Boolberry is a cryptocurrency based on
CryptoNote technology. Boolberry’s major benefit is that it provides
much stronger privacy for both the senders and receivers of
transactions. It does so by ensuring that receivers are anonymous (the
destination of a transaction can only be determined by its real
recipient) and transactions cannot be linked to a single sender.
Instead, each transaction could have many equally possible senders, and
an attacker cannot determine which one it was.
It does so by ensuring that:
GUI wallet that ships in source and binary as an official part of the Boolberry distribution.
Boolberry benefits:
Planned NXT features will be implemented into the core of BTCD. BTCD will be an entire platform, and act as a cryptocurrency supernetwork and the following NXT features will be integrated:
Ring signature is a more sophisticated scheme, which in fact may demand several different public keys for verification. In the case of ring signature, we have a group of individuals, each with their own secret and public key. The statement proved by ring signatures is that the signer of a given message is a member of the group. The main distinction with the ordinary digital signature schemes is that the signer signer needs a single secret key, but a verifier cannot establish the exact identity of the signer. Therefore, if you encounter a ring signature with the public keys of Alice, Bob and Carol, you can only claim that one of these individuals was the signer but you will not be able to pinpoint him or her.
This concept can be used to make digital transactions sent to the network untreaceable by using the public keys of other members in the ring signature one will apply to the transaction. This approach proves that the creator of the transaction is eligible to spend the amount specified in the transaction but his identity will be indistinguishable from the users whose public keys he used in his ring signatures.
It should be noted that foreign transactions do not restrict you from spending your own money. Your public key may appear in dozens of others’ ring signatures but only as a muddling factor (even if you already used the corresponding secret key for signing your own transaction). Moreover, if two users create ring signatures with the same set of public keys, the signatures will be different (unless they use the same private key).
CryptoNote solves this dilemma by an automatic creation of multiple unique one-time keys, derived from the single public key, for each p2p payment. The solution lies in a clever modification of theDiffie-Hellman exchange protocol. Originally it allows two parties to produce a common secret key derived from their public keys. In our version the sender uses the receiver’s public address and his own random data to compute a one-time key for the payment.
The sender can produce only the public part of the key, whereas only the receiver can compute the private part; hence the receiver is the only one who can release the funds after the transaction is committed. He only needs to perform a single-formula check on each transactions to establish if it belongs to him. This process involves his private key, therefore no third party can perform this check and discover the link between the one-time key generated by the sender and the receiver’s unique public address.
An important part of our protocol is usage of random data by the sender. It always results in a different one-time key even if the sender and the receiver both remain the same for all transactions (that is why the key is called “one-time”). Moreover, even if they are both the same person, all the one-time keys will also be absolutely unique.
A ring signature is actually a class of crypto-algorithms with different features. The one CryptoNote uses is the modified version of the “Traceable ring signature” [1]. In fact we transformed traceability into linkability. This property restricts a signer’s anonymity as follows: if he creates more than one ring signature using the same private key (the set of foreign public keys is irrelevant), these signatures will be linked together which indicates a double-spending attempt.
To support linkability CryptoNote introduced a special marker being created by a user while signing, which we called a key image. It is the value of a cryptographic one-way function of the secret key, so in math terms it is actually an image of this key. One-wayness means that given only the key image it is impossible to recover the private key. On the other hand, it is computationally impossible to find a collision (two different private keys, which have the same image). Using any formula, except for the specified one, will result in an unverifiable signature. All things considered, the key image is unavoidable, unambiguous and yet an anonymous marker of the private key.
All users keep the list of the used key images (compared with the history of all valid transactions it requires an insignificant amount of storage) and immediately reject any new ring signature with a duplicate key image. It will not identify the misbehaving user, but it does prevent any double-spending attempts, caused by malicious intentions or software errors.
CryptoNote is designed to mitigate the risks associated with key re-usage and one-input-to-one-output tracing. Every address for a payment is a unique one-time key, derived from both the sender’s and the recipient’s data. It can appear twice with a probability of a 256-bit hash collision. As soon as you use a ring signature in your input, it entails the uncertainty: which output has just been spent?
Trying to draw a graph with addresses in the vertices and transactions on the edges, one will get a tree: a graph without any cycles (because no key/address was used twice). Moreover, there are billions of possible graphs, since every ring signature produces ambiguity. Thus, you can’t be certain from which possible sender the transaction-edge comes to the address-vertice. Depending on the size of the ring you will guess from “one out of two” to “one out of a thousand”. Every next transaction increases the entropy and creates additional obstacles for an analyst.
