研究
隐私重在保持领先一步。Firo 背后的团队负责有史以来的一些最重要的区块链隐私协议,这些技术都被提炼到 Firo 中。
lelantus spark
Lelantus Spark 技术
Lelantus Spark 与其前身 Lelantus 相比有了很大改进,其灵活的 Spark 地址隐藏了所有交易金额,在区块链上不可搜索,同时允许高效的阈值签名以及传入和传出的查看密钥支持。Spark 还具有模块化结构,允许组件随着更好的技术的出现而升级,同时简化安全性分析。它保留了 Lelantus 的优点,没有预信任机制,结构简单易懂,并基于成熟的密码学假设。
学术论文
We propose a modification to the Lelantus private transaction protocol to provide recipient privacy, improved security, and additional usability features. Our decentralized anonymous payment (DAP) construction, Spark, enables non-interactive one-time addressing to hide recipient addresses in transactions. The modified address format permits flexibility in transaction visibility. Address owners can securely provide third parties with opt-in visibility into incoming transactions or all transactions associated to the address; this functionality allows for offloading chain scanning and balance computation without delegating spend authority. It is also possible to delegate expensive proving operations without compromising spend authority when generating transactions. Further, the design is compatible with straightforward linear multisignature operations to allow mutually non-trusting parties to cooperatively receive and generate transactions associated to a multisignature address. We prove that Spark satisfies formal DAP security properties of balance, non-malleability, and ledger indistinguishability.
In privacy-preserving transaction protocols, confidential asset designs permit transfer of quantities of distinct asset types in a way that obscures their types and values. Spark is a protocol that provides flexible privacy properties relating to addressing, transaction sources and recipients, and value transfer; however, it does not natively support the use of multiple confidential asset types. Here we describe Spats, a new design for confidential assets compatible with Spark that focuses on efficient and modular implementation. It does so by extending coin value commitments to bind and mask an asset type, and asserting in zero knowledge that this type is maintained throughout transactions. We describe the cryptographic components and changes to the Spark protocol necessary for the design of Spats.
Helsing is a protocol extension to Spark that allows for private staking operations not requiring transparent addresses or outputs. Specifically, Helsing provides for Spark-compatible collateral staking and coinbase payouts.
A recent construction referred to as Curve Trees is a novel and efficient design for membership proofs which significantly optimizes the communication and computational complexity of the argument including the proof sizes, proving time, and verification time. This enables efficient scaling of the set size to billions of elements and very importantly also provides efficient batch verification techniques which further can decrease the marginal cost of proof verification. We discuss how Lelantus Spark can be implemented with Curve Trees to support full membership proofs.
lelantus
Lelantus 技术
Lelantus 是 Firo 的 Aram Jivanyan 开发的下一代隐私协议。Lelantus 允许你烧掉你的币,它将币隐藏在一个超过 65000 个的匿名集中。接收者可以从这个匿名池中赎回它,它打破了你的交易和之前所有交易的链接。
学术论文
Lelantus is Firo’s next generation privacy protocol which improves on Sigma by removing the requirement of fixed denominations allowing people to burn arbitrary amounts and redeem partial amounts without revealing values or the source. Lelantus doesn’t require any trusted setup and uses only DDH assumptions. It also supports untraceable direct anonymous payments by allowing people to pass the right to redeem to someone else. Lelantus is Firo’s own innovation.
In this work, we introduce a new method of instantiating one-out-of-many proofs which reduces the proof generation time by an order of magnitude. In certain practical applications our method also helps to fasten the verification process of multiple simultaneously generated proofs. Our approach still results in shorter proofs comprised of only a logarithmic number of commitments and does not compromise the highly efficient batch verification properties endemic to the original construction. We believe this work can also foster further research towards building more efficient one-out-of-many proofs which are extremely useful constructions in the blockchain privacy space and beyond.
sigma
Sigma 技术
我们相信区块链的所有目的最终都是为了建立不需要信任的系统,并且同样的原则也适用于我们的隐私系统。这就是为什么我们在 2018 年为 Zcoin 构建 Sigma 的原因,它消除了 Zerocoin 中预信任机制的要求。Sigma 使用 256 位 ECC 曲线,证明大小仅为 1.5 kB,是当时技术的 17 倍改进。Sigma 是 Lelantus 的前身,为我们今天的成就奠定了许多垫脚石。
Academic Papers
One out of Many Proofs (OOOMPs)forms the foundation of Sigma which improves on Zerocoin by removing trusted setup and reducing proof sizes. Firo is also applying some further efficiency modifications to the original paper. Sigma was replaced by Lelantus but the underlying OOOMPs are still used in Lelantus and Lelantus Spark.
MTP
分散和公平的安全
Firo 的默克尔树证明(MTP)挖矿算法旨在使挖矿民主化。MTP 算法是内存密集型的,增加了构建 ASIC 的成本,并保持链可通过 GPU 等商品硬件进行挖矿。而节点可以绕过这种内存要求,有效地验证这些证明。2017 年 Firo 赞助的审计证明了这种双管齐下的方法的有效性。此后,MTP 已被 FiroPoW 取代,FiroPoW 具有更小的证明和额外的抗 ASIC 策略。
学术论文
MTP is the Proof of Work algorithm that Firo uses that promotes egalitarian mining while maintaining quick verification. The original paper had flaws as identified by Dinur and Nadler. Firo organized a bounty to harden MTP and also funded research to solve these issues as reflected in the linked paper. MTP was coded from the ground up by Firo and switched to the MTP algorithm in December 2018. MTP has been replaced by FiroPoW which has stronger ASIC resistance and smaller proof sizes.