GRiN-(AltCoin): Launched on January 15th, 2019, Grin is a cryptocurrency focused on
privacy without censorship in its implementation of Mimblewimble.
According to their website, the developers want Grin to be usable by
everyone regardless of borders, culture, skills or access.
Without
address information or amounts stored on the blockchain, the chain is
meant to be lean and scalable. Grin was launched without a premine, ICO,
or founders rewards and relies on donations to support the long-term
development of the project.
GRiN-(AltCoin) is
an exciting new cryptocurrency leveraging the MimbleWimble protocol. But
tutorials on Grin are notoriously nondescript. This post aims to share exactly how Grin transactions work.
Introduction: MimbleWimble and Grin
MimbleWimble is a blockchain format and protocol that provides
extremely good scalability, privacy and fungibility by relying on strong
cryptographic primitives. It addresses gaps existing in almost all current
blockchain implementations.
GRiN-(AltCoin) is an open source software project that implements a MimbleWimble
blockchain and fills the gaps required for a full blockchain and
cryptocurrency deployment.
The main goal and characteristics of the Grin project are:
Privacy by default. This enables complete fungibility without precluding
the ability to selectively disclose information as needed.
Scales mostly with the number of users and minimally with the number of
transactions (<100 byte kernel), resulting in a large space saving compared
to other blockchains.
Strong and proven cryptography. MimbleWimble only relies on Elliptic Curve
Cryptography which has been tried and tested for decades.
Design simplicity that makes it easy to audit and maintain over time.
Community driven, encouraging mining decentralization.
A detailed post on the step-by-step of how Grin transactions work (with graphics) can be found in this Medium post.
Introduction:
This document is targeted at readers with a good
understanding of blockchains and basic cryptography. With that in mind, we attempt
to explain the technical buildup of MimbleWimble and how it's applied in Grin. We hope
this document is understandable to most technically-minded readers. Our objective is
to encourage you to get interested in Grin and contribute in any way possible.
To achieve this objective, we will introduce the main concepts required for a good
understanding of Grin as a MimbleWimble implementation. We will start with a brief
description of some relevant properties of Elliptic Curve Cryptography (ECC) to lay the
foundation on which Grin is based and then describe all the key elements of a
MimbleWimble blockchain's transactions and blocks.
Brief primer on Elliptic Curve Cryptography:
We start with a brief primer on Elliptic Curve Cryptography, reviewing just the
properties necessary to understand how MimbleWimble works and without
delving too much into the intricacies of ECC. For readers who would want to
dive deeper into those assumptions, there are other opportunities to
learn more.
An Elliptic Curve for the purpose of cryptography is simply a large set of points that
we will call C. These points can be added, subtracted, or multiplied by integers (also called scalars).
Given such a point H, an integer k and
using the scalar multiplication operation we can compute k*H, which is also a point on
curve C. Given another integer j we can also calculate (k+j)*H, which equals
k*H + j*H. The addition and scalar multiplication operations on an elliptic curve
maintain the commutative and associative properties of addition and multiplication:
(k+j)*H = k*H + j*H
In ECC, if we pick a very large number k as a private key, k*H is
considered the corresponding public key. Even if one knows the
value of the public key k*H, deducing k is close to impossible (or said
differently, while multiplication is trivial, "division" by curve points is
extremely difficult).
The previous formula (k+j)*H = k*H + j*H, with k and j both private
keys, demonstrates that a public key obtained from the addition of two private
keys ((k+j)*H) is identical to the addition of the public keys for each of those
two private keys (k*H + j*H). In the Bitcoin blockchain, Hierarchical
Deterministic wallets heavily rely on this principle. MimbleWimble and the Grin
implementation do as well.
Structure of transactions:
The structure of transactions demonstrates a crucial tenet of MimbleWimble:
strong privacy and confidentiality guarantees.
The validation of MimbleWimble transactions relies on two basic properties:
Verification of zero sums. The sum of outputs minus inputs always equals zero,
proving that the transaction did not create new funds, without revealing the actual amounts.
Possession of private keys. Like with most other cryptocurrencies, ownership of
transaction outputs is guaranteed by the possession of ECC private keys. However,
the proof that an entity owns those private keys is not achieved by directly signing
the transaction.
Blockchain
is a network allowing peer-2-peer transactions without centralized local bank exchanges keeping transaction counter-parties anonymous.
Privacy, the ability within an individual or group ghost their personal information invisible and selectively. Remember this that every transaction is broadcasted, and viewable to
all on a public ledger, therefore not private as intended.
Privacy transaction patterns of certain wallets known as identity of the account owner can be profiled using social / freaking /
engineering hacking skill serts.
Privacy, translates into
several meanings to different people. PRIVACY MATTERS in blockchain, but deeper research unveils there is never any privacy.
There
are a few privacy tokens with different technology address ing
privacy concerns mentioned already.
DASH
was founded after the Bitcoin fork in 2014.
AltCoins: Dash, Monera, Zcash, and including PIVX, Grin, Verge, NavCoin,
and traditional tokens, such as LTC all contemplate adding privacy features into their token gaining some comparative advantages, but still lacking note-worthy privacy; as with most coins.
