IOTA 1.5 – Chrysalis

This article is a translation of the German IOTA Beginner’s Guide by Schmucklos.

IOTA 1.5 – Chrysalis

Chrysalis
Source: IOTA Foundation

Chrysalis is the intermediate stage of the mainnet before Coordicide is completed. Chrysalis is separate from the Coordicide effort and aims to improve the usability of the current IOTA mainnet before Coordicide.

Why is this process of adopting major protocol improvements in IOTA relatively unique among permissionless DLTs? The simple answer is the absence of miners. In most permissionless DLTs, the economic incentives of miners conflict with those of the users of the network. Better throughput and lower latency can disrupt the fee market that miners rely on, and therefore agreeing to improve the network can hurt their own profitability.

In IOTA, validators and users are one entity. There is no intractable conflict of incentives, which means a much smoother path to network improvements. This will be demonstrated with the upcoming incremental upgrades to the network under Chrysalis.

Incremental Upgrades

White-flag approach

Chrysalis White Flag Approach

This approach is used for calculating balances. It improves the speed and efficiency of tip selection, eliminates certain attacks, and significantly reduces the need for reattachments.

New milestone selection algorithm for the coordinator

Chrysalis New Milestone selection algorithm

This new algorithm aims to ensure that the network supports as much CTPS as possible.

New URTS tip selection

Chrysalis New URTS tip selection

Implemented in node software. Significantly faster and more efficient than the current approach.

Support for a new signature scheme

Chrysalis Support for a new signature scheme

In the network, the quantum-resistant one-time signature scheme (Winternitz One-Time Signature, W-OTS) is replaced by the more common signature scheme Ed25519. This will drastically reduce the transaction size and consequently allow a significant increase in TPS. By introducing a new signature scheme, we will also enable reusable addresses, a very popular request from the community.

The Ed25519 signature scheme is a modern EdDSA signature scheme that uses SHA-512 and Curve25519. It aims to address all of the above issues, with the drawback of being less quantum robust. However, this problem can be partially mitigated if it is combined with a commitment scheme: The address is chosen to be the hash of the public key, which itself is revealed only during the actual signing process. In this way, Shor’s algorithm can only be applied after the signed bundle has been issued to the network, making this signature scheme effectively immune to this attack if addresses are not reused.

Atomic transactions

Chrysalis Atomic transactions

Reduces network overhead and signature verification load, improves spam protection and congestion control, and shortens the length of Merkle proofs (for future Sharding). It also reduces implementation overhead and increases the maintainability of the core node software.

IOTA 1.0 uses the concept of bundles to create transfers. Bundles are a set of transactions that are linked together by their root reference (trunk). These transactions have a fixed layout and size regardless of their “content”. Since the signature of value transactions does not fit into a single transaction, at least 3 transactions must be used to create a simple transfer: 2 transactions for the input + its signature and one transaction for the rest (without signature).

Advantages of atomic transactions

  • Less network overhead: The transaction format can be adapted so that only the information that is really needed is transmitted. A lot of unnecessary information, such as for the successive transactions of a bundle, can be dispensed
  • Fewer signature verifications: After Coordicide, each transaction must include the node ID and signature of the node that issued the transaction. This means that for a simple transmission, the signatures of at least 3 transactions must be verified. Signature verification is the most costly part of transaction processing. Therefore, the introduction of node IDs would reduce node performance by at least 300% if the original bundle approach is maintained. The bottom line is that nodes will be able to process hundreds, perhaps even thousands, fewer transactions than would be the case with atomic transactions.
  • Better spam protection and overload control: The size of the bundle is not known until the last transaction has arrived. This could result in a certain number of transactions being accepted and routed, only to discover later that the issuing node has exceeded its quota (rate control) and subsequently disregard all further transactions. This means that transactions were currently being routed and processed that should have been filtered from the beginning if it had been known that the issuing node was trying to send a transfer that was too large. This could even open up an attack vector where a node issues different bundles to different people, who all start processing the bundle’s transactions and then drop them at different times, unnecessarily increasing the load on the network.
  • Shorter Merkle proofs (for Sharding): Merkle proofs for inter-shard transactions become much shorter (at least 300%) when not all transactions in a bundle have to be passed through to get to the next transfer. This makes inter-shard transactions much faster and more lightweight.

Conclusion

Atomic transactions are much faster, more flexible (variable transaction size) and put less load on the network. They are also better suited for later Sharding / slicing than bundles.

Switch to UTXO model

Chrysalis Switch to UTXO Model

Move from the current credit model to the UTXO model. With this new model wach token on an address is uniquely identifiable and each issue names exactly the token it wants to move. This enables faster and more accurate conflict handling and improves the resilience as well as the security of the protocol. In addition, the move to UTXO will enable the use of Digital Assets on IOTA. Together with Mana (Coordicide), this will result in a very attractive tokenization model in the near future and will further drive the adoption of the IOTA token.

The implementation of the ledger state is one of the last steps to a fully functional prototype of the tangle without a coordinator, so it should be implemented immediately and in the right way with the UTXO model. UTXO stands for “unspent transaction output”, which simply means keeping track of not only the balances on the address, but also where the balances come from and where they are sent when they are spent.

