DERO-PAPER/whitepaper.md

NOTE: This is a work in progress, currently collecting material and compiling ideas.

Updates will happen when community members have time to work on the materials.

Page 1 /////////////////////////////////////////////////////////////

White Paper (Draft Version)

DERO Project

Build it, they will come.

[instert pretty cover here]

Page 2 /////////////////////////////////////////////////////////////

Contents

1. INTRODUCTION
   1. Mission
   2. Background
2. RESEARCH
   1. Bulletproofs
   2. Graviton Database
   3. Homomorphic Encryption
3. TECHNICAL FEATURES
   1. DERO HE
   2. Core
   3. Salient Features

Page 3 /////////////////////////////////////////////////////////////

1. INTRODUCTION

1(i) Mission

DERO is a general purpose, private and scalable decentralized application platform that allows developers to deploy powerful and unstoppable applications, while users retain total control over their assets with complete privacy. It is our goal to create a sound monetary framework that will globally safeguard the privacy of all users and empower free markets to thrive, while maintaining complete auditability.

1(ii) Background

In an age driven by centralized data empires, we as a society have sacrificed our digital privacy and trusted large faceless organizations, who exploited, sold, censored, even manipulated our digital and financial data, so that we could participate in the electronic world.

Most common cryptographic obfuscation techniques in use on blockchains today have required trusted setups or centralized consensus mechanisms (PoS or Proof-Of-Stake) to lower fees and scale user-bases, usually both. Pre-existing trustless obfuscation techniques using decentralized Proof-Of-Work (PoW) consensus have historically led to further scaling or decentralization-hindering roadblocks, both of which have been major persistent factors in prohibiting the development of a massively decentralized and trustless layer 1 private application platform.

This state of affairs has led the DERO Project through a multi-year pursuit to identify and isolate the architectural shortcomings present in preexisting, conventional decentralized application platforms, as well as in private blockchain protocols.

Throughout the development period, DERO’s anonymous developers have researched, engineered, and released several new technologies that were found to be missing entirely from the industry. These technologies have now been have been combined, iterated, extensively tested and introduced to the world.

DERO migrated from the initial CryptoNote Protocol release (Atlantis) to it’s own DERO Homomorphic Encryption Blockchain Protocol or DHEBP (Stargate) on [date], at block height [block].

Page 4 /////////////////////////////////////////////////////////////

2. RESEARCH

2(i) Bulletproofs

Secure and fast crypto is the basic necessity of this project and adequate amount of time has been devoted to develop/study/implement/audit it. Most of the crypto such as ring signatures have been studied by various researchers and are in production by number of projects. As far as the Bulletproofs are considered, since DERO is the first one to implement/deploy, they have been given a more detailed look. First, a bare bones bulletproofs was implemented, then implementations in development were studied (Benedict Bunz, XMR, Dalek Bulletproofs) and thus improving our own implementation.
Some new improvements were discovered and implemented (There are number of other improvements which are not explained here). Major improvements are in the Double-Base Double-Scalar Multiplication while validating bulletproofs. A typical bulletproof takes ~15-17 ms to verify. Optimised bulletproofs takes ~1 to ~2 ms(simple bulletproof, no aggregate/batching). Since, in the case of bulletproofs the bases are fixed, we can use precompute table to convert 64*2 Base Scalar multiplication into doublings and additions (NOTE: We do not use Bos-Coster/Pippienger methods). This time can be again easily decreased to .5 ms with some more optimizations. With batching and aggregation, 5000 range-proofs (~2500 TX) can be easily verified on even a laptop. There are other optimizations such as base-scalar multiplication could be done in less than a microsecond.

• Dero ultrafast bulletproofs optimization techniques in the form used did not exist anywhere in publicly available cryptography literature at the time of implementation. Please contact for any source/reference to include here if it exists. Ultrafast optimizations verifies Dero bulletproofs 10 times faster than other/original bulletproof implementations.

• DERO rocket bulletproof implementations are hardened, which protects DERO from certain class of attacks.

• DERO rocket bulletproof transactions structures are not compatible with other implementations.

2(ii) Graviton Database

Graviton Database is a simple, fast, versioned, authenticated, embeddable key-value store database in pure GOLANG. Graviton Database in short is like “ZFS for key-value stores” in which every write is tracked, versioned and authenticated with cryptographic proofs. Additionally it is possible to take snapshots of the database. Also it is possible to use simple copy, rsync commands for database backup even during live updates without any possibilities of database corruption.

