
The open, inclusive, transparent nature of IPDB foundation bodes well for how Ocean will be run and how it will solve complex governance issues as the network grows.
I am also impressed with the team’s understanding of the importance of building a community. They understand that networks are only as powerful as the community that supports it. This is why they have already signed key partnerships with XPrize Foundation, SingularityNet, Mattereum, Integration Alpha and ixo Foundation as well as agreeing an MOU with the Government of Singapore to provide coverage and indemnification for sandboxes for data sharing.
The team understands that the decentralisation movement is still in its early stages and that collaborative and partnership is a more effective model than competition and going it alone.
PLACE IN THE CONVERGENCE ECOSYSTEM STACK
Ocean protocol is a fundamental requirement for the Convergence Ecosystem Stack. It is a protocol that enables a thriving AI data marketplace. It is complementary to our other investments in IOTA and SEED both of whom provide a marketplace for machine data and bots respectively.
Marketplaces are critical to the development of the Convergence Ecosystem as they enable new data-based and tokenised business models that have never before been possible to unlock value. Distributed ledgers, blockchains and other decentralization technologies are powerful tools for authenticating, validating, securing and transporting data; but it will be marketplaces that will enable companies to build sustainable businesses and crack open the incumbent data monopolies. IOTA, SEED and now Ocean are unlocking data for more equitable outcomes for users.
submitted by Econcrypt to CryptoMoonShots [link] [comments]

Threshold Signature Explained— Bringing Exciting Applications with TSS

Threshold Signature Explained— Bringing Exciting Applications with TSS
— A deep dive into threshold signature without mathematics by ARPA’s cryptographer Dr. Alex Su

https://preview.redd.it/cp0wib2mk0q41.png?width=757&format=png&auto=webp&s=d42056f42fb16041bc512f10f10fed56a16dc279
Threshold signature is a distributed multi-party signature protocol that includes distributed key generation, signature, and verification algorithms.
In recent years, with the rapid development of blockchain technology, signature algorithms have gained widespread attention in both academic research and real-world applications. Its properties like security, practicability, scalability, and decentralization of signature are pored through.
Due to the fact that blockchain and signature are closely connected, the development of signature algorithms and the introduction of new signature paradigms will directly affect the characteristics and efficiency of blockchain networks.
In addition, institutional and personal account key management requirements stimulated by distributed ledgers have also spawned many wallet applications, and this change has also affected traditional enterprises. No matter in the blockchain or traditional financial institutions, the threshold signature scheme can bring security and privacy improvement in various scenarios. As an emerging technology, threshold signatures are still under academic research and discussions, among which there are unverified security risks and practical problems.
This article will start from the technical rationale and discuss about cryptography and blockchain. Then we will compare multi-party computation and threshold signature before discussing the pros and cons of different paradigms of signature. In the end, there will be a list of use cases of threshold signature. So that, the reader may quickly learn about the threshold signature.
I. Cryptography in Daily Life
Before introducing threshold signatures, let’s get a general understanding of cryptography. How does cryptography protect digital information? How to create an identity in the digital world? At the very beginning, people want secure storage and transmission. After one creates a key, he can use symmetric encryption to store secrets. If two people have the same key, they can achieve secure transmission between them. Like, the king encrypts a command and the general decrypts it with the corresponding key.
But when two people do not have a safe channel to use, how can they create a shared key? So, the key exchange protocol came into being. Analogously, if the king issues an order to all the people in the digital world, how can everyone proves that the sentence originated from the king? As such, the digital signature protocol was invented. Both protocols are based on public key cryptography, or asymmetric cryptographic algorithms.