It does so by ensuring that:
- receivers are anonymous (the destination of a transaction can only be determined by its real recipient);
- Transactions cannot be linked to a single sender; instead, each transaction could have many equally possible senders, and an attacker cannot determine which one it was.
GUI wallet that ships in source and binary as an official part of the Boolberry distribution.
Main Features
- New cryptography based on ring signatures and one-time transaction keys provides the strongest privacy of any cryptocurrency;
- Separated wallet and daemon help improve usability and security;
- Flexible RPC-like network protocol provides a basis for flexibly extending the network protocol quickly and robustly;
- Blockchain-based PoW hash helps balance CPU, GPU, and ASIC speeds while providing extremely fast block verification;
- Outs with guaranteed anonymity The output of a transaction can be marked so that it can only be later used with a certain number of mixins. By using only coins thus marked, a user that mixing her transactions for privacy can ensure that the transactions remain private over time.
- Alerts (signed by developers) broadcast via peer-to-peer mechanism, inform both users and miners of critical updates or other important events
- Transaction identification by prefix: this feature reduces blockchain bloat.pdf by cutting off ring signatures that are covered by a checkpoint. It can save 30-70% of the blockchain space, addressing an important drawback to CryptoNote’s stronger privacy.
- Wallet addresses aliasing: Any address can be linked to a symbolic name and be used globally. By being built into the blockchain, these aliases are globally unique (original), but do not require a central naming authority to maintain.
Boolberry Compared to Bitcoin
In comparison to Bitcoin forks, Boolberry is developed on newer CryptoNote technology, making it of more flexible architecture. The main benefit of CryptoNote technology is anonymity of the sender and recipient along with transaction unlinkability. This provides great protection to user’s privacy which is highly important today.Boolberry benefits:
- Ring Signature based cryptography, which ensures new level of privacy, anonymity and unlinkability
- Separate Wallet and Daemon provide and additional level of security and cloud compatibility
- Flexible RPC-like network protocol with forward and backward capability provides ability to extend network interaction format quickly and painlessly.
- New ASIC-Resistant Hash algorithm named Wild Keccack takes the SHA3 Keccak to a higher level.
Boolberry Compared to CryptoNote
Boolberry was designed from the beginning to address several issues with Ordinary CryptoNote coins such incomplete anonymity and block chain bloat.- Unlinkable outputs ensures the user’s anonymity is not broken due to zero mixin usage.
- Transaction identification by prefix allows Boolberry to cut ring signatures from block chain reducing block chain size by 60-90%, depending on mixin usage.
- Removed Dust from block reward to reduce block chain size even more.
- New block chain based PoW hash provides faster synchronization with network and immunity from DoS attacks.
- Network Alerts allow developers to broadcast messages about critical updates or other important events to the network
- Donation-based crowd-funding: Boolberry has an open and transparent model of project financing with a maximum of 1% of mined coins reserved for project development. The actual rate is controlled by network participants (miners) using votes. Boolberry gives a fixed percentage to the CryptoNote founders.
- Wallet address aliasing: any wallet can be linked with symbolic name via special type extra record in coinbase. Block chain will control registered names uniqueness.
- More rational emission curve
Boolberry and SuperNetwork
Planned NXT features will be implemented into the core of BTCD. BTCD will be an entire platform, and act as a cryptocurrency supernetwork and the following NXT features will be integrated:
Wild Keccak PoW Algorithm
Wild Keccak is a Keccak hybrid which uses block chain data as a scratchpad. After each Keccak round, pseudo-randomly addressed data [state vector used as addresses] data is taken from scratchpad and XORed with state. Calculating each block PoW usually hits about 1100 randomly addressed reading of blocks by 32 bytes.Untraceable payments
The ordinary digital signature (e.g. (EC)DSA, Schnorr, etc…) verification process involves the public key of the signer. It is a necessary condition, because the signature actually proves that the author possesses the corresponding secret key. But it is not always a sufficient condition.Ring signature is a more sophisticated scheme, which in fact may demand several different public keys for verification. In the case of ring signature, we have a group of individuals, each with their own secret and public key. The statement proved by ring signatures is that the signer of a given message is a member of the group. The main distinction with the ordinary digital signature schemes is that the signer signer needs a single secret key, but a verifier cannot establish the exact identity of the signer. Therefore, if you encounter a ring signature with the public keys of Alice, Bob and Carol, you can only claim that one of these individuals was the signer but you will not be able to pinpoint him or her.