Graviton Database in short is “ZFS for key-value stores”.

• Authenticated data store (All keys, values are backed by blake 256 bit checksum).
• Append only data store.
• Support of 2^64 trees (Theoretically) within a single data store. Trees can be named and thus used as buckets.
• Support of values version tracking. All committed changes are versioned with ability to visit them at any point in time.
• Snapshots (Multi tree commits in a single version causing multi bucket sync, each snapshot can be visited, appended and further modified, keys deleted, values modified etc., new keys, values stored.)
• Ability to iterate over all key-value pairs in a tree.
• Ability to diff between 2 trees in linear time and report all changes of Insertions, Deletions, Modifications.)
• Minimal and simplified API.
• Theoretically support Exabyte data store, Multi TeraByte tested internally.
• Decoupled storage layer, allowing use of object stores such as Ceph, AWS etc.
• Ability to generate cryptographic proofs which can prove key existance or non-existance (Cryptographic Proofs are around 1 KB.)
• Superfast proof generation time of around 1000 proofs per second per core.
• Support for disk based filesystem based persistant stores.
• Support for memory based non-persistant stores.
• 100% code coverage

2(iii) Homomorphic Encryption

[From Wikipedia:] Homomorphic encryption is a form of encryption allowing one to perform calculations on encrypted data without decrypting it first. The result of the computation is in an encrypted form, when decrypted the output is the same as if the operations had been performed on the unencrypted data.

Homomorphic encryption can be used for privacy-preserving outsourced storage and computation. This allows data to be encrypted and out-sourced to commercial cloud environments for processing, all while encrypted. In highly regulated industries, such as health care, homomorphic encryption can be used to enable new services by removing privacy barriers inhibiting data sharing. For example, predictive analytics in health care can be hard to apply via a third party service provider due to medical data privacy concerns, but if the predictive analytics service provider can operate on encrypted data instead, these privacy concerns are diminished.

Page 5 /////////////////////////////////////////////////////////////

3. TECHNICAL FEATURES

3(i) DERO HE

1. Homomorphic account based model.

2. Instant account balances [Need to get 66 bytes of data only from the blockchain].

3. DAG/MINIDAG with 1 miniblock every second

4. Mining Decentralization.No more mining pools, daily 100000 reward blocks, no need for pools and thus no attacks

5. Erasure coded blocks, lower bandwidth requirements, very low propagation time.

   1. Traditional Blockchains process blocks as single unit of computation(if a double-spend tx occurs within the block, entire block is rejected). As soon as a block is found, it is sent to all its peers. The DERO blockchain erasure codes the block into 48 chunks, dispersing and chunks are dispersed to peers randomly.Any peer receiving any 16 chunks( from 48 chunks) can reintegerate the block and thus lower overheads and lower propagation time.

6. No more chain scanning or wallet scanning to detect funds, no key images etc.

7. Truly light weight and efficient wallets.

8. Fixed per account cost of 66 bytes in blockchain[Immense scalability].

9. Perfectly anonymous transactions with many-out-of-many proofs [bulletproofs and sigma protocol]

10. Deniability

11. Fixed transaction size say ~2.5KB (ring size 8) or ~3.4 KB (ring size 16) etc based on chosen anonymity group size[ logarithmic growth]

12. Anonymity group can be chosen in powers of 2.

13. Allows homomorphic assets (programmable SCs with fixed overhead per asset), with open Smart Contract but encrypted data [Internal testing/implementation not on this current testnet branch].

14. Allows open assets (programmable SCs with fixed overhead per asset)

15. Allows chain pruning on daemons to control growth of data on daemons.

16. Transaction generation takes less than 25 ms.

17. Transaction verification takes even less than 25ms time.

18. No trusted setup, no hidden parameters.

19. Pruning chain/history for immense scalibility[while still secured using merkle proofs].

20. Example disk requirements of 1 billion accounts (assumming it does not want to keep history of transactions, but keeps proofs to prove that the node is in sync with all other nodes)

    Requirement of 1 account = 66 bytes
    Assumming storage overhead per account of 128 bytes ( constant )
    Total requirements = (66 + 128)GB ~ 200GB
    Assuming we are off by factor of 4 = 800GB
    

21. Note that, Even after 1 trillion transactions, 1 billion accounts will consume 800GB only, If history is not maintained, and everything still will be in proved state using merkle roots, and so, even a Raspberry Pi can host the entire chain.

