Homomorphic Encryption & What it ... - Daily Bitcoin Report

Can Bitcoin-based Enigma encryption succeed where Homomorphic-Encryption has failed?

Can Bitcoin-based Enigma encryption succeed where Homomorphic-Encryption has failed? submitted by guyzys to Bitcoin [link] [comments]

Where does the recently discovered security flaws in homomorphic encryption leave the Enigma project? /r/Bitcoin

Where does the recently discovered security flaws in homomorphic encryption leave the Enigma project? /Bitcoin submitted by BitcoinAllBot to BitcoinAll [link] [comments]

The Privacy Coin Guide Part 1

As interest picks up in crypto again, I want to share this post I made on privacy coins again to just give the basics of their evolution. This is only part 1, and parts 2 and 3 are not available in this format, but this part is informative and basic.
If you’re looking for a quick and easy way to assess what the best privacy coin in the current space is, which has the best features, or which is most likely to give high returns, then this is not that guide. My goal is to give you the power to make your own decisions, to clearly state my biases, and educate. I really wanted to understand this niche of the crypto-space due to my background and current loyalties[1], and grasp the nuances of the features, origins and timelines of technologies used in privacy coins, while not being anything close to a developer myself. This is going to be a 3-part series, starting with an overview and basic review of the technology, then looking at its implications, and ending with why I like a specific project. It might be mildly interesting or delightfully educational. Cryptocurrencies are young and existing privacy coins are deploying technology that is a work in progress. This series assumes a basic understanding of how blockchains work, specifically as used in cryptocurrencies. If you don’t have that understanding, might I suggest that you get it? [2],[3],[4] Because cryptocurrencies have a long way to go before reaching their end-game: when the world relies on the technology without understanding it. So, shall we do a deep dive into the privacy coin space?

FIRST THERE WAS BITCOIN

Cryptocurrencies allow you to tokenize value and track its exchange between hands over time, with transaction information verified by a distributed network of users. The most famous version of a cryptocurrency in use is Bitcoin, defined as peer-to-peer electronic cash. [5] Posted anonymously in 2008, the whitepaper seemed to be in direct response to the global financial meltdown and public distrust of the conventional banking and financing systems. Although cryptographic techniques are used in Bitcoin to ensure that (i) only the owner of a specific wallet has the authority to spend funds from that wallet, (ii) the public address is linked but cannot be traced by a third party to the private address (iii) the information is stored via cryptographic hashing in a merkle tree structure to ensure data integrity, the actual transaction information is publicly visible on the blockchain and can be traced back to the individual through chain analysis.[6] This has raised fears of possible financial censorship or the metaphorical tainting of money due to its origination point, as demonstrated in the Silk Road marketplace disaster.[7] This can happen because fiat money is usually exchanged for cryptocurrency at some point, as crypto-enthusiasts are born in the real world and inevitably cash out. There are already chain analysis firms and software that are increasingly efficient at tracking transactions on the Bitcoin blockchain.[8] This lack of privacy is one of the limitations of Bitcoin that has resulted in the creation of altcoins that experiment with the different features a cryptocurrency can have. Privacy coins are figuring out how to introduce privacy in addition to the payment network. The goal is to make the cryptocurrency fungible, each unit able to be exchanged for equal value without knowledge of its transaction history – like cash, while being publicly verifiable on a decentralized network. In other words, anyone can add the math up without being able to see the full details. Some privacy solutions and protocols have popped up as a result:

CRYPTONOTE – RING SIGNATURES AND STEALTH ADDRESSES

Used in: Monero and Particl as its successor RING-CT, Bytecoin
In December 2012, CryptoNote introduced the use of ring signatures and stealth addresses (along with other notable features such as its own codebase) to improve cryptocurrency privacy.[9] An updated CryptoNote version 2 came in October 2013 [10](though there is some dispute over this timeline [11]), also authored under the name Nicolas van Saberhagen. Ring signatures hide sender information by having the sender sign a transaction using a signature that could belong to multiple users. This makes a transaction untraceable. Stealth addresses allow a receiver to give a single address which generates a different public address for funds to be received at each time funds are sent to it. That makes a transaction unlinkable. In terms of privacy, CryptoNote gave us a protocol for untraceable and unlinkable transactions. The first implementation of CryptoNote technology was Bytecoin in March 2014 (timeline disputed [12]), which spawned many children (forks) in subsequent years, a notable example being Monero, based on CryptoNote v2 in April 2014.
RING SIGNATURES and STEALTH ADDRESSES

PROS

– Provides sender and receiver privacy
– Privacy can be default
– Mature technology
– Greater scalability with bulletproofs
– Does not require any third-party

CONS

– Privacy not very effective without high volume
-Does not hide transaction information if not combined with another protocol.

COINJOIN

Used in: Dash
Bitcoin developer Gregory Maxwell proposed a set of solutions to bring privacy to Bitcoin and cryptocurrencies, the first being CoinJoin (January 28 – Aug 22, 2013).[13],[14] CoinJoin (sometimes called CoinSwap) allows multiple users to combine their transactions into a single transaction, by receiving inputs from multiple users, and then sending their outputs to the multiple users, irrespective of who in the group the inputs came from. So, the receiver will get whatever output amount they were supposed to, but it cannot be directly traced to its origination input. Similar proposals include Coinshuffle in 2014 and Tumblebit in 2016, building on CoinJoin but not terribly popular [15],[16]. They fixed the need for a trusted third party to ‘mix’ the transactions. There are CoinJoin implementations that are being actively worked on but are not the most popular privacy solutions of today. A notable coin that uses CoinJoin technology is Dash, launched in January 2014, with masternodes in place of a trusted party.
COINJOIN

PROS

– Provides sender and receiver privacy
– Easy to implement on any cryptocurrency
– Lightweight
– Greater scalability with bulletproofs
– Mature technology

CONS

– Least anonymous privacy solution. Transaction amounts can be calculated
– Even without third-party mixer, depends on wealth centralization of masternodes

ZEROCOIN

Used in: Zcoin, PIVX
In May 2013, the Zerocoin protocol was introduced by John Hopkins University professor Matthew D. Green and his graduate students Ian Miers and Christina Garman.[17] In response to the need for use of a third party to do CoinJoin, the Zerocoin proposal allowed for a coin to be destroyed and remade in order to erase its history whenever it is spent. Zero-knowledge cryptography and zero-knowledge proofs are used to prove that the new coins for spending are being appropriately made. A zero-knowledge proof allows one party to prove to another that they know specific information, without revealing any information about it, other than the fact that they know it. Zerocoin was not accepted by the Bitcoin community as an implementation to be added to Bitcoin, so a new cryptocurrency had to be formed. Zcoin was the first cryptocurrency to implement the Zerocoin protocol in 2016. [18]
ZEROCOIN

PROS

– Provides sender and receiver privacy
– Supply can be audited
– Relatively mature technology
– Does not require a third-party

CONS

– Requires trusted setup (May not be required with Sigma protocol)
– Large proof sizes (not lightweight)
– Does not provide full privacy for transaction amounts

ZEROCASH

Used in: Zcash, Horizen, Komodo, Zclassic, Bitcoin Private
In May 2014, the current successor to the Zerocoin protocol, Zerocash, was created, also by Matthew Green and others (Eli Ben-Sasson, Alessandro Chiesa, Christina Garman, Matthew Green, Ian Miers, Eran Tromer, Madars Virza).[19] It improved upon the Zerocoin concept by taking advantage of zero-knowledge proofs called zk-snarks (zero knowledge succinct non-interactive arguments of knowledge). Unlike Zerocoin, which hid coin origins and payment history, Zerocash was faster, with smaller transaction sizes, and hides transaction information on the sender, receiver and amount. Zcash is the first cryptocurrency to implement the Zerocash protocol in 2016. [20]
ZEROCASH

PROS

– Provides full anonymity. Sender, receiver and amount hidden.
– Privacy can be default?
– Fast due to small proof sizes.
– Payment amount can be optionally disclosed for auditing
– Does not require any third-party

CONS

– Requires trusted setup. (May be improved with zt-starks technology)
– Supply cannot be audited. And coins can potentially be forged without proper implementation.
– Private transactions computationally intensive (improved with Sapling upgrade)

CONFIDENTIAL TRANSACTIONS

Used in: Monero and Particl with Ring Signatures as RING-CT
The next proposal from Maxwell was that of confidential transactions, proposed in June 2015 as part of the Sidechain Elements project from Blockstream, where Maxwell was Chief Technical Officer.[21],[22] It proposed to hide the transaction amount and asset type (e.g. deposits, currencies, shares), so that only the sender and receiver are aware of the amount, unless they choose to make the amount public. It uses homomorphic encryption[23] to encrypt the inputs and outputs by using blinding factors and a kind of ring signature in a commitment scheme, so the amount can be ‘committed’ to, without the amount actually being known. I’m terribly sorry if you now have the urge to go and research exactly what that means. The takeaway is that the transaction amount can be hidden from outsiders while being verifiable.
CONFIDENTIAL TRANSACTIONS

PROS

– Hides transaction amounts
– Privacy can be default
– Mature technology
– Does not require any third-party

CONS

– Only provides transaction amount privacy when used alone

RING-CT

Used in: Monero, Particl
Then came Ring Confidential transactions, proposed by Shen-Noether of Monero Research Labs in October 2015.[24] RingCT combines the use of ring signatures for hiding sender information, with the use of confidential transactions (which also uses ring signatures) for hiding amounts. The proposal described a new type of ring signature, A Multi-layered Linkable Spontaneous Anonymous Group signature which “allows for hidden amounts, origins and destinations of transactions with reasonable efficiency and verifiable, trustless coin generation”.[25] RingCT was implemented in Monero in January 2017 and made mandatory after September 2017.
RING -CONFIDENTIAL TRANSACTIONS

PROS

– Provides full anonymity. Hides transaction amounts and receiver privacy
– Privacy can be default
– Mature technology
– Greater scalability with bulletproofs
– Does not require any third-party

CONS

– Privacy not very effective without high volume

MIMBLEWIMBLE

Used in: Grin
Mimblewimble was proposed in July 2016 by pseudonymous contributor Tom Elvis Jedusorand further developed in October 2016 by Andrew Poelstra.[26],[27] Mimblewimble is a “privacy and fungibility focused cryptocoin transaction structure proposal”.[28] The key words are transaction structure proposal, so the way the blockchain is built is different, in order to accommodate privacy and fungibility features. Mimblewimble uses the concept of Confidential transactions to keep amounts hidden, looks at private keys and transaction information to prove ownership of funds rather than using addresses, and bundles transactions together instead of listing them separately on the blockchain. It also introduces a novel method of pruning the blockchain. Grin is a cryptocurrency in development that is applying Mimblewimble. Mimblewimble is early in development and you can understand it more here [29].
MIMBLEWIMBLE

PROS

– Hides transaction amounts and receiver privacy
– Privacy is on by default
– Lightweight
– No public addresses?

CONS

– Privacy not very effective without high volume
– Sender and receiver must both be online
– Relatively new technology

ZEXE

Fresh off the minds of brilliant cryptographers (Sean Bowe, Alessandro Chiesa, Matthew Green, Ian Miers, Pratyush Mishra, Howard Wu), in October 2018 Zexe proposed a new cryptographic primitive called ‘decentralized private computation.[30] It allows users of a decentralized ledger to “execute offline computations that result in transactions”[31], but also keeps transaction amounts hidden and allows transaction validation to happen at any time regardless of computations being done online. This can have far reaching implications for privacy coins in the future. Consider cases where transactions need to be automatic and private, without both parties being present.

NETWORK PRIVACY

Privacy technologies that look at network privacy as nodes communicate with each other on the network are important considerations, rather than just looking at privacy on the blockchain itself. Anonymous layers encrypt and/or reroute data as it moves among peers, so it is not obvious who they originate from on the network. They are used to protect against surveillance or censorship from ISPs and governments. The Invisible Internet Project (I2P) is an anonymous network layer that uses end to end encryption for peers on a network to communicate with each other.[32] Its history dates back to 2003. Kovri is a Monero created implementation of I2P.[33] The Onion Router (Tor) is another anonymity layer [34]) that Verge is a privacy cryptocurrency that uses. But its historical link to the US government may be is concerning to some[35]. Dandelion transaction relay is also an upcoming Bitcoin improvement proposal (BIP) that scrambles IP data that will provide network privacy for Bitcoin as transaction and other information is transmitted.[36],[37],[38]

UPCOMING

Monero completed bulletproofs protocol updates that reduce RINGCT transaction sizes and thus transaction fee costs. (Bulletproofs are a replacement for range proofs used in confidential transactions that aid in encrypting inputs and outputs by making sure they add to zero).
Sigma Protocol – being actively researched by Zcoin team as of 2018 to replace Zerocoin protocol so that a trusted setup is not required.[39] There is a possible replacement for zk-snarks, called zk-starks, another form of zero-knowledge proof technology, that may make a trusted set-up unnecessary for zero-knowledege proof coins.[40]

PART 1 CONCLUSION OF THE PRIVACY COIN GUIDE ON THE TECHNOLOGY BEHIND PRIVACY COINS

Although Bitcoin is still a groundbreaking technology that gives us a trust-less transaction system, it has failed to live up to its expectations of privacy. Over time, new privacy technologies have arrived and are arriving with innovative and exciting solutions for Bitcoin’s lack of fungibility. It is important to note that these technologies are built on prior research and application, but we are considering their use in cryptocurrencies. Protocols are proposed based on cryptographic concepts that show how they would work, and then developers actually implement them. Please note that I did not include the possibility of improper implementation as a disadvantage, and the advantages assume that the technical development is well done. A very important point is that coins can also adapt new privacy technologies as their merits become obvious, even as they start with a specific privacy protocol. Furthermore, I am, unfortunately, positive that this is not an exhaustive overview and I am only covering publicized solutions. Next, we’ll talk more about the pros and cons and give an idea of how the coins can be compared.

