DASH Solves Bitcoin’s Lack Of Privacy Problem

Written By: Fernando Gutierrez

Bitcoin is not anonymous 

People often get this wrong. They believe that because they don’t provide their name in the wallet, nobody knows who they are. However, what that achieves is, at maximum, pseudonymity. It is true that there is no central registry of names and addresses, but everything else is public and there are multiple ways in which names and addresses can be associated. Once that association is done, the fully transparent Bitcoin blockchain does the rest in order to have a complete picture of that user’s transactions.

One of the most obvious ways to reveal who is behind an address are hacked exchanges. Most users verify their identity there. They then have their data and addresses leaked when the exchange get hacked. Note that I say when, not if, because history proves that centralized services with valuable information inside, do get hacked eventually. This could also happen with merchants or even private individuals with whom any user interacts. The truth is, whenever we give a Bitcoin address to someone who knows who we are, we are opening the door to our finances.

Bitcoin’s transparency is one of it greatest features, but there are many reasons why in some occasions that transparency is not desirable. Those who say that if you are not doing something illegal why do you care about privacy are wrong. Privacy is essential for human development because it gives us freedom to experiment. Also, it is essential for security reasons. It can also avoid giving governments and companies too much information they can analyze without our knowledge and use it to their advantage.

Another great feature of Bitcoin, its permanence, is also a privacy problem. That is so because the association between a user and the addresses can happen in the future. Then the party who is analyzing can go back into the blockchain an get information about transactions done many years ago.

Current Bitcoin anonymization methods don’t work 

For all these reasons people have been trying to use Bitcoin anonymously since its inception. The most common method is mixing the funds with other people, so nobody really knows for sure the origin of a transaction. The problem with this method is that it is usually tedious and the user needs to trust in the third party that coordinates the mixing. There are numerous occasions in which the coordinator of such services has disappeared with the funds, so it is clearly not a good solution. Also, transactions can be traced through the ‘dead change’ method.

Enter Dash 

Dash has developed a system to give privacy back to its users. Other alternative cryptocurrencies do this by destroying the transparency of the coin’s blockchain or using less tested cryptographic methods than those used by Bitcoin. Dash has managed to do it without any of those trade offs. The blockchain is fully transparent and the software is very similar to Bitcoin because its code is derived from Bitcoin’s code.

Dash mixes the user’s funds ahead of time and keeps a separated balance of those funds, which makes it more convenient than other methods. The security is also taken into account because the funds never leave the user’s wallet, so there is no risk of somebody stealing the funds that are to be mixed.

The process in detail 

The first thing that the wallet does when a user wants to mix funds is to split them into common denominations (0.1, 1 or 10 DASH). This way the mixing is easier because all the sizes are standardized. Then, a coordinator of the mixing is randomly selected by the network among the available masternodes, which are a special type of node with some extra features. The masternodes creates a complex transaction with at least three users’ transactions in which they send themselves those standardized amounts. No third party can know what inputs and outputs of that transaction belong to who, as can be seen in this example.

To increase the security this process happens several consecutive times, with a new masternode selected randomly for each stage. Thanks to this, users can be confident that no third party can trace their funds because nobody can control a big part of the network of masternodes. The reason for this is that in order to start a masternode the operator needs to put 1000 DASH as collateral and set it aside. The operator always keeps the funds, but if he uses them, the masternode stops working. With that requisite it is impossible to control the network of masternodes. The malignant party that would want to do it would need to buy most of the coin supply.

At the time of this writing there are approximately 2800 masternodes in the network. This means that someone with 1000 masternodes, which is a crazy high number that probably nobody will ever have, only has 1 possibility in 4000 to trace a transaction that has gone through eight rounds of mixing. If he only had 100 masternodes, which is still really high and would cost almost half a million dollars, would only have 1 possibility in 500 billion.

The user can start this process by simply pressing a button in the wallet. After that he only needs to wait for the mixing to happen. Once the funds are mixed, he can use them anytime as he would with other funds.

DASH: XhE2ctUNhsCbCrTe1nQATnq4gqzihfZhc1

BTC: 1BtAepQzdjRtNCu2i98UnNyissehvynVxc

The information provided herein is the author’s opinion and provided for entertainment purposes only. While the author strives to make the information on this website as timely and accurate as possible, the author makes no claims, promises, or guarantees about the accuracy, completeness, or adequacy of the contents of this site, and expressly disclaims liability for errors and omissions in the contents of this site. The information contained in or provided from or through this website is not intended to be and does not constitute financial advice, investment advice, trading advice or any other licensed advice. The authors on this website are in no way liable for any decisions you make based on information provided herein. CryptoWorldwide.com and its staff do not necessarily endorse nor oppose any claims made by authors on the website. All content is subject to copyright and may not be reproduced in any form without express written consent of the publisher.

Source: Cryptoworldwide.com

Evolution of money: Cryptocurrency

Nowadays, many people feel that in our world (and in the world of money) something is going wrong..., but they can't understand what it is, what the cause is and where we are moving? Let us try to clear up the situation, glimpsing at human, money, and cryptocurrency history.

