Light clients of privacy-focusing chains

zcash

Payment notification problem for resource constrained clinets.

https://gyazo.com/139d011e16624a1e26a912264e16fde0

proxy serverがclientがtxを生成するために必要なcomapct format dataを提供

複数のclinentsに提供想定

proxy(ingester)はclientのcommitmentを知ることができない

light clientはproxyからblockchain stateとして最低限必要なcompactBlockを受け取りCompactOutputからmerkle pathを生成。

code:api_proxy.js

service CompactTxStreamer {

rpc GetLatestBlock(ChainSpec) returns (BlockID) {}

rpc GetBlock(BlockID) returns (CompactBlock) {}

rpc GetBlockRange(RangeFilter) returns (stream CompactBlock) {}

rpc GetTransaction(TxFilter) returns (FullTransaction) {}

}

// Remember that proto3 fields are all optional.

// Someday we may want to specify e.g. a particular chain fork.

message ChainSpec {}

// A BlockID message contains identifiers to select a block: either a

// height or a hash.

message BlockID {

uint64 blockHeight = 1;

bytes blockHash = 2;

}

message RangeFilter {

BlockID start = 1;

BlockID end = 2;

}

// A TxFilter contains the information needed to identify a particular

// transaction: either a block and an index, or a direct transaction hash.

message TxFilter {

BlockID blockID = 1;

uint64 txIndex = 2;

bytes txHash = 3;

}

monero

https://www.youtube.com/watch?v=n6Bxp0k7Uqg

remote nodeがnetworkとblockchain synccし、slection algorithmにしたがって得られた11outputsをwallet clientに送信 -> 署名 -> remote node -> broadcast.

Light client nodes have to be runed to keep track of the latest state(utxo set) in utxo-based because that allows a wallet client can get the data to generate a transaction. In the case of monero and zcash, wallet clients need to the latest utxo set

When a wallet client fetches the output data from remote nodes, it's not controlable expect your own output.

IP of wallet clients can be seen from remote nodes if it's not protected by the specific solutions like vpn, tor.

It doesn't have censorship resistance. For example, they can refuge connections from the specific internet providers.

Wallet clients keep track of thier own balances, so they don't have to get the output from remote nodes to generate and sign transactions, but let's say, you get just 10 outputs from the remote node and then send 11 inputs, it's obviously detectable your actual input.

Wallet client don't verify the dummy outputs whether they're corrupted or controled by the remote node. If wallet client send transactions to the remote node, they can easily detect your actual output.

lightclientd in zcash protocol store blockchain data in a compact way. It allows wallet clients to query a merkle proof to generate transactions. It means lightclinetd can understand which commitment will be consumed by the wallet client.

remoe node in monero protocol also store latest blockchain state and wallet clients query the input set selected by the specific selection algorithm operated in remote node.Actually, remote node can be evil in some way, for example, they response corrupted outputs or controled outputs by themselevs as a decoys. In this way, users cannot verify whether it's poisoned outputs or not and the privacy aspects will be breadked in a statistical way.

remote nodeからgetしたoutputsと同じoutputsをbroadcastしていることからのip相関は可能

clientがremote nodeからクエリする11個のoutputsに対して、clientは直接networkにブロードキャスト

remote nodeがinput selection algorithにしたがって選んだ11outputsではなく自身がコントロールしてる10outputs +

ZLiTE

light clientsはTEE-enabledなfull nodeにチャネルを介しfundsのnotificationやmerkle witnessをget

https://gyazo.com/528f82d4aef719fcc5b7d6890656a698

https://www.youtube.com/watch?v=tN_CwuYBu_k