Loading

wait a moment

Stegos Code Review: Privacy Platform For Decentralized Mobile dApps

Stegos is a completely private, confidential, and scalable cryptocurrency that’s friendly to the environment.

At this point I’m tempted to say these guys are OG in this space. Feels like I’ve known Joel for years, and definitely one of the most persistent guys I know.

Remember that whole gen 1 vs gen 2 vs gen N argument that was big last year? Some chains claiming to be gen 8 or whatever, I think we are finally seeing the gen 2 wave. We are seeing a lot of PoS + BFT + privacy protocols coming out, and more and more of them are reaching maturity. I previously reviewed Harmony, I’m currently looking into Elrond, we have CasperLabs, Near, Aleph and quite a few others coming out, and I would say they all fit this gen 2 narrative.

Technologically, this is good to see, it means the tech stack is maturing. I’m not sure if it means anything more than that, but let’s see.

So Stegos. Platform for privacy applications. Stegos provides an absolutely private and secure foundation for building decentralized mobile apps.

The usual gen 2 101 promises. Absolute privacy, sharding + high tps, low finality (seconds), data pruning, runs on a mobile device, etc etc. “A secure mobile VM for running HTML/CSS/JavaScript apps” is interesting though.

High level promises, check, let’s get into the whitepaper detail.

Snowball is definitely interesting. Will need to dive into it. But let’s do a quick high level primer on blockchain and determinism. Why do we trust a bitcoin or ethereum balance? Because we can track every transaction from 0 with basic arithmetic. I know an account has a balance of 10, because it received an input of 10 and I can trace that input all the way back to genesis (or a block reward — since only genesis and block rewards can create new outputs).

What happens if these unlinkable and private? How do I know that the value I see I can trust? Original privacy was just about not being able to really see where a transaction went, sort of similar to what exchanges do, you have a bunch of inputs, trading happens in the middle so the inputs are completely messed up, and your ouputs could be from anywhere.

To give a more concrete example. Let’s say I deposited 1 ETH, traded a bit and made 2 ETH, and now I withdraw 2 ETH. That 2 ETH is no longer connected with the 1 ETH I deposited. This is essentially a privacy transaction (although getting access to the exchange audit log (assuming they keep one) can give me this data). Some clever cryptography (like ring signatures) allow this, some insane cryptography (like bulletproofs) perfect this.

So a ring signature can make the input and output hidden. What about value? I want to send you 10, but I don’t want anyone to see I sent you 10. This is where rangeproofs come in, a rangeproof provides a proof that a value is within a range, without exposing the actual value. So the rangeproof would prove that the value is greater than 8 but less than 12 (for example).

So now I can mix up the from/to and I can hide the value, but what if I still wanted to avoid the “to” address, I think I first saw this in Wanchain with their OTA transactions. Essentially another hidden address connected to your primary address that you could transfer to. This would add the balance to your primary address, but transfers would show up to your secondary address. This is stealth addresses.

So a lot of different techniques to be able to accomplish some pretty cool privacy behavior. So curious to see how Snowball does it.

Need more data on their compacting. Looks like they remove spent outputs and only keep the unspent values (sort of like mimblewimble compacting).

Good paper by the way, at some points not technical enough for my liking, but very good at explaining the high level concepts. I take that back, reading the addendum provides all the technical details I wanted.

Ok, so definitely a mix of everything we have seen so far, Pedersen commits, bulletproofs, address cloaking, encrypted payloads, utxo pruning, PoS, pBFT, value shuffle and mixing. It comes across very elegant though. Quite often I read these papers and it seems like someone just copy pasted different sections from other papers, this one flows very logical with each additional choice being added seemingly thought out and not simply added for the sake of being able to say they have it.

Leave a Reply

Your email address will not be published. Required fields are marked *