Evolution of people and money

Money had appeared in the dawn of mankind as the medium for exchange, money changed along with people, serving increasing demands of growing communities. Groups combined into tribes, then settlements, later into cities, and after into states. While growing, the communities became stronger and competitive, and the interactions within them, including economic, began to acquire ever larger scale, variety, and significance.

In any new stage of development of civilization, money evolved as well – it became more functional, changing for increasing requirements and completing additional tasks ever more effectively. Money became the main tool in such important processes as trade, savings, lending, investment, taxation, regulation, etc. Currencies issued by states also became the key mechanism of control and management within the country as well as at the international level.

To understand the present situation, it is important to realize that for millions of years the human evolution occurred in conditions of the cruel struggle for limited resources, in which won the most successful individuals and communities taking out resources from nature and competitors. Wars did not cease. Obeying primitive instincts to defend interests of their groups, people traditionally inflicted damage on competitive communities, at the same time the majority sacrificed its personal interests for survival of a group as a whole.

In the recent decades, the technology level of mankind has multiply increased, but people themselves are not able to change so rapidly. Religions and states manage to adjust at some extent the inherited "wild" behavior of the population, which allows to build greater, more constructive and effective communities. But unfortunately, to speak of considerable success in this area is still premature. The rapid shift of outer attributes (spears were cast, ties were put on, etc.) doesn't block, but only covers deep-seated instincts which served as a basis of survival throughout millennia.

As a result, we have a picture of egregious inefficiency in the global scale when self-contradictions ever more impede (don't contribute) the further development. At the same time, a significant part of overall potential is spent not on creation, but on destructive struggle of people and groups traditionally striving to win in the evolutionary race at the expense of neighbours. In the old times, such behavior helped people to survive and progress in the environment of small rival societies, today it prevents us from combining efforts in the format of a single global community.

Is it possible to eradicate this primitive instinct of destruction (in globalization - self-destruction conditions) and turn to the next level of development? It is necessary to tackle this problem as soon as possible in order not to die in fire of even more destructive means of resistance. New common security systems in all the key areas (including the world of finance) are to be developed with the use of modern tools emerging as a result of technological progress. The results of introduction of the Internet and decentralized technologies of effective interaction based on the Internet demonstrate vast potential of this direction...

It is impossible to forecast the future, but it is evident, as always, money must change after any other changes occured. Obsolescent payment systems always lost their role and new ones capable to resolve all the spectrum of urgent problems replaced them. Already now it is hard not to notice an explicit mismatch of the current financial system with direction and dynamics of overall development. If in such areas as public health, struggle against crime, arms control, etc., the nations manage to jointly develop new decentralized common security mechanisms, its users are not admitted to participation in change of the existing financial system.

Why is it like that? Let us go back in history. In the twentieth century, the world of money underwent more significant changes than in the whole previous period. For centuries, silver and gold carried out role of the recognized cash equivalent, but the physical limitations of its vast use made service of expanding economy more difficult. Besides, the authorities were always interested in replacing of hard controllable gold money with various paper substitutes. An unlimited issuance of "paper currency" and the opportunity for bullion market manipulation allowed to deprive gold of its monetary functions in favour of so called fiat money, only declaratory «secured».

Permissiveness which became a result of concentration of power of issuers of the key fiat currencies spawned a number of negative processes – play with an interest rate, credit gambles, manipulation of the stock market, currency wars, real wars, etc., having subordinated world finances (and the economy with policy through them as well) to the interests of the "new elite". Nowadays the world financial system significantly transformed into the global system of deprivation of resources of planet neighbours under which many "vassal states" become poorer and lose their independence. It all does not leave hopes that financial elite acting in its own interests is interested in improvements and is able to resolve problems created by it.

Actually, like clients of the only bank, all the world is offered to remain passive users and hope for conscience of those in whose hands power is concentrated. Such a hierarchy imbalance can't last perpetually and will lead sooner than later to the migration of users to alternative decentralized tools of financial interaction capable to fairly serve the interests of the majority of participants of the system. And, the longer this problem will remain unresolved, the more painful an inevitable transition to a new monetary system of the next generation capable to resolve all accumulated problems will become. But when and how precisely this will happen is not known.

But there is good news – technology, program, and cryptography innovations of the recent years allowed the enthusiasts to develop their own models of payment systems. The programmers combined efforts to create cryptocurrencies - alternative non-national currencies with their own monetary unit, their issue, infrastructure, etc. Cryptocurrencies even in the «baby- stage» managed to prove their viability in practice – throughout the world, thousands of people and organizations already use these technologies – and market capitalization steadily holds the mark of several billion US$ dollars. Cryptocurrencies become, along with the Internet, a part of an overall trend of release and a union of people in the framework of the sole community.

An appearance of cryptocurrencies. Bitcoin.

