Elixxir is Different, so its Nodes are Different
February 7, 2019
Two weeks ago, specifications for Elixxir’s BetaNet nodes were released. The community has been quick to point out that the Elixxir node hardware requirements are different from other existing nodes. Many were understandably surprised by the requirements: a powerful GPU, multi core CPU, significant disk space, and massive bandwidth are all at odds with requirements from other well known platforms. But Elixxir is a fundamentally different platform, and it should come at no surprise that its infrastructure is fundamentally different as well.
To frame how Elixxir is so different, we need to look back. Not to blockchains like Bitcoin and Ethereum, or even centralized databases, but what came before them: file cabinets, storage rooms, and paper records. In the paper world, data was physical and was only accessible if you had mechanical keys and knew it was there. In the move to digital infrastructure, troves of information became easily accessible, transferable, and searchable. But there was something we lost. Ease of access came at a cost: the capability to target us in ways never before possible. A company can figure out exactly how to manipulate us, a criminal can find the best way to hurt us, and a government can peer through to profile us. By making our information easier to access for ourselves, we have made it easier to access for others. And public blockchains only exacerbate the issue.
Elixxir exists because it doesn’t have to be that way. The study of cryptography is, in part, the study of restricting access. Truly private and undeniably owned digital assets, not public ledgers, are in Elixxir’s DNA. This fascination can be traced directly back to David Chaum’s seminal 1982 paper “Blind Signatures for Untraceable Payments”:
Untraceability is the bedrock of building a platform which inherits the privacy of the paper age. But the metadata problem created by today’s digital infrastructure makes real untraceability harder than ever before. The concept that an individual can, with confidence, access their data without revealing what data they are accessing, must be complete. As an example, let’s imagine my medical record (every embarrassing incident and malady) is encrypted on the blockchain. No one else knows it’s there, but every time I go to the doctor’s office, I access it. Based upon the IP address and the access pattern, one could quickly identify my medical record. Furthermore, one could tell when I see a new doctor through the IP address used when I check it. Just with my metadata, I broadcast to the world that yes, I started seeing a specialist in exotic foot fungus… even if the record is encrypted.
Preserving the confidentiality of any digital asset requires confidentiality in every interaction, otherwise information will leak and private records cannot stay private. True digital assets must be built on anonymity.
Ensuring this anonymity is at the core of our platform. Elixxir started with the publication of the cMix protocol paper in the 15th International Conference on Applied Cryptography and Network Security (ACNS’17), building on David’s earliest work where he introduced the concept of mixnets:
“a technique based on public key cryptography […] that allows an electronic mail system to hide who a participant communicates with as well as the content of the communication — in spite of an unsecured underlying telecommunication system.”¹
-David Chaum, 1981
With cMix, David took his initial work and solved a key issue: the historical dependence on a blocking public key system to protect confidentiality. In traditional mixnets, every message, on every node, requires a public key operation. These add up quickly, rendering it impossible to mix any sufficiently large number of messages with reasonably low latency.
cMix is unique in that its operations are precomputed, executing equivalents of these public key operations before messages are ever received. This allows for the security of a mixnet without the realtime overhead or the latency.
But what does this mean for the nodes?
The obvious result is that Elixxir nodes must push a lot of data. The privacy of messages within a mixnet is based upon passing and mixing large batches from node to node. Significant bandwidth between nodes is critical to reduce latency.
To make use of their bandwidth, the realtime computation executed by nodes must be quick and efficient. Elixxir’s breakthrough precomputation enables speed through pre-agreement by all nodes. By agreeing beforehand on symmetric keys to mod multiply during the realtime, computation is nominally reduced by a factor of roughly 6000 over direct public key implementations with equivalent cryptographic assumptions². In the precomputation, Elixxir utilizes homomorphic properties of ElGamal to compute the total product of all symmetric keys that will be used to protect each output message slot without revealing the individual keys, thereby keeping the individual permutations hidden. Allowing the nodes to provably commit to the entirety of the specific mix and the keys that will be used to protect that mix, all without revealing any details of the mix itself.
ElGamal utilizes the discrete logarithm assumption to provide security, which functionally means many large exponentiations. Even though they are executed before messages are received, large exponentiations are still expensive and the most cost effective way to execute them is on consumer GPUs³. A single high end consumer GPU can do the exponentiation work of a CPU that is 5 to 10 times more expensive. The use of the GPUs extends beyond just exponentiation: modular multiplications are also not free and at large scales gain benefit from running on GPUs as well⁴.
Furthermore, due to the piecemeal nature of the processing (where every message is operated on independently) the system can really take advantage of multi-core CPUs, utilizing every last drop of available power.
But many have also asked why the storage requirements are relatively high. There are three answers:
- As a communication system, pairwise-keys between every user must be stored to ensure secure communication.
- Messages must be buffered for a reasonable period of time so they are not missed, taking significant space.
- Elixxir’s token storage is unlike the accounts, ledgers, or unspent transaction outputs (UTXOs) found in other blockchains. Each token is stored individually as one of a small number of denominations, a structure core to Elixxir’s privacy model⁵. As a result, the estimated size of the “Active Tree” stored by every node is 200GiB. This contrasts with the blocks themselves which are expected to nominally be 10MiB and should never exceed 50MiB.
All of this leads to some higher level questions: Do higher system specifications confer added benefit to a node? What are the economic incentives for running nodes? Will there be an arms race between nodes?
The answers to all these questions are highly related. To maximize the scaling effects of precomputation and the security model, algorithms attempt to rigidly schedule every node in teams equally. Teams of nodes are then given a block of time within which they must complete their operations. As long as they complete within this limit, their block will be accepted and they will receive appropriate fees and rewards.
Together, this results in a system where completing faster offers little benefit. There is no significant advantage for operating beyond current system requirements because the system only rewards minimum performance. All nodes receive similar rewards and all nodes are selected at the same frequency.
We have begun the process for selecting BetaNet nodes which will help us make this system a reality. The first step is the Node Questionnaire. We’ve decided to keep the Questionnaire open until 11:59pm this Thursday, February 7th, to accommodate any additional submissions in light of the above node information. If you have not already, please fill it out so your voice can help inform this process.
For more questions about Elixxir’s nodes or general technology, our technical team can be found on our Discord.
And P.S. — Happy Chinese New Year from the Elixxir team to our community across the globe!
¹ “Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms,” D. Chaum, Communications of the ACM, vol. 24 no. 2, February, 1981.
² Comparison of un-optimized modular multiplication verses un-optimized standard ElGamal both at 4096 bits in go1.10.3 running on Intel Core i7–8650U @1.90GHz. Code used can be found here.
³ A betanet node is expected to complete a minimum of 6,000 modular exponentiations under a 4096 bit prime every second.
⁴ A betanet node is expected to complete a minimum of 600,000 modular multiplications under a 4096 bit prime every second.
⁵ More detail on Elixxir’s token system can be found in the technical brief and the blog post The Denomination of a Latte and the Anonymity of Blocks
⁶ A specialized Merkle tree organized in a bitwize radix manner (sometimes referred to as a patricia tree) storing all currently valid tokens