# Directed acyclic graphs (DAGs) - BitcoinWiki

• Directed acyclic graphs (DAGs) - BitcoinWiki
• Blockchain Charts
• BTCUSD — Bitcoin Chart und Kurs — TradingView
• Blockchain Charts
• Transaction Data - How Does Bitcoin Work?

##### Bob The Magic Custodian

Summary: Everyone knows that when you give your assets to someone else, they always keep them safe. If this is true for individuals, it is certainly true for businesses.
Custodians always tell the truth and manage funds properly. They won't have any interest in taking the assets as an exchange operator would. Auditors tell the truth and can't be misled. That's because organizations that are regulated are incapable of lying and don't make mistakes.

First, some background. Here is a summary of how custodians make us more secure:

Previously, we might give Alice our crypto assets to hold. There were risks:
• Alice might take the assets and disappear.
• Alice might spend the assets and pretend that she still has them (fractional model).
• Alice might store the assets insecurely and they'll get stolen.
• Alice might give the assets to someone else by mistake or by force.

But "no worries", Alice has a custodian named Bob. Bob is dressed in a nice suit. He knows some politicians. And he drives a Porsche. "So you have nothing to worry about!". And look at all the benefits we get:
• Alice can't take the assets and disappear (unless she asks Bob or never gives them to Bob).
• Alice can't spend the assets and pretend that she still has them. (Unless she didn't give them to Bob or asks him for them.)
• Alice can't store the assets insecurely so they get stolen. (After all - she doesn't have any control over the withdrawal process from any of Bob's systems, right?)
• Alice can't give the assets to someone else by mistake or by force. (Bob will stop her, right Bob?)
• Alice can't lose access to the funds. (She'll always be present, sane, and remember all secrets, right?)
See - all problems are solved! All we have to worry about now is:
• Bob might take the assets and disappear.
• Bob might spend the assets and pretend that he still has them (fractional model).
• Bob might store the assets insecurely and they'll get stolen.
• Bob might give the assets to someone else by mistake or by force.
It's pretty simple. Before we had to trust Alice. Now we only have to trust Alice, Bob, and all the ways in which they communicate. Just think of how much more secure we are!

"On top of that", Bob assures us, "we're using a special wallet structure". Bob shows Alice a diagram. "We've broken the balance up and store it in lots of smaller wallets. That way", he assures her, "a thief can't take it all at once". And he points to a historic case where a large sum was taken "because it was stored in a single wallet... how stupid".
"Very early on, we used to have all the crypto in one wallet", he said, "and then one Christmas a hacker came and took it all. We call him the Grinch. Now we individually wrap each crypto and stick it under a binary search tree. The Grinch has never been back since."

"As well", Bob continues, "even if someone were to get in, we've got insurance. It covers all thefts and even coercion, collusion, and misplaced keys - only subject to the policy terms and conditions." And with that, he pulls out a phone-book sized contract and slams it on the desk with a thud. "Yep", he continues, "we're paying top dollar for one of the best policies in the country!"
"Can I read it?' Alice asks. "Sure," Bob says, "just as soon as our legal team is done with it. They're almost through the first chapter." He pauses, then continues. "And can you believe that sales guy Mike? He has the same year Porsche as me. I mean, what are the odds?"

"Do you use multi-sig?", Alice asks. "Absolutely!" Bob replies. "All our engineers are fully trained in multi-sig. Whenever we want to set up a new wallet, we generate 2 separate keys in an air-gapped process and store them in this proprietary system here. Look, it even requires the biometric signature from one of our team members to initiate any withdrawal." He demonstrates by pressing his thumb into the display. "We use a third-party cloud validation API to match the thumbprint and authorize each withdrawal. The keys are also backed up daily to an off-site third-party."
"Wow that's really impressive," Alice says, "but what if we need access for a withdrawal outside of office hours?" "Well that's no issue", Bob says, "just send us an email, call, or text message and we always have someone on staff to help out. Just another part of our strong commitment to all our customers!"

"What about Proof of Reserve?", Alice asks. "Of course", Bob replies, "though rather than publish any blockchain addresses or signed transaction, for privacy we just do a SHA256 refactoring of the inverse hash modulus for each UTXO nonce and combine the smart contract coefficient consensus in our hyperledger lightning node. But it's really simple to use." He pushes a button and a large green checkmark appears on a screen. "See - the algorithm ran through and reserves are proven."
"Wow", Alice says, "you really know your stuff! And that is easy to use! What about fiat balances?" "Yeah, we have an auditor too", Bob replies, "Been using him for a long time so we have quite a strong relationship going! We have special books we give him every year and he's very efficient! Checks the fiat, crypto, and everything all at once!"

"We used to have a nice offline multi-sig setup we've been using without issue for the past 5 years, but I think we'll move all our funds over to your facility," Alice says. "Awesome", Bob replies, "Thanks so much! This is perfect timing too - my Porsche got a dent on it this morning. We have the paperwork right over here." "Great!", Alice replies.
And with that, Alice gets out her pen and Bob gets the contract. "Don't worry", he says, "you can take your crypto-assets back anytime you like - just subject to our cancellation policy. Our annual management fees are also super low and we don't adjust them often".

How many holes have to exist for your funds to get stolen?
Just one.

Why are we taking a powerful offline multi-sig setup, widely used globally in hundreds of different/lacking regulatory environments with 0 breaches to date, and circumventing it by a demonstrably weak third party layer? And paying a great expense to do so?
If you go through the list of breaches in the past 2 years to highly credible organizations, you go through the list of major corporate frauds (only the ones we know about), you go through the list of all the times platforms have lost funds, you go through the list of times and ways that people have lost their crypto from identity theft, hot wallet exploits, extortion, etc... and then you go through this custodian with a fine-tooth comb and truly believe they have value to add far beyond what you could, sticking your funds in a wallet (or set of wallets) they control exclusively is the absolute worst possible way to take advantage of that security.

The best way to add security for crypto-assets is to make a stronger multi-sig. With one custodian, what you are doing is giving them your cryptocurrency and hoping they're honest, competent, and flawlessly secure. It's no different than storing it on a really secure exchange. Maybe the insurance will cover you. Didn't work for Bitpay in 2015. Didn't work for Yapizon in 2017. Insurance has never paid a claim in the entire history of cryptocurrency. But maybe you'll get lucky. Maybe your exact scenario will buck the trend and be what they're willing to cover. After the large deductible and hopefully without a long and expensive court battle.

And you want to advertise this increase in risk, the lapse of judgement, an accident waiting to happen, as though it's some kind of benefit to customers ("Free institutional-grade storage for your digital assets.")? And then some people are writing to the OSC that custodians should be mandatory for all funds on every exchange platform? That this somehow will make Canadians as a whole more secure or better protected compared with standard air-gapped multi-sig? On what planet?

Most of the problems in Canada stemmed from one thing - a lack of transparency. If Canadians had known what a joke Quadriga was - it wouldn't have grown to lose $400m from hard-working Canadians from coast to coast to coast. And Gerald Cotten would be in jail, not wherever he is now (at best, rotting peacefully). EZ-BTC and mister Dave Smilie would have been a tiny little scam to his friends, not a multi-million dollar fraud. Einstein would have got their act together or been shut down BEFORE losing millions and millions more in people's funds generously donated to criminals. MapleChange wouldn't have even been a thing. And maybe we'd know a little more about CoinTradeNewNote - like how much was lost in there. Almost all of the major losses with cryptocurrency exchanges involve deception with unbacked funds. So it's great to see transparency reports from BitBuy and ShakePay where someone independently verified the backing. The only thing we don't have is: • ANY CERTAINTY BALANCES WEREN'T EXCLUDED. Quadriga's largest account was$70m. 80% of funds are in 20% of accounts (Pareto principle). All it takes is excluding a few really large accounts - and nobody's the wiser. A fractional platform can easily pass any audit this way.
• ANY VISIBILITY WHATSOEVER INTO THE CUSTODIANS. BitBuy put out their report before moving all the funds to their custodian and ShakePay apparently can't even tell us who the custodian is. That's pretty important considering that basically all of the funds are now stored there.
• ANY IDEA ABOUT THE OTHER EXCHANGES. In order for this to be effective, it has to be the norm. It needs to be "unusual" not to know. If obscurity is the norm, then it's super easy for people like Gerald Cotten and Dave Smilie to blend right in.
It's not complicated to validate cryptocurrency assets. They need to exist, they need to be spendable, and they need to cover the total balances. There are plenty of credible people and firms across the country that have the capacity to reasonably perform this validation. Having more frequent checks by different, independent, parties who publish transparent reports is far more valuable than an annual check by a single "more credible/official" party who does the exact same basic checks and may or may not publish anything. Here's an example set of requirements that could be mandated:
• First report within 1 month of launching, another within 3 months, and further reports at minimum every 6 months thereafter.
• No auditor can be repeated within a 12 month period.
• All reports must be public, identifying the auditor and the full methodology used.
• All auditors must be independent of the firm being audited with no conflict of interest.
• Reports must include the percentage of each asset backed, and how it's backed.
• The auditor publishes a hash list, which lists a hash of each customer's information and balances that were included. Hash is one-way encryption so privacy is fully preserved. Every customer can use this to have 100% confidence they were included.
• If we want more extensive requirements on audits, these should scale upward based on the total assets at risk on the platform, and whether the platform has loaned their assets out.
There are ways to structure audits such that neither crypto assets nor customer information are ever put at risk, and both can still be properly validated and publicly verifiable. There are also ways to structure audits such that they are completely reasonable for small platforms and don't inhibit innovation in any way. By making the process as reasonable as possible, we can completely eliminate any reason/excuse that an honest platform would have for not being audited. That is arguable far more important than any incremental improvement we might get from mandating "the best of the best" accountants. Right now we have nothing mandated and tons of Canadians using offshore exchanges with no oversight whatsoever.

Transparency does not prove crypto assets are safe. CoinTradeNewNote, Flexcoin ($600k), and Canadian Bitcoins ($100k) are examples where crypto-assets were breached from platforms in Canada. All of them were online wallets and used no multi-sig as far as any records show. This is consistent with what we see globally - air-gapped multi-sig wallets have an impeccable record, while other schemes tend to suffer breach after breach. We don't actually know how much CoinTrader lost because there was no visibility. Rather than publishing details of what happened, the co-founder of CoinTrader silently moved on to found another platform - the "most trusted way to buy and sell crypto" - a site that has no information whatsoever (that I could find) on the storage practices and a FAQ advising that “[t]rading cryptocurrency is completely safe” and that having your own wallet is “entirely up to you! You can certainly keep cryptocurrency, or fiat, or both, on the app.” Doesn't sound like much was learned here, which is really sad to see.
It's not that complicated or unreasonable to set up a proper hardware wallet. Multi-sig can be learned in a single course. Something the equivalent complexity of a driver's license test could prevent all the cold storage exploits we've seen to date - even globally. Platform operators have a key advantage in detecting and preventing fraud - they know their customers far better than any custodian ever would. The best job that custodians can do is to find high integrity individuals and train them to form even better wallet signatories. Rather than mandating that all platforms expose themselves to arbitrary third party risks, regulations should center around ensuring that all signatories are background-checked, properly trained, and using proper procedures. We also need to make sure that signatories are empowered with rights and responsibilities to reject and report fraud. They need to know that they can safely challenge and delay a transaction - even if it turns out they made a mistake. We need to have an environment where mistakes are brought to the surface and dealt with. Not one where firms and people feel the need to hide what happened. In addition to a knowledge-based test, an auditor can privately interview each signatory to make sure they're not in coercive situations, and we should make sure they can freely and anonymously report any issues without threat of retaliation.
A proper multi-sig has each signature held by a separate person and is governed by policies and mutual decisions instead of a hierarchy. It includes at least one redundant signature. For best results, 3of4, 3of5, 3of6, 4of5, 4of6, 4of7, 5of6, or 5of7.

History has demonstrated over and over again the risk of hot wallets even to highly credible organizations. Nonetheless, many platforms have hot wallets for convenience. While such losses are generally compensated by platforms without issue (for example Poloniex, Bitstamp, Bitfinex, Gatecoin, Coincheck, Bithumb, Zaif, CoinBene, Binance, Bitrue, Bitpoint, Upbit, VinDAX, and now KuCoin), the public tends to focus more on cases that didn't end well. Regardless of what systems are employed, there is always some level of risk. For that reason, most members of the public would prefer to see third party insurance.
Rather than trying to convince third party profit-seekers to provide comprehensive insurance and then relying on an expensive and slow legal system to enforce against whatever legal loopholes they manage to find each and every time something goes wrong, insurance could be run through multiple exchange operators and regulators, with the shared interest of having a reputable industry, keeping costs down, and taking care of Canadians. For example, a 4 of 7 multi-sig insurance fund held between 5 independent exchange operators and 2 regulatory bodies. All Canadian exchanges could pay premiums at a set rate based on their needed coverage, with a higher price paid for hot wallet coverage (anything not an air-gapped multi-sig cold wallet). Such a model would be much cheaper to manage, offer better coverage, and be much more reliable to payout when needed. The kind of coverage you could have under this model is unheard of. You could even create something like the CDIC to protect Canadians who get their trading accounts hacked if they can sufficiently prove the loss is legitimate. In cases of fraud, gross negligence, or insolvency, the fund can be used to pay affected users directly (utilizing the last transparent balance report in the worst case), something which private insurance would never touch. While it's recommended to have official policies for coverage, a model where members vote would fully cover edge cases. (Could be similar to the Supreme Court where justices vote based on case law.)
Such a model could fully protect all Canadians across all platforms. You can have a fiat coverage governed by legal agreements, and crypto-asset coverage governed by both multi-sig and legal agreements. It could be practical, affordable, and inclusive.