In 2008, the first cryptocurrency Bitcoin began to develop. The proposed concept of the decentralized payment network differs so much from old solutions that its advancement and its potential fulfillment will still take some time. The other innovations such as electricity, cars, planes, the mobile communication, the Internet, etc. adapted in a similar way for mass use. Freedom of movement, communication, etc., recently seemed to be science fiction, today became reality, having directly or indirectly improved everybody's life. The main value of cryptocurrencies is that they ensure one more degree of freedom – freedom of personal finance. The wide circulation of this technology will lead to a vista of significant changes in many spheres.

Omitting technical details, Bitcoin can be described as the electronic payment system using its own currency with a limited issue (pattern of decreasing extraction as gold) and operating through a secure decentralized network. The Bitcoin network automatically certifies transactions, at the same time security and reliability are provided with the use of cryptography and up-to-date information technology. Before Bitcoin appeared, the operation of all payment systems had based on power of the central trusted body (bank, payment service, etc.) establishing accounts of the customers and certifying all their operations. Thus, in the banking system the transactions are executed when they are confirmed, secured, and executed by banks. At the same time, the users are in with a complete dependence on banks themselves, as well as on all superior organizations. Money in a banking system can be tracked, blocked, excepted, diluted by inflation, etc.

It is a different situation with Bitcoin. Bitcoin technology allowed to refuse from certification of transactions by intermediaries – all translations are checked in a decentralized way and are certified by the Bitcoin network itself which functions in a distributed manner, as in torrent networks. The Bitcoin system does not belong to anyone, its users are equal and the program source code is open and publicly accessible, it guarantees an independence, justice, and safety. To open an account and to start to use Bitcoin, users should not open their identity and obtain someone's permit. It's enough just to connect to the Internet and to install a Wallet program. At the same time, all transactions are executed directly and thus can not be blocked, etc. There are opportunities for the exchange of Bitcoins for national currencies, as well as for direct payment with them in stores.

The independence of Bitcoin excludes external influence on the operation of the network and is the basis of its key advantages over the banking system. The schedule of emission of new Bitcoins is algorithmically fixed for the next decades excluding uncontrolled inflation typical for fiat currencies. Absence of intermediaries means low commissions for transactions, and the continuous operation of network guarantees users an automatic transfer of any sums from any world point anywhere within 10 minutes without intermediaries, restrictions, and risks. Recently, it was hard even to imagine such a thing and now it became a real possibility for everyone who has Internet access.

But over time, restrictions and deficiencies are discovered even in the ingenious Bitcoin concept. It is normal, as it is impossible to create an ideal stable system on the first try. The developers have already removed many Bitcoin problems and some deficiencies were corrected via connection to a system of exterior elements and services (at the same time, it was necessary to slightly abandon principles of a decentralization and an independence underlying a success). But there still remain even such restrictions that are either difficult or are possible to overcome only through various "tricks" not correcting, but covering fundamental deficiencies of the system.

So low adaptiveness of Bitcoin architecture is the downside of its high reliability and stability, which applies the restrictions on the further development of a project. During the recent years, the Bitcoin network improved mainly only basic functionality, while the majority of new possibilities was added through the start of external centralized "add-ins". But today, despite all conceptual limitations, Bitcoin functions reliably, it is widely known and remains the most popular and demanded cryptocurrency.

Further information about Bitcoin is presented on https://bitcoin.org/

Evolution of cryptocurrency. Dash.

Some developers who are enthusiastic about Bitcoin success were not limited by the narrow framework of its architecture, but started alternative cryptocurrencies with changed parameters and the principles of operation. But soon it turned out that to win popularity is impossible only by "cosmetic" improvements of Bitcoin source code. It was necessary to offer users the significantly best solutions. From several hundreds of alternative projects, only few possess necessary features for long-term development and success in "great cryptocurrency evolution". The Dash/Darkcoin project which started in the beginning of 2014 is particularly noteworthy among them.

The Dash developers took Bitcoin code as the basis and are developing their "ideal cryptocurrency" – Digital Cash. First of all, a concept was advanced. For sustainable functioning and development of any cryptocurrency, a well-coordinated operation of many interconnected systems and processes is required: maintenance of network infrastructure, provision of computation power, financing of development, promotion of a project, etc. Effective self-regulation is necessary because the problems with any key process delay and put on threat all the project. The Bitcoin model is too simplified and envisages encouragement only of the participants of the network who provides the cryptographic protection (so-called "miners"). At the same time, the rest of Bitcoin components loses system support and operate arbitrarily. The advanced Dash concept includes decentralized mechanisms of encouragement and self-tuning of all important elements, which improves stability and project survivorship in general.

Further, the technology itself was advanced. The basis of all key benefits of Dash is a two-level architecture of its distributed network. Traditional single-level Bitcoin network is able to perform only the simplest slow operations: once in 10 minutes the consensus is reached and verified transactions are recorded to the allocated registry of operations. Two-level Dash network works in different way: the secure network nodes can reach consensus continuously, in real time. It allows to introduce speed protocols (without violating the principle of decentralization), that opens new possibilities unavailable for usual cryptocurrencies.