22. Senders can prove to receiver what amount they have send (without revealing themselves).

23. Worlds first Erasure Coded Propagation protocol, which allows 100x block size without increasing propagation delays.

24. Entire chain is rsyncable while in operation.

Page 6

3(ii) Core

1. DAG: No orphan blocks, No soft-forks.
2. BulletProofs: Zero Knowledge range-proofs(NIZK)
3. AstroBWT: This is memory-bound algorithm. This provides assurance that all miners are equal. ( No miner has any advantage over common miners).
4. P2P Protocol: This layers controls exchange of blocks, transactions and blockchain itself.
5. Pederson Commitment: (Part of ring confidential transactions): Pederson commitment algorithm is a cryptographic primitive that allows user to commit to a chosen value while keeping it hidden to others. Pederson commitment is used to hide all amounts without revealing the actual amount. It is a homomorphic commitment scheme.
6. Homomorphic Encryption: Homomorphic Encryption is used to to do operations such as addition/substraction to settle balances with data being always encrypted (Balances are never decrypted before/during/after operations in any form.).
7. Homomorphic Ring Confidential Transactions: Gives untraceability , privacy and fungibility while making sure that the system is stable and secure.
8. Core-Consensus Protocol implemented: Consensus protocol serves 2 major purpose
   1. Protects the system from adversaries and protects it from forking and tampering.
   2. Next block in the chain is the one and only correct version of truth ( balances).
9. Proof-of-Work(PoW) algorithm: PoW part of core consensus protocol which is used to cryptographically prove that X amount of work has been done to successfully find a block.
10. Difficulty algorithm: Difficulty algorithm controls the system so as blocks are found roughly at the same speed, irrespective of the number and amount of mining power deployed.
11. Serialization/De-serialization of blocks: Capability to encode/decode/process blocks .
12. Serialization/De-serialization of transactions: Capability to encode/decode/process transactions.
13. Transaction validity and verification: Any transactions flowing within the DERO network are validated,verified.
14. Socks proxy: Socks proxy has been implemented and integrated within the daemon to decrease user identifiability and improve user anonymity.
15. Interactive daemon can print blocks, txs, even entire blockchain from within the daemon
16. status, diff, print_bc, print_block, print_tx and several other commands implemented
17. GO DERO Daemon has both mainnet, testnet support.
18. Enhanced Reliability, Privacy, Security, Useability, Portabilty assured.

3(iii) Salient Features

• DAG Based: No orphan blocks, No soft-forks.
• 51% Attack resistant.
• 60 Second Block time.
• Extremely fast transactions with one minute/block confirmation time.
• SSL/TLS P2P Network.
• Homomorphic: Fully Encrypted Blockchain
• Dero Fastest Rocket BulletProofs: Zero Knowledge range-proofs(NIZK).
• Ring signatures.
• Fully Auditable Supply.
• DERO blockchain is written from scratch in Golang.
• Developed and maintained by original developers.

At this point in time, DERO (Stargate) has first mover advantage in the following features:

• Private Smart Contracts (no one knows who owns what tokens and who is transferring to whom, or how much is being transferred.)
• Homomorphic account based protocol.
• Ability to do instant sync
• DAG/MINIDAG with 1 miniblock every second
• Mining Decentralization.No more mining pools, daily 100000 reward blocks, no need for pools and thus no attacks
• Erasure coded blocks, lower bandwidth requirements, very low propagation time.
• Ability to deliver encrypted license keys and other data.
• Pruned chains are the core.
• Ability to model 99.9% earth based financial model of the world.
• Privacy by design, backed by crypto algorithms. Many years of research in place.
• Sample Token contract is available with guide.
• Multi-send is now possible. sending to multiple destinationS per tx.
• DERO Simulator for faster development/testing.

////////////////////////////STUFF

Client Protocol

        Traditional Blockchains process blocks as single unit of computation(if a double-spend tx occurs within the block, entire block is rejected). However DERO network accepts such blocks since DERO blockchain considers transaction as a single unit of computation.DERO blocks may contain duplicate or double-spend transactions which are filtered by client protocol and ignored by the network. DERO DAG processes transactions atomically one transaction at a time.

51% Attack Resistant

DERO DAG implementation builds outs a main chain from the DAG network of blocks which refers to main blocks (100% reward) and side blocks (8% rewards). Side blocks contribute to chain PoW security and thus traditional 51% attacks are not possible on DERO network. If DERO network finds another block at the same height, instead of choosing one, DERO include both blocks. Thus, rendering the 51% attack futile.