“Tiger Rune” is a troop deployment tool used by ancient emperor’s, made of bronze or gold tokens in the shape of a tiger, split in half, half of which is given to the general and the other half is saved by the emperor. Only when two tiger amulets are combined and used at the same time, will the amulet holder get the right to dispatch troops.
Symmetric and asymmetric encryption constitute the main components of modern cryptography. They both have three fixed parts: key generation, encryption, and decryption. Here, we focus on digital signature protocols. The key generation process generates a pair of associated keys: the public key and the private key. The public key is open to everyone, and the private key represents the identity and is only revealed to the owner. Whoever owns the private key has the identity represented by the key. The encryption algorithm, or signature algorithm, takes the private key as input and generate a signature on a piece of information. The decryption algorithm, or signature verification algorithm, uses public keys to verify the validity of the signature and the correctness of the information.
II. Signature in the Blockchain
Looking back on blockchain, it uses consensus algorithm to construct distributed books, and signature provides identity information for blockchain. All the transaction information on the blockchain is identified by the signature of the transaction initiator. The blockchain can verify the signature according to specific rules to check the transaction validity, all thanks to the immutability and verifiability of the signature.
For cryptography, the blockchain is more than using signature protocol, or that the consensus algorithm based on Proof-of-Work uses a hash function. Blockchain builds an infrastructure layer of consensus and transaction through. On top of that, the novel cryptographic protocols such as secure multi-party computation, zero-knowledge proof, homomorphic encryption thrives. For example, secure multi-party computation, which is naturally adapted to distributed networks, can build secure data transfer and machine learning platforms on the blockchain. The special nature of zero-knowledge proof provides feasibility for verifiable anonymous transactions. The combination of these cutting-edge cryptographic protocols and blockchain technology will drive the development of the digital world in the next decade, leading to secure data sharing, privacy protection, or more applications now unimaginable.
III. Secure Multi-party Computation and Threshold Signature
After introducing how digital signature protocol affects our lives, and how to help the blockchain build identities and record transactions, we will mention secure multi-party computation (MPC), from where we can see how threshold signatures achieve decentralization. For more about MPC, please refer to our previous posts which detailed the technical background and application scenarios.
MPC, by definition, is a secure computation that several participants jointly execute. Security here means that, in one computation, all participants provide their own private input, and can obtain results from the calculation. It is not possible to get any private information entered by other parties. In 1982, when Prof. Yao proposed the concept of MPC, he gave an example called the “Millionaires Problem” — two millionaires who want to know who is richer than the other without telling the true amount of assets. Specifically, the secure multiparty computation would care about the following properties:
  • Privacy: Any participant cannot obtain any private input of other participants, except for information that can be inferred from the computation results.
  • Correctness and verifiability: The computation should ensure correct execution, and the legitimacy and correctness of this process should be verifiable by participants or third parties.
  • Fairness or robustness: All parties involved in the calculation, if not agreed in advance, should be able to obtain the computation results at the same time or cannot obtain the results.
Supposing we use secure multi-party computation to make a digital signature in a general sense, we will proceed as follows:
  • Key generation phase: all future participants will be involved together to do two things: 1) each involved party generates a secret private key; 2) The public key is calculated according to the sequence of private keys.
  • Signature phase: Participants joining in a certain signature use their own private keys as private inputs, and the information to be signed as a public input to perform a joint signature operation to obtain a signature. In this process, the privacy of secure multi-party computing ensures the security of private keys. The correctness and robustness guarantee the unforgeability of the signature and everyone can all get signatures.
  • Verification phase: Use the public key corresponding to the transaction to verify the signature as traditional algorithm. There is no “secret input” during the verification, this means that the verification can be performed without multi-party computation, which will become an advantage of multi-party computation type distributed signature.
The signature protocol constructed on the idea of ​​secure multiparty computing is the threshold signature. It should be noted that we have omitted some details, because secure multiparty computing is actually a collective name for a type of cryptographic protocol. For different security assumptions and threshold settings, there are different construction methods. Therefore, the threshold signatures of different settings will also have distinctive properties, this article will not explain each setting, but the comparative result with other signature schemes will be introduced in the next section.
IV. Single Signature, Multi-Signature and Threshold Signature
Besides the threshold signature, what other methods can we choose?
Bitcoin at the beginning, uses single signature which allocates each account with one private key. The message signed by this key is considered legitimate. Later, in order to avoid single point of failure, or introduce account management by multiple people, Bitcoin provides a multi-signature function. Multi-signature can be simply understood as each account owner signs successively and post all signatures to the chain. Then signatures are verified in order on the chain. When certain conditions are met, the transaction is legitimate. This method achieves a multiple private keys control purpose.
So, what’s the difference between multi-signature and threshold signature?
Several constraints of multi-signature are:
  1. The access structure is not flexible. If an account’s access structure is given, that is, which private keys can complete a legal signature, this structure cannot be adjusted at a later stage. For example, a participant withdraws, or a new involved party needs to change the access structure. If you must change, you need to complete the initial setup process again, which will change the public key and account address as well.
  2. Less efficiency. The first is that the verification on chain consumes power of all nodes, and therefore requires a processing fee. The verification of multiple signatures is equivalent to multiple single signatures. The second is performance. The verification obviously takes more time.
  3. Requirements of smart contract support and algorithm adaptation that varies from chain to chain. Because multi-sig is not naturally supported. Due to the possible vulnerabilities in smart contracts, this support is considered risky.
  4. No anonymity, this is not able to be trivially called disadvantage or advantage, because anonymity is required for specific conditions. Anonymity here means that multi-signature directly exposes all participating signers of the transaction.
Correspondingly, the threshold signature has the following features:
  1. The access structure is flexible. Through an additional multi-party computation, the existing private key sequence can be expanded to assign private keys to new participants. This process will not expose the old and newly generated private key, nor will it change the public key and account address.
  2. It provides more efficiency. For the chain, the signature generated by the threshold signature is not different from a single signature, which means the following improvements : a) The verification is the same as the single signature, and needs no additional fee; b ) the information of the signer is invisible, because for other nodes, the information is decrypted with the same public key; c) No smart contract on chain is needed to provide additional support.
In addition to the above discussion, there is a distributed signature scheme supported by Shamir secret sharing. Secret sharing algorithm has a long history which is used to slice information storage and perform error correction information. From the underlying algorithm of secure computation to the error correction of the disc. This technology has always played an important role, but the main problem is that when used in a signature protocol, Shamir secret sharing needs to recover the master private key.
As for multiple signatures or threshold signature, the master private key has never been reconstructed, even if it is in memory or cache. this short-term reconstruction is not tolerable for vital accounts.
V. Limitations
Just like other secure multi-party computation protocols, the introduction of other participants makes security model different with traditional point-to-point encrypted transmission. The problem of conspiracy and malicious participants were not taken into account in algorithms before. The behavior of physical entities cannot be restricted, and perpetrators are introduced into participating groups.
Therefore, multi-party cryptographic protocols cannot obtain the security strength as before. Effort is needed to develop threshold signature applications, integrate existing infrastructure, and test the true strength of threshold signature scheme.
VI. Scenarios
1. Key Management
The use of threshold signature in key management system can achieve a more flexible administration, such as ARPA’s enterprise key management API. One can use the access structure to design authorization pattern for users with different priorities. In addition, for the entry of new entities, the threshold signature can quickly refresh the key. This operation can also be performed periodically to level up the difficulty of hacking multiple private keys at the same time. Finally, for the verifier, the threshold signature is not different from the traditional signature, so it is compatible with old equipments and reduces the update cost. ARPA enterprise key management modules already support Elliptic Curve Digital Signature Scheme secp256k1 and ed25519 parameters. In the future, it will be compatible with more parameters.

https://preview.redd.it/c27zuuhdl0q41.png?width=757&format=png&auto=webp&s=26d46e871dadbbd4e3bea74d840e0198dec8eb1c
2. Crypto Wallet
Wallets based on threshold signature are more secure because the private key doesn’t need to be rebuilt. Also, without all signatures posted publicly, anonymity can be achieved. Compared to the multi-signature, threshold signature needs less transaction fees. Similar to key management applications, the administration of digital asset accounts can also be more flexible. Furthermore, threshold signature wallet can support various blockchains that do not natively support multi-signature, which reduces the risk of smart contracts bugs.

