Guide for social media companies plunge into cryptocurrency

I dug into a 26-page technical document describing the protocol to be used as a platform for Facebook Libra coins (and more.) It has 53 impressive writers! Here are the details:


The Libra protocol allows a set of replicas - referred to as validators - from different authorities to jointly maintain a database of programmable resources.

There are no mincing words here - the system will be controlled by a series of top-down authorities. However, please note that he said the database was for "programmable resources" rather than just digital currency.

This resource is owned by various user accounts that are authenticated by public key cryptography and comply with special rules specified by the developer of this resource.

The use of common words like "resources" makes me suspect that this is more than just stablecoin.

Transactions are based on predetermined contracts and, in the future, user-defined smart contracts in a new programming language called Move. We use Move to determine the core mechanisms of the blockchain, such as currency and validator membership.

Okay, now it's getting more interesting. The use of smart contract languages ​​specifically created will generate many questions about how rich the language is, and as a result, how strong the system is against conflicting contracts. There will also be questions about developer friendliness and how well Libra can protect smart contract developers from shooting themselves.

This core mechanism allows for the creation of a unique governance mechanism that builds on the stability and reputation of institutions that existed in the early days but transitioned to a fully open system over time.

It sounds like the Libra Association will become a federation that can flourish with the help of a voting system and a kind of pre-existing reputation.

1. Introduction

This ecosystem will offer a new global currency - Libra coins - which will be fully supported by a basket of high-quality bank deposits and cash from a central bank.

Libra is a generic crypto asset protocol, and the first asset is stable.

Over time, eligibility for membership will shift to being fully open and only based on ownership of Libra members.

Sounds a lot like proof of ownership. Apparently, the plan is to open membership after five years, and hopefully they will find proof of ownership at that time - although I hope they will experience the same problem as Ethereum.

The association has published a report outlining ... the road map for changes to the system without permission.

I am pretty sure this will be the first time a distributed network has gone from being allowed to without permission. It may be that the network as a whole can turn to proof of ownership, but for the stable stake / basket to be maintained, several sets of entities must keep the bridge open to the traditional financial system. This will be a persistent centralized control point through the Libra Association.

Validators take turns pushing the transaction receipt process. When the validator acts as a leader, it proposes transactions, both those that are directly submitted to him by the client and those that are indirectly conveyed through other validators, to other validators. All validators carry out transactions and form authenticated data structures that contain a new ledger history. The validator votes the authenticator for this data structure as part of the consensus protocol.

This sounds like a practical Byzantine Fault Tolerance, which is a 20-year algorithm that is well understood, although they might make some adjustments. We learn in Part 5 of the white paper called LibraBFT, which is a variant of the HotStuff consensus protocol.

As part of conducting T transactions in version i, the consensus protocol issues signatures on the full status of the database in version i - including its entire history - to authenticate responses to questions from clients.

This is important, especially because it means that the new validator must be able to join the network and synchronize quickly without having to replay the entire blockchain history, assuming that they trust the existing validator.

2. Logical Data Model

The Libra Protocol uses an account-based data model to encode the ledger status.

From a data structure perspective, Libra is more like Ethereum or Ripple than Bitcoin. The UTXO model has pros and cons - such as better privacy and stronger transaction history due to the simplicity of results-based history - but it may be more difficult to work with complicated smart contracts. Thus the account model makes sense because Facebook might not care about privacy, even though the platform sounds interested in smart contracts.

The Libra Protocol does not link accounts to real world identities. A user is free to create multiple accounts by generating multiple key pairs. Accounts controlled by the same user do not have a default link to each other. This scheme follows the example of Bitcoin and Ethereum which gives users a pseudonym.

This sounds good, but I want to know if this is also the case for Libra Coin, an asset. It would be interesting to observe how open the system is to developers who want to build applications that are more protective of privacy.

Each resource has a type declared by a module. The type of resource is a nominal type consisting of the type name and the name and address of the module that states the resource.

It looks like you can create an address, and that address can have an arbitrarily determined number of assets, as long as each asset has a unique name.

Running a transaction T results in a new ledger status of I i as well as an execution status code, gas usage, and event list.

Well, now we know how the system is protected from resource fatigue attacks, perhaps utilizing a resource cost system similar to Ethereum.

