Blog > 2018
IOHK celebrates a successful Global Summit
Cardano development in focus at Lisbon
14 February 2018 8 mins read
January got off to a busier start than normal for IOHK because on top of all the usual research and development being carried out, pretty much the entire company traveled to Lisbon for our latest meetup. These week-long events are always hectic and challenging – where everyone comes together to push forward work on projects - but they are also fun, allowing people to meet face to face, sit down over a meal, and get to know each other. Now that we've had time to take stock of the week, what strikes me most is the tremendous amount of energy and effort going into all the work IOHK is doing. We made leaps forward on the various components of Cardano, such as the treasury and delegation. During the week there was a planned schedule of talks, workshops and meetings, organized in the style of a conference, but aside from that program, there were an incredible number of spontaneous discussions taking place. There were continual requests to book meeting rooms, or for 15-minute pow-wows in coffee breaks. Walking around the hotel, you'd always stumble upon small groups of IOHK people sitting around laptops in deep discussion.
Lisbon was a great opportunity to hear about the enormous strides being made by IOHK Research. Professor Aggelos Kiayias, IOHK Chief Scientist, set out plans for Ouroboros, the proof of stake protocol that underpins Cardano, which has been been rigorously constructed based on first principles and has undergone academic peer review. Further development of the protocol aims to speed it up, offer sharding, and eventually allow assets to flow between connected sidechains.
Aggelos says: "It was a very work-intensive week where almost all of the IOHK work threads converged under a single roof here in Lisbon. In terms of research, substantial progress was made on all our high priority objectives including incentives, delegation, wallet security, multi-sig capabilities, sidechains and smart contract support."
The development of Cardano took centre stage during the week. Delegation, a core mechanism of Cardano, was a subject of much discussion in three major meetings that were a continuation of discussions held in Edinburgh last year. Delegation is a mechanism that allows stakeholders to delegate their stake to other parties, such as stake pools, and in return receive some reward for doing so. It fulfils an equivalent function to mining in proof of work protocols and so must offer some benefit to those who delegate their stake. The considerations for creating a delegation scheme are complex and great care must be taken to ensure requirements are balanced fairly, from user privacy to the incentives offered.
Dr Philipp Kant, Director of Formal Methods, said the team is making progress so delegation can move beyond its initial description in a research paper to operation in real life. "In the last weeks we've had various meetings, where we reviewed the mechanisms that we have for delegation in Cardano, to make sure that we can fulfill all the requirements, including rewards for stakeholders who delegate. This week, having everyone in one room, we got to the point where we have a proposal," he says. "What I think we gained is that we've converged on good a scheme to use."
The delicate task of working through tricky problems was also highlighted by Dr Neil Davies, who along with Peter Thompson is leading work on Cardano's network layer, to make sure that its distributed system can deliver high performance even when scaled to millions of users. "There are complex issues when you're trying to construct a new way of organizing how people exchange value, to ensure it will be sustainable in the long term," he says. "This week was the quickest way of getting everybody up to speed, to see everyone's progress and review it among peers. We took a few knotty technical problems and had technical discussion to agree the way forward."
Everyone who came along to Lisbon said meeting in person had real benefits. Professor Philip Wadler, IOHK area leader for programming languages, is working on Plutus, a new language for programming smart contracts on Cardano that is inspired by Haskell, the language he pioneered and in which Cardano is built. Phil says: "Getting everyone in one place has been a real aid to kickstarting what we're doing with Plutus. We've considerably upped the person power involved and I'm excited to see what happens."
Phil also believes that IOHK's championing of peer reviewed research could have profound implications for the cryptocurrency field. "I found Charles's opening talk to be really inspiring, he says. "It's amazing that peer reviewed research isn't the standard in the industry but it's really exciting how IOHK has made that work and turned that into part of the value proposition. If that does nothing else but get others to pick that up, that would be fantastic."
It wasn't just Cardano development that was pushed forwards in Lisbon.
Partners were also present, including ZenCash, the Cardano Foundation, and representatives from Emurgo.
Michael Parsons, chairman of the Cardano Foundation, says: "Coming to Lisbon for the IOHK Global Summit was a rewarding experience on many levels, work, social, and cultural. I had great conversations with many IOHK executives and technology leads and enjoyed participating in a group Cardano webcast. IOHK organized a scenic Lisbon city tour followed by a chance to sample the local Portuguese cuisine, the fresh sea bass was spectacular! All in all, an impressive and worthwhile event expertly coordinated by IOHK, our development partners; I look forward to the next one."