Conclusion

This article describes why people need the threshold signature, and what inspiring properties it may bring. One can see that threshold signature has higher security, more flexible control, more efficient verification process. In fact, different signature technologies have different application scenarios, such as aggregate signatures not mentioned in the article, and BLS-based multi-signature. At the same time, readers are also welcomed to read more about secure multi-party computation. Secure computation is the holy grail of cryptographic protocols. It can accomplish much more than the application of threshold signatures. In the near future, secure computation will solve more specific application questions in the digital world.

About Author

Dr. Alex Su works for ARPA as the cryptography researcher. He got his Bachelor’s degree in Electronic Engineering and Ph.D. in Cryptography from Tsinghua University. Dr. Su’s research interests include multi-party computation and post-quantum cryptography implementation and acceleration.

About ARPA

ARPA is committed to providing secure data transfer solutions based on cryptographic operations for businesses and individuals.
The ARPA secure multi-party computing network can be used as a protocol layer to implement privacy computing capabilities for public chains, and it enables developers to build efficient, secure, and data-protected business applications on private smart contracts. Enterprise and personal data can, therefore, be analyzed securely on the ARPA computing network without fear of exposing the data to any third party.
ARPA’s multi-party computing technology supports secure data markets, precision marketing, credit score calculations, and even the safe realization of personal data.
ARPA’s core team is international, with PhDs in cryptography from Tsinghua University, experienced systems engineers from Google, Uber, Amazon, Huawei and Mitsubishi, blockchain experts from the University of Tokyo, AIG, and the World Bank. We also have hired data scientists from CircleUp, as well as financial and data professionals from Fosun and Fidelity Investments.
For more information about ARPA, or to join our team, please contact us at [email protected].
Learn about ARPA’s recent official news:
Telegram (English): https://t.me/arpa_community
Telegram (Việt Nam): https://t.me/ARPAVietnam
Telegram (Russian): https://t.me/arpa_community_ru
Telegram (Indonesian): https://t.me/Arpa_Indonesia
Telegram (Thai): https://t.me/Arpa_Thai
Telegram (Philippines):https://t.me/ARPA_Philippines
Telegram (Turkish): https://t.me/Arpa_Turkey
Korean Chats: https://open.kakao.com/o/giExbhmb (Kakao) & https://t.me/arpakoreanofficial (Telegram, new)
Medium: https://medium.com/@arpa
Twitter: u/arpaofficial
Reddit: https://www.reddit.com/arpachain/
Facebook: https://www.facebook.com/ARPA-317434982266680/54
submitted by arpaofficial to u/arpaofficial [link] [comments]

