Rememberful Bitcoin News.
Top-ten digital currency Dash announces its own dedicated conference in London this September, promising major integration and business partnership announcements.
Top-ten digital currency Dash announces its own dedicated conference in London this September, promising major integration and business partnership announcements.
Bloomberg |
Mark Cuban Backs Cryptocurrency Fund After Saying Bitcoin Is a Bubble
Fortune Despite saying Bitcoin was a bubble in early June, Cuban has backed venture capital firm 1confirmation, according to Bloomberg. The firm not only has plans to invest some $20 million in companies developing blockchain technologies, but it also wants to … Bitcoin Skeptic Mark Cuban to Invest in Cryptocurrency FundBloomberg Bitcoin skeptic Mark Cuban investing in cryptocurrency fundThe Hill Mark Cuban is backing a new cryptocurrency fund months after calling bitcoin a ‘bubble’Business Insider |
Bloomberg | Mark Cuban Backs Cryptocurrency Fund After Saying Bitcoin Is a Bubble Fortune Despite saying Bitcoin was a bubble in early June, Cuban has backed venture capital firm 1confirmation, according to Bloomberg. The firm not only has plans to invest some $20 million in companies developing blockchain technologies, but it also wants to ... Bitcoin Skeptic Mark Cuban to Invest in Cryptocurrency Fund Bitcoin skeptic Mark Cuban investing in cryptocurrency fund Mark Cuban is backing a new cryptocurrency fund months after calling bitcoin a 'bubble' |
Kraken is making some platform changes in a bid to reduce the strain on its cryptocurrency exchange.
Kraken is making some platform changes in a bid to reduce the strain on its cryptocurrency exchange.
For the past couple of days, Bitcoin Cash (Bcash or BCH) has been more profitable to mine than Bitcoin (BTC). This has resulted in miners switching from Bitcoin to Bcash, causing a significant speedup of blocks on the Bcash chain, to the point where several dozens of blocks were found per hour. Meanwhile, the Bitcoin blockchain had slowed down significantly; in some cases only one or two blocks were found each hour.
In the short term, therefore, Bitcoin users were inconvenienced: they had to wait longer for their transactions to confirm, and they had to pay more fees to get them confirmed quickly.
In the longer term, however, this dynamic could make the Bitcoin Cash chain very unstable.
Here’s why.
It should first be noted that this article makes some assumptions that do not quite (or necessarily) hold up to the full extent in reality.
For example, the article will assume that all (or most) miners mainly care about short-term profits, it will assume that miners can switch between different blockchains at no (or little) cost, it won’t take into account that miners need to wait 100 blocks before they can spend their block rewards, and more.
Perhaps more importantly, the article will also assume that Bitcoin block rewards are more valuable than Bitcoin Cash block rewards. At the time of writing this is the case, by a relatively large margin. Both Bitcoin and Bcash miners are awarded at least 12.5 new coins per block, but BTC is about six times more valuable than BCH. On top of that, Bitcoin blocks contain significantly more fees.
Though while the reality of the situation is more complex, the overall dynamic should hold up — at least until and unless Bcash block rewards become more valuable than Bitcoin’s.
Miners mine to turn a profit, or at least that’s the assumption for this article. They invest resources — time, electricity, hardware, and more — in return for coins.
Mining profitability is determined by the value of the block reward, and the “difficulty” to mine a block. If the difficulty is higher, miners need to invest more resources to find a block. If the difficulty is lower, miners need to invest less.
Notably, what doesn’t actually matter for profitability in the short term, is how many other miners (by hash power) are mining on a particular chain. If many miners are, for example, mining on the Bcash chain, it just means that all these miners find Bcash blocks faster for a while.
This situation does self-correct over time, when the difficulty adjusts. On both Bitcoin and Bcash, difficulty adjusts once every 2016 blocks, which is “supposed” to happen every two weeks. If these 2016 blocks are found in less than two weeks, difficulty adjusts upwards, so the next 2016 blocks will be harder to find. If these 2016 blocks are found in more than two weeks, difficulty adjusts downwards, so the next 2016 blocks will be easier to find.
These adjustments happen relative to how much faster or slower blocks were mined than they were “supposed” to, but it can increase or decrease fourfold (x4 or x0.25) at most.
Now, since one Bcash block reward is currently worth about seven times less than one Bitcoin block reward, Bcash can only be more profitable to mine if its difficulty is more than seven times lower. (This has been the case for the past few days.)
But if that occurs, something interesting happens. From the very moment that Bcash is more profitable to mine, it immediately becomes more profitable to mine for all miners. In this hypothetical, all miners would immediately abandon the Bitcoin chain, and instead mine Bcash exclusively.
Of course, this can’t go on forever. If there are so many miners on the Bcash chain, the 2016 blocks will be found extremely fast. (This has been the case for the past few days.) As such, the next difficulty adjustment comes very fast too; potentially within a day or two. (This just happened.) Importantly, because that’s much too fast, the difficulty now adjusts upward by a lot: probably fourfold. (This just happened.)