Emurgo had two representatives present in Lisbon. One of them, Shunsuke Murasaki, said it was a chance to talk to the software developers working on Cardano and provide a bridge to development teams in Vietnam and Taiwan working on future applications. "I found this week to be very educational and inspiring," he says. "Emurgo has good partnerships and we will provide technical updates to our partners on Cardano development to accelerate their activity."
For Eileen Fitzgerald, Head of Programs, the week focused on everything from looking at software development methodology to having conversations with new people. "It was great to have everyone finally agreeing on where we are going, consolidating on how we are moving Plutus forward and the K Framework, the Daedalus roadmap, resources, and the direction for the next year," she says. She spent time developing the project management office, which she believes is the only project management office in the world focusing on blockchain development.
Of course, the week was a lovely reminder of how far we've come in the little over two years since the company was founded. More than 100 people working on IOHK projects were in Lisbon. That compares to about 35 people who were at the last meet up, in Malta. And the time before that, in Riga, we numbered fewer than 20 people. IOHK is now a much bigger organization and has recently been doing a lot of work to reshape its structure to adapt to having more people, more moving parts, and more projects.
And in the presentation from Charles Hoskinson, he set out business objectives for the next year and for the long term. Highlighting IOHK's pioneering approach to open source software development and high assurance methods he laid out how IOHK has led the way in the cryptocurrency industry.
"We broke new ground by being first to embrace peer review, transforming cryptocurrency from something regarded as amateur and suspect by the academic community into a rapidly emerging area of study within cryptography."
And Cardano's position as IOHK's flagship product was acknowledged.
"If we pull it off, it becomes the financial stack for the developing world capable of handling three billion users. That's the goal of Cardano," he said. "That will require an enormous amount of good technology. We had to bring all these people together to build a project like this. Cardano is the best protocol in the world. In the coming months, Cardano will get better, feature richness will come, and it will be an incredible product."
There was also time for relaxation, with several social outings, group dinners and a visit to the beautiful national park of Sintra, all expertly organized along with the general program by Leonidas Tsagkalias, Costas Saragkas and Tamara Haasen. Conversations about work were never far away though!
I'm looking forward to the next IOHK company meet up where I'm sure there will be even more people in attendance, and we will be able to look back and take stock of even more groundbreaking research and development. IOHK has already begun to set the standard for cryptocurrencies and reshape the way the industry works, so get ready for more exciting developments during the year ahead.
The Daedalus Mantis integration 1.0 is released
Highly secure wallet now available for Ethereum Classic
2 February 2018 2 mins read
There has been a lot of change in the short time since Release Candidate 1 went out on December 22. Some of the team have swapped the short, dark days of winter for life in the Caribbean, as IOHK have sponsored an eight-week intense and high quality Haskell course in the University of the West Indies in Barbados. Meanwhile work has been getting done on the Daedalus Mantis integration 1.0 release.
The security audit report came in and was digested and published, and a close eye was kept on the bug reporting in Github and the Ethereum Classic forum.
Happily there were very few reported problems. There is a known issue with installing the Daedalus Mantis integration over an existing Daedalus wallet install and this will be fixed in a future version. For now the workaround is to uninstall the Daedalus wallet before installing the Daedalus Mantis integration. Unfortunately it is not possible to install both simultaneously, support for multiple wallet types is something the Daedalus team are working feverishly on.
The most visible impact of the security report was the dropping of support for the automatic download of the bootstrap database. This feature was based on MD5 checksum, which is more broken than we realized.
It is still possible to download a bootstrap database and install it by hand to reduce the amount of time spent syncing the network and it is recommended. Although a small bug fix to the discovery process and some tuning have also reduced the sync wait time, so both are good options now.
And so we can finally after a huge effort from the team and without further ado announce the release of the Daedalus Mantis Integration 1.0!
Planning for next release, 1.1, has already begun, focused on performance improvements and refactors and while we have no dates yet we expect it to be in the first half of this year.
Sincere thanks to those who supported the team, the project and Ethereum Classic over the past months, it is greatly appreciated.
Research program to work on hardening Cardano against quantum computers
1 February 2018 5 mins read
At its heart, cryptography is the science of secure communication. We have all secrets, expectations of privacy and assertions of truth about messages we receive that require some notion of verification or quantification of trust. Cryptography provides us with a toolbox to better understand how to transmit and verify these artifacts of communication in the presence of an adversary. The challenge is that transmission mediums change and the capabilities of an adversary change with them. The earliest days of secret communication ranging from Caesar to the American Confederacy involved substitution ciphers and elegant physical devices to accommodate the decryption of messages.
