Looking for feedback on a new scaling solution - Project Boreas

[mju_crypto]

My curiosity about Bitcoin has been on and off for the past couple years. Predictably, my curiosity about the technology and its implications usually peaked with the market. This year, I decided to just dive fully into the ocean that's Bitcoin and cryptocurrency. I've been absorbing as much information as I could for the past couple months. Reviewing myself on how Bitcoin works and learning about how other cryptocurrencies work. I've also committed financially. Glad to say that I'm on my way to owning at least one Bitcoin!

I'm a developer, so what excites me at heart is the technology behind Bitcoin. I have no idea how Nakamoto thought of this, but the dude's a genius. But like most of you know there are tradeoffs with proof-of-work and the blockchain. What I'm concerned the most about is the speed of transactions and the fees. So I learned about the Lightning Network. I have high hopes for the project, but I really wanted to take a shot at creating a scaling solution. I also wanted to contribute to the community, both Bitcoin and the open source community. So I've created something I call Project Boreas.

I was inspired by the fee-less and fast transaction speeds in the Nano network. I thought maybe something similar to their technology could be applied to a second layer network. I wrote up my first whitepaper and published it on a Github repository. I also created a living whitepaper so that any changes can be put there while keeping the original. Also, I plan on making the project open source so anyone can use the idea.

Right now, the original and living whitepaper is all I have on the repository. I'd really appreciate it if anyone could critique the paper. Any helpful criticism is welcome. It can be spelling, grammar and structure. Critiques on the soundness of the idea itself are especially welcome. Thanks!

Github: https://github.com/netteydavid/ProjectBoreas

Original whitepaper: https://github.com/netteydavid/ProjectBoreas/blob/main/Directed_Acyclic_Graphs_as_a_Second_Layer_Scaling_Solution_for_Bitcoin.pdf

Living Whitepaper: https://www.notion.so/davidnettey/Scaling-Bitcoin-Through-Off-chain-Verification-and-On-chain-Settlement-d1b59017badd4707b6fadf7db620d7f2

Issues: https://github.com/netteydavid/ProjectBoreas/issues

[dkbit98]

Sybil Attack is not so easy to solve and I don't like solution you have for each vote to be weighted by account's balance, that would give huge voting power to whales without some quadratic voting solution.
Also you say that accounts with zero balance would not count, but what if I create many accounts with some minimal balance just enough to get multiple votes, or imagine scenario if bitcoin whale splitting his bitcoin in multiple addresses to gain more power.
Not so hard to imagine attacks on network or making it totally centralized.

[mju_crypto]

Sybil Attack is not so easy to solve and I don't like solution you have for each vote to be weighted by account's balance, that would give huge voting power to whales without some quadratic voting solution.
Also you say that accounts with zero balance would not count, but what if I create many accounts with some minimal balance just enough to get multiple votes, or imagine scenario if bitcoin whale splitting his bitcoin in multiple addresses to gain more power.
Not so hard to imagine attacks on network or making it totally centralized.

Thanks for the feedback! Good point on the bitcoin whales. I didn't take that into consideration. I'll do more research on quadratic voting.
I opened an issue about alternatives or improvements for ORV. Any thoughts on the comment I posted there?
Link: https://github.com/netteydavid/ProjectBoreas/issues/2#issuecomment-796400209

[mju_crypto]

1. The paper doesn't mention how to move Bitcoin between main network/on-chain to DAG network and vice versa

I'll go through the living whitepaper and clear that up, thanks!

2. On GitHub repository, i would recommend you add more information README.md.

I was unsure what else to put in the README since the project is brand new. I'll add stuff like the goal of the project and info on contributing.


Thanks for the feedback!

