Practical applications of homomorphic encryption algorithms?

The Privacy Coin Guide Part 1

As interest picks up in crypto again, I want to share this post I made on privacy coins again to just give the basics of their evolution. This is only part 1, and parts 2 and 3 are not available in this format, but this part is informative and basic.
If you’re looking for a quick and easy way to assess what the best privacy coin in the current space is, which has the best features, or which is most likely to give high returns, then this is not that guide. My goal is to give you the power to make your own decisions, to clearly state my biases, and educate. I really wanted to understand this niche of the crypto-space due to my background and current loyalties[1], and grasp the nuances of the features, origins and timelines of technologies used in privacy coins, while not being anything close to a developer myself. This is going to be a 3-part series, starting with an overview and basic review of the technology, then looking at its implications, and ending with why I like a specific project. It might be mildly interesting or delightfully educational. Cryptocurrencies are young and existing privacy coins are deploying technology that is a work in progress. This series assumes a basic understanding of how blockchains work, specifically as used in cryptocurrencies. If you don’t have that understanding, might I suggest that you get it? [2],[3],[4] Because cryptocurrencies have a long way to go before reaching their end-game: when the world relies on the technology without understanding it. So, shall we do a deep dive into the privacy coin space?

FIRST THERE WAS BITCOIN

Cryptocurrencies allow you to tokenize value and track its exchange between hands over time, with transaction information verified by a distributed network of users. The most famous version of a cryptocurrency in use is Bitcoin, defined as peer-to-peer electronic cash. [5] Posted anonymously in 2008, the whitepaper seemed to be in direct response to the global financial meltdown and public distrust of the conventional banking and financing systems. Although cryptographic techniques are used in Bitcoin to ensure that (i) only the owner of a specific wallet has the authority to spend funds from that wallet, (ii) the public address is linked but cannot be traced by a third party to the private address (iii) the information is stored via cryptographic hashing in a merkle tree structure to ensure data integrity, the actual transaction information is publicly visible on the blockchain and can be traced back to the individual through chain analysis.[6] This has raised fears of possible financial censorship or the metaphorical tainting of money due to its origination point, as demonstrated in the Silk Road marketplace disaster.[7] This can happen because fiat money is usually exchanged for cryptocurrency at some point, as crypto-enthusiasts are born in the real world and inevitably cash out. There are already chain analysis firms and software that are increasingly efficient at tracking transactions on the Bitcoin blockchain.[8] This lack of privacy is one of the limitations of Bitcoin that has resulted in the creation of altcoins that experiment with the different features a cryptocurrency can have. Privacy coins are figuring out how to introduce privacy in addition to the payment network. The goal is to make the cryptocurrency fungible, each unit able to be exchanged for equal value without knowledge of its transaction history – like cash, while being publicly verifiable on a decentralized network. In other words, anyone can add the math up without being able to see the full details. Some privacy solutions and protocols have popped up as a result:

CRYPTONOTE – RING SIGNATURES AND STEALTH ADDRESSES

Used in: Monero and Particl as its successor RING-CT, Bytecoin
In December 2012, CryptoNote introduced the use of ring signatures and stealth addresses (along with other notable features such as its own codebase) to improve cryptocurrency privacy.[9] An updated CryptoNote version 2 came in October 2013 [10](though there is some dispute over this timeline [11]), also authored under the name Nicolas van Saberhagen. Ring signatures hide sender information by having the sender sign a transaction using a signature that could belong to multiple users. This makes a transaction untraceable. Stealth addresses allow a receiver to give a single address which generates a different public address for funds to be received at each time funds are sent to it. That makes a transaction unlinkable. In terms of privacy, CryptoNote gave us a protocol for untraceable and unlinkable transactions. The first implementation of CryptoNote technology was Bytecoin in March 2014 (timeline disputed [12]), which spawned many children (forks) in subsequent years, a notable example being Monero, based on CryptoNote v2 in April 2014.
RING SIGNATURES and STEALTH ADDRESSES

PROS

– Provides sender and receiver privacy
– Privacy can be default
– Mature technology
– Greater scalability with bulletproofs
– Does not require any third-party

CONS

– Privacy not very effective without high volume
-Does not hide transaction information if not combined with another protocol.

COINJOIN

Used in: Dash
Bitcoin developer Gregory Maxwell proposed a set of solutions to bring privacy to Bitcoin and cryptocurrencies, the first being CoinJoin (January 28 – Aug 22, 2013).[13],[14] CoinJoin (sometimes called CoinSwap) allows multiple users to combine their transactions into a single transaction, by receiving inputs from multiple users, and then sending their outputs to the multiple users, irrespective of who in the group the inputs came from. So, the receiver will get whatever output amount they were supposed to, but it cannot be directly traced to its origination input. Similar proposals include Coinshuffle in 2014 and Tumblebit in 2016, building on CoinJoin but not terribly popular [15],[16]. They fixed the need for a trusted third party to ‘mix’ the transactions. There are CoinJoin implementations that are being actively worked on but are not the most popular privacy solutions of today. A notable coin that uses CoinJoin technology is Dash, launched in January 2014, with masternodes in place of a trusted party.
COINJOIN

PROS

– Provides sender and receiver privacy
– Easy to implement on any cryptocurrency
– Lightweight
– Greater scalability with bulletproofs
– Mature technology

CONS

– Least anonymous privacy solution. Transaction amounts can be calculated
– Even without third-party mixer, depends on wealth centralization of masternodes

ZEROCOIN

Used in: Zcoin, PIVX
In May 2013, the Zerocoin protocol was introduced by John Hopkins University professor Matthew D. Green and his graduate students Ian Miers and Christina Garman.[17] In response to the need for use of a third party to do CoinJoin, the Zerocoin proposal allowed for a coin to be destroyed and remade in order to erase its history whenever it is spent. Zero-knowledge cryptography and zero-knowledge proofs are used to prove that the new coins for spending are being appropriately made. A zero-knowledge proof allows one party to prove to another that they know specific information, without revealing any information about it, other than the fact that they know it. Zerocoin was not accepted by the Bitcoin community as an implementation to be added to Bitcoin, so a new cryptocurrency had to be formed. Zcoin was the first cryptocurrency to implement the Zerocoin protocol in 2016. [18]
ZEROCOIN

PROS

– Provides sender and receiver privacy
– Supply can be audited
– Relatively mature technology
– Does not require a third-party

CONS

– Requires trusted setup (May not be required with Sigma protocol)
– Large proof sizes (not lightweight)
– Does not provide full privacy for transaction amounts

ZEROCASH

Used in: Zcash, Horizen, Komodo, Zclassic, Bitcoin Private
In May 2014, the current successor to the Zerocoin protocol, Zerocash, was created, also by Matthew Green and others (Eli Ben-Sasson, Alessandro Chiesa, Christina Garman, Matthew Green, Ian Miers, Eran Tromer, Madars Virza).[19] It improved upon the Zerocoin concept by taking advantage of zero-knowledge proofs called zk-snarks (zero knowledge succinct non-interactive arguments of knowledge). Unlike Zerocoin, which hid coin origins and payment history, Zerocash was faster, with smaller transaction sizes, and hides transaction information on the sender, receiver and amount. Zcash is the first cryptocurrency to implement the Zerocash protocol in 2016. [20]
ZEROCASH

PROS

– Provides full anonymity. Sender, receiver and amount hidden.
– Privacy can be default?
– Fast due to small proof sizes.
– Payment amount can be optionally disclosed for auditing
– Does not require any third-party

CONS

– Requires trusted setup. (May be improved with zt-starks technology)
– Supply cannot be audited. And coins can potentially be forged without proper implementation.
– Private transactions computationally intensive (improved with Sapling upgrade)

CONFIDENTIAL TRANSACTIONS

Used in: Monero and Particl with Ring Signatures as RING-CT
The next proposal from Maxwell was that of confidential transactions, proposed in June 2015 as part of the Sidechain Elements project from Blockstream, where Maxwell was Chief Technical Officer.[21],[22] It proposed to hide the transaction amount and asset type (e.g. deposits, currencies, shares), so that only the sender and receiver are aware of the amount, unless they choose to make the amount public. It uses homomorphic encryption[23] to encrypt the inputs and outputs by using blinding factors and a kind of ring signature in a commitment scheme, so the amount can be ‘committed’ to, without the amount actually being known. I’m terribly sorry if you now have the urge to go and research exactly what that means. The takeaway is that the transaction amount can be hidden from outsiders while being verifiable.
CONFIDENTIAL TRANSACTIONS

PROS

– Hides transaction amounts
– Privacy can be default
– Mature technology
– Does not require any third-party

CONS

– Only provides transaction amount privacy when used alone

RING-CT

Used in: Monero, Particl
Then came Ring Confidential transactions, proposed by Shen-Noether of Monero Research Labs in October 2015.[24] RingCT combines the use of ring signatures for hiding sender information, with the use of confidential transactions (which also uses ring signatures) for hiding amounts. The proposal described a new type of ring signature, A Multi-layered Linkable Spontaneous Anonymous Group signature which “allows for hidden amounts, origins and destinations of transactions with reasonable efficiency and verifiable, trustless coin generation”.[25] RingCT was implemented in Monero in January 2017 and made mandatory after September 2017.
RING -CONFIDENTIAL TRANSACTIONS

PROS

– Provides full anonymity. Hides transaction amounts and receiver privacy
– Privacy can be default
– Mature technology
– Greater scalability with bulletproofs
– Does not require any third-party

CONS

– Privacy not very effective without high volume

MIMBLEWIMBLE

Used in: Grin
Mimblewimble was proposed in July 2016 by pseudonymous contributor Tom Elvis Jedusorand further developed in October 2016 by Andrew Poelstra.[26],[27] Mimblewimble is a “privacy and fungibility focused cryptocoin transaction structure proposal”.[28] The key words are transaction structure proposal, so the way the blockchain is built is different, in order to accommodate privacy and fungibility features. Mimblewimble uses the concept of Confidential transactions to keep amounts hidden, looks at private keys and transaction information to prove ownership of funds rather than using addresses, and bundles transactions together instead of listing them separately on the blockchain. It also introduces a novel method of pruning the blockchain. Grin is a cryptocurrency in development that is applying Mimblewimble. Mimblewimble is early in development and you can understand it more here [29].
MIMBLEWIMBLE

PROS

– Hides transaction amounts and receiver privacy
– Privacy is on by default
– Lightweight
– No public addresses?

CONS

– Privacy not very effective without high volume
– Sender and receiver must both be online
– Relatively new technology

ZEXE

Fresh off the minds of brilliant cryptographers (Sean Bowe, Alessandro Chiesa, Matthew Green, Ian Miers, Pratyush Mishra, Howard Wu), in October 2018 Zexe proposed a new cryptographic primitive called ‘decentralized private computation.[30] It allows users of a decentralized ledger to “execute offline computations that result in transactions”[31], but also keeps transaction amounts hidden and allows transaction validation to happen at any time regardless of computations being done online. This can have far reaching implications for privacy coins in the future. Consider cases where transactions need to be automatic and private, without both parties being present.

NETWORK PRIVACY

Privacy technologies that look at network privacy as nodes communicate with each other on the network are important considerations, rather than just looking at privacy on the blockchain itself. Anonymous layers encrypt and/or reroute data as it moves among peers, so it is not obvious who they originate from on the network. They are used to protect against surveillance or censorship from ISPs and governments. The Invisible Internet Project (I2P) is an anonymous network layer that uses end to end encryption for peers on a network to communicate with each other.[32] Its history dates back to 2003. Kovri is a Monero created implementation of I2P.[33] The Onion Router (Tor) is another anonymity layer [34]) that Verge is a privacy cryptocurrency that uses. But its historical link to the US government may be is concerning to some[35]. Dandelion transaction relay is also an upcoming Bitcoin improvement proposal (BIP) that scrambles IP data that will provide network privacy for Bitcoin as transaction and other information is transmitted.[36],[37],[38]

UPCOMING

Monero completed bulletproofs protocol updates that reduce RINGCT transaction sizes and thus transaction fee costs. (Bulletproofs are a replacement for range proofs used in confidential transactions that aid in encrypting inputs and outputs by making sure they add to zero).
Sigma Protocol – being actively researched by Zcoin team as of 2018 to replace Zerocoin protocol so that a trusted setup is not required.[39] There is a possible replacement for zk-snarks, called zk-starks, another form of zero-knowledge proof technology, that may make a trusted set-up unnecessary for zero-knowledege proof coins.[40]

PART 1 CONCLUSION OF THE PRIVACY COIN GUIDE ON THE TECHNOLOGY BEHIND PRIVACY COINS

Although Bitcoin is still a groundbreaking technology that gives us a trust-less transaction system, it has failed to live up to its expectations of privacy. Over time, new privacy technologies have arrived and are arriving with innovative and exciting solutions for Bitcoin’s lack of fungibility. It is important to note that these technologies are built on prior research and application, but we are considering their use in cryptocurrencies. Protocols are proposed based on cryptographic concepts that show how they would work, and then developers actually implement them. Please note that I did not include the possibility of improper implementation as a disadvantage, and the advantages assume that the technical development is well done. A very important point is that coins can also adapt new privacy technologies as their merits become obvious, even as they start with a specific privacy protocol. Furthermore, I am, unfortunately, positive that this is not an exhaustive overview and I am only covering publicized solutions. Next, we’ll talk more about the pros and cons and give an idea of how the coins can be compared.

There's a video version that can be watched, and you can find out how to get the second two parts if you want on my website (video link on the page): https://cryptoramble.com/guide-on-privacy-coins/
submitted by CryptoRamble to ethereum [link] [comments]

The Privacy Coin Guide Part 1

As interest picks up in crypto again, I want to share this post I made on privacy coins again to just give the basics of their evolution. This is only part 1, and parts 2 and 3 are not available in this format, but this part is informative and basic.
If you’re looking for a quick and easy way to assess what the best privacy coin in the current space is, which has the best features, or which is most likely to give high returns, then this is not that guide. My goal is to give you the power to make your own decisions, to clearly state my biases, and educate. I really wanted to understand this niche of the crypto-space due to my background and current loyalties[1], and grasp the nuances of the features, origins and timelines of technologies used in privacy coins, while not being anything close to a developer myself. This is going to be a 3-part series, starting with an overview and basic review of the technology, then looking at its implications, and ending with why I like a specific project. It might be mildly interesting or delightfully educational. Cryptocurrencies are young and existing privacy coins are deploying technology that is a work in progress. This series assumes a basic understanding of how blockchains work, specifically as used in cryptocurrencies. If you don’t have that understanding, might I suggest that you get it? [2],[3],[4] Because cryptocurrencies have a long way to go before reaching their end-game: when the world relies on the technology without understanding it. So, shall we do a deep dive into the privacy coin space?