That’s where Bcash’s problems start.
At this point, Bcash’s difficulty is so high that Bitcoin is once again the most valuable chain to mine on. As such, after a lull of about two days, all miners should now switch back to mining Bitcoin.
Bitcoin’s difficulty, meanwhile, was already pretty high. Once all those miners switch back, the 2016 blocks may or may not be found a bit faster than usual. But nothing out of the ordinary.
As such, even after the 2016 Bitcoin blocks are found, not much changes. Bitcoin would still be more profitable chain to mine. Profit-maximizing miners would therefore all continue to mine on Bitcoin only.
And once the next difficulty period is over, once again, nothing will change. Bitcoin would still be more profitable for all miners.
Meanwhile, on the opposite end of the equation, no miners would mine on Bitcoin Cash whatsoever. It’s not as profitable to mine. The Bcash blockchain should freeze in its tracks.
Bcash does have solutions for this problem — sort of.
First off, Bcash implemented an emergency re-adjustment scheme to deal with situations like these. If, within a time-frame of twelve hours, fewer than six blocks are found, difficulty adjusts downward by 20 percent. This can help get difficulty down to normal levels quicker.
But that’s not a perfect solution in itself. For one, it does still require at least six blocks to be found, and probably more to get difficulty back to normal. This means that miners still need to mine on the Bcash chain at a loss, against their short-term interests. Furthermore, miners that are unfriendly toward Bcash could — somewhat ironically — mine on this chain just enough to prevent such a re-adjustment.
And even if some miners do mine on the Bcash chain toward a difficulty adjustment, it would just set the exact same dynamic in motion after a while. The Bcash chain would be more profitable to mine for a couple of days, after which it should freeze in its tracks. Then these miners would have to, once again, mine at a loss to keep the chain alive, only to set the same dynamic in motion again. And again.
Interestingly, this scenario could potentially benefit miners at large, especially if they coordinate. While some miners do need to mine against their short-term interests to reach the required difficulty adjustment, once that difficulty adjustment is reached, all miners get to sweep up massive amounts of block rewards within a day or two.
As long as there are buyers for these coins, such a stop-and-go cycle could be very profitable in the long term.
This is not a new science.
Namecoin, one of the first altcoins, faced similar problems in 2011. After a sudden jump in hash rate, its chain got stuck, and it took months for ideologically motivated miners to work toward a next difficulty adjustment. This cycle repeated a couple of times, at which point Namecoin fixed the problem by “merged mining” the coin with Bitcoin. All Bitcoin miners can now automatically mine Namecoin using the same hash power, without needing to switch between chains. Many Bitcoin miners do.
The problem that Namecoin had to face is also a key reason why Litecoin’s creator, Charlie Lee, decided to implement the Scrypt mining algorithm in Litecoin, another early altcoin. He realized that a secondary cryptocurrency should not compete with Bitcoin for hash power on the SHA256 algorithm at all, exactly because of the instability that would result. By picking an entirely different algorithm, miners can’t hop from one chain to another, thus resolving the problem as well.
And many other altcoins, like Ethereum, have much faster difficulty readjustment schemes. While this may technically still require miners to mine at a loss in some cases (and could have other detrimental effects), this situation should resolve within hours or days — not weeks or months.
If Bitcoin Cash chooses to adopt any of these solutions, the coin will probably require another hard fork. Or, of course, its block rewards will have to become more valuable than Bitcoin’s…
Thanks to Litecoin creator Charlie Lee for information and feedback.
The post Why Bcash Mining Shouldn’t Affect Bitcoin Much (But Bitcoin Mining Could Ruin Bcash) appeared first on Bitcoin Magazine.
For the past couple of days, Bitcoin Cash (Bcash or BCH) has been more profitable to mine than Bitcoin (BTC). This has resulted in miners switching from Bitcoin to Bcash, causing a significant speedup of blocks on the Bcash chain, to the point where several dozens of blocks were found per hour. Meanwhile, the Bitcoin blockchain had slowed down significantly; in some cases only one or two blocks were found each hour.
In the short term, therefore, Bitcoin users were inconvenienced: they had to wait longer for their transactions to confirm, and they had to pay more fees to get them confirmed quickly.
In the longer term, however, this dynamic could make the Bitcoin Cash chain very unstable.
Here’s why.
It should first be noted that this article makes some assumptions that do not quite (or necessarily) hold up to the full extent in reality.
For example, the article will assume that all (or most) miners mainly care about short-term profits, it will assume that miners can switch between different blockchains at no (or little) cost, it won’t take into account that miners need to wait 100 blocks before they can spend their block rewards, and more.
Perhaps more importantly, the article will also assume that Bitcoin block rewards are more valuable than Bitcoin Cash block rewards. At the time of writing this is the case, by a relatively large margin. Both Bitcoin and Bcash miners are awarded at least 12.5 new coins per block, but BTC is about six times more valuable than BCH. On top of that, Bitcoin blocks contain significantly more fees.