[mju_crypto]

you can make your nano description simpler.
instead of mixing metaphores of blocks and transactions.
just say each transaction received gets its own PoW id which includes a hash of the previous received tx

calling transactions blocks makes it unclear if you are talking about a true block (a batch/list of transactions) or a special tx that has a hash

Gotcha, I was trying to keep to the language that Nano uses when describing their tech. I just went through the Nano description in the living whitepaper and made some changes for clarity.
Let me know what you think!

i can see lots of other methods for those controlling the 'communal treasury' attacking the network
(someone already hinted on whales as the hubs.. but there are other attack vectors too)

Could you give me a couple examples? I'd like to list them as issues to discuss on Github as well.

separately
your idea is a pyramid. where those select special people in control of the 'open block' 'communal treasury' which does the main balance of deposits/withdrawals/spends for its lower members of the network become a hub/bank(top of pyramid members)
remember.. mobile users wanting to shop and go at grocery stores wont be full nodes running the 'blocks' of the network. they will just be making their own 'spend' transactions. to the 'communial treasury' nodes using their cell phone and its then the communal nodes(hubs) that then aggregate and compare between themselves

its great in concept as it makes transactions auditable by a network to make sure nodes are not abusing each other.. so +1 vs LN's model... but reality is that its still inevitably a hub model where the hubs control what goes out and in. which will also be LN's downfall

To separate the wallets (mobile users) from the nodes, I think I'll change it so that the treasury is one multi-sig address. Each private key is protected and backed up by a shared secret algorithm. I explain in detail here: https://github.com/netteydavid/ProjectBoreas/issues/3
As for the hub problem, I've been thinking of ways to improve or completely replace ORV. I'm cataloging ideas here: https://github.com/netteydavid/ProjectBoreas/issues/2. An improvement idea, as mentioned by dkbit98, is to implement some sort of quadratic voting system.

Thanks for the feedback!

[baro77]

I'll do more research on quadratic voting.

a side note... be carefull about QV, especially about bounded-nature of probability in less-than-ideal contexts. Inspired by a Vitalik Buterin blog post, I wrote something about it here, if it can help you:

https://medium.com/@baro77/quadratic-payments-with-constrained-probabilities-b40facba716?sk=60199e8bea21a8c0e6820791435aa6f0

[mju_crypto]

I've been doing research on alternative consensus mechanisms and I came across Avalanche consensus. It seems to fit what I'm looking for! It seems very scalable and fast. The only issues I have with it is that it doesn't seem to have a baked in way to prevent spam and Sybil attacks. These can be deterred by using existing methods such as staking for Sybil attacks and small amounts of proof of work for spam, among other methods.

Any thoughts on it?

[mju_crypto]

To separate the wallets (mobile users) from the nodes, I think I'll change it so that the treasury is one multi-sig address. Each private key is protected and backed up by a shared secret algorithm. I explain in detail here:

i woud not recommend a single address multisig requiring 10of15
because 10 can collude and share out the value associated with all 15.. meaning 5 just see their balance disapear and then have those 5 liable to all of its sub-users of their 5 branches
its the typical exchange 'we got haxxed' excuse

..
try a new scheme. 15 addresses for 15 nodes 'treasury' but were its not a 10 of 15 but instead:
a treasury block of 15 addresses/UTXO updates

each address assigned to a node manager. where the 'secret' is a build up of the specific manager plus 10 others.
(m1)+10of14    (still 15 but but the special contingent 1 is the specific manager assigned that address)

that way the manager cant raid his own pot without other authorisation. but now nor can other managers raid the pot without him
users then are either randomly assigned to a manager or choose their favourite manager due to what services they are associated with. and each manager then 'controls' its own userbase.
much like brank branches

also you can have users in the offchain. have their addresses be multisig.  but also contingent on the user+plus their manager+9other treasurers.. all cross signing off on the payment
(u)+(m1)+9of14

that way users have some control and its not all managed/abused by a manager or collusion of managers
a payment wont be valid unless a users sig is part of the deal

in practice this is hard because most users dont read raw tx data to check if their key is put into the contingent position or just part of the regular collective 14.
but you can easily code some checker for that

I really like the idea of having the users work together with nodes on the network in order to deposit into or withdraw from the treasury. I might be misreading your post but it sounds like the treasury is rather dependent on these 15 manager nodes. How about each deposit into the network has its own multi-sig address? The address can formed like this:
 
1. The user generates a private key using a shared secret algorithm.
2. The nodes on the network generate a private key:
     a. Each node creates a random shared secret
     b. The nodes elect a random node
     c. The elected node puts together 2/3 of the shared secrets to generate a new secret. This will be the network's private key.
3. The elected node and the user both create a public key from their respective private keys
4. The multi-sig address is formed from the public keys and propagated through the network
5. The user sends a shared secret to each node online at the time. It would take 2/3 of the nodes online at the time to reconstruct the private key.

