Pages:
Author

Topic: Nebula-The upcoming cryptocurrency that will incentivize reversible computation. (Read 4511 times)

member
Activity: 691
Merit: 51
I guess the moral of this story is that mathematicians should not trust themselves with more than 16 bits of security.
member
Activity: 691
Merit: 51
Now is probably a good time to list some weaknesses of R5 and some of my early ideas of reversible mining algorithms (this in part explains why I did not release any cryptocurrency earlier).

Multiple mining algorithms-Multiple mining algorithms have been largely untested in the cryptocurrency community. From my experience, the Bitcoin community is quite conservative and they would not accept multiple mining algorithms running in parallel each with their own difficulties. The Bitcoin community does not like new ideas that could potentially bring a security risk like having multiple mining algorithms. Furthermore, having multiple algorithms means that each of those algorithms has to be vetted for cryptographic security. Even though cryptocurrency mining algorithms could easily be made secure by adding more rounds (I did this) and there is not much history of broken mining algorithms, this is not a risk that people should be willing to take.

Iterating compositions of involutions-If f,g:X->X are involutions, then you do not want to use an iterate of fg or anything like an iterate of fg in a cryptosystem since such a component presents a security weakness. I originally wanted to use this construction because of its simplicity, but this sort of construction is not very secure (this is why you do not see it in cryptosystems such as AES and SHA-256 despite its simplicity).

Lack of solution lottery technique-Without the solution lottery technique, the reversible mining algorithms look much more like reversible cryptographic hash functions. This presents a security issue. First of all, reversible cryptographic hash functions are a better at incentivizing the development of reversible computation than something like SHA-256d, but they are not optimized for this task. Second of all, the solution lottery technique means that the new portion of the mining algorithm does not have to have much cryptographic security. For example, the reversible portion of Hashspin (Circcash's mining algorithm) only requires 16 bits of security while SHA-256d mining requires about 128 bits of cryptographic security. For this reason, using the solution lottery technique, one can use the security buffer to focus on designing the algorithm to accelerate the development of reversible computing hardware.
hero member
Activity: 568
Merit: 703
EDIT(Nov 21):  
Here is an official Circcash announcement:

https://bitcointalk.org/index.php?topic=5292018.0;all



You can find relevant project updates here:
https://github.com/jvanname/circcash  
Quote
Circcash is a fork of Bitcoin using Hashspin as a proof-of-work algorithm. Hashspin is designed to accelerate the development of reversible computing hardware. Hashspin is the only cryptocurrency mining algorithm that is designed to solve an extremely important scientific problem.

I have started the unofficial ANN thread:  

[ANN] Circcash [unofficial :: unmoderated]
https://bitcointalk.org/index.php?topic=5290467.0;all
jr. member
Activity: 75
Merit: 1
Miner, Trader
Hi, Jvanname

How is this project going? I still think that this project will be a very promising one in the future.

The market also needs something new and interesting to attract new comers. Hahaha

Hope everything goes well!
member
Activity: 162
Merit: 24
As an update, I am still working on the security of the POW problem.  A lot of security issues arise because I want to design a POW that incentivizes the construction of the reversible computer in the best possible way. For R5, I will use reversible linear cellular automata of dimensions 1 and 2. However,
I can list several security anomalies that arise from the use of linear cellular automata of dimension 1 including the following:

1. Suppose that f,g are involutions which are related to each other in some way. Then the composition fg is a permutation with cycles of an exceptionally low period. I so far have not been able to explain this phenomenon.

2. Cryptosystems require a large amount of non-linearity in order to thwart linear algebraic attacks. My POW problems however need to have as much linearity as possible since the CNOT gates (which are reversible and linear) will be much easier to construct than other reversible gates.

3. Reversible linear cellular automata over Z_2 of dimensions 1 or 2 over the torus of size 2^n x 2^n or circle of length 2^n have exceptionally low periods.

4. Reversible linear cellular automata over Z_2 of dimensions 1 or 2 have a Sierpinski triangle structure which indicates that these functions are not disorderly enough for cryptographic use.

