We are excited to announce the first Catalyst Natives pilot, as part of Project Catalyst, Cardano’s community-driven innovation engine. Catalyst Natives enables any organization to leverage the crowd’s power to solve business problems and outsource the implementation of solutions. This project opens up the potential of blockchain technology to new use cases for everyday businesses, both large and small.

We’re launching a series of pilots, firstly in conjunction with COTI, an enterprise-grade fintech company that empowers organizations to build their payment solutions. COTI has developed, in partnership with Cardano, a very user-friendly and scalable ada payment solution for the community. As a result, online merchants, from a small hotel in Europe to a big e-commerce website in Asia, can easily accept hundreds or thousands of ada transactions by integrating adaPay into their site.

When asked about the partnership Shahaf Bar-Geffen the CEO of COTI, he said:

We are very excited to be the first company to launch a Catalyst Native fund. As close partners, it is only natural for COTI, IOHK, and Cardano Foundation to collaborate once again to allow teams from all over the world to take part in the adaPay development and participate in our challenge. Finding new innovative ways to enrich adaPay will value not only the Cardano and COTI communities but the entire world by allowing a very wide variety of merchants to accept ada as a payment method.

Project Catalyst

In less than a year, Project Catalyst has grown to become the world’s largest decentralized innovation fund. It is a center for future development and sustainable innovation, driven by the Cardano community, for the Cardano community. In this initial pilot of Catalyst Natives, we are opening the gateway to organizations outside of the Cardano ecosystem to harness the transformative power of the Project Catalyst innovation engine.

At each funding round, Project Catalyst has presented several challenges for the community to collaborate on and deliver solutions. Now, with the launch of Fund 7, there is $8m worth of ada available, 80% of which is set aside for project funding and 20% is available for rewards incentives for voters and community advisors. Fund 7 consists of 24 challenges, 21 of those challenges were proposed by and voted for by the community, two challenges were proposed by IOG, and the Catalyst natives pilot in collaboration with COTI. The Catalyst community votes on the presented solutions and the winners of that vote receive funding to complete their projects.

Catalyst Natives

Catalyst Natives extends access to Project Catalyst functionality like the Cardano native tokens feature extends the range of tokens on the Cardano blockchain.

With the introduction of Catalyst Natives, organizations outside of the Cardano/Catalyst ecosystem can also present challenges and offer incentives and rewards to those who successfully meet the challenge with their proposed innovations.

In this pilot, COTI offers an innovative technical challenge to our communities. All small and medium enterprises currently using platforms such as Shopify and WooCommerce will be able to benefit from new and creative ways to accept ada payments with seamless integration by adding a plug-in to their site.

Following the pilot, we will be opening Catalyst Natives to receive further challenges from other external organizations, these challenges in the initial phase will be curated by IOG to ensure they add value to the wider Cardano ecosystem. Organizations submitting challenges through Natives will provide the funding for those proposals, meaning that Catalyst Natives do not use the Cardano Treasury funding to pay for the successfully voted-for projects. In Fund 7, COTI provides $100k worth of COTI tokens plus costs, which is over and above the existing $8 million ada fund.

Catalyst Natives is a fantastic proposition for organizations of all shapes and sizes to gain access to a veritable trove of ideas and to those with the skills to realize them. Catalyst Natives is currently looking to help partners and native asset token projects in the Cardano ecosystem address specific pain points that they either do not have the resources to resolve or simply do not have a solution for, and outsource them as Catalyst challenges for proposers to address.

As the future rolls toward us at an ever-increasing pace, organizations must adapt to constantly changing market conditions and systems like Catalyst may pave the way for disruption in how people collaborate and make decisions beyond the Cardano community. Emerging markets make planning exceptionally challenging. This uncertainty is why the ability to tap into a think tank as and when needed and outsource implementation is highly valuable and may be the differentiating factor in competitive market spaces.

How to apply to Catalyst Natives

Do you have a specific business problem and would like to take part in the next Catalyst Natives pilot? Please apply here and take the next steps towards accessing untapped potential.

Where to find out more about Project Catalyst?

• Catalyst Newsletter
• Catalyst Announcements Channel
• Catalyst Community Chat
• Catalyst Fund 7 Launch Guide
• Browse Projects

Tim Richmond, communications manager at IOG, also contributed to this article.

