Grin: The magic of Harry Potter?

Grin is a popular privacy token in recent times. It is community-driven and relatively decentralized. Its explosion is a rebound of the market to the payment and settlement field when the public chain encounters a bottleneck in the short term.

event

At the beginning of the new year, the earth is getting colder in the deep winter. The blockchain industry and token market, which have experienced a period of depression, are still frozen. However, since the end of 2018, the privacy token Grin has become a long-lost hot topic in the blockchain community and has received widespread attention from the market. As the mainnet is about to be launched, we will take a closer look at Grin with everyone to explore its essence and possibilities.

text

1Grin: An idealistic privacy token

Grin is a relatively popular privacy-based payment and settlement token recently, and is committed to becoming an electronic cash that is truly used in daily transactions. The project is developed by a community team, some core members are anonymous, and the token is entirely generated through mining. It is truly a breath of fresh air in the blockchain industry where project owners are generally deep in routine, and it reminds everyone of the idealism of BTC back then. Grin is committed to achieving BTC's original goal, returning to its roots, and providing the industry with an asset that is truly suitable for use as cash through privacy, convenience, and an appropriate inflation curve.

1.1 Back to Basics: Private Electronic Cash

Grin is based on the MimbleWimble underlying protocol and has the characteristics of privacy. MimbleWimble, the underlying protocol of the Grin network, is a new encryption protocol based on elliptic curves. It creates multiple signatures for all inputs and outputs, and conducts transactions by sharing "blind factors". There is no concept of addresses, and specific information will not be disclosed to the entire network, but it maintains the verifiable characteristics. The term "MimbleWimble" comes from the mute spell in "Harry Potter", which vividly reflects the nature of the protocol. Privacy is an inherent feature of cash, and traditional payment settlement tokens such as BTC directly save the payer address, the recipient address and the amount on the chain, which limits its "electronic cash" function in many scenarios.

Focusing on payment and settlement, relatively decentralized. Smart contracts and public chains were the hot spots in 2017, with leading projects such as EOS and ETH also developing rapidly. For a long time, the blockchain industry has been seeking to realize more application scenarios, and even BCH, which was forked from BTC, is also developing in the direction of public chains. However, Grin went against the trend and chose to be a pure payment and settlement token. Payment and settlement is the original function of blockchain and one of the few verified real needs. Grin's positioning is more pragmatic. However, Grin's transactions require cryptographic interaction between both parties, which is quite different from BTC and other models that only require the payee to initiate. It is also not in line with people's usage habits, has a certain user threshold, and also limits its use in some scenarios, such as large-scale collection and donations. The development team said that they will not limit the implementation of Grin transfers and will provide a toolkit to facilitate developers to design new exchange solutions. At the same time, the Grin network will delete most of the transaction data and only retain key information such as the total amount, which greatly reduces the size and operating burden of the full node, solves the potential centralization problem caused by the reduction of full node operators for PoW consensus mechanism tokens such as BTC and ETH, and provides higher scalability.

The popularity of Grin is, to a certain extent, the community's exploration of returning to its roots when the public chain route encounters bottlenecks. ETH introduced the concept of smart contracts, which brought the blockchain industry from stage 1.0 to stage 2.0. The application scenarios are no longer limited to payment and settlement, and practitioners have begun to try in almost all conceivable fields. However, after the collective excitement, the public chain technology has not yet broken through its bottleneck, and the real-world applications in many fields have also encountered setbacks. After experiencing a continuous downward cycle in 2018, a round of tides has receded, and people have begun to rethink the nature and development of the industry. The traditional payment and settlement field has once again attracted attention, and the prices of ETH and EOS relative to BTC are, to a certain extent, a reflection of this change. The resurgence of payment and settlement tokens has become an opportunity for the rise of the Grin project that began in 2016.

Community development, strong idealism, low commercialization. Grin's development is driven by the community rather than the enterprise, and it has not received any financing, only donations. Before the mainnet was launched, the team did not carry out any token distribution and pre-mining, and also stated that it would not actively seek to be listed on exchanges, and the commercialization level was low. On the one hand, this reduces the possibility of the project party harming the community and investors, and on the other hand, it will also hinder the promotion and application of Grin to a certain extent.