FIRST THERE WAS BITCOIN

Cryptocurrencies allow you to tokenize value and track its exchange between hands over time, with transaction information verified by a distributed network of users. The most famous version of a cryptocurrency in use is Bitcoin, defined as peer-to-peer electronic cash. [5] Posted anonymously in 2008, the whitepaper seemed to be in direct response to the global financial meltdown and public distrust of the conventional banking and financing systems. Although cryptographic techniques are used in Bitcoin to ensure that (i) only the owner of a specific wallet has the authority to spend funds from that wallet, (ii) the public address is linked but cannot be traced by a third party to the private address (iii) the information is stored via cryptographic hashing in a merkle tree structure to ensure data integrity, the actual transaction information is publicly visible on the blockchain and can be traced back to the individual through chain analysis.[6] This has raised fears of possible financial censorship or the metaphorical tainting of money due to its origination point, as demonstrated in the Silk Road marketplace disaster.[7] This can happen because fiat money is usually exchanged for cryptocurrency at some point, as crypto-enthusiasts are born in the real world and inevitably cash out. There are already chain analysis firms and software that are increasingly efficient at tracking transactions on the Bitcoin blockchain.[8] This lack of privacy is one of the limitations of Bitcoin that has resulted in the creation of altcoins that experiment with the different features a cryptocurrency can have. Privacy coins are figuring out how to introduce privacy in addition to the payment network. The goal is to make the cryptocurrency fungible, each unit able to be exchanged for equal value without knowledge of its transaction history – like cash, while being publicly verifiable on a decentralized network. In other words, anyone can add the math up without being able to see the full details. Some privacy solutions and protocols have popped up as a result:

CRYPTONOTE – RING SIGNATURES AND STEALTH ADDRESSES

Used in: Monero and Particl as its successor RING-CT, Bytecoin
In December 2012, CryptoNote introduced the use of ring signatures and stealth addresses (along with other notable features such as its own codebase) to improve cryptocurrency privacy.[9] An updated CryptoNote version 2 came in October 2013 [10](though there is some dispute over this timeline [11]), also authored under the name Nicolas van Saberhagen. Ring signatures hide sender information by having the sender sign a transaction using a signature that could belong to multiple users. This makes a transaction untraceable. Stealth addresses allow a receiver to give a single address which generates a different public address for funds to be received at each time funds are sent to it. That makes a transaction unlinkable. In terms of privacy, CryptoNote gave us a protocol for untraceable and unlinkable transactions. The first implementation of CryptoNote technology was Bytecoin in March 2014 (timeline disputed [12]), which spawned many children (forks) in subsequent years, a notable example being Monero, based on CryptoNote v2 in April 2014.
RING SIGNATURES and STEALTH ADDRESSES

PROS

– Provides sender and receiver privacy
– Privacy can be default
– Mature technology
– Greater scalability with bulletproofs
– Does not require any third-party

CONS

– Privacy not very effective without high volume
-Does not hide transaction information if not combined with another protocol.

COINJOIN

Used in: Dash
Bitcoin developer Gregory Maxwell proposed a set of solutions to bring privacy to Bitcoin and cryptocurrencies, the first being CoinJoin (January 28 – Aug 22, 2013).[13],[14] CoinJoin (sometimes called CoinSwap) allows multiple users to combine their transactions into a single transaction, by receiving inputs from multiple users, and then sending their outputs to the multiple users, irrespective of who in the group the inputs came from. So, the receiver will get whatever output amount they were supposed to, but it cannot be directly traced to its origination input. Similar proposals include Coinshuffle in 2014 and Tumblebit in 2016, building on CoinJoin but not terribly popular [15],[16]. They fixed the need for a trusted third party to ‘mix’ the transactions. There are CoinJoin implementations that are being actively worked on but are not the most popular privacy solutions of today. A notable coin that uses CoinJoin technology is Dash, launched in January 2014, with masternodes in place of a trusted party.
COINJOIN

PROS

– Provides sender and receiver privacy
– Easy to implement on any cryptocurrency
– Lightweight
– Greater scalability with bulletproofs
– Mature technology

CONS

– Least anonymous privacy solution. Transaction amounts can be calculated
– Even without third-party mixer, depends on wealth centralization of masternodes

ZEROCOIN

Used in: Zcoin, PIVX
In May 2013, the Zerocoin protocol was introduced by John Hopkins University professor Matthew D. Green and his graduate students Ian Miers and Christina Garman.[17] In response to the need for use of a third party to do CoinJoin, the Zerocoin proposal allowed for a coin to be destroyed and remade in order to erase its history whenever it is spent. Zero-knowledge cryptography and zero-knowledge proofs are used to prove that the new coins for spending are being appropriately made. A zero-knowledge proof allows one party to prove to another that they know specific information, without revealing any information about it, other than the fact that they know it. Zerocoin was not accepted by the Bitcoin community as an implementation to be added to Bitcoin, so a new cryptocurrency had to be formed. Zcoin was the first cryptocurrency to implement the Zerocoin protocol in 2016. [18]
ZEROCOIN

PROS

– Provides sender and receiver privacy
– Supply can be audited
– Relatively mature technology
– Does not require a third-party

CONS

– Requires trusted setup (May not be required with Sigma protocol)
– Large proof sizes (not lightweight)
– Does not provide full privacy for transaction amounts

ZEROCASH

Used in: Zcash, Horizen, Komodo, Zclassic, Bitcoin Private
In May 2014, the current successor to the Zerocoin protocol, Zerocash, was created, also by Matthew Green and others (Eli Ben-Sasson, Alessandro Chiesa, Christina Garman, Matthew Green, Ian Miers, Eran Tromer, Madars Virza).[19] It improved upon the Zerocoin concept by taking advantage of zero-knowledge proofs called zk-snarks (zero knowledge succinct non-interactive arguments of knowledge). Unlike Zerocoin, which hid coin origins and payment history, Zerocash was faster, with smaller transaction sizes, and hides transaction information on the sender, receiver and amount. Zcash is the first cryptocurrency to implement the Zerocash protocol in 2016. [20]
ZEROCASH

PROS

– Provides full anonymity. Sender, receiver and amount hidden.
– Privacy can be default?
– Fast due to small proof sizes.
– Payment amount can be optionally disclosed for auditing
– Does not require any third-party

CONS

– Requires trusted setup. (May be improved with zt-starks technology)
– Supply cannot be audited. And coins can potentially be forged without proper implementation.
– Private transactions computationally intensive (improved with Sapling upgrade)

CONFIDENTIAL TRANSACTIONS

Used in: Monero and Particl with Ring Signatures as RING-CT
The next proposal from Maxwell was that of confidential transactions, proposed in June 2015 as part of the Sidechain Elements project from Blockstream, where Maxwell was Chief Technical Officer.[21],[22] It proposed to hide the transaction amount and asset type (e.g. deposits, currencies, shares), so that only the sender and receiver are aware of the amount, unless they choose to make the amount public. It uses homomorphic encryption[23] to encrypt the inputs and outputs by using blinding factors and a kind of ring signature in a commitment scheme, so the amount can be ‘committed’ to, without the amount actually being known. I’m terribly sorry if you now have the urge to go and research exactly what that means. The takeaway is that the transaction amount can be hidden from outsiders while being verifiable.
CONFIDENTIAL TRANSACTIONS

PROS

– Hides transaction amounts
– Privacy can be default
– Mature technology
– Does not require any third-party

CONS

– Only provides transaction amount privacy when used alone

RING-CT

Used in: Monero, Particl
Then came Ring Confidential transactions, proposed by Shen-Noether of Monero Research Labs in October 2015.[24] RingCT combines the use of ring signatures for hiding sender information, with the use of confidential transactions (which also uses ring signatures) for hiding amounts. The proposal described a new type of ring signature, A Multi-layered Linkable Spontaneous Anonymous Group signature which “allows for hidden amounts, origins and destinations of transactions with reasonable efficiency and verifiable, trustless coin generation”.[25] RingCT was implemented in Monero in January 2017 and made mandatory after September 2017.
RING -CONFIDENTIAL TRANSACTIONS

PROS

– Provides full anonymity. Hides transaction amounts and receiver privacy
– Privacy can be default
– Mature technology
– Greater scalability with bulletproofs
– Does not require any third-party

CONS

– Privacy not very effective without high volume

MIMBLEWIMBLE

Used in: Grin
Mimblewimble was proposed in July 2016 by pseudonymous contributor Tom Elvis Jedusorand further developed in October 2016 by Andrew Poelstra.[26],[27] Mimblewimble is a “privacy and fungibility focused cryptocoin transaction structure proposal”.[28] The key words are transaction structure proposal, so the way the blockchain is built is different, in order to accommodate privacy and fungibility features. Mimblewimble uses the concept of Confidential transactions to keep amounts hidden, looks at private keys and transaction information to prove ownership of funds rather than using addresses, and bundles transactions together instead of listing them separately on the blockchain. It also introduces a novel method of pruning the blockchain. Grin is a cryptocurrency in development that is applying Mimblewimble. Mimblewimble is early in development and you can understand it more here [29].
MIMBLEWIMBLE

PROS

– Hides transaction amounts and receiver privacy
– Privacy is on by default
– Lightweight
– No public addresses?

CONS

– Privacy not very effective without high volume
– Sender and receiver must both be online
– Relatively new technology

ZEXE

Fresh off the minds of brilliant cryptographers (Sean Bowe, Alessandro Chiesa, Matthew Green, Ian Miers, Pratyush Mishra, Howard Wu), in October 2018 Zexe proposed a new cryptographic primitive called ‘decentralized private computation.[30] It allows users of a decentralized ledger to “execute offline computations that result in transactions”[31], but also keeps transaction amounts hidden and allows transaction validation to happen at any time regardless of computations being done online. This can have far reaching implications for privacy coins in the future. Consider cases where transactions need to be automatic and private, without both parties being present.

NETWORK PRIVACY

Privacy technologies that look at network privacy as nodes communicate with each other on the network are important considerations, rather than just looking at privacy on the blockchain itself. Anonymous layers encrypt and/or reroute data as it moves among peers, so it is not obvious who they originate from on the network. They are used to protect against surveillance or censorship from ISPs and governments. The Invisible Internet Project (I2P) is an anonymous network layer that uses end to end encryption for peers on a network to communicate with each other.[32] Its history dates back to 2003. Kovri is a Monero created implementation of I2P.[33] The Onion Router (Tor) is another anonymity layer [34]) that Verge is a privacy cryptocurrency that uses. But its historical link to the US government may be is concerning to some[35]. Dandelion transaction relay is also an upcoming Bitcoin improvement proposal (BIP) that scrambles IP data that will provide network privacy for Bitcoin as transaction and other information is transmitted.[36],[37],[38]

UPCOMING

Monero completed bulletproofs protocol updates that reduce RINGCT transaction sizes and thus transaction fee costs. (Bulletproofs are a replacement for range proofs used in confidential transactions that aid in encrypting inputs and outputs by making sure they add to zero).
Sigma Protocol – being actively researched by Zcoin team as of 2018 to replace Zerocoin protocol so that a trusted setup is not required.[39] There is a possible replacement for zk-snarks, called zk-starks, another form of zero-knowledge proof technology, that may make a trusted set-up unnecessary for zero-knowledege proof coins.[40]

PART 1 CONCLUSION OF THE PRIVACY COIN GUIDE ON THE TECHNOLOGY BEHIND PRIVACY COINS

Although Bitcoin is still a groundbreaking technology that gives us a trust-less transaction system, it has failed to live up to its expectations of privacy. Over time, new privacy technologies have arrived and are arriving with innovative and exciting solutions for Bitcoin’s lack of fungibility. It is important to note that these technologies are built on prior research and application, but we are considering their use in cryptocurrencies. Protocols are proposed based on cryptographic concepts that show how they would work, and then developers actually implement them. Please note that I did not include the possibility of improper implementation as a disadvantage, and the advantages assume that the technical development is well done. A very important point is that coins can also adapt new privacy technologies as their merits become obvious, even as they start with a specific privacy protocol. Furthermore, I am, unfortunately, positive that this is not an exhaustive overview and I am only covering publicized solutions. Next, we’ll talk more about the pros and cons and give an idea of how the coins can be compared.

There's a video version that can be watched, and you can find out how to get the second two parts if you want on my website (video link on the page): https://cryptoramble.com/guide-on-privacy-coins/
submitted by CryptoRamble to privacycoins [link] [comments]

The Privacy Coin Guide Part 1

As interest picks up in crypto again, I want to share this post I made on privacy coins again to just give the basics of their evolution. This is only part 1, and parts 2 and 3 are not available in this format, but this part is informative and basic.
If you’re looking for a quick and easy way to assess what the best privacy coin in the current space is, which has the best features, or which is most likely to give high returns, then this is not that guide. My goal is to give you the power to make your own decisions, to clearly state my biases, and educate. I really wanted to understand this niche of the crypto-space due to my background and current loyalties[1], and grasp the nuances of the features, origins and timelines of technologies used in privacy coins, while not being anything close to a developer myself. This is going to be a 3-part series, starting with an overview and basic review of the technology, then looking at its implications, and ending with why I like a specific project. It might be mildly interesting or delightfully educational. Cryptocurrencies are young and existing privacy coins are deploying technology that is a work in progress. This series assumes a basic understanding of how blockchains work, specifically as used in cryptocurrencies. If you don’t have that understanding, might I suggest that you get it? [2],[3],[4] Because cryptocurrencies have a long way to go before reaching their end-game: when the world relies on the technology without understanding it. So, shall we do a deep dive into the privacy coin space?

FIRST THERE WAS BITCOIN

Cryptocurrencies allow you to tokenize value and track its exchange between hands over time, with transaction information verified by a distributed network of users. The most famous version of a cryptocurrency in use is Bitcoin, defined as peer-to-peer electronic cash. [5] Posted anonymously in 2008, the whitepaper seemed to be in direct response to the global financial meltdown and public distrust of the conventional banking and financing systems. Although cryptographic techniques are used in Bitcoin to ensure that (i) only the owner of a specific wallet has the authority to spend funds from that wallet, (ii) the public address is linked but cannot be traced by a third party to the private address (iii) the information is stored via cryptographic hashing in a merkle tree structure to ensure data integrity, the actual transaction information is publicly visible on the blockchain and can be traced back to the individual through chain analysis.[6] This has raised fears of possible financial censorship or the metaphorical tainting of money due to its origination point, as demonstrated in the Silk Road marketplace disaster.[7] This can happen because fiat money is usually exchanged for cryptocurrency at some point, as crypto-enthusiasts are born in the real world and inevitably cash out. There are already chain analysis firms and software that are increasingly efficient at tracking transactions on the Bitcoin blockchain.[8] This lack of privacy is one of the limitations of Bitcoin that has resulted in the creation of altcoins that experiment with the different features a cryptocurrency can have. Privacy coins are figuring out how to introduce privacy in addition to the payment network. The goal is to make the cryptocurrency fungible, each unit able to be exchanged for equal value without knowledge of its transaction history – like cash, while being publicly verifiable on a decentralized network. In other words, anyone can add the math up without being able to see the full details. Some privacy solutions and protocols have popped up as a result:

CRYPTONOTE – RING SIGNATURES AND STEALTH ADDRESSES

Used in: Monero and Particl as its successor RING-CT, Bytecoin
In December 2012, CryptoNote introduced the use of ring signatures and stealth addresses (along with other notable features such as its own codebase) to improve cryptocurrency privacy.[9] An updated CryptoNote version 2 came in October 2013 [10](though there is some dispute over this timeline [11]), also authored under the name Nicolas van Saberhagen. Ring signatures hide sender information by having the sender sign a transaction using a signature that could belong to multiple users. This makes a transaction untraceable. Stealth addresses allow a receiver to give a single address which generates a different public address for funds to be received at each time funds are sent to it. That makes a transaction unlinkable. In terms of privacy, CryptoNote gave us a protocol for untraceable and unlinkable transactions. The first implementation of CryptoNote technology was Bytecoin in March 2014 (timeline disputed [12]), which spawned many children (forks) in subsequent years, a notable example being Monero, based on CryptoNote v2 in April 2014.
RING SIGNATURES and STEALTH ADDRESSES

PROS

– Provides sender and receiver privacy
– Privacy can be default
– Mature technology
– Greater scalability with bulletproofs
– Does not require any third-party

CONS

– Privacy not very effective without high volume
-Does not hide transaction information if not combined with another protocol.

