CABRA - Comprehensive Academic Bitcoin Research Archive

Report on Filecoin And PoC Projects

Report on Filecoin And PoC Projects
Author: Gamals Ahmed, CoinEx Business Ambassador
ABSTRACT
A Blockchain is a continuously growing record, called blocks, which are linked and secured using cryptography such as hashing. Each block contains a hash pointer as a link to the previous block, a timestamp and transaction data. Filecoin is a decentralized storage network that turns cloud storage into an algorithmic market. The market runs on a blockchain with a native protocol token (also called Filecoin), which miners earn by providing storage to clients. The first section of report is demonstrate the filecoin which is a decentralized storage system used to encrypt files that we need to share it through blockchain platform. The second section is explain briefly blockchain Proof of Concept (POC) which is a process of locate whether a Blockchain project idea can be feasible in a real-world situation, need of proof of concept and blockchain proof of concept stages.
1.Introduction
Filecoin is a protocol token whose blockchain runs on a novel proof, called Proof-of-Space time, where blocks are created by miners that are storing data. Filecoin protocol provides a data storage and retrieval service via a network of independent storage providers that does not rely on a single coordinator, where: (1) clients pay to store and retrieve data, (2) Storage Miners earn tokens by offering storage (3) Retrieval Miners earn tokens by serving data.
Filecoin is a decentralized storage network that turns cloud storage into an algorithmic market. The market runs on a blockchain with a native protocol token (also called Filecoin”), which miners earn by providing storage to clients. Conversely, clients spend Filecoin hiring miners to store or distribute data. As with Bitcoin, Filecoin miners compete to mine blocks with sizable rewards[1].
Filecoin mining power is proportional to active storage, which directly provides a useful service to clients (unlike Bitcoin mining, whose usefulness is limited to maintaining blockchain consensus). This creates a powerful incentive for miners to amass as much storage as they can, and rent it out to clients. The protocol weaves these amassed resources into a self-healing storage network that anybody in the world can rely on. The network achieves robustness by replicating and dispersing content, while automatically detecting and repairing replica failures. Clients can select replication parameters to protect against different threat models. The protocol’s cloud storage network also provides security, as content is encrypted end-to-end at the client, while storage providers do not have access to decryption keys. Filecoin works as an incentive layer on top of IPFS [1], which can provide storage infrastructure for any data. It is especially useful for decentralizing data, building and running distributed applications, and implementing smart contracts [2].
Filecoin[2] based on IPFS[3] proposes a completely decentralized distributed storage network where customers and storage miners request services and submit orders to the storage and retrieval markets. And the miner provides a service to view matching quotes to initiate a transaction. The protocol guarantees the integrity of data storage by copying proofs and space-time certificates. The Filecoin protocol writes the order book, token transactions, and integrity challenge response records to the blockchain.
1.1 Blockchain
Blockchain is a characteristic data structure formed by combining data blocks in a chain order inchronological order[4], and cryptographically guarantees decentralized, non-tamperable, unforgeable distributed shared ledger system.
Figure 1 Blockchain Structure
1.2 Elementary Components in Filecoin
The Filecoin protocol builds upon four novel components :
  1. Decentralized Storage Network (DSN): We provide an abstraction for network of independent storage providers to offer storage and retrieval services.
  2. Novel Proofs-of-Storage: We present two novel Proofs-of-Storage,(1) Proof-of Replication allows storage providers to prove that data has been replicated to its own uniquely dedicated physical storage. Enforcing unique physical copies enables a verifier to check that a prover is not deduplicating multiple copies of the data into the same storage space, (2) Proof-of-Space time allows storage providers to prove they have stored some data throughout a specified amount of time.
  3. Verifiable Markets: We model storage requests and retrieval requests as orders in two decentralized verifiable markets operated by the Filecoin network. Verifiable markets ensure that payments are performed when a service has been correctly provided. We present the Storage Market and the Retrieval Market where miners and clients can respectively submit storage and retrieval orders.
  4. Useful Proof-of-Work: We show how to construct a useful Proof-of-Work based on Proof-of Space time that can be used in consensus protocols. Miners do not need to spend wasteful computation to mine blocks, but instead must store data in the network[2] [4].
1.3 Filecoin: Lifecycle of a File
In this section we mentioned the lifecycle for file in Filecoin, as follow:
  1. Put: Clients send information about the file, storage duration, and a small amount of Filecoin to the Storage Market as a bid. Simultaneously, Miners submit asks, competing to offer low cost storage. Deals are made in the Storage Market, on the blockchain.
  2. Send: The Client then sends the file to the Miner, and the Miner adds the file to a sector. The sectors are cryptographically sealed, with verification sent to the blockchain.
  3. Manage: Miners continuously prove they are storing all sectors they agreed to store. The client’s payment is released in installments. Additional currency is minted over time and awarded to Miners as a block reward, proportional to the storage they provide.
  4. Request: A Client requests a file with some payment in Filecoin to the Retrieval Market (off chain); the first Miner to send the file is paid. Eventually, the contract expires and the storage is once again free[5].
Figure 2 Filecoin Lifecycle of a File
1.4 Filecoin is Built with IPFS
