Zcoin - An Update on MTP (Merkle Tree Proof)

in zcoin •  8 years ago 

Hi Steemit - We bring you a progress update on our newest development, MTP (Merkle Tree Proof).

MTP is an amazing new mining algorithm that is high performance, high security and promotes egalitarian computing. Zcoin intends to be the first to implement this and we foresee that MTP will offer good future proofing.

The First

Zcoin is working to be the first cryptocurrency to implement MTP as a proof of work algorithm and work is ongoing. As the foundation of a coin’s security, fundamental implications as to distribution and also verification speed, the implementation of MTP is the next priority on our roadmap.

Where It Came From

The MTP algorithm was devised by Alex Biryukov and Dmitry Khovratovich from the University of Luxembourg in their paper published on the 11 June 2016 titled Egalitarian Computing. These are the same researchers who came up with Equihash that is currently used in ZCash.
Egalitarian Computing

Why Is It Important?

MTP was created as a way to remedy the disparity between ordinary users and adversaries/cheaters where the latter could use botnets, GPU, FPGA and ASICS to gain a significant advantage and mount a cheaper attack. The basic concept is that it should establish the same price/cost for a single computation unit on all platforms. This means that no single device should gain a significant advantage over another for the same price hence promoting egalitarian computing. With egalitarian computing, attackers would need to spend the same amount as ordinary users for equivalent ‘hashing’ power. As attackers need to use similar hardware as ordinary users, automated large-scale attacks become no longer possible. This combined with the fact hashing in MTP is highly memory intensive, users infected by trojans to participate in botnets would experience noticeable performance degradation and therefore more likely to suspect something is amiss.

Massive centralization can be seen with many existing proof-of-work algorithms such as SHA256 (Bitcoin), Scrypt (Litecoin, Dogecoin) and X11 (Dash) where hashing power is centralized in ASIC farms and normal users are not incentivised to participate in the security of the network. Even in newer schemes such as Ethash which is used in Ethereum, although it is deliberately designed to be GPU friendly (more than a 100x more efficient than on a CPU), this still encourages GPU farms and centralization. Equihash despite it being memory hard, is not sequentially memory hard, meaning it can be mostly parallelized which makes development of ASICs more likely. This doesn’t mean that we discourage GPU mining, but with MTP it is foreseen that even with GPUs mining, CPU mining would still remain competitive.

Fast and lightweight Verification

Although with MTP, it is computationally and memory intensive to find the solution, once found, its solution can be quickly and efficiently verified without requiring a lot of memory.

This is important since by keeping verification quick, this makes the network more resistant to DoS attacks that target verifiers. It also allows lightweight hardware such as smartphones to perform verification which is not possible on many other hard memory hard algorithms. Verification speed of MTP is also expected to be faster than Equihash.
Source: https://www.usenix.org/system/files/conference/usenixsecurity16/sec16_paper_biryukov.pdf

Progress Free

A mining algorithm should be ‘progress-free’ meaning that mining must be a stochastic process where there is always a non-zero chance that the solution is found and being independent of any previous events. This prevents centralization and mitigates network delays.

Therefore a mining algorithm with an ‘initialization phase’ is not truly progress-free since the chances of finding a solution when initializing is zero. This is one of the main reasons why Biryukov and Khovratovich decided to develop MTP despite already developing Equihash since Equihash still requires a long initialization phase that certifies the memory allocation and is therefore not ‘progress-free’.

It is believed that the shorter an initialization phase, the more decentralized mining can be since everyone starts from an even playing field and economies of scale or network location plays much less a role in mining efficiency.

When Is It Coming?

Despite recent challenges, the team has been resilient in its efforts to meet its commitments to delivering MTP. MTP is still scheduled to be completed by the end of March where it will be rolled out into testnet first, to give us and the community time to test and review the code.

We are very excited about MTP and we thank everyone for their continued support and look forward to taking this project to the next level.

Please join us on Slack and follow us on Twitter, Facebook and Reddit

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  

Someone promoted your post. Promotions help every steemians.
Your reward is an upvote.
Good job, see you next time in Promoted! ;)

wow this algo sounds really great

wow :)

Nice to see you guys here, glad I can follow you in another place besides bitcointalk! :) Very excited about MTP and Znodes , and I am looking forward to see if MTP can create a fair distribution model.

Awesome!

Hi there @zcoinofficial thanks for your post.
Could you please elaborate a bit more about the MTP algorithm (in the zcoin mining context) in terms of: Hashrate vs computing power? (i mean if you have some data already)
Thanks!