There's a video version that can be watched, and you can find out how to get the second two parts if you want on my website (video link on the page): https://cryptoramble.com/guide-on-privacy-coins/
submitted by CryptoRamble to ethereum [link] [comments]

The Privacy Coin Guide Part 1

As interest picks up in crypto again, I want to share this post I made on privacy coins again to just give the basics of their evolution. This is only part 1, and parts 2 and 3 are not available in this format, but this part is informative and basic.
If you’re looking for a quick and easy way to assess what the best privacy coin in the current space is, which has the best features, or which is most likely to give high returns, then this is not that guide. My goal is to give you the power to make your own decisions, to clearly state my biases, and educate. I really wanted to understand this niche of the crypto-space due to my background and current loyalties[1], and grasp the nuances of the features, origins and timelines of technologies used in privacy coins, while not being anything close to a developer myself. This is going to be a 3-part series, starting with an overview and basic review of the technology, then looking at its implications, and ending with why I like a specific project. It might be mildly interesting or delightfully educational. Cryptocurrencies are young and existing privacy coins are deploying technology that is a work in progress. This series assumes a basic understanding of how blockchains work, specifically as used in cryptocurrencies. If you don’t have that understanding, might I suggest that you get it? [2],[3],[4] Because cryptocurrencies have a long way to go before reaching their end-game: when the world relies on the technology without understanding it. So, shall we do a deep dive into the privacy coin space?

FIRST THERE WAS BITCOIN

Cryptocurrencies allow you to tokenize value and track its exchange between hands over time, with transaction information verified by a distributed network of users. The most famous version of a cryptocurrency in use is Bitcoin, defined as peer-to-peer electronic cash. [5] Posted anonymously in 2008, the whitepaper seemed to be in direct response to the global financial meltdown and public distrust of the conventional banking and financing systems. Although cryptographic techniques are used in Bitcoin to ensure that (i) only the owner of a specific wallet has the authority to spend funds from that wallet, (ii) the public address is linked but cannot be traced by a third party to the private address (iii) the information is stored via cryptographic hashing in a merkle tree structure to ensure data integrity, the actual transaction information is publicly visible on the blockchain and can be traced back to the individual through chain analysis.[6] This has raised fears of possible financial censorship or the metaphorical tainting of money due to its origination point, as demonstrated in the Silk Road marketplace disaster.[7] This can happen because fiat money is usually exchanged for cryptocurrency at some point, as crypto-enthusiasts are born in the real world and inevitably cash out. There are already chain analysis firms and software that are increasingly efficient at tracking transactions on the Bitcoin blockchain.[8] This lack of privacy is one of the limitations of Bitcoin that has resulted in the creation of altcoins that experiment with the different features a cryptocurrency can have. Privacy coins are figuring out how to introduce privacy in addition to the payment network. The goal is to make the cryptocurrency fungible, each unit able to be exchanged for equal value without knowledge of its transaction history – like cash, while being publicly verifiable on a decentralized network. In other words, anyone can add the math up without being able to see the full details. Some privacy solutions and protocols have popped up as a result:

CRYPTONOTE – RING SIGNATURES AND STEALTH ADDRESSES

Used in: Monero and Particl as its successor RING-CT, Bytecoin
In December 2012, CryptoNote introduced the use of ring signatures and stealth addresses (along with other notable features such as its own codebase) to improve cryptocurrency privacy.[9] An updated CryptoNote version 2 came in October 2013 [10](though there is some dispute over this timeline [11]), also authored under the name Nicolas van Saberhagen. Ring signatures hide sender information by having the sender sign a transaction using a signature that could belong to multiple users. This makes a transaction untraceable. Stealth addresses allow a receiver to give a single address which generates a different public address for funds to be received at each time funds are sent to it. That makes a transaction unlinkable. In terms of privacy, CryptoNote gave us a protocol for untraceable and unlinkable transactions. The first implementation of CryptoNote technology was Bytecoin in March 2014 (timeline disputed [12]), which spawned many children (forks) in subsequent years, a notable example being Monero, based on CryptoNote v2 in April 2014.
RING SIGNATURES and STEALTH ADDRESSES

PROS

– Provides sender and receiver privacy
– Privacy can be default
– Mature technology
– Greater scalability with bulletproofs
– Does not require any third-party

CONS

– Privacy not very effective without high volume
-Does not hide transaction information if not combined with another protocol.

COINJOIN

Used in: Dash
Bitcoin developer Gregory Maxwell proposed a set of solutions to bring privacy to Bitcoin and cryptocurrencies, the first being CoinJoin (January 28 – Aug 22, 2013).[13],[14] CoinJoin (sometimes called CoinSwap) allows multiple users to combine their transactions into a single transaction, by receiving inputs from multiple users, and then sending their outputs to the multiple users, irrespective of who in the group the inputs came from. So, the receiver will get whatever output amount they were supposed to, but it cannot be directly traced to its origination input. Similar proposals include Coinshuffle in 2014 and Tumblebit in 2016, building on CoinJoin but not terribly popular [15],[16]. They fixed the need for a trusted third party to ‘mix’ the transactions. There are CoinJoin implementations that are being actively worked on but are not the most popular privacy solutions of today. A notable coin that uses CoinJoin technology is Dash, launched in January 2014, with masternodes in place of a trusted party.
COINJOIN

PROS

– Provides sender and receiver privacy
– Easy to implement on any cryptocurrency
– Lightweight
– Greater scalability with bulletproofs
– Mature technology

CONS

– Least anonymous privacy solution. Transaction amounts can be calculated
– Even without third-party mixer, depends on wealth centralization of masternodes

ZEROCOIN

Used in: Zcoin, PIVX
In May 2013, the Zerocoin protocol was introduced by John Hopkins University professor Matthew D. Green and his graduate students Ian Miers and Christina Garman.[17] In response to the need for use of a third party to do CoinJoin, the Zerocoin proposal allowed for a coin to be destroyed and remade in order to erase its history whenever it is spent. Zero-knowledge cryptography and zero-knowledge proofs are used to prove that the new coins for spending are being appropriately made. A zero-knowledge proof allows one party to prove to another that they know specific information, without revealing any information about it, other than the fact that they know it. Zerocoin was not accepted by the Bitcoin community as an implementation to be added to Bitcoin, so a new cryptocurrency had to be formed. Zcoin was the first cryptocurrency to implement the Zerocoin protocol in 2016. [18]
ZEROCOIN

PROS

– Provides sender and receiver privacy
– Supply can be audited
– Relatively mature technology
– Does not require a third-party

CONS

– Requires trusted setup (May not be required with Sigma protocol)
– Large proof sizes (not lightweight)
– Does not provide full privacy for transaction amounts

ZEROCASH

Used in: Zcash, Horizen, Komodo, Zclassic, Bitcoin Private
In May 2014, the current successor to the Zerocoin protocol, Zerocash, was created, also by Matthew Green and others (Eli Ben-Sasson, Alessandro Chiesa, Christina Garman, Matthew Green, Ian Miers, Eran Tromer, Madars Virza).[19] It improved upon the Zerocoin concept by taking advantage of zero-knowledge proofs called zk-snarks (zero knowledge succinct non-interactive arguments of knowledge). Unlike Zerocoin, which hid coin origins and payment history, Zerocash was faster, with smaller transaction sizes, and hides transaction information on the sender, receiver and amount. Zcash is the first cryptocurrency to implement the Zerocash protocol in 2016. [20]
ZEROCASH

PROS

– Provides full anonymity. Sender, receiver and amount hidden.
– Privacy can be default?
– Fast due to small proof sizes.
– Payment amount can be optionally disclosed for auditing
– Does not require any third-party

CONS

– Requires trusted setup. (May be improved with zt-starks technology)
– Supply cannot be audited. And coins can potentially be forged without proper implementation.
– Private transactions computationally intensive (improved with Sapling upgrade)

CONFIDENTIAL TRANSACTIONS

Used in: Monero and Particl with Ring Signatures as RING-CT
The next proposal from Maxwell was that of confidential transactions, proposed in June 2015 as part of the Sidechain Elements project from Blockstream, where Maxwell was Chief Technical Officer.[21],[22] It proposed to hide the transaction amount and asset type (e.g. deposits, currencies, shares), so that only the sender and receiver are aware of the amount, unless they choose to make the amount public. It uses homomorphic encryption[23] to encrypt the inputs and outputs by using blinding factors and a kind of ring signature in a commitment scheme, so the amount can be ‘committed’ to, without the amount actually being known. I’m terribly sorry if you now have the urge to go and research exactly what that means. The takeaway is that the transaction amount can be hidden from outsiders while being verifiable.
CONFIDENTIAL TRANSACTIONS

PROS

– Hides transaction amounts
– Privacy can be default
– Mature technology
– Does not require any third-party

CONS

– Only provides transaction amount privacy when used alone

RING-CT

Used in: Monero, Particl
Then came Ring Confidential transactions, proposed by Shen-Noether of Monero Research Labs in October 2015.[24] RingCT combines the use of ring signatures for hiding sender information, with the use of confidential transactions (which also uses ring signatures) for hiding amounts. The proposal described a new type of ring signature, A Multi-layered Linkable Spontaneous Anonymous Group signature which “allows for hidden amounts, origins and destinations of transactions with reasonable efficiency and verifiable, trustless coin generation”.[25] RingCT was implemented in Monero in January 2017 and made mandatory after September 2017.
RING -CONFIDENTIAL TRANSACTIONS

PROS

– Provides full anonymity. Hides transaction amounts and receiver privacy
– Privacy can be default
– Mature technology
– Greater scalability with bulletproofs
– Does not require any third-party

CONS

– Privacy not very effective without high volume

MIMBLEWIMBLE

Used in: Grin
Mimblewimble was proposed in July 2016 by pseudonymous contributor Tom Elvis Jedusorand further developed in October 2016 by Andrew Poelstra.[26],[27] Mimblewimble is a “privacy and fungibility focused cryptocoin transaction structure proposal”.[28] The key words are transaction structure proposal, so the way the blockchain is built is different, in order to accommodate privacy and fungibility features. Mimblewimble uses the concept of Confidential transactions to keep amounts hidden, looks at private keys and transaction information to prove ownership of funds rather than using addresses, and bundles transactions together instead of listing them separately on the blockchain. It also introduces a novel method of pruning the blockchain. Grin is a cryptocurrency in development that is applying Mimblewimble. Mimblewimble is early in development and you can understand it more here [29].
MIMBLEWIMBLE

PROS

– Hides transaction amounts and receiver privacy
– Privacy is on by default
– Lightweight
– No public addresses?

CONS

– Privacy not very effective without high volume
– Sender and receiver must both be online
– Relatively new technology

ZEXE

Fresh off the minds of brilliant cryptographers (Sean Bowe, Alessandro Chiesa, Matthew Green, Ian Miers, Pratyush Mishra, Howard Wu), in October 2018 Zexe proposed a new cryptographic primitive called ‘decentralized private computation.[30] It allows users of a decentralized ledger to “execute offline computations that result in transactions”[31], but also keeps transaction amounts hidden and allows transaction validation to happen at any time regardless of computations being done online. This can have far reaching implications for privacy coins in the future. Consider cases where transactions need to be automatic and private, without both parties being present.