The Interplanetary File System (IPFS) is a next-generation protocol to make the Web faster, safer, decentralized, and permanent. Since the initial IPFS release in January 2015, it has gained strong traction in a variety of industries and organizations. Today, IPFS is a foundational technology for many applications in the blockchain industry. Over 5 billion files have been added to IPFS, spanning scientific data and papers, genetic research, video distribution & streaming, 3D modeling, legal documents, entire blockchains and their transactions, video games, and more. IPFS and Filecoin are complementary protocols, and the adoption of the underlying IPFS protocol is a leading indicator of market demand for a faster, safer, decentralized storage service [6].
Some IPFS Users
Figure(3) IPFS users
1.5 IPFS Open Source Community
The IPFS Project is a large community of open source contributors driven to decentralize the web. The community is made up of thousands of developers and users who have been working together for several years, building valuable and widely used software tools. The same seasoned core developers of IPFS are also leading the design and development of Filecoin. The IPFS team has experience building ambitious sotware projects and coordinating thriving developer communities. A significant portion of the IPFS community plans to join the Filecoin network, building tools and applications on this new, exciting platform [ 7].
2. PoC PROJECTS:
2.1 What is PoC?
PoC is abbreviate of Project of Concept which is a process of determining whether a Block-chain project idea can be feasible in a real-world situation. This process is necessary to verify that the idea will function as envisioned. The best part about proof of concept blockchain meaning is that it will help you to get a clear idea of what you are doing before you even get started. Furthermore, the proof of concept in the blockchain niche isn’t for exploring the marketplace for ideas only. Moreover, you won’t determine the best way to start the production process. Instead, you’ll only work on your possible blockchain solution option and see whether it’s capable of being a reality or not. Developing a blockchain proof of concept would require an investment of time, money and resources. In reality, you’d need to get your hands on supporting technologies or even the physical components needed to get the perfect plan. Going through the process is necessary for enterprises to see whether their idea is visible before using all production level equipment for it. According to a recent Gartner survey, 66% of CIOs think that blockchain is here to disrupt the existing marketplaces. And many will spend more than $10 million on the experimentation of the technology. So, if you were confused with what is proof of concept blockchain, now you know just what it is [8]. PoC is used to demonstrate the feasibility and practical potential of any blockchain project in any field such as Energy, Communication, Services, Insurance and Healthcare. A PoC can either be a prototype without any supporting code or any MVP (Minimum Viable Product) with bare feature set. A PoC is a prototype that is used for internal organization who can have a better understanding of a particular project.
2.3 Why Companies Need a Proof of Concept?
Usually, the blockchain proof of concept is awfully popular among the startups in the market. However, proof of concept in blockchain can also be a great tool for the Enterprises as well. Mainly there are three points for needing it.
  • Test out the blockchain project before going for mass production.
  • Identify possible pain points that can make the project not useful.
  • Save an enormous amount of time and money.
Although anyone who comes up with a blockchain project idea will think that it will work, however, proof of concept in blockchain will test out your idea to ensure that you get the best version out of it, which will save up a lot of time and money in the process. Another major reason for you to use proof of concept for blockchain is to ensure that all the stakeholders love your idea and would be interested in investing in it. Whether you are just adding up a new type of feature in the existing blockchain solution or developing it from scratch blockchain proof of concept would let you take the fastest route possible. This relatively gives a different edge in the proof of concept blockchain meaning [9].
2.4 Proof of Concept Phases
Its explain as follows:
Figure (4) explains the steps of blockchain PoC
Step-1: Finding the Proper Blockchain Application Sectors That Adds Value
Let’s start with the first step of the theoretical build-up stage. Many of you don’t really know which application sectors are great for blockchain Proof of concept [10]. That’s why we are outlining some major application sector where you can use your solution. These are:
1.Finance
Let’s start with the financing sector. This sector is relatively popular among the blockchain community. Furthermore, there are many projects already that cover this sector and offer a lucrative solution for major issues. So, in that sense, this sector is quite competitive in case of blockchain PoC development. 2. Medical
The medical sector is another major blockchain application sector at present. There are count-less scenarios where blockchain can truly shine. Hospitals have to deal with a lot of falsifying reports and counterfeit drugs.
3. Asset Management
Maintaining asset in these times are relatively hard due to all the bad players in the market. Simple paper-based record keeping isn’t enough now. Moreover, due to political and other reasons, ownership management is at risk of becoming a corrupted sector.
4. Government
Many governmental institutions are falling behind in the race of digitization. Moreover, every citizen needs a better infrastructure which will give them the security they need. In reality, the government sector is unable to reserve the citizen rights properly.
5. Identity
Identity management is a big hassle when it comes to enterprises. Furthermore, many often impersonate other people’s identity and commit serious crimes. Even in trade financer, many companies have to deal with fake companies and fake documents.
6. IoT
Internet of things is a wonderful sector for proof of concept in blockchain development. Furthermore, this sector is responsible for linking all your smart applications together. Moreover, the device to device connection in a secured platform is necessary.
7. Payments
The payments sector is another awesome application point for your enterprise-grade solution. The blockchain system is more than capable of handling payments, and many of it also offer micro payments. Furthermore, it takes a really small amount of time to send money compared to the traditional banking system. Not to mention the reduction of fees in overseas payment.
