The Dusk Network is a decentralized infrastructure focused on providing the right balance between privacy and transparency to payment, communication and asset ownership transfer.
All these terms are used interchangeably. Pedantically speaking, Segregated Byzantine Agreement or SBA⋆ is the consensus algorithm, while Proof-Of-Blind-Bid or Proof-Of-Sealed-Bid describes how the consensus achieves protection from sybil attack and eavesdropping. It is basically a metonymy.
Other blockchain platforms treat privacy as an all-or-nothing. They either provide complete anonymity or complete openness. Those pursuing the latter approach have a significant adoption problem, since they practically impose the broadcasting of transactions on open ledgers, even in the case of smart contract platforms. These transactions may very well be the object of sensitive topics such as the settlement of medical or legal bills, auction bids, wages or indeed, trade secrecy around supplier sources and pay rates. The former, like Monero, ZCash or Dash purposefully focus on being nothing more than a simple store-of-value, do not allow third parties to deploy their own brand of confidential services and are frowned upon by regulators. By solving a focused set of specific use-cases and allowing for the proper confidentiality for each case, the Dusk Network is the first crypto-system that aims at reconciling privacy with regulatory compliance.
This is a misconception. In democratic societies, privacy is very well accepted and even enforced at legislative levels by policy makers. An example is the GDPR. Another is the SEC enforcing secrecy to trading bodies in the stock market to prevent price manipulation. The Dusk Network provides the same level of privacy enforced by regulators. Only, it eliminates the “trusted third party” and returns the power of disclosure directly to the user.
For instance, in the case of payment, it is the responsibility of the wallet holder to show the details of the transactions on request of the auditors (by providing a view-key). In the use case of security, compliant confidentiality is achieved with KYC built in the protocol and the use of zero knowledge accumulators to keep the whitelist confidential.
No. As implied in the question, a "messaging app" is a user-facing application built on top of an enabling infrastructure (e.g. Whatsapp is a third party application deployed on top of mobile platform like iOS or Android). The Dusk Network is a scalable decentralized infrastructure entirely focused on confidentiality. It comes with a suite of innovative privacy-enabling technologies including a secure and low-latecy communication channel intended for pay-as-you-go data transmission services and a novel and scalable consensus algorithm for anonymous and secure transactions. Our targets are third party developers to deploy their own applications in the realm of payment, communication, anonymous storage and asset ownership transfer. Additionally, we are working on a new standard for KYC-enabled transfer of tokenized securities. We aim to use this to launch the first confidential security token platform for any organization to execute *STO* with the power to protect investor privacy while complying to regulatory frameworks.
No. DUSK is not a security because it presents a protocol-regulated inflationary mechanism and provides no profit or dividends whatsoever. It absolves the same role of Ether in the Ethereum ecosystem.
Transfer of asset ownership is subject to very different regulations. In some cases, full transparency is compulsory (for example in the case of cadastral registration of real estate ownership transfers), in others confidentiality is enforced by legislators (like in the case of stock purchases). To help third parties to meet the legal requirements of their ownership transfer use-case, the Dusk protocol provides optional on-chain operations of white-listing (using Zero-Knowledge Cryptographic Accumulators). In the sensitive case of securities, we are also developing a Confidential Security Token Standard that allows third parties to issue security tokens on top of the Dusk Network (the XST standard). Security tokens implementing the XST will have both privacy (i.e. investment and market positions are not openly broadcasted on the ledger) and Regulatory Compliance data (transfer of these tokens can happen only if purchasers add to the transaction KYC data satisfying regulatory requirements) embedded directly in the transaction protocol.
We are developing on top of Dusk a new token standard, with configurable confidentiality, which we intend to use to allow issuance of confidential security tokens. Basically the idea is to separate the confidentiality of the cash transactions (thus preserving the fungibility of DUSK) from that of asset ownership transfers, where the purchaser of an asset/security needs to satisfy KYC requirements at protocol level to complete an ownership transfer. The KYC procedure/provider is left to the token issuer and the asset purchaser has the capability of disclosing the transaction details to the authorities, on their request. We are pursuing the strategy to reach the level of compliance that would allow the Dusk Network to secure high-level multinational EU research grants in parallel to our private fundraising.