Though while the reality of the situation is more complex, the overall dynamic should hold up — at least until and unless Bcash block rewards become more valuable than Bitcoin’s.
Miners mine to turn a profit, or at least that’s the assumption for this article. They invest resources — time, electricity, hardware, and more — in return for coins.
Mining profitability is determined by the value of the block reward, and the “difficulty” to mine a block. If the difficulty is higher, miners need to invest more resources to find a block. If the difficulty is lower, miners need to invest less.
Notably, what doesn’t actually matter for profitability in the short term, is how many other miners (by hash power) are mining on a particular chain. If many miners are, for example, mining on the Bcash chain, it just means that all these miners find Bcash blocks faster for a while.
This situation does self-correct over time, when the difficulty adjusts. On both Bitcoin and Bcash, difficulty adjusts once every 2016 blocks, which is “supposed” to happen every two weeks. If these 2016 blocks are found in less than two weeks, difficulty adjusts upwards, so the next 2016 blocks will be harder to find. If these 2016 blocks are found in more than two weeks, difficulty adjusts downwards, so the next 2016 blocks will be easier to find.
These adjustments happen relative to how much faster or slower blocks were mined than they were “supposed” to, but it can increase or decrease fourfold (x4 or x0.25) at most.
Now, since one Bcash block reward is currently worth about seven times less than one Bitcoin block reward, Bcash can only be more profitable to mine if its difficulty is more than seven times lower. (This has been the case for the past few days.)
But if that occurs, something interesting happens. From the very moment that Bcash is more profitable to mine, it immediately becomes more profitable to mine for all miners. In this hypothetical, all miners would immediately abandon the Bitcoin chain, and instead mine Bcash exclusively.
Of course, this can’t go on forever. If there are so many miners on the Bcash chain, the 2016 blocks will be found extremely fast. (This has been the case for the past few days.) As such, the next difficulty adjustment comes very fast too; potentially within a day or two. (This just happened.) Importantly, because that’s much too fast, the difficulty now adjusts upward by a lot: probably fourfold. (This just happened.)
That’s where Bcash’s problems start.
At this point, Bcash’s difficulty is so high that Bitcoin is once again the most valuable chain to mine on. As such, after a lull of about two days, all miners should now switch back to mining Bitcoin.
Bitcoin’s difficulty, meanwhile, was already pretty high. Once all those miners switch back, the 2016 blocks may or may not be found a bit faster than usual. But nothing out of the ordinary.
As such, even after the 2016 Bitcoin blocks are found, not much changes. Bitcoin would still be more profitable chain to mine. Profit-maximizing miners would therefore all continue to mine on Bitcoin only.
And once the next difficulty period is over, once again, nothing will change. Bitcoin would still be more profitable for all miners.
Meanwhile, on the opposite end of the equation, no miners would mine on Bitcoin Cash whatsoever. It’s not as profitable to mine. The Bcash blockchain should freeze in its tracks.
Bcash does have solutions for this problem — sort of.
First off, Bcash implemented an emergency re-adjustment scheme to deal with situations like these. If, within a time-frame of twelve hours, fewer than six blocks are found, difficulty adjusts downward by 20 percent. This can help get difficulty down to normal levels quicker.
But that’s not a perfect solution in itself. For one, it does still require at least six blocks to be found, and probably more to get difficulty back to normal. This means that miners still need to mine on the Bcash chain at a loss, against their short-term interests. Furthermore, miners that are unfriendly toward Bcash could — somewhat ironically — mine on this chain just enough to prevent such a re-adjustment.
And even if some miners do mine on the Bcash chain toward a difficulty adjustment, it would just set the exact same dynamic in motion after a while. The Bcash chain would be more profitable to mine for a couple of days, after which it should freeze in its tracks. Then these miners would have to, once again, mine at a loss to keep the chain alive, only to set the same dynamic in motion again. And again.
Interestingly, this scenario could potentially benefit miners at large, especially if they coordinate. While some miners do need to mine against their short-term interests to reach the required difficulty adjustment, once that difficulty adjustment is reached, all miners get to sweep up massive amounts of block rewards within a day or two.
As long as there are buyers for these coins, such a stop-and-go cycle could be very profitable in the long term.
This is not a new science.
Namecoin, one of the first altcoins, faced similar problems in 2011. After a sudden jump in hash rate, its chain got stuck, and it took months for ideologically motivated miners to work toward a next difficulty adjustment. This cycle repeated a couple of times, at which point Namecoin fixed the problem by “merged mining” the coin with Bitcoin. All Bitcoin miners can now automatically mine Namecoin using the same hash power, without needing to switch between chains. Many Bitcoin miners do.
