Research

Privacy is about staying one step ahead. The team behind Firo is responsible for some of the most significant blockchain privacy protocols on record, and all that tech is distilled into Firo.

lelantus spark

Lelantus Spark Technology

Lelantus Spark greatly improves over its predecessor Lelantus with flexible Spark addresses that hide all transaction amounts, are not searchable on the blockchain while allowing efficient threshold signatures and both incoming and outgoing view key support. Spark also has a modular structure allowing components to be upgraded as better technology arises while simplifying security analysis. It retains the benefits of Lelantus with no trusted setup, an easy to understand construction and based on well established cryptographic assumptions.

Academic Papers

Lelantus Spark: Secure and Flexible Private Transactions

We propose a modification to the Lelantus private transaction protocol to provide recipient privacy, improved security, and additional usability features. Our decentralized anonymous payment (DAP) construction, Spark, enables non-interactive one-time addressing to hide recipient addresses in transactions. The modified address format permits flexibility in transaction visibility. Address owners can securely provide third parties with opt-in visibility into incoming transactions or all transactions associated to the address; this functionality allows for offloading chain scanning and balance computation without delegating spend authority. It is also possible to delegate expensive proving operations without compromising spend authority when generating transactions. Further, the design is compatible with straightforward linear multisignature operations to allow mutually non-trusting parties to cooperatively receive and generate transactions associated to a multisignature address. We prove that Spark satisfies formal DAP security properties of balance, non-malleability, and ledger indistinguishability.

Spats: user-defined confidential assets for the Spark transaction protocol.

In privacy-preserving transaction protocols, confidential asset designs permit transfer of quantities of distinct asset types in a way that obscures their types and values. Spark is a protocol that provides flexible privacy properties relating to addressing, transaction sources and recipients, and value transfer; however, it does not natively support the use of multiple confidential asset types. Here we describe Spats, a new design for confidential assets compatible with Spark that focuses on efficient and modular implementation. It does so by extending coin value commitments to bind and mask an asset type, and asserting in zero knowledge that this type is maintained throughout transactions. We describe the cryptographic components and changes to the Spark protocol necessary for the design of Spats.

Helsing: Private Masternode Staking

Helsing is a protocol extension to Spark that allows for private staking operations not requiring transparent addresses or outputs. Specifically, Helsing provides for Spark-compatible collateral staking and coinbase payouts.

Lelantus Spark with Curve Trees

A recent construction referred to as Curve Trees is a novel and efficient design for membership proofs which significantly optimizes the communication and computational complexity of the argument including the proof sizes, proving time, and verification time. This enables efficient scaling of the set size to billions of elements and very importantly also provides efficient batch verification techniques which further can decrease the marginal cost of proof verification. We discuss how Lelantus Spark can be implemented with Curve Trees to support full membership proofs.

lelantus

Lelantus Technology

Lelantus is a next-generation privacy protocol developed by Aram Jivanyan at Firo. Lelantus allows you to burn your coins, which hides them in an anonymity set of over 65,000. The receiver can redeem it from this anonymity pool, which breaks the links from your transaction and all the previous ones it has been through.

Academic Papers

Lelantus: Private transactions with hidden origins and amounts based on DDH (Aram Jivanyan)

Lelantus is Firo’s next generation privacy protocol which improves on Sigma by removing the requirement of fixed denominations allowing people to burn arbitrary amounts and redeem partial amounts without revealing values or the source. Lelantus doesn’t require any trusted setup and uses only DDH assumptions. It also supports untraceable direct anonymous payments by allowing people to pass the right to redeem to someone else. Lelantus is Firo’s own innovation.

Hierarchical One-out-of-Many Proofs With Applications to Blockchain Privacy and Ring Signatures (Aram Jivanyan)

In this work, we introduce a new method of instantiating one-out-of-many proofs which reduces the proof generation time by an order of magnitude. In certain practical applications our method also helps to fasten the verification process of multiple simultaneously generated proofs. Our approach still results in shorter proofs comprised of only a logarithmic number of commitments and does not compromise the highly efficient batch verification properties endemic to the original construction. We believe this work can also foster further research towards building more efficient one-out-of-many proofs which are extremely useful constructions in the blockchain privacy space and beyond.

sigma

Sigma Technology

We believe the whole purpose of blockchain is to build systems that do not require trust, and that same principle applies to our privacy systems. This is why we built Sigma for Zcoin in 2018 which removes the requirement of a trusted setup in Zerocoin. Sigma uses 256 bit ECC curves for proof sizes of just 1.5 kB - a 17x improvement on then-current technology. Sigma was a precursor to Lelantus, and set many stepping stones to get us where we are today.

Academic Papers

One-out-of-Many Proofs: Or How to Leak a Secret and Spend a Coin (Jens Groth et al)

One out of Many Proofs (OOOMPs)forms the foundation of Sigma which improves on Zerocoin by removing trusted setup and reducing proof sizes. Firo is also applying some further efficiency modifications to the original paper. Sigma was replaced by Lelantus but the underlying OOOMPs are still used in Lelantus and Lelantus Spark.

MTP

Decentralized and fair security

Firo’s Merkle Tree Proof (MTP) mining algorithm was designed to democratize mining. The MTP algorithm is memory-intensive increasing the costs of building ASICs and keeping the chain mineable by commodity hardware such as GPUs. Nodes, however, can bypass this memory requirement and verify these proofs efficiently. A Firo-sponsored audit in 2017 proved the effectiveness of this two-pronged approach. MTP has since been replaced by FiroPoW which has smaller proofs and additional ASIC resistant strategies.

Academic Papers

MTP: Egalitarian Computing (Alex Biryukov, Dmitry Khovratovich) (revision and improvement funded by Firo)

MTP is the Proof of Work algorithm that Firo uses that promotes egalitarian mining while maintaining quick verification. The original paper had flaws as identified by Dinur and Nadler. Firo organized a bounty to harden MTP and also funded research to solve these issues as reflected in the linked paper. MTP was coded from the ground up by Firo and switched to the MTP algorithm in December 2018. MTP has been replaced by FiroPoW which has stronger ASIC resistance and smaller proof sizes.