Category: Recently Added Whitepapers

Dexter website

What is ALBOS?

ALBOS
Cryptocurrencies are mainly traded on the market, and while they are increasingly traded for investment purposes, they have not spread or been distributed as a method for payments or
money transfers. In order for cryptocurrencies to become part of the global infrastructure used in today’s societies, more actual demand (i.e. more of a function as a currency through
distribution) needs to be created by making cryptocurrencies a tool for payments and money transfers that improves people’s lives. If cryptocurrencies become widely used for payments
and money transfers on a daily basis, their value will grow further. We have the answer for global use and distribution of cryptocurrencies as a part of the world’s infrastructure.
The problems caused by cryptocurrency settlement are immediacy, transfer fee, and change in value.

These issues are major barriers to the distribution of cryptocurrencies (particularly Bitcoin, the most widespread and widely distributed currency) and their spread as a payment method.
The issue of immediacy is a particularly fatal obstacle to the use of cryptocurrencies as a payment method. Almost no stores will accept a payment method in which the consumer must
wait a long time for the payment to be completed. One approach to the immediacy issue is to complete the payment at the time the transfer is made, without waiting for block chain
approval. However, this approach means that the risk of transfer errors falls on the service operator, store or consumer. This cannot be considered an optimal solution.

ALBOS payment service solves this issue with a hybrid system that combines a truly discrete and decentralized system on a public block chain with and off-chain system, using the merits of
global services and cryptoeconomy as a whole to build a cutting-edge payment platform that anyone can use. ALBOS aims to be a global ecosystem in the realm of payments by
cryptocurrency

Albos Website
Albos Whitepaper

T.OS is a kind of digital coin which has been based on block-chain technology and aiming the new payment market by digital(virtual) currency system.

Many types of digital coin have issued world-widely in recent years, however any digital coins have not been practical for economical or financial usage but booming up only on dealing themselves by each other, that means the values of almost coins are ‘just possession’ such as old stamps, antique or jewelry. It’s non-sense!

Because we would be faced with emerging cashless world before long, we have prepared to create the new digital currency which should be safer, swifter and smarter in paying process on real commercial market.
T.OS could substitute intelligent paying method for cash, plastic card (credit / debit) and all the other pay-system, so would pursue the lower paying-cost (commission) and shorter term for paying the money to affiliated store, it might be a win-win model between the customers and the affiliated store owners. That’s enough!

Tos

Grin Whitepaper Introduction

MIMBLEWIMBLE Tom Elvis Jedusor 19 July, 2016

\****/ Introduction /****\

Bitcoin is the first widely used financial system for which all the necessary data to validate the system status can be cryptographically verified by anyone. However, it accomplishes this feat by storing all transactions in a public database called “the blockchain” and someone who genuinely wishes to check this state must download the whole thing and basically replay each transaction, check each one as they go. Meanwhile, most of these transactions have not affected the actual final state (they create outputs that are destroyed a transaction later).

At the time of this writing, there were nearly 150 million transactions committed in the blockchain, which must be replayed to produce a set of only 4 million unspent outputs.

It would be better if an auditor needed only to check data on the outputs themselves, but this is impossible because they are valid if and only if the output is at the end of a chain of previous outputs, each signs the next. In other words, the whole blockchain must be validated to confirm the final state.

Add to this that these transactions are cryptographically atomic, it is clear what outputs go into every transaction and what emerges. The “transaction graph” resulting reveals a lot of information and is subjected to analysis by many companies whose business model is to monitor and control the lower classes. This makes it very non-private and even dangerous for people to use.

Some solutions to this have been proposed. Greg Maxwell discovered to encrypt the amounts, so that the graph of the transaction is faceless but still allow validation that the sums are correct [1]. Dr Maxwell also produced CoinJoin, a system for Bitcoin users to combine interactively transactions, confusing the transaction graph. Nicolas van Saberhagen has developed a system to blind the transaction entries, goes much further to cloud the transaction graph (as well as not needed the user interaction) [3]. Later, Shen Noether combined the two approaches to obtain “confidential transactions” of Maxwell AND the darkening of van Saberhagen [4].