The problem that Namecoin had to face is also a key reason why Litecoin’s creator, Charlie Lee, decided to implement the Scrypt mining algorithm in Litecoin, another early altcoin. He realized that a secondary cryptocurrency should not compete with Bitcoin for hash power on the SHA256 algorithm at all, exactly because of the instability that would result. By picking an entirely different algorithm, miners can’t hop from one chain to another, thus resolving the problem as well.
And many other altcoins, like Ethereum, have much faster difficulty readjustment schemes. While this may technically still require miners to mine at a loss in some cases (and could have other detrimental effects), this situation should resolve within hours or days — not weeks or months.
If Bitcoin Cash chooses to adopt any of these solutions, the coin will probably require another hard fork. Or, of course, its block rewards will have to become more valuable than Bitcoin’s…
Thanks to Litecoin creator Charlie Lee for information and feedback.
The post Why Bcash Mining Shouldn't Affect Bitcoin Much (But Bitcoin Mining Could Ruin Bcash) appeared first on Bitcoin Magazine.
Is cryptocurrency real money? The Cointelegraph discusses a few of the major issues surrounding the debate.
Is cryptocurrency real money? The Cointelegraph discusses a few of the major issues surrounding the debate.
In collaboration with Monax, Intel released Sawtooth Ethereum to allow ethereum smart contracts to be deployed on enterprise-grade Sawtooth platform.
In collaboration with Monax, Intel released Sawtooth Ethereum to allow ethereum smart contracts to be deployed on enterprise-grade Sawtooth platform.
The Plex service is widely appreciated by multimedia enthusiasts all over the world. It is a free software package that allows users to stream their media – video, photos, and music – to any device running the same software. Plex is supported on many platforms including consoles, smart TVs, tablets, and so forth. However, the company recently made an announcement that upset a lot of people. It had planned to make data collection mandatory, without giving users an option to opt out. That plan has been canceled due to the negative backlash. Mandatory Data Collection is Never a Good Idea In this day and age of data
The Plex service is widely appreciated by multimedia enthusiasts all over the world. It is a free software package that allows users to stream their media – video, photos, and music – to any device running the same software. Plex is supported on many platforms including consoles, smart TVs, tablets, and so forth. However, the company recently made an announcement that upset a lot of people. It had planned to make data collection mandatory, without giving users an option to opt out. That plan has been canceled due to the negative backlash.
In this day and age of data collection and invading of privacy, any decision made by companies in this regard will be scrutinized. Plex is no exception, as the software package is used by millions of people around the world. It is one of the most convenient ways to access and stream different types of media to any device. However, a newly announce plan by the company over the weekend had users up in arms, as they felt their privacy would have been invaded due to this decision.
The announcement of the change by the Plex team was bound to have major repercussions. The company aimed to collect data on how customers were using the software and services for which it is known. Up until now, that has always been a matter of users opting in to share this data or keeping it private at all times. The company decided the time had come to make a big change in this regard and make data collection mandatory at all times. Indeed, there would be no opt-out feature whatsoever.
The updated privacy policy reflecting these changes was not received all that well by the Plex community. In fact, they voiced their outrage on social media platforms and on the company’s forum as well. Most Plex users do not wish to share their information with the company or detail how they use the software. After all, Plex is often used to stream less-than-legal content to other devices, which would give the company information on which users are known to have possessed pirated content. It is unclear how that information would have been used, and with no opt-out feature, a lot of problems could have ensued.
According to the explanation provided by the company, this change was indeed necessary. A lot of information was already being transmitted due to servers connecting to the cloud, new services designed using metadata, and communication through the Plex cloud infrastructure to relay playback requests. Providing an opt-out feature in the setup, Plex claimed, would give users a false sense of privacy as a whole. The Plex software already collects a ton of information from which people cannot opt-out, and thus this updated privacy policy only reflected things which had been present for quite some already.
It did not take long until the Plex user base caught wind of this change and assumed the nature of an angry mob. Most of the users voicing concern promised to take their business elsewhere to other services, either paid or free of charge. Although the change was supposed to go into effect on September 20th, it appears the company has already reversed its decision altogether. This demonstrates that feedback from the public can certainly influence a company’s decision-making. Even though Plex meant no harm whatsoever, the potential implications of the data collection could have been catastrophic.
Additionally, Plex would have also been in violation of European Union law. These laws clearly state any company collecting users’ information needs the permission of the user specifically. Any updates made in regards to which information is collected has to be approved by users as well, which Plex had no intention of doing. The fact that the plan will not go into effect after all is a small victory for privacy advocates. The opt-out feature will remain where it is right now, although the amount of data collected when users opt in will still reflect the proposed changes.
China has leapfrogged other developed nations to be the Number One Fintech country in the world
China has leapfrogged other developed nations to be the Number One Fintech country in the world
In consideration of the rapid rise in popularity of ICOs, Cuende explained that he sees Ether price, the native token of Ethereum, rising to $1,000 in the mid-term.
…
In consideration of the rapid rise in popularity of ICOs, Cuende explained that he sees Ether price, the native token of Ethereum, rising to $1,000 in the mid-term.