There is no transaction block concept in the history of the general ledger.

Interesting. There is no actual blockchain data structure in the Libra protocol - more blocks are virtual and logical constructs used by the validator for the purpose of coordinating confirmed snapshots of the system state. Reserving, now the first sentence of this section makes more sense:

All data in the Libra Blockchain is stored in a single versioned database. The version number is an unsigned 64-bit integer associated with the number of transactions the system has made.

Every crypto asset network that I know works the same way at a very high level: There is a system status, then the transaction is executed and is effectively a function of the transition state, and then a new system status exists.

The purpose of placing a collection of transactions into a container, or block, is for the purpose of ordering and managing their time. This is especially important with unlicensed networks, where data is authenticated via dynamic multiparty membership signatures where validators can freely join and leave the network. Because Libra operates a permitted system, Libra can use a more efficient consensus algorithm that does not need to group transactions because transaction history is much less likely to be rewritten.

In the early versions of the Libra protocol, only a small portion of the Move function was available to users. While Move is used to define core system concepts, such as Libra currency, users cannot publish special modules that state their own type of resource. This approach allows Moving languages ​​and tool chains to mature - informed by experience in implementing core system components - before being exposed to users. This approach also opposes the challenge of scalability in executing transactions and storing data inherent in general-purpose smart contract platforms.

This sounds very similar to the "open validator membership" plan referred to earlier. It seems as though Facebook hasn't solved one of the big problems Ethereum has been working on for years.

To manage demand for computing capacity, the Libra protocol imposes transaction costs, in Libra coin currency.

Libra Coins are actually the original unit of protocol, like ETH is the original Ethereum unit. This leads to another question about Libra's disguised nature: Can you get coins without AML / KYC? If not, then it looks like you won't be able to use any system functionality anonymously. From reading about the Calibra wallet, it will require AML / KYC. So I wondered if there would later be an on-ramp into a system that was not tightly controlled.

The system is designed to have low costs during normal operation, when sufficient capacity is available.

This is really vague and raises many questions: What is low cost? Is it normal operation? What is adequate capacity?

3. Conduct Transactions

Many parts of the core logic of the blockchain are defined using Moving, including reducing gas costs. To avoid circularity, the VM disables gas measurements during the implementation of these core components.

This sounds very dangerous, but the document authors note that the core components must be written defensively to prevent DoS attacks.

The main feature of Move is the ability to determine specific types of resources ... Move type systems provide special security guarantees for resources. Resources can never be copied, only moved. This guarantee is enforced statically by Move VM. This allows us to represent Libra coins as a type of resource in the Move language.

That clears the previous question whether Libra coins are genuine assets such as ETH or BTC. I hope these coins are only the default or only type of resource that will be allowed in the system when it is launched, and other resources will come later.

Stack-based bytecode steps have fewer instructions than high-level source languages. In addition, each instruction has a simple semantics that can be expressed through a small number of atomic steps. This reduces the traces of the Libra protocol specifications and makes it easier to find implementation errors.

This sounds carefully thought out; hopefully that means the security of their scripting language will be better checked than Ethereum.

4. Authenticated Data Structure and Storage

The Libra protocol uses a single Merkle tree to provide data structures that are authenticated for the history of the general ledger ... in particular, the history ledger uses the Merkle tree accumulator approach to form the Merkle tree, which also provides efficient addition operations.

Once again we see that "The Libra Blockchain" is actually not a blockchain. It is very strange that this protocol seems to be very well designed, but they still refer to it as a blockchain when the general ledger history data structure is a series of signed large countries. Validators make commitments for each ledger country, and all historical ledger countries are also committed to the Merkle tree, but I haven't really seen a list of backlinked data that forms chains - let alone block chains.

Account authentication is a hash of this serial representation.

Note that this representation requires that you recalculate the authenticator through the full account after any modifications to the account. The cost of this operation is O (n), where n is the length of the byte representation of the complete account.

Hmmm, it sounds like a gap for a DoS attack if there is no limit to the amount of data stored by the given account.