Celare: “Safe deposit box” for data and assets, protecting privacy and security

Celare: “Safe deposit box” for data and assets, protecting privacy and security

https://preview.redd.it/dlbc4vuw3vn41.jpg?width=960&format=pjpg&auto=webp&s=9553b6c323d285750eab6161ead41d5ab4292125
Privacy security is a growing problem.
On March 19, the sale of 538 million users’ data from Weibo in the form of bitcoin on the Deep Web has raised the issue of privacy security again.
The 36kr analyzed the process for the leak of personal information on Weibo. Hackers upload fake mobile phone address books in batches through the relevant interface of Weibo to match the friend’s account information,then he can match the identity information of the user account successfully.
In fact, with the development of technology, the problem of personal information leakage tends to be more and more dangerous. Even if you take precautions, personal information can become part of the thousands of messages that hackers sell.
With the arrival of the information era, data has become a resource that many businesses compete for, which has given rise to a series of privacy security problems and also spawned a series of gray industrial chains. The privacy of users has gradually become a commodity with a precise price tag. Facebook, Microsoft, Apple, and other global giants have all been exposed for collecting users’ privacy, which still happens.
Data networks can help people to a better life. Still, a series of data privacy problem is to violate the rights and interests of users, such as data leakage by people they know and privacy exposure. The protection of privacy and security has become an urgent issue, but in the centralized system, how to use the data depends on the controller’s preference, and the user never has the dominant right.
Decentralized blockchain is now becoming a better solution to privacy and security problems.
Celare anonymous technology solutions created by blockchain will effectively guarantee the privacy security of users.
https://preview.redd.it/y7mlz6e04vn41.jpg?width=4840&format=pjpg&auto=webp&s=ae3e6ea8e50344d2ffc878010901d59407639ca3
Anonymity is safety
How to ensure the privacy of users? The answer is anonymity.
There are many projects with anonymous technology in the blockchain.
Whether it is the Zero-Knowledge proof mechanism of ZCash, the CoinJoin Scheme of Dash, or the Ring confidential transaction mechanism of XMR, it can ensure the anonymity of transactions to a certain extent and guarantee the users privacy and security.
Celare also uses anonymity to protect users’ privacy. It is the first cross-chain anonymous privacy solution of all digital assets on Polkadot ecology, which is based on blockchain decentralization. Celare has designed a new anonymous mechanism,Non-interactive Zero Knowledge Proof,based on the existing technology. Compared with zero-knowledge proof, the non-interactive system has a more reliable anonymous function, which can completely solve the problem of transaction tracking and protect user privacy.
https://preview.redd.it/2j2lqza44vn41.png?width=1738&format=png&auto=webp&s=84284e2d1d1059790318a61c75da7d4d82973f81
When choosing the zk-SNARK Zero-Knowledge proof curve, Celare chose BLS12–381 curve with a higher security coefficient, which is higher than that of BN128, to guarantee Celare’s top privacy and anonymity.
The method of zero-knowledge proof in practical application is as follows:
When the user registers, the identity information is stored on the server in the form of digital commitment. In the process of identity authentication, the user authenticates himself to the server as a member of the registered user by using the member proof scheme, to avoid the user presenting his identity information to the server every time he logs in.
It is just one fundamental part of Celare’s efforts to protect users’ privacy.
Celare also adds a fully homomorphic encryption scheme in the chain, which can perform arbitrary calculations on the ciphertext without decryption. It is just one of the basics of Celare’s efforts to protect users’ privacy. Full homomorphic encryption can perform arbitrary calculations on the ciphertext without decryption. So the problem of data privacy security can be solved quickly without losing computability.
The comprehensive security technology system is one aspect of Celare protection of user privacy. Besides, Celare uses authorization technology to truly realize that the user is the master of the data, allowing users to control their data freely.
https://preview.redd.it/z7o9ips64vn41.jpg?width=900&format=pjpg&auto=webp&s=ad1cef93b7007b8a55931cc29ff3c986bd33a5f4
Safe and efficient
Safety is only the first step.
What Celare seeks is safety and efficiency.
As is known to all, the three anonymous tokens, Dash, XMR, ZEC, are still used in the field of payment and cannot be further expanded. The reason is that the system does not support smart contracts. And scalability is too low for large-scale commercial use, especially at the data interaction level.
To avoid the limits of anonymous cryptocurrency and better promote the anonymous technology into a broader field, Celare innovative introduced intelligent contracts into its system, which significantly improved Celare efficiency and laid a good foundation for its large-scale commercial use.
Since Celare is a public chain developed based on Polkadot Substrate, it follows Polkadot’s PoS consensus algorithm and contract technology. To maintain the speed and efficiency of data transmission on the chain, Celare will establish a large-scale PoS node network capable of supporting nearly a thousand consensus nodes, infinitely reducing the block out time and ultimately determining the delay time of it.
The high TPS brought by large-scale nodes will provide a technical guarantee for Celare’s widespread application. It also means each transaction of users can be conducted at high speed under the anonymous environment, which not only ensures users’ privacy security but also enables them to enjoy the free experience and indeed promotes the implementation of blockchain technology.
https://preview.redd.it/ds5oqkmc4vn41.jpg?width=800&format=pjpg&auto=webp&s=bbde16cee5e55393984853258240d878d7de3f63
Break the information isolated island, link multiple public chains
Security and efficiency are only part of the Celare blockchain infrastructure. Also, Celare has built a cross-chain technology to interconnect multiple public chains.
For a long time, information cannot be transferred, and digital assets cannot be traded between each public chain, which significantly limits the application space of blockchain. Cross-chain technology came into being, among which Polkadot is the outstanding one.
Celare cross-chain technology also relies on Polkadot. Its internal logic is that the user locks the assets on the original chain and then issues the mapped assets on the target chain. At the same time, the user can apply for a withdrawal on the target chain and unlock the original one.
https://preview.redd.it/hvhnjkqg4vn41.png?width=1406&format=png&auto=webp&s=4d7073000da580b1f897128b4d21f71d49dc4a62
Celare cross-chain technology will further protect users’ privacy and security, which means users can quickly transfer their data and digital assets from other chains to the Celare chain. It helps users consolidate all the data on different chains into a Celare account for easy management. With the help of Celare privacy protection technology, the security of users’ private data is truly guaranteed.
Since the establishment of the project, Celare’s mission has always been to protect users’ privacy and security. Therefore, Celare makes various development and further expansion to better service and privacy and ensure users’ privacy and security.
In the future, Celare will break the barrier of cross-chain assets and truly protect user privacy and anonymity.
Contact Us:
Twitter: @CelareCommunity
Telegram: Celare Community
submitted by Celarecommunity to u/Celarecommunity [link] [comments]

PlatON Algorithm Scientist Dr. Xiang Xie: Privacy-Preserving Computation is the Only Solution for Privacy Disclosure

PlatON Algorithm Scientist Dr. Xiang Xie: Privacy-Preserving Computation is the Only Solution for Privacy Disclosure
On Mar.25, 2020, PlatON Algorithm Scientist Dr. Xiang Xie joined in TokenInsight’s AMA as the special guest to talk about the solution that privacy-preserving computation provides for privacy disclosure issues and shared the latest development of PlatON’s privacy-preserving computation.
https://preview.redd.it/x8dh7o24u1p41.jpg?width=1564&format=pjpg&auto=webp&s=9bdc434f22824ea2a45a6136901c9058a5e253ce
How Do You Think about the Recent Privacy Disclosure Issue of Sina Weibo?
Dr. Xie: Truth be told, many internet firms collect and even use data privacy for illegal profit without the permissions from users, and there are potential risks of privacy disclosure issues under incorrect operation and management undoubtedly.
The conflict between the business model of traditional internet giants and the privacy protection of users can’t not be ignored and that’s what we wish to avoid in our new architect; Besides, the centralized model of internet is highly-effective and high-performing in the organization management and business processing, while brings the risk of privacy disclosure. Sina Weibo’s privacy disclosure event is resulted from the private data management issues.
The information disclosure issues won’t be solved by technologies or innovative architecture completely, but by distributed architectures to protect all data instead. Data protection is totally different from data storage. Thus, privacy-preserving computation, in my opinion, is the only solution for stopping the data privacy from being leaked, and also the first vision of PlatON.


In Your Opinion, Whether If PlatON’s Technologies Can Solve the Data Scandal of Top Platforms from a Technical Standpoint?
Dr. Xie: Privacy disclosure issues happen when applying data, and PlatON’s privacy-preserving computation aims at protecting data privacy in data circulation.
With cryptography technologies applied and integrated in PlatON’s privacy-preserving computation, the possibilities of information leakage from hackers have been reduced to the great extent.
PlatON serves as a blockchain-based infrastructure for distributed economies to provide support for upper-layer economic activities; and a privacy-preserving computation solution provider to protect the data privacy in the data circulation. Thus, we aim at building a completely digitalized distributed infrastructure with long-term investment and efforts, and completing it with all talented developers worldwide.