Now, we are at a crossroads. We can happily give up our freedom, our innovation, and our money. We can pay hefty expenses to auditors, lawyers, and regulators year after year (and make no mistake - this cost will grow to many millions or even billions as the industry grows - and it will be borne by all Canadians on every platform because platforms are not going to eat up these costs at a loss). We can make it nearly impossible for any new platform to enter the marketplace, forcing Canadians to use the same stagnant platforms year after year. We can centralize and consolidate the entire industry into 2 or 3 big players and have everyone else fail (possibly to heavy losses of users of those platforms). And when a flawed security model doesn't work and gets breached, we can make it even more complicated with even more people in suits making big money doing the job that blockchain was supposed to do in the first place. We can build a system which is so intertwined and dependent on big government, traditional finance, and central bankers that it's future depends entirely on that of the fiat system, of fractional banking, and of government bail-outs. If we choose this path, as history has shown us over and over again, we can not go back, save for revolution. Our children and grandchildren will still be paying the consequences of what we decided today.
Or, we can find solutions that work. We can maintain an open and innovative environment while making the adjustments we need to make to fully protect Canadian investors and cryptocurrency users, giving easy and affordable access to cryptocurrency for all Canadians on the platform of their choice, and creating an environment in which entrepreneurs and problem solvers can bring those solutions forward easily. None of the above precludes innovation in any way, or adds any unreasonable cost - and these three policies would demonstrably eliminate or resolve all 109 historic cases as studied here - that's every single case researched so far going back to 2011. It includes every loss that was studied so far not just in Canada but globally as well.
Unfortunately, finding answers is the least challenging part. Far more challenging is to get platform operators and regulators to agree on anything. My last post got no response whatsoever, and while the OSC has told me they're happy for industry feedback, I believe my opinion alone is fairly meaningless. This takes the whole community working together to solve. So please let me know your thoughts. Please take the time to upvote and share this with people. Please - let's get this solved and not leave it up to other people to do.