Dash (DASH AltCoin):
DASH s not cryptographically
private. DASH guarantees security through Mixing, using an adjusted
variant of CoinJoin — a strategy at first made to “anonymize” Bitcoins.
DASH
is a Proof-of-Work framework that has two kinds of hubs on the
system; masternodes and diggers. DASH
Masternodes give moment send and
private send capacities.
CoinJoin
is a technique to anonymize exchanges proposed by Gregory Maxwell. CoinJoin
depends on the standard of collection together exchanges to
make joint installments. CoinJoin
based blending techniques increment
security for all clients since it is never again likely that all
contributions to an exchange originate from a solitary wallet, and can never again be dependably connected with another solitary
client.
Monero (XMR):
Monero was launched April 2014.
XMR was a
fair, pre-announced launch of the CryptoNote reference code.
The founder proposed controversial changes to the cryptocoin that the community disagreed with.
A fallout ensued with the centralizing cryptocoin double talk community, and the Monero Core
Team forked a new project within the community following this new Core
Team breakaway, as a CryptoCoin-Civilization.
This Core Team has provided oversight since within common and controlled.
Monero has made several very large privacy improvements
since it's conceptional launch of decentralization in opposition to the, (IRS), government snitch database exchanges.
The blockchain migrates constantly morphing into a highly privatized database
structure to provide greater efficiency and flexibility centered in privacy from bankster centralization.
This highly privatized database
structure maintains minimum ring
signature sizes set into place so that all transactions are private by Monero Core Team Mandates; unconditionally.
RingCT, (Ring Confidential Transactions), was implemented to hide the transaction amounts.
Nearly all improvements have provided improvements to security or
privacy, or they have facilitated use.
Monero is adamant about their coin develop with
goals of privacy and security always first in opposition to terrorist networks working with centralization agencies, ease of use and efficiency second.
Monero is the #1 only privacy cryptocurrencies of all the cryptocurrencies upon earth.
The Monero AltCoin is created from a hard fork by Bytecoinin
2014, and still improving it's worth each day.
Monero uses encoded transactions that hide the addresses and
the quantities transferred, also adding fraudulent, (fake), transactions that
make it impossible to know the contents of the operations -i.e. Monero is a real Crypto-AltCoin-Currency, because it is truly cryptographic, unlike the other AltCoins that are no wheres near.
This Monero uses Ring CTto maintain an anonymous transaction and tighten security wallet.
The Monero team also integrated the powerful Linux-Tails-OS, an operating system passing transactions through the TOR, (most extreme privacy), network, to further protect from government and civilian hackers adding an umbrella of absolute privacy.
Monero uses a network of stealth, (false), addresses, (much like a fake browser cache, but more perfected),to
allow users to hide their wallet address from criminals.
Our Monero stealth address is a
one-time use address-only that is created for each and every transaction ounce.
That is right, only once unlike other CryptoCoins that are far more centralized into less privacy allowing hackers to steal your wealth.
Noted; Monero users
also have a public address that is published on the blockchain, but
most (if not all) of their transactions will be passed through unique
stealth protective addresses system only if they desire being entirely ghosted.
Basically,
The Dash-AltCoin groups up small transactions while Monero breaks down into small
transactions for privacy and protection of decentralization, again, unlike the others.
Remember, Monero heavily relies on network
resources unless you create your own local node from your downloaded "blockchain" in order to generate your own Monero currency.
They are different from Bitcoin in that regular PC can run
Monero’s node service as local and across the internet.
Zcash (ZEC):
Shielded Zcash transactions are completely private(?).
Like Bitcoin, Zcash transaction data is posted to a public
blockchain; but unlike Bitcoin, Zcash ensures your personal and
transaction data remain completely confidential. Zero-knowledge proofs
allow transactions to be verified without revealing the sender, receiver
or transaction amount. Selective disclosure features within Zcash allow
a user to share some transaction details, for purposes of compliance or
audit.
Zcash also allows for transparent transactions, to accommodate for
wallets and exchanges that don’t support private transactions.
Zcash is another Bitcoin-forked privacy coin with privacy features using zk-SNARKs.zk-Snarks,
aka Zero-Knowledge Succinct Non-Interactive Argument of Knowledge, is a
technology to allow miners to verify transactions without knowing who
sent/received the coins.
The protocol team has implemented zk-Snarks on
Quorum for JP Morgan, which is an enterprise-focused version of
Ethereum. The team has worked with other teams to add the privacy
feature to their project/platforms.
PIVX (PIVX):
PIVX
is a re-brand of the Darknet Coin, and stands for private instant
verified transaction. PIVX is a fork from Dash, implementing Bitcoin
Improvement Proposals (BIP), and utilizing PoS to secure the network.
PIVX users are allowed to run master nodes with at least a stake of 10,000 tokens (while Dash only requires 1,000 DASH).
About PIVX
PIVX (PIVX), which stands for Private Instant Verified Transaction is
an MIT licensed anonymity-based, community-governed fork of DASH. It is
a Proof of Stake cryptocurrency with Zerocoin protocol implementation.
PIVX has 2-tier currency: a regular coin for ordinary transactions, and
an anonymous zPIV (which can be staked) for private transactions.
Similar to Dash, PIVX supports quick and private transactions, along
with masternodes. The decentralized network of masternodes facilitates
treasury management and community governance.
