Boolberry V2: Efficient Compact Decentralized Anonymous Payments via Ring Sigs

[b4h4mu7]

Boolberry V2: Efficient Compact Decentralized Anonymous Payments via Ring Signatures

Last year I started forming a group of like minded researchers, Chainmasons, to see how we could further improve the already efficient Boolberry variant of the Cryptonote protocol. When I refer to efficiency over other CN projects i.e. transaction verification, tps, scaling etc.

During this time our research efforts were split into two sections. The first was to either improve or replace the mining algorithm Wild Keccak [1]. Those results can be found in section 6 of our ePrint entitled "Itsuku: a Memory-Hardened Proof-of-Work Scheme." [2]

The second, to create the most efficient ring signature based privacy protocol. After 9 months of research and development we would like to share our findings with the rest of the academic community for peer review before ePrint publication. We believe that our system represents 3rd iteration of the Cryptonote protocol. For those that attended Financial Cryptography and Data Security 2018 [3] a few weeks ago, this is the same Boolberry v2 proposal presented at the end of the presentation. The slides from the conference are available in the link below.

Open Problems

Cryptonote achieves sender privacy through the use of Ring Signatures with 1/N ownership probability. The problem here is that since Cryptonote ring signatures are linear, as N grows in size so does the computational overhead. To our knowledge this problem has not been openly addressed by the academic community without introducing a trusted party as found in the RingCT 2.0 [4].

Open Solutions

Boolberry attempts to solves this through the use of a pruning system [5]. This has proven to be effective as seen in the size of Boolberry's blockchain size (3.8GB) vs Monero's (40GB) despite them being launched within weeks of each other. We go a step further by reducing ring signatures to a logarithmic size along with respective bulletproofs to introduce a compact confidential transaction scheme.

In our initial results, we've found that our system represents a 92.8% improvement at 100 ring members and 99.984% improvement at 1000 members in 1/N where N is number of members in the ring. Although we will need to update these figures as per the latest version.

Additionally, we also propose a newly designed technique for multi-signature transactions in the context of (linkable) ring signatures. Our presented DAP is planned as a future upgrade proposal for Boolberry upon further successive peer reviews.

Here is the ePrint draft v1.0 –> http://docdro.id/rzmGj7b

Slides from the fc18 conference -> http://docdro.id/q4GQMFV

Quoted Links:
[1] - https://boolberry.com/files/Block_Chain_Based_Proof_of_Work.pdf
[2] - https://eprint.iacr.org/2017/1168
[3] - http://fc18.ifca.ai/
[4] - https://eprint.iacr.org/2017/921
[5] - https://www.slideshare.net/boolberry/boolberry-reduces-blockchain-bloat

Any feedback would be much appreciated and will be credited in the "thanks" section located at end the paper. Also, if there are any misrepresentations please let us know and they will be fixed.

Thank you everyone. We hope you find our research enlightening.

[1713514449]

1713514449

[1713514449]

1713514449

[1713514449]

1713514449

[1713514449]

1713514449

[1713514449]

1713514449

[1713514449]

1713514449

[cellard]

Would this be a new project or a fork of the existing (I think dead) Boolberry coin blockchain? Would owners of the original Boolberry get tokens on this new other blockchain? Im asking because I think I still have some "Boolberry 1" coins. I remember that I had Bytecoin, Monero and Boolberry because I knew one of them would blow up due the ring signature hype. Unfortunately I sold Monero and kept the other two which are pretty dead.

Also I think this belongs in the altcoin section, which is a shame because a lot of serious threads get buried really fast by non serious threads in there.

[b4h4mu7]

Would this be a new project or a fork of the existing (I think dead) Boolberry coin blockchain? Would owners of the original Boolberry get tokens on this new other blockchain? Im asking because I think I still have some "Boolberry 1" coins. I remember that I had Bytecoin, Monero and Boolberry because I knew one of them would blow up due the ring signature hype. Unfortunately I sold Monero and kept the other two which are pretty dead.

Also I think this belongs in the altcoin section, which is a shame because a lot of serious threads get buried really fast by non serious threads in there.

Hi cellard. Our paper is purely research based so I don't believe it belongs in the altcoin section. My reasoning stems from the other proposals for cryptographic protocols that are posted in this section of the forum.

We're here to get feedback before publication of our paper and unfortunately the altcoin section lacks many that can contribute this sort of insight. As mentioned, the ePrint is purely researched based. We plan to upload the respective code in the near future and that can be used in any project although we plan to get consensus within the Boolberry community to introduce this as an upgrade to that system.

It's not bad idea to cut Ring Signature from calculating TX ID, but do you think it's possible to combine Schnorr Signature with Ring Signature to reduce overall input/decoy size in transaction?

Hi ETFbitcoin,

That is an interesting concept, combining Schnorr Signature with ring signatures is possible although it would require further study to observe the cost benefit analysis. Herranz et al. proposed such a system in their 2003 ePrint: "Forking Lemmas in the Ring Signatures' Scenario" however that system is still linear.

[Anti-Cen]

Very good post, like it lots.

To our knowledge this problem has not been openly addressed by the academic community without introducing a trusted party as found in the RingCT 2.0 [4].

This is the same as my findings when you really start to up-scale to numbers over a hundred million and in the end the network becomes flooded
with chatter and the time characteristics will fall like a stone.

Do not confuse the word "trust" with control and really Pow or PoS and all the other concepts of "Proof" flying around really comes down to establishing
a type of trust between nodes which is fine with me and if a cluster of nodes (big fuck off machines) are needed to enhance the smooth running and they
don't get direct access to the "Money" then this is a price we must pay.