8. Supply Chain
Big enterprise needs to have their eyes and ears in every step of the supply chain process. Furthermore, any minor errors could end up in a million dollars of loss. Obviously, you would not want that. Tracking where the raw materials are coming from and whether your products are truly authentic or not is one of the major pain points.
9. Insurance
The insurance industry is facing some serious problems regarding insurance claims and document authentication. Also, the enormous amount of paperwork that every single employee has to fill out is overly dreadful. Detecting fraud, managing all the documents in a secure environment is tough. So, if you introduce a blockchain framework that can solve all these issues would be a huge factor. However, the competition in this marketplace is a bit high; still, with proper blockchain proof of concept, it should be a great opportunity.
Step-2: Defining the Product
In the second stage of the theoretical build-up, you would need to think your blockchain Proof of concept just like any other product. Furthermore, you need to have a solid plan along with full support from all stakeholders. PoC Feature Requirements Define all the features that your enterprise blockchain solution needs. After deciding your blockchain application, you would probably have some idea on what features to add up.
Step-3: Investigating the Technology
After you’ve come up with the solid idea of what features to include and how to focus the road map, you would need to hand them off to the engineering team. Therefore, your team will then research the technology based on your requirements and come up with the best plat-form to develop it on.
  • Advice to make a successful Proof of Concept As we knew, a proof of concept is a project, and like any project it must be clearly defined. That means breaking down the process into these four steps in order to can manage it better.
  • Focus on a Specific Business Issue If you want to make the blockchain PoC framework a success, then you have to start with focusing your real-life problems. At the beginning of the theoretical build-up stage when you are looking for a popular sector of deployment, look for a specific issue. Furthermore, any problem that your idea can fix would be a big plus from the consumers’ end. Many blockchain proof of concept only focuses on the capabilities of the technology only. However, they just don’t resolve any new issues or even old issues.
  • Take Small Steps, Avoid Scope Creeps Another major thing that the enterprises face is the scope creeps. While choosing what features you might need for the blockchain proof of concept many go for too much from the start. However, making a flashier entrance in the market won’t mean 100% success. Further-more, get the ones that you can truly deliver, not the ones you aren’t capable of.
  • Connect All Ideas and Control Them You won’t be the only one coming up with all the ideas. As you already know you’d need to get yourself a good team that will back you up and helps you come up with a compact solution. However, not every single member of your team would agree with the same idea. Furthermore, they have different ideas and vision regarding the blockchain development too.
  • Construct a Thorough Plan Another hurdle in the way of proper proof of concept blockchain is the misinterpretation of the blockchain implementation challenges. Obviously, blockchain implementation isn’t an easy task. At the first stage, it might have many flaws that would end up in possible failure scenarios.
  • Test A Million Times After getting the design done, you’d need to go into the testing phase. However, the problem is many seem to enroll the MVP before properly testing it, which end up in failure. So, test out the MVP a lot of time before making it accessible to the end-users.
  • Collaborate With Other Parties Collaborating with other enterprises could help to take down the overall costing of the block-chain proof of concept. Furthermore, if you are a small to medium level enterprise than collaborating with other parties could help out with the production costing. It will solely depend on the feature or the type of blockchain PoC framework you want to work on.
  • The Right Amount of Staff The right amount of stuff is always necessary to pull off a blockchain proof of concept project. Furthermore, you would need to recruit staffs that have blockchain skills or have an intellectual concept of the technology. Get the necessary amount of stuff with blockchain skill set to perfect the Blockchain Proof of Concept..
3. Conclusion
This report explain a distributed storage scheme based on blockchain technology( Filecoin), and introduces the system design in detail in first part , we have studied about blockchain technology related for Filecoin(decentralized storage network), Filecoin, a highly-anticipated decentralized storage network (under development), announced that there will be more delays before its Mainnet can be officially launched. Created by Protocol Labs, Filecoin has been developed using the InterPlanetary File System (IPFS), an established peer to peer data storage network. The Filecoin software will allow users to trade storage space in an open and decentralized market place.In the second part we mentioned a proof of concept (PoC), The Blockchain Proof of Concept is a demonstration to verify that certain concepts or theories have the potential for real-world application. PoC represents the evidence demonstrating that a project or product is feasible and worthy enough to justify the expenses needed to support and develop it.
REFERENCES
[1] Juan Benet. IPFS — Content Addressed, Versioned, P2P File System. 2014.
[2] Protocol Labs. Filecoin: A Decentralized Storage Network. https://filecoin.io/ filecoin.pdf, 2017.
[3] Benet J. IPFS-content addressed, versioned, P2P file system[J]. arXiv preprint arXiv:1407.3561, 2014.
[4] Liu AD, Du XH, Wang N, Li SZ. Research Progress of Blockchain Technology and its Application in Information Security. Ruan Jian Xue Bao/Journal of Software,2018,6,14:1–24.
[5] Protocol Labs, Inc,[email protected] , Filecoin Primer July 25, 2017.
[6] Protocol Labs, Inc,[email protected] , Filecoin Primer July 25, 2017.
[7] Retrieved from IPFS internal monitoring July 6, 2017.
[8] https://www.projectmanager.com/blog/proof-of-concept-definition.
[9] https://www.blockchainappfactory.com/poc-blockchain-application
[10] https://101blockchains.com/blockchain-proof-of-concept/#prettyPhoto
submitted by CoinEx_Institution to Coinex [link] [comments]