How Do You Think about Blockchain’s Role in Privacy-Preserving Computation?
Dr. Xie: Blockchain is irrelevant to privacy-preserving computation. Blockchain is dated back from bitcoin. However, there is no privacy-preserving design for bitcoin according to its Whitepaper. Plus, bitcoin and cryptocurrency haven’t applied any cryptography algorithms, but only signature and Hash instead.
Blockchain is transparent and distributed with all data backed up to be available to all people, thus it definitely has no privacy-preserving features. On the contrary, blockchain can serve as the distributed infrastructure to help with payment. In conclusion, blockchain is independent of privacy-preserving computation, while they are mutual complementary. Privacy-preserving computation, located at the upper part, protects the data privacy, while blockchain, located at the lower part as the infrastructure for distributed economies, provides payment and settlement functions.


Can You Share PlatON’s Technology Architecture of Privacy-Preserving Computation?
Dr. Xie: Privacy-preserving computation is a big topic, and different teams have different routines. PlatON focuses on cryptography technologies and combines trusted hardware to implement privacy-preserving computation. PlatON’s privacy-preserving computation architecture, from the bottom to top, consists of basic cryptography algorithms, blockchain, Privacy AI and privacy data platforms, for the purpose of delivering the deployable and operational products rather than technology itself. Cryptography is just a technology implementation.


Can You Share PlatON’s Biggest Achievement in 2019 and the Development Plan in 2020?
Dr. Xie: We’ve done a deep research on the data privacy-preserving and the potential emergent market since the very beginning we started PlatON. Then we’ve explored and finished the technology model selection and engineering, finally realized the huge potential of AI in both application and marketing.
The biggest achievement in 2019 is that we have settled Privacy AI as the core direction of PlatON, organized a strong AI team, and determined both the technology architecture and product architecture with our cryptography team.
In 2020, we will announce two important products: Rosetta, a Privacy AI architecture developed under the combination of cryptography and AI architecture such as Tensorflow, and Data Bank. Then start the growth of both product and community accordingly.


PlatON CEO Mr. Sun Has Highlighted the Internet of Everything, does that Mean IoT Will Show Support on Privacy AI by Providing Massive Data of Interconnected Devices?
Dr. Xie: I think we should consider it based on the whole life circle of data rather than a pure tech viewpoint.
There are four stages of data’s life circle: collection & production, storage & computation, distribution & exchange, and analysis & processing. IoT is the entrance of data, advanced devices collect data, then PlatON collaborates with partners to build an ecosystem; innovative technologies such as distributed ledgers are the main solution of data’s distribution and exchange; and the analysis and processing of data will be performed by AI and big data.
PlatON, with its layout design based on the whole life circle of data, aims at facilitating the data circulation by leveraging privacy-preserving computation.


Can You Share More Details about PlatON’s Grants Program?
Dr. Xie: Grants program plays an important role in building PlatON community, and the PlatON ecosystem contributed and co-hosted by developers worldwide. We will incubate and provide funding for the projects selected out after evaluation and communication.
Since it’s released, we’ve received plenty of applications on blockchain and privacy-preserving computation including supporting tools, contract development, and algorithms and acceleration of software & hardware of MPC (Multi-Party Computation), ZKP (Zero-Knowledge Proof), HE (Homomorphic Encryption), from top colleges, startups, communities, etc.
My profession and experience start from cryptography, I know the complexity of it and the whole PlatON team admires team spirit, or community spirit. To complete a long-term and meaningful work, joint effort is a must. Thus, we sincerely welcome more developers that are interested in blockchain, cryptography and data privacy to join us, helping complete the PlatON ecosystem. Privacy AI is surely a part of Grants program, we look forward to working with all talents worldwide.


Whether if Zero-Knowledge Proof Can be Applied in Massive Business Practice, and How’s the Marketing Demand?
Dr. Xie: Zero-Knowledge Proof’s research and development direction is closely relative to it’s business practical. Our goal is to provide solutions rather than being commonly used only. When demands get more complicated, algorithms need to be improved, and can be applied in more business practices when they get better and better. They must have gone through iterations gradually to fit the marketing demand. So far, ZKP is still in its early stage, and needs to improve.


Can You Share the True Demands and Businesses of MPC?
Dr. Xie: MPC fits Privacy AI to some extent, and even has emergent and specific demands. There is a conflict on the collection and application of data. For Privacy AI, the more data the better, which help improve the accuracy of model. For data asset, however, data is private and needs to be protected.
MPC, with its paradigm for this conflict, is just the solution. Seen from that, cryptography is used to solve all kinds of conflicts and needed by many enterprises that are sensitive about data.
Currently, institutes and firms at home and abroad are all exploring the combination of privacy-preserving computation and AI, and havestepped into this field. PlatON stands ahead with its huge investment and solid engineering implementation.


How Do You Think About Ethereum’s Joining in Privacy-Preserving Computation Ecosystem?
Dr. Xie: It’s evitable. Ethereum is the“World’s Computer”, to serve the world, it needs to bear massive data. Thus, the data privacy issues start, and Ethereum will apply more cryptography technologies to support the completeness of the whole network. Actually, Ethereum 2.0 has many tools and designs with regard to privacy-preserving computation and cryptography. In addition, we are optimistic and confident about the future of Ethereum, and we have a significant collaboration with Ethereum on MPC, and community as well.
submitted by PlatON_Network to PlatONNetwork [link] [comments]

Bottos 2020 Research and Development Scheme

Bottos 2020 Research and Development Scheme

https://preview.redd.it/umh8ivbsua841.png?width=554&format=png&auto=webp&s=5c16d9d9e61503e4c9d44212eecd176eda11550a
As 2020 is now here, Bottos has solemnly released its “2020 Research and development scheme”. On one hand, we adhere to the principle of transparency so that the whole community can comprehend our next step as a whole, but more importantly, it also helps our whole team to think deeply about the future and reach consensus. It is strongly believed that following these consistent follow-ups will help us to in order to achieve the best results.
Based on the efficient development of Bottos, the team’s technical achievements in consensus algorithms and smart contracts are used to deeply implement and optimize the existing technical architecture. At the same time using the community’s technical capabilities, horizontal development, expanding new functional modules and technical directions it stays closely integrated with the whole community.
In the future, we will keep on striving to achieve in-depth thinking, comprehensive planning, and flexible adjustment.