As a proof-of-stake blockchain, Cardano is built to be highly secure and resilient to network failures. Driven by the Ouroboros consensus algorithm, built-in Haskell that uses formal methods, and peer-reviewed academic research, Cardano is designed to provide a rock-solid environment to process millions of transactions globally, in a decentralized and highly scalable manner.

In our previous blog post, we discussed network performance – how the system works as a whole when processing, verifying, and signing transactions. Getting this right at the very earliest design stage is crucial if you want a system that is built for the long term. Yet, network capacity is a valuable resource, so for the most efficient performance metrics, it is essential that computation, memory, storage, and network resources are consumed effectively.

Cardano is built to be flexible. It is designed to maximize throughput while allowing for responsiveness to increasing demand. As the network grows, we are tuning protocol parameters to adjust to pricing fluctuations, extend scalability and throughput properties. So let’s take a closer look at how we will be optimizing network performance over time.

Defining congestion

Efficient systems – from networks to roads – are built to minimize congestion, while enabling effective management when it does happen. In blockchain terms, congestion implies that the network is oversaturated and experiences difficulties when processing large volumes of transactions and signing associated blocks. On average, Cardano blocks are approximately 25% utilized across a given epoch, which shows that generally, the network is not congested and there’s significant spare capacity to process an even larger number of transactions.

Cardano is designed to be fair and highly resilient even under heavy saturation. Let’s remind ourselves about the current parameter settings and look at future optimizations that are planned. Current performance metrics depend on the following measures:

• Throughput — the volume of transferred data. The current block size is set to 64 KB. A single Plutus script transaction is currently limited to 16 KB, and simple transactions can commonly take up to around 300 bytes. These measures have been balanced to ensure good network utilization while minimizing transaction latencies. If increased significantly and at once, users will face increased delay in block adoption time. That is because throughput and timeliness are in tension with each other – maximizing throughput implies better network performance, but this can come at the cost of increased delay when the system is heavily saturated.
• Timeliness — i.e. the block adoption time. The total ‘budget’ for block adoption is set to 5 seconds for a block to propagate across the network (95% of the stake) with a budget of approximately 50 milliseconds available for Plutus scripts. This is designed to allow the block to include both scripts and simple transactions without monopolization.

Recently, users recorded an increased waiting time for transaction processing which has been caused by large NFT (non-fungible token) drops. The reason for this oversaturation lies in the fact that a high quantity of NFTs was released at once which caused the following:

• a large number of simultaneous NFT transactions
• several users trying to purchase the same NFT and thus attempting to process transactions at the same time
• simultaneous refund transactions to users who were unable to purchase the NFT

This scenario created network scarcity for the NFT sale and therefore a huge demand on the service – 43,000% of the supply. It is also worth noting that the ‘congestion’ period lasted for less than one hour.

This is a growing market and NFT creators are already starting to iterate their processes to minimize the impact of such drops on the user experience. It's still early and we are all learning fast. It should be noted that the process of minting NFTs is perfectly parallelizable, meaning there is no limit to this process. Once minted, NFTs storing the programmable swap code and assets required to transact are ready to interact with the market.

But in the short to mid-term at least, this is a matter of building more efficient traffic systems rather than widening the roads. Some developers are already producing such systems specifically for NFT drops, which should reduce costs as well as short-term network loads.

Decentralized exchanges (DEXs)

Many early DApps being built on Cardano are DEXs or Decentralized Exchanges. And in some applications users tend to experience contention while placing their orders. Because the DApp design prerequisites that the whole state is kept within one UTXO (rather than spread across multiple UTXOs), there occurs a dependency of a future transaction on an output from a previous transaction. This has been widely referred to as the concurrency ‘issue’. However, trundling out that automobile analogy again, it is no more of an ‘issue’ than driving on the left is an ‘issue’ in the UK or Japan. It does require a learning curve but ultimately it is just a different way of doing things. And if a developer doesn’t do it, yes, they will encounter problems! Nor is it inherently more complex – just requires a different approach.

Cardano’s EUTXO model is different from the account-based model. DApps built on Cardano should move away from the single-threaded state machine style and go down a level of abstraction to the EUTXO directly, constructing a solution that involves concurrent edges in the EUTXO graph. It is important to use different sets of UTXOs thereby enforcing parallelism which will improve the throughput of the system while keeping the performance of individual operations the same. Sure, this does require a shift in mindset to any developer used to Ethereum’s approach. Yet, the UTXO-based model is more secure than the account-based model because keeping all the state in a single account is more vulnerable to attacks. If using parallelism techniques correctly, users will enjoy improved results in terms of throughput and scalability whereas off-chain solutions are better applicable to UTXO ledgers. For more details read the concurrency blog post and how to build a scalable Plutus DApp. We’ll publish further content on this in due course to provide additional guidance on making the most of the model.

