Simple is SECURE…
The principal reason is that human beings are very bad at managing complexity. A small, simple program may be bug-free, but as the software grows very large, the complexity becomes really hard to control. Bugs will always slip through.
Bitcoin, open-source software is also prone to some bugs. Even though most issues are easily fixed , sometimes bugs and errors arise may cause unpredicted dangers and problems. For example, occured with
🔴 The CVE-2010–5139 bug on August 15th, 2010 resulted in 184-Billion BTC being minted. On the heels of this event core developers Gavin Andresen and Satoshi Nakamoto had to roll back the blockchain in order to purge this transaction from block 74638.
And money is no joke ツ.
For MimbleWimble Grin is the minimal implimentation of the protocol. Beside the main goal and the characteristic of Grin are;
- Implement pure mimblewimble for the scalability and enhanced privacy.
- Fair distribution with a pure linear emission.
- Community driven, encouraging mining decentralization.
- Design simplicity that makes it easy to audit and maintain over time.
So if bugs and errors are so vital ,where we put Grin MimbleWimble, what does minimal implementation mean?
When asked to John Tromp, a long time contributer of Grin, and also inventor of proof of work algo Cuckoo Cycle , mathematician and computer scientist.
What about Grin MimbleWimble simplicity, what doest it mean ?
He answered with this;
‘’Are There Any Public Cryptocurrency/Blockchain Projects Seriously Rivaling Grin’s Simplicity? ‘’
- Simplest possible consensus model: Proof of Work. Grin uses Nakamoto consensus just like Bitcoin.
- Simplest possible emission: 1 grin per second forever. Grin uses Tail Emission from launch, the complete opposite of Bitcoin’s Capped Supply. The latter is known to suffer from insecurity and mining instability once the block subsidy becomes insignificant, unless a constant backlog of high fee paying transactions can be created (which Bitcoin seems to manage with its constrained block size). Emission properties are further explored in [1a] and [1b].
- Simplest possible blockchain protocol: Pure Mimblewimble. In Mimblewimble, outputs are Pedersen commitments r*G+v*H which combine value and blinding factor into a single curve point. The blinding factor serves both to hide the value and to control ownership. Correspondingly, a single (multi-)signature serves both to prove value balance (non-inflation) and to authorize transfer of ownership. The magic doesn’t stop there, as transaction cut-through results in the collapse of the entire transaction history into a single transaction with no inputs and the current UTXO set as outputs [2].
- Simplest possible blockchain sync: download the UTXO set, and a ~100 byte kernel that remains for every transaction. No need to know anything about spent outputs.
- Simplest possible confidential supply audit: every sync verifies the UTXO set with the equation
Σ utxo = Σ kernel + offset * G + height * 60e9 * H
where each kernel is a provable commitment to 0 (as is offset * G), and height * 60e9 is the expected number of nanogrins emitted in height one-minute blocks.
- Simplest possible mixer: a straightforward mixing protocol [3] can non-interactively mix up to thousands of self spends each day or hour.
- Simplest possible (memory hard) Proof of Work Algorithm: Cuckatoo Cycle. Its mathematical specification is only 13 lines [4a] based on the very simple siphash-2–4 hash function. Which translates to just 42 lines of C code [4b]. Like Bitcoin, solutions can be instantly verified, but unlike Bitcoin, a single solution attempt (searching a graph) takes on the order of a second.
- Simplest possible Difficulty Adjustment Algorithm: wtema. Just one line of code [5a] that outperforms many other DAAs [5b].
- Simplest possible scripting functionality: scriptless scripts. Grin does away with Bitcoin’s script and all its complexity, but retains a lot of its functionality, including multi-signatures, and both absolute and relative timelocks. It easily supports atomic swaps, discreet log contracts, and bidirectional payment channels. It lacks hash locks, but finds a superior alternative in adaptor signatures.
- The simplicity is reflected in the relatively small Rust codebase of the reference implementation [6a] and the alternative C++ implementation [6b].
After all this evidence, proof and research what we understand is Simple is SECURE..
and i really wonder and ask again.
Are There Any Public Cryptocurrency/Blockchain Projects Seriously Rivaling Grin’s Simplicity?
¯\_(ツ)_/¯
Edited by cekickafa, written mainly by J.Tromp 👏
Reference and resources links
[1a] https://john-tromp.medium.com/a-case-for-using-soft-total-supply-1169a188d153
[1b] https://medium.com/@CryptoProfG/grin-money-explained-4-exploring-grins-monetary-model-e48b1761653
[2] https://phyro.github.io/what-is-grin/mimblewimble.html
[3] https://bitcointalk.org/index.php?topic=567625.msg56288711#msg56288711
[4a] https://github.com/tromp/cuckoo/blob/master/doc/mathspec
[4b] https://github.com/tromp/cuckoo/blob/master/doc/spec
[5a] https://github.com/mimblewimble/grin/blob/master/core/src/consensus.rs#L376-L377
[5b] https://read.cash/@jtoomim/bch-upgrade-proposal-use-asert-as-the-new-daa-1d875696