Overview of Technical Routes

https://preview.redd.it/rk9tpg2uua841.png?width=554&format=png&auto=webp&s=77e607b81f31c0d20feaa90eca81f09a23addca4
User feedback within the community is the driving force behind Bottos progress. In the development route of the community and industry we have formulated a roadmap for technical development, pointing out the right path for the team towards the right direction among the massive routes of modern technology.
As part of our 2020 research and development objective we have the following arrangements:
1. Intensifying enormous number of smart contracts and related infrastructures
After many years of development, smart contracts have gradually become the core and standard function in blockchain projects. The strength of smart contracts, ease of use, and stability represent the key capabilities of a blockchain project. As a good start, Bottos has already made great progress in the field of smart contracts. In smart contracts we still need to increase development efforts, making the ease of use and stability of smart contracts the top priority of our future development.
Reducing the barriers for developers and ordinary users to use, shortening the contract development cycle and saving users time is another important task for the team to accomplish. To this end, we have planned an efficient and easy-to-use one-stop contract development, debugging, and deployment tool that will provide multiple access methods and interfaces to the test network to support rapid deployment and rapid debugging.
2. Establishing an excellent client and user portal
The main goal here is to add an entrance point to the creation and deployment of smart contracts in the wallet client. To this end, the wallet needs to be transformed, a local compiler for smart contracts must be added, and an easy-to-use UI interface can be provided for the purpose of creating, deploying, and managing contracts to meet the needs of users with a single mouse click only.
3. Expanding distributed storage
Distributed storage is another focus of our development in the upcoming year. Only by using a distributed architecture can completely solve the issue of performance and scalability of stand-alone storage. Distributed storage suitable for blockchain needs to provide no less than single machine performance, extremely high availability, no single point of failure, easy expansion, and strong consistent transactions. These are the main key points and difficulties of Bottos in field of distributed storage in the upcoming days.
4. Reinforcing multi party secured computing
Privacy in computing is also a very important branch to deal with. In this research direction, Bottos has invested a lot of time and produced many research results on multi-party secured computing, such as technical articles and test cases. In the future, we will continue to give efforts in the direction of multi-party secured computing and apply mature technology achievements into the functions of the chain.

2020 Bottos — Product Development

Support for smart contract deployment in wallets
The built-in smart contract compiler inside the wallet supports compilation of the smart contracts in all languages provided by Bottos and integrates with the functions in the wallet. It also supports one-click deployment of the compiled contract source code in the wallet.
When compiling a contract, one can choose whether to pre-execute the contract code. If pre-execution is selected, it will connect to the remote contract pre-execution service and return the execution result to the wallet.
When deploying a contract, one can choose to deploy to the test network or main network and the corresponding account and private key of the test network or main network should be provided.

2020 Bottos-Technical Research

https://preview.redd.it/x2k65j7xua841.png?width=553&format=png&auto=webp&s=a40eae3c56b664c031b3db96f608923e670ff331
1. Intelligent smart contract development platform (BISDP)
The smart contract development platform BISDP is mainly composed of user-oriented interfaces, as well as back-end compilation and deployment tools, debugging tools, and pre-execution frameworks.
The user-oriented interface provides access methods based on WEB, PC, and mobile apps, allowing developers to quickly and easily compile and deploy contracts and provide contract template management functions. It can also manage the contract remotely by viewing the contract execution status, the consumed resources and other information.
In the compilation and deployment tool a set of smart contract source code editing, running, debugging, and deployment solutions as well as smart contract templates for common tasks are provided, which greatly reduces the threshold for developers to learn and use smart contracts. At the same time, developers and ordinary users are provided with a smart contract pre-execution framework, which can check the logical defects and security risks in smart contracts before actual deployment and promptly remind users a series of problems even before the smart contracts are actually run.
In the debugging tool, there are built-in local debugging and remote debugging tools. Multiple breakpoints can be set in the debugging tool. When the code reaches the breakpoint, one can view the variables and their contents in the current execution stack. One can also make conditional breakpoints based on the value of the variable. The code will not execute until the value reaches a preset value in memory.
In the pre-execution framework, developers can choose to pre-execute contract code in a virtual environment or a test net, checking out problems in some code that cannot be detected during compilation time and perform deeper code inspection. The pre-execution framework can also prompt the user in advance about the time and space resources required for execution.
2. Supporting Python and PHP in BVM virtual machine for writing smart contracts
We have added smart contract writing tools based on Python and PHP languages. These languages can be compiled into the corresponding BVM instruction set for implementation. These two reasons are used as the programming language for smart contracts.
For the Python language, the basic language elements supported by the first phase are:
- Logic control: If, Else, Eli, While, Break, method calls, for x in y
- Arithmetic and relational operators: ADD, SUB, MUL, DIV, ABS, LSHIFT, RSHIFT, AND, OR, XOR, MODULE, INVERT, GT, GTE, LT, LTE, EQ, NOTEQ
-
Data structure:
- Supports creation, addition, deletion, replacement, and calculation of length of list data structure
- Supports creation, append, delete, replace, and calculation of length of dict data structure
Function: Supports function definition and function calls
For the PHP language, the basic language elements supported by the first phase are :
- Logic control: If, Else, Eli, While, Break, method calls
- Arithmetic and relational operators: ADD, SUB, MUL, DIV, ABS, LSHIFT, RSHIFT, AND, OR, XOR, MODULE, INVERT, GT, GTE, LT, LTE, EQ, NOTEQ
Data structure:
- Support for creating, appending, deleting, replacing, and calculating length of associative arrays
Function: Supports the definition and calling of functions
For these two above mentioned languages, the syntax highlighting and code hinting functions are also provided in BISDP, which is very convenient for developers to debug any errors.
3. Continuous exploration of distributed storage solutions
Distributed storage in blockchain technology actually refers to a distributed database. Compared with the traditional DMBS, in addition to the ACID characteristics of the traditional DBMS, the distributed database also provides the high availability and horizontal expansion of the distributed system. The CAP principle of distributed system reveals that for a common distributed system there is an impossible triangle, only two of them can be selected among its three directions, consistency, availability, and partition fault tolerance. Distributed databases in China must require strong consistency. This is due to the characteristics of the blockchain system itself, because it needs to provide reliable distributed transaction capabilities. For these technical issues, before ensuring that the distributed storage solution reaches 100% availability, we will continue to invest more time and technical strength, do more functional and performance testing, and conduct targeted tests for distributed storage systems.
4. Boosting secured multi-party computing research and development
Secured multi-party Computing (MPC) is a cryptographic mechanism that enables multiple entities to share data while protecting the confidentiality of the data without exposing the secret encryption key. Its performance indicators, such as security and reliability are important for the realization of the blockchain. The transparent sharing of the data privacy on the distributed ledger and the privacy protection of the client wallet’s private key are truly essential.
At present, the research and development status of the platform provided by Bottos in terms of privacy-enhanced secured multi-party computing is based on the BIP32 / 44 standard in Bitcoin wallets to implement distributed management of client wallet keys and privacy protection.
Considering the higher level of data security and the distributed blockchain account as the public data of each node, further research and development are being planned on:
(1) Based on RSA, Pailliar, ECDSA and other public key cryptosystems with homomorphic attributes, as well as the GC protocol, OT protocol, and ZKP protocol to generate and verify transaction signatures between two parties;
(2) Introduce the international mainstream public key system with higher security and performance, national secret public key encryption system, and fewer or non-interactive ZKP protocols to achieve secured multi-party computing with more than two parties, allowing more nodes to participate Privacy protection of ledger data.

