One of my first priorities after coming onboard with the Grothendieck team to take forward Ethereum Classic was to get out and meet colleagues and IOHK’s developers, wherever they might be. That meant making a trip to St Petersburg and to Warsaw, which was an excellent opportunity to meet face-to-face, and all the more valuable given that we are usually spread out around the world and across timezones. When I arrived in St Petersburg at the end of January to see Alex Chepurnoy, IOHK Research Fellow and Scorex Team manager, the temperature outside was hovering below zero degrees celsius. Lunch involved Alex and I walking across a frozen lake, where a guy was fishing through the ice and another brave citizen in swimming trunks was going for a quick splash in the lake’s icy water. Later, Alex and I put our heads together to look at Scorex and whether it would be compatible for our Scala implementation of the Ethereum Client. We got into detailed discussions on how consensus is formed in ETC and the differences between it and Scorex, before going on to consider the network layer, and I also learnt from Alex about some of the potential future attacks on Ethereum. By the end of the trip we concluded that Scorex was not the right fit for use on the ETC client, because Ethereum is specified to a much greater degree of detail than Scorex was designed to accommodate. It was a useful discussion to have. We also shared thoughts on the philosophy of how blockchains work and IODB, which Jan Kotek at IOHK has developed specifically as a blockchain database and which supports versioning and key value pairs. All in all, it was a productive trip, rounded off with a visit to the State Russian museum, which I highly recommend.
In early February I visited Warsaw, to get to know the part of the Grothendieck team based in Poland. They normally work from home, so we hired a co-working space in Warsaw. True to the spirit of remote working, we set up a laptop and the Grothendieck team’s Argentine contingent – Alan Verbner and Nicolas Tallar – joined online from Buenos Aires. It was a fun variation from our usual daily call to keep up to date.
So with the Polish part of the team – Radek Tkaczyk, Adam Smolarek, Lukasz Gasior and Jan Ziniewicz – we set out a timeline for our work on ETC and walked through all the functionality filling in gaps in each other’s knowledge as we went along. It was a very useful session followed by a well deserved team dinner and a beer (Thank you Pawel Marzec for organising!) On the second day, with the help of the whiteboard, we went through gas calculation, the architectural layer and architectural layering and components in the codebase.
Next stop, Argentina!
Authenticated Dynamic Dictionaries, with Applications to Cryptocurrencies
20 February 2017 Alexander Chepurnoy 3 mins read
Our paper "Improving Authenticated Dynamic Dictionaries, with Applications to Cryptocurrencies" will appear at the Financial Cryptography 2017 conference in Malta in April. It was also presented at the Real World Crypto 2017 conference in New York and I highly recommend watching the impressive presentation from Leonid Reyzin, professor of computer science at Boston University and one of the four authors of the paper.
Some background. Previously I worked for the Nxt platform which has assets and many more cool features. The problem is, the blockchain processing becomes incredibly heavyweight (considering the pretty low number of transactions, in comparison with Bitcoin) with new features added. The same problem with Ethereum these days - after the attacks in autumn, it is nearly impossible to wait until processing being finished on an ordinary laptop.
The problem is in a state (e.g. UTXO set in Bitcoin) persistence. Once it hits a secondary storage (HDD or SSD), processing becomes very slow.
Thus two considerations behind our work on AVL+ trees and a proposed scheme for cryptocurrencies:
It should be feasible to run a full-node (maybe not a mining node) on commodity hardware
Initial blockchain processing, and then block processing must use RAM only
As commodity hardware is pretty limited in RAM, the idea is not to store the state for full-nodes at all. The scheme is as follows:
The state is authenticated with the help of a 2-party dynamic authenticated dictionary.
A mining node is storing the whole state. When packing transactions into a block, it generates proofs of the authenticated state transformations and announces a new root hash after the transformations being done in a blockheader. Proofs are to be included into the block.
A full-node receiving the block checks that 1) Transactions are correct (format and signatures are correct etc) 2) State transformation operations derived from the transactions are corresponding to the proofs 3) Proofs are correct 4) Resulting roothash (a verifier is getting it just by processing proofs) is the same as the announced one. Thus the node is checking everything, but without holding the state (e.g. UTXO set).
Then the paper is about to find a most efficient structure out of many candidates (and the winner is custom-tailored authenticated AVL+ trees).
Not mentioned in the paper but worth mentioning is that proofs in a block could be authenticated themselves (with the help of a Merkle tree which is perfect for static data) with a root hash included in a blockheader. Then if node is holding the state it could skip downloading proofs from the network, also there is possibility to prune them in the future (this scheme reminds me of the SegWit proposal for Bitcoin).
Proofs are adding a significant burden regarding block size (actually a proof can be longer than the corresponding transaction), so decreased throughput is to be considered seriously.
The code had been released on GitHub during RealWorldCrypto – see the section on authenticated data structures. There are some possible further minor optimizations (possibly reducing proof size by few percent in total) we are now discussing.
A Proof-of-Stake lecture at Oxford university
16 February 2017 Jane Wild 3 mins read
Mathematicians with a curiosity about the algorithms behind blockchain came to hear Aggelos Kiayias speak at Oxford university’s Mathematical Institute on Wednesday. Professor Kiayias, Chief Scientist at IOHK, had been invited to the university to give a talk on his work on Ouroboros, a provably secure Proof-of-Stake algorithm for blockchain.
It the first time such a cryptographic protocol has been devised and is significant because its use would enable blockchains to process many more transactions, giving the technology the muscle that would scale it up for far wider use than at present.
“Bitcoin is slow,” he said in the presentation, in an outline of the problem. “The transactions per second of Visa are in the order of many thousands, for Paypal in the order of hundreds, and Bitcoin is far less than that – clearly that’s something that can’t scale to a global level.”