COINJOIN

Used in: Dash
Bitcoin developer Gregory Maxwell proposed a set of solutions to bring privacy to Bitcoin and cryptocurrencies, the first being CoinJoin (January 28 – Aug 22, 2013).[13],[14] CoinJoin (sometimes called CoinSwap) allows multiple users to combine their transactions into a single transaction, by receiving inputs from multiple users, and then sending their outputs to the multiple users, irrespective of who in the group the inputs came from. So, the receiver will get whatever output amount they were supposed to, but it cannot be directly traced to its origination input. Similar proposals include Coinshuffle in 2014 and Tumblebit in 2016, building on CoinJoin but not terribly popular [15],[16]. They fixed the need for a trusted third party to ‘mix’ the transactions. There are CoinJoin implementations that are being actively worked on but are not the most popular privacy solutions of today. A notable coin that uses CoinJoin technology is Dash, launched in January 2014, with masternodes in place of a trusted party.
COINJOIN

PROS

– Provides sender and receiver privacy
– Easy to implement on any cryptocurrency
– Lightweight
– Greater scalability with bulletproofs
– Mature technology

CONS

– Least anonymous privacy solution. Transaction amounts can be calculated
– Even without third-party mixer, depends on wealth centralization of masternodes

ZEROCOIN

Used in: Zcoin, PIVX
In May 2013, the Zerocoin protocol was introduced by John Hopkins University professor Matthew D. Green and his graduate students Ian Miers and Christina Garman.[17] In response to the need for use of a third party to do CoinJoin, the Zerocoin proposal allowed for a coin to be destroyed and remade in order to erase its history whenever it is spent. Zero-knowledge cryptography and zero-knowledge proofs are used to prove that the new coins for spending are being appropriately made. A zero-knowledge proof allows one party to prove to another that they know specific information, without revealing any information about it, other than the fact that they know it. Zerocoin was not accepted by the Bitcoin community as an implementation to be added to Bitcoin, so a new cryptocurrency had to be formed. Zcoin was the first cryptocurrency to implement the Zerocoin protocol in 2016. [18]
ZEROCOIN

PROS

– Provides sender and receiver privacy
– Supply can be audited
– Relatively mature technology
– Does not require a third-party

CONS

– Requires trusted setup (May not be required with Sigma protocol)
– Large proof sizes (not lightweight)
– Does not provide full privacy for transaction amounts

ZEROCASH

Used in: Zcash, Horizen, Komodo, Zclassic, Bitcoin Private
In May 2014, the current successor to the Zerocoin protocol, Zerocash, was created, also by Matthew Green and others (Eli Ben-Sasson, Alessandro Chiesa, Christina Garman, Matthew Green, Ian Miers, Eran Tromer, Madars Virza).[19] It improved upon the Zerocoin concept by taking advantage of zero-knowledge proofs called zk-snarks (zero knowledge succinct non-interactive arguments of knowledge). Unlike Zerocoin, which hid coin origins and payment history, Zerocash was faster, with smaller transaction sizes, and hides transaction information on the sender, receiver and amount. Zcash is the first cryptocurrency to implement the Zerocash protocol in 2016. [20]
ZEROCASH

PROS

– Provides full anonymity. Sender, receiver and amount hidden.
– Privacy can be default?
– Fast due to small proof sizes.
– Payment amount can be optionally disclosed for auditing
– Does not require any third-party

CONS

– Requires trusted setup. (May be improved with zt-starks technology)
– Supply cannot be audited. And coins can potentially be forged without proper implementation.
– Private transactions computationally intensive (improved with Sapling upgrade)

CONFIDENTIAL TRANSACTIONS

Used in: Monero and Particl with Ring Signatures as RING-CT
The next proposal from Maxwell was that of confidential transactions, proposed in June 2015 as part of the Sidechain Elements project from Blockstream, where Maxwell was Chief Technical Officer.[21],[22] It proposed to hide the transaction amount and asset type (e.g. deposits, currencies, shares), so that only the sender and receiver are aware of the amount, unless they choose to make the amount public. It uses homomorphic encryption[23] to encrypt the inputs and outputs by using blinding factors and a kind of ring signature in a commitment scheme, so the amount can be ‘committed’ to, without the amount actually being known. I’m terribly sorry if you now have the urge to go and research exactly what that means. The takeaway is that the transaction amount can be hidden from outsiders while being verifiable.
CONFIDENTIAL TRANSACTIONS

PROS

– Hides transaction amounts
– Privacy can be default
– Mature technology
– Does not require any third-party

CONS

– Only provides transaction amount privacy when used alone

RING-CT

Used in: Monero, Particl
Then came Ring Confidential transactions, proposed by Shen-Noether of Monero Research Labs in October 2015.[24] RingCT combines the use of ring signatures for hiding sender information, with the use of confidential transactions (which also uses ring signatures) for hiding amounts. The proposal described a new type of ring signature, A Multi-layered Linkable Spontaneous Anonymous Group signature which “allows for hidden amounts, origins and destinations of transactions with reasonable efficiency and verifiable, trustless coin generation”.[25] RingCT was implemented in Monero in January 2017 and made mandatory after September 2017.
RING -CONFIDENTIAL TRANSACTIONS

PROS

– Provides full anonymity. Hides transaction amounts and receiver privacy
– Privacy can be default
– Mature technology
– Greater scalability with bulletproofs
– Does not require any third-party

CONS

– Privacy not very effective without high volume

MIMBLEWIMBLE

Used in: Grin
Mimblewimble was proposed in July 2016 by pseudonymous contributor Tom Elvis Jedusorand further developed in October 2016 by Andrew Poelstra.[26],[27] Mimblewimble is a “privacy and fungibility focused cryptocoin transaction structure proposal”.[28] The key words are transaction structure proposal, so the way the blockchain is built is different, in order to accommodate privacy and fungibility features. Mimblewimble uses the concept of Confidential transactions to keep amounts hidden, looks at private keys and transaction information to prove ownership of funds rather than using addresses, and bundles transactions together instead of listing them separately on the blockchain. It also introduces a novel method of pruning the blockchain. Grin is a cryptocurrency in development that is applying Mimblewimble. Mimblewimble is early in development and you can understand it more here [29].
MIMBLEWIMBLE

PROS

– Hides transaction amounts and receiver privacy
– Privacy is on by default
– Lightweight
– No public addresses?

CONS

– Privacy not very effective without high volume
– Sender and receiver must both be online
– Relatively new technology

ZEXE

Fresh off the minds of brilliant cryptographers (Sean Bowe, Alessandro Chiesa, Matthew Green, Ian Miers, Pratyush Mishra, Howard Wu), in October 2018 Zexe proposed a new cryptographic primitive called ‘decentralized private computation.[30] It allows users of a decentralized ledger to “execute offline computations that result in transactions”[31], but also keeps transaction amounts hidden and allows transaction validation to happen at any time regardless of computations being done online. This can have far reaching implications for privacy coins in the future. Consider cases where transactions need to be automatic and private, without both parties being present.

NETWORK PRIVACY

Privacy technologies that look at network privacy as nodes communicate with each other on the network are important considerations, rather than just looking at privacy on the blockchain itself. Anonymous layers encrypt and/or reroute data as it moves among peers, so it is not obvious who they originate from on the network. They are used to protect against surveillance or censorship from ISPs and governments. The Invisible Internet Project (I2P) is an anonymous network layer that uses end to end encryption for peers on a network to communicate with each other.[32] Its history dates back to 2003. Kovri is a Monero created implementation of I2P.[33] The Onion Router (Tor) is another anonymity layer [34]) that Verge is a privacy cryptocurrency that uses. But its historical link to the US government may be is concerning to some[35]. Dandelion transaction relay is also an upcoming Bitcoin improvement proposal (BIP) that scrambles IP data that will provide network privacy for Bitcoin as transaction and other information is transmitted.[36],[37],[38]

UPCOMING

Monero completed bulletproofs protocol updates that reduce RINGCT transaction sizes and thus transaction fee costs. (Bulletproofs are a replacement for range proofs used in confidential transactions that aid in encrypting inputs and outputs by making sure they add to zero).
Sigma Protocol – being actively researched by Zcoin team as of 2018 to replace Zerocoin protocol so that a trusted setup is not required.[39] There is a possible replacement for zk-snarks, called zk-starks, another form of zero-knowledge proof technology, that may make a trusted set-up unnecessary for zero-knowledege proof coins.[40]

PART 1 CONCLUSION OF THE PRIVACY COIN GUIDE ON THE TECHNOLOGY BEHIND PRIVACY COINS

Although Bitcoin is still a groundbreaking technology that gives us a trust-less transaction system, it has failed to live up to its expectations of privacy. Over time, new privacy technologies have arrived and are arriving with innovative and exciting solutions for Bitcoin’s lack of fungibility. It is important to note that these technologies are built on prior research and application, but we are considering their use in cryptocurrencies. Protocols are proposed based on cryptographic concepts that show how they would work, and then developers actually implement them. Please note that I did not include the possibility of improper implementation as a disadvantage, and the advantages assume that the technical development is well done. A very important point is that coins can also adapt new privacy technologies as their merits become obvious, even as they start with a specific privacy protocol. Furthermore, I am, unfortunately, positive that this is not an exhaustive overview and I am only covering publicized solutions. Next, we’ll talk more about the pros and cons and give an idea of how the coins can be compared.

There's a video version that can be watched, and you can find out how to get the second two parts if you want on my website (video link on the page): https://cryptoramble.com/guide-on-privacy-coins/
submitted by CryptoRamble to CryptoCurrencies [link] [comments]

The Privacy Coin Guide Part 1

As interest picks up in crypto again, I want to share this post I made on privacy coins again to just give the basics of their evolution. This is only part 1, and parts 2 and 3 are not available in this format, but this part is informative and basic.
If you’re looking for a quick and easy way to assess what the best privacy coin in the current space is, which has the best features, or which is most likely to give high returns, then this is not that guide. My goal is to give you the power to make your own decisions, to clearly state my biases, and educate. I really wanted to understand this niche of the crypto-space due to my background and current loyalties[1], and grasp the nuances of the features, origins and timelines of technologies used in privacy coins, while not being anything close to a developer myself. This is going to be a 3-part series, starting with an overview and basic review of the technology, then looking at its implications, and ending with why I like a specific project. It might be mildly interesting or delightfully educational. Cryptocurrencies are young and existing privacy coins are deploying technology that is a work in progress. This series assumes a basic understanding of how blockchains work, specifically as used in cryptocurrencies. If you don’t have that understanding, might I suggest that you get it? [2],[3],[4] Because cryptocurrencies have a long way to go before reaching their end-game: when the world relies on the technology without understanding it. So, shall we do a deep dive into the privacy coin space?

FIRST THERE WAS BITCOIN

Cryptocurrencies allow you to tokenize value and track its exchange between hands over time, with transaction information verified by a distributed network of users. The most famous version of a cryptocurrency in use is Bitcoin, defined as peer-to-peer electronic cash. [5] Posted anonymously in 2008, the whitepaper seemed to be in direct response to the global financial meltdown and public distrust of the conventional banking and financing systems. Although cryptographic techniques are used in Bitcoin to ensure that (i) only the owner of a specific wallet has the authority to spend funds from that wallet, (ii) the public address is linked but cannot be traced by a third party to the private address (iii) the information is stored via cryptographic hashing in a merkle tree structure to ensure data integrity, the actual transaction information is publicly visible on the blockchain and can be traced back to the individual through chain analysis.[6] This has raised fears of possible financial censorship or the metaphorical tainting of money due to its origination point, as demonstrated in the Silk Road marketplace disaster.[7] This can happen because fiat money is usually exchanged for cryptocurrency at some point, as crypto-enthusiasts are born in the real world and inevitably cash out. There are already chain analysis firms and software that are increasingly efficient at tracking transactions on the Bitcoin blockchain.[8] This lack of privacy is one of the limitations of Bitcoin that has resulted in the creation of altcoins that experiment with the different features a cryptocurrency can have. Privacy coins are figuring out how to introduce privacy in addition to the payment network. The goal is to make the cryptocurrency fungible, each unit able to be exchanged for equal value without knowledge of its transaction history – like cash, while being publicly verifiable on a decentralized network. In other words, anyone can add the math up without being able to see the full details. Some privacy solutions and protocols have popped up as a result:

CRYPTONOTE – RING SIGNATURES AND STEALTH ADDRESSES

Used in: Monero and Particl as its successor RING-CT, Bytecoin
In December 2012, CryptoNote introduced the use of ring signatures and stealth addresses (along with other notable features such as its own codebase) to improve cryptocurrency privacy.[9] An updated CryptoNote version 2 came in October 2013 [10](though there is some dispute over this timeline [11]), also authored under the name Nicolas van Saberhagen. Ring signatures hide sender information by having the sender sign a transaction using a signature that could belong to multiple users. This makes a transaction untraceable. Stealth addresses allow a receiver to give a single address which generates a different public address for funds to be received at each time funds are sent to it. That makes a transaction unlinkable. In terms of privacy, CryptoNote gave us a protocol for untraceable and unlinkable transactions. The first implementation of CryptoNote technology was Bytecoin in March 2014 (timeline disputed [12]), which spawned many children (forks) in subsequent years, a notable example being Monero, based on CryptoNote v2 in April 2014.
RING SIGNATURES and STEALTH ADDRESSES

PROS

– Provides sender and receiver privacy
– Privacy can be default
– Mature technology
– Greater scalability with bulletproofs
– Does not require any third-party

CONS

– Privacy not very effective without high volume
-Does not hide transaction information if not combined with another protocol.

COINJOIN

Used in: Dash
Bitcoin developer Gregory Maxwell proposed a set of solutions to bring privacy to Bitcoin and cryptocurrencies, the first being CoinJoin (January 28 – Aug 22, 2013).[13],[14] CoinJoin (sometimes called CoinSwap) allows multiple users to combine their transactions into a single transaction, by receiving inputs from multiple users, and then sending their outputs to the multiple users, irrespective of who in the group the inputs came from. So, the receiver will get whatever output amount they were supposed to, but it cannot be directly traced to its origination input. Similar proposals include Coinshuffle in 2014 and Tumblebit in 2016, building on CoinJoin but not terribly popular [15],[16]. They fixed the need for a trusted third party to ‘mix’ the transactions. There are CoinJoin implementations that are being actively worked on but are not the most popular privacy solutions of today. A notable coin that uses CoinJoin technology is Dash, launched in January 2014, with masternodes in place of a trusted party.
COINJOIN

PROS

– Provides sender and receiver privacy
– Easy to implement on any cryptocurrency
– Lightweight
– Greater scalability with bulletproofs
– Mature technology

CONS

– Least anonymous privacy solution. Transaction amounts can be calculated
– Even without third-party mixer, depends on wealth centralization of masternodes

ZEROCOIN

Used in: Zcoin, PIVX
In May 2013, the Zerocoin protocol was introduced by John Hopkins University professor Matthew D. Green and his graduate students Ian Miers and Christina Garman.[17] In response to the need for use of a third party to do CoinJoin, the Zerocoin proposal allowed for a coin to be destroyed and remade in order to erase its history whenever it is spent. Zero-knowledge cryptography and zero-knowledge proofs are used to prove that the new coins for spending are being appropriately made. A zero-knowledge proof allows one party to prove to another that they know specific information, without revealing any information about it, other than the fact that they know it. Zerocoin was not accepted by the Bitcoin community as an implementation to be added to Bitcoin, so a new cryptocurrency had to be formed. Zcoin was the first cryptocurrency to implement the Zerocoin protocol in 2016. [18]
ZEROCOIN

PROS

– Provides sender and receiver privacy
– Supply can be audited
– Relatively mature technology
– Does not require a third-party

CONS

– Requires trusted setup (May not be required with Sigma protocol)
– Large proof sizes (not lightweight)
– Does not provide full privacy for transaction amounts

ZEROCASH

Used in: Zcash, Horizen, Komodo, Zclassic, Bitcoin Private
In May 2014, the current successor to the Zerocoin protocol, Zerocash, was created, also by Matthew Green and others (Eli Ben-Sasson, Alessandro Chiesa, Christina Garman, Matthew Green, Ian Miers, Eran Tromer, Madars Virza).[19] It improved upon the Zerocoin concept by taking advantage of zero-knowledge proofs called zk-snarks (zero knowledge succinct non-interactive arguments of knowledge). Unlike Zerocoin, which hid coin origins and payment history, Zerocash was faster, with smaller transaction sizes, and hides transaction information on the sender, receiver and amount. Zcash is the first cryptocurrency to implement the Zerocash protocol in 2016. [20]
ZEROCASH

PROS

– Provides full anonymity. Sender, receiver and amount hidden.
– Privacy can be default?
– Fast due to small proof sizes.
– Payment amount can be optionally disclosed for auditing
– Does not require any third-party

CONS

– Requires trusted setup. (May be improved with zt-starks technology)
– Supply cannot be audited. And coins can potentially be forged without proper implementation.
– Private transactions computationally intensive (improved with Sapling upgrade)

CONFIDENTIAL TRANSACTIONS

Used in: Monero and Particl with Ring Signatures as RING-CT
The next proposal from Maxwell was that of confidential transactions, proposed in June 2015 as part of the Sidechain Elements project from Blockstream, where Maxwell was Chief Technical Officer.[21],[22] It proposed to hide the transaction amount and asset type (e.g. deposits, currencies, shares), so that only the sender and receiver are aware of the amount, unless they choose to make the amount public. It uses homomorphic encryption[23] to encrypt the inputs and outputs by using blinding factors and a kind of ring signature in a commitment scheme, so the amount can be ‘committed’ to, without the amount actually being known. I’m terribly sorry if you now have the urge to go and research exactly what that means. The takeaway is that the transaction amount can be hidden from outsiders while being verifiable.
CONFIDENTIAL TRANSACTIONS

PROS

– Hides transaction amounts
– Privacy can be default
– Mature technology
– Does not require any third-party

CONS

– Only provides transaction amount privacy when used alone

RING-CT

Used in: Monero, Particl
Then came Ring Confidential transactions, proposed by Shen-Noether of Monero Research Labs in October 2015.[24] RingCT combines the use of ring signatures for hiding sender information, with the use of confidential transactions (which also uses ring signatures) for hiding amounts. The proposal described a new type of ring signature, A Multi-layered Linkable Spontaneous Anonymous Group signature which “allows for hidden amounts, origins and destinations of transactions with reasonable efficiency and verifiable, trustless coin generation”.[25] RingCT was implemented in Monero in January 2017 and made mandatory after September 2017.
RING -CONFIDENTIAL TRANSACTIONS

PROS

– Provides full anonymity. Hides transaction amounts and receiver privacy
– Privacy can be default
– Mature technology
– Greater scalability with bulletproofs
– Does not require any third-party

CONS

– Privacy not very effective without high volume

MIMBLEWIMBLE

Used in: Grin
Mimblewimble was proposed in July 2016 by pseudonymous contributor Tom Elvis Jedusorand further developed in October 2016 by Andrew Poelstra.[26],[27] Mimblewimble is a “privacy and fungibility focused cryptocoin transaction structure proposal”.[28] The key words are transaction structure proposal, so the way the blockchain is built is different, in order to accommodate privacy and fungibility features. Mimblewimble uses the concept of Confidential transactions to keep amounts hidden, looks at private keys and transaction information to prove ownership of funds rather than using addresses, and bundles transactions together instead of listing them separately on the blockchain. It also introduces a novel method of pruning the blockchain. Grin is a cryptocurrency in development that is applying Mimblewimble. Mimblewimble is early in development and you can understand it more here [29].
MIMBLEWIMBLE

PROS

– Hides transaction amounts and receiver privacy
– Privacy is on by default
– Lightweight
– No public addresses?

CONS

– Privacy not very effective without high volume
– Sender and receiver must both be online
– Relatively new technology

ZEXE

Fresh off the minds of brilliant cryptographers (Sean Bowe, Alessandro Chiesa, Matthew Green, Ian Miers, Pratyush Mishra, Howard Wu), in October 2018 Zexe proposed a new cryptographic primitive called ‘decentralized private computation.[30] It allows users of a decentralized ledger to “execute offline computations that result in transactions”[31], but also keeps transaction amounts hidden and allows transaction validation to happen at any time regardless of computations being done online. This can have far reaching implications for privacy coins in the future. Consider cases where transactions need to be automatic and private, without both parties being present.

NETWORK PRIVACY

Privacy technologies that look at network privacy as nodes communicate with each other on the network are important considerations, rather than just looking at privacy on the blockchain itself. Anonymous layers encrypt and/or reroute data as it moves among peers, so it is not obvious who they originate from on the network. They are used to protect against surveillance or censorship from ISPs and governments. The Invisible Internet Project (I2P) is an anonymous network layer that uses end to end encryption for peers on a network to communicate with each other.[32] Its history dates back to 2003. Kovri is a Monero created implementation of I2P.[33] The Onion Router (Tor) is another anonymity layer [34]) that Verge is a privacy cryptocurrency that uses. But its historical link to the US government may be is concerning to some[35]. Dandelion transaction relay is also an upcoming Bitcoin improvement proposal (BIP) that scrambles IP data that will provide network privacy for Bitcoin as transaction and other information is transmitted.[36],[37],[38]

UPCOMING

Monero completed bulletproofs protocol updates that reduce RINGCT transaction sizes and thus transaction fee costs. (Bulletproofs are a replacement for range proofs used in confidential transactions that aid in encrypting inputs and outputs by making sure they add to zero).
Sigma Protocol – being actively researched by Zcoin team as of 2018 to replace Zerocoin protocol so that a trusted setup is not required.[39] There is a possible replacement for zk-snarks, called zk-starks, another form of zero-knowledge proof technology, that may make a trusted set-up unnecessary for zero-knowledege proof coins.[40]

PART 1 CONCLUSION OF THE PRIVACY COIN GUIDE ON THE TECHNOLOGY BEHIND PRIVACY COINS

Although Bitcoin is still a groundbreaking technology that gives us a trust-less transaction system, it has failed to live up to its expectations of privacy. Over time, new privacy technologies have arrived and are arriving with innovative and exciting solutions for Bitcoin’s lack of fungibility. It is important to note that these technologies are built on prior research and application, but we are considering their use in cryptocurrencies. Protocols are proposed based on cryptographic concepts that show how they would work, and then developers actually implement them. Please note that I did not include the possibility of improper implementation as a disadvantage, and the advantages assume that the technical development is well done. A very important point is that coins can also adapt new privacy technologies as their merits become obvious, even as they start with a specific privacy protocol. Furthermore, I am, unfortunately, positive that this is not an exhaustive overview and I am only covering publicized solutions. Next, we’ll talk more about the pros and cons and give an idea of how the coins can be compared.

There's a video version that can be watched, and you can find out how to get the second two parts if you want on my website (video link on the page): https://cryptoramble.com/guide-on-privacy-coins/
submitted by CryptoRamble to ethtrader [link] [comments]

Why you should invest in OCEAN Protocol

Why I am investing in Ocean Protocol
tl;dr
Unlocking data for AI
Partnered with; Unilever, Roche, Johnson&Johnson, Aviva, MOBI (BMW, Ford, GM)
Currently at $0.03, IEO price $0.12, ICO price $0.2.
Staking coming Q2.
THE PROBLEM
The world has a data problem. The more we create, the more we are forced to entrust it all to fewer data monopolies to profit from.
Data is also siloed, and generally hosted on proprietary databases across vast systems, geographies and business units. Whilst there have been fixes and APIs that have helped improve the sharing of corporate and public data, fundamentally this doesn’t change the fact that client-server architecture and corporate IT networks are inherently designed to prevent data sharing.
Regulation and privacy laws combine to make organisations concerned about sharing data both internally and publicly unless forced to do so. The Health Insurance Portability and Accountability Act (HIPAA) in the US or the Data Protection Act in the UK explicitly state how and what data can and cannot be shared. But these are complicated policies. The technical difficulty of implementing them, combined with bad UX means people err on the side of caution when approaching these issues. There is simply no incentive to outweigh the risk and hassle of sharing data.
Even where sharing is encouraged, current infrastructure makes monetising data through open source licensing complex and equally difficult to enforce. So ultimately, you are left with two options: give your data away for free (which what most individuals do) or hoard it and see if you can make sense of it at some time in the future (which is what most companies do). Neither is very efficient or effective.
The consequence is a few increasingly powerful companies get the vast majority of data at little cost, and large amounts of valuable data are sat dormant in siloed databases.
Simply put, there is no economic incentive to share data. This is a massive issue in the AI market (expected to be worth $70 billion in 2020 according to BoA Merrill).
The best AI techniques today, such as deep learning, need lots (and lots) of quality and relevant datasets to deliver any kind of meaningful value. Starving most new entrants (such as startups and SMEs) of the ability to compete.
AI expertise and talent is expensive and hard to come by, typically concentrating within organisations that already have the data to play with or promise to generate vast quantities of it in the future. Companies like Google, Facebook, Microsoft and Baidu swallow up almost all the best talent and computer science and AI PhDs before they even come onto the jobs market.
This creates a self-propagating cycle, increasingly benefiting a few established organisations who are able to go on to dominate their respective markets, extracting a premium for the priviledge. Think of Facebook & Google in the Ad Market, Amazon for Retail, now imagine that happening across every single industry vertical. Data leads to data network effects, and subsequent AI advantages which are extremely hard to catch up with once the flywheel starts. The way things are going, the driver-less car market will likely consolidate around one single software provider. As old industries like education, healthcare and utilities digitize their operations and start utilizing data, the same will likely happen there too.
The benefits of the 4th Industrial Revolution are in the hands of fewer and fewer organisations.
Currently the expectation is that companies, rather than trying to compete (if they want to stay in business), are expected to concede their data to one of the big tech clouds like Amazon or Microsoft to be able to extract value from it. Further extending the suppliers’ unfair advantage and increasing their own dependency. Look at autonomous vehicles, German manufacturers unable to compete with Silicon Valley’s AIs for self driving cars could be left simply making the low-value hardware whilst conceding the higher-value (and margin) software to companies that drive the intelligence that control them.
I’ve always argued companies don’t want Big Data. They want actionable intelligence. But currently most large organisations have vast dumb data in silos that they simply don’t know what to do with.
But what if…
they could securely allow AI developers to run algorithms on it whilst keeping it stored encrypted, on-premise.
And open up every database at a ‘planetary level’ and turn them into a single data marketplace.
Who would own or control it? To be frank, it would require unseen levels of trust. Data is generally very sensitive, revealing and something you typically would not want to share with your competitors. Especially in say, consumer health how could that be possible with complex privacy laws?
What’s needed is a decentralised data marketplace to connect AI developers to data owners in a compliant, secure and affordable way. Welcome to Ocean Protocol.
Why decentralised and tokenised?
Primarily because of the need for the provenance of IP, affordable payment channels, and the ensure no single entity becomes a gatekeeper to a hoard of valuable data. Gatekeeper, in the sense that they can arbitrarily ban or censor participants but also to avoid the same honeypot hacking problems we encounter in today’s centralised world.
But aren’t there already decentralised data market projects?
The Ocean team have focused their design on enabling ‘exchange protocols’, resulting in massive potential for partnerships with other players in the domain. As investors in IOTA, understanding how this could work with their Data Marketplace is an interesting case in point.
INNOVATIONS
What we like most about Ocean is they have been deploying many of the constituent parts that underpin this marketplace over the last 4 years via a number of initiatives which they are now bringing together into one unified solution:
(digital ownership & attribution) (high throughput distributed database to allow for high throughput transactions) (Scalability – build on proven BigchainDB / IPDB technology for “planetary scale”) (blockchain-ready, community-driven protocol for intellectual property licensing)
What is being added is a protocol and token designed to incentivize and program rules and behaviours into the marketplace to ensure relevant good quality data is committed, made available and fairly remunerated. The design is prepared for processing confidential data for machine learning and aggregated analysis without exposing the raw data itself. Ocean will facilitate in bringing the processing algorithms to the data through on-premise compute and, eventually, more advanced techniques, like homomorphic encryption, as they mature.
OCEAN Token
Think of the Ocean Token as the ‘crypto asset’ that serves as the commodity in the data economy to incentivise the mass coordination of resources to secure and scale the network to turn in to actionable intelligence.
If Ocean is about trading data, can’t it use an existing cryptocurrency as its token, like Bitcoin or Ether?
While existing tokens might serve as a means of exchange, the Ocean protocol requires a token of its own because it uses its a specific form of monetary policy and rewards. Users get rewarded with newly minted tokens for providing high quality, relevant data and keeping it available. This means the protocol requires control over the money supply and rules out using any existing general purpose protocols or tokens. Furthermore, from the perspective of Ocean users, volatility in an uncorrelated token would disrupt the orderly value exchange between various stakeholders in the marketplace they desire.
OCEAN Data Providers (Supplying Data)
Actors who have data and want to monetise it, can make it available through Ocean for a price. When their data is used by Data Consumers, Data Providers receive tokens in return.
OCEAN Data Curators (Quality Control)
An interesting concept to Ocean is the application of curation markets. Someone needs to decide what data on Ocean is good and which data is bad. As Ocean is a decentralised system, there can’t be a central committee to do this. Instead, anyone with domain expertise can participate as a Data Curator and earn newly minted tokens by separating the wheat from the chaff. Data Curators put an amount of tokens at stake to signal that a certain dataset is of high quality. Every time they correctly do this, they receive newly minted tokens in return.
OCEAN Registry of Actors (Keeping Bad Actors Out)
Because Ocean is an open protocol, not only does it need mechanisms to curate data, it needs a mechanism to curate the participants themselves. For this reason a Registry of Actors is part of Ocean, again applying staking of tokens to make good behaviour more economically attractive than bad behaviour.
OCEAN Keepers (Making Data Available)
The nodes in the Ocean network are called Keepers. They run the Ocean software and make datasets available to the network. Keepers receive newly minted tokens to perform their function. Data Providers need to use one or more Keepers to offer data to the network.
BRINGING IT ALL TOGETHER
Ocean is building a platform to enable a ‘global data commons’. A platform where anyone can share and be rewarded for the data they contribute where the token and protocol is designed specifically to incentivise data sharing and remuneration.
So let’s see that in the context of a single use-case: Clinical Trial Data
Note: that this use-case is provided for illustrative purposes only, to get a feel for how Ocean could work in practice. Some of the specifics of the Ocean protocol have yet to be finalised and published in the white paper, and might turn out different than described here.
Bob is a clinical physician with a data science background who uses Ocean. He knows his industry well and has experience understanding what types of clinical data are useful in trials. Charlie works at a company that regularly runs medical trials. He has collected a large amount of data for a very specific trial which has now concluded, and he believes it could be valuable for others but he doesn’t know exactly how. Charlie publishes the dataset through Ocean and judging its value (based on the cost to produce and therefore replicate), as well as his confidence in its overall quality, he stakes 5 tokens on it (to prove it is his IP, which if people want to use they must pay for). Charlie uses one of the Keeper nodes maintained by his company’s IT department. Bob, as a Data Curator of clinical trial data on Ocean, is notified of its submission, and sees no one has challenged its ownership. By looking at a sample he decides the data is of good quality and based on how broad its utility could be he stakes 10 Ocean tokens to back his judgement. Bob is not alone and quickly a number of other Data Curators with good reputation also evaluate the data and make a stake. By this point a number of AI developers see Charlie’s dataset is becoming popular and purchase it through Ocean. Charlie, Bob and the other curators get rewarded in newly minted tokens, proportional to the amount they staked and the number of downloads. The Keeper node at Charlie’s company regularly receives a request to cryptographically prove it still has the data available. Each time it answers correctly, it also receives some newly minted tokens. When Bob and Charlie signed up to join Ocean, they staked some tokens to get added to the Registry of Actors. Eve also wants to join Ocean. She stakes 100 tokens to get added to The Registry of Actors. Eve is actually a malicious actor. She purchases Charlie’s dataset through Ocean, then claims it’s hers and publishes it under her own account for a slightly lower price. Furthermore, she creates several more “sock puppet” accounts, each with some more tokens staked to join, to serve as Data Curators and vouch for her copy of the dataset. Bob and Charlie discover Eve’s malice. They successfully challenge Eve and her sock puppet accounts in the Registry of Actors. Eve and her sock puppet accounts get removed from the Registry of Actors and she loses all staking tokens.
APPROACH, TRACTION & TEAM
I am greatly encouraged by the fact that Ocean were aligned to building what we term a Community Token Economy (CTE) where multiple stakeholders ( & ) partner early on to bring together complementary skills and assets.
As two existing companies (one already VC backed) they are committing real code and IP already worth several million in value*.
*This is an important point to remember when considering the valuation and token distribution of the offering.
The open, inclusive, transparent nature of IPDB foundation bodes well for how Ocean will be run and how it will solve complex governance issues as the network grows.
I am also impressed with the team’s understanding of the importance of building a community. They understand that networks are only as powerful as the community that supports it. This is why they have already signed key partnerships with XPrize Foundation, SingularityNet, Mattereum, Integration Alpha and ixo Foundation as well as agreeing an MOU with the Government of Singapore to provide coverage and indemnification for sandboxes for data sharing.
The team understands that the decentralisation movement is still in its early stages and that collaborative and partnership is a more effective model than competition and going it alone.
PLACE IN THE CONVERGENCE ECOSYSTEM STACK
Ocean protocol is a fundamental requirement for the Convergence Ecosystem Stack. It is a protocol that enables a thriving AI data marketplace. It is complementary to our other investments in IOTA and SEED both of whom provide a marketplace for machine data and bots respectively.
Marketplaces are critical to the development of the Convergence Ecosystem as they enable new data-based and tokenised business models that have never before been possible to unlock value. Distributed ledgers, blockchains and other decentralization technologies are powerful tools for authenticating, validating, securing and transporting data; but it will be marketplaces that will enable companies to build sustainable businesses and crack open the incumbent data monopolies. IOTA, SEED and now Ocean are unlocking data for more equitable outcomes for users.
submitted by Econcrypt to CryptoMoonShots [link] [comments]

