p.s 因為是英文會議,為了更精準的表述,有些內容將保留英文。
作為Grin上線後在美國的第一場會議,現場吸引了非常多的開發者和對Grin感興趣的成員。金氪資本參加了本次大會,併為市場帶來關於近期熱門Grin的一手乾貨,由於整場會議的內容十分豐富,所以文章將分為上、下兩篇。 上篇主要分享Grincon關於技術的討論,下篇著重於挖礦和投資方面的介紹。
GrinCon的開始
Grin的創始人Ignotus Peverell透過處理過的機器人語音談話啟動了會議,所以不知道究竟是男是女,充滿了神秘感。
Ignotus Peverell 是個化名,出自哈利·波特故事其中《三兄弟的傳說》中的一個人物,作為三兄弟中最小的一個,Ignotus是三個人裡面最謙虛、也是最聰明的一個。也正因為這些品質,他最終從死神狡猾的計劃中活了下來。他得到的第三件死亡聖器“一件隱形衣”,在後代中代代相傳,成為波特家族的傳家寶,並最終傳到哈利·波特的手中。
擁有隱形衣這個特點,正像是隱私貨幣的特性。非常有意思的取名。
來自Blockcypher的Catheryne接著介紹了Grin的幾個特點:
Daniel Lehnberg introduces MW. Overview of Grin for Layperson
MinmbleWimble,也來源於“哈利波特”, 是一道咒語,意為結舌咒 - 可以讓人舌頭打結。
Mimblewimble的首次亮相是在“哈利·波特”系列的第二部《哈利波特與密室》,在決鬥俱樂部中,霍格沃茨黑魔法教授吉德羅,希望教會學生們預防蛇怪 Basilisk的攻擊,使出了結舌咒「Mimblewimble」
John Woeltz on the security audit of Grin. Grin Crypto Security Audit Results
他描述了GRIN在審計方面的障礙。因為時間和預算的限制,現在審計的範圍僅限於加密庫。
IIRC dalek-crypto有更好的基準,但選擇了libsec256k1。
現在加密庫已經審計過,之後團隊還會審計更多的程式碼。Grin他們需要5.5萬歐元來完成剩餘程式碼審計。費用相對較少,這是Solidity審計公司對這些較簡單程式碼的審計收費。
Next up, Michael Cordner Grin Privacy and Scalability
一張幻燈片描述完MW,介紹了Grin在Privacy & Scalability方面的特性和存在的挑戰。
Fireside Chat with Dan Boneh
Mimblewimble & PostQuantum Cryptography for Privacy Coins.
Dan Boneh discussed post quantum crypto
Imagine if Moore's law applied to QC. You need about 100m 'physical' qubits (with the consideration of error correction, as the quibts are not pure). Log_18(100m) is about 30 years until we start to see meaningful impact.
For post Quantum Crypto, Cryptography will on a classical computer that is secured even when adversary has a quantum computer
- Hash based, too big (30KB, ECDSA are 64 bytes), useful for software updates
- Lattice based (1KB, no good algo for them, look up SIS)
- Isogeny based (10KB, group actions instead of groups).
As a result, there’s clear need for post quantum signature that is similar to size/usability as ECDSA as well as more efficient accumulators than Merkle Trees. RSA Accumulators much better, but are based on groups of groups of unknown order which are not.
Post quantum Verifiable Delay Functions?
Also built from groups of unknown order. Not post quantum secure.
Who knows? They don't, yet! They're working on it.
He’s view on PoW is that:
- 'Hopefully in 30 years we will move away from Proof of Work'.
- Difficulty will adjust exponentially, which is not necessarily a bad thing considering how much money would Bitmain would be forced to spend lolll.
- However, This scenario is likely to take longer, due to the noisy qubits and the error correction. As engineering improves, noise will go down and may eventually become a threat.
When being asked what features would he put in a new cryptocurrency if he created one, he mentioned:
Signature Aggregation
Privacy via ZK
Efficient Consensus (without burning a lot of energy)
I love this industry! Paraphrasing #AndrewPoelstra: "We think this is impossible now... But then again, most of the things we have today were thought to be impossible a few years ago" #grinning
Grin的錢包和Infrastructure相關專案:
Wallets and Infrastructure for Grin:
RSA Accumulators
-- Benedikt Bünz
He addressed the work published in Batching Techniques for Accumulators with Applications to IOPs and Stateless Blockchains.
The paper explains how we can construct proofs of (non-)membership as well as batch them across multiple blocks.
“A cryptographic accumulator is a primitive that produces a short binding commitment to a set of elements together with short membership/non-membership proofs for any element in the set.”
Examples of Accumulators include:
- Merkle Tree
- RSA Accumulators
- Pairing-based Accumulators
He first introduced how RSA Accumulators work and its advantages:
- “Proving membership of an element in an accumulator requires revealing the value of the element, and a witness.”
- “The proof of non-membership requires calculating Bezout’s Coefficients of the element we’re proving and the product of the elements in the set. “
- The positives include: Constant size inclusion proofs, Dynamic stateless adds, and decentralized storage.
