zcash-sapling upgrade

On Sunday October 28th, Zcash, a cryptocurrency network designed to enable private transactions, will deploy a system-wide upgrade called Sapling.

The upgrade will drastically improve the performance of its private, or “shielded,” transactions (reducing transaction construction time by as much as 90%).

Zcash currently allows users to choose between a lightweight “transparent” transaction or a heavier “shielded” transaction. The Sapling upgrade will make shielded transfers more efficient, moving Zcash further towards private transfers by default.

As one of the leading Zcash block explorers, we are fully prepared for the upgrade. Users needn’t worry – the block explorer will function just as it would normally.

To find out more, Block Explorer editor Ben Brown spoke to Brad Miller, head of ecosystem development at Zcash.

zcash sapling

Ben Brown: Can you briefly describe Zcash, its key features, and mission?

Brad Miller: Zcash is a privacy-protecting, digital currency built on strong science that is open source, censorship-resistant, and permissionless. 

We are creating a currency that empowers people from anywhere in the world to transact freely with whomever they choose giving them power over their money and their privacy. 

We implemented cutting-edge research in a field of cryptography known as zero-knowledge proofs performed by researchers at some of the most prestigious universities in the world to achieve these strong privacy features.

BB: From a user perspective, what will the Sapling upgrade achieve?

BM: The Sapling upgrade is our largest upgrade ever with significantly improved performance: a time reduction of 90% for constructing transactions, and a memory reduction of over 97%. 

Over time, as companies start implementing the massive efficiency improvements that Sapling enables, users will start to see shielded transactions become ubiquitous. 

The speed improvements that Sapling enables will even allow mobile phones to generate these shielded transactions, which up until this point required quite a bit of computational power only available to a laptop or desktop. 

We think this upgrade is the tipping point to move the Zcash ecosystem toward shielded transactions by default. 

zcash explained

BB: And from a technical perspective, what are you changing?

BM: This upgrade is a complete overhaul of our protocol to introduce these massive performance improvements. Instead of going into technical details I would really recommend those that are interested read our numerous blog posts on the innovations that we’ve introduced in Sapling.

BB: Do Zcash users need to do anything (e.g. migrate funds, upgrade software, change wallets etc.)?

BM: Most cryptocurrency users don’t run their own full node. My recommendations would be to confirm with your service providers for exchange services, wallets, and block explorers that they are ready for the upgrade. 

We have been working hard to make sure all service providers are prepared for the upgrade but I’m sure they would also like to hear the demand from their customers. 

If you do run a Zcash full node, upgrade your node to the latest release, v2.0.1. Users do not need to move their funds as they’re totally safe through this upgrade process.

BB: Will the upgrade result in a fork?

BM: This is a consensus change in the code so old versions of the software won’t be able to join the upgraded network. These upgrades are good for everyone in the ecosystem and there is no contention about the Sapling upgrade in general so we don’t anticipate a fork based on the older consensus rules to persist.

Further reading: What is Hard Fork in Cryptocurrency?

BB: You talk about Sapling moving you towards a “shielded ecosystem.” Can you explain what that means and why it’s so important?

BM: Zcash has two kinds of transactions. The first we call “transparent” transactions and they use an address that begins with a “t”. 

These transactions are almost identical to bitcoin in that they’re fast and efficient but they are totally public and don’t offer any privacy-preserving features. 

The second type of transaction, a “shielded” transaction, uses addresses that begin with a “z”. These shielded transactions provide strong privacy features. 

In order for the ecosystem to move away from using the transparent transactions, we had to upgrade Zcash with the kind of performance improvements that Sapling introduces. 

Now that shielded transactions will become more widespread, more individuals will have access to these private transactions therefore growing the overall private ecosystem. 

Our goal, in the long run, is for all transactions on the Zcash blockchain to be private.

BB: What is the Sapling turnstile and how does it help prevent counterfeiting?

BM: Part of the Sapling upgrade requires users to move any “shielded” funds they have from legacy Sprout addresses (the old system) to the new Sapling addresses if they wish to experience the performance improvements introduced in Sapling. 

We saw a great opportunity to audit the monetary supply of Zcash so we’ve implemented what we’re calling a turnstile in this process which prevents users from sending funds from an old Sprout address directly to a new Sapling address. 

Instead, they’ll have to move funds from a Sprout address to a transparent address, and then to a Sapling address. This process allows anyone to perform an audit of the blockchain which will make it easy to spot if any counterfeiting has been going on in the older Sprout shielded pool of funds. 

We obviously have some recommendations on how to do this to preserve privacy. Users should read more on our documentation website.

BB: Zcash was designed with scheduled breaking changes, is that correct? What type of updates did you have in mind when this was decided, and how does this compare to the upgrades made so far?