We anticipate that when the system is used, eventually storage growth associated with accounts can become a problem. Just as gas encourages responsible use of computing resources, we hope that the same rental-based mechanism may be needed for storage. We assess various approaches to rent-based mechanisms that are most suitable for ecosystems.

Another problem that has not been solved. Can't wait for "Rents are too high!" memes.

The power of choice must remain honest both during the times and for the post-era period to enable clients to synchronize to the new configuration. Clients that are offline longer than this period need to re-synchronize using several external truth sources to get checkpoints that they trust.

Ouch. It is not clear how long this "time period" is, but if the time is less than a day, then I think the "time period" is also determined. It seems that this consensus protocol is not strong enough so participants can leave and rejoin the network as they wish.

5. Byzantine Error Tolerant Consensus

LibraBFT assumes that a set of 3f + 1 votes is distributed among a set of validators that may be honest, or Byzantine. LibraBFT remains safe, preventing attacks such as double discharges and forks when most votes are controlled by Byzantine validators.

Just like PBFT, this consensus algorithm can tolerate 33% of dishonest validators. Modifying HotStuff sounds reasonable:

Hold the non-determinism bug by asking the validator to sign the block status instead of just the order of the transaction.
Pacemakers that issue explicit time limits, and validators depend on the quorum of people to move to the next round - this must increase survival.
Unpredictable leader selection mechanism to limit DoS attacks on leaders.
The aggregate signature protects the identity validator who signs the quorum certificate for selecting block acceptance.

6. Network

Each validator in the Libra protocol maintains a full membership view of the system and connects directly to the validator who needs to communicate with it. Validators that cannot be connected directly are assumed to be within the Byzantine error quota that is tolerated by the system.

It will require a lot of work to scale the system past several hundred validators.

7. Implementation of Libra Core

The security of Libra Blockchain lies in applying the validator, Move program and the correct VM Move. Resolving this issue in Libra Core is a work in progress.

Quite a bit summarize this section, even though they wrote the implementation in Rust, which seems like a good start for performance and safety.

8. Performance

We anticipate the initial launch of the Libra protocol to support 1,000 payment transactions per second with a final time of 10 seconds between the submitted and carried out transactions.

Because there will only be 100 or more validators, and they are all directly connected to each other, a 10 second block time sounds can be done.

Minimum knot requirements:

40 Mbps internet connection
CPU 1 commodity
There are a number of previous references to maintain the validator's ability to synchronize early from scratch, instead of trusting the status signed by another validator. I hope that if Libra is widely used at all, it will quickly become very impractical to synchronize like that, and thus, the node security model will depend heavily on the validator's trust.

9. Implementing Libra Ecosystem Policy with Moves

Reserve [Libra coins] are the main mechanism for achieving value preservation. Through reserves, each coin is fully supported by a set of stable and liquid assets. Libra coin contracts allow associations to print new coins when demand increases and destroy them during demand contracts. The association does not set monetary policy. It can only print and burn coins in response to requests from authorized retailers. The user does not need to worry about associations entering inflation into the system or debating currencies: For new coins to be printed, there must be an equivalent fiat deposit in the reserve.

Okay, but now we talk about events that are outside the network. As stated earlier in the white paper, the network cannot execute scripts that use data input that is external to the network status. So the "can" and "must" modifiers in the above snippet certainly refer to the Libra Association policy or contractual obligations that are not realized by the network.

The consensus algorithm relies on the Move management validator-set management module to maintain the current validator set and manage the allocation of votes among validators. Initially, Libra Blockchain only voted for Founding Members.

Assuming that the validator chooses a change in the validator set, it seems that this produces the same problem as what we see in the proof of a long-range post-attack system. If a sufficient threshold of founding members' private keys is compromised, can an attacker write a new ledger history from scratch? If so, will the other node accept it? It is not clear whether the consensus protocol allows rewriting the old status or if it was only added.

We plan to gradually turn to proof of ownership.

If they can solve an unsolved problem.

Extraordinary Questions

How does the government work?

We can see here that the Libra Association is a member board and 2/3 supermajority is needed to make a change. They are the only ones allowed to print or destroy Libra coins, but they may be able to make whatever changes they wish if there is enough agreement.

Resources: Thoughts on Libra “Blockchain”
Share To:


Post A Comment:

0 comments so far,add yours