PIVX: Private – Instant – Verified – Transaction(Tx) is an MIT licensed,
open source, decentralized blockchain-based cryptocurrency focused on
achieving fungibility, transaction privacy, community governance,
network salability, and real-world utilization to become one of the most
technically advanced globally-accepted online digital currency. NOTE:
New Privacy Protocol is in development.
What is PIVX?
PIVX is a form of digital online money using blockchain
technology that can be easily transferred all around the world in a
blink of an eye with nearly non-existent transaction fees with market
leading security & privacy.
Launch Date: January 31st, 2016
Block Time: 60 seconds Block Size: 2mb Total Coin Supply To Date: 55 million Circulating Supply: < 30 million. This is due to masternode
collateral (10,000 PIV per masternode) being locked in escrow as well as
any staking wallets holding PIV off exchanges.
PIVX DETAILS PIVX is a multifaceted community-centric effort in the blockchain
tech and cryptocurrency realms. In translation here: There is many components of what PIVX is and why PIVX was manifested.
PIVX is the fastest and lowest cost privacy-focused digital currency,
using a Proof of Stake (PoS) consensus system algorithm allowing owners of PIVX to participate in earning block rewards while securing
the network with full node wallets.
Designed to be used as a viable currency that preserves individuals
privacy and security, PIVX has the most sustainable supply model, is not
susceptible to 51% attacks, is already globally distributed without
centralization of coins to select few, is supported by thousands of
passionate individuals in a Decentralized Autonomous Organization (DAO),
and is already being accepted and used by merchants (online and
physical locations) around the world.
In support of our global reach, PIVX was the first cryptocurrency
project to translate it’s website and materials into over 30+ native
languages, providing unparalleled access to information about
cryptocurrency and PIVX in individuals most familiar language.
PIVX is the first proof of stake coin with the zerocoin protocol
(called zPIV) and zerocoin staking (named zPOS); a completely new Proof
of Stake algorithm providing unparalleled privacy, speed of
transactions, and low transaction costs.
PIVX employs a second-tier decentralized network of masternodes
providing additional services such as community voting governance,
self-funded treasury system and instant transactions.
It’s easy to
implement and setup a PIVX wallet, be it desktop, mobile, raspberry Pi,
etc, allowing for simple merchant adoption.
Additionally, PIVX has one of the most stable designed economic
models in cryptocurrency. PIVX has implemented a Dynamic Supply System
governing its coin supply; block rewards are static and inflation is
reduced whenever a transaction is included in a block by burning
transaction & zerocoin fees. At a certain threshold combination of
transactions per minute, PIVX will become deflationary.
Mimblewimble
is a new privacy-focused blockchain project that is based on Bitcoin’s
design. On July 19, 2016, “Tom Elvis Jedusor” dropped the whitepaper into a Bitcoin research channel and disappeared. Later, “Ignotus Peverell” started a Github project called Grin and began turning the Mimblewimble paper into a real implementation.
Mimblewimble
refers to the tongue-tying curse in Harry Potter. Tom Elvis Jedusor is
Lord Voldemort’s French name and Ignotus Peverell is the original owner
of the invisibility cloak.
Mimblewimble/Grin
is an improvement upon confidential transactions and CoinJoin from
Bitcoin. Key features include no public addresses, complete privacy, and
a compact blockchain.
There has been a lot of excitement around Grin
mining lately since Grin coins, like Bitcoin, can only be created
through PoW mining.
Grin uses the Cuckoo Cycle PoW algorithm, which was originally designed to be ASIC-resistant but is now considered to be ASIC-friendly.
Key Features of Grin:
Complete privacy as its default
Scalable transactions
Tried and tested cryptography
Easy design for person to person transaction
Community-driven — aimed at decentralized advancement and mining
Other interesting privacy coins that are relatively early in their development include MobileCoin and BEAM.
Verge (XVG):
Verge
Coin started its journey as DogeCoinDark in 2014, named after the
world’s most popular meme cryptocurrency. In 2016, the coin was
rebranded to Verge Cryptocurrency, and has since been gaining enormous
traction in technology and investment communities.
Verge coin is mineable. But
Verge miners can choose one of three mining methods to get their Verge,
rather than the expensive and limited options afforded to Bitcoin
miners.
Verge allows for everyday payments. But
where Bitcoin payments are not anonymous, Verge coin transactions are
masked with TOR and i2P, for fully private transaction.
Verge is decentralized money.
But Verge is also in the process of adding smart contract
functionality, allowing it to develop for the needs of the world better
than Bitcoin.
Verge has several key partnerships, including porn industry giant MindGeek, whose subsidiaries include Pornhub and Brazzers.
Litecoin (LTC):
Litecoin is getting tired of standing in Bitcoin’s shadow. After many years as Bitcoin’s second fiddle, Litecoin core developers are getting more interested in following the likes of privacy coins such as Monero (XMR) and Zcash (ZEC).
Charlie Lee opened a discussion on fungibility and hinted at the addition of Confidential Transactions in a “future release of the full-node implementation” in 2019. This will let LTC gain more comparative advantage as media of transaction and payment.