These solutions are very good and would make Bitcoin very safe to use. But the problem of too much data is made even worse. Confidential transactions require multi-kilobyte proofs on every output, and van Saberhagen signatures require every output to be stored for ever, since it is not possible to tell when they are truly spent.

Dr. Maxwell’s CoinJoin has the problem of needing interactivity. Dr. Yuan Horas Mouton fixed this by making transactions freely mergeable [5], but he needed to use pairing-based cryptography, which is potentially slower and more difficult to trust. He called this “one-way aggregate signatures” (OWAS).

OWAS had the good idea to combine the transactions in blocks. Imagine that we can combine across blocks (perhaps with some glue data) so that when the outputs are created and destroyed, it is the same as if they never existed. Then, to validate the entire chain, users only need to know when money is entered into the system (new money in each block as in Bitcoin or Monero or peg-ins for sidechains [6]) and final unspent outputs, the rest can be removed and forgotten. Then we can have Confidential Transactions to hide the amounts and OWAS to blur the transaction graph, and use LESS space than Bitcoin to allow users to fully verify the blockchain. And also imagine that we must not pairing-based cryptography or new hypotheses, just regular discrete logarithms signatures like Bitcoin. Here is what I propose.

I call my creation Mimblewimble because it is used to prevent the blockchain from talking about all user’s information [7].

\****/ Confidential Transactions and OWAS /****\

The first thing we need to do is remove Bitcoin Script. This is sad, but it is too powerful so it is impossible to merge transactions using general scripts. We will demonstrate that confidential transactions of Dr. Maxwell are enough (after some small modification) to authorize spending of outputs and also allows to make combined transactions without interaction. This is in fact identical to OWAS, and allows relaying nodes take some transaction fee or the recipient to change the transaction fees. These additional things Bitcoin can not do, we get for free.

We start by reminding the reader how confidential transactions work. First, the amounts are coded by the following equation:

C = r*G + v*H

where C is a Pedersen commitment, G and H are fixed nothing-up-my-sleeve elliptic curve group generators, v is the amount, and r is a secret random blinding key.

Attached to this output is a rangeproof which proves that v is in [0, 2^64], so that user cannot exploit the blinding to produce overflow attacks, etc.

To validate a transaction, the verifer will add commitments for all outputs, plus f*H (f here is the transaction fee which is given explicitly) and subtracts all input commitments. The result must be 0, which proves that no amount was created or destroyed overall.

We note that to create such a transaction, the user must know the sum of all the values of r for commitments entries. Therefore, the r-values (and their sums) act as secret keys. If we can make the r output values known only to the recipient, then we have an authentication system! Unfortunately, if we keep the rule that commits all add to 0, this is impossible, because the sender knows the sum of all _his_ r values, and therefore knows the receipient’s r values sum to the negative of that. So instead, we allow the transaction to sum to a nonzero value k*G, and require a signature of an empty string with this as key, to prove its amount component is zero.

We let transactions have as many k*G values as they want, each with a signature, and sum them during verification.

To create transactions sender and recipient do following ritual:

1. Sender and recipient agree on amount to be sent. Call this b.
2. Sender creates transaction with all inputs and change output(s), and gives recipient the total blinding factor (r-value of change minus r-values of inputs) along with this transaction. So the commitments sum to r*G – b*H.
3. Recipient chooses random r-values for his outputs, and values that sum to b minus fee, and adds these to transaction (including range proof). Now the commitments sum to k*G – fee*H for some k that only recipient knows.
4. Recipient attaches signature with k to the transaction, and the explicit fee. It has done.

Now, creating transactions in this manner supports OWAS already. To show this, suppose we have two transactions that have a surplus k1*G and k2*G, and the attached signatures with these. Then you can combine the lists of inputs and outputs of the two transactions, with both k1*G and k2*G to the mix, and voilá! is again a valid transaction. From the combination, it is impossible to say which outputs or inputs are from which original transaction.