Academia should not veto practicalities, you have to have a trade off and more to the point admit it also because in the end you get found out
when things go wrong.

[b4h4mu7]

Very good post, like it lots.

To our knowledge this problem has not been openly addressed by the academic community without introducing a trusted party as found in the RingCT 2.0 [4].

This is the same as my findings when you really start to up-scale to numbers over a hundred million and in the end the network becomes flooded
with chatter and the time characteristics will fall like a stone.

Do not confuse the word "trust" with control and really Pow or PoS and all the other concepts of "Proof" flying around really comes down to establishing
a type of trust between nodes which is fine with me and if a cluster of nodes (big fuck off machines) are needed to enhance the smooth running and they
don't get direct access to the "Money" then this is a price we must pay.

Academia should not veto practicalities, you have to have a trade off and more to the point admit it also because in the end you get found out
when things go wrong.

Thank you for the kind words!

The reference to trust was in the cryptographic context, specifically ring signature time complexity. Introducing a trusted party into a payment system on that level invalidates the decentralization property and thus it should not be acceptable to introduce into any decentralized payment system as it would be a step backwards from the original design outlined by Satoshi.

Sun et al. introduced a constant (linkable) ring signature size in their 2017 ePrint, "RingCT 2.0: A Compact Accumulator-Based (Linkable Ring Signature) Protocol for Blockchain Cryptocurrency Monero" [1] although it requires trust, our system is logarithmic and requires no trust. In this scenario, the performance trade-off to forgo the decentralization property is not sufficient.

It's not bad idea to cut Ring Signature from calculating TX ID, but do you think it's possible to combine Schnorr Signature with Ring Signature to reduce overall input/decoy size in transaction?

Hi ETFbitcoin,

That is an interesting concept, combining Schnorr Signature with ring signatures is possible although it would require further study to observe the cost benefit analysis. Herranz et al. proposed such a system in their 2003 ePrint: "Forking Lemmas in the Ring Signatures' Scenario" however that system is still linear.

Hi ETFbitcoin,

Upon further study: a transaction in our system employs (linkable) ring signatures in two different places. On one side, the sender signs his transaction with the linkable ring signature scheme. On the other side, a ring signature is required in the process of proof-of-sum. If one of them is replaced by Schnorr's signature, the anonymity of the whole system will be decreased. Moreover, Boolberry uses a special flag [2] to guarantees that a coin won't be spent without mixins. Such a technique is to deal with the problem caused by signing a transaction on behalf of a ring with only one participant. Since the Schnorr's signature can be regarded as a ring signature with one participant, we don't recommend combining it with ring signatures in Boolberry v2.

[1] - https://eprint.iacr.org/2017/921
[2] - https://www.slideshare.net/boolberry/boolberry-solves-cryptonoteflaws-37055246

[crypto_zoidberg]

Boolberry V2: Efficient Compact Decentralized Anonymous Payments via Ring Signatures

Last year I started forming a group of like minded researchers, Chainmasons, to see how we could further improve the already efficient Boolberry variant of the Cryptonote protocol. When I refer to efficiency over other CN projects i.e. transaction verification, tps, scaling etc.

During this time our research efforts were split into two sections. The first was to either improve or replace the mining algorithm Wild Keccak [1]. Those results can be found in section 6 of our ePrint entitled "Itsuku: a Memory-Hardened Proof-of-Work Scheme." [2]

The second, to create the most efficient ring signature based privacy protocol. After 9 months of research and development we would like to share our findings with the rest of the academic community for peer review before ePrint publication. We believe that our system represents 3rd iteration of the Cryptonote protocol. For those that attended Financial Cryptography and Data Security 2018 [3] a few weeks ago, this is the same Boolberry v2 proposal presented at the end of the presentation. The slides from the conference are available in the link below.

Open Problems

Cryptonote achieves sender privacy through the use of Ring Signatures with 1/N ownership probability. The problem here is that since Cryptonote ring signatures are linear, as N grows in size so does the computational overhead. To our knowledge this problem has not been openly addressed by the academic community without introducing a trusted party as found in the RingCT 2.0 [4].

Open Solutions

Boolberry attempts to solves this through the use of a pruning system [5]. This has proven to be effective as seen in the size of Boolberry's blockchain size (3.8GB) vs Monero's (40GB) despite them being launched within weeks of each other. We go a step further by reducing ring signatures to a logarithmic size along with respective bulletproofs to introduce a compact confidential transaction scheme.

In our initial results, we've found that our system represents a 92.8% improvement at 100 ring members and 99.984% improvement at 1000 members in 1/N where N is number of members in the ring. Although we will need to update these figures as per the latest version.

Additionally, we also propose a newly designed technique for multi-signature transactions in the context of (linkable) ring signatures. Our presented DAP is planned as a future upgrade proposal for Boolberry upon further successive peer reviews.

Here is the ePrint draft v1.0 –> http://docdro.id/rzmGj7b

Slides from the fc18 conference -> http://docdro.id/q4GQMFV

Quoted Links:
[1] - https://boolberry.com/files/Block_Chain_Based_Proof_of_Work.pdf
[2] - https://eprint.iacr.org/2017/1168
[3] - http://fc18.ifca.ai/
[4] - https://eprint.iacr.org/2017/921
[5] - https://www.slideshare.net/boolberry/boolberry-reduces-blockchain-bloat

Any feedback would be much appreciated and will be credited in the "thanks" section located at end the paper. Also, if there are any misrepresentations please let us know and they will be fixed.

Thank you everyone. We hope you find our research enlightening.

FYI: link to whitepaper says: "404!This document has been deleted"


Zoidberg