NavCoin (NAV):
NavCoin
is a decentralized cryptocurrency that was forked from Bitcoin. It aims
to solve 2 problems that are typically found in blockchain platforms:
Data is made public on the blockchain, leaving it vulnerable to malicious attacks by illicit users.
Most
blockchains use “roll backs” as the solution to data vulnerability.
They reset the blockchain to a backed-up point after a data breach,
meaning transactions made leading up to the roll back are erased.
The
NavTech system is a combination of the traditional Bitcoin blockchain
and a NAV subchain. Using two chains allows users to send transactions
with complete anonymity.
CloakCoin:
Cloak
is a veteran privacy coin that is growing slowly, although it has been
active in the privacy niche for approximately 4 years. The blockchain is
operated using a Proof-of-Stake consensus protocol. It has relatively
short blocktimes and quickly processes transactions.
The
platform also offers 2 different methods of making your transactions
untraceable. First is their onion-routing privacy protocol. Onion
routing involves encrypting messages with many layers (similar to an
onion).
It
also offers the Enigma process to provide additional privacy cloaking
on transactions. Enigma cloaking is applied when a user requests a
cloaked enigma transaction.
Enigma (ENG):
The
Enigma project is entirely separate from the Enigma cloaking process
used in CloakCoin transactions. Enigma is not a cryptocurrency nor a
blockchain; instead, it is a privacy protocol that can be deployed on
blockchains and decentralized applications.
Therefore its token, ENG, is
a distinct addition to the list of top privacy coins.
The
Enigma network provides privacy by making nodes unable to see the data
that they compute. Although they are unable to clearly see exactly what
they are working on, these nodes are still capable of verifying that
their computations have been run correctly.
With the data masked like
this, Enigma hopes to open the door for what they call a new type of
smart contracts — “secret contracts” — wherein the underlying data
processed in a smart contract remains encrypted at all times.
DeepOnion:
DeepOnion
is a new privacy coin project that is generating some interest in the
community. Like a few of the other coins in this list, DeepOnion uses
TOR to send untraceable transactions. It also uses a mix of
Proof-of-Stake and Proof-of-Work protocols to offer fast confirmation
times.
DeepOnion
also employs stealth addresses to keep transactions private. The
DeepOnion team is currently working on DeepSend and DeepVault. DeepSend
will use a multi-signature method to prevent payments from being traced.
DeepVault is an information storage service that allows users to store
data in the blockchain forever. In order to verify the integrity of a
file, a user only needs to compare their current version of the file
with the backup. This can be beneficial for the purpose of verifying the
integrity of important documents.
ZenCash:
Zencash is more than aprivacy cryptocurrency
because it also contains a messaging platform, a Distributed Autonomous
Organization (DAO). Users can send tokens anonymously (“Z” address) or
pseudonym (“T” address). Even Zencash, a hard fork by Zcoin, wants to
make an exchange with the same degree of privacy.
Zcoin:
Zcoin
also uses the Zerocoin protocol. Zcoin is burned in a Zcoin transaction
and Zerocoin are created and transferred, but since they have no
history, they are not traceable. This costs a 0.01 Zcoin fee. Those who
receive money only know that they have received them.
Bytecoin (BCN):
Bytecoin
is probably the oldest cryptocurrency to deal with privacy problem,
given that its birth dates back to 2012, but has recently had a
flashback. As a security system, it combines a Stealth system for
addresses joined to the Ring CT, with a protocol called Cryptonote. This
privacy token is the father of Monero.
Bitcoin Private:
Bitcoin Private
comes from a hard fork and a fusion, i.e. a hard fork of Bitcoin and
then a merger with Zclassic, in turn, hard fork of Zcash in which the
prize for creators was canceled. Bitcoin Private also implements the zk-
Snarks.
SpectreCoin (XSPEC):
Spectrecoin(XSPEC)
was created in December 2016 as a fork of ShadowCash (SDC), with its
initial difference being that it ran over the tor network for added
privacy. Since then, it has continued to make strides, developing into
an even more user-friendly and anonymous cryptocurrency.
These
advancements include OBFS4 Bridges, Wallet UI improvements, improved
stealth addresses, updated tor, and better syncing. At just over a year
old, the project has come a long way and has big plans for the future,
such as stealth staking (a first for any crypto) and the implementation
of Android and iOS mobile wallets.
Key Features:
Tor to hide the location and make tracking more difficult
Stealth addresses to keep the receiver anonymous
Ring Signatures to keep the sender hidden
Privacy Token Economics:
Due
to different technology stacks to realize the privacy features, the
token economics designs can be different to incentivize various
ecosystem stakeholders. In this section, we will discuss the different
token economics design for DASH, and Enigma Protocol.
First, let’s summarize some techniques used by Privacy Token.
CoinJoin — Join
multiple transactions a group so that the transaction cannot be linked
to a single wallet/address. It is a Mixing-based privacy solution.
TOR Network— TOR
make the transaction untraceable. Another way to understand TOR is VPN.
It transacts using multiple layers of proxy to hide the identity behind
the transaction counter-parties. [check the 2-min video here]
i2P — The Invisible Internet Project (I2P) is an anonymous network layer (implemented as a Mix Network) that allows for censorship-resistant, peer to peer
communication. Anonymous connections are achieved by encrypting the
user’s traffic (by using end-to-end encryption), and sending it through a
volunteer-run network of roughly 55,000 computers distributed around
the world.