SBA⋆ foresees a few different types of actors in the network to reach consensus:
- Network nodes - transactional network clients. They compete with each other by locking an arbitrary amount for the generating and proposing of new blocks. Block generation is a computationally light task and therefore running a node does not require neither specialised equipment nor storage. The intention is for normal mobile devices to be able to run as a node within the network. The non-deterministic nature of the bidding process makes it so that even nodes bidding the minimum amount of DUSK have a fair chance to win the block generation sortition lottery
- Provisioners - These are nodes that have committed a certain minimum stake to the Dusk Network and take care of more network intensive tasks such as block verification, voting, and notarization (VVN operations). These types of nodes are non-transactional
The intention is to create an economy where nodes compete for block rewards, while Provisioners earn a steady ROI.
The rewards paid to Provisioners are inversely proportional to their staked amount (i.e. bigger stakes get proportionally rewarded lesser, in respect to smaller stakes) and are earned regardless of Provisioners' participation in the VVN operations . This measure is not a viable option outside of the Dusk Blockchain, where the probability to win the sortition lottery and therefore take an active part to the SBA⋆ algorithm is not associated with a reward, except the sole payment of the transaction fees. This kind of economy not only prevents the rich get richer problem affecting Proof-of-stake, but it also incentivises users to decentralise their stakes into multiple Provisioners in order to obtain maximum financial gain. This latter point would lead to scalability problems in other consensus algorithms, while it does not have any significant impact on SBA⋆ due to its "Player Replaceability" property.
Just as an example of how bad is the pool centralization problem, Monero was forced to hard-fork to prevent Bitmain ASIC miners to waste their decentralization efforts. This fork spawned the alternative currency named Monero Classic. Arguably, Bitmain released his miners to the public after having privately mined Monero for a considerable amount of time. This leads also to the risk of "shadow pooling", which entails the possibility of private mining-pools disposing of considerable hashpower through the employment of specialized hardware unaccessible to the public. This power is a threat to the decentralized and trustless nature of Blockchain.
Proof-of-Work (PoW) certainly has the merit of showing how economic measures are the key to solve otherwise difficult problems in distributed computing (such as the Byzantine agreement problem). However as a consensus method it has shown all its limitation considering that Pow will sooner or later face severe restrictions due to its excessive consumption of energy. Moreover, nodes wishing to engage in proof-of-work mining, require specialized equipment like ASIC or GPU miners which need to run in controlled environment with extensive cooling. This directly translates into steep obstacles to widespread participation, problems with sustainability and pool centralization.
Proof-of-Stake (PoS) avoids sybil attack by correlating the probability of generating blocks to the amount of coins staked by a node. This solves the energy inefficiencies of PoW but at the expense of privacy (as stakes need to be public) and centralisation (with staking pools). Also PoS leads to the nefarious nothing-at-stake and long-range-attacks for which a solution has been deemed extremely hard to find.
SBA⋆ aims to solve these problems since:
- Blind bidding is a novel way to provide the sybil attack resilience of PoS with anonymity.
- The segregation of the operations of block-generation and validation/voting/notarization makes it possible to create the first economy ever resistant to centralized pooling attempts.
- It is unaffected by nothing-at-stake and long-range-attacks because of its voting system engineered to avoid chain divergence.
This is a point closely related to our intention to build a relationship with regulators and include them in our development strategy. Given the deep research nature of our endeavours, securing high-level multinational EU research grants in parallel to our private fundraising achieves the following points:
- To increase substantially the funds at disposal of the Dusk Foundation without selling additional tokens after our private-sale.
- To be implicitly compliant with EU regulators (important for our intention of implementing a confidential security token framework) under the premise that the whole development (so not only the currency) will be led according to strict EU compliant project management framework.
- To create a EU consortium where all partners will have a well defined and specific role approved by the EU grant commission and funded through them. This means that our partners won’t only be a silent logo on our website like most other crypto projects
Following is a comparison table that provides an overview of the features of Dusk Network compared to other platforms.
|Name||Consensus||Privacy in Payments||IP Address Obfuscation||Private P2P Communication||Asset Transfer Capabilities||Confidential Security Token Registry|
|ZCash||Proof-of-work (Equihash)||Opt-in (Shield transaction)||No||No||N/A||N/A|
|Monero||Proof-of-work (Cryptonight)||Yes (Stealth Tx, RingCT, Ring Signatures)||Yes (Garlic Routing - Kovri)||No||N/A||N/A|
|Skrumble||? (Does not say)||? (Does not say)||? (Does not say)||Yes||N/A||N/A|
|Orchid Protocol||Proof-of-work (Medallion)||? (Does not say)||Yes (Onion Routing)||Yes||N/A||N/A|
|Mainframe||Does not say (it hints on a SWAP Protocol)||? (Does not say)||Yes (Dark Routing)||Yes (only small packets due to asymmetric encryption)||N/A||N/A|
|Origo||Hybrid (PoW/PoS/pBFT)||Opt-in||No||Partial (Hints to off-chain transactions. Not clear if it is for communications)||Opt-in||No|
|Polymath||Proof-of-work (ERC-20 Ethereum)||No (based on Ethereum)||No||No||Yes (ST-20)||No|
|Dusk Network||SBA⋆||Yes (Stealth Tx, RingCT, Ring Signatures)||Yes (Garlic Routing - Secure Tunnel Switching)||Yes||Yes (XST)||Yes|
Whereas the other platforms are affected by tunnel-vision when hammering privacy in their niche market, the Dusk Network focuses on a confidentiality-first approach that drove both the development of the consensus and the use cases it enables. From obvious one like secure communications to the XST Security Token standard, which is an exclusive prerogative of the Dusk Network.