BM: We schedule older versions of our software to automatically shut down 16 weeks after release to motivate the node operators on the network to upgrade to the latest software version. 

This helps keep the node versions active on the network within a tight range and makes sure that the user experience across the network is consistent. 

Apart from that we also like to release new features regularly, we believe cryptocurrencies are still in their infancy and there are so many innovations yet to be introduced. 

We try to target a major release once every six months. This year, for instance, we released our Overwinter upgrade which made future upgrades much safer for the network and now Sapling is activating which represents the largest upgrade in our history. 

Moving technology forward and introducing improvements and features is extremely important for the growth of cryptocurrencies at this stage and we want to make sure we stay true to our core principles of quality and safety while also keeping pace with the latest cutting-edge research.

Sapling Upgrade is Fully Compatible With Block Explorer

The Sapling upgrade is due to go live on Sunday 29th October at block 419200.

Block Explorer is fully ready for the upgrade and you can continue to use the Zcash block explorer just as you would normally.

Learned something new in this article? Subscribe to the Block Explorer newsletter.

Monero logo

A huge upgrade to Monero, the 10th largest cryptocurrency network, just made transactions 97% cheaper while maintaining its privacy features. Monero, which is best-known for its anonymous transfers, now uses technology called “Bullet Proofs” to scale up. Armin Davis explains further.

Another six months have gone by, and as such, Monero has performed its bi-yearly network upgrade hard fork. Specifically, the hard fork took place on the 18th of October, at block height 1685555. 

Of the numerous changes made over this upgrade, a few stand out:

  • “Bullet Proofs” greatly reduce transaction size (and therefore transaction fees)
  • Monero’s upgrade further discourages specialist mining tools like ASICs.
  • To maintain privacy, the ring size for all transactions on the Monero network has been fixed to 11.
Monero infographic
Credit: Reddit u/cryptoKL

Explaining Monero’s New “Bullet Proofs”

Prior to this upgrade, Monero used a version of what is called a “range proof”, or zero-knowledge proof”. 

A zero-knowledge proof means that something can be proven true without knowing the actual data. For example, I can prove that it is less than 0°c outside without knowing the actual temperature data. All that I need to do is place some water outside and see if it freezes.

For Monero, range proofs allow outside observers, like other Monero nodes, to confirm that a transaction took place using cryptocurrency that already existed. Rather than currency created out of thin air, or currency already spent elsewhere.

The Downside of the Previous Monero System

The downside of these range proofs is that they are large, each transaction takes up somewhere around 13 kilobytes, which is significantly larger than Bitcoin’s ~ 300-byte transactions. 

With large transactions comes large fees, as the fee you pay is (mostly) based on the size of your transaction in the block. And, while not an issue for Monero, larger transactions can cause network congestion on blockchains with small, fixed size blocks.

bullet proofs

Enter Bullet Proofs: A great improvement on the previous range proofs, reducing transaction size by as much as 80% while maintaining the same level of privacy and ensuring that no foul play occurs. 

As discussed above, the size of your transaction is what determines your fee (mostly). By reducing the transaction size, transaction fees are also greatly reduced (as much as 97%)

A Two-Stage Monero Upgrade

The upgrade to Bullet Proof based transactions will happen in two stages. Starting at height 1685555, the Monero network will be upgraded to v8. On v8, transactions using both the old range proof and the new Bullet Proof system will be accepted on the network. 

Shortly after, at height 1686275, a second hard fork will occur that upgrades Monero to v9. This will cause the Monero network to reject any non-Bullet-Proof based transactions and implements a number of patches to Bullet Proofs.

Crucial Monero Audit Halts Threat of 51% Attack

On the 22nd of October, an embargo was lifted on some major bugs found during an audit of the code around Bullet Proofs. 

Of the few bugs found, the most major involves a method to perform a 51% attack on the Monero network. Due to the magnitude of this bug, information around it was embargoed until a patch was live. As is standard practice for most major bugs. 

The flaw was discovered by OSTIF (The Open Source Technology Improvement Fund) during its audit of Monero’s Bullet Proofs.

A 51% attack involves gaining the lion’s share of mining power on a given blockchain. Once you have the most mining power, you can begin to rewrite history, and otherwise change the blockchain. This is because most blockchain nodes follow the longest chain. If you have the lion’s share of mining power, you control the longest chain.

51% attack explained

There are various methods one can use to gain 51% mining power on a given network. In Monero’s case, a vulnerability was discovered that would allow malicious actors to crash other nodes remotely.

By crashing nodes other than yours, you can begin to chip away at the mining power that is not yours. Once you have removed enough rival mining power, you gain two things; most of the mining profits on the blockchain, and the ability to perform a 51% attack.