In addition to the much greater efficiency of Ouroboros, Prof Kiayias explained a novel reward mechanism for incentivising the protocol and used game theory to show why attacks such as selfish mining and block withholding would be neutralised.
A Nash equilibrium is a prescription of a strategy for each rational player, with the property that if other players follow it, it does not make sense for a rational player to deviate from it.
Prof Kiayias described how Ouroboros can be proven to be an approximate Nash equilibrium, thus distinguishing this blockchain system from Bitcoin, which is known to be not incentive compatible.
The Ouroboros paper was first published last December with Alexander Russel, Bernardo David and Roman Oliynykov and Prof Kiayias presented the work at the Alan Turing Institute in London last year.
A new version of the Ouroboros technical report will be available as early as next week, and will contain updated benchmarks that illustrate the performance benefits of the protocol.
Among the audience was Hayyu Imanda, whose desire to specialise in cryptography for her PhD studies brought her to hear the presentation. The 22-year-old is currently in a class of 26 students at Oxford university studying for an MSc in Mathematics and Foundations of Computer Science.
“I come from a pure maths background and I find cryptography very interesting, in that it was relatively recently founded and there is so much research happening,” she says. “I see it as a bridge from pure maths into real life, with many uses in terms of security, and it’s going to be a growing field.”
Winter School on blockchain
The year got off to an invigorating start for IOHK when a team of its researchers arrived in a chilly Shanghai for the first ever Winter School on cryptocurrency and blockchain technologies.
The main hall at the university’s technology building was packed for the three-day event, with a cast of renowned cryptographers on the stage, including IOHK chief scientist Aggelos Kiayias. Professor Kiayias presented a double session on his work on proving the security of blockchain protocols. Jonathan Katz from the University of Maryland spoke on game theory, as well as chairing the event.
A lively panel debate on bitcoin, blockchain and their future, saw IOHK co-founder Charles Hoskinson take to the stage with his former collaborator at Ethereum, Vitalik Buterin.
Other speakers included Andrew Miller from the University of Illinois, Loi Luu from the National University of Singapore, Joseph Bonneau from Stanford University, Vassilis Zikas from Rensselaer Polytechnic Institute and Hong-Sheng Zhou from Virginia Commonwealth University.
During a break in programming the IOHK delegation honed their taxi hailing techniques (Shanghai’s cabs may be empty but that doesn’t mean they will stop) to travel across town for filming. See the videos here.
Cryptography comes out of the classroom
Even earlier than Shanghai, IOHK researchers were already busy this January, at Real World Crypto in New York. The aim of the annual conference is to strengthen the links between academics and developers in the hope of bringing the latest research into commercial applications in areas such as the internet, the cloud and embedded devices.
Prof Kiayias, who is chair of Cyber Security and Privacy at the University of Edinburgh, is an organiser and member of the steering committee.
From its beginnings as a gathering of some 150 specialists a few years ago, the audience at Real World Crypto has now grown to almost four times that size.
“We’ve seen more people come each year,” says Prof Kiayias. “Our audience considers this to be the one of the primary events they go to, to get information about the applied aspects of cryptography.”
Russia-based Alex Chepurnoy also flew to the US for the conference for a presentation on a co-authored paper on blockchain efficiency.
The work, Improving Authenticated Dynamic Dictionaries, is written with Leonid Reyzin, Dmitry Meshkov, Alex and Sasha Ivanov.
Topics tackled at the conference included passwords, blockchain, and TLS, the transport layer protocol through which data is exchanged on the internet.
Designing a brand
Vote for the winner in our public poll
Visit the ADA faucet to join development on our test net: tada.iohk.io
Read about Cardano SL: cardano-docs.iohk.io
Download the Daedalus wallet, available soon for OSX & Linux: daedaluswallet.io
Smart contracts will use code to reshape law
20 January 2017 Jane Wild 2 mins read
On a frosty Friday morning in Switzerland’s commercial centre of Zurich, an audience arrived early at the university to learn about the emerging field of smart contracts in a presentation given by Charles Hoskinson. A completely new way of quantifying concepts like trust, reputation and ambiguity, smart contracts are a digital legal system – a computer protocol that facilitates, verifies or enforces the negotiation or performance of a contract.
The idea is now gaining new momentum from ventures including Cardano, and academic papers are also providing a driving force behind the development. These contracts aren’t written in legalese, but in computer code, and that gives them the flexibility to quickly adapt to society’s needs in a way legislation cannot.
1. A secure distributed system
Who gets to design the protocol is an important question. Useful resources are offered in work by Tim Swanson, who has written a lot about private/public blockchains. Rich Hickey’s lecture, the Value of Values, is worth watching on YouTube.
2. A language in which to write the contracts
Cardano’s researchers have conceived Plutus to write its smart contracts. Creating a language is the easy part, but the question of how you deal with ambiguity must be addressed; who would you go to if there is a problem?
3. A secure way of performing computation
“Verifiable computing” is the concept to explore here. There is a debate about hardware versus software – how can you be sure the system has had no backdoor installed?
4. A method of representing assets and value
This could be done by creating a token that is pegged to a value-stable currency such as the dollar. Another matter to consider is what jurisdiction the digital asset falls under.
5. Trustworthy data feeds
In traditional finance this might be supplied by a Bloomberg terminal. A smart contract needs a similar source, but there is no equivalent yet in this field to provide the necessary information stream.
This reimagining of how legal processes can work has the potential to solve some problems of current legal systems, offering a clarity of code in place of ambiguous legal clauses. If needed, a layer can be added to the protocol to allow for human judgement and arbitration. This all combines to sharply bring down the cost of legal services.