Mimblewimble in IoT—Implementing privacy and anonymity in INT Transactions

Mimblewimble in IoT—Implementing privacy and anonymity in INT Transactions

https://preview.redd.it/kyigcq4j5p331.png?width=1280&format=png&auto=webp&s=0584cd96378f51ead05b447397dcb0489995af4e

https://preview.redd.it/rfc3cw7q5p331.png?width=800&format=png&auto=webp&s=2b10b33defa0b354e0144745dd20c2f257812f29

The years of 2017 and ’18 were years focused on the topic of scaling. Coins forked and projects were hyped with this word as their sole mantra. What this debate brought us were solutions and showed us where we are right now satisfying the current need when paired with a plan for the future. What will be the focus of years to come will be anonymity and fungibility in mass adoption.
In the quickly evolving world of connected data, privacy is becoming a topic of immediate importance. As it stands, we trust our privacy to centralized corporations where safety is ensured by the strength of your passwords and how much effort an attacker dedicates to breaking them. As we grow into the new age of the Internet, where all things are connected, trustless and cryptographic privacy must be at the base of all that it rests upon. In this future, what is at risk is not just photographs and credit card numbers, it is everything you interact with and the data it collects.
If the goal is to do this in a decentralized and trustless network, the challenge will be finding solutions that have a range of applicability that equal the diversity of the ecosystem with the ability to match the scales predicted. Understanding this, INT has begun research into implementing two different privacy protocols into their network that conquer two of the major necessities of IoT: scalable private transactions and private smart contracts.

Mimblewimble

One of the privacy protocols INT is looking into is Mimblewimble. Mimblewimble is a fairly new and novel implementation of the same elements of Elliptic-Curve Cryptography that serves as the basis of most cryptocurrencies.

https://preview.redd.it/dsr6s6vt5p331.png?width=800&format=png&auto=webp&s=0249e76907c3c583e565edf19276e2afaa15ae08

In bitcoin-wizards IRC channel in August 2016, an anonymous user posted a Tor link to a whitepaper claiming “an idea for improving privacy in bitcoin.” What followed was a blockchain proposal that uses a transaction construction radically different than anything seen today creating one of the most elegant uses of elliptic curve cryptography seen to date.
While the whitepaper posted was enough to lay out the ideas and reasoning to support the theory, it contained no explicit mathematics or security analysis. Andrew Poelstra, a mathematician and the Director of Research at Blockstream, immediately began analyzing its merits and over the next two months, created a detailed whitepaper [Poel16] outlining the cryptography, fundamental theorems, and protocol involved in creating a standalone blockchain.
What it sets out to do as a protocol is to wholly conceal the values in transactions and eliminate the need for addresses while simultaneously solving the scaling issue.

Confidential Transactions

Let’s say you want to hide the amount that you are sending. One great way to hide information that is well known and quick: hashing! Hashing allows you to deterministically produce a random string of constant length regardless of the size of the input, that is impossible to reverse. We could then hash the amount and send that in the transaction.

X = SHA256(amount)
or
4A44DC15364204A80FE80E9039455CC1608281820FE2B24F1E5233ADE6AF1DD5 = SHA256(10)

But since hashing is deterministic, all someone would have to do would be to catalog all the hashes for all possible amounts and the whole purpose for doing so in the first place would be nullified. So instead of just hashing the amount, lets first multiply this amount by a private blinding factor*.* If kept private, there is no way of knowing the amount inside the hash.

X = SHA256(blinding factor * amount)

This is called a commitment, you are committing to a value without revealing it and in a way that it cannot be changed without changing the resultant value of the commitment.
But how then would a node validate a transaction using this commitment scheme? At the very least, we need to prove that you satisfy two conditions; one, you have enough coins, and two, you are not creating coins in the process. The way most protocols validate this is by consuming a previous input transaction (or multiple) and in the process, creating an output that does not exceed the sum of the inputs. If we hash the values and have no way validate this condition, one could create coins out of thin air.