Because of this, we change our block format from Bitcoin to this information:

1. Explicit amounts for new money (block subsidy or sidechain peg-ins) with whatever else data this needs. For a sidechain peg-in maybe it references a Bitcoin transaction that commits to a specific excess k*G value?
2. Inputs of all transactions
3. Outputs of all transactions
4. Excess k*G values for all transactions

Each of these are grouped together because it do not matter what the transaction boundaries are originally. In addition, Lists 2 3 and 4 should be required to be coded in alphabetical order, since it is quick to check and prevents the block creator of leaking any information about the original transactions.

Note that the outputs are now identified by their hash, and not by their position in a transaction that could easily change. Therefore, it should be banned to have two unspent outputs are equal at the same time, to avoid confusion.

\****/ Merging Transactions Across Blocks /****\

Now, we have used Dr. Maxwell’s Confidential Transactions to create a noninteractive version of Dr. Maxwell’s CoinJoin, but we have not seen the last of marvelous Dr. Maxwell! We need another idea, transaction cut-through, he described in [8]. Again, we create a noninteractive version of this, and to show how it is used with several blocks.

We can imagine now each block as one large transaction. To validate it, we add all the output commitments together, then subtracts all input commitments, k*G values, and all explicit input amounts times H. We find that we could combine transactions from two blocks, as we combined transactions to form a single block, and the result is again a valid transaction. Except now, some output commitments have an input commitment exactly equal to it, where the first block’s output was spent in the second block. We could remove both commitments and still have a valid transaction. In fact, there is not even need to check the rangeproof of the deleted output.

The extension of this idea all the way from the genesis block to the latest block, we see that EVERY nonexplicit input is deleted along with its referenced output. What remains are only the unspent outputs, explicit input amounts and every k*G value. And this whole mess can be validated as if it were one transaction: add all unspent commitments output, subtract the values k*G, validate explicit input amounts (if there is anything to validate) then subtract them times H. If the sum is 0, the entire chain is good.

What is this mean? When a user starts up and downloads the chain he needs the following data from each block:

1. Explicit amounts for new money (block subsidy or sidechain peg-ins) with whatever else data this needs.
2. Unspent outputs of all transactions, along with a merkle proof that each output appeared in the original block.
3. Excess k*G values for all transactions.

Bitcoin today there are about 423000 blocks, totaling 80GB or so of data on the hard drive to validate everything. These data are about 150 million transactions and 5 million unspent nonconfidential outputs. Estimate how much space the number of transactions take on a Mimblewimble chain. Each unspent output is around 3Kb for rangeproof and Merkle proof. Each transaction also adds about 100 bytes: a k*G value and a signature. The block headers and explicit amounts are negligible. Add this together and get 30Gb — with a confidential transaction and obscured transaction graph!

\****/ Questions and Intuition /****\

Here are some questions that since these weeks, dreams asked me and I woke up sweating. But in fact it is OK.

Q. If you delete the transaction outputs, user cannot verify the rangeproof and maybe a negative amount is created.
A. This is OK. For the entire transaction to validate all negative amounts must have been destroyed. User have SPV security only that no illegal inflation happened in the past, but the user knows that _at this time_ no inflation occurred.

Q. If you delete the inputs, double spending can happen.
A. In fact, this means: maybe someone claims that some unspent output was spent in the old days. But this is impossible, otherwise the sum of the combined transaction could not be zero.

An exception is that if the outputs are amount zero, it is possible to make two that are negatives of each other, and the pair can be revived without anything breaks. So to prevent consensus problems, outputs 0-amount should be banned. Just add H at each output, now they all amount to at least 1.

\****/ Future Research /****\

Here are some questions I can not answer at the time of this writing.

1. What script support is possible? We would need to translate script operations into some sort of discrete logarithm information.
2. We require user to check all k*G values, when in fact all that is needed is that their sum is of the form k*G. Instead of using signatures is there another proof of discrete logarithm that could be combined?
3. There is a denial-of-service option when a user downloads the chain, the peer can give gigabytes of data and list the wrong unspent outputs. The user will see that the result do not add up to 0, but cannot tell where the problem is.

For now maybe the user should just download the blockchain from a Torrent or something where the data is shared between many users and is reasonably likely to be correct.