Status Quo

Currently, IOTA uses a credit model to track addresses, where each address has only a single value associated with it (the current credit balance). The ledger state can therefore be viewed as a simple directory of addresses and their corresponding credit balances:

  • Address 1 = Balance 1
  • Address 2 = Balance 2
  • Address 3 = Balance 3

Problems

In the case of conflicts such as double-spends, it is difficult to figure out which of several transactions is actually a double-spend and which transaction uses legitimate funds. This massively limits the ability to handle conflicts efficiently and increases the size of conflict records.

UTXO Double Spend Problem 1
In a credit model, it is unclear which of these three transactions is double spending. Therefore, all three would have to be considered as double spending.

With IOTA 1.0, this is not a problem, as the “heaviest subtangle wins” rule only needs to ensure that the addresses of a given subtangle never go negative.

With the new voting-based Coordicide solution, it is necessary to identify the conflicts that arise in transactions as quickly and as accurately as possible in order to vote on them. This would massively reduce the number of votes that need to be exchanged.

Another problem with using a credit model is related to reattachments. If someone ever receives funds for an address from which spending has already occurred, anyone can simply reattach the previous spending and empty the address again (even without access to the address’s private key). This has already been used as an “attack vector” when users have not followed the advice to use addresses only once.

The solution

Using the UTXO model to keep track of credits, each address would contain not only its total balance, but also multiple sub-balances tagged with a marker indicating which transaction created the balances. Each token on an address would therefore be uniquely identifiable, and each issue would name the exact token it wishes to move. This would help identify conflicts and also prevent malicious actors from spending newly received funds by reattaching an old transaction.

UTXO Double Spend Solution 1
In a UTXO model, each expenditure uniquely identifies which funds were spent. In this way, it is possible to directly identify which transactions are inconsistent (the yellow funds are used twice).

A UTXO model would also allow for easy implementation of features such as “Digital Assets” where users can mark IOTA tokens to have (and keep) a pre-determined “meaning”. Considering that 99% of existing Smart Contracts attempt to simply create “tokens” that relate to a specific use case, this is an interesting feature that adds a lot of value to the IOTA ecosystem.

Advantages UTXO model:

  • Faster and more accurate conflict handling
  • support for digital assets
  • It is impossible to steal funds by reattaching old transactions

Disadvantages UTXO model:

  • Somewhat more complex to implement
  • Somewhat larger transactions, as the identifier of the tokens being moved must be “named”.

Switch to an internal binary representation of the trinary transaction

Chrysalis Internal Binary Representation

This allows IOTA to handle binary data for validation and other processing without requiring many binary-to-ternary conversions as in the current node software. The bundle hash can still be represented as 243 trits, so the signature scheme remains unchanged and no money transfer is required. This should lead to further performance improvements.

With the switch to a binary system, this effectively leads to many binary-trinary conversions to parse / create transactions. The goal with this conversion is to replace the transaction layout with a binary structure without requiring a token transfer for existing addresses or private keys.


icon youtubeWe need your consent to load the content of YouTube.

If you click on this video we will play the video, load scripts on your device, store cookies and collect personal data. This enables [Google Ireland Limited, Irland] to track activities on the Internet and to display advertising in a target group-oriented manner. There is a data transfer to the USA, which does not have EU-compliant data protection. You will find further information here.

Jmx0O2lmcmFtZSB0aXRsZT0mcXVvdDtPcGVuIFNvdXJjZWQgU2VyaWVzICMzOiBDaHJ5c2FsaXMgUGhhc2UgMSAtIEpha3ViIENlY2gmcXVvdDsgd2lkdGg9JnF1b3Q7NTI1JnF1b3Q7IGhlaWdodD0mcXVvdDsyOTUmcXVvdDsgc3JjPSZxdW90O2h0dHBzOi8vd3d3LnlvdXR1YmUuY29tL2VtYmVkLzNkRkxiUHVwOWdZP2ZlYXR1cmU9b2VtYmVkJnF1b3Q7IGZyYW1lYm9yZGVyPSZxdW90OzAmcXVvdDsgYWxsb3c9JnF1b3Q7YWNjZWxlcm9tZXRlcjsgYXV0b3BsYXk7IGNsaXBib2FyZC13cml0ZTsgZW5jcnlwdGVkLW1lZGlhOyBneXJvc2NvcGU7IHBpY3R1cmUtaW4tcGljdHVyZSZxdW90OyBhbGxvd2Z1bGxzY3JlZW4mZ3Q7Jmx0Oy9pZnJhbWUmZ3Q7
Source: IOTA Foundation

More Details

Official Homepage

Infos about the upcoming Chrysalis migration – IF

A new dawn – IF

Coordicide – The road ahead – IF

Release strategy for Chrysalis – IF

Sources

https://blog.iota.org/chrysalis-b9906ec9d2de

https://github.com/iotaledger/protocol-rfcs/blob/ee07797acb5940b7dbb5c3411b184ccdc6afdbb1/text/0000-ed25519-signature-scheme/0000-ed25519-signature-scheme.md

https://iota.cafe/t/atomic-transfers-transactions-instead-of-bundles/318

https://iota.cafe/t/switching-to-utxo-model-for-balances-colored-coins-easier-conflict-resolution/229

https://iota.cafe/t/binary-transaction-layout/324

Original source

https://iota-einsteiger-guide.de/chrysalis-iota-1-5.html

Last Updated on 19. February 2021