input(commit(bf,10), Alice) -> output(commit(bf,9), BOB), outputchange(commit(bf,5), Alice)
Or
input(4A44DC15364204A80FE80E9039455CC1608281820FE2B24F1E5233ADE6AF1DD5, Alice) ->
output(19581E27DE7CED00FF1CE50B2047E7A567C76B1CBAEBABE5EF03F7C3017BB5B7, Bob)
output(EF2D127DE37B942BAAD06145E54B0C619A1F22327B2EBBCFBEC78F5564AFE39D, Alice)

As shown above, the later hashed values look just as valid as anything else and result in Alice creating 4 coins and receiving them as change in her transaction. In any transaction, the sum of the inputs must equal the sum of the outputs. We need some way of doing mathematics on these hashed values to be able to prove:

commit(bf1,x) = commit(bf2,y1) + commit(bf3,y2)

which, if it is a valid transaction would be:

commit(bf1,x) - commit(bf2+bf3,y1+y2) = commit(bf1-(bf2+bf3),0)

Or just a commit of the leftover blinding factors.

By the virtue of hashing algorithms, this isn’t possible. To verify this we would have to make all blinding factors and amounts public. But in doing so, nothing is private. How then can we make a valued public that is made with a private-value in such a way that you cannot reverse engineer the private value and still validate it satisfies some condition? It sounds a bit like public and private key cryptography…
What we learned in our primer on Elliptic-Curve Cryptography was that by using an elliptic curve to define our number space, we can use a point on the curve, G, and multiply it by any number, x, and what you get is another valid point, P, on the same curve. This calculation is quick but in taking the resultant point and the publically known generator point G, it is practically impossible to figure out what multiplier was used. This way we can use the point P as the public key and the number x as the private key. Interestingly, they also have the curious property of being additive and communicative.
If you take point P which is xG and add point Q to it which is yG, its resulting point, W = P + Q, is equal to creating a new point with the combined numbers x+y. So:
https://preview.redd.it/yv0knclr6p331.png?width=800&format=png&auto=webp&s=9a3abccdc164e615651147141736356013e4b829
This property, homomorphism, allows us to do math with numbers we do not know.
So if instead of using the raw amount and blinding factor in our commit, we use them each multiplied by a known generator point on an elliptic curve. Our commit can now be defined as:
https://preview.redd.it/aas2wm0u6p331.png?width=800&format=png&auto=webp&s=c3ebb5728f755f30e878ce5f1885397f6667d4f3
This is called a Pedersen Commitment and serves as the core of all Confidential Transactions.
Let’s call the blinding factors r, and the amounts v, and use H and G as generator points on the same elliptic curve (without going deep into Schnorr signatures, we will just accept that we have to use two different points for the blinding factor and value commits for validation purposes**). Applying this to our previous commitments:
https://preview.redd.it/zf246t8z6p331.png?width=800&format=png&auto=webp&s=17e2e155c59002f05f38ccb27082f79a5dd98a1f
and using the communicative properties:
https://preview.redd.it/km4fuf017p331.png?width=800&format=png&auto=webp&s=13541d62ec3f6e5728388b7a8d995c3829364a42
which for a valid transaction, this would equal:
with ri, vi being the values for the input, ro,vo being the values for the output and rco, vco being the values for the change output.

This resultant difference is just a commit to the excess blinding factor, also called a commitment-to-zero:
https://preview.redd.it/tqnwao667p331.png?width=800&format=png&auto=webp&s=9da5ecab5c670024f171a441e0d2477cf8f41a56
You can see that in any case where the blinding factors were selected randomly, the commit-to-zero will be non-zero and in fact, is still a valid point on the elliptic curve with a public key,
https://preview.redd.it/19ry9i297p331.png?width=800&format=png&auto=webp&s=4fb6628a01dc784816e1aea43cc0f5cfb025af52
And private key being the difference of the blinding factors.
So, if the sum of the inputs minus the sum of the outputs produces a valid public key on the curve, you know that the values have balanced to zero and no coins were created. If the resultant difference is not of the form
https://preview.redd.it/71mpdobb7p331.png?width=800&format=png&auto=webp&s=143d28da48d40208d5ef338444b3c7edea1fab9c
for some excess blinding factor, it would not be a valid public key on the curve, and we would know that it is not a balanced transaction. To prove this, the transaction is then signed with this public key to prove the transaction is balanced and that all blinding factors are known, and in the process, no information about the transaction have been revealed (the by step details of the signature process can be read in [Arvan19]).
All the above work assumed the numbers were positive. One could create just as valid of a balanced transaction with negative numbers, allowing users to create new coins with every transaction. Called Range Proofs, each transaction must be accompanied by a zero-knowledge argument of knowledge to prove that a private committed value lies within a predetermined range of values. Mimblewimble, as well as Monero, use BulletProofs which is a new way of calculating the proof which cuts down the size of the transaction by 80–90%.