The apex of these approaches was the Enigma machine used by the Nazis during World War Two.
As with all cryptographic algorithms, the security of such techniques is always dependent upon assumptions about the capabilities of the adversary. For example, interception of encrypted messages was a deeply personal affair involving finding the spy or messenger moving the scroll. With the invention of wireless communication, listening posts could easily collect all messages transmitted without the sender even knowing.
Decryption without the trusted hardware device, would require the adversary to have special knowledge and the ability to perform enormous amounts of calculations. The creation of the Bombe at Bletchley Park made this task automated for the first time in human history.
The invention of computers and later the internet has fundamentally changed the entire field of cryptography. Human and transmission limitations as well as knowledge transfer are now such that cryptography had to transform from clever algorithms and security through obscurity to a science assuming an increasingly more sophisticated adversary that is usually only constrained by physics and mathematically hard problems.
For the past few decades, we’ve been converging into a reasonable model of security that is comfortable for internet connected devices. Usually security is no longer compromised by an unknown weakness in our ciphers, but rather a flaw in their use or implementation in software.
As much of a triumph this convergence is for the field of cryptography, like Bombe in the 1940s, we are now forced to contend with a new adversary capability: quantum computation.
Quantum computers seem to present the challenge that fundamentally hard problems which secure our modern cryptographic algorithms may not be hard anymore. Should this occur, most of the modern algorithms we use will have to be phased out and replaced with fundamentally different ones. Cryptocurrencies are consumers of these modern cryptographic algorithms from the simple, such as public key systems and hash functions, to the complex, such as zero knowledge proofs and multiparty computation. As there is an explicit and ever increasing bounty for breaking the security behind a cryptocurrency, the challenge for IOHK is to imagine how to provide long-term security in the face of future adversaries, including ones that possess quantum computers.
Therefore, we have launched a long-term research agenda to gradually harden all algorithms used in Cardano’s protocol stack against an adversary who possesses a quantum computer. The first part of this agenda is to harden our consensus algorithm Ouroboros.
All good research agendas need strong leaders who have a proven record and thus we are extremely fortunate to anticipate the inclusion of Professor Alexander Russell of University of Connecticut, USA as a senior research fellow in IOHK research and an external collaboration with Assistant Professor Peter Schwabe of Radboud University. They will play key roles in our first attempt at hardening the Ouroboros protocol for the post quantum setting.
Professor Russell (Ph.D. MIT 1996) has a deep understanding of quantum computation that spans over two decades. His work on quantum computing has focused on algorithms for algebraic problems, intractability results, and quantum-secure cryptography. He was also one of the co-authors of the Ouroboros papers and thus the combination of his deep understanding of blockchain protocol security and his expertise of quantum computation and post-quantum security put him at a unique position to lead the effort of projecting Ouroboros to the post-quantum setting.
Professor Schwabe (Ph.D. Eindhoven 2011) is one of the rising stars of the field with contributions from his work on SPHINCS to lattice signatures such as Tesla and Dilithium. He is also participating in NIST’s competition to harden the cryptographic algorithms used by the United States government against quantum computers.
As this is long arc research, the output will be many papers, conference discussions and iterations; however, we are excited to start the process and conversation. It is our belief that over the next 50 years cryptocurrencies will become the standard way of representing and transacting value.
Therefore, it is essential for us to proactively prepare our protocols against the threats of the future with the hope that Cardano can enjoy the durability that TCP/IP and other long-lived protocols have demonstrated. We also believe it is essential to structure the conversation within the cryptocurrency community to involve university partners and domain experts as soon as possible in order to avoid common mistakes, incomplete solutions, and have access to the best available knowledge.
In the short term, the first output of this workstream will be to choose and properly parameterize a post-quantum signature scheme for Ouroboros Praos as well as examining our protocol against the capabilities of an adversary in possession of a quantum computer. Our hope is that this work will be finished and implemented before the end of 2018 in Shelley’s first major upgrade.
The Symphony of Blockchains is an interactive, visual and auditory exploration of Bitcoin, cryptocurrency and the blockchain. It is an ongoing research initiative with a singular aim: to help bring about greater understanding of both blockchain technology and the ever expanding (and contracting) cryptocurrency marketplace. The term ‘blockchain’ is being increasingly found in everyday language, with little explanation or understanding of the technology and its implication for the future. This work aims to explain both blockchain technology and its most visible application — cryptocurrencies. Through this visualisation we explain the concept underpinning blockchain as well as the individual transactional detail and ultimately the health of any cryptocurrency.