Monero Continues to Deter Mining Hardware (ASICs)

Monero developers purposely try to deter giant mining companies (like Bitmain) from monopolizing, and therefore centralizing, the network.

Earlier this year, specifically just before the previous hard fork, Monero’s network “difficulty” (a measure of how difficult it is to mine a block) began to rise uncharacteristically quickly.

It was discovered that the cause of this was that Bitmain had developed a working mining device (ASIC) for the CryptoNight algorithm – the backbone of Monero’s network. 

At the time, a small change to the algorithm was made as a hotfix to make the ASICs unusable on Monero. Said change was referred to as CryptoNight v7.

Monero blocks ASIC miners

Fast forward to this month, and the Beryllium Bullet network upgrade, Monero’s algorithm has once again been changed. Now called CryptoNight v8, it is intended to make producing an ASIC for Monero even more difficult.

How Does CryptoNight Prevent ASIC Miners?

CryptoNight v8 continues the work done by v7, in that it further increases the amount of memory bandwidth used by the algorithm. Specifically, the increase is by a factor of four. 

Unfortunately along with this comes with a slight performance hit to regular CPUs of around 5-20%. The Monero developers and community feel that the performance drop is worth the gained protection from ASICs. And the performance may be gained back through optimizations of mining software.

This change works on the basis that it is prohibitively expensive to add large amounts of fast and high-speed memory to ASICs. A regular desktop CPU usually has somewhere between 4-64MB of cache, of which 2MB will be used per CryptoNight mining thread. 

So for an ASIC looking to run a large number of threads, a large amount of high-speed, cache-like memory will be required. And further still, v8 now requires a 64-byte wide memory access. Which, for a desktop CPU is easy as it should already have the required hardware.

Keeping Monero Private With Fixed Ring Size

Beryllium Bullet changes two things about how Monero users can structure their transactions.

Fixed Ring Size: First off, Monero users can no longer select the ring size of their transactions. Ring size is the number of decoy transactions added to every Monero transaction in order to hide which transfer is the real one in the transaction.

monero-ring-signature
Credit: BitcoinKeskus

This change, while controversial, is intended to help keep all users on the network private. Specifically, keeping transactions private while also keeping some transaction sizes down.

Ring Size Increased to 11: Secondly, the minimum (and now fixed) ring size has been set to 11. This is greater than the previous minimum of 5.

The rationale behind locking the ring size to 11 is that by making all transactions look exactly the same, it’s harder still to trace a given transaction across the network. You want to look the same as everyone else, rather than making a transaction with a massive ring size, which will stand out. While it is true that a larger ring size makes the transaction more private, it also makes the transaction as a whole a lot easier to spot.

Conclusion

Together, these upgrades combine to make Monero transactions 97% cheaper, while deterring mining centralization and maintaining its core privacy features. The upgrades make Monero truly bulletproof.

Learned something new in this article? Subscribe to the Block Explorer newsletter.

The privacy-focused cryptocurrency Verge, is quickly becoming a running joke within the cryptocurrency industry, after repeatedly suffering 51% attacks and having hackers exploit a vulnerability that’s led to millions of dollars in Verge tokens being stolen.

It started back in April, when Verge suffered a small 51% attack that resulted in 250,000 XVG being stolen by hackers. Verge responded by hard-forking their blockchain, however, the 51% attack was repeated just last week when hackers added a second algorithm to exploit the same vulnerability previously used by the attackers.

51% attacks happen when hackers use a malicious code to mine multiple blocks per minute on a blockchain, allowing the attackers to gain majority control over network hashrates and move XVG to their wallets. At the peak of the second attack, the hackers were mining 25 blocks per minute, or roughly 8250 XVG or $950 a minute being stolen by thieves.

Verge downplayed the attack as nothing more than a DDoS attack, but according to reports, over 35 million in XVG tokens, amounting to over $1.7 million dollars, was stolen as a result of the attack.

Today, the prominent BitcoinTalk ocminer user who discovered the last two attacks, is reporting that Verge has yet again suffered a 51% attack. In the BitcoinTalk forum thread titled “Network Attack on XVG / Verge” ocminer says “Yup… attack again.. as already said, simply reducing drift time doesn’t fix it..”

Verge’s blockchain isn’t the only location hackers have targeted. Verge’s twitter account was also compromised this past March in an unrelated attack.

On a more positive note, Verge made news for becoming the first ever cryptocurrency to be accepted by adult entertainment website Pornhub for their premium subscription services. As one Redditor so cheekily said “Maybe they should take a note from Pornhub and learn to plug up the holes on their blockchain.”

The European Union (EU) General Data Protection Regulation (GDPR) is a law designed to enhance the protection of personal data and give individuals greater control over their own data.  While the law applies to individuals and personal data resident in the EU, many organizations and services are taking the opportunity to revise their policies and practices for all users.  As the GDPR comes into effect today, May 25, 2018, many cryptocurrency service providers have made changes to bring their policies and practices into compliance. 