- While there’s still room for improvement.
He then addressed the Batching techniques for accumulators with applications to IOPs and Blockchains:
Key concepts include:
-Batching: Batch verify n proofs faster than verifying a single proof n times
-Aggregating: Aggregate n membership roofs in a single constant size proof
“These accumulators can be used to create stateless blockchains, in which nodes do not need to store the whole state to be convinced about which blocks are valid.”
With the introduction of Proof of Exponentiation, which allows fast block verification and fast full-sync verification, works will be shifted from miners to users and distributed storage will be achieved.
The Original Paper can be found here:https://eprint.iacr.org/2018/1188
With a nice review here:https://blog.goodaudience.com/deep-dive-on-rsa-accumulators-230bc84144d9
Cucka(r)(t)oo Mining Proof-of-Work
--John Tromp
John first briefly reviewed the concept of Proof-of-Work:
PoW is used to achieve The characteristics of PoW include:
- Hard to Solve
- Easy to Verify
- Tied to some messages
Then he introduced Hashtable, the history of Cuckoo Hashtable and how it works:
- “Cuckoo Cycle aims to be an ‘egalitarian’ proof-of-work, that is, to minimize performance-per-dollar differences across hardware architectures, and make mining—the process of looking for proofs—on commodity hardware cost-effective.”
- “This is to be achieved by making main memory latency a bottleneck, since DRAM latencies have remained relatively stable while cpu-speed and memory bandwidth vary highly across hardware architecture and process technology”
- “A Cuckoo hashtable consists of two same-sized tables each with its own hash function mapping a key to a table location, providing two possible locations for each key”
- “Upon insertion of a new key, if both locations are already occupied by keys, then one is kicked out and inserted in its alternate location, possibly displacing yet another key, repeating the process until either a vacant location is found, or some maximum number of iterations is reached. The latter is bound to happen once cycles have formed in the Cuckoo graph.”
Later he addressed Cycle-finding:
- The Cuckoo miner finds the cycle base, it emulates the cuckoo hashtable. Which is memory efficient, uses 64 bits per edge, but with high latency.
- The Graph Miner finds all cycles, it searches the graph from edge onward to see if there’s a cycle. It uses 192 bits per edge.
As well as trimming:
- The Edge-Trimming is a process that “repeatedly identify nodes of degree one and eliminate their incident edges.” The resulting un-trimmable edges form a cycle.
- “For Grin, it takes thousands of trimming rounds to get to the cycle. Once you get close, you can switch to another algorithm.”
And then briefly touched the mining issue:
- For GPU Mining it’s Cuckaroo on 2^29 edges, which takes 5.5GB of memory, and tweaked every 6 months to maintain ASIC resistance.
- For CPU Mining it’s Cuckatoo on 2^31 or more edges, which takes 512MB of memory
The original Paper can be found here:https://eprint.iacr.org/2014/059.pdf
Grin的未來,專案路線圖
--Michael Cordner
When talking about the product’s roadmap, it’s funny that they showed a pic like this:
The general goal including: provide open, scalable privacy for all; Further MW Research, Development and Testing; Ensure Grin/ MW is accessible and usable for all needs.
In order to achieve this, Igno said the following are needed:
- Ongoing improvements to what’s there
- Calm and measured introduction of New Features
- Enhancement and Extension to support the community
The future techs includes:
- Atomic Swaps, Relative Locks, FlyClient, Dandelion++ for the near future, and
- Vaults/Covenants, RSA Accumulators, Scriptless Scripts, 2nd Tier Enablement for a little bit later.
Besides, continued support are very much needed from the community, especially from the API side:
- Transaction building APIs
- Wallet APIs
- Keychain APIs
- Node APIs
- Mobile/Web/Native/Cloud etc
The current governmental structure seems to work… for now, but might be subject to change in the future.
Last but not the least, continued support are also needed from the funding side and please take note to this website:
總結
Grincon在技術方面的分享非常Hard Core,如果非技術人士,恐怕難以理解其中的奧妙。 作為Grin愛好者,看到這樣的技術社羣是非常喜悅的一件事,Grin整個專案都崇尚開源社羣文化,積極擁抱各類形式的開發者與它們合作。
如果你不是技術人員,那Grincon下篇關於挖礦與投資方面的內容,也許更適合你閱讀,敬請期待。
上篇(完)
參考資料:
https://www.notion.so/Grincon-Notes-9d76e5bfbf494a33bdb9b7cf8d8303c8
免責宣告
請注意我們在此提供的資訊並非建議且不應構成建議。
您不應依賴本檔案的資訊作為向適合的專業人士尋求法律、投資、財務、稅務、審計問題的建議的替代方案。本檔案包含的資訊也不構成任何投資股票或其他證券或其他任何產品和服務、進行前述交易、與我們或其他公司訂立合同的邀請。如您就具體問題有任何疑問,您應尋求專業意見。
在適用法律允許的範圍內,我們排除關於本檔案的任何陳述、保證和條件。
