“Designing a fair PoW is very difficult, and I think we pulled it off”fireice_uk, Ryo co-founder, January 4 2020
Part 1 — Origins
Part 2 — Fair GPU Mining
Part 3 — Privacy
Part 4 — Monero
Part 5 — Core Feature Development
Part 6 — Rising Son
Part 7 — Conclusion
This is a sponsored article. To learn more see here.
If you click “Why Ryo?” on the privacy coin’s website, the page returned is titled “Is Ryo a serious competitor to Monero?”
Few coins would have the audacity, or chutzpah, to pose such a question about the Goliath of privacy coins, let alone provide answers. However as the reader will soon discover this is par for the course in the tale of Ryo, a coin for whom controversy is part of its very DNA.
Part 1 — Origins
Once upon a time Monero forked from Bytecoin, the first CryptoNote coin, due to concerns over the integrity of Bytecoin developers and a massive premine. Similarly, Ryo arose from the razed wreckage of another CryptoNote currency named Sumokoin.
A mutiny led by fireice_uk, an act a former Sumokoin team member would have us believe was treasonous till evidence of wrongdoing became incontrovertible. So it was that fireice, mosu and psychocrypt started Ryo and offered a 1:1 swap for Sumokoin holders wanting to jump ship.
GM (Gigamesh): But whySumokoin? Why wasn’t Ryo forked from Monero?
FI (fireice_uk): “Because it wasn’t a planned event. I worked for Sumo, found a hidden premine,”
GM: “What were you hired to do?
FI: “CN-Heavy pow at first, then general development.”
Before RYO, fireice_uk was more a gun for hire — a freelance dev. Working for many coins and writing miner software and mining algorithms (CN-Heavy PoW is a mining algorithm), fireice might have stayed in that role were it not for the Sumokoin premine that he himself discovered. Ironic since fireice “did a BSc in Computer Forensics — it took me exactly a week of unpaid internship with police to decide that this is not for me.”
By curious twist of fate an opportunity to start his own project presented itself.
GM: “Would you have started RYO if you hadn’t discovered that SUMO premine?”
FI: “It is unlikely, the only reason I decided to fork, as opposed to just quit was because half a dozen community members asked me to do that.”
GM: “How many cryptocurrencies have you worked with or contributed to?”
FI: “I did it on and off for a very long time 🙂 From fireice_uk you will be able to find contributions to Dash and Monero; but if you include minor coins where I usually put out all sorts of fires for 75 bucks an hour, I lost count long ago.”
GM: “You could make a good living writing optimized mining software or as a freelance blockchain dev, correct? What motivates your development of RYO?”
FI: “Could is probably the wrong premise here, that’s what I do. As to Ryo, I like the challenge of making a real private blockchain, as opposed to a pretend-private one 🙂 ”
Part 2 — Fair GPU Mining
The Ryo team have developed a mining algorithm with a focus on fairness. From a technical standpoint CN-GPU is highly innovative and the first crypto mining algorithm to make use of floating-point arithmetic (FP).
FP is a scientific notation which allows the rapid computation of extremely large (“size of the universe”) and extremely small numbers (“size of an atom”). Formulaic representation of real numbers are an approximation to support a trade-off between range and precision.
What does this mean?
Say we want to calculate the number of atoms in our solar system. Such mathematics would require huge numbers many digits long. As humans we would express these in base10 but a computer would convert them to binary (base2)
Computer memory is limited and you cannot store numbers with infinite precision, no matter whether you use binary fractions or decimal ones. At some point you have to cut and round the number off. A 32-bit computer can only handle numbers up to 23 decimal (base10) digits in length, and so to express much larger number floating-point arithmetic is required.
As the name suggests floating-point numbers can be expressed in different ways by moving the decimal point, and many TDC readers will already be familiar with what they look like.
The main advantages of FP are speed and efficiency, and it’s used by Google in AI farms, and by others in many different industries and fields of research, like astrophysics.
The significant part from the perspective of “fair mining” is three-fold
- FP32 is a IEEE standard
- FP32 has been used since the 1980’s and has been highly optimized
- Everyone is on equal footing. There are no preferred devices
GM: “CN-GPU is the first mining algorithm to use FP or FP32?”
FI: “I can’t say if it is first algo that ever did floating point maths. I don’t think anyone tried to pin the problem domain to neural net calculations before.”
FI: “Ok. Let’s take it to the real world. I can’t say that we were the first guys to light petrol — we probably weren’t. We did make an engine that lights petrol.”
“And I think this is a first one.”
“The idea is based on the fact that AI farms (neural nets) have much bigger budgets than the whole of crypto mining combined.”
GM: “Can you describe in plain English how FP32 (Floating-Point Arithmetic IEEE 754) paves the way for Fair GPU Mining?