Summary

After years of exploration, we are now full of confidence in our current research and development direction. We are totally determined to move forward by continuous hard work. In the end, all members of Bottos also want to thank all the friends in the community for their continuous support and outstanding contributions. Your certainty is our greatest comfort and strongest motivation.

Be smart. Be data-driven. Be Bottos.
If you aren’t already in our group, please join now! https://t.me/bottosofficial
Join Our Community and Stay Updated!
Bottos Website | Twitter |Facebook | Telegram | Reddit
submitted by BOTTOS_AI to Bottos [link] [comments]

PSA: We're running a stress test of our blockchain voting system when this post is 36 hours old, and there might be some congestion.

What's Happening

At 1488812400 UTC (06 Mar 2017 16:00:00 UTC, or 2am on the 7th in Australia) XO.1 and Flux will be demonstrating the throughput of the SecureVote voting system. Over 1 million votes per minute will be anchored to the Bitcoin blockchain, for a total of approximately 1.5 billion votes over the 24 hours.
This will take place through approximately 11,000 transactions over 24 hours. This is about 4% of Bitcoin's capacity so may cause increased confirmation times and/or fees.
Source code and documentation can be found at: https://gitlab.com/exo-one/svst-docker and we have a white-napkin if you'd like some more technical data.
You're welcome to run an auditing node to verify the throughput of this stress test for yourself. (This can also be done after the stress test has concluded)
If you have any questions please leave them below and I'll expand this post.
During the stress we'll host a publicly accessible vote-explorer / dashboard at http://demo.xo1.io/index.html. The best time to tune in will be about 15 hours after we start as we cross the 1 billion vote threshold.

What is SecureVote

SecureVote is a product by XO.1 - the world's first high capacity, secure, general purpose, end to end verifiable voting system. There is no central point of failure, all votes are fully anonymised, and no fancy new crypto is required (IE: not ZKPs or homomorphic encryption).

What is XO.1

XO.1 is a Sydney-based startup founded by myself (Max Kaye) and Nathan Spataro which has raised half a million dollars in early stage funding to develop SecureVote, the world's first secure and highly scalable online voting system.
SecureVote is something which does not exist anywhere on the planet today – it provides a high-throughput commercially viable secure voting system, which enables verification of the vote and the vote count without compromising the privacy of the vote itself.
We’re able to do this by using our proprietary vote anonymisation engine – Copperfield (patent-pending) – which solves many of the traditional problems associated with electronic voting through providing verifiable anonymity.
To get to the next stage of our product development, including the development of a first-in-class secure voting app, we’re about to start our Series-A fundraising round. Interested? Email [email protected]

What is Flux

Flux is a political movement also founded by myself and Nathan Spataro. The Flux Movement aims to instantiate a novel form of democracy called Issue Based Direct Democracy (IBDD). Unlike all other forms of democracy, IBDD is deeply concerned with epistemology and providing the best decision making possible.
IBDD is designed to bias objectivley true knowledge and is possibly the first democratic truth machine.
We hold that the main problem with democracy today is that it does not bias the best knowledge possible. The symptoms of this are corruption, bloat, sluggishness, low approval ratings, etc.
If that sort of thing interests you, I have a pre-release paper I can send on request (but not yet publish). Also, the philosophical groundwork is laid out in David Deutsch's breathtakingly profound book The Beginning of Infinity (2011).
We're expanding with chapters globally so if you'd like to get involved please get in touch.
Flux's need for a high capacity online voting system has been one of the driving forces behind SecureVote's production.

FAQ

Copperfield overview

This image provides an overview of Copperfield - https://i.imgur.com/FmODTH0.png
You can find more detail in the white napkin.