The optimization roadmap

Our focus at launch was always to provide core capability and correctness, before optimizing. This has always been our stated goal. We’re continuing to monitor performance and benchmark adjustments. As the network grows and Cardano functions at a higher capacity, we will be adjusting the parameterization to keep up with network demand. These are gradual upgrades that will be implemented step-by-step over the next few months to ensure that changes meet the network requirements and do not compromise on different properties.

We have carried out extensive analysis and started to implement node metrics that accurately measure the data diffusion time. Data diffusion is the process of distributing transactions and blocks across nodes that verify the blockchain. It is essential to provide nodes with the needed information so that the consensus algorithm can make its decisions.

We’ll likely be implementing an average waiting time from transaction submission to transaction adoption. Along with that, we are investigating and analyzing scenarios that will boost network performance iteratively over the short and longer term, including:

• Block size increase — increased block size means more transactions in a block. The benefit is that there will be less waiting time for transactions to be adopted by a block during the periods of network saturation. However, there is a trade-off. Larger blocks take longer to propagate across the network. This also means that nodes will need more time to verify transactions. Although the block size increase is an option to increase network performance, such changes should be executed with caution. To ensure that the increase does not compromise block adoption time, we will gradually change parameters and assess the results during high saturation periods. This is not a one-step update, but rather an iterative approach that will provide us with clear results and help ensure the most efficient adjustments.
• Mempool size — currently, the size of the mempool is set to 128 KB, which is twice the size of the current block. The mempool works as the network buffer and may cause short delay when including transactions into a block. However, mempool size increase won’t improve network throughput – transaction queues will stay the same. The mempool allows for a fair adoption of new transactions that enter it randomly based on the producing node that is chosen by the lottery algorithm.
• Script compression — given that the current transaction size is set to 16 KB, we’re continuing to work on compression, which allows the protocol to ‘zip’ the code in a transparent manner. This means more script transactions in one block due to their decreased size – developers will be able to submit more sophisticated code compressing it to 16 KB or less, and there will be more space left for other transactions.

Architecting for EUTXO

As described in our previous concurrency blog post, Cardano’s EUTXO model eliminates entire classes of problems when designing DeFi applications. In addition to EUTXO’s native ability to process transactions in parallel, the model’s deterministic nature ensures that developers and users can avoid wasted ‘gas’.

That said, the EUTXO model isn’t the same as the account-based model. Lifting and shifting application architecture intended for account-based systems to a EUTXO-based system will result in a suboptimal application design. Applications designed specifically for Cardano’s EUTXO model will provide the best user experience.

We’ll publish a deeper technical dive on how developers can optimize order submission and processing, for example, to the EUTXO model shortly.

Iteration & Improvement

So there is plenty of work going on behind the scenes as we continue to evolve and iterate. These are still early days, and we will continuously assess network performance and adjust parameters accordingly as we go. In the short term, we’ll be able to ease NFT drop congestion by more evenly spreading the stake distribution and reward distribution computation. This will in turn enable us to increase the block size, eliminate pauses and congestion at epoch boundaries, and remove computational spikes (which can cause slower block propagation). Gradual block size increase will also let us assess the best case scenarios for network performance and these results will be soon visible on the network.

We also plan to move the ledger state to disk storage to ease the on-chain load, alongside script compression and on-chain sharing features implementation. When finalized, they will greatly complement network adjustments.

In the mid-term, Hydra will bring additional capability. Longer-term, our Chief Scientist and team continue to research other methods and mechanisms around pricing frameworks and enhancing the Ouroboros protocol to increase transaction throughput. More on this in future blog posts!

Two months in

We are just two months since the start of the smart contracts era on Cardano. Whatever the weight of expectation and anticipation around the ‘launch’, this was never going to be a one-hit upgrade. Just as it was always going to take time for the ecosystem to build momentum, there was always going to be a period of bedding in and then adjusting, as demands on the network grow. We’re on a journey and understanding community feedback remains key. Talking to many of the exciting new projects #BuildingOnCardano, we’re building a better understanding of their plans and objectives – along with any issues they are facing – so we can support and serve as needed. We’re also closely following the community debate.