FI: “The reason why Google or Facebook didn’t do an ASIC to speed up their farms is because:
- This operation is fairly well studied, and any shortcuts that were available have been found
- As such the performance scales very linearly with the physical number of FP units on the die.”
“Since most of the die area on GPUs is FP units, you will see that the algorithm is very fair — in contrast to original cryptonote which favoured AMD.”
GM: “What about CPU’s?”
FI: “It isn’t really designed to be mined on CPUs. I consider this to be an advantage. It is very easy to launder stolen credit card money through Monero right now — we don’t want to support that.”
GM: “Cant stolen credit cards also be used to rent GPU farms?”
FI: “Not in practice. They are not consumer products. No company out there will let you create 1000s of accounts and rent GPUs with them.”
“In contrast, buying 1000 VPSes is fairly trivial.”
GM: “What makes CN-GPU special, and how does it compare with RandomX? Is one better than the other?”
FI: “RandomX is based on an assumption that you can’t make a CPU that runs it faster than regular CPUs.”
“When designing cn-gpu we looked at AI compute farms (psychocrypt happens to work at one) — and decided that if it is possible to make an ASIC that performs the same job Google with its budget is going to get it first.”
GM: “Are you surprised RYO was the first to design an FP mining algo and that it hadn’t occurred to others before you?”
FI: “That might have been influenced by people without much knowledge — and only armed with the first page of google -passing around info like “it is impossible, floating point is not exact””
GM: “I’m guessing the IEEE standard gives hardware makers less wiggle-room for competitive optimizations
FI: “Not quite. Let me give you an example. All instructions are fetched, decoded and then executed.”
“The major gains on the FPGA are because you don’t need to fetch and decode — those are really complex circuits”
“Now, let’s say that your building block are xors and shifts (like with sha256)”
“That’s just a single gate and some wires in hardware.”
“How about floating point addition?”
“And you can see — as the “execute” part becomes more complex, the performance becomes proportional to the execute unit size (i.e. physical die area)”
“Floating point multiplication is even more complex, but I think you get the point”
GM: “So for this reason FPGA are not a concern?”
FI: “Exactly. Just like in AI, you _can_ get them, but they aren’t much faster — and they are 10x more expensive.”
GM: “In your opinion what is RYO’s greatest achievement to date?”
FI: “I think cn-gpu is probably the greatest. Designing a fair PoW is very difficult, and I think we pulled it off”
“Designing a fair PoW is very difficult, and I think we pulled it off”
Fair mining has become something of a trope for fireice_uk. Prior to RYO he was best known for developing the most efficient open-source miner for Monero, called XMR-STAK. Monero recently updated their mining algorithm to RandomX (mentioned above) and fireice once again released the most efficient miner, this time bundled into a custom OS (RagerX).
But what’s the connection between optimized miners and fairness?
GM: “Your involvement with Monero, your departure from Monero. Can you talk about what happened?”
FI: “I was never involved with them per-se I contributed some code, but that can be said about a dozen of coins. As to timeline: I made a miner, which got very popular and upset a few high ranking people. Then I tried working with them — resigned over lack of trust. FFS (the community fund) money got promptly embezzled.”
“After that episode I only sat on the sidelines”
GM: “How could mining software upset anybody?”
FI: “Pretty simple. If you have a private, 20% faster, miner, and someone publishes a miner using that method, you are going to be pretty pissed, no?”
Other cryptocurrencies, like Equilibra (XEQ), have adopted CN-GPU. I caught up with their founder Harrison Hesslink to ask why they’d switched to the algorithm.
“Simply it seemed the best algo to move to in a timely fashion to remove ASICS.”Harrison Hesslink, Founder of Equilibria (XEQ)
Even before the implementation of CN-GPU in March 2019 the RYO team created another mining algo. CN-Heavy remains a popular with many coins employing it. LOKI, previously covered on TDC, was one of them.
GM: “Is CN-GPU an evolution of CN-Heavy in any way?”
FI: “CN-Heavy was more of a quick fix to a really urgent ASIC problem. It was just a minor tweak — and those don’t last long, but it lasted long enough for Monero to base their second tweak on :)”
Part 3 — Privacy
“You seriously got banned from the Monero Channel for researching a weakness in the XMR/Cryptonote Privacy Protocol(s)???” says a commenter in the Zcash forums in April 2019
“Yup, see the last picture here,” replied fireice, linking to an article titled How buying pot with Monero will get you busted — Knacc attack on Cryptonote coins, published March the same year
Controversial both as a miner dev and a security analyst, fireice_uk has always spoken his mind.
FI: “Try posting this link there, and you will get auto-banned too”
What he had to say was not received well, as testified by fireice_uk’s GitHub profile which quotes fluffypony:
“A one-man attack on Monero according to (ex-)”dear leader” fluffy. A boogeyman-of-reason to “Church Of Monero”. An enemy of the state. A freelancer. A busy boy.”