[1] https://web.archive.org/web/20200502151159/https://people.xiph.org/~greg/confidential_values.txt
[2] https://bitcointalk.org/index.php?topic=279249.0
[3] https://web.archive.org/web/20200926050427/https://cryptonote.org/whitepaper.pdf
[4] https://eprint.iacr.org/2015/1098.pdf
[5] https://download.wpsoftware.net/bitcoin/wizardry/horasyuanmouton-owas.pdf
[6] http://blockstream.com/sidechains.pdf
[7] http://fr.harrypotter.wikia.com/wiki/Sortilège_de_Langue_de_Plomb
[8] https://bitcointalk.org/index.php?topic=281848.0

Grin Website
Grin Whitepaper

Context and Vision

A message from our team
The document you’re about to read introduces The Root Infrastructure Framework Token (the ‘RIF Token’) and The Root Infrastructure Framework Open Standard (the ‘RIFOS’). As described in further detail below, the RIFOS aims to bridge the gap that exists today between Blockchain technologies and its mass-market adoption. It is also designed to help and enable existing and future Blockchain projects find the best way to really create solutions using decentralized applications.

This document is not a technical whitepaper, but rather a summary of our vision and how we propose to implement it. We chose this approach because, aside from the value that can be attributed to technical whitepapers, we believe that showing a working product is an even more powerful statement of what we can achieve. RSK Labs’ reputation as a global pioneer in Blockchain technology speaks to that end.

The first RSK technical whitepaper, published by our Chief Scientist Sergio Demian Lerner in November 2015 (the “RSK Technical Whitepaper”), described the first fully functional smart contract platform secured by the Bitcoin network using a side chain with merge-mining (the “RSK Smart Protocol”). This whitepaper is available for downloading here.

Since November 2015, our team has continued to deliver on that initial vision, opening the Test-net version to the public in May 2017 and the beta Main-net version in January 2018. The latest information about the current state of the RSK Smart Protocol can be found at www.rsk.co.

Today, the RSK Smart Protocol has become a global project, led by an international team that aims to serve the global community. We are in awe to see how far our initial vision has grown, and we are now focused on sharing our vision and motivations for launching this new phase, with the hope that our community will be inspired and will help us fulfil it. Our goal is ambitious, and in order to achieve it, we will build on and leverage the work done by RSK Labs. This is just the beginning of our journey, and we sincerely hope that we can continue to rely on the support and contribution of our amazing community around the world to help us take the adoption of Blockchain technologies to the next level.

RIF white paper

With the launch of Bitcoin, it was possible for the first time to digitize money completely and securely. 10 years later we are still at the beginning. States are now dealing with this technology, but no significant steps have been taken forward.

The Blockchain technology finds its first projects in the industry, but not much has happened here. Many concepts but not yet a mature product characterize this area. Public opinion on cryptocurrencies is “wait”, neutral or rather negative. On the one hand, this is because information about these opportunities is not usually communicated neutrally and objectively, and, on the other hand, there is no trust in society because there are virtually no tangible values. The largest share of crypto currency users is in finance. Cryptocurrencies as a way to earn money make up virtually the entire market. True real values, for example, payment options in everyday life with acceptance points for crypto currencies are very few. The future of cryptocurrencies, however, will have to be based on real values. Only those crypto-currencies that create trust, and that are acceptable or actually usable will remain in the market. All others, that is, more than 90% of all cryptocurrencies lack exactly this added value.

The future of cryptocurrencies lies in an almost untouched market. Namely that of acceptance and usability in the broad masses.
The cryptocurrency, which is the first to build a large-area network with acceptance-points infrastructure, which is also simply and safely usable for everyone, will massively influence the market over the next few years, because only the crypto currencies with high confidence trough humans will be used.

The current market situation can be compared with that of the introduction of the credit card. In the beginning, the users were still hesitantly, but with time passing the usage started growing. Today you may pay for almost all goods and services with credit card. In the near future you may also pay for these goods and services with cryptocurrencies. The basic requirement for success is that it is well implemented and easy to use.

The markets may work digitally but only through the people behind them!

Centauri Website
Centauri Whitepaper

Social