Why don't we use Ethereum (note: this is now out of date)

I've been involved in the Ethereum world since December 2013 and have been publically credited a few times with contributing to scaling discussions around that sort of technology.
My view boils down to this: Ethereum can do anything, but it can never do everything.
This stress test will produce about 150 GB of data. This isn't something the main Ethereum chain can handle, and even many years into the future it would be selfish to dump this volume of data into a shared resource.
Additionally, relying on others to eventually come up with a scaling solution isn't a great strategy IMO.
Since we needed a 2nd layer solution anyway it only makes sense to build on the most secure blockchain around: Bitcoin.
Additionally: secure private blockchains are a pipe dream. Private blockchains themselves are both easy to achieve and pointless (when it comes to public security).

How much data will be added to the Bitcoin blockchain?

Approximately 3 MB. We'll have 11,000 txs * 243 bytes per tx.

Press Release

https://xo1.io/stress-test-pr.pdf
submitted by 646463 to Bitcoin [link] [comments]

CMV: the current hype about blockchain exists only because of the speculative cryptocurrency bubble

This is not against the blockchain technology, which I think is interesting and for sure useful for certain applications. It's just against the exaggerated hype about it, labelling it as a technology that will change the world, or trigger a ground-breaking revolution.
Let's be honest: if there wasn't this bitcoin bubble, nobody would know about blockchain, and the topic would be completely boring to 95% of people. It's cryptography, and it allows to do something that's already done today in a cryptographically secured way. That's interesting for cryptography researchers, but for normal people, who tend to abstract away from such highly technical aspects like cryptography, and just care about what they can do with technology (e.g. transfer money, paying a bill), this is quite irrelevant.
Let's take for example homomorphic encryption. This is an equally amazing technology, which allows to perform arithmetic operations on ciphertexts without decrypting them first. But nobody else than cryptographers know about it. Why? Because it's not associated to anything with headline potential (like a speculation bubble where you can make a lot of money). It's just some boring complicated mathematics. So it never featured in newspaper and HackerNoon articles, and never came to the ears of the average Joe and average nerd.
Therefore: the current hype about blockchain is caused mainly by a speculation bubble, and not by the actual potential of the technology itself.
A note about the views that the real value of blockchain is that it allows to get rid of the dependency on "evil" centralized institutions like banks and governments ("them") for managing transactions and money, by allowing the common people ("we") to do it ourselves: bitcoin is already extremely centralized today. A small group of individuals and mining companies hold most of the assets and run the needed computational infrastructure. Is this really the antithesis of today's system, or is it not already developing to exactly the same with another technology? A bunch of the original "crypto-liberators" (part of "us") becoming the new centralized power ("them") that must be fought back? At least, it's a known pattern from history that after nearly every revolution, instead of utopia arriving, a bunch of the old liberators become the new tyrants, and the story repeats.
This is a footnote from the CMV moderators. We'd like to remind you of a couple of things. Firstly, please read through our rules. If you see a comment that has broken one, it is more effective to report it than downvote it. Speaking of which, downvotes don't change views! Any questions or concerns? Feel free to message us. Happy CMVing!
submitted by damp-ocean to changemyview [link] [comments]

Homomorphic Encryption Research - YouTube What is HOMOmorphic encryption?? Podcast 3  Homomorphic Encryption with Microsoft Open Source Fully Homomorphic Encryption from the Ground Up Homomorphic Encryption and the Blockchain

Top 3 Bitcoin mining news stories today. Kraken makes exchange better for U.K. traders and BCH community. All Price analysis Trading guides. Bitcoin Master Guide; Home Blockchain Technology. Homomorphic Encryption & What it Means for Blockchain. Blockchain Technology; Homomorphic Encryption & What it Means for Blockchain. By Amsee - January 14, 2019. 681. 0. SHARE. Facebook. Twitter. tweet ... Updated news about bitcoin and all cryptocurrencies. Russia set to try again with blockchain voting despite earlier setbacks . Initial results appear promising for the Waves-developed e-voting system. Russian telecommunication giant Rostelekom, together with the Russian Ministry of Digital Development and Communications, tested a blockchain-based voting system developed in collaboration with ... Even when the technology matures, homomorphic encryption is likely to find applications largely in niche fields, such as stock trading, where the need for privacy outweighs the tremendous computational costs. Nevertheless, computer scientists have shown time and again that the science fiction of today can very well be the reality of tomorrow. Crypto News. Crypto. Bitcoin; Blockchain; Litecoin; Altcoins; Ethereum; ICO; Business; Economy ; Industries; Markets; Politics; World News; Homomorphic Encryption & What it Means for Blockchain. 2020-09-20 Blockchain. For those not familiar with cryptography, encryption, in its most basic sense, is a cryptographic equivalent of a lock and key. In a way similar to locking your valuables in a ... The use of homomorphic encryption technique will not only offer privacy protection, it will also allow ready access to encrypted data over public blockchain for auditing and other purposes. In order words, the use of homomorphic encryption to store data on public blockchain will offer the best of both public and private blockchains in one single package. Private blockchains are still in the ...

[index] [50583] [31534] [27831] [31987] [20497] [11066] [40881] [33523] [3775] [43677]

Homomorphic Encryption Research - YouTube

Homomorphic Encryption (HE) refers to a special type of encryption technique that allows for computations to be done on encrypted data, without requiring access to a secret (decryption) key. Dr. Craig Gentry explains the concept of homomorphic encryption. Invited Talk at Eurocrypt 2019 by Daniele Micciancio, UC San Diego. Shai Halevi, IBM T.J. Watson Research Center Cryptography Boot Camp http://simons.berkeley.edu/talks/shai-halevi-2015-05-18a Winter School on Cryptography: Fully Homomorphic Encryption - Craig Gentry - Duration: 1:59:38. Bar-Ilan University - אוניברסיטת בר-אילן 9,281 views 1:59:38

#