NETWORK PRIVACY

Privacy technologies that look at network privacy as nodes communicate with each other on the network are important considerations, rather than just looking at privacy on the blockchain itself. Anonymous layers encrypt and/or reroute data as it moves among peers, so it is not obvious who they originate from on the network. They are used to protect against surveillance or censorship from ISPs and governments. The Invisible Internet Project (I2P) is an anonymous network layer that uses end to end encryption for peers on a network to communicate with each other.[32] Its history dates back to 2003. Kovri is a Monero created implementation of I2P.[33] The Onion Router (Tor) is another anonymity layer [34]) that Verge is a privacy cryptocurrency that uses. But its historical link to the US government may be is concerning to some[35]. Dandelion transaction relay is also an upcoming Bitcoin improvement proposal (BIP) that scrambles IP data that will provide network privacy for Bitcoin as transaction and other information is transmitted.[36],[37],[38]

UPCOMING

Monero completed bulletproofs protocol updates that reduce RINGCT transaction sizes and thus transaction fee costs. (Bulletproofs are a replacement for range proofs used in confidential transactions that aid in encrypting inputs and outputs by making sure they add to zero).
Sigma Protocol – being actively researched by Zcoin team as of 2018 to replace Zerocoin protocol so that a trusted setup is not required.[39] There is a possible replacement for zk-snarks, called zk-starks, another form of zero-knowledge proof technology, that may make a trusted set-up unnecessary for zero-knowledege proof coins.[40]

PART 1 CONCLUSION OF THE PRIVACY COIN GUIDE ON THE TECHNOLOGY BEHIND PRIVACY COINS

Although Bitcoin is still a groundbreaking technology that gives us a trust-less transaction system, it has failed to live up to its expectations of privacy. Over time, new privacy technologies have arrived and are arriving with innovative and exciting solutions for Bitcoin’s lack of fungibility. It is important to note that these technologies are built on prior research and application, but we are considering their use in cryptocurrencies. Protocols are proposed based on cryptographic concepts that show how they would work, and then developers actually implement them. Please note that I did not include the possibility of improper implementation as a disadvantage, and the advantages assume that the technical development is well done. A very important point is that coins can also adapt new privacy technologies as their merits become obvious, even as they start with a specific privacy protocol. Furthermore, I am, unfortunately, positive that this is not an exhaustive overview and I am only covering publicized solutions. Next, we’ll talk more about the pros and cons and give an idea of how the coins can be compared.

There's a video version that can be watched, and you can find out how to get the second two parts if you want on my website (video link on the page): https://cryptoramble.com/guide-on-privacy-coins/
submitted by CryptoRamble to privacycoins [link] [comments]

The Privacy Coin Guide Part 1

As interest picks up in crypto again, I want to share this post I made on privacy coins again to just give the basics of their evolution. This is only part 1, and parts 2 and 3 are not available in this format, but this part is informative and basic.
If you’re looking for a quick and easy way to assess what the best privacy coin in the current space is, which has the best features, or which is most likely to give high returns, then this is not that guide. My goal is to give you the power to make your own decisions, to clearly state my biases, and educate. I really wanted to understand this niche of the crypto-space due to my background and current loyalties[1], and grasp the nuances of the features, origins and timelines of technologies used in privacy coins, while not being anything close to a developer myself. This is going to be a 3-part series, starting with an overview and basic review of the technology, then looking at its implications, and ending with why I like a specific project. It might be mildly interesting or delightfully educational. Cryptocurrencies are young and existing privacy coins are deploying technology that is a work in progress. This series assumes a basic understanding of how blockchains work, specifically as used in cryptocurrencies. If you don’t have that understanding, might I suggest that you get it? [2],[3],[4] Because cryptocurrencies have a long way to go before reaching their end-game: when the world relies on the technology without understanding it. So, shall we do a deep dive into the privacy coin space?

FIRST THERE WAS BITCOIN

Cryptocurrencies allow you to tokenize value and track its exchange between hands over time, with transaction information verified by a distributed network of users. The most famous version of a cryptocurrency in use is Bitcoin, defined as peer-to-peer electronic cash. [5] Posted anonymously in 2008, the whitepaper seemed to be in direct response to the global financial meltdown and public distrust of the conventional banking and financing systems. Although cryptographic techniques are used in Bitcoin to ensure that (i) only the owner of a specific wallet has the authority to spend funds from that wallet, (ii) the public address is linked but cannot be traced by a third party to the private address (iii) the information is stored via cryptographic hashing in a merkle tree structure to ensure data integrity, the actual transaction information is publicly visible on the blockchain and can be traced back to the individual through chain analysis.[6] This has raised fears of possible financial censorship or the metaphorical tainting of money due to its origination point, as demonstrated in the Silk Road marketplace disaster.[7] This can happen because fiat money is usually exchanged for cryptocurrency at some point, as crypto-enthusiasts are born in the real world and inevitably cash out. There are already chain analysis firms and software that are increasingly efficient at tracking transactions on the Bitcoin blockchain.[8] This lack of privacy is one of the limitations of Bitcoin that has resulted in the creation of altcoins that experiment with the different features a cryptocurrency can have. Privacy coins are figuring out how to introduce privacy in addition to the payment network. The goal is to make the cryptocurrency fungible, each unit able to be exchanged for equal value without knowledge of its transaction history – like cash, while being publicly verifiable on a decentralized network. In other words, anyone can add the math up without being able to see the full details. Some privacy solutions and protocols have popped up as a result:

CRYPTONOTE – RING SIGNATURES AND STEALTH ADDRESSES

Used in: Monero and Particl as its successor RING-CT, Bytecoin
In December 2012, CryptoNote introduced the use of ring signatures and stealth addresses (along with other notable features such as its own codebase) to improve cryptocurrency privacy.[9] An updated CryptoNote version 2 came in October 2013 [10](though there is some dispute over this timeline [11]), also authored under the name Nicolas van Saberhagen. Ring signatures hide sender information by having the sender sign a transaction using a signature that could belong to multiple users. This makes a transaction untraceable. Stealth addresses allow a receiver to give a single address which generates a different public address for funds to be received at each time funds are sent to it. That makes a transaction unlinkable. In terms of privacy, CryptoNote gave us a protocol for untraceable and unlinkable transactions. The first implementation of CryptoNote technology was Bytecoin in March 2014 (timeline disputed [12]), which spawned many children (forks) in subsequent years, a notable example being Monero, based on CryptoNote v2 in April 2014.
RING SIGNATURES and STEALTH ADDRESSES

PROS

– Provides sender and receiver privacy
– Privacy can be default
– Mature technology
– Greater scalability with bulletproofs
– Does not require any third-party

CONS

– Privacy not very effective without high volume
-Does not hide transaction information if not combined with another protocol.

COINJOIN

Used in: Dash
Bitcoin developer Gregory Maxwell proposed a set of solutions to bring privacy to Bitcoin and cryptocurrencies, the first being CoinJoin (January 28 – Aug 22, 2013).[13],[14] CoinJoin (sometimes called CoinSwap) allows multiple users to combine their transactions into a single transaction, by receiving inputs from multiple users, and then sending their outputs to the multiple users, irrespective of who in the group the inputs came from. So, the receiver will get whatever output amount they were supposed to, but it cannot be directly traced to its origination input. Similar proposals include Coinshuffle in 2014 and Tumblebit in 2016, building on CoinJoin but not terribly popular [15],[16]. They fixed the need for a trusted third party to ‘mix’ the transactions. There are CoinJoin implementations that are being actively worked on but are not the most popular privacy solutions of today. A notable coin that uses CoinJoin technology is Dash, launched in January 2014, with masternodes in place of a trusted party.
COINJOIN

PROS

– Provides sender and receiver privacy
– Easy to implement on any cryptocurrency
– Lightweight
– Greater scalability with bulletproofs
– Mature technology

CONS

– Least anonymous privacy solution. Transaction amounts can be calculated
– Even without third-party mixer, depends on wealth centralization of masternodes

ZEROCOIN

Used in: Zcoin, PIVX
In May 2013, the Zerocoin protocol was introduced by John Hopkins University professor Matthew D. Green and his graduate students Ian Miers and Christina Garman.[17] In response to the need for use of a third party to do CoinJoin, the Zerocoin proposal allowed for a coin to be destroyed and remade in order to erase its history whenever it is spent. Zero-knowledge cryptography and zero-knowledge proofs are used to prove that the new coins for spending are being appropriately made. A zero-knowledge proof allows one party to prove to another that they know specific information, without revealing any information about it, other than the fact that they know it. Zerocoin was not accepted by the Bitcoin community as an implementation to be added to Bitcoin, so a new cryptocurrency had to be formed. Zcoin was the first cryptocurrency to implement the Zerocoin protocol in 2016. [18]
ZEROCOIN

PROS

– Provides sender and receiver privacy
– Supply can be audited
– Relatively mature technology
– Does not require a third-party

CONS

– Requires trusted setup (May not be required with Sigma protocol)
– Large proof sizes (not lightweight)
– Does not provide full privacy for transaction amounts

ZEROCASH

Used in: Zcash, Horizen, Komodo, Zclassic, Bitcoin Private
In May 2014, the current successor to the Zerocoin protocol, Zerocash, was created, also by Matthew Green and others (Eli Ben-Sasson, Alessandro Chiesa, Christina Garman, Matthew Green, Ian Miers, Eran Tromer, Madars Virza).[19] It improved upon the Zerocoin concept by taking advantage of zero-knowledge proofs called zk-snarks (zero knowledge succinct non-interactive arguments of knowledge). Unlike Zerocoin, which hid coin origins and payment history, Zerocash was faster, with smaller transaction sizes, and hides transaction information on the sender, receiver and amount. Zcash is the first cryptocurrency to implement the Zerocash protocol in 2016. [20]
ZEROCASH

PROS

– Provides full anonymity. Sender, receiver and amount hidden.
– Privacy can be default?
– Fast due to small proof sizes.
– Payment amount can be optionally disclosed for auditing
– Does not require any third-party

CONS

– Requires trusted setup. (May be improved with zt-starks technology)
– Supply cannot be audited. And coins can potentially be forged without proper implementation.
– Private transactions computationally intensive (improved with Sapling upgrade)

CONFIDENTIAL TRANSACTIONS

Used in: Monero and Particl with Ring Signatures as RING-CT
The next proposal from Maxwell was that of confidential transactions, proposed in June 2015 as part of the Sidechain Elements project from Blockstream, where Maxwell was Chief Technical Officer.[21],[22] It proposed to hide the transaction amount and asset type (e.g. deposits, currencies, shares), so that only the sender and receiver are aware of the amount, unless they choose to make the amount public. It uses homomorphic encryption[23] to encrypt the inputs and outputs by using blinding factors and a kind of ring signature in a commitment scheme, so the amount can be ‘committed’ to, without the amount actually being known. I’m terribly sorry if you now have the urge to go and research exactly what that means. The takeaway is that the transaction amount can be hidden from outsiders while being verifiable.
CONFIDENTIAL TRANSACTIONS

PROS

– Hides transaction amounts
– Privacy can be default
– Mature technology
– Does not require any third-party

CONS

– Only provides transaction amount privacy when used alone

RING-CT

Used in: Monero, Particl
Then came Ring Confidential transactions, proposed by Shen-Noether of Monero Research Labs in October 2015.[24] RingCT combines the use of ring signatures for hiding sender information, with the use of confidential transactions (which also uses ring signatures) for hiding amounts. The proposal described a new type of ring signature, A Multi-layered Linkable Spontaneous Anonymous Group signature which “allows for hidden amounts, origins and destinations of transactions with reasonable efficiency and verifiable, trustless coin generation”.[25] RingCT was implemented in Monero in January 2017 and made mandatory after September 2017.
RING -CONFIDENTIAL TRANSACTIONS

PROS

– Provides full anonymity. Hides transaction amounts and receiver privacy
– Privacy can be default
– Mature technology
– Greater scalability with bulletproofs
– Does not require any third-party

CONS

– Privacy not very effective without high volume

MIMBLEWIMBLE

Used in: Grin
Mimblewimble was proposed in July 2016 by pseudonymous contributor Tom Elvis Jedusorand further developed in October 2016 by Andrew Poelstra.[26],[27] Mimblewimble is a “privacy and fungibility focused cryptocoin transaction structure proposal”.[28] The key words are transaction structure proposal, so the way the blockchain is built is different, in order to accommodate privacy and fungibility features. Mimblewimble uses the concept of Confidential transactions to keep amounts hidden, looks at private keys and transaction information to prove ownership of funds rather than using addresses, and bundles transactions together instead of listing them separately on the blockchain. It also introduces a novel method of pruning the blockchain. Grin is a cryptocurrency in development that is applying Mimblewimble. Mimblewimble is early in development and you can understand it more here [29].
MIMBLEWIMBLE

PROS

– Hides transaction amounts and receiver privacy
– Privacy is on by default
– Lightweight
– No public addresses?

CONS

– Privacy not very effective without high volume
– Sender and receiver must both be online
– Relatively new technology

ZEXE

Fresh off the minds of brilliant cryptographers (Sean Bowe, Alessandro Chiesa, Matthew Green, Ian Miers, Pratyush Mishra, Howard Wu), in October 2018 Zexe proposed a new cryptographic primitive called ‘decentralized private computation.[30] It allows users of a decentralized ledger to “execute offline computations that result in transactions”[31], but also keeps transaction amounts hidden and allows transaction validation to happen at any time regardless of computations being done online. This can have far reaching implications for privacy coins in the future. Consider cases where transactions need to be automatic and private, without both parties being present.