Ricardo “fluffypony” Spagni, who retired as XMR Lead last month, later removed the comment which fireice_uk quoted. Church or no church, tensions were strained to breaking-point.
In a recent update Ryo strengthened its anonymity by increasing its default ring size from 13 to 25, the largest default ring size of any cryptonote coin I can recall at the time of writing.
Ring signatures anonymize spends through cryptographic obfuscation. Like the game of thimblerig, also known as the shell game, where a small ball is placed under one of three cups (two fake outputs, and one real output) which are shuffled before you guess which the ball hides under.
The number of ring signatures used to anonymize the spend denotes how many “fake outputs” are sent alongside the “real output”. A ring signature size of 25 is like playing the shell game with 25 cups.
GM; “I’ve read of Ryo’s plans to move to 100+ ring sigs. Won’t these transactions be too big to scale?”
FI: “That’s the challenge — I would say anything below 1000 is not enough, so we are clearly very far off.”
“Overall the summary of the past year’s academic research is “realisation just how bad ring signatures are””
“We are working on efficiency gains — but I would say we are further from the target than we were at the start of the last year. That’s how far the goalposts moved.”
GM: “The goalposts moved because of new methods to deanon and link transactions?”
GM: “Could you provide an example of the academic research.”
FI: “This is a very good one. Fact that Monero’s academics don’t want touch “community response” to it with a barge-pole is very telling.”
GM: “In light of the research why not abandom ring sigs althogtehr and move to zk-proofs or mimblewimble privacy.”
“That is certainly an option that becomes more and more appealing.”
FI: “That is certainly an option that becomes more and more appealing.”
“We didn’t quite commit to it yet, but it is a very real and distinct possibility (btw, zk-proofs are the only consideration, mw is even worse than xmr).”
GM: “What else has RYO done to strengthen CN anon?”
FI: “We have plugged payment id metadata leaks, which was promptly copied by Monero (as per screenshot I sent you), as well as seamlessly plugged the leak from long payment ids (as opposed to forcing users to remove them)”
“One thing that should be noted is that Monero’s sub-address implementation still leaks metadata, to be frank I’m tossing the idea of removing it or supplementing it with bytecoin model of address”
Part 4 — Monero
GM: “In broad strokes, what makes Ryo a “serious competitor to monero”, as the website claims?”
- “More experienced team without delusions of grandeur (no, nobody saved NASA here 😂)”
- “Financial transparency — https://ryo-currency.com/dev-fund/ — as opposed to fluffy withdrawing himself half a mil from the fund for his project”
- “As a function of the above, we tend to move faster in whatever direction we choose. Monero tends to crawl in all directions without focus.”
“And I’m happy to say it on record — the situation is extremely challenging — whole ring signature model might not be viable privacy wise (as I said before with regards to zk-proofs)”
GM: “Withdrawing himself half a mil from the fund for his project? What project?”
GM: “Any comment on fluffypony “stepping down”?”
FI: “It is a fairly logical move — Monero is mined out, start another coin. As to prospects, you know what to do when the rats are jumping off the ship 😉”
GM: “In your GitHub profile you are described as “A one-man attack on Monero according to (ex-)”dear leader” fluffy.” What’s the story with fluffy, and why these accusations made?”
FI: “That’s a direct quote from one of his tweets (at least that’s what I remember, they are too numerous to keyword trawl).”
“If you are asking for literal history, have a read through the thread I gave you, with a naive mindset that this just response to some guy that made a proposal to what’s a self-claimed FOSS project. Rather than top echelons really pissed about their income halving and trying to close ranks.”
“Technical details are irrelevant, just absorb the tone.”
“If you are asking for my opinion on him? I don’t like him. I think he uses his charisma to line his pockets. He has pumped and dumped monero — and told people who lost money that it is their fault.”
fireice links to a CoinDesk article:
“I thought, ‘I’m going to pump it and dump it,’ because I was interested and taking the ideas and implementing them in bitcoin. The bitcoin code base was far more interesting to me than monero, and I thought, ‘I’m not going to work on this codebase, it’s terrible,’” he recalls.fluffypony on Monero (CoinDesk)
And a reddit post from /r/Monero/: “What fluffypony just did is not ok”
Part 5— Core Feature Development
On top of all the development already mentioned there are eight more key I have identified from the website and an article, “Sneak peek at what’s happening in Ryo development trenches”. These include atomic swaps, rewriting the entire codebase and replacing “fluffy blocks”.
In order to keep things manageable I have created a list of bullet points together with Fireice’s remarks on their current status.