Facts/background/sources (skip if you like):
• The inspiration for the paragraph about splitting wallets was an actual quote from a Canadian company providing custodial services in response to the OSC consultation paper: "We believe that it will be in the in best interests of investors to prohibit pooled crypto assets or ‘floats’. Most Platforms pool assets, citing reasons of practicality and expense. The recent hack of the world’s largest Platform – Binance – demonstrates the vulnerability of participants’ assets when such concessions are made. In this instance, the Platform’s entire hot wallet of Bitcoins, worth over $40 million, was stolen, facilitated in part by the pooling of client crypto assets." "the maintenance of participants (and Platform) crypto assets across multiple wallets distributes the related risk and responsibility of security - reducing the amount of insurance coverage required and making insurance coverage more readily obtainable". For the record, their reply also said nothing whatsoever about multi-sig or offline storage. • In addition to the fact that the$40m hack represented only one "hot wallet" of Binance, and they actually had the vast majority of assets in other wallets (including mostly cold wallets), multiple real cases have clearly demonstrated that risk is still present with multiple wallets. Bitfinex, VinDAX, Bithumb, Altsbit, BitPoint, Cryptopia, and just recently KuCoin all had multiple wallets breached all at the same time, and may represent a significantly larger impact on customers than the Binance breach which was fully covered by Binance. To represent that simply having multiple separate wallets under the same security scheme is a comprehensive way to reduce risk is just not true.
• Private insurance has historically never covered a single loss in the cryptocurrency space (at least, not one that I was able to find), and there are notable cases where massive losses were not covered by insurance. Bitpay in 2015 and Yapizon in 2017 both had insurance policies that didn't pay out during the breach, even after a lengthly court process. The same insurance that ShakePay is presently using (and announced to much fanfare) was describe by their CEO himself as covering “physical theft of the media where the private keys are held,” which is something that has never historically happened. As was said with regard to the same policy in 2018 - “I don’t find it surprising that Lloyd’s is in this space,” said Johnson, adding that to his mind the challenge for everybody is figuring out how to structure these policies so that they are actually protective. “You can create an insurance policy that protects no one – you know there are so many caveats to the policy that it’s not super protective.”
• The most profitable policy for a private insurance company is one with the most expensive premiums that they never have to pay a claim on. They have no inherent incentive to take care of people who lost funds. It's "cheaper" to take the reputational hit and fight the claim in court. The more money at stake, the more the insurance provider is incentivized to avoid payout. They're not going to insure the assets unless they have reasonable certainty to make a profit by doing so, and they're not going to pay out a massive sum unless it's legally forced. Private insurance is always structured to be maximally profitable to the insurance provider.
• The circumvention of multi-sig was a key factor in the massive Bitfinex hack of over $60m of bitcoin, which today still sits being slowly used and is worth over$3b. While Bitfinex used a qualified custodian Bitgo, which was and still is active and one of the industry leaders of custodians, and they set up 2 of 3 multi-sig wallets, the entire system was routed through Bitfinex, such that Bitfinex customers could initiate the withdrawals in a "hot" fashion. This feature was also a hit with the hacker. The multi-sig was fully circumvented.
• Bitpay in 2015 was another example of a breach that stole 5,000 bitcoins. This happened not through the exploit of any system in Bitpay, but because the CEO of a company they worked with got their computer hacked and the hackers were able to request multiple bitcoin purchases, which Bitpay honoured because they came from the customer's computer legitimately. Impersonation is a very common tactic used by fraudsters, and methods get more extreme all the time.
• A notable case in Canada was the Canadian Bitcoins exploit. Funds were stored on a server in a Rogers Data Center, and the attendee was successfully convinced to reboot the server "in safe mode" with a simple phone call, thus bypassing the extensive security and enabling the theft.
• Over $200m has been stolen impersonating users of cryptocurrency platforms by one group alone. Here's a list of 10 social engineering attacks against corporate companies. Here's an even larger case. While verification methods are improving, so are methods of identity theft and social engineering. We now have sim swapping and deep fake videos to contend with. Hackers have massive database sets of personal information they can utilize. As the sums at stake increase, so to will the level of effort criminals are willing to undertake. Obscurity for an insecure system will only postpone an attack until the "jackpot" is large enough. • The very nature of custodians circumvents multi-sig. This is because custodians are not just having to secure the assets against some sort of physical breach but against any form of social engineering, modification of orders, fraudulent withdrawal attempts, etc... If the security practices of signatories in a multi-sig arrangement are such that the breach risk of one signatory is 1 in 100, the requirement of 3 independent signatures makes the risk of theft 1 in 1,000,000. Since hackers tend to exploit the weakest link, a comparable custodian has to make the entry and exit points of their platform 10,000 times more secure than one of those signatories to provide equivalent protection. And if the signatories beef up their security by only 10x, the risk is now 1 in 1,000,000,000. The custodian has to be 1,000,000 times more secure. The larger and more complex a system is, the more potential vulnerabilities exist in it, and the fewer people can understand how the system works when performing upgrades. Even if a system is completely secure today, one has to also consider how that system might evolve over time or work with different members. • By contrast, offline multi-signature solutions have an extremely solid record, and in the entire history of cryptocurrency exchange incidents which I've studied (listed here), there has only been one incident (796 exchange in 2015) involving an offline multi-signature wallet. It happened because the customer's bitcoin address was modified by hackers, and the amount that was stolen ($230k) was immediately covered by the exchange operators. Basically, the platform operators were tricked into sending a legitimate withdrawal request to the wrong address because hackers exploited their platform to change that address. Such an issue would not be prevented in any way by the use of a custodian, as that custodian has no oversight whatsoever to the exchange platform. It's practical for all exchange operators to test large withdrawal transactions as a general policy, regardless of what model is used, and general best practice is to diagnose and fix such an exploit as soon as it occurs.
• False promises on the backing of funds played a huge role in the downfall of Quadriga, and it's been exposed over and over again (MyCoin, PlusToken, Bitsane, Bitmarket, EZBTC, IDAX). Even today, customers have extremely limited certainty on whether their funds in exchanges are actually being backed or how they're being backed. While this issue is not unique to cryptocurrency exchanges, the complexity of the technology and the lack of any regulation or standards makes problems more widespread, and there is no "central bank" to come to the rescue as in the 2008 financial crisis or during the great depression when "9,000 banks failed".
• In addition to fraudulent operations, the industry is full of cases where operators have suffered breaches and not reported them. Most recently, Einstein was the largest case in Canada, where ongoing breaches and fraud were perpetrated against the platform for multiple years and nobody found out until the platform collapsed completely. While fraud and breaches suck to deal with, they suck even more when not dealt with. Lack of visibility played a role in the largest downfalls of Mt. Gox, Cryptsy, and Bitgrail. In some cases, platforms are alleged to have suffered a hack and keep operating without admitting it at all, such as CoinBene.
• It surprises some to learn that a cryptographic solution has already existed since 2013, and gained widespread support in 2014 after Mt. Gox. Proof of Reserves is a full cryptographic proof that allows any customer using an exchange to have complete certainty that their crypto-assets are fully backed by the platform in real-time. This is accomplished by proving that assets exist on the blockchain, are spendable, and fully cover customer deposits. It does not prove safety of assets or backing of fiat assets.
• If we didn't care about privacy at all, a platform could publish their wallet addresses, sign a partial transaction, and put the full list of customer information and balances out publicly. Customers can each check that they are on the list, that the balances are accurate, that the total adds up, and that it's backed and spendable on the blockchain. Platforms who exclude any customer take a risk because that customer can easily check and see they were excluded. So together with all customers checking, this forms a full proof of backing of all crypto assets.
• However, obviously customers care about their private information being published. Therefore, a hash of the information can be provided instead. Hash is one-way encryption. The hash allows the customer to validate inclusion (by hashing their own known information), while anyone looking at the list of hashes cannot determine the private information of any other user. All other parts of the scheme remain fully intact. A model like this is in use on the exchange CoinFloor in the UK.
• A Merkle tree can provide even greater privacy. Instead of a list of balances, the balances are arranged into a binary tree. A customer starts from their node, and works their way to the top of the tree. For example, they know they have 5 BTC, they plus 1 other customer hold 7 BTC, they plus 2-3 other customers hold 17 BTC, etc... until they reach the root where all the BTC are represented. Thus, there is no way to find the balances of other individual customers aside from one unidentified customer in this case.
• Proposals such as this had the backing of leaders in the community including Nic Carter, Greg Maxwell, and Zak Wilcox. Substantial and significant effort started back in 2013, with massive popularity in 2014. But what became of that effort? Very little. Exchange operators continue to refuse to give visibility. Despite the fact this information can often be obtained through trivial blockchain analysis, no Canadian platform has ever provided any wallet addresses publicly. As described by the CEO of Newton "For us to implement some kind of realtime Proof of Reserves solution, which I'm not opposed to, it would have to ... Preserve our users' privacy, as well as our own. Some kind of zero-knowledge proof". Kraken describes here in more detail why they haven't implemented such a scheme. According to professor Eli Ben-Sasson, when he spoke with exchanges, none were interested in implementing Proof of Reserves.
• And yet, Kraken's places their reasoning on a page called "Proof of Reserves". More recently, both BitBuy and ShakePay have released reports titled "Proof of Reserves and Security Audit". Both reports contain disclaimers against being audits. Both reports trust the customer list provided by the platform, leaving the open possibility that multiple large accounts could have been excluded from the process. Proof of Reserves is a blockchain validation where customers see the wallets on the blockchain. The report from Kraken is 5 years old, but they leave it described as though it was just done a few weeks ago. And look at what they expect customers to do for validation. When firms represent something being "Proof of Reserve" when it's not, this is like a farmer growing fruit with pesticides and selling it in a farmers market as organic produce - except that these are people's hard-earned life savings at risk here. Platforms are misrepresenting the level of visibility in place and deceiving the public by their misuse of this term. They haven't proven anything.
• Fraud isn't a problem that is unique to cryptocurrency. Fraud happens all the time. Enron, WorldCom, Nortel, Bear Stearns, Wells Fargo, Moser Baer, Wirecard, Bre-X, and Nicola are just some of the cases where frauds became large enough to become a big deal (and there are so many countless others). These all happened on 100% reversible assets despite regulations being in place. In many of these cases, the problems happened due to the over-complexity of the financial instruments. For example, Enron had "complex financial statements [which] were confusing to shareholders and analysts", creating "off-balance-sheet vehicles, complex financing structures, and deals so bewildering that few people could understand them". In cryptocurrency, we are often combining complex financial products with complex technologies and verification processes. We are naïve if we think problems like this won't happen. It is awkward and uncomfortable for many people to admit that they don't know how something works. If we want "money of the people" to work, the solutions have to be simple enough that "the people" can understand them, not so confusing that financial professionals and technology experts struggle to use or understand them.
• For those who question the extent to which an organization can fool their way into a security consultancy role, HB Gary should be a great example to look at. Prior to trying to out anonymous, HB Gary was being actively hired by multiple US government agencies and others in the private sector (with glowing testimonials). The published articles and hosted professional security conferences. One should also look at this list of data breaches from the past 2 years. Many of them are large corporations, government entities, and technology companies. These are the ones we know about. Undoubtedly, there are many more that we do not know about. If HB Gary hadn't been "outted" by anonymous, would we have known they were insecure? If the same breach had happened outside of the public spotlight, would it even have been reported? Or would HB Gary have just deleted the Twitter posts, brought their site back up, done a couple patches, and kept on operating as though nothing had happened?
• In the case of Quadriga, the facts are clear. Despite past experience with platforms such as MapleChange in Canada and others around the world, no guidance or even the most basic of a framework was put in place by regulators. By not clarifying any sort of legal framework, regulators enabled a situation where a platform could be run by former criminal Mike Dhanini/Omar Patryn, and where funds could be held fully unchecked by one person. At the same time, the lack of regulation deterred legitimate entities from running competing platforms and Quadriga was granted a money services business license for multiple years of operation, which gave the firm the appearance of legitimacy. Regulators did little to protect Canadians despite Quadriga failing to file taxes from 2016 onward. The entire administrative team had resigned and this was public knowledge. Many people had suspicions of what was going on, including Ryan Mueller, who forwarded complaints to the authorities. These were ignored, giving Gerald Cotten the opportunity to escape without justice.
• There are multiple issues with the SOC II model including the prohibitive cost (you have to find a third party accounting firm and the prices are not even listed publicly on any sites), the requirement of operating for a year (impossible for new platforms), and lack of any public visibility (SOC II are private reports that aren't shared outside the people in suits).
• Securities frameworks are expensive. Sarbanes-Oxley is estimated to cost $5.1 million USD/yr for the average Fortune 500 company in the United States. Since "Fortune 500" represents the top 500 companies, that means well over$2.55 billion USD (~$3.4 billion CAD) is going to people in suits. Isn't the problem of trust and verification the exact problem that the blockchain is supposed to solve? • To use Quadriga as justification for why custodians or SOC II or other advanced schemes are needed for platforms is rather silly, when any framework or visibility at all, or even the most basic of storage policies, would have prevented the whole thing. It's just an embarrassment. • We are now seeing regulators take strong action. CoinSquare in Canada with multi-million dollar fines. BitMex from the US, criminal charges and arrests. OkEx, with full disregard of withdrawals and no communication. Who's next? • We have a unique window today where we can solve these problems, and not permanently destroy innovation with unreasonable expectations, but we need to act quickly. This is a unique historic time that will never come again. Thoughts? submitted by azoundria2 to QuadrigaInitiative [link] [comments] ##### CoreX: Bringing Decentralized Governance to the Table  Governance Tokens are being created at rapid pace and being tabbed as a game-changer in the cryptocurrency industry. Allowing a fully decentralized platform with direct control by the community has been the most trustworthy build since Bitcoins inception. Decentralization seems to be the most trustworthy and sustainable option for cryptocurrency projects and offers a sense of transparency and control that everyday enthusiasts just aren't used too. Adding in the fact that a governance is now playing a huge role in factoring into the development of big name projects and en-devours, a perfect storm is brewing. CoreX looks to take this decentralized governance model and apply it in way that has yet to be seen to become that perfect storm. ​ https://preview.redd.it/xm34uw08trt51.jpg?width=513&format=pjpg&auto=webp&s=9e9c2fe17035cd0db8fb76ad293508682beb1f66 CoreX (CXF) is an ERC20 Token which plans to utilize decentralized governance from the beginning of the projects existence by allowing participants to dictate the tokens supply in what is being called a “Supply Determination Event" which will last for a period of 3 days and is currently running as I write this article. In order to contribute to the SDE, you connect your Metamask wallet with the projects site and use the menu to deposit up to 10 ETH after approving through Metamask. What makes this project different from other staking token farms is that it is 100% decentralized and the community is making a key decision in the tokens overall life cycle. Most contracts/crypto projects have a predetermined amount of minted tokens/coins or are infinitely available. ​ The initial contract will mint 1000 CXF. These tokens will be used to provide liquidity on Uniswap. Contribute ETH into the SDE to get ‘CXF/ETH LP’ tokens while also minting the only supply of CXF tokens according to the floor price. Initially, there will be 1,000 CXF minted but this number will be "Post-Determined" by the "Supply Determination Event" No tokens will be set aside for the developers or members of the team working on the project. The project is being fully developed from scratch and it is not a fork or copy of any known existing project. The contracts will also be undergoing an independent audit by a third party auditor, who can be found on Twitter under the tag @ NCyotee (all 5 contracts in the ecosystem are listed at the end of this article. ​ https://preview.redd.it/zb0z0zehurt51.jpg?width=500&format=pjpg&auto=webp&s=a1cf2a00d1a0dc6d4477ead66def517de13cdcad At the end of this event, the minting function will be revoked and from here on in the supply will be fixed to the total amount, set against the floor Price. A diagram outlining the SDE and the subsequent Liquidity Generating Event which I will talk more about later is shown below. ​ https://preview.redd.it/o83tpkw8trt51.jpg?width=1079&format=pjpg&auto=webp&s=ec5d695b2c953ea320f7409d6d237ba4ef89f871 ​ After the SDE is completed, another event called a "Liquidity Generating Event" is next. This event will also last 3 days. Uniquely, 50% of whatever CXF you mint in the SDE will be given back to you along with Liquidity Pool Tokens. The remaining 50% of CXF will be dispersed to as a reward to yield farmers who stake their CXF/ETH LP Tokens. With supply determined and a floor price established, in theory, price will eventually increase as more ETH is deposited into the contract. This means that potentially whatever CXF you minted are worth more than the initial floor price may in turn keep increasing in value. It is also important to consider that all rewards from the LGE are in LP tokens, not original CXF. ​ The token is still early in development even though we are already heading into day 2 of the SDE. I wanted to break down the above image which shows an outline of how funds will travel through the ecosystem. After the SDE and LGE is complete and tokens are being staked and farmers are being rewarded, everything will come full surface. Farmers will be given the entirety of the 1% transaction fee for the first week that farming begins. After the first week, 93% of the 1% transaction fee rewards are given to the farmers of the staking pool, with 7% of that 1% fee being sent to the developers. It has not been determined if the developers are going to recycle these fees back into the contract or use them for development. That will remain to be seen. Other than these small details, the contract and its tokenomics are quite simple and make for a unique environment which will compete heavily to stay above floor price and keep moving in the right direction. ​ It's important to keep in mind how integral decentralization is to the project and what that means for its future development and opportunities. With this open world type decentralized governance model, anything is possible and anything can be built upon it as the community sees fit. Areas for improvement, innovation, and more are always possible and will help keep CoreX competitive against the next yield farm down the line. This allows a grand opportunity to adapt and change with the ever-growing cryptocurrency space. ​ With hundreds of projects being created every day, it's difficult to see which are the rug pulls and which are the legitimate projects trying to innovate the space. CoreX falls under the latter and I am extremely excited to see the completion of the SDE and LGE so we can see how well this ecosystem flourished. Stay tuned! ​ ​ Pertinent Links: - Website: https://www.Corex.finance - Github: https://Github.com/Corexfinance - Telegram: https://t.me/CoreXFinance - SDE Youtube video: https://www.youtube.com/watch?v=5Bli4FePQR0 - Twitter: https://twitter.com/corexfinance - Uniswap pair: https://etherscan.io/address/0x870ec30ca487c0c228c94bfc06125812722b2ed9 - CoreXVault: https://etherscan.io/address/0xbbad54e4c6a322f785e0f8a3e05912ba028cad4c - FeeApprover: https://etherscan.io/address/0x48a4a3192ad705da0d5d229d963f4c0fd4cd4583 - CXF Token: https://etherscan.io/address/0xaA0C90888Ce7433fB8D61188B7160D501A377527 - SDE Contract: https://etherscan.io/address/0x5584443288371BEF8b4B4405B2a31A75C378c1e4 ​ (I write articles and reviews for legitimate, interesting, up and coming cryptocurrency projects. Feel free to PM me to review your project. Thank you!) ​ ​ Disclaimer: This is not financial advice. The sole purpose of this post/article is to provide and create an informative and educated discussion regarding the project in question. Invest at your own risk. ​ https://preview.redd.it/ywm20r54zrt51.jpg?width=720&format=pjpg&auto=webp&s=1cb1269a991940763c1bf6d3d2cee09b7fdc51ff submitted by Chrisc9234 to CryptoCurrencies [link] [comments] ##### An Exploration of Bitcoin Transactions, the Blockchain, and Miners  submitted by willcosgrove to Bitcoin [link] [comments] ##### JDE Project Rating (A)-Convergent Decentralized Financial Agreement 2020 is the year of the outbreak of the DeFi market. As products of the DeFi 1.0 era, Maker, AAVE, and Compound have become the infrastructure of DeFI. Innovative projects of DeFi 2.0 represented by Uniswap and YFI have gradually attracted the attention of the market. Currently, DeFI 3.0 has emerged, technology innovation + business model innovation has become the theme of 3.0, and innovative projects represented by JDE have gradually occupied the market. This article focuses on the analysis of the JDE project and comprehensively evaluates the JDE project. Project Positioning——A- JDE is called Just for Decentralization. The project is positioned as a decentralized DeFi aggregator protocol. In the current DeFi market, each product is an independent agreement, providing users with independent products. For the user side, every DeFi project operation has a certain threshold. If a user selects multiple DeFi products at the same time, the complexity of the operation will be much higher. JDE's centralized decentralized protocol can better satisfy users' multi-faceted and full-ecological services. You can enjoy DeFi financial services with only one key operation. Aggregation services are the most urgent needs of users in the current market. For example, similar to loan product AAVE, wealth management product Maker, insurance product NXM, etc., users must perform separate operations on each platform if they want to achieve their needs. The high threshold of DeFI will also prevent some users from entering this decentralized world. JDE provides a complete protocol suite to allow users to perform fool-like one-key operations. On JDE's platform, it includes loan agreement, payment agreement, insurance agreement, decentralized transaction agreement and Game ecological agreement. Users can operate a variety of decentralized financial products on the protocol cluster. This positioning is very in line with the needs of current DeFi market users, and can serve millions of DeFi industry users to provide accurate services. Project Technology-A The DeFi project has high technical requirements. Each agreement is an independent individual, so a complete financial agreement aggregator has higher technical requirements. The technology of JDE has been developed for many years. JDE has created an on-chain and off-chain two-layer solution, which allows each protocol to be completed quickly in a short time, and the protocol cluster can also complete the interaction more quickly. Compared with other platforms, JDE's contract interaction time can be reduced by 60%. JDE's Layer 2 solution transfers transactions and transfers on the chain to off-chain, completes a Transaction off-chain, and then performs backup packaging on the chain. At the same time, JDE has added Aztec, a completely anonymous privacy protocol, which can provide more secure and anonymous services than Bitcoin. The following is the technical architecture diagram of JDE JDE implements Full Stake DeFI on the technical side. As the basic ecological platform, JDE integrates mainstream products in the DeFi 1.0 and 2.0 eras, such as Maker, AAVE, BZX, Uniswap, Curve, YFI and other projects. It also provides projects based on ETH Full Stake DeFI, an independent solution, builds mainstream DeFi application components. Realize one end to meet all DeFi requirements. JDE's protocol cluster will choose the most suitable product for users from mainstream products and products built by itself, make intelligent judgments between profitability and security, and then launch products that are most suitable for users. According to the needs of users, it will intelligently choose the products that best meet the users. Each parameter in the JDE aggregation protocol will go through dozens of demonstrations to ensure that each parameter is in the safest state. JDE's technical teams are all from well-known companies around the world, and have a very deep technical foundation in the blockchain field. Compared with the technology of many DeFi projects on the market, the technical requirements of JDE are more complex. The technical aspect scored A. Product solution——A+ JDE provides the safest guarantee for products at the bottom of the technology. Provides the most comprehensive and complete ecological services on the product side. JDE Ecology provides DeFI financial product solutions including asset pools, loan products, payment wallets, trading products DEX, insurance protection products, game products, etc. Throughout the current DeFi financial products on the market, they can only provide a single product and service. But on the JDE platform, users can enjoy all aspects and the entire ecosystem of financial services. From the most basic asset pool for mining, lending to payment, to decentralized DEX platform transactions, insurance services, and game product services. Covers the various needs of mainstream users. The product solution combines the various needs of the market. Focus on the asset pool JDE DAO Pool-V1. This is a more popular mining product today. In this product of JDE, users provide liquidity by depositing mainstream assets ETH, wBTC, USDT, etc., and can perform lending and DEX liquid pool transactions on the platform. Here the user's mortgage loan is a full mortgage, so the platform transplantation can be guaranteed to be in a safe state. When the user's mortgaged assets cannot cover the user's loaned assets, the platform will automatically liquidate. At this time, the platform will charge a 5% liquidation fee. JDE Ecological DEX trading products are also the main source of revenue for the platform. The platform will charge a transaction fee of 0.2%, which is the lowest in the entire network. The handling fees of other platforms are above 0.3%. Users can inject liquidity into the DEX platform to become a market maker. The platform is very friendly to the project party, can list currency without review, and provide automated market services. The DEX trading platform can help the platform earn hundreds of thousands of dollars in handling fees (compared to the trading fee of the Uniswap platform). JDE Eco provides a complete and multi-faceted product solution, and users can enjoy one-stop service. The product angle is rated A. Economic Model-A JDE is the first ecosystem in the entire network to successfully implement DAO governance. If you want to make product-related proposals in the JDE ecosystem, you must get the approval of the autonomous committee, which is composed of all currency holders. Each coin-holding user realizes a complete process of autonomy by voting on proposals. JDE's token, JDE, not only has appreciation rights, but also has very large autonomy rights. Let's take a look at the JDE sub-token economy. The total amount of JDE is 10 million and will never be issued. Among them, 70% is used for community liquidity mining; 5% is owned by the technical team and locked for one year; 1% is for community private placement (20% is issued online, and 10% is released every week); 5% is an insurance pool; 10 % Is the DAO Autonomous Community Ecological Fund. In the JDE economic model, almost 80% of the tokens are allocated to liquid mining, which is a very high proportion. Early rewards can be given to users who participate in the JDE community early. Users can get liquidity rewards for asset deposits, loans, DEX transactions, etc. in the JDE ecosystem. Only the technical section is allocated to the team, and the position is locked for long enough. 10% is the DAO autonomous community ecological fund, which participates in the DAO autonomous ecology. 5% is the insurance pool, which provides liquidity of funds. 1% is given to community welfare and allocated to users who participated in the early stage. The profit of the products and services of JDE ecology will be repurchased in the JDE secondary market, which is always in a state of deflation. This economic model provides a long-term development guarantee for the JDE ecology. The economic model community surpasses most projects in the industry. The economic model is scored as A. Comprehensive analysis, JDE ecology has a layout in the Defi field for many years, and at the same time has a very complete design in project positioning, product solutions, technological development, economic models and other sectors. The products in JDE's product solution will be gradually launched to provide users with the most complete ecological services. The prospects of the JDE project are good. It is currently in the early stages of project development. I look forward to the launch of JDE products to provide users with DeFi ecosystem services! submitted by blockchainlabs-labs to u/blockchainlabs-labs [link] [comments] ##### Summary of Tau-Chain Monthly Video Update - July 2020 Karim Agoras Live: Five functionalities complete: 1. Registration 2. Login 3. User Profile Page 4. Calendar 5. Categories List 6. Wallet Screen Payments: Decided that implementing lightning would be too complex. Instead, we decided to implement our own micropayment mechanism using the native BTC multisig addresses. We are going to use the Omni wallet for payments. TML: Continued debugging, getting a TML demo and test cases ready. Hiring: More hiring efforts to increase team size. Timelines: Committing ourselves to a release of Agoras Live and a basic version of discussions in TML in 2020. Umar: Been working on making improvements to the context free grammar parsing. We now are able to add constraints to productions in the grammar, allowing us to recognize grammars that are context sensitive. Developed test cases for that, too. Tomas: Fixed issues in TML and ran several steps in a TML program. Now adding more tests to make sure everything is stable and won’t break. Also been working on a TML tutorial, a recorded script based on the intro to TML which was contained in the TML Playground. Also new features are going to be covered such as arithmetics. Kilian: More outreach & follow-ups to potential partner universities. Positive response by a professor based in Toronto, presented to him our project. Also, response by KULeuven, Belgium, who unfortunately don’t see a good fit in our project. We’ve had one applicant for the IDNI Grant program and currently are evaluating his proposal. Also, we’ve had an applicant from Bangalore, India for the IDNI Ambassador program and we also have been discussing his proposal. Translation Bounties: We’ve had the blog post “The New Tau” translated to Chinese and have been reviewing the translation. We are going to publish the translation on our website and on the Bitcointalk Chinese forum section. Still to be claimed: German translation of “The New Tau”. Done more effort on reach out to potential tribe channels: Research groups, LinkedIn groups, Facebook groups. Most represented keywords: Complex Adaptive Systems, NLP, Computational Linguistics. Usual feedback: Likes but no further interaction. Created an FAQ answering all possible questions surrounding IDNI, Tau & Agoras Idea: Hosting a virtual panel to spread the word about our project among the scientific community, as well as to create some visual content for our community. Two professors are interested in participating, one from Argentina with a focus in semantic parsing, the other one from the University of Washington with a focus on human-computer interaction and social computing. First step: organizing a pre-panel discussion where in 1on1 calls with the professors we get an opinion of them about what we are doing. Andrei: Agoras Live: Implemented mail system so users now get their mails (e.g. registration email). Improved UX together with Mo’az, e.g. user profiles. Token creation for accessing calls to identify and charge users. Customized Jitsi interface to suit our needs: E.g. display of how much time passed in a call and how much it costs. Next up: Further improve UX; make sure everything works as intended. Mo’az: Almost finished the IDNI website. Added two more pages: Events & Bounties in collaboration with Fola & Kilian. Agoras Live: Finetuned all the website’s components in collaboration with Andrei. Juan: Continued working on the payments system for Agoras Live. Had some delays due to the complexity of debugging such applications. Still, we made significant progress and got the funding transactions implemented over the Lightning network through the Omni layer. Spent time analyzing the minimum amount of BTC to pay for the fees associated to the Omni transactions. We aren’t using segregated witness native addresses and instead are using embedded segregated witness. So transaction sizes are enlarged and transaction fees are a bit higher. So there is a bit of finetuning analysis needed in order to enable the multisig address to pay for the closing & refund transactions. So to provide payment channels over the Omni layer, the main remaining technical detail we have to solve at this point is the closing transaction & the refund transaction. Fola: Have been continuing to look for great talent in different areas. Continued working on website with Mo’az and Kilian. Been working on the branding for Tau & Agoras. Been getting external support to make sure the branding for Tau & Agoras will be as professional as it can be. Working on marketing efforts needed for the release of Agoras Live to get the media pack for marketing ready. Working together with external people to put a plan together for listing the Agoras token on more prominent exchanges as we get closer to release of Agoras Live. Ohad: Continued working on restricted versions of second-order logic to understand how to implement them. There is a translation in the literature about how to convert second-order logic by Horn into Datalog. Also, I have been revisiting papers that deal with descriptive complexity of higher-order logic. They mention that they have a translation from second-order logic to QBF. I wasn’t able to find where they explain this translation but I wrote one of them and he said he will send me the paper. If so, that will be very good because we already have a QBF solver. Any binary decision diagram is already a QBF solver, so we can just translate arbitrary second-order logic formulas into QBF. This will be very helpful for us to implement second-order logic. Also, those papers mention several aspects that are relevant for self-interpretation, the laws of laws. Apparently, they suggest that certain fragments of higher-order logic may also support the laws of laws. But this is part of the papers that I didn’t have access to, so I have to wait to get further clarification. I also pushed the whitepaper significantly this month and hope we will be finishing it soon. Also, I was thinking about some optimizations for the parser and also was looking into the Lightning network. It was my mistake that I haven’t done so beforehand and if I had done it beforehand, I would have understood earlier, that Lightning is too much. It is too drastic of a change to how traditional payments work and there apparently is no reason to believe that it is secure. So I’m glad I discovered better now than later that it’s not something we’d like to rely on, although we can have it as an optional feature. Q&A: Q: With the project development taking longer than other projects such as Tezos, when can AGRS holders expect something to be released and, how can you reassure us that we made the right decision? A: With regards to when we see some releases, it seems that we will see some releases in 2020. For comparing to Ethereum and Tezos: Let’s first talk about funding. Both projects had a lot of money. For Ethereum, the reason for is that it has probably done one of the most aggressive marketing campaigns in history. It was completely lacking any kind of honesty. It was simply aggressive. None of Ethereum’s visions and promises became true. It simply became an insecure platform for scams. None of their vision of creating a world computer, of creating a better society, a better currency, became true. Because of this aggressive marketing, they not only raised a lot of money, they also took the price to be so high in the market. If you remember the campaign of the flipping, they did a whole campaign on how they would overtake the marketcap of Bitcoin. For Tezos, they made maybe the largest ICO in history in terms of money, mainly because they came at the right time, at the top of the bubble in 2017, and also their promises for better coordination didn’t come true. Their solution is based on voting and based on Turing completeness and the only reason why they managed to gain such a market cap as of today, is not because they offer better currency, better society, better anything. It basically is a Ponzi-scheme because they offer very high interest rate by very high inflation (5,51%). The only reason why people buy Tezos is to get into this Ponzi-scheme. Because both Tezos and Ethereum lack any true economical or technological substance, their value will not sustain and this is true for almost all projects in the cryptocurrency world. In the software, high-tech market, if you come up with good tech and you do all the right things, you succeed big time. But if you don’t have it and you are purely relying on brainwashing people, it will not sustain. Of course, our solution is so disruptive and sustainable. We offer to do advancements for humanity and for economy. Q: What three subjects would you first like to see discussed on Tau? A: Of course, picking three subjects now is a bit speculative, but the first thing that comes to mind is the definitions of what good and bad means and what better and worse means. The second subject is the governance model over Tau. The third one is the specification of Tau itself and how to make it grow and evolve even more to suit wider audiences. The whole point of Tau is people collaborating in order to define Tau itself and to improve it over time, so it will improve up to infinity. This is the main thing, especially initially, that the Tau developers (or rather users) advance the platform more and more. Q: What is stopping programmers using TML right now? If nothing, what is your opinion on why they aren’t? A: There is nothing essentially missing in TML in order to let it release. And in fact, we are now working towards packaging it and bringing it towards a release level. For things like documentation, bug fixes, minor features, minor optimizations. We indeed actively work towards releasing TML 1.0 and then we can publish it in e.g. developers channels for them to use it. submitted by m4nki to tauchain [link] [comments] ##### RESEARCH REPORT ABOUT KYBER NETWORK Author: Gamals Ahmed, CoinEx Business Ambassador https://preview.redd.it/9k31yy1bdcg51.jpg?width=936&format=pjpg&auto=webp&s=99bcb7c3f50b272b7d97247b369848b5d8cc6053 # ABSTRACT In this research report, we present a study on Kyber Network. Kyber Network is a decentralized, on-chain liquidity protocol designed to make trading tokens simple, efficient, robust and secure. Kyber design allows any party to contribute to an aggregated pool of liquidity within each blockchain while providing a single endpoint for takers to execute trades using the best rates available. We envision a connected liquidity network that facilitates seamless, decentralized cross-chain token swaps across Kyber based networks on different chains. Kyber is a fully on-chain liquidity protocol that enables decentralized exchange of cryptocurrencies in any application. Liquidity providers (Reserves) are integrated into one single endpoint for takers and users. When a user requests a trade, the protocol will scan the entire network to find the reserve with the best price and take liquidity from that particular reserve. ## 1.INTRODUCTION DeFi applications all need access to good liquidity sources, which is a critical component to provide good services. Currently, decentralized liquidity is comprised of various sources including DEXes (Uniswap, OasisDEX, Bancor), decentralized funds and other financial apps. The more scattered the sources, the harder it becomes for anyone to either find the best rate for their trade or to even find enough liquidity for their need. Kyber is a blockchain-based liquidity protocol that aggregates liquidity from a wide range of reserves, powering instant and secure token exchange in any decentralized application. The protocol allows for a wide range of implementation possibilities for liquidity providers, allowing a wide range of entities to contribute liquidity, including end users, decentralized exchanges and other decentralized protocols. On the taker side, end users, cryptocurrency wallets, and smart contracts are able to perform instant and trustless token trades at the best rates available amongst the sources. The Kyber Network is project based on the Ethereum protocol that seeks to completely decentralize the exchange of crypto currencies and make exchange trustless by keeping everything on the blockchain. Through the Kyber Network, users should be able to instantly convert or exchange any crypto currency. ## 1.1 OVERVIEW ABOUT KYBER NETWORK PROTOCOL The Kyber Network is a decentralized way to exchange ETH and different ERC20 tokens instantly — no waiting and no registration needed. Using this protocol, developers can build innovative payment flows and applications, including instant token swap services, ERC20 payments, and financial DApps — helping to build a world where any token is usable anywhere. Kyber’s fully on-chain design allows for full transparency and verifiability in the matching engine, as well as seamless composability with DApps, not all of which are possible with off-chain or hybrid approaches. The integration of a large variety of liquidity providers also makes Kyber uniquely capable of supporting sophisticated schemes and catering to the needs of DeFi DApps and financial institutions. Hence, many developers leverage Kyber’s liquidity pool to build innovative financial applications, and not surprisingly, Kyber is the most used DeFi protocol in the world. The Kyber Network is quite an established project that is trying to change the way we think of decentralised crypto currency exchange. The Kyber Network has seen very rapid development. After being announced in May 2017 the testnet for the Kyber Network went live in August 2017. An ICO followed in September 2017, with the company raising 200,000 ETH valued at$60 million in just one day.
The live main net was released in February 2018 to whitelisted participants, and on March 19, 2018, the Kyber Network opened the main net as a public beta. Since then the network has seen increasing growth, with network volumes growing more than 500% in the first half of 2019.
Although there was a modest decrease in August 2019 that can be attributed to the price of ETH dropping by 50%, impacting the overall total volumes being traded and processed globally.
They are developing a decentralised exchange protocol that will allow developers to build payment flows and financial apps. This is indeed quite a competitive market as a number of other such protocols have been launched.
In Brief - Kyber Network is a tool that allows anyone to swap tokens instantly without having to use exchanges. - It allows vendors to accept different types of cryptocurrency while still being paid in their preferred crypto of choice. - It’s built primarily for Ethereum, but any smart-contract based blockchain can incorporate it.
At its core, Kyber is a decentralized way to exchange ETH and different ERC20 tokens instantly–no waiting and no registration needed. To do this Kyber uses a diverse set of liquidity pools, or pools of different crypto assets called “reserves” that any project can tap into or integrate with.
A typical use case would be if a vendor allowed customers to pay in whatever currency they wish, but receive the payment in their preferred token. Another example would be for Dapp users. At present, if you are not a token holder of a certain Dapp you can’t use it. With Kyber, you could use your existing tokens, instantly swap them for the Dapp specific token and away you go.
All this swapping happens directly on the Ethereum blockchain, meaning every transaction is completely transparent.

## 1.1.1 WHY BUILD THE KYBER NETWORK?

While crypto currencies were built to be decentralized, many of the exchanges for trading crypto currencies have become centralized affairs. This has led to security vulnerabilities, with many exchanges becoming the victims of hacking and theft.
It has also led to increased fees and costs, and the centralized exchanges often come with slow transfer times as well. In some cases, wallets have been locked and users are unable to withdraw their coins.
Decentralized exchanges have popped up recently to address the flaws in the centralized exchanges, but they have their own flaws, most notably a lack of liquidity, and often times high costs to modify trades in their on-chain order books.

Some of the Integrations with Kyber Protocol
The Kyber Network was formed to provide users with a decentralized exchange that keeps everything right on the blockchain, and uses a reserve system rather than an order book to provide high liquidity at all times. This will allow for the exchange and transfer of any cryptocurrency, even cross exchanges, and costs will be kept at a minimum as well.
The Kyber Network has three guiding design philosophies since the start:
1. To be most useful the network needs to be platform-agnostic, which allows any protocol or application the ability to take advantage of the liquidity provided by the Kyber Network without any impact on innovation.
2. The network was designed to make real-world commerce and decentralized financial products not only possible but also feasible. It does this by allowing for instant token exchange across a wide range of tokens, and without any settlement risk.
3. The Kyber Network was created with ease of integration as a priority, which is why everything runs fully on-chain and fully transparent. Kyber is not only developer-friendly, but is also compatible with a wide variety of systems.

## 1.1.2 WHO INVENTED KYBER?

Kyber’s founders are Loi Luu, Victor Tran, Yaron Velner — CEO, CTO, and advisor to the Kyber Network.

## 1.1.3 WHAT DISTINGUISHES KYBER?

Kyber’s mission has always been to integrate with other protocols so they’ve focused on being developer-friendly by providing architecture to allow anyone to incorporate the technology onto any smart-contract powered blockchain. As a result, a variety of different dapps, vendors, and wallets use Kyber’s infrastructure including Set Protocol, bZx, InstaDApp, and Coinbase wallet.
Besides, dapps, vendors, and wallets, Kyber also integrates with other exchanges such as Uniswap — sharing liquidity pools between the two protocols.
A typical use case would be if a vendor allowed customers to pay in whatever currency they wish, but receive the payment in their preferred token. Another example would be for Dapp users. At present, if you are not a token holder of a certain Dapp you can’t use it. With Kyber, you could use your existing tokens, instantly swap them for the Dapp specific token and away you go.
Limit orders on Kyber allow users to set a specific price in which they would like to exchange a token instead of accepting whatever price currently exists at the time of trading. However, unlike with other exchanges, users never lose custody of their crypto assets during limit orders on Kyber.
The Kyber protocol works by using pools of crypto funds called “reserves”, which currently support over 70 different ERC20 tokens. Reserves are essentially smart contracts with a pool of funds. Different parties with different prices and levels of funding control all reserves. Instead of using order books to match buyers and sellers to return the best price, the Kyber protocol looks at all the reserves and returns the best price among the different reserves. Reserves make money on the “spread” or differences between the buying and selling prices. The Kyber wants any token holder to easily convert one token to another with a minimum of fuss.

## 1.2 KYBER PROTOCOL

The protocol smart contracts offer a single interface for the best available token exchange rates to be taken from an aggregated liquidity pool across diverse sources. ● Aggregated liquidity pool. The protocol aggregates various liquidity sources into one liquidity pool, making it easy for takers to find the best rates offered with one function call. ● Diverse sources of liquidity. The protocol allows different types of liquidity sources to be plugged into. Liquidity providers may employ different strategies and different implementations to contribute liquidity to the protocol. ● Permissionless. The protocol is designed to be permissionless where any developer can set up various types of reserves, and any end user can contribute liquidity. Implementations need to take into consideration various security vectors, such as reserve spamming, but can be mitigated through a staking mechanism. We can expect implementations to be permissioned initially until the maintainers are confident about these considerations.
The core feature that the Kyber protocol facilitates is the token swap between taker and liquidity sources. The protocol aims to provide the following properties for token trades: ● Instant Settlement. Takers do not have to wait for their orders to be fulfilled, since trade matching and settlement occurs in a single blockchain transaction. This enables trades to be part of a series of actions happening in a single smart contract function. ● Atomicity. When takers make a trade request, their trade either gets fully executed, or is reverted. This “all or nothing” aspect means that takers are not exposed to the risk of partial trade execution. ● Public rate verification. Anyone can verify the rates that are being offered by reserves and have their trades instantly settled just by querying from the smart contracts. ● Ease of integration. Trustless and atomic token trades can be directly and easily integrated into other smart contracts, thereby enabling multiple trades to be performed in a smart contract function.
How each actor works is specified in Section Network Actors. 1. Takers refer to anyone who can directly call the smart contract functions to trade tokens, such as end-users, DApps, and wallets. 2. Reserves refer to anyone who wishes to provide liquidity. They have to implement the smart contract functions defined in the reserve interface in order to be registered and have their token pairs listed. 3. Registered reserves refer to those that will be cycled through for matching taker requests. 4. Maintainers refer to anyone who has permission to access the functions for the adding/removing of reserves and token pairs, such as a DAO or the team behind the protocol implementation. 5. In all, they comprise of the network, which refers to all the actors involved in any given implementation of the protocol.
The protocol implementation needs to have the following: 1. Functions for takers to check rates and execute the trades 2. Functions for the maintainers to registeremove reserves and token pairs 3. Reserve interface that defines the functions reserves needs to implement
https://preview.redd.it/d2tcxc7wdcg51.png?width=700&format=png&auto=webp&s=b2afde388a77054e6731772b9115ee53f09b6a4a

## 1.3 KYBER CORE SMART CONTRACTS

Kyber Core smart contracts is an implementation of the protocol that has major protocol functions to allow actors to join and interact with the network. For example, the Kyber Core smart contracts provide functions for the listing and delisting of reserves and trading pairs by having clear interfaces for the reserves to comply to be able to register to the network and adding support for new trading pairs. In addition, the Kyber Core smart contracts also provide a function for takers to query the best rate among all the registered reserves, and perform the trades with the corresponding rate and reserve. A trading pair consists of a quote token and any other token that the reserve wishes to support. The quote token is the token that is either traded from or to for all trades. For example, the Ethereum implementation of the Kyber protocol uses Ether as the quote token.
In order to search for the best rate, all reserves supporting the requested token pair will be iterated through. Hence, the Kyber Core smart contracts need to have this search algorithm implemented.
The key functions implemented in the Kyber Core Smart Contracts are listed in Figure 2 below. We will visit and explain the implementation details and security considerations of each function in the Specification Section.

## 1.4 HOW KYBER’S ON-CHAIN PROTOCOL WORKS?

Kyber is the liquidity infrastructure for decentralized finance. Kyber aggregates liquidity from diverse sources into a pool, which provides the best rates for takers such as DApps, Wallets, DEXs, and End users.

## 1.4.1 PROVIDING LIQUIDITY AS A RESERVE

Anyone can operate a Kyber Reserve to market make for profit and make their tokens available for DApps in the ecosystem. Through an open reserve architecture, individuals, token teams and professional market makers can contribute token assets to Kyber’s liquidity pool and earn from the spread in every trade. These tokens become available at the best rates across DApps that tap into the network, making them instantly more liquid and useful.
MAIN RESERVE TYPES Kyber currently has over 45 reserves in its network providing liquidity. There are 3 main types of reserves that allow different liquidity contribution options to suit the unique needs of different providers. 1. Automated Price Reserves (APR) — Allows token teams and users with large token holdings to have an automated yet customized pricing system with low maintenance costs. Synthetix and Melon are examples of teams that run APRs. 2. Fed Price Reserves (FPR) — Operated by professional market makers that require custom and advanced pricing strategies tailored to their specific needs. Kyber alongside reserves such as OneBit, runs FPRs. 3. Bridge Reserves (BR) — These are specialized reserves meant to bring liquidity from other on-chain liquidity providers like Uniswap, Oasis, DutchX, and Bancor into the network.

# 1.5 KYBER NETWORK ROLES

There Kyber Network functions through coordination between several different roles and functions as explained below: - Users — This entity uses the Kyber Network to send and receive tokens. A user can be an individual, a merchant, and even a smart contract account. - Reserve Entities — This role is used to add liquidity to the platform through the dynamic reserve pool. Some reserve entities are internal to the Kyber Network, but others may be registered third parties. Reserve entities may be public if the public contributes to the reserves they hold, otherwise they are considered private. By allowing third parties as reserve entities the network adds diversity, which prevents monopolization and keeps exchange rates competitive. Allowing third party reserve entities also allows for the listing of less popular coins with lower volumes. - Reserve Contributors — Where reserve entities are classified as public, the reserve contributor is the entity providing reserve funds. Their incentive for doing so is a profit share from the reserve. - The Reserve Manager — Maintains the reserve, calculates exchange rates and enters them into the network. The reserve manager profits from exchange spreads set by them on their reserves. They can also benefit from increasing volume by accessing the entire Kyber Network. - The Kyber Network Operator — Currently the Kyber Network team is filling the role of the network operator, which has a function to adds/remove Reserve Entities as well as controlling the listing of tokens. Eventually, this role will revert to a proper decentralized governance.

A basic token trade is one that has the quote token as either the source or destination token of the trade request. The execution flow of a basic token trade is depicted in the diagram below, where a taker would like to exchange BAT tokens for ETH as an example. The trade happens in a single blockchain transaction. 1. Taker sends 1 ETH to the protocol contract, and would like to receive BAT in return. 2. Protocol contract queries the first reserve for its ETH to BAT exchange rate. 3. Reserve 1 offers an exchange rate of 1 ETH for 800 BAT. 4. Protocol contract queries the second reserve for its ETH to BAT exchange rate. 5. Reserve 2 offers an exchange rate of 1 ETH for 820 BAT. 6. This process goes on for the other reserves. After the iteration, reserve 2 is discovered to have offered the best ETH to BAT exchange rate. 7. Protocol contract sends 1 ETH to reserve 2. 8. The reserve sends 820 BAT to the taker.

A token-to-token trade is one where the quote token is neither the source nor the destination token of the trade request. The exchange flow of a token to token trade is depicted in the diagram below, where a taker would like to exchange BAT tokens for DAI as an example. The trade happens in a single blockchain transaction. 1. Taker sends 50 BAT to the protocol contract, and would like to receive DAI in return. 2. Protocol contract sends 50 BAT to the reserve offering the best BAT to ETH rate. 3. Protocol contract receives 1 ETH in return. 4. Protocol contract sends 1 ETH to the reserve offering the best ETH to DAI rate. 5. Protocol contract receives 30 DAI in return. 6. Protocol contract sends 30 DAI to the user.

## 2.KYBER NETWORK CRYSTAL (KNC) TOKEN

Kyber Network Crystal (KNC) is an ERC-20 utility token and an integral part of Kyber Network.
KNC is the first deflationary staking token where staking rewards and token burns are generated from actual network usage and growth in DeFi.
The Kyber Network Crystal (KNC) is the backbone of the Kyber Network. It works to connect liquidity providers and those who need liquidity and serves three distinct purposes. The first of these is to collect transaction fees, and a portion of every fee collected is burned, which keeps KNC deflationary. Kyber Network Crystals (KNC), are named after the crystals in Star Wars used to power light sabers.
The KNC also ensures the smooth operation of the reserve system in the Kyber liquidity since entities must use third-party tokens to buy the KNC that pays for their operations in the network.
KNC allows token holders to play a critical role in determining the incentive system, building a wide base of stakeholders, and facilitating economic flow in the network. A small fee is charged each time a token exchange happens on the network, and KNC holders get to vote on this fee model and distribution, as well as other important decisions. Over time, as more trades are executed, additional fees will be generated for staking rewards and reserve rebates, while more KNC will be burned. - Participation rewards — KNC holders can stake KNC in the KyberDAO and vote on key parameters. Voters will earn staking rewards (in ETH) - Burning — Some of the network fees will be burned to reduce KNC supply permanently, providing long-term value accrual from decreasing supply. - Reserve incentives — KNC holders determine the portion of network fees that are used as rebates for selected liquidity providers (reserves) based on their volume performance.

Finally, the KNC token is the connection between the Kyber Network and the exchanges, wallets, and dApps that leverage the liquidity network. This is a virtuous system since entities are rewarded with referral fees for directing more users to the Kyber Network, which helps increase adoption for Kyber and for the entities using the Network.
And of course there will soon be a fourth and fifth uses for the KNC, which will be as a staking token used to generate passive income, as well as a governance token used to vote on key parameters of the network.
The KNC price fell throughout all of 2018 with one exception during April. From April 6th to April 28th, the price rose over 200 percent. This run-up coincided with a blog post outlining plans to bring Bitcoin to the Ethereum blockchain. Since then, however, the price has steadily fallen, currently resting on what looks like a $0.15 (~0.000045 BTC) floor. With the number of partners using the Kyber Network, the price may rise as they begin to fully use the network. The development team has consistently hit the milestones they’ve set out to achieve, so make note of any release announcements on the horizon. ## 4. COMPETITION The 0x project is the biggest competitor to Kyber Network. Both teams are attempting to enter the decentralized exchange market. The primary difference between the two is that Kyber performs the entire exchange process on-chain while 0x keeps the order book and matching off-chain. As a crypto swap exchange, the platform also competes with ShapeShift and Changelly. ## 5.KYBER MILESTONES • June 2020: Digifox, an all-in-one finance application by popular crypto trader and Youtuber Nicholas Merten a.k.a DataDash (340K subs), integrated Kyber to enable users to easily swap between cryptocurrencies without having to leave the application. • June 2020: Stake Capital partnered with Kyber to provide convenient KNC staking and delegation services, and also took a KNC position to participate in governance. • June 2020: Outlined the benefits of the Fed Price Reserve (FPR) for professional market makers and advanced developers. • May 2020: Kyber crossed US$1 Billion in total trading volume and 1 Million transactions, performed entirely on-chain on Ethereum. • May 2020: StakeWith.Us partnered Kyber Network as a KyberDAO Pool Master. • May 2020: 2Key, a popular blockchain referral solution using smart links, integrated Kyber’s on-chain liquidity protocol for seamless token swaps • May 2020: Blockchain game League of Kingdoms integrated Kyber to accept Token Payments for Land NFTs. • May 2020: Joined the Zcash Developer Alliance , an invite-only working group to advance Zcash development and interoperability. • May 2020: Joined the Chicago DeFi Alliance to help accelerate on-chain market making for professionals and developers. • March 2020: Set a new record of USD $33.7M in 24H fully on-chain trading volume, and$190M in 30 day on-chain trading volume. • March 2020: Integrated by Rarible, Bullionix, and Unstoppable Domains, with the KyberWidget deployed on IPFS, which allows anyone to swap tokens through Kyber without being blocked. • February 2020: Popular Ethereum blockchain game Axie Infinity integrated Kyber to accept ERC20 payments for NFT game items. • February 2020: Kyber’s protocol was integrated by Gelato Finance, Idle Finance, rTrees, Sablier, and 0x API for their liquidity needs. • January 2020: Kyber Network was found to be the most used protocol in the whole decentralized finance (DeFi) space in 2019, according to a DeFi research report by Binance. • December 2019: Switcheo integrated Kyber’s protocol for enhanced liquidity on their own DEX. • December 2019: DeFi Wallet Eidoo integrated Kyber for seamless in-wallet token swaps. • December 2019: Announced the development of the Katalyst Protocol Upgrade and new KNC token model. • July 2019: Developed the Waterloo Bridge , a Decentralized Practical Cross-chain Bridge between EOS and Ethereum, successfully demonstrating a token swap between Ethereum to EOS. • July 2019: Trust Wallet, the official Binance wallet, integrated Kyber as part of its decentralized token exchange service, allowing even more seamless in-wallet token swaps for thousands of users around the world. • May 2019: HTC, the large consumer electronics company with more than 20 years of innovation, integrated Kyber into its Zion Vault Wallet on EXODUS 1 , the first native web 3.0 blockchain phone, allowing users to easily swap between cryptocurrencies in a decentralized manner without leaving the wallet. • January 2019: Introduced the Automated Price Reserve (APR) , a capital efficient way for token teams and individuals to market make with low slippage. • January 2019: The popular Enjin Wallet, a default blockchain DApp on the Samsung S10 and S20 mobile phones, integrated Kyber to enable in-wallet token swaps. • October 2018: Kyber was a founding member of the WBTC (Wrapped Bitcoin) Initiative and DAO. • October 2018: Developed the KyberWidget for ERC20 token swaps on any website, with CoinGecko being the first major project to use it on their popular site.

##### Bull market is back… Another wave of hacker attacks starts again?

 ​ The picture from COINDESK related reports On Aug. 2, Ethereum Classic Labs (ETC Labs) made an important announcement on ETC blockchain. ETC Labs said due to network attack, Ethereum Classic suffered a reorganization on August 1st. This has been the second attack on the Ethereum Classic Network this year. Did renting-power cause the problem again? In this ETC incident, one of the miners mined a large number of blocks offline. When the miner went online, due to its high computing power, and some versions of mining software did not support large-scale blockchain mergers, the consensus failed. Therefore, the entire network was out of sync, which produced an effect similar to a 51% attack. Finally, it caused the reorganization of 3693 blocks, starting at 10904147. The deposit and withdrawal between the exchanges and mining pools had to be suspended for troubleshooting during this period. Media report shows that the blockchain reorganization may be caused by a miner (or a mining pool) disconnected during mining. Although it has been restored to normal after 15 hours of repair, it does reflect the vulnerability of the Proof of Work (PoW) network: once the computing power of the network is insufficient, the performance of one single mining pool can affect the entire network, which is neither distributed nor secure for the blockchain. Neither does it have efficiency. At present, most consensus algorithms of blockchains are using PoW, which has been adopted over 10 years. In PoW, each miner solves a hashing problem. The probability to solve the problem successfully is proportional to the ratio of the miner’s hash power to the total hash power of mainnet. Although PoW has been running for a long time, the attack model against PoW is very straightforward to understand, and has attracted people’s attention for a long time: such an attack, also known as double-spending attack, may happen when an attacker possesses 51% of the overall network hash power. The attacker can roll back any blocks in the blockchain by creating a longer and more difficult chain and as a result, modify the transaction information. Since hash power can be rented to launch attacks, some top 30 projects have suffered from such attacks. In addition to this interference, the main attack method is through the computing power market such as Nice Hash. Hackers can rent hashpower to facilitate their attacks, which allows the computing power to rise rapidly in a short time and rewrite information. In January of this year, the Ethereum Classic was attacked once, and it was also the case that hackers can migrate computing power from the fiercely competitive Bitcoin and Ethereum, and use it to attack smaller projects, such as ETH Classic. ​ The picture shows the cost of attacking ETH Classic. It can be seen that it costs only $6,634 to attack ETH Classic for one hour. The security of one network is no longer limited by whether miners within the main net take more than 51% of the total hash power, rather it is determined by whether the benevolent (non-hackers) miners take more than 51% of the total hash power from the pool of projects that use similar consensus algorithm. For example, the hash power of Ethereum is 176 TH/s and that of Ethereum Classic is 9 TH/s. In this way, if one diverts some hash power from Ethereum (176 TH/s) to Ethereum Classic, then one can easily launch a double-spending attack to Ethereum Classic. The hash power ratio for this attack between the two projects is 9/176 = 5.2%, which is a tiny number. ​ https://preview.redd.it/qj57vgmgb9f51.png?width=699&format=png&auto=webp&s=39c1efc3645f268dbf1c73e1b373d532d5461006 As one of the top 30 blockchain projects, Ethereum Classic has been attacked several times. Therefore, those small and medium-sized projects with low hash power and up-and-coming future projects are facing great potential risks. This is the reason that many emerging public chain projects abandon PoW and adopt PoS. Proof of Stake (PoS) can prevent 51% attack but has problems of its own In addition to PoW consensus, another well-adopted consensus algorithm is Proof of Stake (PoS). The fundamental concept is that the one who holds more tokens has the right to create the blocks. This is similar to shareholders in the stock market. The token holders also have the opportunities to get rewards. The advantages of PoS are: (i) the algorithm avoids wasting energy like that in PoW calculation; and (ii) its design determines that the PoS will not be subjected to 51% hash power attack since the algorithm requires the miner to possess tokens in order to modify the ledger. In this way, 51% attack becomes costly and meaningless. ​ https://preview.redd.it/rf65o1vhb9f51.png?width=685&format=png&auto=webp&s=9d7a9f9dab6ce823a224e91afa9d116310cf27e1 In terms of disadvantages, nodes face the problem of accessibility. PoS requires a permission to enter the network and nodes cannot enter and exit freely and thus lacks openness. It can easily be forked. In the long run, the algorithm is short of decentralization, and leads to the Matthew effect of accumulated advantages whereby miners with more tokens will receive more rewards and perpetuate the cycle. More importantly, the current PoS consensus has not been verified for long-term reliability. Whether it can be as stable as the PoW system is yet to be verified. For some of the PoW public chains that are already launched, if they want to switch consensus, they need to do hard fork, which divides communities and carries out a long consensus upgrade and through which Ethereum is undergoing. Is there a safer and better solution? QuarkChain Provide THE Solution: High TPS Protection + PoSW Consensus For new-born projects, and some small or medium-sized projects, they all are facing the problem of power attack. For PoW-based chains, there are always some chains with lower hash power than others (ETC vs. ETH, BCH vs BTC), and thus the risk of attack is increased. In addition, the interoperability among the chains, such as cross-chain operation, is also a problem. In response, QuarkChain has designed a series of mechanisms to solve this problem. This can be summed up as a two-layer structure with a calculation power allocation and Proof of Staked Work (PoSW) consensus. First of all, there is a layer of sharding, which can be considered as some parallel chains. Each sharding chain handles the transactions relatively independently. Such design forms the basis to ensure the performance of the entire system. To avoid security issues caused by the dilution of the hash power, we also have a root chain. The blocks of the root chain do not contain transactions, but are responsible for verifying the transactions of each shard. Relying on the hash power distribution algorithm, the hash power of the root chain will always account for 51% of the net. Each shard, on the other hand, packages their transactions according to their own consensus and transaction models. Moreover, QuarkChain relies on flexibility that allows each shard to have different consensus and transaction models. Someone who wants to launch a double-spending attack on a shard that is already contained in the root chain must attack the block on the root chain, which requires calling the 51% hash power of the root chain. That is, if there are vertical field projects that open new shards on QuarkChain, even with insufficient hash power, an attacker must first attack the root chain if he or she wants to attack a new shard. The root chain has maintained more than 51% of the network’s hash power, which makes the attack very difficult. ​ https://preview.redd.it/rxpohs7jb9f51.png?width=674&format=png&auto=webp&s=e2df1307a1753542472f2b6da88e7a4022b30884 ​ As illustrated in the diagram, if the attacker wants to attack the QuarkChain network, one would need to attack the shard and the root chain simultaneously. PoW has achieved a high level of decentralization and has been verified for its stability for a long time. Combining PoW with the staking capability for PoS would make use of the advantages of both consensus mechanisms. That is what QuarkChain’s PoSW achieves exactly. PoSW, which is Proof of Staked Work, is exclusively developed by QuarkChain and runs on shards. PoSW allows miners to enjoy the benefits of lower mining difficulty by staking original tokens (currently it’s 20 times lower). Conversely, if someone malicious with a high hash power and does not stake tokens on QuarkChain, he will be punishable by receiving 20 times the difficulty of the hash power, which increases the cost of attack. If the attacker stakes tokens in order to reduce the cost of attack, he/she needs to stake the corresponding amount of tokens, which may cost even more. Thus, the whole network is more secure. Taking Ethereum Classics (ETC) as an example, if ETC uses the PoSW consensus, if there was another double-spending attack similar to the one in January, the attacker will need at least 110Th/s hash power or 650320 ETC (worth$3.2 million, and 8 TH/s hash power) to create this attack, which is far greater than the cost of the current attack on the network (8Th/s hash power) and revenue (219500 ETC). Relying on multiple sets of security mechanisms, QuarkChain ensures its own security, while providing security for new shards and small and medium-sized projects. Its high level of flexibility also allows the projects to support different types of ledger models, transaction models, virtual machines, and token economics. Such great degrees of security and flexibility will facilitate the blockchain ecosystem to accelerate growth of innovative blockchain applications. Learn more about QuarkChain Website https://www.quarkchain.io Telegram https://t.me/quarkchainio Twitter https://twitter.com/Quark_Chain Medium https://medium.com/quarkchain-official Reddit https://www.reddit.com/quarkchainio/ Community https://community.quarkchain.io/ submitted by QuarkChain to quarkchainio [link] [comments]