Of course, I can solve these issues simply by basing my POW problems on something other than reversible linear cellular automata of dimension 1 or 2, but I do not want to do that because these reversible linear cellular automata are literally the simplest reversible objects that I can use, and I need my POW problem to be simple enough so that it will be as easy as possible for reversible computing manufacturers to construct machinery to solve these POW problems.

I hope you are doing fine and keep making progress.
Just wanted to drop by and give you some positive vibes Smiley
Would love to hear about any new stuff you got.
member
Activity: 691
Merit: 51
As an update, I am still working on the security of the POW problem.  A lot of security issues arise because I want to design a POW that incentivizes the construction of the reversible computer in the best possible way. For R5, I will use reversible linear cellular automata of dimensions 1 and 2. However,
I can list several security anomalies that arise from the use of linear cellular automata of dimension 1 including the following:

1. Suppose that f,g are involutions which are related to each other in some way. Then the composition fg is a permutation with cycles of an exceptionally low period. I so far have not been able to explain this phenomenon.

2. Cryptosystems require a large amount of non-linearity in order to thwart linear algebraic attacks. My POW problems however need to have as much linearity as possible since the CNOT gates (which are reversible and linear) will be much easier to construct than other reversible gates.

3. Reversible linear cellular automata over Z_2 of dimensions 1 or 2 over the torus of size 2^n x 2^n or circle of length 2^n have exceptionally low periods.

4. Reversible linear cellular automata over Z_2 of dimensions 1 or 2 have a Sierpinski triangle structure which indicates that these functions are not disorderly enough for cryptographic use.

Of course, I can solve these issues simply by basing my POW problems on something other than reversible linear cellular automata of dimension 1 or 2, but I do not want to do that because these reversible linear cellular automata are literally the simplest reversible objects that I can use, and I need my POW problem to be simple enough so that it will be as easy as possible for reversible computing manufacturers to construct machinery to solve these POW problems.
sr. member
Activity: 304
Merit: 250
News: There are already cryptocurrencies named "Nebulas" (MARKET-CAP $346,031,635) and "Neblio" (MARKET-CAP $182,594,614). Furthermore, the name "Nebula" is far to generic. I therefore plan on changing the name of the cryptocurrency. The name of the individual coins shall be called CIRCs which stands for Certificate of Innovation in Reversible Computation. I still need to finalize the name of the entire cryptocurrency though instead of the individual coins (I have an idea in mind).



I am looking forward to it.
member
Activity: 691
Merit: 51
News: There are already cryptocurrencies named "Nebulas" (MARKET-CAP $346,031,635) and "Neblio" (MARKET-CAP $182,594,614). Furthermore, the name "Nebula" is far to generic. I therefore plan on changing the name of the cryptocurrency. The name of the individual coins shall be called CIRCs which stands for Certificate of Innovation in Reversible Computation. I still need to finalize the name of the entire cryptocurrency though instead of the individual coins (I have an idea in mind).

newbie
Activity: 5
Merit: 0
Hi there i stumbled here while searching for $nas,

This is a very interesting idea, I wonder whether such reversible computer / crypto will enable an cryptographic algorithm based on cellular automata to create a protocol/system that can self govern itself?
jr. member
Activity: 75
Merit: 1
Miner, Trader
Hope everything well guys.

What's the news about Nebula?

There are many projects coming...Hope we can do the best!
Am also very excited about this project.
There are more and more ideas about how Blockchain can help in the transition from the now dominant idea of just putting more and more transistors onto one chip to another way of doing it.
Am so excited, Moores Law is coming to an end and we are right here, living in interesting times.

Yeah, that's correct.

I am very glad that we meet the blockchain here.

Hope this next-generation project get the best!

It is a really novel idea and can change things.
member
Activity: 162
Merit: 24
Hope everything well guys.

What's the news about Nebula?