NETWORK PRIVACY

Privacy technologies that look at network privacy as nodes communicate with each other on the network are important considerations, rather than just looking at privacy on the blockchain itself. Anonymous layers encrypt and/or reroute data as it moves among peers, so it is not obvious who they originate from on the network. They are used to protect against surveillance or censorship from ISPs and governments. The Invisible Internet Project (I2P) is an anonymous network layer that uses end to end encryption for peers on a network to communicate with each other.[32] Its history dates back to 2003. Kovri is a Monero created implementation of I2P.[33] The Onion Router (Tor) is another anonymity layer [34]) that Verge is a privacy cryptocurrency that uses. But its historical link to the US government may be is concerning to some[35]. Dandelion transaction relay is also an upcoming Bitcoin improvement proposal (BIP) that scrambles IP data that will provide network privacy for Bitcoin as transaction and other information is transmitted.[36],[37],[38]

UPCOMING

Monero completed bulletproofs protocol updates that reduce RINGCT transaction sizes and thus transaction fee costs. (Bulletproofs are a replacement for range proofs used in confidential transactions that aid in encrypting inputs and outputs by making sure they add to zero).
Sigma Protocol – being actively researched by Zcoin team as of 2018 to replace Zerocoin protocol so that a trusted setup is not required.[39] There is a possible replacement for zk-snarks, called zk-starks, another form of zero-knowledge proof technology, that may make a trusted set-up unnecessary for zero-knowledege proof coins.[40]

PART 1 CONCLUSION OF THE PRIVACY COIN GUIDE ON THE TECHNOLOGY BEHIND PRIVACY COINS

Although Bitcoin is still a groundbreaking technology that gives us a trust-less transaction system, it has failed to live up to its expectations of privacy. Over time, new privacy technologies have arrived and are arriving with innovative and exciting solutions for Bitcoin’s lack of fungibility. It is important to note that these technologies are built on prior research and application, but we are considering their use in cryptocurrencies. Protocols are proposed based on cryptographic concepts that show how they would work, and then developers actually implement them. Please note that I did not include the possibility of improper implementation as a disadvantage, and the advantages assume that the technical development is well done. A very important point is that coins can also adapt new privacy technologies as their merits become obvious, even as they start with a specific privacy protocol. Furthermore, I am, unfortunately, positive that this is not an exhaustive overview and I am only covering publicized solutions. Next, we’ll talk more about the pros and cons and give an idea of how the coins can be compared.

There's a video version that can be watched, and you can find out how to get the second two parts if you want on my website (video link on the page): https://cryptoramble.com/guide-on-privacy-coins/
submitted by CryptoRamble to CryptoCurrencies [link] [comments]

The Privacy Coin Guide Part 1

As interest picks up in crypto again, I want to share this post I made on privacy coins again to just give the basics of their evolution. This is only part 1, and parts 2 and 3 are not available in this format, but this part is informative and basic.
If you’re looking for a quick and easy way to assess what the best privacy coin in the current space is, which has the best features, or which is most likely to give high returns, then this is not that guide. My goal is to give you the power to make your own decisions, to clearly state my biases, and educate. I really wanted to understand this niche of the crypto-space due to my background and current loyalties[1], and grasp the nuances of the features, origins and timelines of technologies used in privacy coins, while not being anything close to a developer myself. This is going to be a 3-part series, starting with an overview and basic review of the technology, then looking at its implications, and ending with why I like a specific project. It might be mildly interesting or delightfully educational. Cryptocurrencies are young and existing privacy coins are deploying technology that is a work in progress. This series assumes a basic understanding of how blockchains work, specifically as used in cryptocurrencies. If you don’t have that understanding, might I suggest that you get it? [2],[3],[4] Because cryptocurrencies have a long way to go before reaching their end-game: when the world relies on the technology without understanding it. So, shall we do a deep dive into the privacy coin space?

FIRST THERE WAS BITCOIN

Cryptocurrencies allow you to tokenize value and track its exchange between hands over time, with transaction information verified by a distributed network of users. The most famous version of a cryptocurrency in use is Bitcoin, defined as peer-to-peer electronic cash. [5] Posted anonymously in 2008, the whitepaper seemed to be in direct response to the global financial meltdown and public distrust of the conventional banking and financing systems. Although cryptographic techniques are used in Bitcoin to ensure that (i) only the owner of a specific wallet has the authority to spend funds from that wallet, (ii) the public address is linked but cannot be traced by a third party to the private address (iii) the information is stored via cryptographic hashing in a merkle tree structure to ensure data integrity, the actual transaction information is publicly visible on the blockchain and can be traced back to the individual through chain analysis.[6] This has raised fears of possible financial censorship or the metaphorical tainting of money due to its origination point, as demonstrated in the Silk Road marketplace disaster.[7] This can happen because fiat money is usually exchanged for cryptocurrency at some point, as crypto-enthusiasts are born in the real world and inevitably cash out. There are already chain analysis firms and software that are increasingly efficient at tracking transactions on the Bitcoin blockchain.[8] This lack of privacy is one of the limitations of Bitcoin that has resulted in the creation of altcoins that experiment with the different features a cryptocurrency can have. Privacy coins are figuring out how to introduce privacy in addition to the payment network. The goal is to make the cryptocurrency fungible, each unit able to be exchanged for equal value without knowledge of its transaction history – like cash, while being publicly verifiable on a decentralized network. In other words, anyone can add the math up without being able to see the full details. Some privacy solutions and protocols have popped up as a result:

CRYPTONOTE – RING SIGNATURES AND STEALTH ADDRESSES

Used in: Monero and Particl as its successor RING-CT, Bytecoin
In December 2012, CryptoNote introduced the use of ring signatures and stealth addresses (along with other notable features such as its own codebase) to improve cryptocurrency privacy.[9] An updated CryptoNote version 2 came in October 2013 [10](though there is some dispute over this timeline [11]), also authored under the name Nicolas van Saberhagen. Ring signatures hide sender information by having the sender sign a transaction using a signature that could belong to multiple users. This makes a transaction untraceable. Stealth addresses allow a receiver to give a single address which generates a different public address for funds to be received at each time funds are sent to it. That makes a transaction unlinkable. In terms of privacy, CryptoNote gave us a protocol for untraceable and unlinkable transactions. The first implementation of CryptoNote technology was Bytecoin in March 2014 (timeline disputed [12]), which spawned many children (forks) in subsequent years, a notable example being Monero, based on CryptoNote v2 in April 2014.
RING SIGNATURES and STEALTH ADDRESSES

PROS

– Provides sender and receiver privacy
– Privacy can be default
– Mature technology
– Greater scalability with bulletproofs
– Does not require any third-party

CONS

– Privacy not very effective without high volume
-Does not hide transaction information if not combined with another protocol.

COINJOIN

Used in: Dash
Bitcoin developer Gregory Maxwell proposed a set of solutions to bring privacy to Bitcoin and cryptocurrencies, the first being CoinJoin (January 28 – Aug 22, 2013).[13],[14] CoinJoin (sometimes called CoinSwap) allows multiple users to combine their transactions into a single transaction, by receiving inputs from multiple users, and then sending their outputs to the multiple users, irrespective of who in the group the inputs came from. So, the receiver will get whatever output amount they were supposed to, but it cannot be directly traced to its origination input. Similar proposals include Coinshuffle in 2014 and Tumblebit in 2016, building on CoinJoin but not terribly popular [15],[16]. They fixed the need for a trusted third party to ‘mix’ the transactions. There are CoinJoin implementations that are being actively worked on but are not the most popular privacy solutions of today. A notable coin that uses CoinJoin technology is Dash, launched in January 2014, with masternodes in place of a trusted party.
COINJOIN

PROS

– Provides sender and receiver privacy
– Easy to implement on any cryptocurrency
– Lightweight
– Greater scalability with bulletproofs
– Mature technology

CONS

– Least anonymous privacy solution. Transaction amounts can be calculated
– Even without third-party mixer, depends on wealth centralization of masternodes

ZEROCOIN

Used in: Zcoin, PIVX
In May 2013, the Zerocoin protocol was introduced by John Hopkins University professor Matthew D. Green and his graduate students Ian Miers and Christina Garman.[17] In response to the need for use of a third party to do CoinJoin, the Zerocoin proposal allowed for a coin to be destroyed and remade in order to erase its history whenever it is spent. Zero-knowledge cryptography and zero-knowledge proofs are used to prove that the new coins for spending are being appropriately made. A zero-knowledge proof allows one party to prove to another that they know specific information, without revealing any information about it, other than the fact that they know it. Zerocoin was not accepted by the Bitcoin community as an implementation to be added to Bitcoin, so a new cryptocurrency had to be formed. Zcoin was the first cryptocurrency to implement the Zerocoin protocol in 2016. [18]
ZEROCOIN

PROS

– Provides sender and receiver privacy
– Supply can be audited
– Relatively mature technology
– Does not require a third-party

CONS

– Requires trusted setup (May not be required with Sigma protocol)
– Large proof sizes (not lightweight)
– Does not provide full privacy for transaction amounts

ZEROCASH

Used in: Zcash, Horizen, Komodo, Zclassic, Bitcoin Private
In May 2014, the current successor to the Zerocoin protocol, Zerocash, was created, also by Matthew Green and others (Eli Ben-Sasson, Alessandro Chiesa, Christina Garman, Matthew Green, Ian Miers, Eran Tromer, Madars Virza).[19] It improved upon the Zerocoin concept by taking advantage of zero-knowledge proofs called zk-snarks (zero knowledge succinct non-interactive arguments of knowledge). Unlike Zerocoin, which hid coin origins and payment history, Zerocash was faster, with smaller transaction sizes, and hides transaction information on the sender, receiver and amount. Zcash is the first cryptocurrency to implement the Zerocash protocol in 2016. [20]
ZEROCASH

PROS

– Provides full anonymity. Sender, receiver and amount hidden.
– Privacy can be default?
– Fast due to small proof sizes.
– Payment amount can be optionally disclosed for auditing
– Does not require any third-party

CONS

– Requires trusted setup. (May be improved with zt-starks technology)
– Supply cannot be audited. And coins can potentially be forged without proper implementation.
– Private transactions computationally intensive (improved with Sapling upgrade)

CONFIDENTIAL TRANSACTIONS

Used in: Monero and Particl with Ring Signatures as RING-CT
The next proposal from Maxwell was that of confidential transactions, proposed in June 2015 as part of the Sidechain Elements project from Blockstream, where Maxwell was Chief Technical Officer.[21],[22] It proposed to hide the transaction amount and asset type (e.g. deposits, currencies, shares), so that only the sender and receiver are aware of the amount, unless they choose to make the amount public. It uses homomorphic encryption[23] to encrypt the inputs and outputs by using blinding factors and a kind of ring signature in a commitment scheme, so the amount can be ‘committed’ to, without the amount actually being known. I’m terribly sorry if you now have the urge to go and research exactly what that means. The takeaway is that the transaction amount can be hidden from outsiders while being verifiable.
CONFIDENTIAL TRANSACTIONS

PROS

– Hides transaction amounts
– Privacy can be default
– Mature technology
– Does not require any third-party

CONS

– Only provides transaction amount privacy when used alone

RING-CT

Used in: Monero, Particl
Then came Ring Confidential transactions, proposed by Shen-Noether of Monero Research Labs in October 2015.[24] RingCT combines the use of ring signatures for hiding sender information, with the use of confidential transactions (which also uses ring signatures) for hiding amounts. The proposal described a new type of ring signature, A Multi-layered Linkable Spontaneous Anonymous Group signature which “allows for hidden amounts, origins and destinations of transactions with reasonable efficiency and verifiable, trustless coin generation”.[25] RingCT was implemented in Monero in January 2017 and made mandatory after September 2017.
RING -CONFIDENTIAL TRANSACTIONS

PROS

– Provides full anonymity. Hides transaction amounts and receiver privacy
– Privacy can be default
– Mature technology
– Greater scalability with bulletproofs
– Does not require any third-party

CONS

– Privacy not very effective without high volume

MIMBLEWIMBLE

Used in: Grin
Mimblewimble was proposed in July 2016 by pseudonymous contributor Tom Elvis Jedusorand further developed in October 2016 by Andrew Poelstra.[26],[27] Mimblewimble is a “privacy and fungibility focused cryptocoin transaction structure proposal”.[28] The key words are transaction structure proposal, so the way the blockchain is built is different, in order to accommodate privacy and fungibility features. Mimblewimble uses the concept of Confidential transactions to keep amounts hidden, looks at private keys and transaction information to prove ownership of funds rather than using addresses, and bundles transactions together instead of listing them separately on the blockchain. It also introduces a novel method of pruning the blockchain. Grin is a cryptocurrency in development that is applying Mimblewimble. Mimblewimble is early in development and you can understand it more here [29].
MIMBLEWIMBLE

PROS

– Hides transaction amounts and receiver privacy
– Privacy is on by default
– Lightweight
– No public addresses?

CONS

– Privacy not very effective without high volume
– Sender and receiver must both be online
– Relatively new technology

ZEXE

Fresh off the minds of brilliant cryptographers (Sean Bowe, Alessandro Chiesa, Matthew Green, Ian Miers, Pratyush Mishra, Howard Wu), in October 2018 Zexe proposed a new cryptographic primitive called ‘decentralized private computation.[30] It allows users of a decentralized ledger to “execute offline computations that result in transactions”[31], but also keeps transaction amounts hidden and allows transaction validation to happen at any time regardless of computations being done online. This can have far reaching implications for privacy coins in the future. Consider cases where transactions need to be automatic and private, without both parties being present.