RingCT — RingCT
stands for Ring Confidential Transactions, makes transactions harder to
trace by obscuring the output of the true sender in a set of n other outputs on the blockchain, indistinguishable with respect to their amounts. It is a Mixing-based privacy solution.
Stealth Address — Stealth
Address means that the created stealth address will be used only once
for the transaction. That being said, each transaction corresponds to
one stealth address, which makes it impossible to link the transactions
to single wallet/address.
zk-SNARKS— zk-SNARKS
stands for Zero-Knowledge Succinct Non-Interactive Argument of
Knowledge. It is a cryptography algorithm to verify the transaction
without revealing the address and balance.
Mimblewimble — Mimblewimble
uses elliptic-curve cryptography that requires smaller keys than other
cryptography types. In a network that is using the Mimblewimble
protocol, there are no addresses on the blockchain, and the network’s
data storage is highly efficient.
Dash
works a little differently from Bitcoin, however, because it has a
two-tier network. The second tier is powered by masternodes (Full
Nodes), which enable financial privacy (PrivateSend), instant
transactions (InstantSend), and the decentralized governance and budget
system.
Because this second tier is so important, masternodes are also
rewarded when miners discover new blocks. The breakdown is as follows:
45% of the block reward goes to the miner, 45% goes to masternodes, and
10% is reserved for the budget system (created by superblocks every
month).
As of February 2019, the holders of DASH that run a masternode receive ~ 7% annual block rewards. https://masternodes.online/currencies/DASH/ is a great resource for real-time DASH network metrics.
The
current block reward is 3.35 DASH, or 1.5075 for miners, 1.5075 for
masternodes, and .335 DASH for the DAO per block. Dash features a block
interval of ~ 2.5 minutes and ~ 550 blocks per day.
Each
masternode requires 1,000 DASH as collateral. The 1,000 DASH are used
as bonded collateral and required to earn the inflation funded block
rewards. The collateral is always safe and never forfeited during
masternode operation.
Since
masternode rewards are fixed at 45% of the block reward, or 1.5075 DASH
per block, and the number of active masternodes on the network is
dynamic, expected masternode rewards will vary according to current
total count of active masternodes. Masternodes are currently yielding ~
7.01%.
The average Dash masternode reward frequency is just shy of nine days.
Enigma:
Enigma
is a protocol related to process information securely. Its token must
be purchased in order to run a node on their network. After buying the
Enigma token, you can receive rewards for processing data. But in order
to process data, each node must make a security deposit. If the data is
tampered during the verification process, the deposit will be split
between any nodes that processed the data without error.
In
effect, owning ENG allows people to get started using the network. ENG
also serves as a reward for participation in the network.
Other
factors affecting the Token Economics include: randomness of miner/node
selection, front-cost of providing mining service (e.g., ASIC vs. PC) and also coin reward number and coin prices.
Regulatory Surveillance vs. Privacy:
Recently, there have been different voices on SEC approving BTC ETF proposals. For people who don’t think it will come soon [Brian Kelly].
Over 2018, the SEC has received multiple Bitcoin ETF applications from various players, such as the Winklevoss twins,
but is yet to approve any one of them. Expanding on his point of view,
Kelly said that the agency is unlikely to change its opinion in the near future, as “there is too much that is unresolved.”
SEC officials have demanded better cryptocurrency surveillance and custody before approving BTC ETF applications for multiple reasons:
Concerns about hacking events and market manipulation
Concerns of money laundering without transaction traceability
Concerns of linking transaction with wallet/address for taxation reasons.
Here is the dilemma between regulatory surveillance vs. privacy. Until a balance/compromise is reached, the next bull market might be delayed as long as possible.
Blockchain Privacy Modeling
Given that blockchain transactions are pseudonymous, not anonymous, and that blockchains themselves are transparent, numerous protocols exist for the incorporation of greater privacy to protect individuals from those seeking to connect them with their transactions. It goes without saying that the motives behind this include facilitating protection from legal entities, but also the desire to grant individuals privacy from those who might wish to steal funds or identify those with large holdings for the purpose of solicitations or more serious crimes. With that in mind, not all privacy protocols are alike. There are different methods to achieve the goal at hand — namely obscuring transaction histories to the point where tracking someone’s balance history becomes prohibitively resource intensive, if not completely impossible. Here we discuss the three most common methods of achieving this, and their applications thus far.
Zero knowledge proof (ZCash, PIVX):
Last week we published an article going into detail on ZKPs, which can be read here.
There is evidence to suggest this could be the most popular privacy
technology moving forward, as it is promised in Ethereum, Cardano, Tron
and others.
Ring signatures (Monero):
The
earliest privacy coin, Bytecoin, uses a concept called ring signatures
which had been theorized as far back as 2001 in a paper delivered to
ASIACRYPT. The concept was proposed as a way to leak secrets with
anonymity, for example in the White House or a Board of Directors, by
having all members of the group in question sign the output even when it
comes from only one individual. In cryptocurrencies, ring signatures
send a transaction from a member of a group in which all members have
their own account keys and sign the transaction. This creates a group of
individual accounts which all could theoretically have sent a
transaction, when only one has. Put more simply, it is not possible to
say which of the group has actually sent the transaction.