It’s early days and we’re all still learning. Yet, by design, Cardano is set up to flex and grow alongside its nascent – yet already vibrant – ecosystem. Let’s all keep building!

If you are a developer and want guidance, support, or just fancy dropping by for a chat to one of our open sessions – make sure you join our growing technical community on Discord.

My thanks to John Woods, Vitor Silva, Kevin Hammond, Duncan Coutts, Romain Pellerin, Michael Peyton Jones, Jean-Frederic Etienne & Olga Hryniuk for their support and feedback in preparing this blog post.

In our previous blog post, we announced the collaboration between Ergo, Nervos, Topl, and Komodo – companies forming the UTXO alliance to jointly enhance interoperability, scalability, and programmability features of the UTXO-based blockchains. Today, we are delighted to announce that Alephium and DigiByte are also joining the alliance to pioneer improvements of the UTXO accounting model.

We live in an age of rapid change and technological advancements where blockchain is the technology that streamlines transparency, trust, and enhanced security. The UTXO alliance has been created to encourage those at the forefront of this technology to engage in shared efforts and initiatives. Together we can drive further development of critical infrastructure needed to foster broader adoption of blockchain.

The strength of the UTXO model

The advancement of the UTXO accounting model is the core focus of the alliance. UTXO-based blockchains are superior to account-based models as they ensure:

• Enhanced security: the same address is not used every time a transaction is made, which makes it impossible to track the address or find out the overall balance. UTXOs are also more beneficial in terms of privacy leaks resolution.
• Scalability: UTXO ledgers allow for parallel transaction processing eliminating network congestion and are more suitable for stateless client solutions.
• Interoperability: due to the implementation of off-chain and sidechain protocols, it is easier to establish interoperability between different blockchains.
• Determinism: on the UTXO ledger, a user can predict the cost and validity of a transaction before it is processed on the chain. Transaction costs are also much lower in the UTXO model as there are no ‘gas’ fees.

Investigating UTXO properties and contributing open-source research allows us to enhance the properties of different blockchain systems, while also fostering interoperability between ledgers. Together, we are investigating scalability solutions that will allow solving instrumental questions around how to efficiently transfer data between different blockchain environments (including the amount of data used, processing speed, transaction costs, and energy usage). We’re also working on programmability, focusing on the design of new programming languages that will grant diversity in building smart contracts and DApps on UTXO-based blockchains.

Joint effort

Alephium is the first operational sharded blockchain bringing scalability, ETH-inspired smart contracts, and DApp capabilities to Bitcoin's proven core technologies while ensuring better performance and improved energy efficiency. From its technical design to its interfaces, Alephium has been created to address the challenges of accessibility, scalability, and security encountered by decentralized applications today. The immutability of the UTXO model has been the cornerstone for Alephium to tackle the scalability issue of blockchain. More specifically, Alephium proposes a stateful UTXO model which offers both layer-1 scalability and the same level of programmability as the account model. Alephium also introduces a dedicated virtual machine (VM) based on the UTXO model to address DeFi’s security issues and execution bottleneck.

Cheng Wang, Alephium founder & core developer says:

The increasingly high demand for scalable and secure DApps, and more specifically DeFi, is a great opportunity for UTXO blockchains. UTXO-based designs will be the new paradigm for DeFi development. The alliance will play a key role in driving its mass adoption.

DigiByte is an innovative, open-source, UTXO-based blockchain that is driven by the community. It provides forward-thinking solutions to ensure greater decentralization, security, speed, and scalability. Due to its secure cryptographic algorithms and enhanced speed, users can efficiently create digital assets, smart contracts, and DApps on the chain. One of the largest challenges DigiByte, and other UTXO projects, have struggled with is developer engagement. The barrier to entry for developers to build solutions on top of UTXO blockchains is high and requires a tremendous amount of domain knowledge and experience. DigiByte core protocol maintainers and contributors have been working on lowering that barrier to entry by building an approachable and easy-to-use developer toolchain & development sandbox.

GTO90, core protocol contributor & maintainer of DigiByte says:

DigiByte took UTXO to maximum performance through fast block times, real time difficulty adjustment, and multi algo mining. This improved upon the UTXO model and decentralization. Over the past several years, a number of DigiByte's innovations have been contributed to a variety of open-source UTXO blockchain projects. We look forward to working with the UTXO alliance to further innovation around and adoption of the UTXO model.

