February 23, 2017

FAQ

Fundamentals

What is RSK?

RSK is the first general purpose smart contract platform secured by the Bitcoin Network.

What is a smart contract?

Smart contracts are contracts whose terms are encoded in a computer language instead of legal language. Smart contracts can be executed by a computing network such as RSK, so the terms of the contracts are automatically enforced by a protocol that all nodes in the network follow.

A smart contract can be fully autonomous if all the objects referred (such as currency, payments, obligations, property titles, assets, licenses) have a digital representation in the platform. When no such digital representation exists for an object, a smart contract can also refer to it and react to changes in its state though special gateway nodes called Oracles. A smart contract also has access to time with minute precision, so time-restricted conditions can be represented.

A few examples of smart contracts are:

  • Decentralized exchanges
  • Asset tokenization
  • Supply chain tracking
  • P2P betting systems
  • P2P loans

What is RSK’s mission?

To optimize cross-industry processes focusing on financial inclusion, public administration transparency and IOT.

Will RSK mint a new coin?

No. The RSK platform uses Bitcoin as its native currency. A 2-Way Peg between Bitcoin blockchain and RSK blockchain ensures a fixed conversion between BTC and SBTC. (1 SBTC = 1 BTC).

How many transactions per second will RSK Network withstand?

We expect the transactions per second to increase gradually from 1 to 100 tx/sec during an initial testing period. Considering current technology trends regarding SSD storage in network nodes, RSK network can withstand 400 tx/sec (simple payment transactions), without affecting the decentralized nature of the network. However RSK goal is to reach 2.5K payments per second using its Lumino technology, which is a 2nd layer network that will be embedded in RSK on a following RSK release.

What is the block confirmation time?

The network will be launched with 10 seconds block confirmation time, although miners have the capability to increase this to 30 seconds if Bitcoin mining performance is affected.

Which client is your implementation based on?

We based our implementation on EthereumJ, however most parts have been partially or fully rewritten, such as the Virtual Machine.

What mining algorithm does RSK use?

The RSK blockchain is secured by proof-of-work based on SHA256D algorithm (same algorithm that Bitcoin uses). This enables Bitcoin miners to mine on both chains.

Why would Bitcoin miners mine in RSK chain?

The merge-mining functionality allows Bitcoin miners to mine in both chains with almost no extra cost. This will provide them extra revenues based on fees, as there is no block subsidy.

What is the current state of the project?

We are currently working on our Production-ready network, codenamed Ginger. Our fully-featured private testnet, codenamed Turmeric B, is active.

 

Security

How is the RSK blockchain secured?

Platform design: this is the result of several years of academic research, public debate, simulations and lessons learned from real-life implementation experiences having considered all theoretical attacks known up to date.

Core development: security is integrated to the development life cycle of RSK Core, following best practices for design, development and auditing processes. The implementation of security  best practices includes but is not limited to: developers training, threat modeling, continuous manual code reviews, automated testing targeting security, deterministic builds and threshold-signatures for integrity verification of releases.

Reference implementation: based on a clean and commented codebase, programmed in the most popular programming languages with high test-coverage. Also audited by more than one third party team.

Transaction consensus: enforced by a combination of merge-mining and a Federation. This combination provides defense in depth: merge-mining provides proof-of-work so other (non-mining) actors cannot reverse blocks while the Federation provides block checkpoints announcements that prevent miners from colluding to reverse the blockchain. While the Federation could try to use their checkpointing power to censor blocks, full node clients are not forced to obey Federation checkpoints: if a node is not in-sync with the majority of the federators it will present the user with a big warning notice and wait for user confirmation.

2-Way Peg

Dapps application: supported by three lines of work. Enhancement of the VM to prevent high-level bugs common to smart-contract programming, such the ones present in The DAO. Publishing well-tested and matured tools for developers, such as new compilers and static-checkers. Contributing to the community to establish best practices for smart-contract programming.

Each one is addressed with specific protocols, procedures, proactive and reactive measures. Some of the measures are already in-place and others are being implemented.

Last, we plan to work closely with the community and open a bug bounty program for users to securely report vulnerabilities on any part of the system and be rewarded accordingly.

What is the 2-Way Peg?

The 2-Way peg is often said to be a method to transfer BTC into SBTC and vice-versa. In practice, when BTC are exchanged for SBTC, no currency is “transferred” between blockchains. There is no single transaction that does the job. This is because Bitcoin cannot verify the authenticity of balances on another blockchain. When a user intends to convert BTC to SBTC, some BTC are locked in Bitcoin and the same amount of SBTC is unlocked in RSK. When SBTC needs to be converted back into BTC, the SBTC get locked again in RSK and the same amount of BTC are unlocked in the Bitcoin blockchain. A security protocol ensures that the same Bitcoins cannot be unlocked on both blockchains at the same time.