On the basis of this platform, such high-demand processes as Anonymization (exterior observers can not track transactions, balances, and a history of payments of users), the Fast transactions (complete confirmation of transfers in 5 seconds as bank cards), the Vote (decentralized development and project financing governance) are already implemented. In the future, possibilities of two-level Dash network can be used for introduction of such solutions as Distributed Storage Systems (lists of transactions, registries, messages, etc.), Distributed Application Systems (exchanges, stores, services, etc.), support of the Third-party projects, etc.

The further development of Dash will be determined by a voting system that is now being implemented. This unique tool for the world of cryptocurrencies will allow Dash to use all benefits of democracy, effectively using resources, knowledge, and experience of participants of a community. Anyone will be able to make proposals aimed at development, to justify budget and to receive target funding, if the community approves its initiative. The talents will be able to be self-actualized, receiving at the same time not only moral but also monetary satisfaction. Similarly to how communities with democratic principles inevitably anticipate dictatorships, Dash will be able to evolve more effectively than other cryptocurrencies, which limits their development.

Thus, instead of creation of the cryptocurrency with a limited set of some functions, Dash creates a platform adjusted to the maximum to the further effective development, adaptation, and promotion of any new cryptocurrency technologies.

Further information about Dash is presented on https://www.dashpay.io/

There are other interesting cryptocurrency projects proposing different sales of payment and auxiliary systems as well.

Conclusion

Search of more effective and less destructive forms of development directs a progressive part of humanity by the path of joining into a sole community in which the world of finance is an important element. But the existing financial system doesn't foster it, but pushes the world back to the barbaric past with constant wars and mechanisms of control, oppression, and enslavement of individuals, as well as all states. Evolution of money can turn the World from the tool of dictatorship into the means of achievement of financial freedom, independence and efficiency.

The innovative technologies that recently emerged allowed to create cryptocurrencies, alternative money which is able to become a global independent instrument limiting the power of the current financial elite. By virtue of the decentralized nature, cryptocurrencies do not need any permit and can work everywhere, but the issue of their big application is to a greater extent a social than a technical issue. The people should find out the emerged alternatives and dare to use them. Realization of alternatives is the first step towards liberation and extensive discussion helps this realization.

The more people learn of cryptocurrencies, earlier all improvements associated with them come into our life. If the touched topics did not leave you indifferent – share the link of this article with your environment.

By: Alex-ru
Source: Dashtalk.org

The Proof-of-Work in Cryptocurrencies: Brief History. Part 2

Crossmating: The Altcoin Boom

By the mid-summer of the year 2013, more than a hundred altcoins were up and running, with almost half of them appeared in the latest couple of months. Should we mention that all those 'newbies' were LItecoin forks and utilized scrypt? Another trend of the season was an upstart Proof-of-Stake from PPcoin, so scrypt+PoS combo could be called 'standard alt-coin-beginner package'.

Such (quantitative) popularity of scrypt and exponential growth of Bitcoin complexity led to a simple thought: scrypt-ASICs will appear as soon as they are profitable. Despite the fact that giant November bubble (when Bitcoin was rated up to $1200) was far from beginning to balloon, the search for the new PoW function started again.

How can we diversify a standard hash-function? Well, for instance, by using another standard hash-function!  Sifcoin was the first to introduce an idea of subsequent hashing with a few popular hash-functions, using the finalists of SHA3 contest: Blake, BMW, Groestl, JH, Keccak, Skein. The idea is relatively simple: six different algorithms mean six different ASIC cards, i.e. (at a first glance) many and expensive. Moreover, if a backdoor is found for one algorithm (not necessarily a crack, just a faster solution to the problem 'many leading zeros') the complete solution will still hold.

Pioneers do not always get credit for their discoveries: this six-hash algorithm got popular (and acquired a name) in the first Sifcoin fork named Quark. It later gave birth to a couple dozens of altcoins, and one of them surpassed "daddy's" image. It was Darkcoin (called DASH now). The new PoW it used was named X11 and differed, clearly, by number of utilized hash-functions. It did not introduce any innovations (except rounds' sequence), so X11 popularity (second after scrypt) most probably comes from success of Darkcoin itself, which, indeed, had many other changes (some being smart, others not quite).

X11 appeared in the beginning of 2014, and was working only on CPU for a while, bringing joy to the users. However, Darkcoin complexity jumped up two times in April, and this led to a reasonable suspicion that a GPU-miner had been created. As no one came out, a contest for 'official' development of such software was announced, funds were gathered, and in a month hashrate grew ten times higher with a new GPU-miner. This miner turned out to be 5 times as efficient as CPU (10 times for scrypt).

Currently, there are many varieties of X11 and Quark, some of them even have unique names like X14, X15... Still, everyone understands that this algorithm is not ASIC-resistant in the real sense of the word. Calculating 11 different hashes instead of 1 means, roughly, making an assembly line 11 times longer. In other words, R&D breakeven point was simply moved away a few times.

Due to different marketing techniques some SHA-3 finalists became popular as solo-versions. For instance, Keccak itself, being SHA-3. It is quite clear: "SHA-2, improved!" That is, there was no specific concept for ASIC resistance, except the one that developing and starting production takes at least a year. On the other hand, we have a real, brand-new modern standard! A special Skeincoin appeared as well, using (according to its name) Skein algorithm (must have been Bruce Schneier's fans).