NETWORK PRIVACY

Privacy technologies that look at network privacy as nodes communicate with each other on the network are important considerations, rather than just looking at privacy on the blockchain itself. Anonymous layers encrypt and/or reroute data as it moves among peers, so it is not obvious who they originate from on the network. They are used to protect against surveillance or censorship from ISPs and governments. The Invisible Internet Project (I2P) is an anonymous network layer that uses end to end encryption for peers on a network to communicate with each other.[32] Its history dates back to 2003. Kovri is a Monero created implementation of I2P.[33] The Onion Router (Tor) is another anonymity layer [34]) that Verge is a privacy cryptocurrency that uses. But its historical link to the US government may be is concerning to some[35]. Dandelion transaction relay is also an upcoming Bitcoin improvement proposal (BIP) that scrambles IP data that will provide network privacy for Bitcoin as transaction and other information is transmitted.[36],[37],[38]

UPCOMING

Monero completed bulletproofs protocol updates that reduce RINGCT transaction sizes and thus transaction fee costs. (Bulletproofs are a replacement for range proofs used in confidential transactions that aid in encrypting inputs and outputs by making sure they add to zero).
Sigma Protocol – being actively researched by Zcoin team as of 2018 to replace Zerocoin protocol so that a trusted setup is not required.[39] There is a possible replacement for zk-snarks, called zk-starks, another form of zero-knowledge proof technology, that may make a trusted set-up unnecessary for zero-knowledege proof coins.[40]

PART 1 CONCLUSION OF THE PRIVACY COIN GUIDE ON THE TECHNOLOGY BEHIND PRIVACY COINS

Although Bitcoin is still a groundbreaking technology that gives us a trust-less transaction system, it has failed to live up to its expectations of privacy. Over time, new privacy technologies have arrived and are arriving with innovative and exciting solutions for Bitcoin’s lack of fungibility. It is important to note that these technologies are built on prior research and application, but we are considering their use in cryptocurrencies. Protocols are proposed based on cryptographic concepts that show how they would work, and then developers actually implement them. Please note that I did not include the possibility of improper implementation as a disadvantage, and the advantages assume that the technical development is well done. A very important point is that coins can also adapt new privacy technologies as their merits become obvious, even as they start with a specific privacy protocol. Furthermore, I am, unfortunately, positive that this is not an exhaustive overview and I am only covering publicized solutions. Next, we’ll talk more about the pros and cons and give an idea of how the coins can be compared.

There's a video version that can be watched, and you can find out how to get the second two parts if you want on my website (video link on the page): https://cryptoramble.com/guide-on-privacy-coins/
submitted by CryptoRamble to ethtrader [link] [comments]

Daily General Discussion - February 12, 2018

Welcome to the Daily General Discussion thread of /EthTrader.
Thread guidelines:
Resources and other information:
  • Newcomers who have basic questions about Ethereum can find answers by visiting /EthereumNoobies or our Ethereum Education wiki page, see here.
  • To view live streaming comments for this thread, click here. Account permissions are required to post comments through Reddit-Stream.com.
Enjoy!
submitted by AutoModerator to ethtrader [link] [comments]

RiB Newsletter #12 – ZK-Rustups

This month, what strikes us most is the proliferation of Rust cryptography, and especially zero-knowledge proof, projects. Even blockchains that aren’t primarily implemented in Rust are increasingly looking to Rust for their crypto. So many of these are springing up that we’ve lost track, so we spent some time doing a survey of the world of Rust crypto and zero-knowledge proofs, and what we found kind of blew us away! For Rust blockchain developers there are an overwhelming number of choices for their crypto building blocks. Here are some of them.
By a rough counting, 13 of the top 50 blockchains by market cap are using Rust in some way, whether primary implementations, alternate or unofficial implementanions, libraries, support code, or research projects. Those projects are: Bitcoin, Ethereum, Bitcoin Cash, Cardano, Stellar, Crypto.com, Ethereum Classic, IOTA, Zcash, Ontology, 0x, Algorand, Qtum. While reviewing these it’s notable that while an increasing number of blockchain projects are using Rust, few of the top projects are primarily implemented in Rust (the exception being Crypto.com). Yet, of course.
This month Rust-behemoth Polkadot launched their mainnet. Congrats to Parity and Polkadot contributors.


https://rustinblockchain.org/newsletters/2020-06-03-zk-rustups/
submitted by Aimeedeer to rust [link] [comments]

If mathematicians find a way to make Homomorphic Crypto work at practical speed, then privacy can be proven without trust

https://en.wikipedia.org/wiki/Homomorphic_encryption
Its the next level above end-to-end-encryption. It doesnt require ends, but if it has them, they can not be proven to exist, and there can be anywhere between 0 and infinity ends and even create and remove ends while its still encrypted.
The internet works by encrypting info between certain pairs of computers but on those computers themselves its not encrypted. Homomorphic encryption closes that security hole by keeping it encrypted both on computers and between them and it can keep computing to more and more computers (if people choose to run the homomorphic crypted programs) without any of them being able to know what they are computing. There doesnt need to be any trust across the whole internet to collaborate among billions of people and computers.
End-to-end encryption is not good enough. That just means between the computers. For example, if you send bitcoins using your computer, there might be a hacker who has access to your computer who can steal your wallet.dat file and use it himself. With homomorphic crypto, even the bitcoin program and wallet.dat would be encrypted to the extent that someone could not even detect that you are using bitcoin, and even if they knew exactly which part of the computers memory bitcoin is supposedly in and which other computers its interacting with across the internet, they still could not detect that its bitcoin running instead of some other peer to peer program. Instead, it is possible to, for example on pen and paper, calculate a number that you type into the "bitcoin running on your computer in homomorphic encrypted form" that tells it you are commanding it to move your money, or have another computer do that, in a whole web of computers that none of them can know what themself or others are doing while they are doing it. Practically, instead of using pen and paper, this means you dont have to trust apps to do the things they say they will or to keep your data private.
You could for example give facebook your personal data which facebook would be able to use for certain purposes but could not figure out what your personal data is. There would never be another large scale email apologizing for leaking your data from various websites, since they wouldnt have it but could still compute in turing-complete ways things with it.
submitted by BenRayfield to KeepOurNetFree [link] [comments]

Why you should invest in OCEAN Protocol

Why I am investing in Ocean Protocol
tl;dr
Unlocking data for AI
Partnered with; Unilever, Roche, Johnson&Johnson, Aviva, MOBI (BMW, Ford, GM)
Currently at $0.03, IEO price $0.12, ICO price $0.2.
Staking coming Q2.
THE PROBLEM
The world has a data problem. The more we create, the more we are forced to entrust it all to fewer data monopolies to profit from.
Data is also siloed, and generally hosted on proprietary databases across vast systems, geographies and business units. Whilst there have been fixes and APIs that have helped improve the sharing of corporate and public data, fundamentally this doesn’t change the fact that client-server architecture and corporate IT networks are inherently designed to prevent data sharing.
Regulation and privacy laws combine to make organisations concerned about sharing data both internally and publicly unless forced to do so. The Health Insurance Portability and Accountability Act (HIPAA) in the US or the Data Protection Act in the UK explicitly state how and what data can and cannot be shared. But these are complicated policies. The technical difficulty of implementing them, combined with bad UX means people err on the side of caution when approaching these issues. There is simply no incentive to outweigh the risk and hassle of sharing data.
Even where sharing is encouraged, current infrastructure makes monetising data through open source licensing complex and equally difficult to enforce. So ultimately, you are left with two options: give your data away for free (which what most individuals do) or hoard it and see if you can make sense of it at some time in the future (which is what most companies do). Neither is very efficient or effective.
The consequence is a few increasingly powerful companies get the vast majority of data at little cost, and large amounts of valuable data are sat dormant in siloed databases.
Simply put, there is no economic incentive to share data. This is a massive issue in the AI market (expected to be worth $70 billion in 2020 according to BoA Merrill).
The best AI techniques today, such as deep learning, need lots (and lots) of quality and relevant datasets to deliver any kind of meaningful value. Starving most new entrants (such as startups and SMEs) of the ability to compete.
AI expertise and talent is expensive and hard to come by, typically concentrating within organisations that already have the data to play with or promise to generate vast quantities of it in the future. Companies like Google, Facebook, Microsoft and Baidu swallow up almost all the best talent and computer science and AI PhDs before they even come onto the jobs market.
This creates a self-propagating cycle, increasingly benefiting a few established organisations who are able to go on to dominate their respective markets, extracting a premium for the priviledge. Think of Facebook & Google in the Ad Market, Amazon for Retail, now imagine that happening across every single industry vertical. Data leads to data network effects, and subsequent AI advantages which are extremely hard to catch up with once the flywheel starts. The way things are going, the driver-less car market will likely consolidate around one single software provider. As old industries like education, healthcare and utilities digitize their operations and start utilizing data, the same will likely happen there too.
The benefits of the 4th Industrial Revolution are in the hands of fewer and fewer organisations.
Currently the expectation is that companies, rather than trying to compete (if they want to stay in business), are expected to concede their data to one of the big tech clouds like Amazon or Microsoft to be able to extract value from it. Further extending the suppliers’ unfair advantage and increasing their own dependency. Look at autonomous vehicles, German manufacturers unable to compete with Silicon Valley’s AIs for self driving cars could be left simply making the low-value hardware whilst conceding the higher-value (and margin) software to companies that drive the intelligence that control them.
I’ve always argued companies don’t want Big Data. They want actionable intelligence. But currently most large organisations have vast dumb data in silos that they simply don’t know what to do with.
But what if…
they could securely allow AI developers to run algorithms on it whilst keeping it stored encrypted, on-premise.
And open up every database at a ‘planetary level’ and turn them into a single data marketplace.
Who would own or control it? To be frank, it would require unseen levels of trust. Data is generally very sensitive, revealing and something you typically would not want to share with your competitors. Especially in say, consumer health how could that be possible with complex privacy laws?
What’s needed is a decentralised data marketplace to connect AI developers to data owners in a compliant, secure and affordable way. Welcome to Ocean Protocol.
Why decentralised and tokenised?
Primarily because of the need for the provenance of IP, affordable payment channels, and the ensure no single entity becomes a gatekeeper to a hoard of valuable data. Gatekeeper, in the sense that they can arbitrarily ban or censor participants but also to avoid the same honeypot hacking problems we encounter in today’s centralised world.
But aren’t there already decentralised data market projects?
The Ocean team have focused their design on enabling ‘exchange protocols’, resulting in massive potential for partnerships with other players in the domain. As investors in IOTA, understanding how this could work with their Data Marketplace is an interesting case in point.
INNOVATIONS
What we like most about Ocean is they have been deploying many of the constituent parts that underpin this marketplace over the last 4 years via a number of initiatives which they are now bringing together into one unified solution:
(digital ownership & attribution) (high throughput distributed database to allow for high throughput transactions) (Scalability – build on proven BigchainDB / IPDB technology for “planetary scale”) (blockchain-ready, community-driven protocol for intellectual property licensing)
What is being added is a protocol and token designed to incentivize and program rules and behaviours into the marketplace to ensure relevant good quality data is committed, made available and fairly remunerated. The design is prepared for processing confidential data for machine learning and aggregated analysis without exposing the raw data itself. Ocean will facilitate in bringing the processing algorithms to the data through on-premise compute and, eventually, more advanced techniques, like homomorphic encryption, as they mature.
OCEAN Token
Think of the Ocean Token as the ‘crypto asset’ that serves as the commodity in the data economy to incentivise the mass coordination of resources to secure and scale the network to turn in to actionable intelligence.
If Ocean is about trading data, can’t it use an existing cryptocurrency as its token, like Bitcoin or Ether?
While existing tokens might serve as a means of exchange, the Ocean protocol requires a token of its own because it uses its a specific form of monetary policy and rewards. Users get rewarded with newly minted tokens for providing high quality, relevant data and keeping it available. This means the protocol requires control over the money supply and rules out using any existing general purpose protocols or tokens. Furthermore, from the perspective of Ocean users, volatility in an uncorrelated token would disrupt the orderly value exchange between various stakeholders in the marketplace they desire.
OCEAN Data Providers (Supplying Data)
Actors who have data and want to monetise it, can make it available through Ocean for a price. When their data is used by Data Consumers, Data Providers receive tokens in return.
OCEAN Data Curators (Quality Control)
An interesting concept to Ocean is the application of curation markets. Someone needs to decide what data on Ocean is good and which data is bad. As Ocean is a decentralised system, there can’t be a central committee to do this. Instead, anyone with domain expertise can participate as a Data Curator and earn newly minted tokens by separating the wheat from the chaff. Data Curators put an amount of tokens at stake to signal that a certain dataset is of high quality. Every time they correctly do this, they receive newly minted tokens in return.
OCEAN Registry of Actors (Keeping Bad Actors Out)
Because Ocean is an open protocol, not only does it need mechanisms to curate data, it needs a mechanism to curate the participants themselves. For this reason a Registry of Actors is part of Ocean, again applying staking of tokens to make good behaviour more economically attractive than bad behaviour.
OCEAN Keepers (Making Data Available)
The nodes in the Ocean network are called Keepers. They run the Ocean software and make datasets available to the network. Keepers receive newly minted tokens to perform their function. Data Providers need to use one or more Keepers to offer data to the network.
BRINGING IT ALL TOGETHER
Ocean is building a platform to enable a ‘global data commons’. A platform where anyone can share and be rewarded for the data they contribute where the token and protocol is designed specifically to incentivise data sharing and remuneration.
So let’s see that in the context of a single use-case: Clinical Trial Data
Note: that this use-case is provided for illustrative purposes only, to get a feel for how Ocean could work in practice. Some of the specifics of the Ocean protocol have yet to be finalised and published in the white paper, and might turn out different than described here.
Bob is a clinical physician with a data science background who uses Ocean. He knows his industry well and has experience understanding what types of clinical data are useful in trials. Charlie works at a company that regularly runs medical trials. He has collected a large amount of data for a very specific trial which has now concluded, and he believes it could be valuable for others but he doesn’t know exactly how. Charlie publishes the dataset through Ocean and judging its value (based on the cost to produce and therefore replicate), as well as his confidence in its overall quality, he stakes 5 tokens on it (to prove it is his IP, which if people want to use they must pay for). Charlie uses one of the Keeper nodes maintained by his company’s IT department. Bob, as a Data Curator of clinical trial data on Ocean, is notified of its submission, and sees no one has challenged its ownership. By looking at a sample he decides the data is of good quality and based on how broad its utility could be he stakes 10 Ocean tokens to back his judgement. Bob is not alone and quickly a number of other Data Curators with good reputation also evaluate the data and make a stake. By this point a number of AI developers see Charlie’s dataset is becoming popular and purchase it through Ocean. Charlie, Bob and the other curators get rewarded in newly minted tokens, proportional to the amount they staked and the number of downloads. The Keeper node at Charlie’s company regularly receives a request to cryptographically prove it still has the data available. Each time it answers correctly, it also receives some newly minted tokens. When Bob and Charlie signed up to join Ocean, they staked some tokens to get added to the Registry of Actors. Eve also wants to join Ocean. She stakes 100 tokens to get added to The Registry of Actors. Eve is actually a malicious actor. She purchases Charlie’s dataset through Ocean, then claims it’s hers and publishes it under her own account for a slightly lower price. Furthermore, she creates several more “sock puppet” accounts, each with some more tokens staked to join, to serve as Data Curators and vouch for her copy of the dataset. Bob and Charlie discover Eve’s malice. They successfully challenge Eve and her sock puppet accounts in the Registry of Actors. Eve and her sock puppet accounts get removed from the Registry of Actors and she loses all staking tokens.
APPROACH, TRACTION & TEAM
I am greatly encouraged by the fact that Ocean were aligned to building what we term a Community Token Economy (CTE) where multiple stakeholders ( & ) partner early on to bring together complementary skills and assets.
As two existing companies (one already VC backed) they are committing real code and IP already worth several million in value*.
*This is an important point to remember when considering the valuation and token distribution of the offering.
The open, inclusive, transparent nature of IPDB foundation bodes well for how Ocean will be run and how it will solve complex governance issues as the network grows.
I am also impressed with the team’s understanding of the importance of building a community. They understand that networks are only as powerful as the community that supports it. This is why they have already signed key partnerships with XPrize Foundation, SingularityNet, Mattereum, Integration Alpha and ixo Foundation as well as agreeing an MOU with the Government of Singapore to provide coverage and indemnification for sandboxes for data sharing.
The team understands that the decentralisation movement is still in its early stages and that collaborative and partnership is a more effective model than competition and going it alone.
PLACE IN THE CONVERGENCE ECOSYSTEM STACK
Ocean protocol is a fundamental requirement for the Convergence Ecosystem Stack. It is a protocol that enables a thriving AI data marketplace. It is complementary to our other investments in IOTA and SEED both of whom provide a marketplace for machine data and bots respectively.
Marketplaces are critical to the development of the Convergence Ecosystem as they enable new data-based and tokenised business models that have never before been possible to unlock value. Distributed ledgers, blockchains and other decentralization technologies are powerful tools for authenticating, validating, securing and transporting data; but it will be marketplaces that will enable companies to build sustainable businesses and crack open the incumbent data monopolies. IOTA, SEED and now Ocean are unlocking data for more equitable outcomes for users.
submitted by Econcrypt to CryptoMoonShots [link] [comments]