1.2 Linear supply, inflation gradually decreases

Grin tokens are obtained entirely through mining, with one block produced every minute, and each block has a block reward of 60 Grin, and the output does not decrease. Grin is a token that uses the PoW consensus mechanism. The entire network produces an average of one Grin per second, with an annual output of 31.536 million. Its total amount is in a linear growth state and has no upper limit. This mechanism is significantly different from the production reduction mechanism of PoW tokens such as BTC, and is a non-deflationary economic model. Core developer Michael Cordner "Yeastplume" explained that they designed this mainly to avoid early miners benefiting significantly more than later miners, and hoped that Grin could really become a medium of exchange rather than a tool for value storage or speculation.

The system has a high inflation rate in the early stage, and it will gradually decrease in the later stage. Grin's growth rate is fixed, so the inflation rate of the system decreases as the total scale increases. Starting from the second year, the inflation rate in the Nth year is 1/(n-1), which is an inverse proportional function. When N is large enough, the inflation rate will approach 0.

This monetary policy is conducive to the stability of Grin's value and can help it be used more as a medium of exchange. Traditional digital tokens such as BTC generally have a production reduction mechanism. The output is high in the early stage, but the increment will be greatly reduced in the later stage. The output curve of BTC is discontinuous. When it reaches a certain block height, it will jump to half. Some hardware may be eliminated and the computing power will fluctuate to a certain extent. The price cycle of BTC is closely related to the production reduction cycle. In addition, the production reduction model has inherent deflation, which will stimulate people to use the corresponding tokens as a tool for value storage or even speculative chips, which is not conducive to its promotion as a payment and settlement tool. Grin has a high inflation rate in the early stage of rapid growth of the system scale. As the system scale expands and gradually stabilizes, the inflation rate also tends to be flat, which is in line with the law of ecological development and is more likely to maintain value stability. In addition, when the output is reduced to below the limit accuracy allowed by the data structure, BTC's block reward will disappear, and miners will earn income entirely from transaction fees. However, the changes that this process will cause to the system are neither traceable nor easy to calculate. Uncertainty will reduce stability, and Grin avoids this problem through highly stable income expectations.

2 Technology: Privacy Protocol and Consensus Mechanism

Grin is an open source blockchain project that implements the MimbleWimble privacy encryption protocol and uses the ASIC-resistant PoW algorithm Cuckoo Cycle.

2.1 MimbleWimble Privacy Protocol

MimbleWimble comes from the "Tongue-Tie Curse" in the novel "Harry Potter". The caster uses this spell to make the tongue of the cursed person "tie" to prevent him from accurately reciting the spell or revealing secrets. The original white paper of MimbleWimble was released by an anonymous developer. It improves the anonymity of transactions on the basis of BTC by hiding the transaction amount, not reusing "addresses", and merging block transactions.

Each BTC transaction has three key pieces of information: transaction amount, address of the sender and receiver of the transaction, and the monitoring nodes in the network can monitor the IP of the transaction broadcaster, making it possible to associate the BTC address with the real physical address. In addition, once a transaction has been made at an address, it is easy to obtain the transaction history and balance information of this address through tools such as blockchain browsers, so the privacy of both parties of the transaction is difficult to guarantee.

MimbleWimble is like a tongue-tying spell imposed on online transactions. Through cryptographic technology, it makes every transaction "silent" and no longer reveals these key privacy information.

In the BTC network, the principle for accounting nodes to determine whether a transaction should be included in the block to be packaged is usually only the legitimacy of the transaction. In the process of verifying the legitimacy of the transaction, the following information is exposed: the address and public key of the transaction sender (used to verify the sender's right to use UTXO), the transaction amount (used to verify whether the total transaction input is equal to the total output), and the address of the transaction receiver.

We know that the private key of BTC is essentially a string representation of a randomly generated large integer, and the public key is calculated based on the private key through elliptic curve cryptography (ECC). Even if the elliptic curve algorithm is known and the public key is public, it is still difficult to decrypt the private key. After encrypting information with a private key, a signature of the information can be obtained. When the public key, signature, and original information are known, it can be verified whether the signature is generated by the corresponding private key. This constitutes the cryptographic basis for BTC to transfer and verify transactions.