How does the peg work?

When a Bitcoin user wants to use the 2-Way Peg, he sends a transaction to a multisig wallet whose funds are secured by the Federation. The same public key associated with the source bitcoins in this transaction is used on RSK chain to store the Smart Bitcoins. This means that the private key that controlled the Bitcoins in the Bitcoin blockchain can be used to control an account on RSK chain. Although both public and private keys are similar, because each blockchain encodes the address in a different format, the addresses on both blockchains are different.

What are the differences between a Bitcoin address and an RSK address?

An RSK address is an identifier of 40 hexadecimal characters while the Bitcoin address is an identifier of 26-35 alphanumeric characters. Currently an RSK address does not have an internal checksum, so addresses should be handled carefully, but we’re working on a new address format that is less error-prone.

How does RSK secure the funds locked in the peg?

The funds in the peg are initially secured by a threshold signature managed by the Federation. At least 51% percent of federators signatures are required to transfer Bitcoins out of the peg wallet. However, once Bitcoin soft-forks to support the drivechain BIP we proposed, unlocking funds from the peg will require 51% percent acknowledgement by the merge-mining hashing power as well, adding a second layer of security to it. With the drivechain BIP, the merge-miners obtain veto power, and can prevent a transaction created by the Federation (or in an unlikely case, hackers that may have compromised the Federation) from spending collateral without the automatic authorization provided by the RSK blockchain.

How is the RSK blockchain secured from double-spend attacks?

The RSK blockchain is secured by proof-of-work based on SHA256D algorithm, as Bitcoin. If all RSK miners collude, they can censor one or all RSK transactions, but as in Bitcoin, they cannot steal Smart Bitcoins or Bitcoins. Also RSK miners cannot double-spend, as the Federation provides the checkpointing service, and every federator node is highly connected to the RSK network to prevent Sybil attacks. The Federation will use the checkpointing power to prevent reorganizations of high depth which are not related to a protocol fault.  The Federation cannot double-spend, as a federator member is not allowed to checkpoint two blocks having conflicting transactions.

Will RSK platform be more secure than Bitcoin?

The security of the RSK platform will depend on the amount of merge-mining engagement and the number and quality (security compliance) of the federators. More than 30% of the Bitcoin miners are already working with RSK and a 50% remaining is planning join RSK mining, so we expect to reach more than 51% of Bitcoin miners to be securing the RSK network. As the Federation adds a second layer of defense, we can expect the RSK platform to be, from the consensus point of view, more secure than Bitcoin.

How does N confirmations in Bitcoin compare to N confirmations in RSK? Is 6 confirmations enough in RSK as it is in Bitcoin?

Not exactly. There are several metrics and frameworks to analyze the double-spend security of payments in a proof-of-work blockchain, considering rational and malicious attackers, without involving hacking.

A recent paper established that in terms of the transaction reversal probability due to normal statistical variance, 6 Bitcoin confirmations (average 1 hour) would be equivalent to approximately 12 RSK confirmations (average 2 minutes). While Bitcoin has the concept of 0-confirmations (the transaction has been broadcast without Replace-by-fee), there is no similar concept in RSK. The fastest real confirmation in RSK is “1.5” confirmations, or 1 confirmation plus 5 seconds without a block reversal, or an average of 15 seconds.

What is the contingency plan if the network forks because of a protocol flaw?

RSK will maintain a security response team ready to handle any protocol or network failure at all times. In such event, the team will coordinate with other actors of the community the best path ahead and keep the community informed.

Is RSK secure from users using blockchain resources (CPU, bandwidth, storage) for free?

The RSK “gas system” prevents an attacker from creating, spreading and including resource-intensive transactions in blocks without paying the associated fees. Every resource, including CPU, bandwidth and storage is accounted by consumption of an amount of gas. Every block has a gas limit, so the resources a block can consume are limited, and therefore a resource exhaustion attack is ineffective.  

Is RSK secure from miners abusing the gas system to cheaply acquire resources as in Ethereum?