Romain Pellerin, IOHK CTO adds:

We are thrilled to see another two blockchain ecosystems joining us and the UTXO alliance, which brings us to seven founding members already. DigiByte and Alephium bring both experienced and novel lines of thinking to the alliance. This ensures diversity in the way we identify and attempt to solve common challenges. It will help each member to consolidate their state of the art and design new solutions to the latest challenges, as well as enable synergies towards more scalable, programmable, and interoperable blockchain networks.

We continue growing our collaborations to investigate different approaches to the enhancement of the UTXO model. Joining forces for the common goal strengthens our initiative while contributing to open-source research.

Input Output chose the UTXO model for Cardano because of its superior deterministic design, scalability features, and proven security. UTXO alliance members include some of the best and brightest blockchain minds in the space, committed to collaboration and growing and advancing the standard. If you’re developing UTXO-based blockchain tools and techniques and are committed to furthering this transformative technology, we invite you to join us. For more details, visit the UTXO alliance website.

As part of our commitment to global outreach, and to foster the adoption of blockchain technology worldwide, we are announcing the launch of a Haskell programming course in Ghana.

Eighty students will benefit from this educational program, which will teach them the necessary skills to create projects and build applications to transform local industries using blockchain.

Blockchain as a driving force for technological advancement

Haskell, named after American mathematician Haskell Curry, is a functional programming language that emphasizes the use of “pure” functions where possible. That is, functions that always give the same result for the same input. This is particularly relevant for systems that require high-assurance code (such as blockchain) and programs that require a high degree of formal verification. This is specifically why Cardano was built with Haskell.

The upcoming course will offer students the opportunity to learn functional programming techniques, and how to build smart contract applications. This course aims to support the development of a new generation of Ghanaian innovators, empowered to create blockchain solutions to address some of the challenges faced by their country. This cohort of blockchain-skilled individuals will have the necessary technical knowledge to create applications for industries as diverse as finance, the arts, and the music world.

This course couldn't come at a more timely moment for the country. Ghana is currently driving the digitization of some of its key economic areas. Bank of Ghana, for example, is working towards the development of a blockchain-based digital currency. The skills taught in this course will become a key asset for the next generation of technological leaders, who will be able to make a significant contribution to Ghana's digital innovation.

Lars Brünjes, IOG's Director of Education, will teach the course, as he did before in other locations. “The previous Haskell courses in Athens, Barbados, Ethiopia, and (virtually) in Mongolia have all been very successful and great experiences for me,” said Lars. “Teaching is never a one-way street: While sharing my knowledge with the students, I enjoy listening to their stories and discovering their own, unique perspectives.”

Where is this course imparted?

The course will be held in Accra, Ghana's capital city and economic and administrative hub, and delivered in collaboration with the Pan-African Tech Foundation (PATF), a non-profit foundation that promotes technological development in Africa. The PATF and IOG will liaise with technology-focused universities and hubs to select the best candidates. As before, students who excel at the course will also have employment opportunities at IOG.

Lars added “I love the concept of these courses: The students are passionate about solving the unique problems of their countries, and we give them the necessary tools to achieve this. We gain bright young people with invaluable local knowledge, and they get the opportunity to work at the forefront of technology while never having to leave their own countries.”

“Many of my students from previous courses have told me how it was the toughest course they ever did, “ he added. “But also how it changed their lives and gave them all they needed to hit the ground running.”

The bottom line

Charles Hoskinson said: “At IO we are committed to empowering citizens to autonomously develop solutions to day-to-day challenges in their own nations, which is why the Haskell training courses are such a fundamental part of our work. “

“We have always taken an academic, research-first approach to blockchain development, so Haskell was our choice of programming language for our industry-leading green blockchain platform, Cardano. With a generation of innovative tech leaders in Ghana capable of using such a secure and robust programming language, we could see transformative applications built which shape the tech landscape in Ghana for decades to come.

This course perfectly aligns with that vision, with IOG’s endeavor to make education more accessible, affordable, and equitable across Africa, and with Cardano's overall mission to become the world's financial system. Cardano is about promoting inclusion and fairness through sustainable technological advancement.

Lars perfectly illustrates this concept, and shows how these courses align with Cardano's vision:

“We all want to make the world a better place, and these courses allow me to do this in my own little way. Education and knowledge open so many doors, and I feel grateful and blessed for the opportunity to make a difference by sharing my knowledge.”

At the Cardano Summit 2021, IOHK researchers Pyrros Chaidos and Roman Oliynykov presented the design and goals of Mithril – new research and engineering effort carried out by IOHK. Mithril will provide a stake-based threshold signature scheme that can be implemented as the protocol to solve chain synchronization, state bootstrapping, and trust issues in blockchain applications.

Mithril is the name used for a fictional metal in Middle-Earth – a malleable material, very light in weight but strong as 'triple steel', which does not tarnish or dim. Thus, the name symbolizes strength in terms of security and a lightweight approach with regard to the developed protocol.

Leveraging stake for signature aggregation

Let’s start with some background information to understand Mithril's benefits for the development of blockchain solutions.

Cardano is a proof-of-stake blockchain, so the consensus algorithm randomly selects nodes to become block producers according to the stake they hold. For certain messages or actions, it is important that a particular number of stakeholders provide their cryptographic signatures. The consensus protocol determines how individual nodes assess the current state of the ledger system and has three main responsibilities:

• perform a leader check and decide if a block should be produced
• handle chain selection
• verify produced blocks.

To achieve greater scalability in a blockchain setting, it is essential to address the complexity of critical operations that depend logarithmically on the number of participants. This means that the higher the number of participants (which are assumed to be numerous), the more complex it becomes to efficiently aggregate their signatures. In a base scenario, to presume a signature that talks for the majority of stakeholders, every stakeholder needs to sign the appropriate individual message. Although this is possible, it is inefficient in terms of scalability and speed.

Given the time it takes to validate a particular message, and the resource usage during chain synchronization, it is vital to provide a solution that makes multi-signature aggregation fast and efficient without compromising security features.

Mithril protocol design

Mithril is a protocol designed to:

• leverage stake to obtain higher efficiency
• ensure transparent setup while not requiring increased trust settings
• leverage trade-offs between size and efficiency, which is guaranteed by the modular component design.

Mithril works in a public setting where signers don’t need to interact with other signers to produce a valid signature. The aggregator combines all the signatures into one, and this process is logarithmic with respect to the number of signatures, which results in a sublinear performance for Mithril aggregation. For example, when applied to full node clients like Daedalus, Mithril can boost full node data synchronization ensuring speed and decreasing resource consumption.

To represent a significant fraction of the total stake, Mithril uses the stake-based threshold setting. This behavior is different from the standard setting in which the given number of participants are required to validate a particular message. In the stake-based threshold setting, the protocol requires a fraction of the total stake to validate a given message to generate a correct signature.

Mithril also certifies consensus in a trustless setting. This means that it does not include any additional trust assumptions. It is possible to achieve consensus certification without including any additional assumptions, other than those already present in the proof of stake. For example, it can work within wallet-as-a-service, and the mobile client will use the certificate obtained from a Mithril node. With advanced security settings, such a procedure is potentially more efficient than SPO blockchain verification.

Finally, to ensure fast chain state bootstrapping, the signature scheme allows different stakeholders to validate only a given checkpoint of the chain. Stakeholders need not go through the whole transaction history of the given state – they simply need to go through the checkpoints to verify that the final stake is valid. This is beneficial for light client applications like light wallets that need to work fast without a full chain synchronization. Mithril signatures can be also useful for lightweight tally verification, or cryptocurrency governance decision making.

How it works

Mithril enables a multi-party signature by holding a number of individual lotteries (M) and considering a message to be valid if it has been signed by a number of different winners (K) over those lotteries. Each user, therefore, attempts to sign the message and then passes its signature through what is considered a lottery function. This function allows individual users to check if their signatures are eligible as lottery winners and output those without waiting. This is different from a standard setting, where slot leaders need to wait until their slot is active to participate. Once there are case signatures over different lotteries, they can be aggregated into a single Mithril signature.

Phases

The design of Mithril involves three phases:

Figure 1. Phases of Mithril operation

Parameter setup

To set up a Mithril protocol, users need to:

• fix the group setting where the cryptography will take place
• select the index range M, which is the number of elections they will be holding
• set the quorum size K, which is the number of election winners that need to sign a signature for it to be accepted.

It is also important to provide a reference string for the proof system. This is possible in a transparent manner and does not require any high trust assumptions.

Initialization

During this phase, users should update the state distribution. This lets every stakeholder know from what stake they are holding. Then, each stakeholder is responsible for registering their keys. This can happen either on or off the chain.