##### Dive Into Tendermint Consensus Protocol (I)

This article is written by the CoinEx Chain lab. CoinEx Chain is the world’s first public chain exclusively designed for DEX, and will also include a Smart Chain supporting smart contracts and a Privacy Chain protecting users’ privacy.
longcpp @ 20200618
This is Part 1 of the serialized articles aimed to explain the Tendermint consensus protocol in detail.
Part 1. Preliminary of the consensus protocol: security model and PBFT protocol
Part 2. Tendermint consensus protocol illustrated: two-phase voting protocol and the locking and unlocking mechanism
Part 3. Weighted round-robin proposer selection algorithm used in Tendermint project
Any consensus agreement that is ultimately reached is the General Agreement, that is, the majority opinion. The consensus protocol on which the blockchain system operates is no exception. As a distributed system, the blockchain system aims to maintain the validity of the system. Intuitively, the validity of the blockchain system has two meanings: firstly, there is no ambiguity, and secondly, it can process requests to update its status. The former corresponds to the safety requirements of distributed systems, while the latter to the requirements of liveness. The validity of distributed systems is mainly maintained by consensus protocols, considering the multiple nodes and network communication involved in such systems may be unstable, which has brought huge challenges to the design of consensus protocols.

## The semi-synchronous network model and Byzantine fault tolerance

Researchers of distributed systems characterize these problems that may occur in nodes and network communications using node failure models and network models. The fail-stop failure in node failure models refers to the situation where the node itself stops running due to configuration errors or other reasons, thus unable to go on with the consensus protocol. This type of failure will not cause side effects on other parts of the distributed system except that the node itself stops running. However, for such distributed systems as the public blockchain, when designing a consensus protocol, we still need to consider the evildoing intended by nodes besides their failure. These incidents are all included in the Byzantine Failure model, which covers all unexpected situations that may occur on the node, for example, passive downtime failures and any deviation intended by the nodes from the consensus protocol. For a better explanation, downtime failures refer to nodes’ passive running halt, and the Byzantine failure to any arbitrary deviation of nodes from the consensus protocol.
Compared with the node failure model which can be roughly divided into the passive and active models, the modeling of network communication is more difficult. The network itself suffers problems of instability and communication delay. Moreover, since all network communication is ultimately completed by the node which may have a downtime failure or a Byzantine failure in itself, it is usually difficult to define whether such failure arises from the node or the network itself when a node does not receive another node's network message. Although the network communication may be affected by many factors, the researchers found that the network model can be classified by the communication delay. For example, the node may fail to send data packages due to the fail-stop failure, and as a result, the corresponding communication delay is unknown and can be any value. According to the concept of communication delay, the network communication model can be divided into the following three categories:
• The synchronous network model: There is a fixed, known upper bound of delay $\Delta$ in network communication. Under this model, the maximum delay of network communication between two nodes in the network is $\Delta$. Even if there is a malicious node, the communication delay arising therefrom does not exceed $\Delta$.
• The asynchronous network model: There is an unknown delay in network communication, with the upper bound of the delay known, but the message can still be successfully delivered in the end. Under this model, the network communication delay between two nodes in the network can be any possible value, that is, a malicious node, if any, can arbitrarily extend the communication delay.
• The semi-synchronous network model: Assume that there is a Global Stabilization Time (GST), before which it is an asynchronous network model and after which, a synchronous network model. In other words, there is a fixed, known upper bound of delay in network communication $\Delta$. A malicious node can delay the GST arbitrarily, and there will be no notification when no GST occurs. Under this model, the delay in the delivery of the message at the time $T$ is $\Delta + max(T, GST)$.
The synchronous network model is the most ideal network environment. Every message sent through the network can be received within a predictable time, but this model cannot reflect the real network communication situation. As in a real network, network failures are inevitable from time to time, causing the failure in the assumption of the synchronous network model. Yet the asynchronous network model goes to the other extreme and cannot reflect the real network situation either. Moreover, according to the FLP (Fischer-Lynch-Paterson) theorem, under this model if there is one node fails, no consensus protocol will reach consensus in a limited time. In contrast, the semi-synchronous network model can better describe the real-world network communication situation: network communication is usually synchronous or may return to normal after a short time. Such an experience must be no stranger to everyone: the web page, which usually gets loaded quite fast, opens slowly every now and then, and you need to try before you know the network is back to normal since there is usually no notification. The peer-to-peer (P2P) network communication, which is widely used in blockchain projects, also makes it possible for a node to send and receive information from multiple network channels. It is unrealistic to keep blocking the network information transmission of a node for a long time. Therefore, all the discussion below is under the semi-synchronous network model.
The design and selection of consensus protocols for public chain networks that allow nodes to dynamically join and leave need to consider possible Byzantine failures. Therefore, the consensus protocol of a public chain network is designed to guarantee the security and liveness of the network under the semi-synchronous network model on the premise of possible Byzantine failure. Researchers of distributed systems point out that to ensure the security and liveness of the system, the consensus protocol itself needs to meet three requirements:
• Validity: The value reached by honest nodes must be the value proposed by one of them
• Agreement: All honest nodes must reach consensus on the same value
• Termination: The honest nodes must eventually reach consensus on a certain value
Validity and agreement can guarantee the security of the distributed system, that is, the honest nodes will never reach a consensus on a random value, and once the consensus is reached, all honest nodes agree on this value. Termination guarantees the liveness of distributed systems. A distributed system unable to reach consensus is useless.

## The CAP theorem and Byzantine Generals Problem

In a semi-synchronous network, is it possible to design a Byzantine fault-tolerant consensus protocol that satisfies validity, agreement, and termination? How many Byzantine nodes can a system tolerance? The CAP theorem and Byzantine Generals Problem provide an answer for these two questions and have thus become the basic guidelines for the design of Byzantine fault-tolerant consensus protocols.
Lamport, Shostak, and Pease abstracted the design of the consensus mechanism in the distributed system in 1982 as the Byzantine Generals Problem, which refers to such a situation as described below: several generals each lead the army to fight in the war, and their troops are stationed in different places. The generals must formulate a unified action plan for the victory. However, since the camps are far away from each other, they can only communicate with each other through the communication soldiers, or, in other words, they cannot appear on the same occasion at the same time to reach a consensus. Unfortunately, among the generals, there is a traitor or two who intend to undermine the unified actions of the loyal generals by sending the wrong information, and the communication soldiers cannot send the message to the destination by themselves. It is assumed that each communication soldier can prove the information he has brought comes from a certain general, just as in the case of a real BFT consensus protocol, each node has its public and private keys to establish an encrypted communication channel for each other to ensure that its messages will not be tampered with in the network communication, and the message receiver can also verify the sender of the message based thereon. As already mentioned, any consensus agreement ultimately reached represents the consensus of the majority. In the process of generals communicating with each other for an offensive or retreat, a general also makes decisions based on the majority opinion from the information collected by himself.
According to the research of Lamport et al, if there are 1/3 or more traitors in the node, the generals cannot reach a unified decision. For example, in the following figure, assume there are 3 generals and only 1 traitor. In the figure on the left, suppose that General C is the traitor, and A and B are loyal. If A wants to launch an attack and informs B and C of such intention, yet the traitor C sends a message to B, suggesting what he has received from A is a retreat. In this case, B can't decide as he doesn't know who the traitor is, and the information received is insufficient for him to decide. If A is a traitor, he can send different messages to B and C. Then C faithfully reports to B the information he received. At this moment as B receives conflicting information, he cannot make any decisions. In both cases, even if B had received consistent information, it would be impossible for him to spot the traitor between A and C. Therefore, it is obvious that in both situations shown in the figure below, the honest General B cannot make a choice.
According to this conclusion, when there are $n$ generals with at most $f$ traitors (n≤3f), the generals cannot reach a consensus if $n \leq 3f$; and with $n > 3f$, a consensus can be reached. This conclusion also suggests that when the number of Byzantine failures $f$ exceeds 1/3 of the total number of nodes $n$ in the system $f \ge n/3$ , no consensus will be reached on any consensus protocol among all honest nodes. Only when $f < n/3$, such condition is likely to happen, without loss of generality, and for the subsequent discussion on the consensus protocol, $n \ge 3f + 1$ by default.
The conclusion reached by Lamport et al. on the Byzantine Generals Problem draws a line between the possible and the impossible in the design of the Byzantine fault tolerance consensus protocol. Within the possible range, how will the consensus protocol be designed? Can both the security and liveness of distributed systems be fully guaranteed? Brewer provided the answer in his CAP theorem in 2000. It indicated that a distributed system requires the following three basic attributes, but any distributed system can only meet two of the three at the same time.
1. Consistency: When any node responds to the request, it must either provide the latest status information or provide no status information
2. Availability: Any node in the system must be able to continue reading and writing
3. Partition Tolerance: The system can tolerate the loss of any number of messages between two nodes and still function normally

https://preview.redd.it/1ozfwk7u7m851.png?width=1400&format=png&auto=webp&s=fdee6318de2cf1c021e636654766a7a0fe7b38b4
A distributed system aims to provide consistent services. Therefore, the consistency attribute requires that the two nodes in the system cannot provide conflicting status information or expired information, which can ensure the security of the distributed system. The availability attribute is to ensure that the system can continuously update its status and guarantee the availability of distributed systems. The partition tolerance attribute is related to the network communication delay, and, under the semi-synchronous network model, it can be the status before GST when the network is in an asynchronous status with an unknown delay in the network communication. In this condition, communicating nodes may not receive information from each other, and the network is thus considered to be in a partitioned status. Partition tolerance requires the distributed system to function normally even in network partitions.
The proof of the CAP theorem can be demonstrated with the following diagram. The curve represents the network partition, and each network has four nodes, distinguished by the numbers 1, 2, 3, and 4. The distributed system stores color information, and all the status information stored by all nodes is blue at first.
1. Partition tolerance and availability mean the loss of consistency: When node 1 receives a new request in the leftmost image, the status changes to red, the status transition information of node 1 is passed to node 3, and node 3 also updates the status information to red. However, since node 3 and node 4 did not receive the corresponding information due to the network partition, the status information is still blue. At this moment, if the status information is queried through node 2, the blue returned by node 2 is not the latest status of the system, thus losing consistency.
2. Partition tolerance and consistency mean the loss of availability: In the middle figure, the initial status information of all nodes is blue. When node 1 and node 3 update the status information to red, node 2 and node 4 maintain the outdated information as blue due to network partition. Also when querying status information through node 2, you need to first ask other nodes to make sure you’re in the latest status before returning status information as node 2 needs to follow consistency, but because of the network partition, node 2 cannot receive any information from node 1 or node 3. Then node 2 cannot determine whether it is in the latest status, so it chooses not to return any information, thus depriving the system of availability.
3. Consistency and availability mean the loss of the partition tolerance: In the right-most figure, the system does not have a network partition at first, and both status updates and queries can go smoothly. However, once a network partition occurs, it degenerates into one of the previous two conditions. It is thus proved that any distributed system cannot have consistency, availability, and partition tolerance all at the same time.