Threshold Signature Explained— Bringing Exciting Applications with TSS

Threshold Signature Explained— Bringing Exciting Applications with TSS
— A deep dive into threshold signature without mathematics by ARPA’s cryptographer Dr. Alex Su

https://preview.redd.it/cp0wib2mk0q41.png?width=757&format=png&auto=webp&s=d42056f42fb16041bc512f10f10fed56a16dc279
Threshold signature is a distributed multi-party signature protocol that includes distributed key generation, signature, and verification algorithms.
In recent years, with the rapid development of blockchain technology, signature algorithms have gained widespread attention in both academic research and real-world applications. Its properties like security, practicability, scalability, and decentralization of signature are pored through.
Due to the fact that blockchain and signature are closely connected, the development of signature algorithms and the introduction of new signature paradigms will directly affect the characteristics and efficiency of blockchain networks.
In addition, institutional and personal account key management requirements stimulated by distributed ledgers have also spawned many wallet applications, and this change has also affected traditional enterprises. No matter in the blockchain or traditional financial institutions, the threshold signature scheme can bring security and privacy improvement in various scenarios. As an emerging technology, threshold signatures are still under academic research and discussions, among which there are unverified security risks and practical problems.
This article will start from the technical rationale and discuss about cryptography and blockchain. Then we will compare multi-party computation and threshold signature before discussing the pros and cons of different paradigms of signature. In the end, there will be a list of use cases of threshold signature. So that, the reader may quickly learn about the threshold signature.
I. Cryptography in Daily Life
Before introducing threshold signatures, let’s get a general understanding of cryptography. How does cryptography protect digital information? How to create an identity in the digital world? At the very beginning, people want secure storage and transmission. After one creates a key, he can use symmetric encryption to store secrets. If two people have the same key, they can achieve secure transmission between them. Like, the king encrypts a command and the general decrypts it with the corresponding key.
But when two people do not have a safe channel to use, how can they create a shared key? So, the key exchange protocol came into being. Analogously, if the king issues an order to all the people in the digital world, how can everyone proves that the sentence originated from the king? As such, the digital signature protocol was invented. Both protocols are based on public key cryptography, or asymmetric cryptographic algorithms.


“Tiger Rune” is a troop deployment tool used by ancient emperor’s, made of bronze or gold tokens in the shape of a tiger, split in half, half of which is given to the general and the other half is saved by the emperor. Only when two tiger amulets are combined and used at the same time, will the amulet holder get the right to dispatch troops.
Symmetric and asymmetric encryption constitute the main components of modern cryptography. They both have three fixed parts: key generation, encryption, and decryption. Here, we focus on digital signature protocols. The key generation process generates a pair of associated keys: the public key and the private key. The public key is open to everyone, and the private key represents the identity and is only revealed to the owner. Whoever owns the private key has the identity represented by the key. The encryption algorithm, or signature algorithm, takes the private key as input and generate a signature on a piece of information. The decryption algorithm, or signature verification algorithm, uses public keys to verify the validity of the signature and the correctness of the information.
II. Signature in the Blockchain
Looking back on blockchain, it uses consensus algorithm to construct distributed books, and signature provides identity information for blockchain. All the transaction information on the blockchain is identified by the signature of the transaction initiator. The blockchain can verify the signature according to specific rules to check the transaction validity, all thanks to the immutability and verifiability of the signature.
For cryptography, the blockchain is more than using signature protocol, or that the consensus algorithm based on Proof-of-Work uses a hash function. Blockchain builds an infrastructure layer of consensus and transaction through. On top of that, the novel cryptographic protocols such as secure multi-party computation, zero-knowledge proof, homomorphic encryption thrives. For example, secure multi-party computation, which is naturally adapted to distributed networks, can build secure data transfer and machine learning platforms on the blockchain. The special nature of zero-knowledge proof provides feasibility for verifiable anonymous transactions. The combination of these cutting-edge cryptographic protocols and blockchain technology will drive the development of the digital world in the next decade, leading to secure data sharing, privacy protection, or more applications now unimaginable.
III. Secure Multi-party Computation and Threshold Signature
After introducing how digital signature protocol affects our lives, and how to help the blockchain build identities and record transactions, we will mention secure multi-party computation (MPC), from where we can see how threshold signatures achieve decentralization. For more about MPC, please refer to our previous posts which detailed the technical background and application scenarios.
MPC, by definition, is a secure computation that several participants jointly execute. Security here means that, in one computation, all participants provide their own private input, and can obtain results from the calculation. It is not possible to get any private information entered by other parties. In 1982, when Prof. Yao proposed the concept of MPC, he gave an example called the “Millionaires Problem” — two millionaires who want to know who is richer than the other without telling the true amount of assets. Specifically, the secure multiparty computation would care about the following properties:
  • Privacy: Any participant cannot obtain any private input of other participants, except for information that can be inferred from the computation results.
  • Correctness and verifiability: The computation should ensure correct execution, and the legitimacy and correctness of this process should be verifiable by participants or third parties.
  • Fairness or robustness: All parties involved in the calculation, if not agreed in advance, should be able to obtain the computation results at the same time or cannot obtain the results.
Supposing we use secure multi-party computation to make a digital signature in a general sense, we will proceed as follows:
  • Key generation phase: all future participants will be involved together to do two things: 1) each involved party generates a secret private key; 2) The public key is calculated according to the sequence of private keys.
  • Signature phase: Participants joining in a certain signature use their own private keys as private inputs, and the information to be signed as a public input to perform a joint signature operation to obtain a signature. In this process, the privacy of secure multi-party computing ensures the security of private keys. The correctness and robustness guarantee the unforgeability of the signature and everyone can all get signatures.
  • Verification phase: Use the public key corresponding to the transaction to verify the signature as traditional algorithm. There is no “secret input” during the verification, this means that the verification can be performed without multi-party computation, which will become an advantage of multi-party computation type distributed signature.
The signature protocol constructed on the idea of ​​secure multiparty computing is the threshold signature. It should be noted that we have omitted some details, because secure multiparty computing is actually a collective name for a type of cryptographic protocol. For different security assumptions and threshold settings, there are different construction methods. Therefore, the threshold signatures of different settings will also have distinctive properties, this article will not explain each setting, but the comparative result with other signature schemes will be introduced in the next section.
IV. Single Signature, Multi-Signature and Threshold Signature
Besides the threshold signature, what other methods can we choose?
Bitcoin at the beginning, uses single signature which allocates each account with one private key. The message signed by this key is considered legitimate. Later, in order to avoid single point of failure, or introduce account management by multiple people, Bitcoin provides a multi-signature function. Multi-signature can be simply understood as each account owner signs successively and post all signatures to the chain. Then signatures are verified in order on the chain. When certain conditions are met, the transaction is legitimate. This method achieves a multiple private keys control purpose.
So, what’s the difference between multi-signature and threshold signature?
Several constraints of multi-signature are:
  1. The access structure is not flexible. If an account’s access structure is given, that is, which private keys can complete a legal signature, this structure cannot be adjusted at a later stage. For example, a participant withdraws, or a new involved party needs to change the access structure. If you must change, you need to complete the initial setup process again, which will change the public key and account address as well.
  2. Less efficiency. The first is that the verification on chain consumes power of all nodes, and therefore requires a processing fee. The verification of multiple signatures is equivalent to multiple single signatures. The second is performance. The verification obviously takes more time.
  3. Requirements of smart contract support and algorithm adaptation that varies from chain to chain. Because multi-sig is not naturally supported. Due to the possible vulnerabilities in smart contracts, this support is considered risky.
  4. No anonymity, this is not able to be trivially called disadvantage or advantage, because anonymity is required for specific conditions. Anonymity here means that multi-signature directly exposes all participating signers of the transaction.
Correspondingly, the threshold signature has the following features:
  1. The access structure is flexible. Through an additional multi-party computation, the existing private key sequence can be expanded to assign private keys to new participants. This process will not expose the old and newly generated private key, nor will it change the public key and account address.
  2. It provides more efficiency. For the chain, the signature generated by the threshold signature is not different from a single signature, which means the following improvements : a) The verification is the same as the single signature, and needs no additional fee; b ) the information of the signer is invisible, because for other nodes, the information is decrypted with the same public key; c) No smart contract on chain is needed to provide additional support.
In addition to the above discussion, there is a distributed signature scheme supported by Shamir secret sharing. Secret sharing algorithm has a long history which is used to slice information storage and perform error correction information. From the underlying algorithm of secure computation to the error correction of the disc. This technology has always played an important role, but the main problem is that when used in a signature protocol, Shamir secret sharing needs to recover the master private key.
As for multiple signatures or threshold signature, the master private key has never been reconstructed, even if it is in memory or cache. this short-term reconstruction is not tolerable for vital accounts.
V. Limitations
Just like other secure multi-party computation protocols, the introduction of other participants makes security model different with traditional point-to-point encrypted transmission. The problem of conspiracy and malicious participants were not taken into account in algorithms before. The behavior of physical entities cannot be restricted, and perpetrators are introduced into participating groups.
Therefore, multi-party cryptographic protocols cannot obtain the security strength as before. Effort is needed to develop threshold signature applications, integrate existing infrastructure, and test the true strength of threshold signature scheme.
VI. Scenarios
1. Key Management
The use of threshold signature in key management system can achieve a more flexible administration, such as ARPA’s enterprise key management API. One can use the access structure to design authorization pattern for users with different priorities. In addition, for the entry of new entities, the threshold signature can quickly refresh the key. This operation can also be performed periodically to level up the difficulty of hacking multiple private keys at the same time. Finally, for the verifier, the threshold signature is not different from the traditional signature, so it is compatible with old equipments and reduces the update cost. ARPA enterprise key management modules already support Elliptic Curve Digital Signature Scheme secp256k1 and ed25519 parameters. In the future, it will be compatible with more parameters.

https://preview.redd.it/c27zuuhdl0q41.png?width=757&format=png&auto=webp&s=26d46e871dadbbd4e3bea74d840e0198dec8eb1c
2. Crypto Wallet
Wallets based on threshold signature are more secure because the private key doesn’t need to be rebuilt. Also, without all signatures posted publicly, anonymity can be achieved. Compared to the multi-signature, threshold signature needs less transaction fees. Similar to key management applications, the administration of digital asset accounts can also be more flexible. Furthermore, threshold signature wallet can support various blockchains that do not natively support multi-signature, which reduces the risk of smart contracts bugs.

Conclusion

This article describes why people need the threshold signature, and what inspiring properties it may bring. One can see that threshold signature has higher security, more flexible control, more efficient verification process. In fact, different signature technologies have different application scenarios, such as aggregate signatures not mentioned in the article, and BLS-based multi-signature. At the same time, readers are also welcomed to read more about secure multi-party computation. Secure computation is the holy grail of cryptographic protocols. It can accomplish much more than the application of threshold signatures. In the near future, secure computation will solve more specific application questions in the digital world.

About Author

Dr. Alex Su works for ARPA as the cryptography researcher. He got his Bachelor’s degree in Electronic Engineering and Ph.D. in Cryptography from Tsinghua University. Dr. Su’s research interests include multi-party computation and post-quantum cryptography implementation and acceleration.

About ARPA

ARPA is committed to providing secure data transfer solutions based on cryptographic operations for businesses and individuals.
The ARPA secure multi-party computing network can be used as a protocol layer to implement privacy computing capabilities for public chains, and it enables developers to build efficient, secure, and data-protected business applications on private smart contracts. Enterprise and personal data can, therefore, be analyzed securely on the ARPA computing network without fear of exposing the data to any third party.
ARPA’s multi-party computing technology supports secure data markets, precision marketing, credit score calculations, and even the safe realization of personal data.
ARPA’s core team is international, with PhDs in cryptography from Tsinghua University, experienced systems engineers from Google, Uber, Amazon, Huawei and Mitsubishi, blockchain experts from the University of Tokyo, AIG, and the World Bank. We also have hired data scientists from CircleUp, as well as financial and data professionals from Fosun and Fidelity Investments.
For more information about ARPA, or to join our team, please contact us at [email protected].
Learn about ARPA’s recent official news:
Telegram (English): https://t.me/arpa_community
Telegram (Việt Nam): https://t.me/ARPAVietnam
Telegram (Russian): https://t.me/arpa_community_ru
Telegram (Indonesian): https://t.me/Arpa_Indonesia
Telegram (Thai): https://t.me/Arpa_Thai
Telegram (Philippines):https://t.me/ARPA_Philippines
Telegram (Turkish): https://t.me/Arpa_Turkey
Korean Chats: https://open.kakao.com/o/giExbhmb (Kakao) & https://t.me/arpakoreanofficial (Telegram, new)
Medium: https://medium.com/@arpa
Twitter: u/arpaofficial
Reddit: https://www.reddit.com/arpachain/
Facebook: https://www.facebook.com/ARPA-317434982266680/54
submitted by arpaofficial to u/arpaofficial [link] [comments]

PlatON Algorithm Scientist Dr. Xiang Xie: Privacy-Preserving Computation is the Only Solution for Privacy Disclosure

PlatON Algorithm Scientist Dr. Xiang Xie: Privacy-Preserving Computation is the Only Solution for Privacy Disclosure
On Mar.25, 2020, PlatON Algorithm Scientist Dr. Xiang Xie joined in TokenInsight’s AMA as the special guest to talk about the solution that privacy-preserving computation provides for privacy disclosure issues and shared the latest development of PlatON’s privacy-preserving computation.
https://preview.redd.it/x8dh7o24u1p41.jpg?width=1564&format=pjpg&auto=webp&s=9bdc434f22824ea2a45a6136901c9058a5e253ce
How Do You Think about the Recent Privacy Disclosure Issue of Sina Weibo?
Dr. Xie: Truth be told, many internet firms collect and even use data privacy for illegal profit without the permissions from users, and there are potential risks of privacy disclosure issues under incorrect operation and management undoubtedly.
The conflict between the business model of traditional internet giants and the privacy protection of users can’t not be ignored and that’s what we wish to avoid in our new architect; Besides, the centralized model of internet is highly-effective and high-performing in the organization management and business processing, while brings the risk of privacy disclosure. Sina Weibo’s privacy disclosure event is resulted from the private data management issues.
The information disclosure issues won’t be solved by technologies or innovative architecture completely, but by distributed architectures to protect all data instead. Data protection is totally different from data storage. Thus, privacy-preserving computation, in my opinion, is the only solution for stopping the data privacy from being leaked, and also the first vision of PlatON.