Enigma Set to Bring Privacy to Ethereum

Enigma Set to Bring Privacy to Ethereum submitted by its_part_of_trade to CryptoCurrency [link] [comments]

Threshold Signature Explained— Bringing Exciting Applications with TSS

Threshold Signature Explained— Bringing Exciting Applications with TSS
— A deep dive into threshold signature without mathematics by ARPA’s cryptographer Dr. Alex Su

https://preview.redd.it/cp0wib2mk0q41.png?width=757&format=png&auto=webp&s=d42056f42fb16041bc512f10f10fed56a16dc279
Threshold signature is a distributed multi-party signature protocol that includes distributed key generation, signature, and verification algorithms.
In recent years, with the rapid development of blockchain technology, signature algorithms have gained widespread attention in both academic research and real-world applications. Its properties like security, practicability, scalability, and decentralization of signature are pored through.
Due to the fact that blockchain and signature are closely connected, the development of signature algorithms and the introduction of new signature paradigms will directly affect the characteristics and efficiency of blockchain networks.
In addition, institutional and personal account key management requirements stimulated by distributed ledgers have also spawned many wallet applications, and this change has also affected traditional enterprises. No matter in the blockchain or traditional financial institutions, the threshold signature scheme can bring security and privacy improvement in various scenarios. As an emerging technology, threshold signatures are still under academic research and discussions, among which there are unverified security risks and practical problems.
This article will start from the technical rationale and discuss about cryptography and blockchain. Then we will compare multi-party computation and threshold signature before discussing the pros and cons of different paradigms of signature. In the end, there will be a list of use cases of threshold signature. So that, the reader may quickly learn about the threshold signature.
I. Cryptography in Daily Life
Before introducing threshold signatures, let’s get a general understanding of cryptography. How does cryptography protect digital information? How to create an identity in the digital world? At the very beginning, people want secure storage and transmission. After one creates a key, he can use symmetric encryption to store secrets. If two people have the same key, they can achieve secure transmission between them. Like, the king encrypts a command and the general decrypts it with the corresponding key.
But when two people do not have a safe channel to use, how can they create a shared key? So, the key exchange protocol came into being. Analogously, if the king issues an order to all the people in the digital world, how can everyone proves that the sentence originated from the king? As such, the digital signature protocol was invented. Both protocols are based on public key cryptography, or asymmetric cryptographic algorithms.


“Tiger Rune” is a troop deployment tool used by ancient emperor’s, made of bronze or gold tokens in the shape of a tiger, split in half, half of which is given to the general and the other half is saved by the emperor. Only when two tiger amulets are combined and used at the same time, will the amulet holder get the right to dispatch troops.
Symmetric and asymmetric encryption constitute the main components of modern cryptography. They both have three fixed parts: key generation, encryption, and decryption. Here, we focus on digital signature protocols. The key generation process generates a pair of associated keys: the public key and the private key. The public key is open to everyone, and the private key represents the identity and is only revealed to the owner. Whoever owns the private key has the identity represented by the key. The encryption algorithm, or signature algorithm, takes the private key as input and generate a signature on a piece of information. The decryption algorithm, or signature verification algorithm, uses public keys to verify the validity of the signature and the correctness of the information.
II. Signature in the Blockchain
Looking back on blockchain, it uses consensus algorithm to construct distributed books, and signature provides identity information for blockchain. All the transaction information on the blockchain is identified by the signature of the transaction initiator. The blockchain can verify the signature according to specific rules to check the transaction validity, all thanks to the immutability and verifiability of the signature.
For cryptography, the blockchain is more than using signature protocol, or that the consensus algorithm based on Proof-of-Work uses a hash function. Blockchain builds an infrastructure layer of consensus and transaction through. On top of that, the novel cryptographic protocols such as secure multi-party computation, zero-knowledge proof, homomorphic encryption thrives. For example, secure multi-party computation, which is naturally adapted to distributed networks, can build secure data transfer and machine learning platforms on the blockchain. The special nature of zero-knowledge proof provides feasibility for verifiable anonymous transactions. The combination of these cutting-edge cryptographic protocols and blockchain technology will drive the development of the digital world in the next decade, leading to secure data sharing, privacy protection, or more applications now unimaginable.
III. Secure Multi-party Computation and Threshold Signature
After introducing how digital signature protocol affects our lives, and how to help the blockchain build identities and record transactions, we will mention secure multi-party computation (MPC), from where we can see how threshold signatures achieve decentralization. For more about MPC, please refer to our previous posts which detailed the technical background and application scenarios.
MPC, by definition, is a secure computation that several participants jointly execute. Security here means that, in one computation, all participants provide their own private input, and can obtain results from the calculation. It is not possible to get any private information entered by other parties. In 1982, when Prof. Yao proposed the concept of MPC, he gave an example called the “Millionaires Problem” — two millionaires who want to know who is richer than the other without telling the true amount of assets. Specifically, the secure multiparty computation would care about the following properties:
  • Privacy: Any participant cannot obtain any private input of other participants, except for information that can be inferred from the computation results.
  • Correctness and verifiability: The computation should ensure correct execution, and the legitimacy and correctness of this process should be verifiable by participants or third parties.
  • Fairness or robustness: All parties involved in the calculation, if not agreed in advance, should be able to obtain the computation results at the same time or cannot obtain the results.
Supposing we use secure multi-party computation to make a digital signature in a general sense, we will proceed as follows:
  • Key generation phase: all future participants will be involved together to do two things: 1) each involved party generates a secret private key; 2) The public key is calculated according to the sequence of private keys.
  • Signature phase: Participants joining in a certain signature use their own private keys as private inputs, and the information to be signed as a public input to perform a joint signature operation to obtain a signature. In this process, the privacy of secure multi-party computing ensures the security of private keys. The correctness and robustness guarantee the unforgeability of the signature and everyone can all get signatures.
  • Verification phase: Use the public key corresponding to the transaction to verify the signature as traditional algorithm. There is no “secret input” during the verification, this means that the verification can be performed without multi-party computation, which will become an advantage of multi-party computation type distributed signature.
The signature protocol constructed on the idea of ​​secure multiparty computing is the threshold signature. It should be noted that we have omitted some details, because secure multiparty computing is actually a collective name for a type of cryptographic protocol. For different security assumptions and threshold settings, there are different construction methods. Therefore, the threshold signatures of different settings will also have distinctive properties, this article will not explain each setting, but the comparative result with other signature schemes will be introduced in the next section.
IV. Single Signature, Multi-Signature and Threshold Signature
Besides the threshold signature, what other methods can we choose?
Bitcoin at the beginning, uses single signature which allocates each account with one private key. The message signed by this key is considered legitimate. Later, in order to avoid single point of failure, or introduce account management by multiple people, Bitcoin provides a multi-signature function. Multi-signature can be simply understood as each account owner signs successively and post all signatures to the chain. Then signatures are verified in order on the chain. When certain conditions are met, the transaction is legitimate. This method achieves a multiple private keys control purpose.
So, what’s the difference between multi-signature and threshold signature?
Several constraints of multi-signature are:
  1. The access structure is not flexible. If an account’s access structure is given, that is, which private keys can complete a legal signature, this structure cannot be adjusted at a later stage. For example, a participant withdraws, or a new involved party needs to change the access structure. If you must change, you need to complete the initial setup process again, which will change the public key and account address as well.
  2. Less efficiency. The first is that the verification on chain consumes power of all nodes, and therefore requires a processing fee. The verification of multiple signatures is equivalent to multiple single signatures. The second is performance. The verification obviously takes more time.
  3. Requirements of smart contract support and algorithm adaptation that varies from chain to chain. Because multi-sig is not naturally supported. Due to the possible vulnerabilities in smart contracts, this support is considered risky.
  4. No anonymity, this is not able to be trivially called disadvantage or advantage, because anonymity is required for specific conditions. Anonymity here means that multi-signature directly exposes all participating signers of the transaction.
Correspondingly, the threshold signature has the following features:
  1. The access structure is flexible. Through an additional multi-party computation, the existing private key sequence can be expanded to assign private keys to new participants. This process will not expose the old and newly generated private key, nor will it change the public key and account address.
  2. It provides more efficiency. For the chain, the signature generated by the threshold signature is not different from a single signature, which means the following improvements : a) The verification is the same as the single signature, and needs no additional fee; b ) the information of the signer is invisible, because for other nodes, the information is decrypted with the same public key; c) No smart contract on chain is needed to provide additional support.
In addition to the above discussion, there is a distributed signature scheme supported by Shamir secret sharing. Secret sharing algorithm has a long history which is used to slice information storage and perform error correction information. From the underlying algorithm of secure computation to the error correction of the disc. This technology has always played an important role, but the main problem is that when used in a signature protocol, Shamir secret sharing needs to recover the master private key.
As for multiple signatures or threshold signature, the master private key has never been reconstructed, even if it is in memory or cache. this short-term reconstruction is not tolerable for vital accounts.
V. Limitations
Just like other secure multi-party computation protocols, the introduction of other participants makes security model different with traditional point-to-point encrypted transmission. The problem of conspiracy and malicious participants were not taken into account in algorithms before. The behavior of physical entities cannot be restricted, and perpetrators are introduced into participating groups.
Therefore, multi-party cryptographic protocols cannot obtain the security strength as before. Effort is needed to develop threshold signature applications, integrate existing infrastructure, and test the true strength of threshold signature scheme.
VI. Scenarios
1. Key Management
The use of threshold signature in key management system can achieve a more flexible administration, such as ARPA’s enterprise key management API. One can use the access structure to design authorization pattern for users with different priorities. In addition, for the entry of new entities, the threshold signature can quickly refresh the key. This operation can also be performed periodically to level up the difficulty of hacking multiple private keys at the same time. Finally, for the verifier, the threshold signature is not different from the traditional signature, so it is compatible with old equipments and reduces the update cost. ARPA enterprise key management modules already support Elliptic Curve Digital Signature Scheme secp256k1 and ed25519 parameters. In the future, it will be compatible with more parameters.

