Interpretation of Algorand Co-Chain Technology

BTC0.0₂₀

ETH0.0₂₀

HTX0.0₂₀

SOL0.0₂₀

BNB0.0₂₀

BTC0.0₂₀

ETH0.0₂₀

HTX0.0₂₀

SOL0.0₂₀

BNB0.0₂₀

Interpretation of Algorand Co-Chain Technology

Algorand

2020-03-26 06:13

本文约6963字，阅读全文需要约28分钟

Co-Chain is an Algorand permissioned chain, which ensures efficient and secure interoperability between Algorand's permissionless chain and other Co-Chains.

1. ALGORAND non-permissioned chain version

secondary title

Transparency, immutability and trust between strangers, these are the foundations of public permissionless blockchains. However, in the absence of technological development, blockchain has been a coveted realization for many years.

secondary title

ALGORAND permissionless blockchain

Algorand provides a truly decentralized, scalable and secure permissionless blockchain. It is truly decentralized: every token can participate in the consensus protocol with the same power as any other token. It is scalable because it can support billions of users to generate a block in seconds using only a small amount of computation. And it's safe because it can't be broken by a few miners or trustees, or owners of a small fraction of tokens. In fact, as long as the majority of the Algorand blockchain’s tokens are in reliable hands, it’s guaranteed to work.

The Algorand protocol relies on entirely new technologies, such as its unique cryptographic lottery and ultra-efficient Byzantine agreement.

In addition to being fully decentralized, scalable, and secure, Algorand's permissionless blockchain has the following notable properties:
Handle standard assets and smart contracts at Layer 1. Blockchain handles different transactions at different levels. Tier 1 is the most immediate and safest. Traditionally, Layer 1 only deals with ordinary payments and the consensus protocol itself, and the issuance of new assets, smart contracts, and everything else is handled in Layer 2. But Layer 2 protocols are notoriously slow, expensive, and error-prone. In contrast, Algorand also handles the issuance of standard assets and a large number of smart contracts at layer 1, including asset tokenization, atomic transactions[2], and collateralized lending, and is able to isolate and retract disputed transactions when necessary. In fact, Algorand satisfies most current use cases of smart contracts at layer 1, with the same security and efficiency as ordinary means of payment.

2. first level title

ALGORAND license chain version

The main advantage of permissioned blockchains is the ability to protect transactions from outside interference. [3]

In Algorand's permissionless version of the chain, each native token (aside from being a unit of measure for the native currency (Algo)) can participate in the consensus protocol and have the same powers as other tokens. However, in Algorand's permissioned chain version, enterprise E can only use the given 10M token pool for the consensus protocol, and divide it into the validator node set V of its own choice in any way. For example, E can choose V to include only 5 validators, and allocate 2M consensus tokens to each validator. The upshot of this is that E gives each of the five validating nodes the same ability to generate new blocks. As another example, E can choose 55 verification nodes, distribute 1M tokens to each of the first 5 verification nodes, and distribute 100K tokens to each of the other 50 verification nodes. In this way, the block generation capacity allocated by E to the first 5 verification nodes is 10 times that of the other 50 verification nodes.

The permissioned version of Algorand has an extremely fine level of granularity, allowing different validators to be assigned different weights.

By using an Algorand permissioned blockchain, rather than building its own permissioned chain from scratch or adopting another permissioned chain, E gains the following key advantages:

a) Weighted decentralization on demand. Choosing an arbitrary number (any weight) of validators is critical. In fact, E may want to make this choice to improve the security of its own blockchain, or to expand the community it serves. Blockchains that initially serve a small number of financial institutions can start with a small number of validating nodes. But what if later on it wants to serve small and medium-sized banks and credit unions, all of which want to participate in block generation? A consensus algorithm that works for a small number of participants may not work effectively for hundreds or thousands of participants. And changing tactics mid-way can be quite challenging! By allowing the consensus protocol to scale to billions of validators, E is able to guarantee that the set of validators can be expanded at any time without problems. Scaling down is easy, scaling up is hard.

c) Upgradability and continuous innovation. Whenever improvements and innovations are added to the core permissionless Algorand main chain, using the permissioned version of the Algorand protocol automatically provides E with future improvements and innovations.

3. ALGORAND Co-Chainsecondary title

definition

(d) Interoperability with other Co-Chains. Permissioned blockchains allow users within a given range to interact securely. But it may not allow them to interact with other entities and individuals. This is a big limitation because the world "outside" is larger than the world "inside", and we may want to interact with the larger world. A group of financial institutions may want to build their own permissioned chain. But some medical institutions may want to do the same. Since healthcare is such an important part of the economy, the chain of financial institutions will presumably want to interact and exchange assets with the chain of medical institutions. Without external interoperability, members of a permissioned chain can become trapped within their own chain.

Co-Chain is an Algorand permissioned chain, which ensures efficient and secure interoperability between Algorand permissionless chains and other Co-Chains.