Futurism |
Here’s Why Bitcoin Rose More than $1000 in Two Months
Futurism Bitcoin is the world’s most popular cryptocurrency, and its value continues to reach new heights. Here are a few reasons this relatively unknown digital coin was able to make the climb from obscurity to the mainstream consciousness. |
Futurism | Here's Why Bitcoin Rose More than $1000 in Two Months Futurism Bitcoin is the world's most popular cryptocurrency, and its value continues to reach new heights. Here are a few reasons this relatively unknown digital coin was able to make the climb from obscurity to the mainstream consciousness. |
MarketWatch |
Bitcoin rebounds after briefly entering correction territory
MarketWatch A single bitcoin BTCUSD, +1.12% was most recently up 2% on the day at $4,139.87, after dropping to as low as $3,687 in morning trade. At the session lows, the virtual currency had briefly been pushed into correction territory, defined by technical … Bitcoin Finds Strength Near $4000Forbes Bitcoin’s Battle Over Segwit2x Has BegunCoinDesk Bitcoin Price Leaves $4000 Behind as Mood Senses Destination $3400CoinTelegraph Telegraph.co.uk –Bitcoin Magazine –BizNews all 78 news articles » |
MarketWatch | Bitcoin rebounds after briefly entering correction territory MarketWatch A single bitcoin BTCUSD, +1.12% was most recently up 2% on the day at $4,139.87, after dropping to as low as $3,687 in morning trade. At the session lows, the virtual currency had briefly been pushed into correction territory, defined by technical ... Bitcoin Finds Strength Near $4000 Bitcoin's Battle Over Segwit2x Has Begun Bitcoin Price Leaves $4000 Behind as Mood Senses Destination $3400 |
MIT grad and Enigma CEOs email comprised and thousands of Ether are stolen
MIT grad and Enigma CEOs email comprised and thousands of Ether are stolen
If there is one particular trait Bitcoin severely lacks, it is anonymity. Despite claims from the media about how it is impossible to track Bitcoin transfers, the cryptocurrency is far more transparent compared to some others. That situation may soon change, as several initiatives are underway to add anonymity to Bitcoin in unique ways. One of these ventures is Zerolink, which claims to have come up with a method to fully anonymize payments made using Bitcoin. This certainly is an interesting concept that should not be overlooked. Zerolink Wants to Provide Bitcoin Anonymity It is neither the first nor the last time we will see a
If there is one particular trait Bitcoin severely lacks, it is anonymity. Despite claims from the media about how it is impossible to track Bitcoin transfers, the cryptocurrency is far more transparent compared to some others. That situation may soon change, as several initiatives are underway to add anonymity to Bitcoin in unique ways. One of these ventures is Zerolink, which claims to have come up with a method to fully anonymize payments made using Bitcoin. This certainly is an interesting concept that should not be overlooked.
It is neither the first nor the last time we will see a company focused on providing Bitcoin anonymity. This is quite an interesting trend, even though most people feel there is no need for such anonymity where Bitcoin is concerned. Then again, there are plenty of others who would like nothing more than to benefit from additional anonymity when completing Bitcoin payments. Achieving that goal is currently quite difficult without using a mixing service of some sort. Using services such as XMR.to is a viable option, assuming one owns any Monero to begin with.
This is why the Zerolink project is so intriguing. It appears its team has found a way to successfully anonymize Bitcoin payments. The project is a collaboration between the teams behind Samuraiwallet and Hiddenwallet. Both projects specifically target Bitcoin anonymity and privacy measures, so it makes sense they would join forces to produce an even more compelling solution. Their new wallet privacy framework appears to provide the traits some Bitcoin users have been actively seeking as of late.
It appears this project makes use of a technique known as Chaumian CoinJoin. The CoinJoin aspect is nothing new, as it has been a commonly used solution in the cryptocurrency world for quite some time now. However, this Chaumian implementation is slightly different, as it utilizes what are known as Chaum Blind Signatures. Users provide inputs and change addresses to the protocol, and use a blinded version of the address they want coins to go to. The server used for this purpose then signs the tokens and returns them.
According to the Zerolink team, this entire process takes as little as a few seconds or a minute at most. That in itself is quite impressive, considering most mixing services take hours, if not days, to complete. This particular service does not require the washing of coins specifically, so there is no need for Zerolink to hold large amounts of currency in reserve. Users will receive their initial tokens back, but with added anonymity thanks to a method known as blinding and unblinding. It is an interesting take on things which seemingly requires a lot less trust, although that remains to be determined.
It is quite interesting to see how far Bitcoin mixing has come these past few years. It initially started out as a very cumbersome process and lately has turned into a web-based service requiring use of the Tor browser. Zerolink aims to provide similar functionality to the masses without any specific requirements for bells and whistles or dedicated software. With the focus on reducing the associated fees, the team looks to be on track to make this a reality. Zerolink makes it economically unfeasible for malicious entities to disrupt the process.