In Your Opinion, Whether If PlatON’s Technologies Can Solve the Data Scandal of Top Platforms from a Technical Standpoint?
Dr. Xie: Privacy disclosure issues happen when applying data, and PlatON’s privacy-preserving computation aims at protecting data privacy in data circulation.
With cryptography technologies applied and integrated in PlatON’s privacy-preserving computation, the possibilities of information leakage from hackers have been reduced to the great extent.
PlatON serves as a blockchain-based infrastructure for distributed economies to provide support for upper-layer economic activities; and a privacy-preserving computation solution provider to protect the data privacy in the data circulation. Thus, we aim at building a completely digitalized distributed infrastructure with long-term investment and efforts, and completing it with all talented developers worldwide.


How Do You Think about Blockchain’s Role in Privacy-Preserving Computation?
Dr. Xie: Blockchain is irrelevant to privacy-preserving computation. Blockchain is dated back from bitcoin. However, there is no privacy-preserving design for bitcoin according to its Whitepaper. Plus, bitcoin and cryptocurrency haven’t applied any cryptography algorithms, but only signature and Hash instead.
Blockchain is transparent and distributed with all data backed up to be available to all people, thus it definitely has no privacy-preserving features. On the contrary, blockchain can serve as the distributed infrastructure to help with payment. In conclusion, blockchain is independent of privacy-preserving computation, while they are mutual complementary. Privacy-preserving computation, located at the upper part, protects the data privacy, while blockchain, located at the lower part as the infrastructure for distributed economies, provides payment and settlement functions.


Can You Share PlatON’s Technology Architecture of Privacy-Preserving Computation?
Dr. Xie: Privacy-preserving computation is a big topic, and different teams have different routines. PlatON focuses on cryptography technologies and combines trusted hardware to implement privacy-preserving computation. PlatON’s privacy-preserving computation architecture, from the bottom to top, consists of basic cryptography algorithms, blockchain, Privacy AI and privacy data platforms, for the purpose of delivering the deployable and operational products rather than technology itself. Cryptography is just a technology implementation.


Can You Share PlatON’s Biggest Achievement in 2019 and the Development Plan in 2020?
Dr. Xie: We’ve done a deep research on the data privacy-preserving and the potential emergent market since the very beginning we started PlatON. Then we’ve explored and finished the technology model selection and engineering, finally realized the huge potential of AI in both application and marketing.
The biggest achievement in 2019 is that we have settled Privacy AI as the core direction of PlatON, organized a strong AI team, and determined both the technology architecture and product architecture with our cryptography team.
In 2020, we will announce two important products: Rosetta, a Privacy AI architecture developed under the combination of cryptography and AI architecture such as Tensorflow, and Data Bank. Then start the growth of both product and community accordingly.


PlatON CEO Mr. Sun Has Highlighted the Internet of Everything, does that Mean IoT Will Show Support on Privacy AI by Providing Massive Data of Interconnected Devices?
Dr. Xie: I think we should consider it based on the whole life circle of data rather than a pure tech viewpoint.
There are four stages of data’s life circle: collection & production, storage & computation, distribution & exchange, and analysis & processing. IoT is the entrance of data, advanced devices collect data, then PlatON collaborates with partners to build an ecosystem; innovative technologies such as distributed ledgers are the main solution of data’s distribution and exchange; and the analysis and processing of data will be performed by AI and big data.
PlatON, with its layout design based on the whole life circle of data, aims at facilitating the data circulation by leveraging privacy-preserving computation.


Can You Share More Details about PlatON’s Grants Program?
Dr. Xie: Grants program plays an important role in building PlatON community, and the PlatON ecosystem contributed and co-hosted by developers worldwide. We will incubate and provide funding for the projects selected out after evaluation and communication.
Since it’s released, we’ve received plenty of applications on blockchain and privacy-preserving computation including supporting tools, contract development, and algorithms and acceleration of software & hardware of MPC (Multi-Party Computation), ZKP (Zero-Knowledge Proof), HE (Homomorphic Encryption), from top colleges, startups, communities, etc.
My profession and experience start from cryptography, I know the complexity of it and the whole PlatON team admires team spirit, or community spirit. To complete a long-term and meaningful work, joint effort is a must. Thus, we sincerely welcome more developers that are interested in blockchain, cryptography and data privacy to join us, helping complete the PlatON ecosystem. Privacy AI is surely a part of Grants program, we look forward to working with all talents worldwide.


Whether if Zero-Knowledge Proof Can be Applied in Massive Business Practice, and How’s the Marketing Demand?
Dr. Xie: Zero-Knowledge Proof’s research and development direction is closely relative to it’s business practical. Our goal is to provide solutions rather than being commonly used only. When demands get more complicated, algorithms need to be improved, and can be applied in more business practices when they get better and better. They must have gone through iterations gradually to fit the marketing demand. So far, ZKP is still in its early stage, and needs to improve.


Can You Share the True Demands and Businesses of MPC?
Dr. Xie: MPC fits Privacy AI to some extent, and even has emergent and specific demands. There is a conflict on the collection and application of data. For Privacy AI, the more data the better, which help improve the accuracy of model. For data asset, however, data is private and needs to be protected.
MPC, with its paradigm for this conflict, is just the solution. Seen from that, cryptography is used to solve all kinds of conflicts and needed by many enterprises that are sensitive about data.
Currently, institutes and firms at home and abroad are all exploring the combination of privacy-preserving computation and AI, and havestepped into this field. PlatON stands ahead with its huge investment and solid engineering implementation.


How Do You Think About Ethereum’s Joining in Privacy-Preserving Computation Ecosystem?
Dr. Xie: It’s evitable. Ethereum is the“World’s Computer”, to serve the world, it needs to bear massive data. Thus, the data privacy issues start, and Ethereum will apply more cryptography technologies to support the completeness of the whole network. Actually, Ethereum 2.0 has many tools and designs with regard to privacy-preserving computation and cryptography. In addition, we are optimistic and confident about the future of Ethereum, and we have a significant collaboration with Ethereum on MPC, and community as well.
submitted by PlatON_Network to PlatONNetwork [link] [comments]

Technical: Upcoming Improvements to Lightning Network

Price? Who gives a shit about price when Lightning Network development is a lot more interesting?????
One thing about LN is that because there's no need for consensus before implementing things, figuring out the status of things is quite a bit more difficult than on Bitcoin. In one hand it lets larger groups of people work on improving LN faster without having to coordinate so much. On the other hand it leads to some fragmentation of the LN space, with compatibility problems occasionally coming up.
The below is just a smattering sample of LN stuff I personally find interesting. There's a bunch of other stuff, like splice and dual-funding, that I won't cover --- post is long enough as-is, and besides, some of the below aren't as well-known.
Anyway.....

"eltoo" Decker-Russell-Osuntokun

Yeah the exciting new Lightning Network channel update protocol!

Advantages

Myths

Disadvantages

Multipart payments / AMP

Splitting up large payments into smaller parts!

Details

Advantages

Disadvantages

Payment points / scalars

Using the magic of elliptic curve homomorphism for fun and Lightning Network profits!
Basically, currently on Lightning an invoice has a payment hash, and the receiver reveals a payment preimage which, when inputted to SHA256, returns the given payment hash.
Instead of using payment hashes and preimages, just replace them with payment points and scalars. An invoice will now contain a payment point, and the receiver reveals a payment scalar (private key) which, when multiplied with the standard generator point G on secp256k1, returns the given payment point.
This is basically Scriptless Script usage on Lightning, instead of HTLCs we have Scriptless Script Pointlocked Timelocked Contracts (PTLCs).

Advantages

Disadvantages

Pay-for-data

Ensuring that payers cannot access data or other digital goods without proof of having paid the provider.
In a nutshell: the payment preimage used as a proof-of-payment is the decryption key of the data. The provider gives the encrypted data, and issues an invoice. The buyer of the data then has to pay over Lightning in order to learn the decryption key, with the decryption key being the payment preimage.

Advantages

Disadvantages

Stuckless payments

No more payments getting stuck somewhere in the Lightning network without knowing whether the payee will ever get paid!
(that's actually a bit overmuch claim, payments still can get stuck, but what "stuckless" really enables is that we can now safely run another parallel payment attempt until any one of the payment attempts get through).
Basically, by using the ability to add points together, the payer can enforce that the payee can only claim the funds if it knows two pieces of information:
  1. The payment scalar corresponding to the payment point in the invoice signed by the payee.
  2. An "acknowledgment" scalar provided by the payer to the payee via another communication path.
This allows the payer to make multiple payment attempts in parallel, unlike the current situation where we must wait for an attempt to fail before trying another route. The payer only needs to ensure it generates different acknowledgment scalars for each payment attempt.
Then, if at least one of the payment attempts reaches the payee, the payee can then acquire the acknowledgment scalar from the payer. Then the payee can acquire the payment. If the payee attempts to acquire multiple acknowledgment scalars for the same payment, the payer just gives out one and then tells the payee "LOL don't try to scam me", so the payee can only acquire a single acknowledgment scalar, meaning it can only claim a payment once; it can't claim multiple parallel payments.

Advantages

Disadvantages

Non-custodial escrow over Lightning

The "acknowledgment" scalar used in stuckless can be reused here.
The acknowledgment scalar is derived as an ECDH shared secret between the payer and the escrow service. On arrival of payment to the payee, the payee queries the escrow to determine if the acknowledgment point is from a scalar that the escrow can derive using ECDH with the payer, plus a hash of the contract terms of the trade (for example, to transfer some goods in exchange for Lightning payment). Once the payee gets confirmation from the escrow that the acknowledgment scalar is known by the escrow, the payee performs the trade, then asks the payer to provide the acknowledgment scalar once the trade completes.
If the payer refuses to give the acknowledgment scalar even though the payee has given over the goods to be traded, then the payee contacts the escrow again, reveals the contract terms text, and requests to be paid. If the escrow finds in favor of the payee (i.e. it determines the goods have arrived at the payer as per the contract text) then it gives the acknowledgment scalar to the payee.

Advantages

Disadvantages

Payment decorrelation

Because elliptic curve points can be added (unlike hashes), for every forwarding node, we an add a "blinding" point / scalar. This prevents multiple forwarding nodes from discovering that they have been on the same payment route. This is unlike the current payment hash + preimage, where the same hash is used along the route.
In fact, the acknowledgment scalar we use in stuckless and escrow can simply be the sum of each blinding scalar used at each forwarding node.

Advantages

Disadvantages

submitted by almkglor to Bitcoin [link] [comments]

RenVM AMA Answers

RenVM AMA Answers


1) What are some challenges you think will come up in 2020?
Some of the biggest challenges that we see for 2020 are:
Adoption; it is the most difficult, but it has the highest impact for the project, and for the blockchain community at large. Perhaps the biggest challenge within adoption is education. It is critical that people understand how RenVM works, its capabilities, its limitations, where it is meant to be used, and where it is not meant to be used. At times, it has already proved difficult to cut through misinformation/misunderstanding that proliferates throughout the wider community or to explain complex cryptographic concepts. We will be addressing these challenges by producing more education material, releasing audits (when they’re completed), engaging more with other communities, and open-sourcing more of the project.
Rolling out updates; to the Darknodes as fixes, improvements, and new features. This is a technical challenge, but also a social challenge. It requires comprehensive testing environments and a focus on backwards compatibility, but it also requires coordination and social agreement amongst hundreds (and potentially thousands) of Darknode owners. To face these challenges, we have already begun building more extensive testing frameworks, auto-update capabilities for the Darknodes, and looking at informal methods of governance (until we settle on a formal one).

2) As far as I understand, you already have a list of companies that will be the first to adopt RenVM and make integration. How do these companies feel about the fact that not all repositories are open and some of the code is still closed (private repo)? Doesn't that scare them off? Do you have plans to go full open source?
TL:DR: Yes, absolutely we plan going full open-source and all projects we are in conversation with are aware of the below plan and understand the logic behind it. Our logic and subsequent plan (and the thresholds needed) to go full open-source can be found in this document, if curious: RenVM Open-Source Roadmap.
Long Answer: The team at Ren are very strong proponents of the open-source ethos and believe all decentralized protocols need to be made open-source when secure. The Ren team also wants to (a) be competitive in this space, given the hard work and capital invested by the team and the community, and (b) give an appropriate amount of time for security issues to be discovered and fixed before making the codebase available to potentially malicious actors.
With that said, all of Ren's codebase barring the RZL sMPC algorithm will be open-sourced at the advent of RenVM Mainnet Subzero which will be launched after our security audit is completed. The RZL sMPC algorithm, however, is what makes RenVM and its sMPC solution so special. This RZL sMPC Algorithm has been pioneered in-house by our development team and can be considered a trade secret. It will, therefore, not be released to the wider public until certain security and capital thresholds within RenVM have been met. We have worked very hard over the last two years; this approach ensures RenVM's security and that the Ren community, team, and investors are rewarded for their patience.
Stage 1 | Q1 2020 RenVM Mainnet Security Audit
The security audit will verify our RZL sMPC algorithm security, correctness, and functionality under a Non-Disclosure Agreement (NDA). This, the security audit of RenVM, and all other components of RenVM's code-base will be available for the public to review when completed.
Stage 2 | Q2 2020 Onward
Our RZL sMPC Algorithm will be fully open-sourced to the public when the milestones outlined in this document are met: https://github.com/renproject/ren/issues/2
This document has purposefully been designed for open comment as we encourage any stakeholder to voice their opinion or suggestions (supported by empirically-based evidence, of course). The team will take the feedback and incorporate them into the RenVM Open-Source Roadmap thresholds.
The open comment period will end at the formal release of RenVM Mainnet Subzero, at which point the specific security and capital thresholds will be solidified, and presented to the public. If you have suggestions or questions, please do voice them on our Github! https://github.com/renproject/ren/issues/2

3) Any ideas on which DeFi dapps could or should in your opinion use RenVM?
Any DeFi app can utilize RenVM. If their users have a desire to trade/lend cross-chain pairs then they could/should use RenVM to do so. With that said, a few potential use cases can be found below:
  1. Cross-Chain Decentralized Exchanges,
  2. Cross-Chain Lending & Leveraging,
  3. Multi-Collateralized Synthetics and Stablecoins (e.g. DAI),
  4. No-Counterparty Risk OTC Desk | An Interoperable Escrow,
  5. Multi-Collateral Crowdfunding,
  6. Multi-Collateral Basketed Investment vehicle (ETFs),
  7. Universal Cross-Chain Stablecoin Converter.
We’ll also be releasing a blog that outlines all the potential use cases for RenVM in the coming months, so please do stay tuned!