It is also easy to understand the principle of this type of encryption method. Prime number multiplication is an example. Assume that a, b, c... are several very large prime numbers, and s=abc... is their product. If s is known, it is difficult to find its prime factors, but it is very simple to verify whether a or b, c is a factor of s, because decomposing large prime factors is difficult to achieve at the current level of computing.

The elliptic curve is a function graph of a type of equation on a two-dimensional plane. Some points on this curve can define addition operations: P+Q=R, where R is the symmetric point of the intersection of the line connecting P and Q and the elliptic curve about the x-axis. P+P is defined as the symmetric point of the intersection of the tangent through point P and the elliptic curve about the x-axis. From this, we can define a multiplication operation kP, which is equal to adding P to itself k-1 times (k is an integer). The set composed of this part of points is closed for such addition operations, which means that the results of addition and multiplication operations between any points in the set are still in this set.

Although the "addition" of elliptic curve points P+Q is different from the addition we are familiar with, we can understand this concept through integer addition. If k is a very large integer, we can quickly calculate the value of kP=Q through some algorithms, but knowing the calculation result Q and the value of P, it is very difficult to calculate k. It can be understood that point P becomes point Q after k "transformations", but given two points P and Q, it is difficult to calculate how many transformations are needed to turn P into Q.

In the above example, k is called the private key, and P is a specific point on a pre-selected elliptic curve. Then Q=kP is the public key of the private key k on P. The logarithmic multiplication of elliptic curve points satisfies the distributive law, that is,

(k+j)P=kP+jP

This property is also called "homomorphic encryption" in cryptography, and the elliptic curve group satisfies additive homomorphism.

MimbleWimble uses a similar idea to process transaction information, using the additive homomorphic properties of elliptic curve encryption to ensure that it can verify the legitimacy of the transaction amount even if the specific transaction amount is unknown.

Assuming k and j are the total input and total output of a transaction, BTC verifies k+j=0 through the plaintext transaction amounts k and j to ensure the legality of the transaction amount, that is, it will not create money out of thin air or make money disappear. According to the "Elliptic Curve Distributive Law", it only needs to verify the encrypted result kP+jP=0 to prove k+j=0 without knowing the specific value.

Since the transaction amount has a limited range, attackers can guess the actual transaction value by exhaustively searching for private keys. In order to ensure security and privacy, MimbleWimble also introduces a confusion factor to prevent similar exhaustive attacks. Let r be the private key of the sender (receiver), v is the input (output) of the transaction, G and H are two specific elliptic curve points, rG is the public key of r on G, and vH is the public key of v on H.

rG+vH is called a Pedersen commitment, which will be the only content disclosed by both parties to the transaction. Even if G and H are known, it is difficult to infer the values ​​of r and v. The legitimacy of the transaction can be easily verified through the Pedersen commitment, and the range of v can be verified to be legal through the range proof, that is, it cannot be negative and cannot exceed the account balance.

MimbleWimble can verify transactions without exposing the public keys of both parties. BTC verifies the sender's right to use UTXO and completes the transfer of the right to use to the receiver by attaching the addresses of both parties and the sender's public key to the transaction.

The output of a transaction is a Pedersen commitment. If you want to spend this input again, you need to know the values ​​of r and v at the same time, otherwise the Pedersen commitment cannot be restored. The previous sender of this output knows the value of v, so the two parties in the transaction must each hold a different r value (private key) known only to themselves, that is, the private key can be used to prove the ownership of a certain amount of currency contained in the Pedersen commitment.

Suppose the private key of the transaction sender is r, and the sender inputs rG + vH, which proves that the sender has v coins, and the receiver adds (r+k)G+vH to his output and public key kG, where r+k can be a randomly generated number. In this way, the receiver generates a private key r+k that only he knows, and kG does not reveal any information about the private keys and public keys rG and (r+k)G of both parties. kG is regarded as the signature of this transaction, and together with some additional data is called the transaction core. To verify the legitimacy of the transaction, it only needs to verify that ((r+k)G+vH)-(rG+vH)=kG, which proves the following information: the input and output amounts are equal, the sender has the right to use the currency contained in the Pedersen commitment, and the right to use the amount of currency has been transferred to the receiver.

It can be seen that the right to use an unspent transaction is bound to a specific private key, that is, there is no concept of address in MimbleWimble, and each transaction uses a different private key. In the process of transaction creation to confirmation, the transaction amount and the public keys of both parties are not exposed to third parties, thus ensuring the privacy of the transaction.

MimbleWimble also further hides the original information of both parties by merging intermediate transactions. The BTC blockchain information using the UTXO model records every complete transaction, so each UTXO can be traced back to the genesis block. An attacker may reveal the transaction relationship between different addresses by analyzing a large number of historical blocks, causing the leakage of user privacy information. MimbleWimble merges all transactions in a block and only retains the transaction core to prove its legitimacy. It reduces the block size and enhances privacy while being able to be verified.

However, this method is only effective when multiple transactions are included in one block, and its ability to hide transaction relationships is weaker than anonymous tokens such as Monero.

2.2 Cuckoo Cycle consensus algorithm

The PoW algorithm used by BTC requires accounting nodes to prove that they have spent a certain amount of computing power by repeatedly evaluating the hash function, and compete for the network's block production rights (accounting rights) based on the amount of computing power. However, with the development of ASIC mining machines, the computing power of ordinary users' computing devices cannot compete with these professional mining equipment, which has caused the community to worry about the centralization of computing power and mining pools.

Cuckoo Cycle is a proof-of-work algorithm proposed in 2014 that aims to achieve "more equality" against ASIC mining machines, thereby achieving "decentralization" of mining equipment. Since DRAM latency is relatively stable compared to the rapid increase in CPU speed, and the cost is also higher, memory-hard algorithms that reduce computing power requirements and replace them with memory capacity requirements are generally considered to be ASIC-resistant. Cuckoo Cycle is a graph-theoretic memory-hard algorithm that requires the storage of a large number of intermediate states during the calculation process. After the mainnet is launched, the device must have at least 6G video memory to mine.

The Grin testnet currently runs two modes of PoW: the ASIC-friendly primary mode Cuckatoo31+ and the ASIC-resistant secondary mode Cuckatoo29. In the initial mining, the primary algorithm will mine 10% of the blocks, and the other blocks will be produced by the secondary algorithm. As mining progresses, 100% of the blocks will be produced by the primary algorithm. Although the primary algorithm is ASIC-friendly, current ASIC miners do not support mining with this algorithm, so Grin's design may be to encourage chip manufacturers to design ASIC miners for its primary algorithm.

3Ecology: Community-driven, decentralized computing power

3.1 Community development, high popularity

Grin adopts a community-based development model. Unlike the current dominant corporate development model, Grin's development is driven by the community. Currently, there is a core committee that makes development decisions, including major developers and community members. Grin is an open source project that is not controlled by any commercial organization. Its development direction reflects the collective will of the community to a certain extent. The following are the main developers:

John Tromp: Inventor of the Cuckoo Cycle consensus algorithm, computer and mathematical scientist, and well-known researcher of mathematical problems in Go.

Ignotus Peverell: An anonymous developer whose name comes from the owner of the invisibility cloak in Harry Potter. He is the initiator of the Grin project and the contributor with the most code.

AntiochPeverellAnitioch: An anonymous developer who participated in the Grin project in its early stages. His name also comes from Harry Potter and he is the second largest code contributor.

Michael Cordner: @yeastplume, the third code contributor, a non-anonymous core developer, and the core team often communicates with the outside world through him.

Daniel Lehnberg: He is in charge of community operations in the Grin team. He is a very unique person and is responsible for Grin's ecological weekly report.

Quentin LeSceller: Member of the project sponsor Blockcypher team and developer of Grinmint, the Grin mining pool.

The team only accepts donations and does not pre-allocate tokens. Similar to Bitcoin, Grin is obtained entirely through mining, without any pre-allocation plan. The development team adheres to a completely community-driven model, does not accept investments, only accepts donations, and only expresses gratitude to donors on social media. As of press time, Grin has initiated 4 fundraisings, 3 of which are for the project's development fund and 1 is a personal development fund raised by Michael Cordner. The project's financing scale is very small and its use is relatively transparent.