As the technology becomes more pervasive and it impacts on everyday life more, it’s important that we attempt to explain it in a meaningful way.
At Kuva, a design studio of artists, designers and technologists, we help define new metaphors through which to understand these technologies.
In Symphony we explore the blockchain of Bitcoin as a physical structure. We examine its inherent underlying qualities by encapsulating data as crystalline forms connected in space, that are immutable and persistent. Using this as a metaphor provides a means to understand the Bitcoin blockchain. Blocks take on the properties of the data, their size, colour and orientation represent various qualities. Blocks are orientated in a spiral tracing back through time, each periodic rotation representing a day in the life of the blockchain. Their size and colour represent the total value of transactions made.
Symphony also explores the blockchain as an auditory experience. We ask a simple question: ‘what does the blockchain sound like?’. Using the frequency and timing of Bitcoin transactions as a foundation, the audio extends the crystalling structures by encoding as an sound based entity.
The background sound is an ambient soundscape created from real recordings of computer power supplies and fans to emulate the sound of Bitcoin mining.The intensity of the sound varies with the hashrate of the network.
The audio of the Merkle tree is based on the transactions of the block. A repeating loop is set to run every musical measure (a segment of time corresponding to a specific number of beats in which each beat is represented by a particular note value) Transactions are arranged in ascending order based on the time they were made. The timescale of a block from the earliest to the latest mined, is mapped from 0 to 30 seconds.
Each transaction sound is triggered and set to loop based on the mapped time value (quantized to the nearest 32nd note). As the master loop repeats, notes accumulate and build up a pattern.
The note of each transaction sound is based on the position on the y-axis, to the nearest note in the Aeolian mode.
When it came to the user experience we wanted to ensure it was effortless to explore. The concepts and technologies we’re attempting to explain are complex enough. We didn’t want users having to fathom out a complex navigation system on top of it all.
Once the blockchain is loaded users simply scroll up or down to move forward or back in time through the blockchain. Using their pointer (or finger on mobile devices) they can easily select an individual node or block in the chain to investigate it further. Once accessed, the user is presented with a view of the unique Merkle tree that identifies that specific block. In addition to the Merkle tree view, the user is presented with a plethora of information giving detail about the transaction the selected block represents. To exit the block view the user simply clicks away.
A blog post on the Steemit website appeared recently making a number of claims regarding Ouroboros. The article contains several factual inaccuracies. For instance, it is claimed that “DPOS” in the Ouroboros paper stands for “delegated proof of stake”, while in fact, DPOS means “dynamic proof of stake”, or that the protocol requires a "2/3+" ratio of parties being honest, while in reality it just requires an honest majority, i.e. the stake controlled by parties following the protocol is more than half the total stake. For the benefit of those that are interested in the Ouroboros protocol and who appreciate its general philosophy, we feel it is appropriate to provide here a response to this article making along the way a few broader points. While pointing out inaccuracies in the blog, we take the opportunity to highlight some of the general approaches followed in the design of Ouroboros and in the related research efforts that are currently underway at IOHK.
Ouroboros is a proof of stake (PoS) protocol that uses delegation in the spirit of the PoS idea as discussed in the Bitcoin forum starting from 2011. The references that influenced its design are listed in our paper. PoS is a powerful concept that has inspired a number of other efforts prior, concurrent and post the first Ouroboros paper. Among all other implemented PoS blockchain systems that carry real assets, Ouroboros is unique in that it was designed in tandem with a formal security model and a mathematical proof that it implements a robust transaction ledger. This marks a fundamental shift in the methodology of blockchain system design.
Blockchain systems are in a period of transition from curiosities to critical infrastructure; as such, the all too typical software industry approach of releasing a “minimum viable product” as early as possible and then fixing bugs as they appear, is not appropriate. Failures of critical infrastructure have a significant impact on people’s lives and thus require rigorous engineering discipline to the highest possible standards. Dependability, rather than maximum performance according to some arbitrarily chosen metric, is the primary goal. Performance is important, of course, but the performance required is a function of the ultimate application domain, and from the point of view of dependability it is the worst-case performance that is important, not the ideal-scenario peak rate.