4) Have you announced a partnership with AZTEC, what are your plans for cooperation with them, are these plans still in force or have your priorities changed?
At this stage, our entire focus is on Mainnet SubZero. But, we will definitely be following up on integrating with AZTEC once everything is released, stable, and adopted.

5) Can you expand on Universal Interoperability and how important of a role it will play in the future, what are the qualifications of being that third party?
TL:DR: The ultimate goal of Universal Interoperability is to ensure a great user experience (UX) regardless of what Blockchain they come from or its end destination. In the immediate terms, this means abstracting away confirmation wait times and the need for ETH gas, so someone could use a BTC on a DeFi app (built on Ethereum) and never know it.
Long Answer: The number and speed of confirmations inherently depends on the original chain and must be set at the time the chain is admitted into the protocol. RenVM mainnet will wait for 6 confirmations for BTC (Chaosnet, is 2). This obviously takes a long time and, while it’s not so bad for some use cases (lending, collateralization, etc), it’s not the best for dApps/DEXs and general UX. ‌ So, we have the concept of Universal Interoperability which allows a third party to provide two things (in exchange for a fee nominated by users):
1) Expedited Confirmations | Confirmation as a Service (CaaS)
CaaS= Expedited Confirmations | This removes confirmations wait time for users when minting digital assets on Ethereum. It provides speed by taking on the confirmation risk. The third-party sees you have (let’s say) 1 confirmation and is confident you’re not a miner about to attack Bitcoin. They come in and provide the shifted BTC immediately to complete whatever action you were taking, and when the real underlying shift finishes the 3rd party get their funds back.
By implementing CaaS, developers can help users complete actions faster by using funds that have already been shifted. These funds can be accessed in a variety of trustful and trustless ways, however the goal is the same - facilitate a cross-chain transaction in a shorter time than it would take the user to first fully shift in an asset (i.e. for BTC, RenVM waits for six (6) confirmations).
2) GSN Integration | Gas as a Service (GaaS)
GaaS = GSN Integration | This removes the need for users to interact with ETH gas when dealing with native blockchain interactions. It provides gas so you don’t need to manage lots of different tokens, just the ones you’re actually using for the dApp.By Implementing GaaS, this allows dApps to pay for their users' transactions in a secure way, so users don’t need to hold ETH to pay for their gas or even set up an account. This can be particularly valuable when it comes to cross-chain applications as you might be building for a non-ethereum user base.
*We'll be releasing a demo if these working the real-world quite soon along with tutorials for 3rd parties to use these solutions if they so choose.

6) What’s the path forward for more liquidity on the REN token? Currently US users are limited in where they can purchase tokens and cannot easily acquire enough to get bonding for even one Darknode.
We encourage those who are restricted based on their jurisdiction to utilize the decentralized exchange infrastructure currently available. We try to practice what we preach and by utilizing DeFi, it's a great way to further propel the space into the mainstream.
We can’t legally recommend specific exchanges and we don't publicly discuss potentially listing until they are public, but do know we are always working on bringing more democratic access to REN.

7) How does your company plan to make money in the future (to finance the development, when the money received on the ICO will be over)?
Our team’s incentives are directly aligned with that of our community (those who run Darknodes). The organization and its funding is centered around Darknode rewards. Darknodes earn fees for facilitating interoperability via RenVM and this is how the organization will fund itself.

8) How does the audit go, any major issue has been identified that could delay MN subzero? When is it estimated to complete an audit?
The audit is going well. The smart contracts have been finished, and all issues were addressed quickly. The Hyperdrive audit is currently underway, and there have been no critical issues reported so far. The next steps are to scope the audit for the RZL sMPC paper and its accompanying implementation (the z0 engine). There are no timeline estimates that we are comfortable giving to the public at this stage, as audits times can vary a lot depending on what is found, and an audit of an sMPC implementation is not common (estimates quickly propagate through the community and become incorrectly interpreted as hard commitments).

9) How does your sMPC algorithm work? Can't find any description anywhere. Can the Darknodes perform any calculations over any data splitted using SSS? How fast are those calculations performed? How is the new private key generated for the next era, so old nodes that generated this key does not have access to it? Also, What kind of help from external developers do you need right now?
- It takes many pages of very formal discussion to describe how our sMPC algorithm works, but we are working on a paper that formally defines the algorithm, and proves its properties. This paper is being audited, and both the paper and audit will be released to the public after the release of Mainnet.- Darknodes can, in theory, perform any computation over Shamir secret shared (SSS) data, but they are only configured to perform interoperability related computation at the moment (key generation, and key signing).
- The performance of general computation over SSS data is very dependent on the kind of computation, however, sMPC is invariably orders of magnitude slower than the equivalent computations running on your local machine (because they involve network communication).
- Every epoch a new key must be generated to store assets (and assets in the old key must be transferred to this new key). The old group of Darknodes can generate the new key in such a way that the public key is known, but the private key shares are encrypted for the new group of Darknodes (this process does not reveal any of the new shares to any of the old Darknodes). Under the hood, this uses very simple homomorphic properties. Once the new key is generated, the old Darknodes can simply do their usual sMPC to transfer all assets to the new key.
-We would love it if the developer community started experimenting with our SDKs and contributed their thoughts/improvement to RenVM (and the dev infrastructure that supports it e.g. RenJS & GatewayJS) via: https://github.com/renproject/ren/issues

10) What are the plans for the initial network bootstrapping to onboard darknodes to achieve sufficient decentralization and deliver on the security benefits? I understand the early stages of the network will have the core nodes of the Ren Team and trusted partners responsible for maintaining the integrity of the network - do you intend to remain in this phase until sufficient transaction volume is on the network that attracts sufficient 3rd party operators? Are there plans to incentive that initial volume?
We intend to remain in the Mainnet SubZero phase until there is sufficient volume (stable over a reasonable period of time) to attract members of the public to run Darknodes and earn rewards by doing so. During this period, Ren and other projects will operate Darknodes to keep the networking running (and to keep it semi-decentralized amongst Ren and these third-parties). It is important for the security of the network that volume grows naturally, otherwise, it risks dropping after the incentivization ends. However, to begin with, we will support volume by providing liquidity to DEXs, and keeping minting fees low.

Thank everyone for contributing to our first AMA!
We'll have more over the coming months but as always, if you have any questions just come and ask in our Telegram: https://t.me/renproject
submitted by RENProtocol to RenProject [link] [comments]

AMA with Wanchain VP Lini

AMA with Wanchain VP Lini
Original article here: https://medium.com/wanchain-foundation/ama-with-wanchain-vp-lini-58ada078b4fe