It seems this Wallet Privacy Framework will be implemented into both Samouraiwallet and Hiddenwallet in the near future. No official timeline has been set so far, but the integration should not be too far out at this stage. There are still a lot of challenges associated with this concept such as protecting against distributed denial-of-service attacks. Coin mixing in the Bitcoin world will never be the same once this framework comes into the picture. It is an intriguing development by both teams.
Kraken is delisting 11 “illiquid” currency pairs today in an attempt to bulletproof its technical infrastructure for more popular trade options.
Kraken is delisting 11 “illiquid” currency pairs today in an attempt to bulletproof its technical infrastructure for more popular trade options.
How does one design a blockchain protocol? Back in 2013, while in Athens, I set out to design a non-proof-of-work-based blockchain protocol motivated by the debt crisis in Greece, looming bank liquidity problems and the increasing discussions about the possibility of having a parallel currency. The new protocol had to be based on proof of stake to make sure that it can run even on cellphones and be secure independent of any computational power existing that is external to it.
Very soon it became clear that the problem was going to need much more than a few months’ work. Fast-forward three years to 2016: I was at the University of Edinburgh and had joined forces with IOHK whose CEO, Charles Hoskinson, was poised to solve the same problem. The protocol, “Ouroboros” as it would be eventually named, was there but the core of the security proof was still elusive when my good friend Alexander Russell visited me.
Together, we tackled the problem of proving the security of the system. Whiteboards were filled over and over again until we felt we mined a true gem: a clean combinatorial argument that enabled us to argue mathematically the security of the scheme.
Security is an elusive concept. Take a system that is able to withstand a given set of adverse operational conditions. When can we call it secure? What if it collapses in the next moment when it is subjected to a slightly different set of conditions? Or when it is given inputs different from any that have been tried before?
Security cannot be demonstrated via experiment alone since attacker ingenuity can rarely be completely enumerated within any reasonable timeframe. Cryptographic design, thus, has to somehow scale this “universal quantifier”: the system should be called secure only if it withstands all possible attacks.
In response to this fundamental problem, “provable security” emerged as a rigorous discipline within cryptography that promotes the co-development of algorithms and (so-called) proofs of security. Such proofs come in the form of theorems that, under certain assumptions and threat models that describe what the attacker can and cannot do, establish the security of cryptographic algorithms. In this fashion, modern cryptographic design pushes the “burden of proof” to the proposer of an algorithm.
In the world of academic cryptography, gone are the days when someone could propose a protocol or algorithm and proclaim it secure because it was able to withstand a handful of known attacks. Instead, modern cryptographic design requires due diligence by the designers to ensure that no attack exists within a convincing and well-defined threat model.
This approach has been a tremendously powerful and inspiring paradigm within cryptography. For instance, the notion of a secure channel has been studied for more than 40 years. This is the fundamental cryptographic primitive that allows the proverbial Alice and Bob to send messages to each other safely in the presence (and possibly active interference) of an attacker. Today’s provable security analysis, even using automated tools, has unearthed attacks against secure channel protocols like TLS that were unanticipated by the security community.
Back in 2009 though, the blockchain was a concept that was presented outside regular academic cryptographic discourse. A brief white paper and a software implementation were sufficient to fuel its initial adoption that expanded rapidly. In retrospect, this was perhaps the only way for this fringe idea to ripple the waters of scientific discourse sufficiently and force a paradigm shift (in the sense of Thomas S. Kuhn’s “Structure of Scientific Revolutions”) in terms of how the consensus problem was to be studied henceforth.
As the shift settled though, a principled approach became direly needed. The newly discovered design space appears to be vast and the avenues of exploring it too numerous. The “burden of proof” needs to return to the designer.
Blockchain protocols need to become systematized, as they have gradually become one of the dominant themes in distributed consensus literature. The blockchain is not the problem; it is the solution. But in this case, one may wonder, what was the problem?
In 2014, jointly with Juan Garay and Nikos Leonardos, we put forth a first description of “the problem” in the form of what we called a “robust transaction ledger.” Such a ledger is implemented by a number of unauthenticated nodes and provides two properties, called persistence and liveness. Persistence mandates that nodes never disagree about the placement of transactions once they become stable, while liveness requires that all (honestly generated) transactions eventually become stable. Using this model, we provided a proof of security for the core of the Bitcoin protocol (a suitably simplified version of the protocol that we nicknamed the “bitcoin backbone”).
Given this proof, a natural question a cryptographer will ask is whether this protocol is really the best possible solution to the problem. “Best” here is typically interpreted in two ways: first, in terms of the efficiency of the solution; and second, in terms of the relevance and applicability of the threat model and the assumptions used in the security proof.
Efficiency is a particular concern for the Bitcoin blockchain. With all its virtues, the protocol is not particularly efficient in terms of processing time or resource consumption. This is exactly where “proof of stake” emerged as a possible alternative and a more efficient primitive for building blockchain protocols.
So, is it possible to use proof of stake to provably implement a robust transaction ledger? By 2016, with our Bitcoin backbone work already presented, this was a well-defined question; and the answer came with Ouroboros: our proof-of-stake-based blockchain protocol.
The unique characteristic of Ouroboros is that the protocol was developed in tandem with a proof of security that aims to communicate in a succinct way that the proposed blockchain protocol satisfies the properties of a robust transaction ledger. Central to the proof is a combinatorial analysis of a class of strings that admit a certain discrete structure that maps to a blockchain fork. We called “forkable” those strings that admit a non-trivial such structure, and our proof shows that their density becomes minutely small as the length of the string grows.
With this argument, we showed how there is an opportunity for the nodes running the protocol to converge to a unique history. The protocol then dictates how to take advantage of this opportunity by running a cryptographic protocol that enables the nodes to produce a random seed, which, in turn, is used to sample the next sequence of parties to become active. As a result, the protocol facilitates the next convergence step to take place; in this way, it can continue ad infinitum following a cyclical process that was also the inspiration for its name. Ouroboros is the Greek word for the snake that eats its tail, an ancient Greek symbol for re-creation.
Having the protocol and its proof in hand gave us the unique opportunity for peer review, i.e., asking fellow cryptographers to evaluate the construction and its associated security proof as part of the formal submission process to a major cryptology conference.
Peer reviewing at the top cryptology venues is a painstakingly rigorous process that goes on for months. Papers are first reviewed independently by at least three experts, and afterward a discussion for each paper rages on as the three reviewers, as well as other members of the scientific committee, get involved and try to converge on the intellectual merits of each submission.
As a result of successfully passing this rigorous peer review process, Ouroboros was accepted and included in the program of Crypto 2017, the 37th annual cryptology conference. Crypto is one of the flagship conferences of the International Association for Cryptologic Research (IACR) and is one of the most exciting places for a cryptographer to be, as the program always contains research on the cutting edge of the discipline.
Furthermore, Ouroboros will be the settlement layer of the Cardano blockchain to be rolled out by IOHK in 2017, making it one of the swiftest technology transfer cases from a basic research publication to a system to be used by many thousands in just one year.
While all this may seem like a happy conclusion to the quest for a proof-of-stake blockchain, we are far from being done. On the contrary, we are still, as a community, at the very beginning of this expedition that will delve deep into blockchain design space. There are still too many open questions to solve, and new systems will be built on the foundations of the research that our community is laying out today.
The views expressed in this op ed are those of its author, Aggelos Kiayias , and do not necessarily reflect those of Bitcoin Magazine or BTC Media.
Ouroboros image courtesy of Wikimedia Commons.
The post Op Ed: A Cryptographic Design Perspective of Blockchains: From Bitcoin to Ouroboros appeared first on Bitcoin Magazine.
How does one design a blockchain protocol? Back in 2013, while in Athens, I set out to design a non-proof-of-work-based blockchain protocol motivated by the debt crisis in Greece, looming bank liquidity problems and the increasing discussions about the possibility of having a parallel currency. The new protocol had to be based on proof of stake to make sure that it can run even on cellphones and be secure independent of any computational power existing that is external to it.
Very soon it became clear that the problem was going to need much more than a few months’ work. Fast-forward three years to 2016: I was at the University of Edinburgh and had joined forces with IOHK whose CEO, Charles Hoskinson, was poised to solve the same problem. The protocol, “Ouroboros” as it would be eventually named, was there but the core of the security proof was still elusive when my good friend Alexander Russell visited me.
Together, we tackled the problem of proving the security of the system. Whiteboards were filled over and over again until we felt we mined a true gem: a clean combinatorial argument that enabled us to argue mathematically the security of the scheme.
Security is an elusive concept. Take a system that is able to withstand a given set of adverse operational conditions. When can we call it secure? What if it collapses in the next moment when it is subjected to a slightly different set of conditions? Or when it is given inputs different from any that have been tried before?
Security cannot be demonstrated via experiment alone since attacker ingenuity can rarely be completely enumerated within any reasonable timeframe. Cryptographic design, thus, has to somehow scale this “universal quantifier”: the system should be called secure only if it withstands all possible attacks.
In response to this fundamental problem, “provable security” emerged as a rigorous discipline within cryptography that promotes the co-development of algorithms and (so-called) proofs of security. Such proofs come in the form of theorems that, under certain assumptions and threat models that describe what the attacker can and cannot do, establish the security of cryptographic algorithms. In this fashion, modern cryptographic design pushes the “burden of proof” to the proposer of an algorithm.
In the world of academic cryptography, gone are the days when someone could propose a protocol or algorithm and proclaim it secure because it was able to withstand a handful of known attacks. Instead, modern cryptographic design requires due diligence by the designers to ensure that no attack exists within a convincing and well-defined threat model.
This approach has been a tremendously powerful and inspiring paradigm within cryptography. For instance, the notion of a secure channel has been studied for more than 40 years. This is the fundamental cryptographic primitive that allows the proverbial Alice and Bob to send messages to each other safely in the presence (and possibly active interference) of an attacker. Today’s provable security analysis, even using automated tools, has unearthed attacks against secure channel protocols like TLS that were unanticipated by the security community.
Back in 2009 though, the blockchain was a concept that was presented outside regular academic cryptographic discourse. A brief white paper and a software implementation were sufficient to fuel its initial adoption that expanded rapidly. In retrospect, this was perhaps the only way for this fringe idea to ripple the waters of scientific discourse sufficiently and force a paradigm shift (in the sense of Thomas S. Kuhn’s “Structure of Scientific Revolutions”) in terms of how the consensus problem was to be studied henceforth.
As the shift settled though, a principled approach became direly needed. The newly discovered design space appears to be vast and the avenues of exploring it too numerous. The “burden of proof” needs to return to the designer.
Blockchain protocols need to become systematized, as they have gradually become one of the dominant themes in distributed consensus literature. The blockchain is not the problem; it is the solution. But in this case, one may wonder, what was the problem?
In 2014, jointly with Juan Garay and Nikos Leonardos, we put forth a first description of “the problem” in the form of what we called a “robust transaction ledger.” Such a ledger is implemented by a number of unauthenticated nodes and provides two properties, called persistence and liveness. Persistence mandates that nodes never disagree about the placement of transactions once they become stable, while liveness requires that all (honestly generated) transactions eventually become stable. Using this model, we provided a proof of security for the core of the Bitcoin protocol (a suitably simplified version of the protocol that we nicknamed the “bitcoin backbone”).
Given this proof, a natural question a cryptographer will ask is whether this protocol is really the best possible solution to the problem. “Best” here is typically interpreted in two ways: first, in terms of the efficiency of the solution; and second, in terms of the relevance and applicability of the threat model and the assumptions used in the security proof.
Efficiency is a particular concern for the Bitcoin blockchain. With all its virtues, the protocol is not particularly efficient in terms of processing time or resource consumption. This is exactly where “proof of stake” emerged as a possible alternative and a more efficient primitive for building blockchain protocols.
So, is it possible to use proof of stake to provably implement a robust transaction ledger? By 2016, with our Bitcoin backbone work already presented, this was a well-defined question; and the answer came with Ouroboros: our proof-of-stake-based blockchain protocol.
The unique characteristic of Ouroboros is that the protocol was developed in tandem with a proof of security that aims to communicate in a succinct way that the proposed blockchain protocol satisfies the properties of a robust transaction ledger. Central to the proof is a combinatorial analysis of a class of strings that admit a certain discrete structure that maps to a blockchain fork. We called “forkable” those strings that admit a non-trivial such structure, and our proof shows that their density becomes minutely small as the length of the string grows.
With this argument, we showed how there is an opportunity for the nodes running the protocol to converge to a unique history. The protocol then dictates how to take advantage of this opportunity by running a cryptographic protocol that enables the nodes to produce a random seed, which, in turn, is used to sample the next sequence of parties to become active. As a result, the protocol facilitates the next convergence step to take place; in this way, it can continue ad infinitum following a cyclical process that was also the inspiration for its name. Ouroboros is the Greek word for the snake that eats its tail, an ancient Greek symbol for re-creation.
Having the protocol and its proof in hand gave us the unique opportunity for peer review, i.e., asking fellow cryptographers to evaluate the construction and its associated security proof as part of the formal submission process to a major cryptology conference.
Peer reviewing at the top cryptology venues is a painstakingly rigorous process that goes on for months. Papers are first reviewed independently by at least three experts, and afterward a discussion for each paper rages on as the three reviewers, as well as other members of the scientific committee, get involved and try to converge on the intellectual merits of each submission.
As a result of successfully passing this rigorous peer review process, Ouroboros was accepted and included in the program of Crypto 2017, the 37th annual cryptology conference. Crypto is one of the flagship conferences of the International Association for Cryptologic Research (IACR) and is one of the most exciting places for a cryptographer to be, as the program always contains research on the cutting edge of the discipline.
Furthermore, Ouroboros will be the settlement layer of the Cardano blockchain to be rolled out by IOHK in 2017, making it one of the swiftest technology transfer cases from a basic research publication to a system to be used by many thousands in just one year.
While all this may seem like a happy conclusion to the quest for a proof-of-stake blockchain, we are far from being done. On the contrary, we are still, as a community, at the very beginning of this expedition that will delve deep into blockchain design space. There are still too many open questions to solve, and new systems will be built on the foundations of the research that our community is laying out today.
The views expressed in this op ed are those of its author, Aggelos Kiayias , and do not necessarily reflect those of Bitcoin Magazine or BTC Media.
Ouroboros image courtesy of Wikimedia Commons.
The post Op Ed: A Cryptographic Design Perspective of Blockchains: From Bitcoin to Ouroboros appeared first on Bitcoin Magazine.