Monero
is a Bytecoin fork which maintained its employment of ring signatures,
and in 2017 added “ring CT” (confidential transactions), which hide
details of transactions from all but the sender and the recipient.
Monero has a minimum of 7 signatures per transactions, and when combined
with the range proofs introduced with its Bulletproofs update this year
it is arguable that Monero remains the most comprehensive privacy
blockchain platform (and indeed this is recognized by the market, where
Monero stands at 13th on the top 100 coins by market cap, ahead of all
other privacy tokens).
Coin mixing and change addresses (Dash):
In
Bitcoin’s early days, coin mixing became popular for those trading on
illicit activity websites to scramble their transaction histories and
making tracing funds through the blockchain much more difficult. This
was not a feature on Bitcoin’s blockchain, but rather a third party
service which mixes coins for a fee of 1–3%. The concept is simple:
swapping one denomination of Bitcoin for another of equal size, thereby
obfuscating the trails of both and making identification much more
difficult.
As discussed in our write up on Dash masternodes and their functions,
Dash introduced a privacy feature initially called DarkSend (now
PrivateSend), which facilitates a type of coin mixing directly into
their blockchain using masternodes. When requested, these masternodes
split a transaction into denominations, mixing them with the
denominations of others using PrivateSend, before sending it back to a
change address the user controls. At that point it is much more
difficult to trace the transaction history.
Most notably, this is an
elective feature which makes Dash a rare example of a currency with
optional privacy or transparency, depending on the user’s goal and the
demands of vendors — thereby avoiding the blacklisting problem which
could devalue specific tokens devalued by privacy measures.
Article
by Byron Murphy, Editor at Viewnodes. We help clients establish and
maintain masternodes for the currencies which currently support them. To
contact us for information on our masternode services, please submit
this contact form.
Disclaimer:
All
of the information of projects are sourced from online materials and do
not necessarily reflect the current state of the projects. The
information here does not constitute any advice on investment or
consequence of any investment.
PIVX-(PiVX):, which stands for Private Instant Verified Transaction is an MIT licensed anonymity-based, community-governed fork of DASH. It is a Proof of Stake cryptocurrency with Zerocoin protocol implementation. PIVX has 2-tier currency: a regular coin for ordinary transactions, and an anonymous zPIV (which can be staked) for private transactions. Similar to Dash, PIVX supports quick and private transactions, along with masternodes. The decentralized network of masternodes facilitates treasury management and community governance.
PIVX: Private – Instant – Verified – Transaction(Tx): This is an MIT licensed, open source, decentralized blockchain-based cryptocurrency focused on achieving fungibility, transaction privacy, community governance, network salability, and real-world utilization to become one of the most technically advanced globally-accepted online digital currency. NOTE: New Privacy Protocol is in development.
BTC
What is PIVX?
PIVX is a form of digital online money using blockchain
technology that can be easily transferred all around the world in a
blink of an eye with nearly non-existent transaction fees with market
leading security & privacy.
Launch Date: January 31st, 2016
Block Time: 60 seconds Block Size: 2mb Total Coin Supply To Date: 55 million Circulating Supply: < 30 million. This is due to masternode
collateral (10,000 PIV per masternode) being locked in escrow as well as
any staking wallets holding PIV off exchanges.
The PIVX Transaction Fee: < $0.001 (for Normal sends), < $0.01 (for Private sends)
PIVX DETAILS
PIVX is a multifaceted community-eccentric endeavor in the blockchain
tech and cryptocurrency realms. What we mean by that is this: There
are many components of what and who PIVX is and why PIVX was manifested.
PIVX is the fastest and lowest cost privacy-focused digital currency,
using a Proof of Stake (PoS) consensus system algorithm allowing all
owners of PIVX to participate in earning block rewards while securing
the network with full node wallets.
Designed to be used as a viable currency that preserves individuals
privacy and security.
The PIVX is the most sustainable supply model, is not
susceptible to 51% attacks, is already globally distributed without
centralization of select few coins.
Our PIVX is supported by thousands of
passionate individuals in a adamant Decentralized Autonomous Organization (DAO) that is already being accepted and used by merchants (online and
physical locations) around the world, because of security and heightened privacy.
In support of this global reach, PIVX is the first cryptocurrency
project to translate it’s website and materials into over 30+ native
languages, providing unparalleled access to information about
cryptocurrency and PIVX in individuals most familiar language.
PIVX is the first proof of stake coin with the zerocoin protocol
(called zPIV) and zerocoin staking (named zPOS); a completely new Proof
of Stake algorithm providing unparalleled privacy, speed of
transactions, and low transaction costs.
Our PIVX employs a second-tier decentralized network of masternodes
providing additional services such as community voting governance,
self-funded treasury system and instant transactions.
It’s easy to
implement and setup a PIVX wallet, be it desktop, mobile, raspberry Pi,
etc, allowing for simple merchant adoption.
Additionally, PIVX has one of the most stable designed economic
models in cryptocurrency. PIVX has implemented a Dynamic Supply System
governing its coin supply; block rewards are static and inflation is
reduced whenever a transaction is included in a block by burning
transaction & zerocoin fees. At a certain threshold combination of
transactions per minute, PIVX will become deflationary.