There are many projects coming...Hope we can do the best!
Am also very excited about this project.
There are more and more ideas about how Blockchain can help in the transition from the now dominant idea of just putting more and more transistors onto one chip to another way of doing it.
Am so excited, Moores Law is coming to an end and we are right here, living in interesting times.
jr. member
Activity: 75
Merit: 1
Miner, Trader
Hope everything well guys.

What's the news about Nebula?

There are many projects coming...Hope we can do the best!
member
Activity: 691
Merit: 51
So here is an outline of the new kinds of POW problems which I am considering. Don't worry. The new POW problems will be modeled after the old R5 problems. So recall that with the old POW R5, we must find a 256 bit hash k along with a 64 bit string x such that f(k||x)
New R5 problem description:

Input: Suppose that for each 256 bit hash k, f is a function from {0,1}^64 to {0,1}^64 designed to be computed using a reversible circuit. Suppose that H is a cryptographic hash function. Suppose that C and D are adjustable numbers.

Problem: Find a 256 bit hash k along with a 64 bit string x such that f_k(x) XOR f(x)
Let me now outline a nearly reversible algorithm for solving New R5. Let E be a natural number with 0
The state of the machine shall be a pair (x,y,z) where x is a 64 bit string and y,z are E bit strings.

Suppose that after attempt N at solving the POW problem, the machine is in state (x,y,0) where y is the first E bits of the string x.

Step 1: Move from state (x,y,0) to state (f_k(x),z,z XOR y) where z is the first E bits of the string f_k(x). This state is completely reversible.
 
Step 2: If z XOR y=0, then the machine halts and one reads the output f_k(x). In this case, one would test whether f_k(x) XOR f(x)f_k(x) XOR f(x)
Step 3: If z XOR y>0, then move from state (f_k(x),z,z XOR y) to state (f_k(x) XOR v,z,0). This state is irreversible since the E bit string z XOR y. Now move to attempt N+1 at solving the POW problem.

There does not appear to be any security issues with this kind of sort of POW problem.

Remarks:

-The function f_k should not be of the form g^n for easily computable g since if f_k=g^n, then the optimal algorithm for solving the POW problem is not the algorithm that I have stated above and the optimal algorithm will delete E bits of information every time g is computed rather than deleting E bits of information every time f_k is computed.

-Since the input for the function f_k is 64 bits, the reversible device for solving the POW is probably much simpler than it would be for solving Old R5. Furthermore, the function f_k can probably be secure with fewer rounds than it can be for Old R5.

-The optimal algorithm is solving this POW problem is reversible in the sense that in Step 1, one can instead move from state (x,y,0) to state (f_k^(-1)(x),z,z XOR y) where z is the first E bits of the string f_k^(-1)(x).

-Since f_k has a 64 bit input, it is probably feasible to make f_k so that it computes a 1D cellular automaton or a circuit consisting mostly of CNOT gates without compromising the security of efficiency of the POW problem.

-With Old R5, I included a few layers of CNOT gates which I called sigma, mu, and tau in order to increase security and so that all of the logic gates are actually necessary for solving the Old R5 problems. With these new problems, the awkward layers sigma,mu, and tau are not necessary. Therefore, these new problems can be considered more pure than the Old R5 problems.
member
Activity: 107
Merit: 11
This is definitely on my watch list
member
Activity: 691
Merit: 51
rideinred.

I can make the RCO-POW problems myself (I already have made and analyzed these problems, but I am now considering modifying them again), though peer review is always helpful.

I just brought up the idea that a corporation will influence the final version of the RCO-POW problem in the case that such a corporation thinks that it will be easier for them to design a will computer for that RCO-POW problem (I want to make it as easy as possible for those corporations to design the reversible computer). For example, a corporation may think it is easier to construct a circuit using lesser known reversible gates such as the DKG or the Peres gate or they may want the RCO-POW problem to be based upon a 1 dimensional cellular automaton. Of course, they will have to pay in order for their recommendations to be implemented or launch their own corporate altcoin (which people will be skeptical about using) since I am not going to let a specific corporation have an advantage over others unless they pay.