Variety: Cryptographic Algorithms

The spire of Evolution was completed, and cryptocurrency-users' thoughts turned back to the memory-bound algorithms. Take scrypt, for example: a good algo, but they used wrong parameters!

It seems like some thought was given to the subject, as there were no other currencies with changed static parameters of scrypt. However, the idea of dynamic memory usage was realized in no less than two ways:

• Scrypt-N. Let us remind you of three scrypt parameters selected in Tenebrix and other Litecoins: N=1024, r=1, p=1. The last one is responsible for possibility of paralleling, hence we do not need it. N and r increase the required memory volume, with r increasing number of calling the mixing function Salsa20, i.e. it has a greater "CPU/memory cost" ratio than N. Due to this, developers decided to regularly increase N twofold, making the algorithm utilize more memory. For example, Vertcoin requires only 512 kB at the start (N=4096), in a year its needs would grow up to 1024 kB etc. Re-writing a GPU-miner, according to creators, is piece a cake, but no one is going to make a new ASIC every year.
• Scrypt-jane. Basically, this is the same idea of increasing N, but it is not performed on a regular basis but governed by a pseudo-random formula with nonlinear relationship to current time. Although N is increased monotonically, ok, "not decreasing", the periods between increasing time look more like a diverging sequence (6,3,,3,9,3,24,12,36...). In addition, scrypt-jane uses a few internal mixing (Salsa20/8, ChaCha20/8 and Salsa6420/8) and hash (SHA2, BLAKE, Skein, Keccak) functions.

Another memory-bound PoW function based on different principles was Momentum, implemented in BitShares. It is very simple:

• For example, we want to sign data D. First we get H = Hash(D), where Hash() - is some cryptographic hash-function
• Let us find such values A and B that BirthdayHash(A + H) = BirthdayHash(B + H), with BirthdayHash() being a memory-bound function, as scrypt.
• Now, if Hash(H + A + B) < TargetDifficulty (read: begins with n zeros), than it is finished. Victory! Otherwise, go back to step 2.

As we see, most work is done on step 2, when searching for collisions of two hashes. Naturally, we do not need to discover 256 colliding bits but significantly less, however, it is a very complex task. For instance, we need to find collision of the first 64 bits, and it requires 2^64 hashing operations... or does it?

A superhero is here to help us: birthday problem. It comes down to the following: probability of finding a collision among some set increases quadratically with increasing number of elements (because the number of unique pairs inside the set grows). Practically, it provides us with the following evaluation: in order to find ANY 64-bit collision with 50% probability, we only need to generate 2^32 hashes (4 million instead of 18 trillion, a very nice saving).

Why this principle does not work for 'common' PoW, which, per se, means searching for collisions? The key word here is ANY collision. If we talk about Bitcoin, the collision should be found for a given sample: N zeros in the beginning, and in Momentum N any first bits should collide.

We have here an obvious middle ground between 'time' and 'memory'. As envisioned by its creator, the algorithm should use approximately 2 GBs of memory per stream, meaning that an average user will be able to perform a few simultaneous searches. In this case, all that ASICs (memory NOT being their strong point) can do is watch and be jealous (or be quadratically faster).

There is, however, a setback. All previous PoW algorithms operated 'instantly', meaning that they were performing an 'enumeration', and each attempt required fixed time with equal probability for success. Every checked hash was like throwing a dice with 2^256 edges, and you could take another dice (start working on another block) without affecting chances. What this means for a miner? It means that when he receives any new transaction he wants to include into block, he has to refresh the hashed structure ('take another dice'). It only takes a fraction of a second, so losses are negligibly small. With Momentum, it is not that simple. Every hashing iteration and adding new hash into global 2 GB table has increased probability of success than the previous one! And it is clear that refreshing block header and starting to build a table 'from scratch' is extremely unfavorable. If your chances of finding solution are increasing with every dice throw, it is better NOT to take a new dice. That is, eventually, accepting new transactions and 'resetting' the progress is unfavorable for Momentum miner, meaning that only the transactions that had arrived before the work on this block started. In case of Bitcoin, it would mean that average transaction confirmation time would have increased from 10 to 20 minutes.

Mineral resources: Useful cryptocurrencies

Standing apart is a single PoW function that appeared in Summer of 2013. Before switching to it, we need to recognize a problem with proof-of-work in general. I have to note that some people might not regard it as a problem (on the contrary!), but we are talking about something that many people consider to be a problem.

All this work is useless! All these hashes... no one needs them anywhere except cryptocurrencies. Well, you can, of course, print out and put on a wall the smallest discovered hashes, but they have no practical use. We are not going into disputes like 'should this work be useful or not', but we want to point out the fact that inventing a PoW function providing some benefit is an exotic task.

Still, such function was found. Developer named SunnyKing (he was the one to invent [or, at least, the first to implement] the Proof-of-stake scheme) presented the following idea: the proof of performed work is a discovered sequence of prime numbers conforming to some requirements. Or, rather, it should be Cunningham chain of the first or second kind (so called bi-twin primes).