There cannot be any lying about roles, since roles are not self-assessed, but established during priority score propagation through the network (since priorities lower than the highest observed get dropped and only highest priority gets propagated). This means that the node itself does not know if at the end of the round it will be elected as Block-Generator. All a node can do is to propose a block and a priority score, which is verifiable and therefore not subject to lying. Similarly, if we ignore for a moment default block generator (which do not have much impact on the entire consensus as their block is discarded if there is even one block proposed by the nodes), Provisioners can only be elected “Voters” and, similarly, they do not know if the vote they propagate is associated with a sufficient priority score. Voters that notarize the block are called Notaries and the Notaries of the last block are called Validators, so nobody elect Notaries or Validators and they cannot lie about that. Also, these roles are not even self-assessed, but established during priority score propagation through the network (since priorities lower than the highest observed get dropped and only highest priority gets propagated).
The only possible parameter nodes and Provisioners might potentially lie about, is the priority score they obtain through the Verifiable Random Function (VRF). In the case of nodes, the priority score is verified by Validators (who punish liars by rendering their time-locked blind bid permanent). The priority score of Provisioners claiming Voting rights is verified by the other Provisioners/Voters during vote or default block propagation. The priority score is an outcome of a VRF which is verifiable through a proof that get propagated together with the block and the other parameters.
Ddos-ing the network with empty bids is prevented by obliging nodes to commit a minimum amount of DUSK on a time-lock transaction using range proof (such as Bulletproof, Borromean Signatures or RingCT). This means that if they do not commit the minimum amount, their packet/block gets dropped immediately by the other nodes during gossip. If they do commit the amount and lie about their priority, the Validators punish the lie by making the time-lock permanent (i.e. confiscating/burning the committed DUSK). As a result, ddos is financially disincentivised.
As a last remark, SBA⋆ is built to prevent any fork possibility. This is granted by using the reduction procedure described in the algorithm depicted by the venerable research paper on Byzantine consensus by Russel Turpin and Brian Cohan which reduce voting to a binary decision between the block or an empty block.
The consensus mechanism uses BA⋆ as closest prior art, which in turn is an improvement of the Practical BFT algorithm (used, for instance, by Hyperledger). The communication circuit building is a digitalization of the payphone mechanism. The privacy-enabling primitives are part of classic cryptography and as such, quite well understood.
The Dusk Network is an infrastructure that leaves applications built on top of it the liberty to define their own business model. However, it needs to be noted that there currently is no decentralized anonymous platform for low-latency bidirectional streaming or transfer of data through a privacy-oriented cryptocurrency (and certainly none based on a consensus other than the problematic proof-of-work). Even if such a platform outside of Dusk Network would be available, I would argue that "zero-cost platform" have an intrinsic cost in either security (like bittorrent systems, which are the primary targets or ransomware and malware) or privacy (like in the case of centralized platforms as in the case of Facebook and Cambridge Analytica or the Ashley Madison data breach. We truly believe in the saying "if you are not paying for it, you are the product".
The advantage of developing a system focused on solving specific use cases well, rather than on providing unbound flexibility, is that the scope for attacking the network is quite reduced. This is certainly the case for Blockchain poisoning, which Dusk is safe against. The transaction payload is kept minimal by design also considering that the protocol does not allow arbitrary scripting (i.e. as opposed to Ethereum or other smart contract platforms). The communication channels do not save content on-chain (obviously, also given the confidential nature of the proposition), while the off- online file transfer protocol indeed foresees the presence of a DHT storage contributed by the Provisioners, but all that gets recorded on the blockchain is the hash address of such content which is not immutable, and therefore not very relevant in the context of blockchain poisoning. Furthermore, any message propagation through nodes within the network foresees transaction validation before gossiping the packets further. This means that any transaction carrying illegal content or unforeseen attributes would be immediately dropped.
