Much of the technology behind Grin

#1

Antioch recently shared a presentation by Rusty Russel (Mr. ipchains and iptables among other things) outlining what’s coming up in Bitcoin-land. Just like it did for Antioch, it stroke me how much there is in common and how much great tech we have or plan to cover.

I can’t do such a presentation but I thought I’d outline some of the cool tech in Grin, for the benefit of people who aren’t as deep in the weeds as some of us are. Firtst, I’d like to clarify that none of it is our invention and a lot has been made possible by successive refinements on older ideas. That’s how R&D works. And much comes from amazing contributions made by Greg Maxwell, Mr. Tom Elvis Jedusor, our own Andrew Poelstra, John Tromp, the amazoning Peter Wuille, Peter Todd, Tier Nolan and many, many more.

  • MimbleWimble. Our intro is likely the best technical resource and provides multiple pointers. In short, MimbleWimble can be broken into 3 main features:

    • Confidential Transactions. No transaction amounts are revealed, no addresses.
    • Cut-through. Most of the blockchain data can be removed, leading to material reductions in blockchain size as well as a little privacy boost.
    • Fast Sync. Even after all that data has been removed, the whole chain state can be validated with guarantees similar to a full node. So a new node needs just a very small subset of the whole chain.
  • Schnorr Sigs / MuSig / AggSig. A different signature scheme from ECDSA that, as far as Grin is concerned, provides multi-signatures, smaller signature sizes and improves security. But most importantly, it paves the way for certifiable transactions and scriptless scripts.

  • Certifiable transactions. As-is, MimbleWimble transactions have a security flaw where the receiver can claim the funds were never received and the sender can’t prove they were. The certifiable transactions protocol fixes this.

  • Cuckoo Cycle, our proof of work.

  • Bulletproofs. Confidential transactions require the inclusion of what is called a range proof. Unfortunately, until bullet proofs, range proofs could be very large (~5kb). Bulletproofs make range proofs much smaller (~700 bytes), faster to verify in batches and could enable further zero-knowledge proofs.

  • Scriptless scripts. MimbleWimble can’t allow Bitcoin-style scripts. In theory this should be very limiting. But in practice, leveraging Schnorr signatures, we can re-introduce multiple types of smart contracts. Inluding the basis for lightning network and…

  • Atomic swaps. One type of scriptless script that allows exchanging grins with other cryptocurrencies trustlessly.

  • Merkle Mountain Range (MMR) and TXO commitments. Every grin block, using a Merkle-like structure optimized for performance, commits to the full TXO set. This enables fast sync as well as Merkle proofs. And by pruning the structure, a unique representation of the UTXO set.

  • Merkle proofs. MMRs allow grin and any wallet to uniquely prove the existence and (un)spentness of any output. This is useful in a variety of protocols, and especially for light clients.

  • Compact blocks. Most chains send a transaction twice: when it’s created and inside a block. Compact blocks eliminate the redundancy, making blocks a lot smaller.

  • Confidential Assets. Extension to Confidential Transactions that would allow multiple asset types to be tracked on the same blockchain, including other cryptocurrencies like bitcoin. Confidential Assets don’t just hide the amounts and participants involved in a transaction, but also the asset itself.

  • Covenants. We haven’t fully figured out how to do these yet, but we have the building blocks: time-locked outputs and multisig.

  • Dandelion or partial relay. There’s a double advantage: saving bandwidth by not “spraying” transactions to every peer, and making it hard to identify which peer a transaction originated from. This may be a little longer term although there likely are simpler versions of it we can implement easily.

Writing this, and given how immature Grin still is (hint: very), I’m surprised at how much we’ve already implemented or enabled (for things that exist at higher layers, like scriptless scripts). I’m extremely thankful to the smart people whose ideas we’re implementing or reusing, all the developers who keep contributing great code, and everyone of you helping us testing, debugging, and funding this project. High fives all around!

20 Likes
Any asic-love and inflation-hate around?
#2

Yeah this is an awesome overview of all the moving parts that go into (or that are made possible) by the Grin stack.
One additional thing item discussed in the mailing list and on github -

  • Confidential Assets. Extension to Confidential Transactions that would allow multiple asset types to be tracked on the same blockchain. Not just hiding the amounts and participants in a transaction but the asset itself.
#3

Great point, I’ll add it above.

#4

Is the above list still current?
I suspect time-locked transactions are or nearly are ready to be included.

#5

Actually we’ve had time-locked transactions for a while, what’s being worked out right now is time-locked outputs.

#6

are you adding octopus dht can start with chord implementation

#7

Should we add a bit to the above list?

  • Include Dandelion++ in along with the Dandelion pdf link.
  • Time-locked transactions (linked to docs/ somewhere?)
  • Cuck[at]oo
  • Stratum RPC protocol
  • community projects: block explorers, wallets, grinbox, keybase integration, and more!