“What is unique about us is that we have actually put theory into practice.”
— Lini
https://preview.redd.it/n6lo2xcmtn621.png?width=800&format=png&auto=webp&s=281acce4b45eed8acf0c52b201d01cb6f0d13507
https://preview.redd.it/10aj3ointn621.png?width=800&format=png&auto=webp&s=6a187e8a6eb5ac0445ddc73d5b0f9077f12bce39
Wanchain’s Vice President of Business Development, Lini, sat down with blockchain media organization Neutrino for an AMA covering a wide range of topics concerning Wanchain’s development.
The following is an English translation of the original Chinese AMA which was held on December 13th, 2018:
Neutrino: Could you please first share with us a little basic background, what are the basic concepts behind cross chain technology? What are the core problems which are solved with cross-chain? In your opinion, what is the biggest challenge of implementing cross chain to achieve value transfer between different chains?
Lini: Actually, this question is quite big. Let me break it down into three smaller parts:
  1. First, what is the meaning of “cross-chain”?
https://preview.redd.it/cpui6t7qtn621.png?width=720&format=png&auto=webp&s=86bc39d94b0713949c150598e2397a4f9d3ac491
In China, we like to use the word “cross-chain”, the term “interoperability” is used more frequently in foreign countries. Interoperability is also one of the important technologies identified by Vitalik for the development of a future blockchain ecosystem mentioned in the Ethereum white paper. So cross-chain is basically the concept of interoperability between chains.
  1. The core problem solved by cross chain is that of “multi-ledger” synchronous accounting
https://preview.redd.it/603dl86stn621.png?width=720&format=png&auto=webp&s=425b827298ac919f8cf05909037458a173100cc4
In essence, blockchain is a distributed bookkeeping technique, also known as distributed ledger technology. Tokens are the core units of account on each chain, there currently exist many different chains, each with their own token. Of especial importance is the way in which each ledger uses tokens to interact with each other for the purpose of clearing settlements.
  1. The core purpose of the cross-chain technology is as one of the key infrastructures of the future economy based on digital currencies.
https://preview.redd.it/3d61f26utn621.png?width=720&format=png&auto=webp&s=b735482c9734e1d32176e406adce1718be20583e
Cross chain technology is one of the foundational technological infrastructures that is necessary for the large scale application of blockchain technology.
Neutrino: As we all know, there are many different kinds of cross-chain technologies. Please give us a brief introduction to several popular cross-chain technologies on the market, and the characteristics of each of these technologies。
Lini: Before answering this question, it is very important to share two important concepts with our friends: heterogeneity and homogeneity, and centralization and decentralization.
https://preview.redd.it/n6wbs77wtn621.png?width=720&format=png&auto=webp&s=83fcadd09afb214d2aa5a2a6deb6c24d0d4da671
These two points are especially important for understanding various cross-chain technologies, because there are many different technologies and terminologies, and these are some of the foundational concepts needed for understanding them.
There are also two core challenges which must be overcome to implement cross-chain:
https://preview.redd.it/84wqd28ytn621.png?width=720&format=png&auto=webp&s=dafe1cd2993f853547b532421404e6ab86e185f1
Combining the above two points, we look at the exploration of some solutions in the industry and the design concepts of other cross-chain projects.
First I’d like to discuss the Relay solution.
https://preview.redd.it/qgcqiwlztn621.png?width=720&format=png&auto=webp&s=0925d4221c9e92e365e150638c645bef8c609b3f
However the Relay solution must consume a relatively large amount of gas to read the BTC header. Another downside is that, as we all know, Bitcoin’s blocks are relatively slow, so the time to wait for verification will be long, it usually takes about 10 minutes to wait for one block to confirm, and the best practice is to wait for 6 blocks.
The next concept is the idea of Sidechains.
https://preview.redd.it/9cg79bl1un621.png?width=720&format=png&auto=webp&s=1260e14213b1757eadc4b6141a365ed3b0e20316
This solution is good, but not all chains contain SPV, a simple verification method. Therefore, there are certain drawbacks. Of course, this two way peg way solves challenge beta very well, that is, the atomicity of the transaction.
These two technical concepts have already been incorporated into a number of existing cross chain projects. Let’s take a look at two of the most influential of these.
The first is Polkadot.
https://preview.redd.it/1o3xwz93un621.png?width=720&format=png&auto=webp&s=249909a33b5420050a6010b961a944285fc94926
This is just a summary based on Polkadot’s whitepaper and most recent developments. The theoretical design is very good and can solve challenges alpha and beta. Last week, Neutrino organized a meetup with Polkadot, which we attended. In his talk, Gavin’s focus was on governance, he didn’t get into too much technical detail, but Gavin shared some very interesting ideas about chain governance mechanisms! The specific technical details of Polkadot may have to wait until after their main net is online before it can be analyzed.
Next is Cosmos.
https://preview.redd.it/5gtjf6x4un621.png?width=720&format=png&auto=webp&s=94d6408ff65dc7041316f0130867888e108848b2
Cosmos is a star project who’s basic concept is similar to Polkadot. Cosmos’s approach is based on using a central hub. Both projects both take into account the issue of heterogeneous cross-chain transactions, and both have also taken into account how to solve challenges alpha and beta.
To sum up, each research and project team has done a lot of exploration on the best methods for implementing cross-chain technology, but many are still in the theoretical design stage. Unfortunately, since the main net has not launched yet, it is not possible to have a more detailed understanding of each project’s implementation. A blockchain’s development can be divided into two parts: theoretical design, and engineering implementation. Therefore, we can only wait until after the launch of each project’s main network, and then analyze it in more detail.
Neutrino: As mentioned in the white paper, Wanchain is a general ledger based on Ethereum, with the goal of building a distributed digital asset financial infrastructure. There are a few questions related to this. How do you solve Ethereum’s scaling problem? How does it compare with Ripple, which is aiming to be the standard trading protocol that is common to all major banks around the world? As a basic potential fundamental financial infrastructure, what makes Wanchain stand out?
Lini: This question is actually composed of two small questions. Let me answer the first one first.
  1. Considerations about TPS.
First of all, Wanchain is not developed on Ethereum. Instead, it draws on some of Ethereum’s code and excellent smart contracts and virtual machine EVM and other mature technical solutions to build the mainnet of Wanchain.
The TPS of Ethereum is not high at this stage, which is limited by various factors such as the POW consensus mechanism. However, this point also in part is due to the characteristics of Ethereum’s very distributed and decentralized features. Therefore, in order to improve TPS, Wanchain stated in its whitepaper that it will launch its own POS consensus, thus partially solving the performance issues related to TPS. Wanchain’s POS is completely different from the POS mechanism of Ethereum 2.0 Casper.
Of course, at the same time, we are also paying close attention to many good proposals from the Ethereum community, such as sharding, state channels, side chains, and the Raiden network. Since blockchain exists in the world of open source, we can of course learn from other technological breakthroughs and use our own POS to further improve TPS. If we have some time at the end, I’d love to share some points about Wanchain’s POS mechanism.
  1. Concerning, Ripple, it is completely different from what Wanchain hopes to do.
Ripple is focused on exchanges between different fiat pairs, the sharing of data between banks and financial institutions, as a clearing and settlement system, and also for the application of DLT, for example the Notary agent mechanism.
Wanchain is focused on different use cases, it is to act as a bridge between different tokens and tokens, and between assets and tokens. For various cross-chain applications it is necessary to consume WAN as a gas fee to pay out to nodes.
So it seems that the purpose Ripple and Wanchain serve are quite different. Of course, there are notary witnesses in the cross-chain mechanism, that is, everyone must trust the middleman. Ripple mainly serves financial clients, banks, so essentially everyone’s trust is already there.
Neutrino: We see that Wanchain uses a multi-party computing and threshold key sharing scheme for joint anchoring, and achieves “minimum cost” for integration through cross-chain communication protocols without changing the original chain mechanism. What are the technical characteristics of multi-party computing and threshold key sharing? How do other chains access Wanchain, what is the cross-chain communication protocol here? What is the cost of “minimum cost?
Lini: The answer to this question is more technical, involving a lot of cryptography, I will try to explain it in a simple way.
  1. About sMPC -
It stands for secure multi-party computation. I will explain it using an example proposed by the scholar Andrew Yao, the only Turing Award winner in China. The scenario called Yao’s Millionaire Problem. How can two millionaires know who is wealthier without revealing the details of their wealth to each other or a trusted third party? I’m not going to explain the answer in detail here, but those who are interested can do a web search to learn more.
In sMPC multiple parties each holding their own piece of private data jointly perform a calculation (for example, calculating a maximum value) and obtain a calculation result. However, in the process, each party involved does not leak any of their respective data. Essentially sMPC calculation can allow for designing a protocol without relying on any trusted third parties, since no individual ever has access to the complete private information.
Secure multiparty computing can be abstractly understood as two parties who each have their own private data, and can calculate the results of a public function without leaking their private data. When the entire calculation is completed, only the calculation results are revealed to both parties, and neither of them knows the data of the other party and the intermediate data of the calculation process. The protocol used for secure multiparty computing is homomorphic encryption + secret sharing + OT (+ commitment scheme + zero knowledge proofs, etc.)
Wanchain’s 21 cross chain Storeman nodes use sMPC to participate in the verification of a transaction without obtaining of a user’s complete private key. Simply put, the user’s private key will have 21 pieces given to 21 anonymous people who each can only get 1/21 part, and can’t complete the whole key.
  1. Shamir’s secret sharing
There are often plots in a movie where a top secret document needs to be handed over to, let’s say five secret agents. In order to protect against the chance of an agent from being arrested or betraying the rest, the five agents each hold only part of a secret key which will reveal the contents of the documents. But there is also a hidden danger: if one the agents are really caught, how can the rest of the agents access the information in the documents? At this point, you may wonder if there is any way for the agents to still recover the original text with only a portion of the keys? In other words, is there any method that allows a majority of the five people to be present to unlock the top secret documents? In this case, the enemy must be able to manipulate more than half of the agents to know the information in the secret documents.
Wanchain uses the threshold M<=N; N=21; M=16. That is to say, at least 16 Storeman nodes must participate in multi-party calculation to confirm a transaction. Not all 21 Storeman nodes are required to participate. This is a solution to the security problem of managing private keys.
Cross-chain communication protocols refers to the different communication methods used by different chains. This is because heterogeneous cross-chain methods can’t change the mechanism of the original chains. Nakamoto and Vitalik will not modify their main chains because they need BTC and ETH interoperability. Therefore, project teams that can only do cross-chain agreements to create different protocols for each chain to “talk”, or communicate. So the essence of a cross-chain protocol is not a single standard, but a multiple sets of standards. But there is still a shared sMPC and threshold design with the Storeman nodes.
The minimum cost is quite low, as can be shown with Wanchain 3.0’s cross chain implementation. In fact it requires just two smart contracts, one each on Ethereum and Wanchain to connect the two chains. To connect with Bitcoin all that is needed is to write a Bitcoin script. Our implementation guarantees both security and decentralization, while at the same time remaining simple and consuming less computation. The specific Ethereum contract and Bitcoin scripts online can be checked out by anyone interested in learning more.
Neutrino: What kind of consensus mechanism is currently used by Wanchain? In addition, what is the consensus and incentive mechanism for cross-chain transactions, and what is the purpose of doing so? And Wanchain will support cross-chain transactions (such as BTC, ETH) on mainstream public chains, asset cross-chain transactions between the alliance chains, and cross-chain transactions between the public and alliance chains, how can you achieve asset cross-chain security and privacy?
Lini: It is now PPOW (Permissioned Proof of Work), in order to ensure the reliability of the nodes before the cross-chain protocol design is completed, and to prepare to switch to POS (as according to the Whitepaper roadmap). The cross-chain consensus has been mentioned above, with the participation of a small consensus (at least 16 nodes) in a set of 21 Storeman nodes through sMPC and threshold secret sharing.
In addition, the incentive is achieved through two aspects: 1) 100% of the cross chain transaction fee is used to reward the Storeman node; 2) Wanchain has set aside a portion of their total token reserve as an incentive mechanism for encouraging Storeman nodes in case of small cross-chain transaction volume in the beginning.
It can be revealed that Storeman participation is opening gradually and will become completely distributed and decentralized in batches. The first phase of the Storeman node participation and rewards program is to be launched at the end of 2018. It is expected that the selection of participants will be completed within one quarter. Please pay attention to our official announcements this month.
In addition, for public chains, consortium chains, and private chains, asset transfer will also follow the cross-chain mechanism mentioned above, and generally follow the sMPC and threshold integration technology to ensure cross-chain security.
When it comes to privacy, this topic will be bigger. Going back to the Wanchain Whitepaper, we have provided privacy protection on Wanchain mainnet. Simply put, the principle is using ring signatures. The basic idea is that it mixes the original address with many other addresses to ensure privacy. We also use one-time address. In this mechanism a stamp system is used that generates a one-time address from a common address. This has been implemented since our 2.0 release.
But now only the privacy protection of native WAN transactions can be provided. The protection of cross-chain privacy and user experience will also be one of the important tasks for us in 2019.
Neutrino: At present, Wanchain uses Storeman as a cross-chain trading node. Can you introduce the Storeman mechanism and how to protect these nodes?
Lini: Let me one problem from two aspects.
  1. As I introduced before in my explanation of sMPC, the Storeman node never holds the user’s private key, but only calculates the transaction in an anonymous and secure state, and the technology prevents the Storeman nodes from colluding.
  2. Even after technical guarantees, we also designed a “double protection” against the risk from an economic point of view, that is, each node participating as a Storeman needs to pledge WAN in the contract as a “stake”. The pledge of WAN will be greater than the amount of any single transaction as a guarantee against loss of funds.
If the node is malicious (even if it is a probability of one in a billion), the community will be compensated for the loss caused by the malicious node by confiscation of the staked WAN. This is like the POS mechanism used by ETH, using staking to prevent bad behavior is a common principle.
Neutrino: On December 12th, the mainnet of Wanchain 3.0 was launched. Wanchain 3.0 opened cross-chain transactions between Bitcoin, Ethereum and ERC20 (such as MakerDao’s stable currency DAI and MKR). What does this version mean for you and the industry? This upgrade of cross-chain with Bitcoin is the biggest bright spot. So, if now you are able to use Wanchain to make transactions between what is the difference between tokens, then what is the difference between a cross chain platform like Wanchain and cryptocurrency exchanges?
Lini: The release of 3.0 is the industry’s first major network which has crossed ETH and BTC, and it has been very stable so far. As mentioned above, many cross-chain, password-protected theoretical designs are very distinctive, but for engineering implementation, the whether or not it can can be achieved is a big question mark. Therefore, this time Wanchain is the first network launched in the world to achieve this. Users are welcome to test and attack. This also means that Wanchain has connected the two most difficult and most challenging public networks. We are confident we will soon be connecting other well-known public chains.
At the same time of the release of 3.0, we also introduced cross chain integration with other ERC20 tokens in the 2.X version, such as MakerDao’s DAI, MKR, LRC, etc., which also means that more tokens of excellent projects on Ethereum will also gradually be integrated with Wanchain.
Some people will be curious, since Wanchain has crossed so many well-known public chains/projects; how is it different with crypto exchanges? In fact, it is very simple, one centralized; one distributed. Back to the white paper of Nakamoto, is not decentralization the original intention of blockchain? So what Wanchain has to do is essentially to solve the bottom layer of the blockchain, one of the core technical difficulties.
Anyone trying to create a DEX (decentralized exchange); digital lending and other application scenarios can base their application on Wanchain. There is a Wanchain based DEX prototype made by our community members Jeremiah and Harry, which quite amazing. Take a look at this video below.
https://www.youtube.com/watch?v=codcqb66G6Q
Neutrino: What are the specific application use cases after the launch of Wanchain 3.0? Most are still exploring small-scale projects. According to your experience, what are the killer blockchain applications of the future? What problems need to be solved during this period? How many years does it take?
Lini:
  1. Wanchain is just a technology platform rather than positioning itself as an application provider; that is, Wanchain will continue to support the community, and the projects which use cross-chain technology to promote a wide range of use cases for Wanchain.
  2. Cross-chain applications that we anticipate include things like: decentralized exchanges, digital lending, cross chain games, social networking dAPPs, gambling, etc. We also expect to see applications using non fungible tokens, for example exchange of real assets, STOs, etc.
  3. We recently proposed the WanDAPP solution. Simply speaking, a game developer for example has been developing on Ethereum, and ERC20 tokens have been issued, but they hope to expand the player base of their games to attract more people. To participate and make full use of their DAPP, you can consider using the WanDAPP solution to deploy the game DAPP on other common platforms, such as EOS, TRON, etc., but you don’t have to issue new tokens on these chains or use the previous ERC20 tokens. In this way the potential user population of the game can be increased greatly without issuing more tokens on a new chain, improving the real value of the original token. This is accomplished completely using the cross-chain mechanism of Wanchain.
  4. For large-scale applications, the infrastructure of the blockchain is not yet complete, there are issues which must first be dealt with such as TPS, sharding, sidechains, state channels, etc. These all must be solved for the large-scale application of blockchain applications. I don’t dare to guess when it will be completed, it depends on the progress of various different technical projects. In short, industry practitioners and enthusiasts need a little faith and patience.
Neutrino community member Block Venture Capital Spring: Will Wanchain be developing any more cross chain products aimed at general users? For example will the wallet be developed to make automatic cross chain transfers with other public chains? Another issue the community is concerned about is the currency issuance. Currently there are more than 100 million WAN circulating, what about the rest, when will it be released?
Lini: As a cross-chain public chain, we are not biased towards professional developers or ordinary developers, and they are all the same. As mentioned above, we provide a platform as infrastructure, and everyone is free to develop applications on us.
For example, if it is a decentralized exchange, it must be for ordinary users to trade on; if it is some kind of financial derivatives product, it is more likely to be used by finance professionals. As for cross-chain wallets which automatically exchange, I’m not sure if you are talking about distributed exchanges, the wallet will not be “automatic” at first, but you can “automatically” redeem other tokens.
Finally, the remaining WAN tokens are strictly in accordance with the plan laid out in the whitepaper. For example, the POS node reward mentioned above will give 10% of the total amount for reward. At the same time, for the community, there are also rewards for the bounty program. The prototype of the DEX that I just saw is a masterpiece of the overseas community developers, and also received tokens from our incentive program.
Neutrino community member’s question: There are many projects in the market to solve cross-chain problems, such as: Cosmos, Polkadot, what are Wanchain’s advantages and innovations relative to these projects?
Lini: As I mentioned earlier, Cosmos and pPolkadot all proposed very good solutions in theory. Compared with Wanchain, I don’t think that we have created anything particularly unique in our theory. The theoretical basis for our work is cryptography, which is derived from the academic foundation of scholars such as Yao Zhizhi and Silvio Micali. Our main strong point is that we have taken theory and put it into practice..
Actually, the reason why people often question whether a blockchain project can be realized or not is because the whitepapers are often too ambitious. Then when they actually start developing there are constant delays and setbacks. So for us, we focus on completing our very solid and realizable engineering goals. As for other projects, we hope to continue to learn from each other in this space.
Neutrino community member Amos from Huobi Research Institute question: How did you come to decide on 21 storeman nodes?
Lini: As for the nodes we won’t make choices based on quantity alone. The S in the POS actually also includes the time the tokens are staked, so that even if a user is staking less tokens, the amount of time they stake them for will also be used to calculate the award, so that is more fair. We designed the ULS (Unique Leader Selection) algorithm in order to reduce the reliance on the assumption of corruption delay (Cardano’s POS theory). which is used for ensuring fairness to ensure that all participants in the system can have a share of the reward, not only few large token holders.
Wu Di, a member of the Neutrino community: Many big exchanges have already begun to deploy decentralized exchanges. For example, Binance, and it seems that the progress is very fast. Will we be working with these influential exchanges in the future? We we have the opportunity to cooperate with them and broaden our own influence?
Lini: I also have seen some other exchange’s DEX. Going back the original point, distributed cross-chain nodes and centralized ones are completely different. I’m guessing that most exchanges use a centralized cross-chain solution, so it may not be the same as the 21 member Storeman group of Wanchain, but I think that most exchanges will likely be using their own token and exchange system. This is my personal understanding. But then, if you are developing cross chain technology, you will cooperate with many exchanges that want to do a DEX. Not only Binance, but also Huobi, Bithumb, Coinbase… And if there is anyone else who would like to cooperate we welcome them!
Neutrino community member AnneJiang from Maker: Dai as the first stable chain of Wanchain will open a direct trading channel between Dai and BTC. In relation to the Dai integration, has any new progress has been made on Wanchain so far?
Lini: DAI’s stable currency has already been integrated on Wanchain. I just saw it yesterday, let me give you a picture. It’s on the current 3.0 browser, https://www.wanscan.org/, you can take a look at it yourself.
This means that users with DAI are now free to trade for BTC, or ETH or some erc20 tokens. There is also a link to the Chainlink, and LRC is Loopring, so basically there are quite a few excellent project tokens. You may use the Wanchain to trade yourself, but since the DEX is not currently open, currently you can only trade with friends you know.
https://preview.redd.it/jme5s99bun621.png?width=800&format=png&auto=webp&s=7ba3d430ba3e7ddcab4dbcdedc05d596d832f5a7

About Neutrino

Neutrino is a distributed, innovative collaborative community of blockchains. At present, we have established physical collaboration spaces in Tokyo, Singapore, Beijing, Shanghai and other places, and have plans to expand into important blockchain innovation cities such as Seoul, Thailand, New York and London. Through global community resources and partnerships, Neutrino organizes a wide range of online an offline events, seminars, etc. around the world to help developers in different regions better communicate and share their experiences and knowledge.

About Wanchain

Wanchain is a blockchain platform that enables decentralized transfer of value between blockchains. The Wanchain infrastructure enables the creation of distributed financial applications for individuals and organizations. Wanchain currently enables cross-chain transactions with Ethereum, and today’s product launch will enable the same functionalities with Bitcoin. Going forward, we will continue to bridge blockchains and bring cross-chain finance functionality to companies in the industry. Wanchain has employees globally with offices in Beijing (China), Austin (USA), and London (UK).
You can find more information about Wanchain on our website. Additionally, you can reach us through Telegram, Discord, Medium, Twitter, and Reddit. You can also sign up for our monthly email newsletter here.
https://preview.redd.it/w7ezx27dun621.png?width=720&format=png&auto=webp&s=6ef7a651a2d480658f60d213e1431ba636bfbd8c
submitted by maciej_wan to wanchain [link] [comments]

How to mine SERO coins on your PC and earn SERO coins What is HOMOmorphic encryption?? BMH2018 Pitch Fully Homomorphic Encryption - YouTube Homomorphic encryption

Even when the technology matures, homomorphic encryption is likely to find applications largely in niche fields, such as stock trading, where the need for privacy outweighs the tremendous computational costs. Nevertheless, computer scientists have shown time and again that the science fiction of today can very well be the reality of tomorrow. Homomorphic encryption is a form of encryption that allows computation on ciphertexts, generating an encrypted result which, when decrypted, matches the result of the operations as if they had been performed on the plaintext. Even when the technology matures, homomorphic encryption is likely to find applications largely in niche fields, such as stock trading, where the need for privacy outweighs the tremendous computational costs. Nevertheless, computer scientists have shown time and again that the science fiction of today can very well be the reality of tomorrow. Stack Exchange network consists of 176 Q&A communities including Stack Overflow, ... All known fully-homomorphic encryption schemes with compact ciphertexts use lattice techniques. Note, though, that this requires interpreting "lattice-techniques" in a relatively broad sense. Indeed: One can build FHE from indistinguishability obfuscation . In essence, this is a construction of a very ... homomorphic encryption scheme that can be desig ned. Unfortunately, there has been a very . little progress in determining whether such encryption schemes exist that are efficient and . secure ...

[index] [25722] [35352] [1530] [44922] [4819] [24481] [42228] [16455] [17290] [30196]

How to mine SERO coins on your PC and earn SERO coins

Winter School on Cryptography: Fully Homomorphic Encryption and the Bootstrapping - Craig Gentry - Duration: 50:40. Bar-Ilan University - אוניברסיטת בר-אילן 3,155 views 50:40 Pitch of the Team "Homomorphic Blockchain: Quantum computing safe and GDPR conform encryption for DLT / Blockchain.” at Blockchained Mobility Hackathon 2018 From July 20th to 22nd 2018 the ... Public key cryptography - Diffie-Hellman Key Exchange (full version) - Duration: 8:38. ... Winter School on Cryptography: Fully Homomorphic Encryption - Craig Gentry - Duration: 1:59:38. Bar-Ilan ... - Zero knowledge proof encryption and Homomorphic Encryption - Issue Anonymous Assets and Tokens - SERO Ecosystem of SERO Coin, Tokens, Tickets, Packages - Achieved 20x encryption speed agains ... Kraken Chief Security Officer Nick Percoco gives an overview of how “end-to-end” encryption works so that your messages can be encrypted at every stage between you and the recipient.

#