At the end of this process each node should have the address, their own shared secret, and a shared secret from the user. All the multi-sig addresses generated this way are the "treasury". If someone needs to transfer funds outside the network, the nodes can coordinate to recover bitcoin in these addresses. The private keys are backed up on the network without any one node knowing all two keys required to unlock the address. Since the treasury is spread out across different addresses, there isn't a single point of failure. If one address in compromised, the other addresses are likely to be safe.

A malicious actor could take funds out of an address in two ways:

1. Control 2/3 of the network at the time the address was made
2. Control the user and the randomly elected node at the time the address was made

First one could be deterred through normal anti-Sybil attack countermeasures like staking or PoW. The second one is tougher. Sybil attack countermeasures can help keep the bad actor from spamming nodes. The randomness makes it less likely the bad nodes get picked the larger the network becomes. I'm having trouble thinking of other ways around this. Another thing is that I would be worried about how much bandwidth a protocol like this could take up.

[mju_crypto]

i was more tweaking your idea of the 1 treasury address with 15 nodes managing it.. and sugesting that 1 address with a 10of15 is ripe for abuse via 10 colluding nodes raiding the share of 15 to pay out to the 10
leaving the 5 pennyless and not in control

Ah okay, you were just using 15 nodes in the network as a whole for an example.

as for your 2/3 collective and an elected node puts together..(facepalm)
that randomly elective node could just choose 2/3rds (10 of 15) nodes it prefers.. leaving the 1/3rd not in control.

imagine it your way.
you and 14 other people colect together and make addresses your way 10of15. you 'feel' you have some control of the collective because you see a unique address. and so you start establishing customers/users within your branch of the DAG.

but 10 nodes in your collective have colluded with each other to make 'your unique address' with THEIR prefered scripts.... and raid your pile of funds in your branch

Good point. I didn't take the remaining third into consideration. How about this:
     a. Each node creates a random shared secret
     b. The nodes elect a random node
     c. The elected node puts together 2/3 of the shared secrets to generate a new secret. This will be the network's private key.
     d. The elected node creates new shared secrets and distributes them to each node on the network
This way any 2/3 of the network can reproduce the key, including the third left out when the key was originally created. I chose 2/3 since it seems to be the standard assumption for BFT systems, that at least 2/3 of the nodes are honest.

remember users dont read raw tx data or 'read-by-hand' the makeup of the script

Can you elaborate more on this?

imagine it my way
atleast have a stop method that it needs YOUR authority and atleast 9 others to authorise movement from YOUR branch of funds

like properly in the code users own address is paramount and significant. and a way to have a check mechanism to ensure the users key is significant/needed. in the multisig

i have seen many people think they are in a 2of3 multisig and provided with a public key. but found out the other 2 never NEEDED him to take his funds from him.

a better multisig is a 1special +1of2  in a 3way multisig
                               1special +3of5 in a 8 way multisig
                               1special +5of8 in a 9way multisig
                               1special +9 of 14 in a 15 way multisig

I really like this idea. It stops any one party from accessing the funds without the permission of the other. Maybe this could be combined with the secret shares algorithms to make sure the funds are always accessible.

[mju_crypto]

i was more tweaking your idea of the 1 treasury address with 15 nodes managing it.. and sugesting that 1 address with a 10of15 is ripe for abuse via 10 colluding nodes raiding the share of 15 to pay out to the 10
leaving the 5 pennyless and not in control

Ah okay, you were just using 15 nodes in the network as a whole for an example.

as for your 2/3 collective and an elected node puts together..(facepalm)
that randomly elective node could just choose 2/3rds (10 of 15) nodes it prefers.. leaving the 1/3rd not in control.

imagine it your way.
you and 14 other people colect together and make addresses your way 10of15. you 'feel' you have some control of the collective because you see a unique address. and so you start establishing customers/users within your branch of the DAG.

but 10 nodes in your collective have colluded with each other to make 'your unique address' with THEIR prefered scripts.... and raid your pile of funds in your branch