In Ethereum a miner can include transactions specifying zero gas price, and therefore a miner can acquire persistent contract state memory almost for free (the cost being the revenue not realized by including other fee-paying transactions). However as most Ethereum blocks are empty, and there is no backlog of fee-paying transactions, the cost is currently zero. In RSK a high percentage of the transaction fees go into a reward pool for future miners, a small fraction of the transaction fees are burned and there is a minimum gas price negotiated by the miners.  Therefore rogue miners cannot get platform resources at no cost. Only if the majority of miners are dishonest the attack can succeed.

Is RSK planning to do hard forks?

First, RSK has no right to enforce a hard-fork once the platform is launched. The participants of the RSK network must decide by themselves to accept or reject any change proposed by RSK of by any other member of the community. There are two kinds of hard-forks that we may propose: changes that aim to improve the network in terms of privacy, scalability, security or ease of use, and changes that repair a critical vulnerability.

In the first case, we’ll propose the change to the RSK governance body and a procedure will be triggered for voting. Miners will vote with hashing power and the remaining parties will vote using their private keys. RSK Smart Bitcoin holders will vote using a special key tied to their account holdings. If the decision is to change the protocol and RSK Labs has the resources to do so,  then RSK Labs will implement the changes and deploy them. If not, then RSK may crowdfund resources to do it.

In the second case, it is highly probable that the problem must be resolved fast because the network is either splitting or funds are being stolen because of a protocol flaw, or the network is in danger of any other imminent attack. In that case, RSK may unilaterally propose a solution and deploy a patch, and it will be up to the community to accept or refuse the patch, or propose an alternative solution.

How is RSK going to deal with privacy?

We plan to allow user-defined signature schemes. This means that RSK users will be able to choose other signature schemes for their accounts (for example, a quantum-cryptography-proof schemes). This can be done by adding to accounts a state-less script that verifies free-transaction signatures (instead of this being hard-coded). This will allow the use of Merkle-Winternitz, RSA, edDSA and other signature schemes. This feature is not targeted for the first release.

How will RSK deal with scalability?

We’re addressing scalability though different fronts. We are innovating  in two layers: the base layer (RSK) and a second layer (Lumino). Our main contribution to the base layer scalability is by using multi-threading based block verification, which reduces the cost of verification with a factor close to the number of processor cores. Miners use a dependency detection algorithm to setup execution threads. Also storage rent keeps the state small, allowing higher speed verification using in-memory caches. We have many more improvements planned for the 2.0 release regarding base layer scalability. To reach 200M users, a new, second layer network will be deployed. The Lumino network is a payment network which can scale up to 2.5K payments/second in a decentralized setting, and in most properties outcompetes the Lighting Network. It does not require complex routing algorithms not it requires pre-locking of funds. RSK will present the Lumino network whitepaper soon.

 

Miners & Pools

Is RSK secure from selfish mining?

DECOR+ is incentive-compatible as long as transaction fees are close to the average, which means that miners do not gain anything from withholding blocks. That means also that selfish-mining is possible, but not profitable.

What is merge-mining in RSK and how secure it is?

Merge-mining is a process where Bitcoin miners can mine Bitcoin and RSK at the same time, with the same hardware and consuming the same electricity. RSK merge-mining uses the same cryptographic hash function as Bitcoin (SHA256), however there is an important difference: Bitcoin always uses double SHA256, while RSK merge-mining security is of a single SHA256. Also RSK merge-mining assumes a stronger property from SHA256, namely freestart collision security of at least 100 bits. This is because RSK uses a property of Merkle–Damgård construction to compress the size of the SPV proof. No freestart vulnerability has been discovered for SHA256, so RSK mining is safe.  The best known freestart attack on SHA-1 (a previous broken standard) requires bruteforcing 80 bits. The freestart resistance assumption does not mean that RSK mining is more vulnerable to the discovery of cryptographic flaws in SHA256 because the starting RSK mining difficulty will be close to 60 bits. Any successful non-amortizable attack on SHA256 requiring bruteforcing between 60 and 128 bits would be devastating for SHA256,  but will not affect RSK merge-mining at all. If such attack is discovered, the RSK platform can be upgraded with a hard-fork not to use this cryptographic trick for SPV compression.  

What is the DECOR+ protocol?