GDPR and Blockchain

A key objective of the GDPR empowers individuals (or data subjects) with various rights.  Some of these rights align well with blockchain technology. For example, the GDPR includes a right to information, giving individuals the right to request how their personal data is being shared and processed.  The right to access is also a step towards greater transparency, as it allows individuals the opportunity to view their own personal data that has been collected by an organization or service.  IBM has released a white paper outlining some key ways that blockchain technology can be used to support the goals of GDPR and enhance compliance.

However, the GDPR also enforces “the right to be forgotten”, which provides individual data subjects with a right to request the deletion of personal data.  Immutability is a core feature of blockchain technology, and without a central authority to oversee the erasure of any personal data, this part of the GDPR presents a considerable challenge for any open blockchain network that has stored personal data on the blockchain.   

Andries Van Humbeeck, Blockchain consultant for TheLedger.be, highlights this potential clash between GDPR and the blockchain:

And here is the paradox: The goal of GPDR is to “give citizens back the control of their personal data, whilst imposing strict rules on those hosting and ‘processing’ this data, anywhere in the world.” Also, one of the things GDPR states is that data “should be erasable”. Since throwing away your encryption keys is not the same as ‘erasure of data’, GDPR prohibits us from storing personal data on a blockchain level. Thereby losing the ability to enhance control of your own personal data.

Source: The Blockchain-GDPR Paradox, Andries Van Humbeeck, November 21, 2017.

GDPR and Cryptocurrency Services

If you use cryptocurrency services, including exchanges, wallets, and peer-to-peer marketplaces, you probably have received emails over the past month advising you of revisions to privacy policies and terms of service.  While the specifics of these changes will vary, here is a brief overview of a few trends to be aware of:

  • Consolidation of personal data:  In anticipation of user requests to view, modify, move or delete personal data, you can expect some services to restrict users to the use of a single account.  You can also expect to see services implementing portals and tools that display all personal data connected to an individual user in a single location, and allow users to make requests regarding that data.
  • Detailed rationale around personal data collection & usage:  The GDPR expects service providers to provide clear, plain-language explanations of why your personal data is processed at a detailed, granular level.  This is an excellent opportunity to understand where data is being collected for regulatory purposes, where it’s being collected for the purposes of operating a given service, and where it’s being requested for the purposes of advertising and revenue-generation.
  • Identification of third parties with access to your data, and how they are using it:  Service providers often allow third-parties to access and process your data as part of service delivery.  These third parties may be processing your data for a wide range of purposes, including identity verification, transaction processing, tracking how a service is used, and identifying & correcting bugs or service errors.  Updates to privacy policies and terms of service should clarify where third parties may be used to process your personal data. To some extent, this also allows users to “peek behind the curtain” and learn more about how their chosen service providers conduct their businesses and who they partner with.
  • Restriction of service and features based on geographic location:  While some service providers are bringing changes into effect for all users, regardless of geographic location, others have established separate policies and practices for EU residents.  For example, Coinbase has implemented separate Privacy Policies for the UK and the US and is currently only allowing EU residents to access the privacy rights dashboard.  Some North American sites and news organizations have blocked EU residents from access or shuttered operations entirely, including peer-to-peer network CoinTouch, which announced its closure due to the costs of implementing GDPR compliance in early May.   

 

Is GDPR having an unexpected impact on a cryptocurrency or your preferred cryptocurrency service provider?  Let us know in the comments.

Included in the original Lightning Network specification is a proposal to use Onion routing for transactions. Onion routing, the same technology that powers the Tor network, would increase both security and privacy on the Lightning Network.

What this means for privacy

Currently, when sending transactions that cross multiple channels over the Lightning Network, each node in the chain knows everything about the transaction. Information such as who it came from, where it is going, and how much is being transferred is exposed. Having this information exposed is a privacy issue, as anyone can see who you are sending a transaction to. Onion routing intends to solve this issue. The content of the transaction is hidden to all but those involved when using Onion routing. Every other node in the chain simply knows enough to pass it along.

How Onion routing works

With Onion routing, each node is only told enough information to pass the transaction along to the next node on the route. This means that no-one can snoop on your transactions, but they will still get to their destination. Onion routing works by wrapping a packet (in this case a transaction) in more and more data. One piece of data for each node on the route. When passing through a node, the outermost data is decrypted and used to identify the next node. Before sending the packet, the node destroys the data that it used to figure out where the packet goes next and puts the data the next node will use in its place.

In the case of the Lightning Network, the node does the same process mentioned before but also collects its fee. The origin node calculates and adds each node’s fee during the creation of the transaction.