Anyways, since the version of R5 which I have already posted requires one to delete 256 bits after every solution attempt, I am now considering drastically modifying the problems so that a much smaller amount of information is deleted after every solution attempt and so that these new problems have other superior characteristics. I will post my outline of how these new problems will work shortly.

As for implementing the RCO-POW that I have developed, I will write the functions in C++, but it will be better for a cryptocurrency developer to implement the functions which I have written.
member
Activity: 162
Merit: 24
That coin is not about reversible computing and it is called "Neblio" not Nebula.
So I don't think this is the project jvanname is writing about here.

Currently it is about setting up/determining the RCO-POW problem to be used and to get more people involved.
Devs to actually write the code and researchers to get their oppinion so we could convince a chip manufacturer to actually create a RCO-Chip.
Am sorry if I messed something up, I only understand the basic principles of this topic.

But the coin is already worth: https://coinmarketcap.com/currencies/neblio/
 Shocked
sr. member
Activity: 1778
Merit: 305
Currently it is about setting up/determining the RCO-POW problem to be used and to get more people involved.
Devs to actually write the code and researchers to get their oppinion so we could convince a chip manufacturer to actually create a RCO-Chip.
Am sorry if I messed something up, I only understand the basic principles of this topic.

But the coin is already worth: https://coinmarketcap.com/currencies/neblio/
 Shocked
member
Activity: 162
Merit: 24
How many coins do you need for POS-mining?
And where it is better to buy them?

There is no coin yet and so no mining, if I understood jvanname correctly.

Currently it is about setting up/determining the RCO-POW problem to be used and to get more people involved.
Devs to actually write the code and researchers to get their oppinion so we could convince a chip manufacturer to actually create a RCO-Chip.
Am sorry if I messed something up, I only understand the basic principles of this topic.
sr. member
Activity: 1778
Merit: 305
How many coins do you need for POS-mining?
And where it is better to buy them?
member
Activity: 691
Merit: 51
riderinred. Thanks for the encouragement. At this point, I have C++ programs for the POW problem which I intend to use, but since I am not thoroughly familiar with the source code for Bitcoin and other cryptocurrencies, I will need a cryptocurrency programmer to help me implement the code that I have written and launch the cryptocurrency (I currently only program for mathematical applications). If anyone knows a high quality programmer familiar with the source code of Bitcoin who is willing to help, let me know. Unfortunately, Nebula is currently a completely unfunded project, so my only form of payment is to simply let the programmer privately mine Nebula for a short period of time (which could be a very high level of payment if Nebula achieves a high market cap) and to have access to unobfuscated source code for R5 (the obfuscated source code runs slower so the programmer will have an advantage until someone finally deobfuscates the course code). I am currently working on this project alone, so that is why the development is slow. I apologize for any inconvenience that this delay has caused.

I am now seeking input from tech corporations that make computing devices and researchers about R5 to see their opinions about R5 and how cryptocurrencies could help develop reversible computers (I will even change the RCO-POW R5 if they offer a large sum of money as long as the new POW still incentivizes the construction of the reversible computer just as well).

In the mean time, I am investigating different RCO-POW problems especially those which can be solved by a reversible computer that does not delete information after every solution attempt and by a possibly faulty reversible computer (these sorts of RCO-POW problems appear to be much harder to construct and to verify the security of). I am also interested in RCO-POW problems where almost all of the gates are CNOT gates. The class of RCO-POW problems is much more diverse than I had originally imagined.

Right now, I am mostly just posting on http://boolesrings.org/jvanname.

I am glad that you are still updating this thread jvanname.

Am really excited about this project as it could be truly revolutional.
In your last post you said that the project needs more work than you anticipated. Do you have a timeline or roadmap or sth like that yet?

I would love to follow your work and journey with this project. Is there something else I can follow you except this thread and your blog/homepage http://boolesrings.org/jvanname?

Would be very happy to hear from you.
Keep up the good work!
You will definitely have my hashpower once it is needed.
Pages:
Jump to: