Heavycoin introduces a novel ultra-secure hash algorithm that employs multiple redundant cryptographic hash functions to secure its block chain. If one of these hash functions fails, then Heavycoin is still protected by the others. This is a step forward compared to Bitcoin, Litecoin and most other crypto-currencies, which rely on a single cryptographic hash function.
It is widely accepted that the collision resistance of cryptographic hash functions changes over time as cryptanalysis improves, the so-called Lifetime of cryptographic hash functions. There is a prophetic post by Satoshi on this topic, where he speaks about what could be done to save Bitcoin if a "hash breakdown came gradually". Heavycoin's philosophy is to try to increase the likelihood that such a "breakdown" would be as gradual as possible.
When relying on a single cryptographic hash function, a significant breakdown due to advances in cryptanalysis could affect the entire 256-bit hash. Heavycoin attempts to mitigate this risk by following the old adage of not putting all the eggs in one basket. To this end, Heavycoin's 256-bit hash output is comprised from the outputs of four independent cryptographic hash functions (SHA-256, Keccak-512, Grøestl-512 and BLAKE-512).
Heavycoin's basic premise is that a cryptoanalytic breakthrough is more likely for a single cryptographic hash function (eg. SHA-256), than for all four hash functions (SHA-256, Keccak-512, Grøestl-512 and BLAKE-512). Thus, combining multiple hashes is used to limit the impact of a cryptoanalytic breakthrough.
Heavycoin uses the following cryptographic hash functions
These cryptographic hash functions were selected because they are thought to have little in common and thus a common weakness is thought to be extremely unlikely.
Q: Doesn't Quarkcoin already implement multiple cryptographic hash functions?
A: Yes, but without increasing security against collisions. Quarkcoin (and its many clones) actually implement multiple hash functions as a simple chain of function compositions
where ... contains additional hash function compositions using JH-512, Keccak-512, BMW-512, BLAKE-512, SKEIN-512 or Grøestl-512, which are randomly selected based on the 4th bit of previous hash outputs.
The problem is that, due to Quarkcoin's simple use of function compositions, if BLAKE512(x) has collisions, then so does BMW512(BLAKE512(x)) and SKEIN512(KECCAK512(... and so on, until we reach Quark(x), which also has collisions. Similarly, if SKEIN-512 or Grøestl-512 have collisions, then so does Quark(x). Simply put, if there's a collision attack for BLAKE-512(x), then the same attack applies to Quark(x).
Q: How does Heavycoin implement multiple cryptographic hash functions?
A: Heavycoin takes the output from the each of 4 well-known cryptographic hash functions (SHA-256, Keccak-512, Grøestl-512 and BLAKE-512) and interleaves these bits into a combined 256-bit hash that is more resistant against collisions.
The diagram above gives a quick snapshot example of how Heavycoin combines the outputs from its 4 cryptographic hash functions. This gives Heavycoin an advantage because it does not rely on the long-term security of any single cryptographic hash function. If BLAKE-512 were cracked, then the impact would limited to at most 64-bits. Heavy(x) would be weakened, but Heavycoin would still remain functional and there would be time to replace the insecure hash function for a better one.
In terms of combining cryptographic hash functions, there doesn't seem to be perfect solution. Nevertheless, Heavycoin tries to adopt a sensible method with the hope of "slowing down" the weakening of its hash algorithms over time (see Lifetime... above). There are different ways to achieve this goal, but there is no perfect solution and each has different advantages and disadvantages. Heavycoin has chosen a concatenation/interleaving approach, whereas Quark has selected a function chaining approach.
Mining centralization is a problem for Bitcoin, Litecoin and most other crypto-currencies. Increasingly, more and more transactions are mined by a handful of big players with expensive, specialized hardware. When most transaction processing is handled by a wealthy, small group, then this threatens the crypto-currency's independence and the numerous benefits that come from decentralization.
To support the largest, most vibrant mining community, Heavycoin introduces a novel ASIC-resistant cryptographic hash function called HEFTY1. Initially this opened the door for thousands of CPU-only miners to become early stakeholders. Currently HEFTY1 offers GPU miners lean power consumption and low heat generation, which is great news for keeping electricity costs low and profits high.
Early experiences in GPU mining Heavycoin indicate that there are currently some unique advantages, including lower power consumption and cooler operation. It is thought that this is due to HEFTY1 creating stalls in the GPU implementations. Whether this is a permanent feature or just a temporary advantage due to unoptimized GPU implementations is unknown at this stage.
HEFTY1 is new and its security is not proven. Therefore, we deploy it in a safe way that is provably at least as secure as the 4 main cryptographic hash functions that protect Heavycoin. We use HEFTY1 as a secondary hash of the input, while the original input is still hashed by SHA-256, Keccak-512, Grøestl-512 and BLAKE-512. Specifically, for each secure cryptographic hash function in (SHA-256, Keccak-512, Grøestl-512 and BLAKE-512), we use the following collision avoiding construction.
where ⊕ is the concatenation operation. This means that even if HEFTY1 has collisions, the input to still contains the original input and, therefore, will not collide.
In this way HEFTY1 is only used for thwarting GPU miners, while the block chain is secured through the use of the 4 well-known cryptographic hash functions. In a highly unlikely worst case scenario where HEFTY1 is broken, then GPU-miners could obtain a speed advantage only. The block chain would still be secured through SHA-256, Keccak-512, Grøestl-512 and BLAKE-512.
Until now, all crypto-currencies had fixed mining schedules, dictated by the creator of the currency. Heavycoin takes a different approach by relying on its user-base to democratically decide the mining schedule through decentralized voting. Both the mining schedule and money supply (which still has a maximum upper-bound) are decided through a provably cheat-proof decentralized voting process.
By mining Heavycoins you can take part in decentralized block reward voting and democratically decide on the following.
Intially Heavycoin starts with a zero block reward. The very first miners will have the first opportunity to solve blocks and vote on what the first democratically selected block reward should be. The first 100 blocks (3.3 hours) will decide the starting block reward. From then on, block reward voting will continue, but the votes are counted and averaged every 3600 blocks (5 days).
Heavycoin is configured to mine and vote by default, with a default vote of 512 HVC. If you want to change your block reward vote then see How to vote and RPC voting. Otherwise, to disable voting then see How to mine. When mining is enabled, every time you mine a block your wallet will automatically cast a block reward vote. The Heavycoin network automatically averages these votes every 5 days (3600 blocks) and sets the new block reward accordingly. The block reward is the average of all 3600 votes over the previous voting period rounded to the nearest integer.
Voting is divided into three phases (Mint, Limit and Sustain) in order to allow votes to affect both the mint rate and the money supply, but also to allow the network to be sustained over the long-term. The first phase (Mint) allow a maximum vote of 1024 HVC. The second phase (Limit) allows a maximum vote of 1024 HVC for the first 59,876 blocks, but 8 HVC for the last ~3,600 blocks so it can transition into to the last phase (Sustain). The Sustain phase allows a maximum vote of 8 HVC.
Phase |
Voting |
Duration |
Supply |
---|---|---|---|
Mint45,000,000 HVC |
Votes affect the duration of the initial minting. The larger the block reward, the quicker the 45M coins will be awarded. | 72 days to 25+ years (depending on votes) | 45,000,000 HVC (fixed) |
Limit63,476 blocks |
Votes affect the final money supply. The smaller the block reward, the smaller the supply. Maximum possible supply is 128M coins. | 88 days (fixed) | 0 − 64,999,424 HVC (depending on votes) |
Sustain10,000,576 coins |
Votes affect the duration of the long−term sustainment of the network. The largest possible vote is reduced to 8. | 4.7 years to 38+ years (depending on votes) | 10,000,576 HVC (fixed) |
Total supply63,000,576 to 128,000,000 HVC(depending on votes) |
Minimum voting age: none
Heavycoin has an average transaction time of 2 minutes, which is faster than Bitcoin and Litecoin. Users have the flexibility of waiting longer for additional security, as needed, on a per transaction basis. Compared to a 1 minute block time, Heavycoin's 2 minute block time reduces block chain bloat and also provides stability by reducing forking and block chain reorganizations.
Block propagation speeds are higher than you might expect. In the publication Information Propagation in the Bitcoin Network, the authors show that the mean time for a node to see a block is 12.6 seconds and after 40 seconds 95% of the nodes have seen that block. However, this is not carte blanche on selecting 40 second block times. We still must consider the negative impacts on short block times when miners conflict and create tiny forks. Additionally, a quicker block time produces more blocks per day, which means a 1 minute block chain grows up to twice as fast as a 2 minute block chain.
Fledgling crypto-currencies must survive in a harsh environment and face challenges that Bitcoin does not. The most serious challenge is to withstand tremendous difficulty fluctuations that can occur when automatic profit switching mining pools (a.k.a. multipools) target a new crypto-currency. Most crypto-currencies mitigate this issue with the Kimoto Gravity Well, but recovery can still take weeks. Heavycoin has its own solution called Temporal Retargeting, which is much faster.
When a fledgling crypto-currency starts to become valuable it gradually moves on to the radar of larger mining organizations called multipools. Multipools switch between multiple crypto-currencies automaticaly based on which one is most profitable to mine. When a multipool hits a crypto-currency it can add an astronomical amount of hashing power, which is good. However, when it switches away, it can leave so quickly that the difficulty does not have time to adjust back down. This is very bad!
The result is a frozen network, where transactions cannot be processed because no blocks are being solved. Depending on how high the difficulty spike, the network could remain in a frozen state (unable to solve a block and process transactions) for hours, days, weeks or even months. This problem has affected many alternative crypto-currencies, causing huge panics, price drops and hard forks as the developers had to release new software to unfreeze the network.
The core of the problem is that most retargeting algorithms only retarget periodically based on the block number. Bitcoin was designed with the assumption that the hashing power will not suddenly vanish. It assumes there will always be another block from which to calculate the new difficulty. However, this is not a valid assumption anymore.
Until now, the best known solution to this problem was the Kimoto Gravity Well retargeting algorithm, which allows the difficulty to return to normal more rapidly. Unfortunately, the Kimoto Gravity Well still requires at least one block to be solved, which can take weeks. For example, consider the recent FedoraCoin hard fork where users were crying about having to wait weeks for Kimoto to kick in.
Heavycoin takes a different approach to the mulipool problem and introduces a concept called Temporal Retargeting. In Heavycoin, the network will begin to self-heal by lowering the difficulty if no block is found after a significant amount of time. However, to guarantee security, the self-healing time threshold is selected so that an adversary cannot manipulate the network in order to lower the difficulty artificially.
Heavycoin's Temporal Retargeting algorithm guarantees that transactions are never frozen for more than 3 hours. The network will automatically recover from multipool difficulty spike without panic or emergency developer intervention. Considering Bitcoin's confirmation time, we think 3 hours is an acceptable guarantee and should be a significant improvement over the Kimoto Gravity Well.