This concept can be used to make digital transactions sent to the network untreaceable by using the public keys of other members in the ring signature one will apply to the transaction. This approach proves that the creator of the transaction is eligible to spend the amount specified in the transaction but his identity will be indistinguishable from the users whose public keys he used in his ring signatures.
It should be noted that foreign transactions do not restrict you from spending your own money. Your public key may appear in dozens of others’ ring signatures but only as a muddling factor (even if you already used the corresponding secret key for signing your own transaction). Moreover, if two users create ring signatures with the same set of public keys, the signatures will be different (unless they use the same private key).
Unlinkable transactions
Normally, when you post your public address, anyone can check all your incoming transactions even if they are hidden behind a ring signature. To avoid linking you can create hundreds of keys and send them to your payers privately, but that deprives you of the convenience of having a single public address.CryptoNote solves this dilemma by an automatic creation of multiple unique one-time keys, derived from the single public key, for each p2p payment. The solution lies in a clever modification of theDiffie-Hellman exchange protocol. Originally it allows two parties to produce a common secret key derived from their public keys. In our version the sender uses the receiver’s public address and his own random data to compute a one-time key for the payment.
The sender can produce only the public part of the key, whereas only the receiver can compute the private part; hence the receiver is the only one who can release the funds after the transaction is committed. He only needs to perform a single-formula check on each transactions to establish if it belongs to him. This process involves his private key, therefore no third party can perform this check and discover the link between the one-time key generated by the sender and the receiver’s unique public address.
An important part of our protocol is usage of random data by the sender. It always results in a different one-time key even if the sender and the receiver both remain the same for all transactions (that is why the key is called “one-time”). Moreover, even if they are both the same person, all the one-time keys will also be absolutely unique.
Double-spending proof
Fully anonymous signatures would allow spending the same funds many times which, of course, is incompatible with any payment system’s principles. The problem can be fixed as follows.A ring signature is actually a class of crypto-algorithms with different features. The one CryptoNote uses is the modified version of the “Traceable ring signature” [1]. In fact we transformed traceability into linkability. This property restricts a signer’s anonymity as follows: if he creates more than one ring signature using the same private key (the set of foreign public keys is irrelevant), these signatures will be linked together which indicates a double-spending attempt.
To support linkability CryptoNote introduced a special marker being created by a user while signing, which we called a key image. It is the value of a cryptographic one-way function of the secret key, so in math terms it is actually an image of this key. One-wayness means that given only the key image it is impossible to recover the private key. On the other hand, it is computationally impossible to find a collision (two different private keys, which have the same image). Using any formula, except for the specified one, will result in an unverifiable signature. All things considered, the key image is unavoidable, unambiguous and yet an anonymous marker of the private key.
All users keep the list of the used key images (compared with the history of all valid transactions it requires an insignificant amount of storage) and immediately reject any new ring signature with a duplicate key image. It will not identify the misbehaving user, but it does prevent any double-spending attempts, caused by malicious intentions or software errors.
Blockchain analysis resistance
There are many academic papers dedicated to the analysis of the Bitcoin’s blockchain. Their authors trace the money flow, identify the owners of coins, determine wallet balances and so on. The ability to make such analysis is due to the fact that all the transfers between addresses are transparent: every input in a transaction refers to a unique output. Moreover, users often re-use their old addresses, receiving and sending coins from them many times, which simplifies the analyst’s work. It happens unintentionally: if you have a public address (for example, for donations), you are sure to use this address in many inputs and transactions.CryptoNote is designed to mitigate the risks associated with key re-usage and one-input-to-one-output tracing. Every address for a payment is a unique one-time key, derived from both the sender’s and the recipient’s data. It can appear twice with a probability of a 256-bit hash collision. As soon as you use a ring signature in your input, it entails the uncertainty: which output has just been spent?
Trying to draw a graph with addresses in the vertices and transactions on the edges, one will get a tree: a graph without any cycles (because no key/address was used twice). Moreover, there are billions of possible graphs, since every ring signature produces ambiguity. Thus, you can’t be certain from which possible sender the transaction-edge comes to the address-vertice. Depending on the size of the ring you will guess from “one out of two” to “one out of a thousand”. Every next transaction increases the entropy and creates additional obstacles for an analyst.
0 komentar:
Post a Comment