The discovery of the CAP theorem seems to declare that the aforementioned goals of the consensus protocol is impossible. However, if you’re careful enough, you may find from the above that those are all extreme cases, such as network partitions that cause the failure of information transmission, which could be rare, especially in P2P network. In the second case, the system rarely returns the same information with node 2, and the general practice is to query other nodes and return the latest status as believed after a while, regardless of whether it has received the request information of other nodes. Therefore, although the CAP theorem points out that any distributed system cannot satisfy the three attributes at the same time, it is not a binary choice, as the designer of the consensus protocol can weigh up all the three attributes according to the needs of the distributed system. However, as the communication delay is always involved in the distributed system, one always needs to choose between availability and consistency while ensuring a certain degree of partition tolerance. Specifically, in the second case, it is about the value that node 2 returns: a probably outdated value or no value. Returning the possibly outdated value may violate consistency but guarantees availability; yet returning no value deprives the system of availability but guarantees its consistency. Tendermint consensus protocol to be introduced is consistent in this trade-off. In other words, it will lose availability in some cases.
The genius of Satoshi Nakamoto is that with constraints of the CAP theorem, he managed to reach a reliable Byzantine consensus in a distributed network by combining PoW mechanism, Satoshi Nakamoto consensus, and economic incentives with appropriate parameter configuration. Whether Bitcoin's mechanism design solves the Byzantine Generals Problem has remained a dispute among academicians. Garay, Kiayias, and Leonardos analyzed the link between Bitcoin mechanism design and the Byzantine consensus in detail in their paper The Bitcoin Backbone Protocol: Analysis and Applications. In simple terms, the Satoshi Consensus is a probabilistic Byzantine fault-tolerant consensus protocol that depends on such conditions as the network communication environment and the proportion of malicious nodes' hashrate. When the proportion of malicious nodes’ hashrate does not exceed 1/2 in a good network communication environment, the Satoshi Consensus can reliably solve the Byzantine consensus problem in a distributed environment. However, when the environment turns bad, even with the proportion within 1/2, the Satoshi Consensus may still fail to reach a reliable conclusion on the Byzantine consensus problem. It is worth noting that the quality of the network environment is relative to Bitcoin's block interval. The 10-minute block generation interval of the Bitcoin can ensure that the system is in a good network communication environment in most cases, given the fact that the broadcast time of a block in the distributed network is usually just several seconds. In addition, economic incentives can motivate most nodes to actively comply with the agreement. It is thus considered that with the current Bitcoin network parameter configuration and mechanism design, the Bitcoin mechanism design has reliably solved the Byzantine Consensus problem in the current network environment.

## Practical Byzantine Fault Tolerance, PBFT

It is not an easy task to design the Byzantine fault-tolerant consensus protocol in a semi-synchronous network. The first practically usable Byzantine fault-tolerant consensus protocol is the Practical Byzantine Fault Tolerance (PBFT) designed by Castro and Liskov in 1999, the first of its kind with polynomial complexity. For a distributed system with $n$ nodes, the communication complexity is $O(n2$.) Castro and Liskov showed in the paper that by transforming centralized file system into a distributed one using the PBFT protocol, the overwall performance was only slowed down by 3%. In this section we will briefly introduce the PBFT protocol, paving the way for further detailed explanations of the Tendermint protocol and the improvements of the Tendermint protocol.
The PBFT protocol that includes $n=3f+1$ nodes can tolerate up to $f$ Byzantine nodes. In the original paper of PBFT, full connection is required among all the $n$ nodes, that is, any two of the n nodes must be connected. All the nodes of the network jointly maintain the system status through network communication. In the Bitcoin network, a node can participate in or exit the consensus process through hashrate mining at any time, which is managed by the administrator, and the PFBT protocol needs to determine all the participating nodes before the protocol starts. All nodes in the PBFT protocol are divided into two categories, master nodes, and slave nodes. There is only one master node at any time, and all nodes take turns to be the master node. All nodes run in a rotation process called View, in each of which the master node will be reelected. The master node selection algorithm in PBFT is very simple: all nodes become the master node in turn by the index number. In each view, all nodes try to reach a consensus on the system status. It is worth mentioning that in the PBFT protocol, each node has its own digital signature key pair. All sent messages (including request messages from the client) need to be signed to ensure the integrity of the message in the network and the traceability of the message itself. (You can determine who sent a message based on the digital signature).
The following figure shows the basic flow of the PBFT consensus protocol. Assume that the current view’s master node is node 0. Client C initiates a request to the master node 0. After the master node receives the request, it broadcasts the request to all slave nodes that process the request of client C and return the result to the client. After the client receives f+1 identical results from different nodes (based on the signature value), the result can be taken as the final result of the entire operation. Since the system can have at most f Byzantine nodes, at least one of the f+1 results received by the client comes from an honest node, and the security of the consensus protocol guarantees that all honest nodes will reach consensus on the same status. So, the feedback from 1 honest node is enough to confirm that the corresponding request has been processed by the system.

https://preview.redd.it/sz8so5ly7m851.png?width=1400&format=png&auto=webp&s=d472810e76bbc202e91a25ef29a51e109a576554
For the status synchronization of all honest nodes, the PBFT protocol has two constraints on each node: on one hand, all nodes must start from the same status, and on the other, the status transition of all nodes must be definite, that is, given the same status and request, the results after the operation must be the same. Under these two constraints, as long as the entire system agrees on the processing order of all transactions, the status of all honest nodes will be consistent. This is also the main purpose of the PBFT protocol: to reach a consensus on the order of transactions between all nodes, thereby ensuring the security of the entire distributed system. In terms of availability, the PBFT consensus protocol relies on a timeout mechanism to find anomalies in the consensus process and start the View Change protocol in time to try to reach a consensus again.
The figure above shows a simplified workflow of the PBFT protocol. Where C is the client, 0, 1, 2, and 3 represent 4 nodes respectively. Specifically, 0 is the master node of the current view, 1, 2, 3 are slave nodes, and node 3 is faulty. Under normal circumstances, the PBFT consensus protocol reaches consensus on the order of transactions between nodes through a three-phase protocol. These three phases are respectively: Pre-Prepare, Prepare, and Commit:
• The master node of the pre-preparation node is responsible for assigning the sequence number to the received client request, and broadcasting the message to the slave node. The message contains the hash value of the client request d, the sequence number of the current viewv, the sequence number n assigned by the master node to the request, and the signature information of the master nodesig. The scheme design of the PBFT protocol separates the request transmission from the request sequencing process, and the request transmission is not to be discussed here. The slave node that receives the message accepts the message after confirming the message is legitimate and enter preparation phase. The message in this step checks the basic signature, hash value, current view, and, most importantly, whether the master node has given the same sequence number to other request from the client in the current view.
• In preparation, the slave node broadcasts the message to all nodes (including itself), indicating that it assigns the sequence number n to the client request with the hash value d under the current view v, with its signaturesig as proof. The node receiving the message will check the correctness of the signature, the matching of the view sequence number, etc., and accept the legitimate message. When the PRE-PREPARE message about a client request (from the main node) received by a node matches with the PREPARE from 2f slave nodes, the system has agreed on the sequence number requested by the client in the current view. This means that 2f+1 nodes in the current view agree with the request sequence number. Since it contains information from at most fmalicious nodes, there are a total of f+1 honest nodes that have agreed with the allocation of the request sequence number. With f malicious nodes, there are a total of 2f+1 honest nodes, so f+1represents the majority of the honest nodes, which is the consensus of the majority mentioned before.
• After the node (including the master node and the slave node) receives a PRE-PREPARE message requested by the client and 2f PREPARE messages, the message is broadcast across the network and enters the submission phase. This message is used to indicate that the node has observed that the whole network has reached a consensus on the sequence number allocation of the request message from the client. When the node receives 2f+1 COMMIT messages, there are at least f+1 honest nodes, that is, most of the honest nodes have observed that the entire network has reached consensus on the arrangement of sequence numbers of the request message from the client. The node can process the client request and return the execution result to the client at this moment.
Roughly speaking, in the pre-preparation phase, the master node assigns a sequence number to all new client requests. During preparation, all nodes reach consensus on the client request sequence number in this view, while in submission the consistency of the request sequence number of the client in different views is to be guaranteed. In addition, the design of the PBFT protocol itself does not require the request message to be submitted by the assigned sequence number, but out of order. That can improve the efficiency of the implementation of the consensus protocol. Yet, the messages are still processed by the sequence number assigned by the consensus protocol for the consistency of the distributed system.
In the three-phase protocol execution of the PBFT protocol, in addition to maintaining the status information of the distributed system, the node itself also needs to log all kinds of consensus information it receives. The gradual accumulation of logs will consume considerable system resources. Therefore, the PBFT protocol additionally defines checkpoints to help the node deal with garbage collection. You can set a checkpoint every 100 or 1000 sequence numbers according to the request sequence number. After the client request at the checkpoint is executed, the node broadcasts messages throughout the network, indicating that after the node executes the client request with sequence number n, the hash value of the system status is d, and it is vouched by its own signature sig. After 2f+1 matching CHECKPOINT messages (one of which can come from the node itself) are received, most of the honest nodes in the entire network have reached a consensus on the system status after the execution of the client request with the sequence numbern, and then you can clear all relevant log records of client requests with the sequence number less than n. The node needs to save these2f+1 CHECKPOINTmessages as proof of the legitimate status at this moment, and the corresponding checkpoint is called a stable checkpoint.
The three-phase protocol of the PBFT protocol can ensure the consistency of the processing order of the client request, and the checkpoint mechanism is set to help nodes perform garbage collection and further ensures the status consistency of the distributed system, both of which can guarantee the security of the distributed system aforementioned. How is the availability of the distributed system guaranteed? In the semi-synchronous network model, a timeout mechanism is usually introduced, which is related to delays in the network environment. It is assumed that the network delay has a known upper bound after GST. In such condition, an initial value is usually set according to the network condition of the system deployed. In case of a timeout event, besides the corresponding processing flow triggered, additional mechanisms will be activated to readjust the waiting time. For example, an algorithm like TCP's exponential back off can be adopted to adjust the waiting time after a timeout event.
To ensure the availability of the system in the PBFT protocol, a timeout mechanism is also introduced. In addition, due to the potential the Byzantine failure in the master node itself, the PBFT protocol also needs to ensure the security and availability of the system in this case. When the Byzantine failure occurs in the master node, for example, when the slave node does not receive the PRE-PREPARE message or the PRE-PREPARE message sent by the master node from the master node within the time window and is thus determined to be illegitimate, the slave node can broadcast to the entire network, indicating that the node requests to switch to the new view with sequence number v+1. n indicates the request sequence number corresponding to the latest stable checkpoint local to the node, and C is to prove the stable checkpoint 2f+1 legitimate CHECKPOINT messages as aforementioned. After the latest stable checkpoint and before initiating the VIEWCHANGE message, the system may have reached a consensus on the sequence numbers of some request messages in the previous view. To ensure the consistency of these request sequence numbers to be switched in the view, the VIEWCHANGE message needs to carry this kind of the information to the new view, which is also the meaning of the P field in the message. P contains all the client request messages collected at the node with a request sequence number greater than n and the proof that a consensus has been reached on the sequence number in the node: the legitimate PRE-PREPARE message of the request and 2f matching PREPARE messages. When the master node in view v+1 collects 2f+1 VIEWCHANGE messages, it can broadcast the NEW-VIEW message and take the entire system into a new view. For the security of the system in combination with the three-phase protocol of the PBFT protocol, the construction rules of the NEW-VIEW information are designed in a quite complicated way. You can refer to the original paper of PBFT for more details.

VIEWCHANGE contains a lot of information. For example, C contains 2f+1 signature information, P contains several signature sets, and each set has 2f+1 signature. At least 2f+1 nodes need to send a VIEWCHANGE message before prompting the system to enter the next new view, and that means, in addition to the complex logic of constructing the information of VIEWCHANGE and NEW-VIEW, the communication complexity of the view conversion protocol is $O(n2$.) Such complexity also limits the PBFT protocol to support only a few nodes, and when there are 100 nodes, it is usually too complex to practically deploy PBFT. It is worth noting that in some materials the communication complexity of the PBFT protocol is inappropriately attributed to the full connection between n nodes. By changing the fully connected network topology to the P2P network topology based on distributed hash tables commonly used in blockchain projects, high communication complexity caused by full connection can be conveniently solved, yet still, it is difficult to improve the communication complexity during the view conversion process. In recent years, researchers have proposed to reduce the amount of communication in this step by adopting aggregate signature scheme. With this technology, 2f+1 signature information can be compressed into one, thereby reducing the communication volume during view change.