https://preview.redd.it/c27zuuhdl0q41.png?width=757&format=png&auto=webp&s=26d46e871dadbbd4e3bea74d840e0198dec8eb1c
2. Crypto Wallet
Wallets based on threshold signature are more secure because the private key doesn’t need to be rebuilt. Also, without all signatures posted publicly, anonymity can be achieved. Compared to the multi-signature, threshold signature needs less transaction fees. Similar to key management applications, the administration of digital asset accounts can also be more flexible. Furthermore, threshold signature wallet can support various blockchains that do not natively support multi-signature, which reduces the risk of smart contracts bugs.

Conclusion

This article describes why people need the threshold signature, and what inspiring properties it may bring. One can see that threshold signature has higher security, more flexible control, more efficient verification process. In fact, different signature technologies have different application scenarios, such as aggregate signatures not mentioned in the article, and BLS-based multi-signature. At the same time, readers are also welcomed to read more about secure multi-party computation. Secure computation is the holy grail of cryptographic protocols. It can accomplish much more than the application of threshold signatures. In the near future, secure computation will solve more specific application questions in the digital world.

About Author

Dr. Alex Su works for ARPA as the cryptography researcher. He got his Bachelor’s degree in Electronic Engineering and Ph.D. in Cryptography from Tsinghua University. Dr. Su’s research interests include multi-party computation and post-quantum cryptography implementation and acceleration.

About ARPA

ARPA is committed to providing secure data transfer solutions based on cryptographic operations for businesses and individuals.
The ARPA secure multi-party computing network can be used as a protocol layer to implement privacy computing capabilities for public chains, and it enables developers to build efficient, secure, and data-protected business applications on private smart contracts. Enterprise and personal data can, therefore, be analyzed securely on the ARPA computing network without fear of exposing the data to any third party.
ARPA’s multi-party computing technology supports secure data markets, precision marketing, credit score calculations, and even the safe realization of personal data.
ARPA’s core team is international, with PhDs in cryptography from Tsinghua University, experienced systems engineers from Google, Uber, Amazon, Huawei and Mitsubishi, blockchain experts from the University of Tokyo, AIG, and the World Bank. We also have hired data scientists from CircleUp, as well as financial and data professionals from Fosun and Fidelity Investments.
For more information about ARPA, or to join our team, please contact us at [email protected].
Learn about ARPA’s recent official news:
Telegram (English): https://t.me/arpa_community
Telegram (Việt Nam): https://t.me/ARPAVietnam
Telegram (Russian): https://t.me/arpa_community_ru
Telegram (Indonesian): https://t.me/Arpa_Indonesia
Telegram (Thai): https://t.me/Arpa_Thai
Telegram (Philippines):https://t.me/ARPA_Philippines
Telegram (Turkish): https://t.me/Arpa_Turkey
Korean Chats: https://open.kakao.com/o/giExbhmb (Kakao) & https://t.me/arpakoreanofficial (Telegram, new)
Medium: https://medium.com/@arpa
Twitter: u/arpaofficial
Reddit: https://www.reddit.com/arpachain/
Facebook: https://www.facebook.com/ARPA-317434982266680/54
submitted by arpaofficial to u/arpaofficial [link] [comments]

Celare: “Safe deposit box” for data and assets, protecting privacy and security

Celare: “Safe deposit box” for data and assets, protecting privacy and security

https://preview.redd.it/dlbc4vuw3vn41.jpg?width=960&format=pjpg&auto=webp&s=9553b6c323d285750eab6161ead41d5ab4292125
Privacy security is a growing problem.
On March 19, the sale of 538 million users’ data from Weibo in the form of bitcoin on the Deep Web has raised the issue of privacy security again.
The 36kr analyzed the process for the leak of personal information on Weibo. Hackers upload fake mobile phone address books in batches through the relevant interface of Weibo to match the friend’s account information,then he can match the identity information of the user account successfully.
In fact, with the development of technology, the problem of personal information leakage tends to be more and more dangerous. Even if you take precautions, personal information can become part of the thousands of messages that hackers sell.
With the arrival of the information era, data has become a resource that many businesses compete for, which has given rise to a series of privacy security problems and also spawned a series of gray industrial chains. The privacy of users has gradually become a commodity with a precise price tag. Facebook, Microsoft, Apple, and other global giants have all been exposed for collecting users’ privacy, which still happens.
Data networks can help people to a better life. Still, a series of data privacy problem is to violate the rights and interests of users, such as data leakage by people they know and privacy exposure. The protection of privacy and security has become an urgent issue, but in the centralized system, how to use the data depends on the controller’s preference, and the user never has the dominant right.
Decentralized blockchain is now becoming a better solution to privacy and security problems.
Celare anonymous technology solutions created by blockchain will effectively guarantee the privacy security of users.
https://preview.redd.it/y7mlz6e04vn41.jpg?width=4840&format=pjpg&auto=webp&s=ae3e6ea8e50344d2ffc878010901d59407639ca3
Anonymity is safety
How to ensure the privacy of users? The answer is anonymity.
There are many projects with anonymous technology in the blockchain.
Whether it is the Zero-Knowledge proof mechanism of ZCash, the CoinJoin Scheme of Dash, or the Ring confidential transaction mechanism of XMR, it can ensure the anonymity of transactions to a certain extent and guarantee the users privacy and security.
Celare also uses anonymity to protect users’ privacy. It is the first cross-chain anonymous privacy solution of all digital assets on Polkadot ecology, which is based on blockchain decentralization. Celare has designed a new anonymous mechanism,Non-interactive Zero Knowledge Proof,based on the existing technology. Compared with zero-knowledge proof, the non-interactive system has a more reliable anonymous function, which can completely solve the problem of transaction tracking and protect user privacy.
https://preview.redd.it/2j2lqza44vn41.png?width=1738&format=png&auto=webp&s=84284e2d1d1059790318a61c75da7d4d82973f81
When choosing the zk-SNARK Zero-Knowledge proof curve, Celare chose BLS12–381 curve with a higher security coefficient, which is higher than that of BN128, to guarantee Celare’s top privacy and anonymity.
The method of zero-knowledge proof in practical application is as follows:
When the user registers, the identity information is stored on the server in the form of digital commitment. In the process of identity authentication, the user authenticates himself to the server as a member of the registered user by using the member proof scheme, to avoid the user presenting his identity information to the server every time he logs in.
It is just one fundamental part of Celare’s efforts to protect users’ privacy.
Celare also adds a fully homomorphic encryption scheme in the chain, which can perform arbitrary calculations on the ciphertext without decryption. It is just one of the basics of Celare’s efforts to protect users’ privacy. Full homomorphic encryption can perform arbitrary calculations on the ciphertext without decryption. So the problem of data privacy security can be solved quickly without losing computability.
The comprehensive security technology system is one aspect of Celare protection of user privacy. Besides, Celare uses authorization technology to truly realize that the user is the master of the data, allowing users to control their data freely.
https://preview.redd.it/z7o9ips64vn41.jpg?width=900&format=pjpg&auto=webp&s=ad1cef93b7007b8a55931cc29ff3c986bd33a5f4
Safe and efficient
Safety is only the first step.
What Celare seeks is safety and efficiency.
As is known to all, the three anonymous tokens, Dash, XMR, ZEC, are still used in the field of payment and cannot be further expanded. The reason is that the system does not support smart contracts. And scalability is too low for large-scale commercial use, especially at the data interaction level.
To avoid the limits of anonymous cryptocurrency and better promote the anonymous technology into a broader field, Celare innovative introduced intelligent contracts into its system, which significantly improved Celare efficiency and laid a good foundation for its large-scale commercial use.
Since Celare is a public chain developed based on Polkadot Substrate, it follows Polkadot’s PoS consensus algorithm and contract technology. To maintain the speed and efficiency of data transmission on the chain, Celare will establish a large-scale PoS node network capable of supporting nearly a thousand consensus nodes, infinitely reducing the block out time and ultimately determining the delay time of it.
The high TPS brought by large-scale nodes will provide a technical guarantee for Celare’s widespread application. It also means each transaction of users can be conducted at high speed under the anonymous environment, which not only ensures users’ privacy security but also enables them to enjoy the free experience and indeed promotes the implementation of blockchain technology.
https://preview.redd.it/ds5oqkmc4vn41.jpg?width=800&format=pjpg&auto=webp&s=bbde16cee5e55393984853258240d878d7de3f63
Break the information isolated island, link multiple public chains
Security and efficiency are only part of the Celare blockchain infrastructure. Also, Celare has built a cross-chain technology to interconnect multiple public chains.
For a long time, information cannot be transferred, and digital assets cannot be traded between each public chain, which significantly limits the application space of blockchain. Cross-chain technology came into being, among which Polkadot is the outstanding one.
Celare cross-chain technology also relies on Polkadot. Its internal logic is that the user locks the assets on the original chain and then issues the mapped assets on the target chain. At the same time, the user can apply for a withdrawal on the target chain and unlock the original one.
https://preview.redd.it/hvhnjkqg4vn41.png?width=1406&format=png&auto=webp&s=4d7073000da580b1f897128b4d21f71d49dc4a62
Celare cross-chain technology will further protect users’ privacy and security, which means users can quickly transfer their data and digital assets from other chains to the Celare chain. It helps users consolidate all the data on different chains into a Celare account for easy management. With the help of Celare privacy protection technology, the security of users’ private data is truly guaranteed.
Since the establishment of the project, Celare’s mission has always been to protect users’ privacy and security. Therefore, Celare makes various development and further expansion to better service and privacy and ensure users’ privacy and security.
In the future, Celare will break the barrier of cross-chain assets and truly protect user privacy and anonymity.
Contact Us:
Twitter: @CelareCommunity
Telegram: Celare Community
submitted by Celarecommunity to u/Celarecommunity [link] [comments]

PlatON Algorithm Scientist Dr. Xiang Xie: Privacy-Preserving Computation is the Only Solution for Privacy Disclosure

PlatON Algorithm Scientist Dr. Xiang Xie: Privacy-Preserving Computation is the Only Solution for Privacy Disclosure
On Mar.25, 2020, PlatON Algorithm Scientist Dr. Xiang Xie joined in TokenInsight’s AMA as the special guest to talk about the solution that privacy-preserving computation provides for privacy disclosure issues and shared the latest development of PlatON’s privacy-preserving computation.
https://preview.redd.it/x8dh7o24u1p41.jpg?width=1564&format=pjpg&auto=webp&s=9bdc434f22824ea2a45a6136901c9058a5e253ce
How Do You Think about the Recent Privacy Disclosure Issue of Sina Weibo?
Dr. Xie: Truth be told, many internet firms collect and even use data privacy for illegal profit without the permissions from users, and there are potential risks of privacy disclosure issues under incorrect operation and management undoubtedly.
The conflict between the business model of traditional internet giants and the privacy protection of users can’t not be ignored and that’s what we wish to avoid in our new architect; Besides, the centralized model of internet is highly-effective and high-performing in the organization management and business processing, while brings the risk of privacy disclosure. Sina Weibo’s privacy disclosure event is resulted from the private data management issues.
The information disclosure issues won’t be solved by technologies or innovative architecture completely, but by distributed architectures to protect all data instead. Data protection is totally different from data storage. Thus, privacy-preserving computation, in my opinion, is the only solution for stopping the data privacy from being leaked, and also the first vision of PlatON.


