Analysis of the principle of Chia VDF algorithm

With the emergence of the popular product Chia, the mining industry has a more novel and friendly way of playing, that is, the low-threshold hard disk mining method. This mining method allows more and more ordinary people to participate in mining. , Feel the upsurge of the blockchain industry together.

According to Chia's white paper, the consensus mechanisms adopted by Chia are proof of space (POS, Proof Of Space) and proof of time (POT, Proof Of Time). POS is mainly used to prove that the user does have unused space for storage, while POT is used to ensure the security of the entire system. Its main algorithm is VDF (Verifiable Delay Function), and the calculation results obtained by VDF must be After a certain period of time, and can be quickly authenticated by any node in the network, increasing the probability of POS obtaining the block right.

Verifiable: After a certain number of calculations, the prover can quickly generate a small proof to prove the validity of the calculation, and the verifier can know the correctness of the calculation without repeating the calculation;

Indian short video sharing app Chingari raises $6 million: According to news on December 22, recently, Indian short video sharing app Chingari raised $6 million on the SolRazr platform through the platform token GARI. It is reported that GARI is deployed on the Solana chain. Chingari is the first social platform in India to launch its own encrypted token. Currently, Chingari has more than 32 million daily active-zce users and is the number one social media app on Google Play India. (coinquora) [2021/12/22 7:56:38]

Delay: That is, the prover can only get the correct result after performing the correct number of calculations, and there will be no situation where the correct result is obtained before the specified number of times is reached;

Function: That is, the result is deterministic, if you input x, you will get y.

El Salvador removes BTC price information from Chivo app to fight arbitrage scalpers: On October 19, the government of El Salvador has taken action to prevent users of its Chivo digital wallet from using the app's price freeze feature to obtain risk-free profits through arbitrage. Chivo tweeted that opportunistic traders have been using the price freeze feature to arbitrage on other cryptocurrency exchanges around the world during periods of significant volatility in the price of Bitcoin. Chivo explained that the frozen price feature gives traders the opportunity to take advantage of price gaps in other exchange rates while quickly transferring assets using the Lightning Network. Chivo plans to remove the price feature and provide real-time price references for bitcoin traders using its app. (Cointelegraph) [2021/10/19 20:39:56]

The effective computing power of Chia's entire network is 31.21EiB, and the mining output is 1,136,648: Jinse Finance reported that according to chiaexplorer data, on July 14, 2021, the current effective computing power of Chia's entire network is 31.21EiB, and the current total amount of XCH is 22,136,648. 1,136,648 pieces were issued. At present, 0.0003 XCH can be produced per TiB computing power per day, and it takes about 9 years and 325 days to mine 1 XCH with 1 TiB computing power. According to the market, the current price of XCH is 219 US dollars, an intraday drop of 7.5%. [2021/7/14 0:50:27]

Figure 1 POT

Calculation of VDF

Based on Chia's design pattern, if a node's VDF calculation speed is higher than other nodes, it may launch some kind of security attack. Therefore, in order to avoid this threat, Chia hopes that the VDF algorithm running in the nodes is the most efficient, so there is basically no room for optimization. To this end, Chia also held two VDF efficiency competitions, attracting industry elites to participate in this event with high rewards, and widely absorbing everyone's wisdom to obtain the most efficient VDF.

The effective computing power of Chia's entire network is 16.62EiB and the mining output is 761,892: Jinse Finance reported that according to chiaexplorer data, on June 4, 2021, the current effective computing power of Chia's entire network is 16.62EiB, and the current total amount of XCH is 21,761,892. 761,892 pieces were produced. At present, 0.0005 XCH can be produced per TiB computing power per day, and it takes about 5 years and 65 days to mine 1 XCH with 1 TiB computing power. According to the market, the current quotation of XCH is 694 US dollars, an intraday drop of 2.4%. [2021/6/4 23:10:58]

As shown in the figure above, the VDF algorithm used in Chia is actually very simple, which is to perform continuous T square calculations on a number x, where x is an element of a group of unknown order. The reason why it is a group of unknown order is also very simple:

If the order of the group is d, then according to the nature of the group: x2^T = x(2^T) % d

There will be a correct result before reaching the specified number of times T, which is inconsistent with Chia's design; therefore, the order of the group cannot be known; there are two ways to generate a group of unknown order:

RSA-based group;

Virtual quadratic field group;

When choosing the method based on RSA, the order of the group is N=pq, where p and q are both large prime numbers and cannot be made public. Therefore, the difficulty of calculating the order of this group is as difficult as decomposing the large number N. Therefore, it is considered safe, but this method requires trusted settings, that is, p and q are generated by a trusted third party, and MPC may also be used, but in short, it requires trusted settings;

The group based on the imaginary quadratic field can eliminate the credible setting, because it is difficult to calculate the order of a group generated by a negative large prime number satisfying the relationship |d|=3 mod 4 (why it is difficult, will be in another article Elaborate in detail, involving many mathematical concepts, I will try to write concise and easy to understand), because this large prime number can be made public, so this method can easily generate groups of unknown order that do not require credible settings.

After understanding the mathematical concepts behind it, let us take a look at how to calculate the square of the elements based on the imaginary quadratic domain group, as shown in the figure below (algorithms refer to NUDUPL papers):

Figure 2 if a < L

Figure 3 if a > L

The NUDUPL algorithm is by far the most effective method for calculating the square of the imaginary quadratic field, and it is also the method most chosen by the participants in the two VDF algorithm competitions. Figure 2 and Figure 3 show the two main branches of the algorithm, where m = (a,b,c) and M = (A,B,C) are the representations of elements in the group.

Certificate of VDF

It can be seen from Figure 1 that in addition to doing T calculations, the prover also needs to generate a proof to prove the correctness of the calculation. Regarding the proof of the correctness of VDF, this paper gives two classic methods. Chia uses is Wesolowski's argumentation method, and the process of this method is shown in the figure below:

The algorithm itself is simple and easy to understand. Compared with the Pietrzak algorithm in the paper, this algorithm generates smaller proofs and verifies proofs faster.

Conclusion

After a period of research and testing, the VDF algorithm currently used by Chia is indeed quite efficient. From the algorithm point of view, no point that can be greatly optimized has been found. "If it's not soft, then it's hard." This is one of the reasons why we still insist on researching Chia's VDF algorithm very deeply, and we have already started hardware optimization design. Theoretically speaking, with higher efficiency VDF calculation, higher mining efficiency can be obtained, which is also our goal.

Tags：

USDC