Grin is a popular project recently, and the community's overall attention is high. Grin's Twitter has 6159 followers and 258 likes, and a total of 1531 tweets have been published, with a relatively high update frequency and attention. The number of views of the more popular posts in the Grin official website forum can reach 4.3k, with active discussions and technical content. Grin's Chinese community is also relatively active, with multiple WeChat groups of 500 people, and the discussion content is mainly about technology and mining methods. Overall, Grin's community foundation is relatively strong, and the startup phase may be relatively smooth.

3.2 Initially ASIC-resistant, high mining threshold, and relatively decentralized computing power

Grin's consensus algorithm is ASIC-resistant in the early stage, and the mining threshold is high. Grin adopts the Cuckoo Cycle consensus algorithm, which is ASIC-resistant. In the early stage, it is difficult for manufacturers to develop ASIC mining machines, which prevents professional miners from having too much advantage over users who use personal computers to mine. The ASIC resistance of this algorithm is achieved through high memory requirements. Nvidia graphics cards with more than 6G video memory must be used for mining, which greatly increases the cost of mining. Specifically, GTX1060 6GB and above graphics cards must be used for mining, excluding AMD graphics cards and P106 low-end models that were widely used in graphics card mining machines before. Grin's consensus algorithm prevents the migration of a large number of existing graphics card mining machines, and to a certain extent prevents the monopoly of professional miners. However, compared with the previous 8GB video memory threshold, the current requirements allow a large number of dedicated cards P106-100 to mine Grin, and the algorithm has reduced its hindering effect on professional miners. This change has also caused great controversy in the community.

The hashrate is relatively decentralized, which prevents the miners from having too much say. Early ASIC resistance and incompatibility with existing graphics card mining machines prevented the problem of hashrate centralization to a certain extent. In the early stages of community development, it was difficult for miners to gain an absolute advantage in hashrate. We believe this is very beneficial for early community building, as it can prevent powerful miners from monopolizing the power of speech in the early stages. As the community expands and the proportion of new Grin in the system decreases, the ASIC algorithm will be gradually opened up, and professional miners will be introduced to maintain the network. At this time, the community is relatively stable, and the market value of Grin held by community members is relatively high, which can effectively restrict miner groups and avoid similar events as the hard fork of BTC and XMR.

Increasing community participation in mining will help improve Grin's market recognition. The decentralization of computing power means that more ordinary community members can participate in mining, which only requires electricity and high-performance computers. The early Grin tokens will be relatively decentralized, which is conducive to forming community consensus and improving Grin's market recognition. The decentralization of computing power and the high-inflation economic model in the early stage can effectively curb miners' capital and speculative capital in the relatively weak stage of the community, ensure the community's dominance of the Grin project, and help Grin realize the vision of the development team and the community.

4 Risks: Initial price fluctuations, potential regulatory pressure

Grin's total supply was low in the early stage but it grew rapidly, with high risk of price fluctuations and only over-the-counter trading channels. Unlike other tokens, Grin's stock was 0 when the mainnet was launched, and then the number increased linearly with the progress of mining. The early supply was small but grew rapidly, which made its price fluctuation risk greater. Investors are advised to be careful to identify speculation and not to buy at a price that is significantly higher than the mining output cost. In addition, Grin did not have an on-site trading channel in the early stage, and could only be circulated in a peer-to-peer manner over the counter, and the credit risk of the counterparty also needs special attention.

Grin's anonymity makes it face potential regulatory pressure. Grin has cryptographic anonymity, which makes it difficult to review related transaction information on the chain. On the one hand, the anonymity feature will facilitate users and expand application scenarios to a certain extent, but on the other hand, it will also give rise to the possibility of illegal trading activities. Due to the high difficulty of review and supervision, government agencies in some countries may restrict the circulation of Grin by blocking legal currency accounts and other means, thereby affecting the development of the ecosystem. Regulatory risks are an issue worthy of consideration by the Grin community and a major obstacle for Grin to go public.

Notes:

Due to some reasons, some of the terms in this article are not very accurate, such as: token, digital token, digital currency, currency, token, Crowdsale, etc. If readers have any questions, please call or write to discuss.