In Your Opinion, Whether If PlatON’s Technologies Can Solve the Data Scandal of Top Platforms from a Technical Standpoint?
Dr. Xie: Privacy disclosure issues happen when applying data, and PlatON’s privacy-preserving computation aims at protecting data privacy in data circulation.
With cryptography technologies applied and integrated in PlatON’s privacy-preserving computation, the possibilities of information leakage from hackers have been reduced to the great extent.
PlatON serves as a blockchain-based infrastructure for distributed economies to provide support for upper-layer economic activities; and a privacy-preserving computation solution provider to protect the data privacy in the data circulation. Thus, we aim at building a completely digitalized distributed infrastructure with long-term investment and efforts, and completing it with all talented developers worldwide.


How Do You Think about Blockchain’s Role in Privacy-Preserving Computation?
Dr. Xie: Blockchain is irrelevant to privacy-preserving computation. Blockchain is dated back from bitcoin. However, there is no privacy-preserving design for bitcoin according to its Whitepaper. Plus, bitcoin and cryptocurrency haven’t applied any cryptography algorithms, but only signature and Hash instead.
Blockchain is transparent and distributed with all data backed up to be available to all people, thus it definitely has no privacy-preserving features. On the contrary, blockchain can serve as the distributed infrastructure to help with payment. In conclusion, blockchain is independent of privacy-preserving computation, while they are mutual complementary. Privacy-preserving computation, located at the upper part, protects the data privacy, while blockchain, located at the lower part as the infrastructure for distributed economies, provides payment and settlement functions.


Can You Share PlatON’s Technology Architecture of Privacy-Preserving Computation?
Dr. Xie: Privacy-preserving computation is a big topic, and different teams have different routines. PlatON focuses on cryptography technologies and combines trusted hardware to implement privacy-preserving computation. PlatON’s privacy-preserving computation architecture, from the bottom to top, consists of basic cryptography algorithms, blockchain, Privacy AI and privacy data platforms, for the purpose of delivering the deployable and operational products rather than technology itself. Cryptography is just a technology implementation.


Can You Share PlatON’s Biggest Achievement in 2019 and the Development Plan in 2020?
Dr. Xie: We’ve done a deep research on the data privacy-preserving and the potential emergent market since the very beginning we started PlatON. Then we’ve explored and finished the technology model selection and engineering, finally realized the huge potential of AI in both application and marketing.
The biggest achievement in 2019 is that we have settled Privacy AI as the core direction of PlatON, organized a strong AI team, and determined both the technology architecture and product architecture with our cryptography team.
In 2020, we will announce two important products: Rosetta, a Privacy AI architecture developed under the combination of cryptography and AI architecture such as Tensorflow, and Data Bank. Then start the growth of both product and community accordingly.


PlatON CEO Mr. Sun Has Highlighted the Internet of Everything, does that Mean IoT Will Show Support on Privacy AI by Providing Massive Data of Interconnected Devices?
Dr. Xie: I think we should consider it based on the whole life circle of data rather than a pure tech viewpoint.
There are four stages of data’s life circle: collection & production, storage & computation, distribution & exchange, and analysis & processing. IoT is the entrance of data, advanced devices collect data, then PlatON collaborates with partners to build an ecosystem; innovative technologies such as distributed ledgers are the main solution of data’s distribution and exchange; and the analysis and processing of data will be performed by AI and big data.
PlatON, with its layout design based on the whole life circle of data, aims at facilitating the data circulation by leveraging privacy-preserving computation.


Can You Share More Details about PlatON’s Grants Program?
Dr. Xie: Grants program plays an important role in building PlatON community, and the PlatON ecosystem contributed and co-hosted by developers worldwide. We will incubate and provide funding for the projects selected out after evaluation and communication.
Since it’s released, we’ve received plenty of applications on blockchain and privacy-preserving computation including supporting tools, contract development, and algorithms and acceleration of software & hardware of MPC (Multi-Party Computation), ZKP (Zero-Knowledge Proof), HE (Homomorphic Encryption), from top colleges, startups, communities, etc.
My profession and experience start from cryptography, I know the complexity of it and the whole PlatON team admires team spirit, or community spirit. To complete a long-term and meaningful work, joint effort is a must. Thus, we sincerely welcome more developers that are interested in blockchain, cryptography and data privacy to join us, helping complete the PlatON ecosystem. Privacy AI is surely a part of Grants program, we look forward to working with all talents worldwide.


Whether if Zero-Knowledge Proof Can be Applied in Massive Business Practice, and How’s the Marketing Demand?
Dr. Xie: Zero-Knowledge Proof’s research and development direction is closely relative to it’s business practical. Our goal is to provide solutions rather than being commonly used only. When demands get more complicated, algorithms need to be improved, and can be applied in more business practices when they get better and better. They must have gone through iterations gradually to fit the marketing demand. So far, ZKP is still in its early stage, and needs to improve.


Can You Share the True Demands and Businesses of MPC?
Dr. Xie: MPC fits Privacy AI to some extent, and even has emergent and specific demands. There is a conflict on the collection and application of data. For Privacy AI, the more data the better, which help improve the accuracy of model. For data asset, however, data is private and needs to be protected.
MPC, with its paradigm for this conflict, is just the solution. Seen from that, cryptography is used to solve all kinds of conflicts and needed by many enterprises that are sensitive about data.
Currently, institutes and firms at home and abroad are all exploring the combination of privacy-preserving computation and AI, and havestepped into this field. PlatON stands ahead with its huge investment and solid engineering implementation.


How Do You Think About Ethereum’s Joining in Privacy-Preserving Computation Ecosystem?
Dr. Xie: It’s evitable. Ethereum is the“World’s Computer”, to serve the world, it needs to bear massive data. Thus, the data privacy issues start, and Ethereum will apply more cryptography technologies to support the completeness of the whole network. Actually, Ethereum 2.0 has many tools and designs with regard to privacy-preserving computation and cryptography. In addition, we are optimistic and confident about the future of Ethereum, and we have a significant collaboration with Ethereum on MPC, and community as well.
submitted by PlatON_Network to PlatONNetwork [link] [comments]

Technical: Upcoming Improvements to Lightning Network

Price? Who gives a shit about price when Lightning Network development is a lot more interesting?????
One thing about LN is that because there's no need for consensus before implementing things, figuring out the status of things is quite a bit more difficult than on Bitcoin. In one hand it lets larger groups of people work on improving LN faster without having to coordinate so much. On the other hand it leads to some fragmentation of the LN space, with compatibility problems occasionally coming up.
The below is just a smattering sample of LN stuff I personally find interesting. There's a bunch of other stuff, like splice and dual-funding, that I won't cover --- post is long enough as-is, and besides, some of the below aren't as well-known.
Anyway.....

"eltoo" Decker-Russell-Osuntokun

Yeah the exciting new Lightning Network channel update protocol!

Advantages

Myths

Disadvantages

Multipart payments / AMP

Splitting up large payments into smaller parts!

Details

Advantages

Disadvantages

Payment points / scalars

Using the magic of elliptic curve homomorphism for fun and Lightning Network profits!
Basically, currently on Lightning an invoice has a payment hash, and the receiver reveals a payment preimage which, when inputted to SHA256, returns the given payment hash.
Instead of using payment hashes and preimages, just replace them with payment points and scalars. An invoice will now contain a payment point, and the receiver reveals a payment scalar (private key) which, when multiplied with the standard generator point G on secp256k1, returns the given payment point.
This is basically Scriptless Script usage on Lightning, instead of HTLCs we have Scriptless Script Pointlocked Timelocked Contracts (PTLCs).

Advantages

Disadvantages

Pay-for-data

Ensuring that payers cannot access data or other digital goods without proof of having paid the provider.
In a nutshell: the payment preimage used as a proof-of-payment is the decryption key of the data. The provider gives the encrypted data, and issues an invoice. The buyer of the data then has to pay over Lightning in order to learn the decryption key, with the decryption key being the payment preimage.

Advantages

Disadvantages

Stuckless payments

No more payments getting stuck somewhere in the Lightning network without knowing whether the payee will ever get paid!
(that's actually a bit overmuch claim, payments still can get stuck, but what "stuckless" really enables is that we can now safely run another parallel payment attempt until any one of the payment attempts get through).
Basically, by using the ability to add points together, the payer can enforce that the payee can only claim the funds if it knows two pieces of information:
  1. The payment scalar corresponding to the payment point in the invoice signed by the payee.
  2. An "acknowledgment" scalar provided by the payer to the payee via another communication path.
This allows the payer to make multiple payment attempts in parallel, unlike the current situation where we must wait for an attempt to fail before trying another route. The payer only needs to ensure it generates different acknowledgment scalars for each payment attempt.
Then, if at least one of the payment attempts reaches the payee, the payee can then acquire the acknowledgment scalar from the payer. Then the payee can acquire the payment. If the payee attempts to acquire multiple acknowledgment scalars for the same payment, the payer just gives out one and then tells the payee "LOL don't try to scam me", so the payee can only acquire a single acknowledgment scalar, meaning it can only claim a payment once; it can't claim multiple parallel payments.

Advantages

Disadvantages

Non-custodial escrow over Lightning

The "acknowledgment" scalar used in stuckless can be reused here.
The acknowledgment scalar is derived as an ECDH shared secret between the payer and the escrow service. On arrival of payment to the payee, the payee queries the escrow to determine if the acknowledgment point is from a scalar that the escrow can derive using ECDH with the payer, plus a hash of the contract terms of the trade (for example, to transfer some goods in exchange for Lightning payment). Once the payee gets confirmation from the escrow that the acknowledgment scalar is known by the escrow, the payee performs the trade, then asks the payer to provide the acknowledgment scalar once the trade completes.
If the payer refuses to give the acknowledgment scalar even though the payee has given over the goods to be traded, then the payee contacts the escrow again, reveals the contract terms text, and requests to be paid. If the escrow finds in favor of the payee (i.e. it determines the goods have arrived at the payer as per the contract text) then it gives the acknowledgment scalar to the payee.

Advantages

Disadvantages

Payment decorrelation

Because elliptic curve points can be added (unlike hashes), for every forwarding node, we an add a "blinding" point / scalar. This prevents multiple forwarding nodes from discovering that they have been on the same payment route. This is unlike the current payment hash + preimage, where the same hash is used along the route.
In fact, the acknowledgment scalar we use in stuckless and escrow can simply be the sum of each blinding scalar used at each forwarding node.

Advantages

Disadvantages

submitted by almkglor to Bitcoin [link] [comments]

How to mine SERO coins on your PC and earn SERO coins What is HOMOmorphic encryption?? 04 Jeff Hoffstein on Fully Homomorphic Encryption from the Ground Up The future will be decentralized. Сryptocurrency  Charles Hoskinson  TEDx

Homomorphic encryption is a method that computes on encrypted data. It gets the same result from the computation of the original data, and it uses proxy reencryption technology to protect the selected ciphertext from being attacked. To sum up, in order to protect the security of network environment, the use of blockchain and edge computing technology can reinforce the privacy protection and ... Still, there are reasons to be optimistic about the future. In 2009, Craig Gentry, a Stanford PhD researcher, published a thesis on fully homomorphic encryption using ideal lattices. His work provided a method to construct a homomorphic encryption system at par with conventional systems. Consequently, research in the field has been spurred once ... Homomorphic encryption and Bitcoin. by jimrandomh 1 min read 19th May 2011 9 comments. 5. Personal Blog. BitCoin is a recently introduced currency, based on public-key cryptography combined with a peer-to-peer network for verifying transactions. I've been thinking a lot about BitCoin recently, and particularly about BitCoin's main weakness: if your computer is compromised, an attacker could ... You are here: Home / Crypto Blog / Bitcoin / Homomorphic Encryption & What it Means for Blockchain. Homomorphic Encryption & What it Means for Blockchain January 14, 2019 / in Bitcoin / by Crypto News. For those not familiar with cryptography, encryption, in its most basic sense, is a cryptographic equivalent of a lock and key. In a way similar to locking your valuables in a safe, encryption ... Even when the technology matures, homomorphic encryption is likely to find applications largely in niche fields, such as stock trading, where the need for privacy outweighs the tremendous computational costs. Nevertheless, computer scientists have shown time and again that the science fiction of today can very well be the reality of tomorrow.

[index] [10562] [15073] [16317] [34674] [24882] [5731] [33075] [47293] [13532] [37092]

How to mine SERO coins on your PC and earn SERO coins

Homomorphic Encryption Part 2 - Duration: 3:11. ... What is Bitcoin? Bitcoin Explained Simply for Dummies - Duration: 12:49. 99Bitcoins Recommended for you. 12:49. Why I WON'T buy RLC this month ... Victor Kofia will be presenting "Manual for Using Homomorphic Encryption for Bioinformatics" by Nathan Dowlin et al. Paper link: https://www.microsoft.com/en... CEO и разработчик Cardano Foundation - Чарльз Хоскинсон. Рассказывает о том, как работают криптовалюты, их идеи. О том ... This video is unavailable. Watch Queue Queue. Watch Queue Queue Why you need threshold signatures to protect your Bitcoin wallet - Duration: 27:34. Arvind Narayanan 826 views. 27:34. Winter School on Cryptography: Fully Homomorphic Encryption - Craig Gentry ...

#