Co-Chain is an Algorand permissioned chain, which ensures efficient and secure interoperability between Algorand permissionless chains and other Co-Chains.

First challenge: security

Interoperability between permissioned chains is easy to declare, but hard to guarantee. Consider a simple example. User a owns asset x and he wants to exchange it with another user b who owns asset y.

If a and b belong to the Algorand permissionless chain or the same Algorand Co-Chain, this problem can be solved within 5 seconds with finality and security. In fact, they can use atomic swaps, which is one of the main tools available in Algorand as layer 1 transactions. But what if a is a member of Co-Chain A and b is a member of another Co-Chain B?

The exchange of assets between different chains is usually realized through the hash locking protocol. But there are considerable problems with this approach. In addition to requiring multiple logically complex steps, it is also vulnerable to denial of service attacks. Such an attack could allow a cheating party to keep its assets while gaining the other party's assets. To avoid this, the agreement may need to last for a long period of time, which may make the cost of denial of service higher than the value of the underlying asset.

The second challenge: clear ownership

However, this creates another problem, and one that applies to any protocol that only involves x and y and their respective blockchains A and B. That is, since A and B are permissioned private chains, at most only their members know that x and y have exchanged original assets, therefore, b is now owned by members of chain A. If chain B breaks, nothing prevents y from repeatedly selling b to members of other blockchains or exchanging it for other assets! Essentially, this amounts to double spending in asset exchange.

Chain interoperability should guarantee clear ownership of any assets acquired by members of an honest chain. This is true even for assets obtained from members of a corrupt chain.

4. first level title

secondary title

preamble

We use MAIN to denote Algorand's mainnet, which is permissionless and public. Correspondingly, each Co-Chain monitors the blocks of MAIN. For each Co-Chain C, MAIN maintains
C's latest list of validators VALIDATORSC,

And an up-to-date list ASSETSC of all assets owned by members of C that can be transferred to other chains.

Initially, when a Co-Chain is formed, both lists may be included in what is essentially C's genesis block in MAIN. (This genesis block differs from C's original genesis block in that it indicates which are C's initial public keys, and which assets those keys originally owned.)

It needs to be emphasized that MAIN not only knows nothing about the transactions happening in Co-Chain C, but also does not know the actual public keys of C, let alone the actual users who use these keys! In fact, ASSETSC will not reveal any information about the public keys in C that control the assets in ASSETS.

Asset Transfer from Algorand Co-Chain to Main Chain

User x of Algorand Co-Chain A may want to transfer asset a owned by him to MAIN through public key tx. User x could do this for any number of reasons. For example, x might want to auction a, and "the more bidders, the higher the price". Therefore, instead of auctioning a on A, user x may be more willing to auction on MAIN, so that not only the members of A will bid, but also the members of MAIN or other Co-Chains will bid. In fact, any member of Co-Chain can easily transfer stablecoins to MAIN for the sole purpose of participating in the auction.

Same as the normal transfer in Co-Chain A, the operation of transferring a from tx to MAIN is authorized by the digital signature of tx, denoted as SIGx(tx, a, MAIN). Since tx owns a, and the transfer is properly authorized, SIGx(tx, a, MAIN) enters a new block X of A that is properly authenticated by A's validators. At this point, all members of Co-Chain A realize that neither tx nor any other public key in A owns asset a. Therefore (unless A is corrupted), tx can no longer authorize transfers of a within or outside of A.

text

X= (SIGx (tx, a, MAIN), other transfers to MAIN, H)

where H is a one-way hash (typically 256 bits in length) of all transactions in A that must be kept private in A. It should be noted that the format of X is very compact. In fact, it only contains 256 bytes, excluding information intended to be passed on to the Algorand main chain.

Block X in this format and its certificate in A are propagated to nodes of MAIN.

text

Since Co-Chain A runs the same consensus algorithm as MAIN, and MAIN knows A's validator, MAIN's validator can parse X's certificate and learn that
tx is A's key to own asset a, and

The owner of key tx wishes to transfer a to Algorand's main chain.

Correspondingly,
Asset a is removed from ASSETSA, and

NOTE: The MAIN used in step 1 is both public and non-permissioned. Specifically, the fact that MAIN is permissionless ensures that tx becomes a key in MAIN without any problems. And the fact that MAIN is public ensures that everyone is aware that asset a is now in MAIN. This guarantees that y will (in the next step) take explicit ownership of a. In fact, no matter whether Co-Chain A is damaged or not, neither x nor any other member in A can transfer a to any member of any other Co-Chain.

Asset transfer from main chain back to Co-Chain

After selling a in MAIN, tx may want to transfer the stable coins obtained from the auction to A.