Zcash is the first widespread application of zk-SNARKs, a novel form
of zero-knowledge cryptography. The strong privacy guarantee of Zcash is
derived from the fact that shielded transactions in Zcash can be fully
encrypted on the blockchain, yet still be verified as valid under the
network’s consensus rules by using zk-SNARK proofs.
The acronym zk-SNARK stands for “Zero-Knowledge Succinct
Non-Interactive Argument of Knowledge,” and refers to a proof
construction where one can prove possession of certain information, e.g.
a secret key, without revealing that information, and without any
interaction between the prover and verifier.
“Zero-knowledge” proofs allow one party (the prover) to prove to
another (the verifier) that a statement is true, without revealing any
information beyond the validity of the statement itself. For example,
given the hash of a random number, the prover could convince the
verifier that there indeed exists a number with this hash value, without
revealing what it is.
In a zero-knowledge “Proof of Knowledge” the prover can convince the
verifier not only that the number exists, but that they in fact know
such a number – again, without revealing any information about the
number. The difference between “Proof” and “Argument” is quite technical
and we don’t get into it here.
BTC
“Succinct” zero-knowledge proofs can be verified within a few
milliseconds, with a proof length of only a few hundred bytes even for
statements about programs that are very large. In the first
zero-knowledge protocols, the prover and verifier had to communicate
back and forth for multiple rounds, but in “non-interactive”
constructions, the proof consists of a single message sent from prover
to verifier. Currently, the most efficient known way to produce
zero-knowledge proofs that are non-interactive and short enough to
publish to a block chain is to have an initial setup phase that
generates a common reference string shared between prover and verifier.
We refer to this common reference string as the public parameters of the
system.
If someone had access to the secret randomness used to generate these
parameters, they would be able to create false proofs that would look
valid to the verifier. For Zcash, this would mean the malicious party
could create counterfeit coins. To prevent this from ever happening,
Zcash generated the public parameters through an elaborate, multi-party
ceremony. To learn more about our parameter generation ceremony and see
the precautions we’ve taken to prevent the secret randomness essential
to Zcash from being exposed (e.g. computers being blowtorched), visit
our Paramgen page. To learn more about the math behind the parameter generation protocol, read our blog post or whitepapers (1, 2) on the topic.
How zk-SNARKs are constructed in Zcash
In order to have zero-knowledge privacy in Zcash, the function
determining the validity of a transaction according to the network’s
consensus rules must return the answer of whether the transaction is
valid or not, without revealing any of the information it performed the
calculations on. This is done by encoding some of the network’s
consensus rules in zk-SNARKs. At a high level, zk-SNARKs work by first
turning what you want to prove into an equivalent form about knowing a
solution to some algebraic equations. In the following section, we give a
brief overview of how the rules for determining a valid transaction get
transformed into equations that can then be evaluated on a candidate
solution without revealing any sensitive information to the parties
verifying the equations.
The first step in turning our transaction validity function into a
mathematical representation is to break down the logical steps into the
smallest possible operations, creating an “arithmetic circuit”. Similar
to a boolean circuit where a program is compiled down to discrete,
single steps like AND, OR, NOT, when a program is converted to an
arithmetic circuit, it’s broken down into single steps consisting of the
basic arithmetic operations of addition, subtraction, multiplication,
and division (although in our particular case, we will avoid using
division).
Here is an example of what an arithmetic circuit looks like for computing the expression (a+b)*(b*c) :
Looking at such a circuit, we can think of the input values a, b, c
as “traveling” left-to-right on the wires towards the output wire. Our
next step is to build what is called a Rank 1 Constraint System, or
R1CS, to check that the values are “traveling correctly”. In this
example, the R1CS will confirm, for instance, that the value coming out
of the multiplication gate where b and c went in is b*c.
In this R1CS representation, the verifier has to check many
constraints — one for almost every wire of the circuit. (For technical
reasons, it turns out we only have a constraint for wires coming out of
multiplication gates.) In a 2012 paper on the topic,
Gennaro, Gentry, Parno and Raykova presented a nice way to “bundle all
these constraints into one”. This method uses a representation of the
circuit called a Quadratic Arithmetic Program (QAP). The single
constraint that needs to be checked is now between polynomials rather
than between numbers. The polynomials can be quite large, but this is
alright because when an identity does not hold between polynomials, it
will fail to hold at most points. Therefore, you only have to check that the two polynomials match at one randomly chosen point in order to correctly verify the proof with high probability.
If the prover knew in advance which point the verifier would choose
to check, they might be able to craft polynomials that are invalid, but
still satisfy the identity at that point. With zk-SNARKs, sophisticated
mathematical techniques such as homomorphic encryption and pairings
of elliptic curves are used to evaluate polynomials “blindly” – i.e.
without knowing which point is being evaluated. The public parameters
described above are used to determine which point will be checked, but
in encrypted form so that neither the prover nor the verifier know what
it is.
The description so far has mainly addressed how to get the S and N in
“SNARKs” — how to get a short, non-interactive, single message proof —
but hasn’t addressed the “zk” (zero-knowledge) part which allows the
prover to maintain the confidentiality of their secret inputs. It turns
out that at this stage, the “zk” part can be easily added by having the
prover use “random shifts” of the original polynomials that still
satisfy the required identity.