Firstly, why it is useful. These prime numbers are, naturally, far from small, or there would be no need to search them: about hundreds of figures in decimal notation. Still, it is not enough for RSA encryption, and it also requires random numbers. Cunningham chains are more of a curious mathematical structure, which (theoretically) can lift another veil in the theory of numbers. After all, before open-key cryptography appeared, this complete field was regarded as 'beautiful, useless science', and any efforts, even of such 'competition'-type, are not vain.

Now we can talk about how prime numbers can be connected to cryptocurrency blocks. Suppose our chain starts with some P number. Block header hash (the one searching the nonce field) is interpreted as an integer. This number should be divisor for P-1 or P+1. Network complexity is length of required prime numbers chain, mostly varying from 7 to 11. That is all. It means that it is impossible (actually, very-very hard) to use a random chain (or another's chain, from another block) for proving the work on your header. There are two problems we can point out: firstly, we do not know if there is a simpler way of solving the Primecoin (this is cryptocurrency's name) task. Hashes are more understandable: attack for finding the cryptographic hash-function operand is absolutely hopeless (at least, this assumption is the basis for all cryptographic icons, and God forbid its fall!), so probability of finding a block for some given hash is zero. It is more difficult to say the same about Primecoin block (where we can use all P-1 and P+1 divisors).

Secondly, mining complexity, as we have already pointed out, is proportional to the chain length. However, length is an integer, and it does not cover changes of fractional part. This means that complexity change from 9.0 to 9.99 will be unnoticeable, but 9.99 to 10 will significantly influence total hash rate and frequency of discovering new blocks.

Moreover, this function seems to utilize only CPU-powers, without memory. For quite some time there was no GPU-miner, but as soon as it appeared it became obvious that Primecoin was not an anti-ASIC Grail. Maybe, this was the reason why it still occupies its own niche with a couple of forks, and its PoW function never became popular.

PoWer Sapience: Back to CPU-mining

Finally, let us take a look at a completely different branch of cryptocurrencies PoW phylogenetic tree: CryptoNight and CuckooCycle(GitHub), which was evolving parallel to others after scrypt failed as a CPU-only algorithm.

CryptoNight is a name of hash-function in the CryptoNote code, which differs from Bitcoin in many other ways (starting with the fact that it is not a fork at all). This function was developed in 2012 by Bytecoin team in cooperation with CryptoNote researchers-developers, and Bytecoin became the first implementation of the technology.

CryptoNight exploits the scrypt general idea of "big data sheet with random requests". However, the creators noted a significant problem with linear middle ground 'time' - 'memory'. The second (main) layer in scrypt builds every new data block based on the previous one. It means that if we store only every second block out of N, we will need to recalculate it in 50% cases. Total number of such random requests to the set is N as well, so by saving 1/2 of memory volume we will have to calculate N + 1/2N = 150% blocks, 1.5 times as much. Similarly, by storing every third block, we would not notice it in 33% cases, recalculate one extra block in 33% cases and two extra blocks in the rest 33% cases. It means that total amount of work is N + 1/3N + 1/3*2N = 2N = 200%. So, as per calculations in CryptoNote whitepaper, saving 1/s of all data increases total amount of work only in (s-1)/2 times. By the way, this might be the operating principle of scrypt-ASICs

Therefore, CryptoNight has three principal differences:

• Every block is calculated on the basis of ALL previous ones. It means that, say, throwing away every second block will lead to the necessity of recalculating all the blocks instead of only one. 
• Every request to the data set is not only read, but write as well. It means that every element has a 'second dimension': time. Thus recalculating is getting even more complicated.
• Total number of requests to the data set is much greater than number of elements (2^20 vs 2^15), meaning that resultant data set is transformed to the state when it is not recognizable by the end of the cycle.

Moreover, 64-bit operations (multiplying and totaling) and AES as mixing function are used internally. It is curtsey to modern CPUs with integrated corresponding functions (and a stone thrown into GPU's garden). Total memory volume required by CryptoNight is 2 MB, i.e. L3 cache size per core. We cannot say that ASICs cannot reach this point, but cost is considerably high.

Generally, we can say that CryptoNight is very efficient practical algorithm. Although a GPU-miner exists for it, but it only has significant advantage over old CPUs (32 bits or small cache). As far as we can judge, all details are aimed at practical efficiency of common PCs (of which there are billions).

CuckooCycle can be called a complete counterpart. Firstly, it possesses a theoretical basis. I do not mean that it only exists in theory (there are no cryptocurrencies using it), but I mean that its reliability is based on finding a very complicated solution to a theoretically informational task: finding cycles in bigraph. Basically, all modern open-key cryptography uses this principle.

General idea (without going head-deep into the graph theory) is the same as Momentum's, getting optimal algorithm for solving this task at the cost of using some memory. All computations are minimized, so it is request to the memory that consumes most time. Naturally, checking the solution is performed faster by far.

The main question that we can ask is this: is the described algorithm really an optimal solution? Can it happen that tomorrow another cunning CS-article appears, proposing a more efficient solution that does not need much memory? This, in general, is the difference between CuckooCycle and CryptoNight.

Source: Bytecoin.org

The Proof-of-Work in Cryptocurrencies: Brief History. Part 1

Before Bitcoin: Hashcash & Moderately Hard, Memory-bound Functions

The Proof-of-work concept appeared for the first time in the paper "Pricing via Processing or Combatting Junk Mail" in 1993. Despite the fact that authors never used this notion in the article itself (it is 6 years before it appears), we are going to name it this way (or PoW).

So, what was the Idea proposed by Cynthia Dwork and Moni Naor in their paper?

The main idea is to require a user to compute a moderately hard, but not intractable, function in order to gain access to the resource, thus preventing frivolous use.

We can use the following parallel: the Ministry of Fishery makes Jeremy Wade do some work in order to access a local pond, e.g. plant a couple of trees and send the photos of plantlets. The important point is that Jeremy is able to perform this work in a reasonable time: before all the fish is poisoned with chemicals streamed into said pond. On the other hand, this work should not be so simple that bunches of fishers could empty the pond.

Finding an example of such work in the digital world is not a trivial task. For example, a server can offer a user to multiply two random numbers and check the result. There is an obvious problem, however: the check is not faster than the work itself, so the server would not be able to handle a large number of clients. 

Another attempt: the server generates two large prime numbers, multiplies them and shows the result to the user. The latter should factorize this number. It is a more complex task. There are some nuances, but generally, the scheme became better: 'work time/check time' ratio has grown considerably. It is the main requirement formulated in the article: 

Calculating a function with given input should be much more complicated than checking the result.

Moreover, the function should not be amendable to amortization, i.e. time for completing n tasks should be proportional to the amount of them (if Jeremy wants to get a double catch quota, he should do twice as much work: yesterday's or someone else's photos will not do). 

Among other examples of such functions was extracting square roots modulo a prime P: here, we have log(P) multiplications for the solution and only one multiplication for the check. The input value can be generated by a server (generate x, show x2), or selected autonomously: select x to extract sqrt(hash(x)). The last case would require some tweaking: not every element in Z_p is a square. But it is not a big deal.

The following next years saw other works with keywords proof-of-work. We would like to point out two of them:

• The Hashcash project by Adam Back dedicated to the same task of spam-protection. The problem was as follows: "Find such x that hash SHA(x) would contain N high-order null bits". The work then, actually, turned out to be hashing the same data (letter) with a searchable part. As an irreversible hash-function is used, there is nothing better than exhaustive search moreover, the average scope of work depends on N. A simple solution, indeed. 
• "Moderately hard, memory-bound functions". The key notion here is memory-bound. By the beginning of the New Millennia, the difference between high-end and low-end CPUs in solving PoW-problems became too obvious to paint them with the same brush. The algorithm proposed in the article was the first to utilize relatively large amounts of data (megabytes). The bottleneck was not the CPU operation speed but the delay in data exchange with RAM or the required RAM volume itself; it varied from PC to PC in a smaller range. One of such algorithms was scrypt, but we will cover it later.

Illustration by Ryan Etter

Unicellulars: First PoW-functions

It will be incorrect to say that Satoshi was the first to think about using PoW for the digital currency. The idea of "reusable proof-of-work"had long been hovering among cryptoanarchists (and was implemented at some point, partially though), but it never got popular in its original concept.

The RPoW concept by Hal Finney proposed the "RPOW-tokens" to be inherent values (coins), while Bitcoin uses PoW only as a way to reach some distributed consensus (on the subject of which blockchain version should be correct), i.e. approved by the majority. This was the principal idea of Bitcoin that worked out.

Hashcash concept was selected as a proof-of-work scheme, and the SHA-256 was chosen as a computed function. It was the most popular hash function at that moment (2008). Most probably, the key factors were the simplicity of Hashcash and the 'commonality' of SHA-256. Satoshi added the 'difficulty factor' to the Hashcash (increasing or decreasing N - the required amount of zeros - depending on the number of participants) and, it seemed, secured clear decentralized future for everyone. Still, what happened later happened: GPU, FPGA, ASIC and even decentralized cloud mining.

There is no consensus on notion that "Satoshi (could) had foreseen" all this bedlam or not, but the fact remains: in September 2011, the first cryptocurrency that utilized a principally different PoW function appeared. Tenebrix used scrypt instead of SHA-256.

Mutation: ASIC-mining and the Scrypt Algorithm

Well, why change such critical element as the consensus algorithm instead of changing such useful and important values in Bitcoin's code as, for example, the total amount of coins? The motive is obvious, as by 2011 GPU farms were already operating, FPGAs were being pre-ordered, and ASICs appeared on the horizon. Combined, these facts led to practically nullifying the contribution of a common CPU-user. But what was the reason?