Good point. I didn't take the remaining third into consideration. How about this:
     a. Each node creates a random shared secret
     b. The nodes elect a random node
     c. The elected node puts together 2/3 of the shared secrets to generate a new secret. This will be the network's private key.
     d. The elected node creates new shared secrets and distributes them to each node on the network
This way any 2/3 of the network can reproduce the key, including the third left out when the key was originally created. I chose 2/3 since it seems to be the standard assumption for BFT systems, that at least 2/3 of the nodes are honest.

remember users dont read raw tx data or 'read-by-hand' the makeup of the script

Can you elaborate more on this?

you dont need to elect a node to create the addresses then distribute them
instead everyone shares with everyone. and they all individually make the (1)+14 address public address requiring (1)+9 sig. if they all done the math right.. they all get the same address result. they then push to each other the address to confirm they all performed the math correctly
.. no trust is needed. no elected node is needed. .. everyone independently makes the multisig
and then double checks with each other they got matching results
all thats required is the code algorithm for forming a address is that participants just get 15 addresses and put them in a certain order. then they can all do that independantly

..as for elaborating.. most average joes dont know code and cant understand what raw tx data or know the technicals of how key creation methods work. so you need to have a user front end /graphic interface that can check which of the 15 addresses are important so that the user knows funds in his address require his permission..

i say this because current idea's of future bitcoin transaction formats for privacy will HIDE how and who is involved in making the multisig. which is a audit/control flaw. it means  no one will know if its a 3-5 or 2-6 or 10-15 and not know which addresses signed which. leaving it open to exploitation by collusion
so ensuring you have a clear open way for users to clarify they are important. without them having to know code/cryptography or binary.. will help

like i said. a user putting his public key first and then the rest where the code treats key 1 as primary essential key. the user can just make the multisig address and check his key is first. and so know his permission is always needed.

Thanks for your patience, I really appreciate it!
So the essential key would always be in the custody of the user (i.e. never backed up via secret sharing)? If so, how would we recover funds in the address if the user were to ever go offline, like if their phone were destroyed?
I ask this because that address would be part of the treasury. If someone wanted to move bitcoin out of the network, to cold storage for example, the network would need to be able to perform the transaction using the address if necessary. If there was ever a run on the network, I'd like for everyone to be able to get their sats back.

[mju_crypto]

Okay, I've completely overhauled the whitepaper. Instead of being on the wiki, I'm uploading it as a pdf for now. It is easier to maintain since Github Markdown doesn't seem to support LaTeX. If anyone knows how to create equations in Github Markdown, let me know!

Living Whitepaper: https://www.notion.so/davidnettey/Scaling-Bitcoin-Through-Off-chain-Verification-and-On-chain-Settlement-d1b59017badd4707b6fadf7db620d7f2

The gist of the pivot is this:

• No longer using ORV as the consensus mechanism
• Using Avalanche as consensus mechanism
• The second layer network now acts like a decentralized payment processor
• Users control their own funds

Abstract:

Bitcoin was created as a new type of currency that could improve on the short falls of fiat currencies. It is decentralized, permission-less, immune to hyperinflation, and open source. Despite all these advantages, it does have flaws and limitations. One of the most pressing limitations in Bitcoin is scaling. Bitcoin has a low transaction throughput, about 3 to 7 transactions per second [5]. When the network is congested, transaction fees can skyrocket. In order for Bitcoin to be used widely as a peer to peer cash system, it must solve its scaling issues.

To increase transaction speeds, we can make use of a second layer network. This network will act as a verification layer, allowing transactions to be viewed and spent much faster. The Avalanche consensus mechanism will be used to track and verify transactions off-chain. The Bitcoin network will act as the settlement layer. A user's wallet will periodically post a clearing transaction to the Bitcoin network containing verified but unsettled transactions. In order to save on fees, the clearing transaction will be comprised of multiple off-chain transactions. The second layer network essentially acts as a decentralized, trustless bank card issuer and payment processor for the Bitcoin network.

Let me know if there are any improvements I can make!

[mju_crypto]

I've modified the living whitepaper and redid the math. Also, the whitepaper is now just a Notion page.