Preventing blockchain poisoning is not the focus. It is the very welcome side effect of keeping the space for transaction payload very contained to enhance throughput and scalability (which are prerequisites for usable platforms). That said, blockchain poisoning refers to the impossibility to revert immutable data deemed illegal. By definition, links are pointers to data, not data, and storing them on a blockchain does not render the data they point to, immutable. This means that this data must be stored outside of the blockchain to exist and therefore blockchain poisoning is prevented.
No. The protocol will be released as open source with MIT license. It will be publicly auditable and intentionally compromising it would be possible only in case of collusion between committers and reviewers conspiring to include malicious patches in the master branch in the hope that they will make their way into a release. Considering the delicate nature of a decentralized protocol, this is unlikely to happen. Any developer knows that once bugs hit mainnet it is gonna be extremely difficult to mitigate them and therefore any single line of code will be scrutinized pretty attentively multiple times and tested carefully before any release. Other than that, no developer has the power to undo privacy or modify the code at runtime. Bugs are obviously always possible, but we will mitigate any leakage by using battle tested libraries for our cryptographic and mathematical primitives.
Assuming that the question pertains to parameters and configuration updates rather than intentional UAHF, a simple implementation would foresee a forward-enabled propagation mechanism embedded directly in the gossip protocol. What is meant with that, is that nodes would allow propagation (i.e. forwarding) of packets with a version equal or newer than that run by the forwarding nodes and drop packets with older versions. This way, when nodes fall behind, their messages would increasingly be dropped by the network until they'd be totally isolated. This kind of strategy would probabilistically favor propagation of fresher versions without any chain divergence (Provisioners would happily process blocks regardless of their versions, so it could theoretically be possible for older-version blocks to get notarized after a few newer-versioned ones). Furthermore, the strategy would incentivize nodes to upgrade as soon as they can, in order to minimize the risk of achieving the highest priority score but seeing their proposed block discarded before it reaches the Validators.
Yes. Code as well as any IP developed will be released open source under MIT license. The code is developed together with research organizations in the context of an official research project and run accordingly. Research institutions have a business model that revolves around certifying the absolute correctness of a technology. Open sourcing work in progress incurs the risk of implicitly putting their names behind something that is not completely stable nor working and might be affected by bugs or problems. They don’t want this risk. The Dusk Network is the object of advanced research by official national institutions and as such we will, on the one hand, avail of the official stamp of approval of these organizations that are tackling the most delicate part of development, on the other hand we are bound by their timelines to release code opensource.
Not initially. Providing support for smart contracts translates almost directly into adding support for Turing-complete scripting on a blockchain. It is a very daunting task. Smart contract platforms present order of magnitude higher complexity than focused propositions because they need to support unforeseen use cases and need to scale by doing so. This is why smart contract platforms have geological release cycles, need outrageously high investments. We think that focused propositions with limited scripting capabilities are way more agile, especially if they follow the comparability principle of interoperation.
We don't think so. The Dusk Network follows the strategy of enabling extensibility through interoperation rather than following a monolithic approach. We follow the open-closed principle of being closed to modification but open to extension. Years of experience in software development taught us how much more successful composability is (compose many “do one thing well” components) compared to a monolitic approach (everything on one framework/platform). Our strategy bets on the former and our approach is horizontal in foreseeing different blockchain (even Turing complete platforms such as Ethereum) interoperating with the Dusk Network and enriching the ecosystem with their diverse focus. The Dusk Network development team does not believe in the vertical approach of “ Turing completeness is needed so that everything and anything can and will either be implemented and ported to platform X". Throughout blockchain history, the “one platform conquers all” mentality has been proven wrong again and again.
Yes. Tokenization of security is the first step toward the automation of organization governance. This is in par with the vision surrounding the so called Decentralized Autonomous Organizations. Tokenizing equity leads to automating cashflow stream, which in turns leads to autonomous governance, and finally business automation and autonomous organization. Security tokens are a necessary initial step and we want to contribute by adding the missing attribute of confidentiality in order to ignite an ecosystem which will hopefully evolve toward the implementation of autonomous decentralized companies. We want to achieve that by letting our confidential security tokens avail of many different blockchains in the spirit of interoperation.
No. We are tackling privacy with an extremely focused roadmap (so focused that indeed does not even allow for the fuzzy smart-contract approach) that tackles sequentially payments, ownership transfers and finally communication. They are the embodiment of the layers of the network (primarily Dusk Blockchain and Dusk Secure Tunnel Switching). Each layer delivered will provide concrete use case capability.