For a step-by-step, in-depth explanation of key concepts behind
zk-SNARKs in Zcash, see our SNARKs Explainer series with posts on:
Zcash uses bellman, a Rust-language library for zk-SNARKs. Before the Sapling upgrade, Zcash used a fork of the C++ library, libsnark. For a deeper dive into the protocols used for Zcash’s zk-SNARKs, refer to the paper on the Pinocchio protocol, which was used until the Sapling upgrade, and Jens Groth’s zk-SNARK which is used currently.
How zk-SNARKs are applied to create a shielded transaction
In Bitcoin, transactions are validated by linking the sender address,
receiver address, and input and output values on the public blockchain.
Zcash uses zk-SNARKs to prove that the conditions for a valid
transaction have been satisfied without revealing any crucial
information about the addresses or values involved. The sender of a
shielded transaction constructs a proof to show that, with high
probability:
the input values sum to the output values for each shielded transfer.
the sender proves that they have the private spending keys of the input notes, giving them the authority to spend.
The private spending keys of the input notes are cryptographically
linked to a signature over the whole transaction, in such a way that the
transaction cannot be modified by a party who did not know these
private keys.
In addition, shielded transactions must satisfy some other conditions that are described below.
Bitcoin tracks unspent transaction outputs (UTXOs) to determine what
transactions are spendable. In Zcash, the shielded equivalent of a UTXO
is called a “commitment”, and spending a commitment involves revealing a
“nullifier”. Zcash nodes keep lists of all the commitments that have
been created, and all the nullifiers that have been revealed.
Commitments and nullifiers are stored as hashes, to avoid disclosing any
information about the commitments, or which nullifiers relate to which
commitments.
For each new note created by a shielded payment, a commitment is
published which consists of a hash of: the address to which the note was
sent, the amount being sent, a number “rho” which is unique to this
note (later used to derive the nullifier), and a random nonce. Commitment = HASH(recipient address, amount, rho, r)
When a shielded transaction is spent, the sender uses their spending
key to publish a nullifier which is the hash of the secret unique number
(“rho”) from an existing commitment that has not been spent, and
provides a zero-knowledge proof demonstrating that they are authorized
to spend it. This hash must not already be in the set of nullifiers
tracking spent transactions kept by every node in the blockchain. Nullifier = HASH(spending key, rho)
The zero-knowledge proof for a shielded transaction verifies that, in
addition to the conditions listed above, the following assertions are
also true:
For each input note, a revealed commitment exists.
The nullifiers and note commitments are computed correctly.
It is infeasible for the nullifier of an output note to collide with the nullifier of any other note.
In addition to the spending keys used to control addresses, Zcash
uses a set of proving and verifying keys to create and check proofs.
These keys are generated in the public parameter ceremony discussed
above, and shared among all participants in the Zcash network. For each
shielded transaction, the sender uses their proving key to generate a
proof that their inputs are valid. Miners check that the shielded
transaction follows consensus rules by checking the prover’s computation
with the verifying key. The way that Zcash’s proof generation is
designed requires the prover to do more work up-front, but it simplifies
verifying, so that the major computational work is offloaded to the
creator of the transaction (this is why creating a shielded Zcash
transaction can take up to 40 seconds, while verifying that a
transaction is valid only takes milliseconds).
The privacy of Zcash’s shielded transactions relies upon standard,
tried-and-tested cryptography (hash functions and stream ciphers), but
it’s the addition of zk-SNARKs, applied with the system of commitments
and nullifiers, that allows senders and receivers of shielded
transactions to prove that encrypted transactions are valid. Other
methods of providing privacy for cryptocurrencies rely upon obscuring
the linkage between transactions, but the fact that Zcash transactions
can be stored on the blockchain fully encrypted opens up new possibilities for cryptocurrency applications.
Encrypted transactions allow parties to enjoy the benefits of public
blockchains, while still protecting their privacy. Planned future
upgrades will allow users to selectively disclose information about
shielded transactions at their discretion. See our Near Future of Zcash blog post on future plans for Zcash.
For a more in-depth explanation of how shielded transactions are constructed in Zcash, see our blog post on How Transactions Between Shielded Addresses Work. For full details on the current Zcash protocol, refer to our protocol specification.
zk-SNARKs Future Applications
Creating shielded transactions in Zcash is only one example out of
many possible applications of zk-SNARKs. Theoretically, you can use a
zk-SNARK to verify any relation without disclosing inputs or leaking
information. Generating proofs for complex functions is still too
computationally intensive to be practical for many applications, but the
Zcash team is pushing the boundaries for optimizing zk-SNARKs, and is already breaking new ground with more efficient implementations.
As it currently stands, Zcash’s implementation of zk-SNARKs can be added to any existing distributed ledger solution as a Zero-knowledge Security Layer for enterprise use cases. The scientists on the Zcash team
are among the most knowledgeable researchers of zk-SNARKs in the world,
and are constantly working on coming up with new applications and
improving the efficiency of zero-knowledge protocols. If you have a
business need that could benefit from the application of zero-knowledge
proofs or blockchain solutions with robust privacy, get in touch with our business development team.