More generally, if tx is the public key of both MAIN and A, tx may want to transfer the asset b it owns in MAIN to A. Again, such a transfer may be authorized by the digital signature of tx, denoted SIGx(tx,b,A), which enters a new block in MAIN. Since MAIN is permissionless, A's validators may see SIGx (tx,a, A) appear in MAIN's block, or they may see an appropriately compact proof of such occurrence via tx itself. In either case, A's validator will cause tx to be the current owner of asset b in A, since it is already a key in A. At the same time, as soon as SIGx(tx, a, A) appears in MAIN's block, tx no longer owns b in MAIN, and ASSETS A will be updated to include asset b.

secondary title

Co-Chain Interoperability

Next, we use the same asset exchange example mentioned above to illustrate how Co-Chains interoperate. Now, A and B are different Algorand Co-Chains. Specifically, asset a is controlled in A by public key tx, whose private key is known to x, while asset b is controlled in B by public key ty, whose private key is known by y.

To exchange their assets, x and y utilize MAIN through the following conceptual steps.

1. In chain A, tx "transfers a to MAIN" and provides proof of transfer to MAIN. In chain B, ty "transfers b to MAIN" and provides proof of transfer to MAIN.

3. In MAIN, tx transfers b to A, and ty transfers a to B. Both chains A and B can see both transfers.

secondary title

Instructions for Step 1

Step 1 can be achieved by tx issuing SIGx (tx, a, A) in MAIN's block, as described above. Correspondingly, in MAIN,
Asset a will be removed from ASSETA, and asset b will be removed from ASSETB.

Similarly, the same is true for ty.

secondary title

Instructions for Step 2

Instructions for Step 3

As mentioned earlier, in MAIN, tx transfers b to itself in A, since tx is still A's approval key. Similarly, the same is true for ty.

Additional information

We can notice that the whole process is very fast. In fact, each of the above three steps can be performed in the time it takes to generate a new block. This time does not exceed 5 seconds in Algorand's main chain. But generating blocks in Algorand Co-Chain could be much faster. In fact, in the Algorand protocol, a block can be produced in the time required to ensure that a majority of validating nodes see the block. In a Co-Chain with a fast network speed, this time is negligible.

We also noticed that the whole process happens on layer 1, so whether it is in the main chain or in the Co-Chain, it has higher security.

text

Enhanced privacy

The privacy of asset exchange between Algorand Co-Chains can be greatly enhanced.

text

____________________

Specifically, tx and ty can be temporary keys that are only used by x and y in this asset exchange. That is, before starting the above three-step process, x generates a temporary public key tx and transfers asset a from any public key previously held by a to tx. After step 3 is done, and tx owns asset b in A, x can transfer b from tx to any other public key of his choice. In this way, Algorand's main chain never knows which public key in A originally owned asset a, and which public key will eventually own b.

[1] Algorand consensus is not a long process. As more and more blocks are appended to a given block B, it becomes more likely that people will reach a consensus on B. Algorand alone agrees on new blocks, and after this process is complete, agrees on the next block, and so on.

[2] Atomic transactions enable multiple users to exchange assets in a single transaction, or execute multiple payments in multiple currencies. Therefore, no participant in an atomic transaction can cheat another participant, and no one is afraid to be the first to try.

[3] Another oft-cited reason for choosing a permissioned blockchain is security. However, this rationale misses the point that decentralization itself is the main source of security.

*The full technical paper will be released soon, so stay tuned.

SERGEY GORBUNOV | Head of Encryption

MAURICE HERLIHY

Sergey is an Assistant Professor at the University of Waterloo. His research focuses on fundamental cryptography and the design of large-scale security systems, computer networks, protocols, and blockchains. He received his Ph.D. from MIT in 2015 and is also a recipient of a Microsoft Ph.D. Fellowship. His dissertation on building advanced encryption protocols using lattice-based cryptography won the MIT Sprowl Ph.D. Dissertation Award in Computer Science. Before joining Algorand, he was the founder and CTO of Stealth Mine and spent time at IBM's TJ Watson Research Center.

Professor Herlihy is a world-class expert in the field of distributed computing. He is the recipient of the 2003 Dijkstra Prize in Distributed Computing, the 2004 Gödel Prize in Theoretical Computer Science, the 2008 ISCA Influential Paper Prize, the 2012 Edsger W. Dijkstra Prize, and the 2013 Wallace McDowell Prize. He is a fellow of the ACM and a fellow of the American Academy of Inventors, the National Academy of Engineering, and the American Academy of Arts and Sciences.

Professor Herlihy holds a Ph.D. in Computer Science from the Massachusetts Institute of Technology.

SILVIO MICALI | Founder

Silvio Micali has taught at the Department of Electrical Engineering and Computer Science at the Massachusetts Institute of Technology since 1983. Silvio's research focuses on cryptography, zero-knowledge, pseudo-random number generation, security protocols, and mechanism design. In 2017, Silvio founded Algorand, a fully decentralized, secure, and scalable blockchain that provides a public platform for building products and services for the decentralized economy. At Algorand, Silvio oversees all research, including theoretical, security, and cryptofinance.