In Bitcoin, when two or more miners have solved blocks at equal height, there is a conflict of interests. Each competing miner wants his block to be selected by the remaining miners as the best-chain tip, while the remaining miners generally would not mind which one is chosen. However, all the remaining honest miners and users would prefer that all of them choose the same block tip, because this reduces the block reversal probability. The ideal solution would incentivize the miners in conflict to choose the same parent., DECOR+ sets the right economic incentives for a convergent choice, without requiring further interaction between miners. DECOR+, a is reward sharing strategy that incentivizes resolving the conflict in a way that generally maximizes the economic benefit of each participant. The conflict is resolved so that:

  1. The conflict is resolved deterministically when all parties have access to the same block-chain state information.
  1. The chosen resolution is the one that maximizes all miners revenue, both for miners in conflict and for the rest, when the block in conflict revenue (fees) is much higher than the average.
  1. The conflict resolution reduces the power of miners to censor other blocks/transactions when the block in conflict has a reward close to the average.                              
  2.  Resolving the conflict takes negligible time.

Given certain conditions (such as low revenue and the large transaction throughput), the miners would not verify the block contents, which could be a major vulnerability. Do you address this problem in the RSK design?

RSK miners actually do not verify block content for a few seconds, and that’s part of the DECOR+ protocol, and it’s completely normal in RSK. Miners can create child blocks even when they have not finished verifying the parent block. Blocks created without parent verification are marked for the network to act accordingly (SPV nodes must take some precautions). However, there can’t be two empty blocks in a row. Miners mining empty blocks are also rewarded, by means of a smoothed sharing of past block fees. RSK has an artificial subsidy.

 

 

Federation

What is the Federation?

The RSK platform will be launched with a Federation of well-known and community respected members (blockchain companies with high security standards). Each member is identified by a public key for the block checkpoint signature scheme. The Federation is able to add or remove members using an on-chain voting system. The conditions to become a federator (known as Federation Member Requirements or FMR) establish base security policies and legal requirements that all members must meet.

What services does the Federation provide?

The Federation will provide several services to the network, some will be available at launch and other will be added later. Each member can choose to provide any of the following services:

  • Two-way peg with Bitcoin
  • Two-way pegs with other cryptocurrencies
  • Oracle services
  • Checkpointing services
  • Commercial services advertising in graphical interfaces of full nodes
  • Local currency trading plugins in RSK mobile wallets
  • Multi-party cold storage

What is the 2-Way peg service that the Federation provides?

Bitcoin does not currently support smart-contracts nor native opcodes to validate external SPV proofs, part of the 2-Way Peg system in RSK requires trust on a set of a semi-trusted third-parties (STTP). In RSK the STTPs that protect the locked funds are a subset of the the members of the Federation. This is because the Federation incentives are highly aligned with the STTPs: they are well-respected community actors, such as important blockchain companies, and they also have the technical ability to maintain a secure network node.  A requirement for being part of the Federation is the ability to audit the proper behaviour of the software that powers the node, specially regarding the correctness of the component that decides on releasing BTC funds.

What are the Federation checkpoints?

We expect a period where RSK hashing power will be below 50% of the total Bitcoin hashing power. This would leave the network vulnerable to a 51% attack where the remaining hashing power outperforms the existing RSK hashing power to double-spend. To prevent such situation RSK includes federated checkpoints for PoW mined blocks. Federated checkpoints are signed by the Federation members and clients can use the the majority of the signatures to better decide which is the best chain. Also RSK has a last-resort protocol where if mining power goes below 5% of Bitcoin hashing power, the Federation is able to create signed blocks.

What kinds of checkpoints does the Federation create?

The Federation members create two kinds of checkpoints: BlockSeen and BlockTip checkpoints. BlockSeen checkpoints are created every time a new block is seen. Clients can use BlockSeen checkpoints to detect if the Federation has been Sybil attacked. BlockTip checkpoints are created whenever a new tip is added to a best chain of a Federation member. When a block BlockTip checkpoint is received with height n, clients can have an assurance that blocks at height (n-h) for small h values are sufficiently buried in the blockchain that it is very unlikely they will be reverted.

Will the Federation cease to help securing the 2-Way peg?

Once Bitcoin adds special opcodes or extensibility to validate SPV proofs as a hard-fork, or to manage a drivechain, and once the new system is proven secure and trust-free, the Federation role as STTPs in the 2-Way peg will no longer be necessary, and the RSK team will implement the changes to adapt RSK to the trust-free system. Until that happens, we expect the Federation and the sidechain validation to coexist.

When will the Federation stop making checkpoints?

By default, clients stop using federated checkpoints when if RSK hashing power is over 66% of the maximum BTC hashing difficulty observed in the best chain and the fees paid in a block are higher or equal to the average reward of a Bitcoin block. However, any user can re-configure this local policy.

 

RSK’s FAQ is constantly updated.

For feedback or further questions, please contact us at info@rsk.co

Thank you!

RSK Team