- Implementing cutting edge crypto for improved wallet and network security (AES-GCM-SIV) / Status: “Implementation”
- BytecoinV1 codebase rewrite/IPV6/Replacement of fluffy blocks / Status: “Implementation”
- Atomic Swaps / Status: “whitepaper stage”
- 5x-10x CPU speedup during sync and operation / Status: “in testing (dev branch)”
- Increasing default ring size to 100+ (see Part 3) / Status: “Is performance limited — we will increase it whenever that allows”
- Over 10,000% CryptoNote blockchain compression (from 15GB+ to 100MB / Status: “whitepaper stage”
- Create custom name Electrum-like wallets / Status: “About 25% of the way there, you might have seen our webwallet, that’s an early UI and testbed for that.”
- Quasar web-wallet and 64-bit “ChooChoo” Elliptic Curve Crypto library / Status: “Testing, dev brach”
Implementation = “Implementation meaning we are in the process of writing it — testing — that it is there and the code is visible.”
Not mentioned on the website but already in use are Bulletproofs which “offer a substantial scaling improvement when using multiple outputs,” according to this Globee article.
As Ryo co-founder mosu explained in Telegram yesterday, January 4th 2020:
Bulletproofs have been on mainnet for about a year, it should be mentioned in the homepage but is also shown on the explorer on all txs
The anon broadcast is being worked on without any external networks like i2p.
Basically a complete overhaul of the p2p network
Overall, bulletproofs are the same implementation as xmr, we wouldn’t change that without a PhD or two in mathematics. But there are other things we’ve done before monero, such as fixing payment ids (uniform payment ids)
Our implementation of payment ids let’s you use 8 or 32 byte pids without any way to track them. That was something monero fixed now, by disallowing 32 byte payment ids all togethermosu, Ryo co-founder, January 2020
Also overlooked are the wallets Ryo has built from scratch which include an option for solo mining — a user-friendly and privacy enhancing innovation.
Part 6 — Rising Son
GM: “In addition to the maths heavy work in the mining algo, Ryo Team perform other research like attack vectors. Can you tell anything about the team members’s backgrounds that qualify them to execute such complex tasks?”
GM: Can you please share with our readers one of your happiest memories in crypto, and also one of your disappointments?
FI: “I think the happiest would be how much the space grew over the years — and how much potential it has — for example it has a very real and even probable shot at ending the war on drugs.”
“With disappointments…. I think the rapid growth attracting the wrong kind of people would be pretty high on the list.”
GM: “Ending the war on drugs? Could you elaborate?
FI: “Silk Road and DPR, in my opinion, did more to end drugs-based gang violence than any state policy ever did. Growth of DNMs is a good things for society — and a bad thing for addicts. However in my balance of conscience the benefits of many outweigh the self-inflicted harm to the few here.”
“Growth of DNMs is a good things for society — and a bad thing for addicts.”
GM: “Can you describe your surroundings?”
FI: “Messy, deliberately so. People with Asperger’s tend to be bothered by that — and this stops me from being so when it is beyond my control. But not really a lot of stuff to mess. Me and my wife can pack everything into 4–6 suitcases.”
“My workstation fits into handluggage 😝”
“I actually swapped it out for 3900X this year. And a T470, everyone in tech owns a T4x0(s) 😄”
GM: “Is there any message, thought or advice you’d like to share with the readers before we finish?”
FI: “I would say to first read this quote:
Money might push people to invest in the first place, but the sense of belonging, of doing something, of achieving something, is why they stay, Barker says. “And in that sense it’s cultic.”
“And then read this book”
“And make financial bets because _you_ think they are worthwhile — not because a guy they think they like told them so.”
Part 7 — Conclusion
This interview has provided a lot to think about
- Ideas around of fair mining
- Secret miners and premines
- The problems with CryptoNote security
- The future of Monero
- The future of Ryo Currency
fireice is without equivocation the most outspoken individual I have ever interviewed for TDC, and purely as a matter of form I would remind readers that the opinions expressed in the article are his and not those of The Daily Chain (TDC).
Save one. Mine.
My opinion is that fireice’s willingness to accept the truth of the matter is a rare and brave quality. Not many CryptoNote devs would switch to zk-proofs even in the face of insurmountable challenges to CN privacy. And fewer would have the skills to do so.
fireice has demonstrated repeatedly his sense of fairness in words and actions.
- By writing the fastest open-source miners.
- By creating CN-Heavy and then CN-GPU.
- By disclosing a hidden premine in another coin and trying to salvage it.
- By not keeping silent when others probably did.
Undoubtedly some Monero fans will be upset by what they have read here today. I’d remind them not to be offended for the story is as old as time.
Wherever you find a Goliath, a would-be David is close at hand.
Thanks to fireice for taking so much time over the course of days to answer all these questions. I hope they have proved useful to those who read them.
bc1qjryw2xmpa6tsyzv8rdnucuk676ep5y2t7jarpa (BTC Bech32)
The Daily Chain – Inform. Educate. Succeed