Like all other protocols in the blockchain space, Ouroboros requires some degree of synchronisation. The block production interval has to be consistent with the likely time to complete the required information exchanges. The 20-second slot time in Ouroboros represents a conservative choice for a block of transactions to traverse the diameter of a peer-to-peer network, where the peers may be significantly geographically distributed, the system is operating at peak transaction load and the interconnection is significantly less than perfect. It is improbable for a block of transactions to consistently traverse a global network much faster than that, and as a result any solution that does significantly better (or claims to do significantly better) is either wrong, or provides a weaker level of decentralisation or security, i.e. it solves an easier problem than Ouroboros. There is a tradeoff between achieving a robust, global, participatory service that delivers sustained effective performance even under an adversarial attack, and creating a high performance, limited participation (in geographical scope or network resource requirement) solution that makes overly optimistic assumptions on network stability.
Irreversibility, the property that transactions persist and are immutable in a blockchain protocol, has to be presented as a function of the level of the adversarial strength. This is true in Nakamoto’s Bitcoin paper and also in the Ouroboros paper, see Section 10.1 for the actual time needed for confirmation of transactions. Thus, one should be very wary of statements about irreversibility that do not quantify the level of adversarial power. For instance, Ouroboros will confirm a transaction with 99.9% assurance in just five minutes against an adversary holding 10% of the total stake, which in today’s market cap in the Cardano blockchain would amount to more than two billion dollars. Byzantine agreement protocols can provide a more “black and white” irreversibility, in other words the protocol can be guaranteed to be irreversible within a certain time window provided an honest majority or supermajority exists depending on the protocol. Nevertheless, the performance and decentralisation penalty suffered is very high if the level of adversity is allowed to come close to the 1/2 barrier, which is the level of adversity that Ouroboros can withstand.
The issue of possible dominance of the consensus process by a small group of stakeholders holding a large proportion of the stake is important but is not applicable to the current release of the Cardano system (the Byron release). What we have proved for Ouroboros is that it can facilitate a “fair” transaction ledger (where fairness here means that the ledger can fairly record all significant actions that are performed by the protocol participants despite the presence of an adversary). This enabled us to neutralise a number of rational protocol deviations (e.g. the equivalent of selfish mining attacks in the PoS setting) and provide a Nash equilibrium argument showing how the protocol can support many different types of mechanisms for incentivising participant behaviour. Currently, IOHK Research is actively working to finalise the incentive structure that will be incorporated in the Shelley release of Cardano, where stake pools will be supported and delegation behaviour will be properly incentivised so that it offers effective decentralisation of power. The crux of our methodology is the engineering of a novel reward mechanism for rational participants that provides appropriate incentives to partition their delegation rights. The objectives are first, to avoid concentration of power to a small group of participants – as it could happen by a naïve reward mechanism in a Pareto distributed stakeholder population – and second, to provide appropriate incentives to ensure a desired number of delegates. We are very excited about this work; it will be the first of its kind in the area and, as before, we will be disseminating it widely including full technical details, as well as submitting it for peer review.
This brings us to the final distinguishing advantage of the philosophy of Cardano. Scientific peer review has been refined over centuries. The way it is implemented by the International Cryptology Conference (also called Crypto), where Ouroboros was presented, and the other top conferences in the area, strives to remove conflicts of interest and produce the highest level of objectivity. The method of reviewing is known as "double blind”, i.e. papers are submitted anonymously and reviewers are experts that also remain anonymous to the authors. The committee of experts that reviews submitted papers each year is formed by two program co-chairs that are appointed by the International Association of Cryptologic Research, the pre-eminent organisation of cryptology research that was founded in 1982.
Being invited to serve in the committee as an expert is an important recognition of an individual’s long-term commitment to the area of cryptography (and even a precise count of how many times one has served is maintained). Blockchain protocols fit perfectly within the cryptography scientific literature and thus scientific peer review is to be done by this community. Of course, we welcome reviews from anyone. That is why we make public very detailed whitepapers with precise and specific claims that leave no uncertainty about what is being claimed, and we appreciate any factual discussion about any of these claims. We strongly encourage other projects to submit their work for scientific peer review as well. They will enjoy the benefits of thorough, well-founded and objective critique and they will have the opportunity to showcase any advantages and novelty that their approach possesses.
Recent posts
2021: the year robots, and graffiti came to a decentralized, smarter Cardano by Anthony Quinn
27 December 2021
Cardano education in 2021: the year of the pioneers by Niamh Ahern
23 December 2021
Cardano at Christmas (and what to say if anyone asks…) by Fernando Sanchez
21 December 2021