*Average sizes of transactions seen in current networks or by assuming 2 input 2.5 output average tx size for MW

Up to this point, the protocol described is more-or-less identical between Mimblewimble and Monero. The point of deviation is how transactions are signed.
In Monero, there are two sets of keys/addresses, the spend keys, and the view keys. The spend key is used to generate and sign transactions, while the view key is used to “receive” transactions. Transactions are signed with what is called a Ring Signature which is derived from the output being spent, proving that one key out of the group of keys possesses the spend key. This is done by creating a combined Schnorr signature with your private key and a mix of decoy signers from the public keys of previous transactions. These decoy signers are all mathematically equally valid which results in an inability to determine which one is the real signer. Being that Monero uses Pedersen Commitments shown above, the addresses are never publically visible but are just used for the claiming, signing of transactions and generating blinding factors.
Mimblewimble, on the other hand, does not use addresses of any type. Yes. That’s right, no addresses. This is the true brilliance of the protocol. What Jedusor proved was that the blinding factors within the Pedersen commit and the commit-to-zero can be used as single-use public/private key pairs to create and sign transactions.
All address based protocols using elliptic-curve cryptography generate public-private key pairs in essentially the same way. By multiplying a very large random number (k_priv) by a point (G) on an elliptic curve, the result (K_pub) is another valid point on the same curve.
https://preview.redd.it/pt2xr33i7p331.png?width=800&format=png&auto=webp&s=1785cebcc842cab19b3987d848b2029032ae1195
This serves as the core of all address generation. Does that look familiar?
Remember this commit from above:
https://preview.redd.it/w9ooxudk7p331.png?width=800&format=png&auto=webp&s=d94ad3ac103352aa4c9653934d61cccc25a6bf8f
Each blinding factor multiplied by generator point G (in red) is exactly that! r•G is the public key with private key r! So instead of using addresses, we can use these blinding factors as proof we own the inputs and outputs by using these values to build the signature.
This seemingly minor change removes the linkability of addresses and the need for a scriptSig process to check for signature validity, which greatly simplifies the structure and size of Confidential Transactions. Of course, this means (at this time) that the transaction process requires interaction between parties to create signatures.

CoinJoin

Even though all addresses and amounts are now hidden, there is still some information that can be gathered from the transactions. In the above transaction format, it is still clear which outputs are consumed and what comes out of the transaction. This “transaction graph” can reveal information about the owners of the blinding factors and build a picture of the user based on seen transaction activity. In order to further hide and condense information, Mimblewimble implements an idea from Greg Maxwell called CoinJoin [Max13] which was originally developed for use in Bitcoin. CoinJoin is a trustless method for combining multiple inputs and outputs from multiple transactions, joining them into a single transaction. What this does is a mask that sender paid which recipient. To accomplish this in Bitcoin, users or wallets must interact to join transactions of like amounts so you cannot distinguish one from the other. If you were able to combine signatures without sharing private keys, you could create a combined signature for many transactions (like ring signatures) and not be bound by needing like amounts.

In this CoinJoin tx, 3 addresses have 4 outputs with no way of correlating who sent what
In Mimblewimble, doing the balance calculation for one transaction or many transactions still works out to a valid commit-to-zero. All we would need to do is to create a combined signature for the combined transaction. Mimblewimble is innately enabled to construct these combined signatures with the commit of Schnorr challenge transaction construction. Using “one-way aggregate signatures” (OWAS), nodes can combine transactions, while creating the block, into a single transaction with one aggregate signature. Using this, Mimblewimble joins all transactions at the block level, effectively creating each block as one big transaction of all inputs consumed and all outputs created. This simultaneously blurs the transaction graph and has the power to remove in-between transactions that were spent during the block, cutting down the total size of blocks and the size of the blockchain.

Cut-through

We can take this one step further. To validate this fully “joined” block, the node would sum all of the output commitments together, then subtract all the input commitments and validate that the result is a valid commit-to-zero. What is stopping us from only joining the transactions within a block? We could theoretically combine two blocks, removing any transactions that are created and spent in those blocks, and the result again is a valid transaction of just unspent commitments and nothing else. We could then do this all the way back to the genesis block, reducing the whole blockchain to just a state of unspent commitments. This is called Cut-through. When doing this, we don’t have any need to retain the range proofs of spent outputs, they have been verified and can be discarded. This lends itself to a massive reduction in blockchain growth, reducing growth from O*(number of txs)* to O*(number of unspent outputs)*.
To illustrate the impact of this, let’s imagine if Mimblewimble was implemented in the Bitcoin network from the beginning, with the network at block 576,000, the blockchain is about 210 GB with 413,675,000 total transactions and 55,400,000 total unspent outputs. In Mimblewimble, transaction outputs are about 5 kB (including range proof ~5 kB and Pedersen commit ~33 bytes), transaction inputs are about 32 bytes and transaction proof are about 105 bytes (commit-to-zero and signature), block headers are about 250 bytes (Merkle proof and PoW) and non-confidential transactions are negligible. This sums up to a staggering 5.3 TB for a full sync blockchain of all information, with “only” 279 GB of that being the UTXOs. When we cut-through, we don’t want to lose all the history of transactions, so we retain the proofs for all transactions as well as the UTXO set and all block headers. This reduces the blockchain to 322 GB, a 94% reduction in size. The result is basically a total consensus state of only that which has not been spent with a full proof history, greatly reducing the amount of sync time for new nodes.
If Bulletproofs are implemented, the range proof is reduced from over 5kB to less than 1 kB, dropping the UTXO set in the above example from 279 GB to 57 GB.