Naturally, we could try to explain it by a common grudge or by a wish to 'make a fast buck': there were forks, pre-mines and pump'n'dumps before Tenebrix. But the arguments provided by supporters of the "ASIC-resistant" functions are rational:

• Promotion
  As every computer (theoretically) provides approximately similar hashrate, more people will join the mining, even in a background. Hundreds of millions of office PCs by slightly increasing their load will contribute to the protection of the network, getting coins for that, and, later, spending them. 
• Decentralization
  There are two points here: firstly, the concern about hardware manufacturers. The majority of ASICs are made on a few factories in China, and very few people possess the knowledge required to produce them. Common PC is a very different matter. Secondly, the concern of geographical location of the miners. If we do not consider pools, the versatile CPU-friendly algorithm is wider spread because everyone can afford to launch a miner.
• High cost of 51% attack
  It is possible, of course, to design a specialized device that would solve a specific task more efficiently (time- or powerwise) than your average PC. The question is, how much would R&D cost, at what production scale the whole project would be profitable etc.? It is considered to be more costly than under existing conditions with Bitcoin in any case. We are not talking about absolute cost of an attack but about the cost in relation with 'maturity' of a network. For example, even attacking a network with super-ASIC-proof algorithm will be considerably cheap in case it is only running with twenty PCs mining.

One can counter any point here, but all I wanted to show was that when selecting a PoW-function it is good to have a thought about its ASIC-resistance. Actually, the very first article gave a hint about it! The function for amortization non-amenability might, by stretching a point, be considered ASIC-resistance.

Now it is time to give a few technical details on operating principles of the scrypt algorithm that became the basis for Tenebrix and, later, Litecoin (which, as you probably know, became the second popular cryptocurrency). 

Strictly speaking, scrypt is not a cryptographic hash-function, but a key derivation function (KDF). Such functions are used exactly for the purposes you are thinking about: for deriving a secret key from some data (password, random bits etc.). We can name PBKDF2 and bcrypt as other examples. 

The main purpose of KDF is complicating the generation of the final key, not too much to be useful for some applied tasks, but to the level that is sufficient for preventing malicious usage (for example, mass password search). This wording reminds you of something, right? It is not surprising that they have met, PoW and KDF. 

Scrypt operating principle

Layer 1:

• Input data is processed through PBKDF2
• It is divided into p blocks, each processed by SMix function
• The resultant data is pieced together and processed through PBKDF2 again

Illustration by Pointsoftware.ch

Please note that any of the p blocks can be processed individually. It means that scrypt does allow for paralleling, in theory (by default p=1). 

Layer 2:

• Input block is enhanced to an array of N blocks by sequential processing by BlockMix pseudo-random function
• Block X resultant from the last component is interpreted as an integer j and component Vj from the array is read
• X = BlockMix(X xor Vj)
• Repeat steps 2-3 N times
• The result is the current value of X block.

Illustration by Pointsoftware.ch

Here a fascinating part happens. The larger the value N we select, the more memory is required by the algorithm. Although we only need a single component from an array, we cannot unallocate memory until step 5 as this component is selected pseudo-randomly, depending on the last result! Therefore, if the BlockMix (see below) can be calculated swiftly, latencies become the bottleneck. 

Layer 3:

• Input is divided into 2r blocks
• Each block is xor-ed with the previous one and hashed by H function
• The result is displayed in displaced order

Illustration by Pointsoftware.ch

Salsa20/8 is used as H function. Yes, it is not a hash-function, it is stream cipher. But for the scrypt purposes, collision-resistance is not a necessity, unlike fast and pseudo-random result, so Salsa was a good choice. Scrypt offers r=8 by default, however, for the cryptocurrency purposes r=1 was selected (most probably to enhance performance). We will describe the consequences later.

For further details on selecting different parameters in the algorithm, refer to scrypt description.

Scrypt parameters for Tenebrix were selected in such way that the total memory required was 128 kB, so it could be processed in CPU L2 cache (By default it used 16MB!). The experiment turned out to be a great success: CPU-miners, almost left alone on the margins of the progress, joined the system. Most new forks were born from Litecoin, inheriting scrypt instead of SHA256. Curiously enough, the fact that GPUs were quite able to deal with 128 kB parameters never bemused the users. Optimized GPU-miner appeared only a few months later and provided 10 times the efficiency. "At least it is not 100 times, as for Bitcoin", they said. "At least, not 1000 times!" The increase in GPU/CPU powers ratio (these were pushed out of Bitcoin network by new ASICs) was not dramatic, possibly due to compensation with forks-boom: almost every week a new scrypt-based cryptocurrency appeared and drew away new powers.

Still, understanding that scrypt was not an ideal PoW function dawned even earlier than the first scrypt-ASIC was announced. People were not heady with success anymore, Satoshi-cult was becoming less popular and ideas for the new PoW-candidates started mushrooming.

Part 2 coming soon. In the next episode:

"Mate and breed: X11 algorithms and Co!"
"Atavisms vs vestiges: SHA3 or scrypt-jane?"
"Historical paradoxes: Momentum and birthday problem"
"Where does the pinnacle of evolution lie: in theoretical or practical IT? CuckooCycle and CryptoNight"

Read the second part here: https://bytecoin.org/blog/proof-of-work-part-2

Source: Bytecoin.org