Finally, users need to distribute stake and compress their test keys, which is done using the Merkle tree. This function allows Mithril signatures to be verified against a single hash that represents that Merkle tree. So, the size of the state needed to verify a signature can be kept low.

Operation

While working with the chain, users can produce, aggregate, and verify Mithril signatures. Producing signatures involves users’ attempts to check if the signature they produced is actually a winner on one of the lotteries held in parallel. If true, the users will broadcast their signatures. If there are enough signatures supporting a particular message over different lotteries, they can be aggregated into a single Mithril signature. It can then be broadcast and verified by anyone using only the reference string for the proof system and the very short Merkle tree hash of stake distribution.

For example, a single user can create a signature with Mithril as follows:

Figure 2. Mithril signature creation

First, a user will check the amount of stake they hold and pass it through a score function to obtain their score threshold T. Then, they will attempt to produce a candidate signature S. For each index, they will evaluate whether the candidate's signature they produced paired with the message they have just signed. The index number of the lottery they're checking against should also produce a score value that is less than their threshold T. If that is true, then the candidate signature they produced has actually won the lottery on that particular index number. If not, they will make the next attempt.

After trying all possible indexes, users will potentially have one or more indexes for which their signature S is valid. For each of those indexes, they can output an individual signature consisting of their candidate signature, the index number for which it is valid, and the proof that verifies that their score is consistent with the registered stake.

Network architecture

Implementing Mithril on Cardano, we can represent the software interaction as follows:

Figure 3. Mithril network architecture

A high-level representation of software around a stake pool operator (SPO) includes its connection to the Cardano peer-to-peer (P2P) network, the Mithril node’s P2P network, and the Mithril client connected to the node run by an SPO.

The Mithril node at the SPO platform accesses its verified blockchain at the local storage and runs the protocol to produce Mithril certificates that are kept at the Mithril storage. Produced Mithril certificates can be verifiably synchronized across the whole network. Thus, the SPO can share both the full Cardano blockchain and the list of valid Mithril certificates for it. When the Mithril client connects to the network, it requests a list of Mithril certificates and asks only for the longest chain of the Cardano blockchain.

Several SPOs can also participate in such a setting. The Mithril client will then verify that certificates fully confirm the obtained Cardano blockchain. The whole procedure is lightweight and will not require the involvement of significant network storage or computational resources. Moreover, Cardano full node sync and fast sync with Mithril procedures are not mutually exclusive – they can be run in parallel. Mithril fast sync will be later confirmed by the full node sync.

Use cases

Let’s take a look at the use cases where Mithril applicability is highly beneficial.

Mithril boosts the efficiency of full node clients or applications such as Daedalus. It ensures fast and secure synchronization of the full node data, significantly improving time and required resources including computation, network exchange, and local storage while keeping high-level security guarantees.

Mithril is also applicable to light clients and mobile applications, ensuring a trustless approach. Another significant advantage is using Mithril signatures for running sidechains. The main blockchain can connect to different sidechains that can even have different consensus protocols. Mithril has benefits in lightweight blockchain state verification, and thus, certificates can validate the current state of the specific blockchain as well as the correctness of forward and backward transfers in a secure way.

Finally, stake-based voting applications and governance solutions can use Mithril regardless of the voting protocol’s complexity. Mithril signatures can be utilized for secure and lightweight tally verification. This is also useful in governance when stakeholders go through a decentralized decision-making process and provide the final result in an easy and verifiable way.

Implementations

Several companies are already interested in Mithril implementation within their blockchain solutions. Galois, an advanced R&D firm focused on formal methods, cryptography, and hardware, will be implementing the first Mithril prototype based on the research done by IOHK. Galois will be implementing Mithril in the Rust programming language due to its fast prototyping features. They plan first to present smaller signatures with BulletProofs, then followed by production-ready implementations, and finally formal proofs of correctness.

Idyllic Vision is another company focused on building a self-sovereign identity protocol based on zero-knowledge proofs, a credential management system for organizations, and a mobile wallet for end users that supports interoperability between diverse society solutions. They are planning to implement the proof of concept of the Mithril node. In the following months, they will begin with creating a blueprint of solution architecture, defining a number of system components that should be developed and organically integrated into the existing infrastructure. This includes integration with the Mithril crypto library and the Cardano node, and a networking layer for communication between nodes. The result of this phase should be integrated into Cardano to enable fast bootstrapping of the node and support for extra functionality like lightweight clients as others.

To find out more, read the Mithril research paper and watch the Cardano Summit presentation.