*Based on the assumptions and calculations above.

There is also an interesting implication in PoS blockchains with explicit finality. Once finality has been obtained, or at some arbitrary blockchain depth beyond it, there is no longer the need to retain range proofs. Those transactions have been validated, the consensus state has been built upon it and they make up the vast majority of the blockchain size. If we say in this example that finality happens at 100 blocks deep, and assume that 10% of the UTXO set is pre-finality, this would reduce the blockchain size by another 250 GB, resulting in a full sync weight of 73 GB, a 98.6% reduction (even down 65% from its current state). Imagine this. A 73 GB blockchain for 10 years of fully anonymous Bitcoin transactions, and one third the current blockchain size.
It’s important to note that cut-through has no impact on privacy or security. Each node may choose whether or not to store the entire chain without performing any cut-through with the only cost being increased disk storage requirements. Cut-through is purely a scalability feature resulting in Mimblewimble based blockchains being on average three times smaller than Bitcoin and fifteen times smaller than Monero (even with the recent implementation of Bulletproofs).

What does this mean for INT and IoT?

Transactions within an IoT network require speed, scaling to tremendous volumes, adapting to a variety of uses and devices with the ability to keep sensitive information private. Up till now, IoT networks have focused solely on scaling, creating networks that can transact with tremendous volume with varying degrees of decentralization and no focus on privacy. Without privacy, these networks will just make those who use it targets who feed their attackers the ammunition.
Mimblewimble’s revolutionary use of elliptic-curve cryptography brings us a privacy protocol using Pedersen commitments for fully confidential transactions and in the process, removes the dependence on addresses and private keys in the way we are used to them. This transaction framework combined with Bulletproofs brings lightweight privacy and anonymity on par with Monero, in a blockchain that is 15 times smaller, utilizing full cut-through. This provides the solution to private transactions that fit the scalability requirements of the INT network.
The Mimblewimble protocol has been implemented in two different live networks, Grin and Beam. Both are purely transactional networks, focused on the private and anonymous transfer of value. Grin has taken a Bitcoin-like approach with community-funded development, no pre-mine or founders reward while Beam has the mindset of a startup, with VC funding and a large emphasis on a user-friendly experience.
INT, on the other hand, is researching implementing this protocol either on the main chain, creating all INT asset transfer private or as an optional and add-on subchain, allowing users to transfer their INT from non-private chain to the private chain, or vice versa, at will.

Where it falls short?

What makes this protocol revolutionary is the same thing that limits it. Almost all protocols, like Bitcoin, Ethereum, etc., use a basic scripting language with a function calls out in the actual transaction data that tells the verifier what script to use to validate it. In the simplest case, the data provided with the input calls “scriptSig” and provides two pieces of data, the signature that matches the transaction and the public key that proves you own the private key that created it. The output scripts use this provided data with the logic passed with it, to show the validator how to prove they are allowed to spend it. Using the public key provided, the validator then hashes it, checks that it matches the hashed public key in the output, if it does, it then checks to make sure the signature provided matches the input signature.
https://preview.redd.it/5u6m1eiv7p331.png?width=1200&format=png&auto=webp&s=3729eb12037107ae744d15cea9f9bc1e18a3c719
This verification protocol allows some limited scripting ability in being able to tell validators what to do with the data provided. The Bitcoin network can be updated with new functions allowing it to adapt to new processes or data. Using this, the Bitcoin protocol can verify multiple signatures, lock transactions for a defined timespan and do more complex things like lock bitcoin in an account until some outside action is taken.
In order to achieve more widely applicable public smart contracts like those in Ethereum, they need to be provided data in a non-shielded way or create shielded proofs that prove you satisfy the smart contract conditions.
In Mimblewimble, as a consequence of using the blinding factors as the key pairs, greatly simplifying the signature verification process, there are no normal scripting opportunities in the base protocol. What is recorded on the blockchain is just:

https://preview.redd.it/dwhiuc8y7p331.png?width=1200&format=png&auto=webp&s=69ea0a7797bc94a9766a4b31a639666bf9f1ebc4
  • Inputs used — which are old commits consumed
  • New outputs — which are new commits to publish
  • Transaction kernel — which contains the signature for the transaction with excess blinding factor, transaction fee, and lock_height.
And none of these items can be related to one another and contain no useful data to drive action.
There are some proposals for creative solutions to this problem by doing so-called scriptless-scripts†. By utilizing the properties of the Schnorr signatures used, you can achieve multisig transactions and more complex condition-based transactions like atomic cross-chain swaps and maybe even lightning network type state channels. Still, this is not enough complexity to fulfill all the needs of IoT smart contracts.
And on top of it all, implementing cut-through would remove transactions that might be smart contracts or rely on them.
So you can see in this design we can successfully hide values and ownership but only for a single dimensional data point, quantity. Doing anything more complex than transferring ownership of coin is beyond its capabilities. But the proof of ownership and commit-to-zero is really just a specific type of Zero-knowledge (ZK) proof. So, what if, instead of blinding a value we blind a proof?
Part 2 of this series will cover implementing private smart contracts with zkSNARKs.

References and Notes

https://github.com/ignopeverell/grin/blob/mastedoc/intro.md
https://github.com/mimblewimble/grin/blob/mastedoc/pow/pow.md
https://github.com/mimblewimble/grin/wiki/Grin-and-MimbleWimble-vs-ZCash
https://bitcointalk.org/index.php?topic=30579
[poel16] http://diyhpl.us/~bryan/papers2/bitcoin/mimblewimble-andytoshi-INCOMPLETE-DRAFT-2016-10-06-001.pdf
** In order to prove that v=0 and therefore the commit to zero, in fact, has no Hcomponent without revealing r, we must use Schnorr protocol:
prover generates random integer n, computes and sends point 𝑇←n𝐻
verifier generates and sends random integer 𝑖
prover computes and sends integer 𝑠←𝑖𝑏+n modq, where q is the (public) order of the curve
verifier knowing point r𝐻 computes point 𝑖(r𝐻), then point 𝑖(r𝐻)+𝑇; computes point 𝑠𝐻; and ensures 𝑖(r𝐻)+𝑇=𝑠𝐻.
[Arvan19] https://medium.com/@brandonarvanaghi/grin-transactions-explained-step-by-step-fdceb905a853
[Bulletproofs] https://eprint.iacr.org/2017/1066.pdf
[Max13] https://bitcointalk.org/?topic=279249
[MaxCT]https://people.xiph.org/~greg/confidential_values.txt
[Back13]https://bitcointalk.org/index.php?topic=305791.0
http://diyhpl.us/wiki/transcripts/grincon/2019/scriptless-scripts-with-mimblewimble/
https://tlu.tarilabs.com/cryptography/scriptless-scripts/introduction-to-scriptless-scripts.html#list-of-scriptless-scripts
http://diyhpl.us/~bryan/papers2/bitcoin/2017-03-mit-bitcoin-expo-andytoshi-mimblewmble-scriptless-scripts.pdf
submitted by INTCHAIN to INT_Chain [link] [comments]

DeFi Summit London - YouTube The future we're building -- and boring  Elon Musk - YouTube CryptoCurrency Arbitrage (Arbitrage Machine is a Scam) Sans limites TV - YouTube

The Bitcoin Primer: Risks, Opportunities, And Possibilities Item Preview remove-circle Share or Embed This Item . EMBED. EMBED (for wordpress.com hosted blogs and archive.org item <description> tags) Want more? Advanced embedding details, examples, and help! No_Favorite. share. flag. Flag this item for. Graphic Violence ; Graphic Sexual Content ; texts. The Bitcoin Primer: Risks, Opportunities ... And while opportunities abound, the risks of disruption and dislocation must not be ignored. Don Tapscott, the bestselling author of Wikinomics , and his son, blockchain expert Alex Tapscott, bring us a brilliantly researched, highly listenable, and utterly foundational book about the future of the modern economy. Opportunities And Risks Of Blockchain Technologies--A Research Agenda Juho Lindman, ... Banking Bitcoin-Related Businesses: A Primer for Managing BSA/AML Risks Douglas King — 2015 Using an artificial financial market for studying a cryptocurrency market Luisanna Cocco, Giulio Concas, Michele Marchesi — 2015 Crypto-currency bubbles: an application of the Phillips–Shi–Yu (2013 ... The public nature of the blockchain allows opportunities for identification. An article on bitcoin investigations from the Journal of Forensic Research illustrates many of them. 4 One way is to monitor the communications between nodes on the blockchain, which can associate transactions and internet protocol addresses. Applications have been ... The rewards for bitcoin mining are halved every four years or so. When bitcoin was first mined in 2009, mining one block would earn you 50 BTC. In 2012, this was halved to 25 BTC. By 2016, this ...

[index] [7564] [45632] [11728] [17676] [35130] [17734] [15034] [691] [30421] [14897]

DeFi Summit London - YouTube

DeFi Summit London took place on September 10th and 11th at Imperial College. It was organised by Cambrial Capital and Semantic Ventures, and sponsored by Centrifuge, 0x, ConsenSys, Lemniscap ... Visit http://TED.com to get our entire library of TED Talks, transcripts, translations, personalized Talk recommendations and more. Elon Musk discusses his n... Chaine d'information Sans Limites TV éditée par le Groupe GSL Communication, Ouest Foire Dakar ( Sénégal ) Directeur de Publication : Yankhoba SANE SERVICE C... If you want to setup the Arbitrage Machine, and you understand the risks involved: After getting a lot of messages, reading comments, and further researching previous scams, I'm all but convinced ... What is a blockchain and how do they work? I'll explain why blockchains are so special in simple and plain English! 💰 Want to buy Bitcoin or Ethereum? Buy fo...

#