We do the research, you get the alpha!
Could Zilliqa be the next big thing in speeding up blockchains? That’s what it hopes to achieve with its innovative platform, which launches January 31.
A superfast blockchain has been the holy grail in crypto, ever since Satoshi himself said that bitcoin ought to be able to handle as many transactions per second as Visa. Beyond financial transactions, scalability will enable dapps to work more smoothly, and address all sorts of usability problems.
However, it’s been a difficult problem to solve. Why? Well, considering how blockchain works, having everybody record every transaction is sort of inefficient. While there are many technical solutions, most end up relying on either limiting the number of participants, or taking the problem off the blockchain entirely.
That’s where Zilliqa comes in. The company, which launched in Singapore in 2017 and raised $22 million in a December, 2017 ICO, is launching with one of the first live implementations of sharding on a blockchain project. If all goes according to plan, it could have massive ramifications across the board. In fact, if Zilliqa can fulfil its aims, it could be the first decentralized cryptocurrency capable of handling VISA-level numbers of transactions.
“Scalability is arguably the most pressing problem faced by blockchains today. One of the most advocated solutions to the scalability problem is the idea of sharding and Zilliqa is the first blockchain with sharding built into it,” En Hui Ong, head of business development at Zilliqa, told Decrypt.
Zilliqa’s secret sauce rests on finding a compromise between security and scalability. A smart-contract platform similar to Ethereum, Zilliqa uses “sharding” to enable the network to handle thousands of transactions per second. Sharding is a way to horizontally split up databases into more efficient, smaller sections. Instead of having all the nodes on the Zilliqa network process and store every transaction—like Bitcoin does—it splinters the network into groups of 600 nodes. Each group is responsible for a portion of the total transactions, so more of them can be processed at any one time without overloading the system. That’s designed to increase scalability without compromising on security.
But there are some caveat emptors.
Generally speaking, the result of sharding is that the network is split into the number of shards. For it to achieve the hoped-for 2,500 transactions per second—which closes in on VISA’s 4,000—it has to have six shards. While each section of the Zilliqa network is protected by the total hashrate, if a malicious actor controlled one sixth of the hashrate and ended up with all their nodes in the same shard—they would have 100% control over that sixth of the network. And that’s where a security problem could come in.
We’ve seen what happens when a network has a low hashrate. Earlier this month, Ethereum Classic succumbed to a 51% attack due to malicious actors renting cheap, massive computing power to overcome the low hashrate. And what happened? Money was stolen through double spend attacks.
However, Zilliqa says it has a workaround that protects the speediness of sharding, without sacrificing on security. One key element is having a minimum of 600 nodes per shard; that means a malicious actor would need to control at least 400 of them (The network uses Byzantine fault tolerance which requires two thirds of the nodes to be malicious for double spends to occur). And that would be possible, if an attacker was able to direct his attack at a specific shard. Zilliqa’s technology however reportedly makes that impossible—a random mechanism divides nodes between the shards, says Ong.
Zilliqa says its approach puts the chances of a hacker obtaining control at less than one in a million, which is an acceptable risk, the company says.
“When you have something like Bitcoin or Ethereum where every node verifies every transaction, that’s much more secure than our model. It’s a trade-off between scalability and throughput. For us, it’s trying to strike a good balance between the two,” Ong told Decrypt.
There’s a second issue, too. Not only is the hashrate split up into portions but it’s used at far greater intervals than say, for Bitcoin. Instead of performing proof of work for every block, Zilliqa requires miners to do a short, one-minute burst every two to three hours. So, a potential malicious actor doesn’t have to continually expend energy—which costs money—taking control of the network, it can be done within just one minute. And if that’s successful, then there’s a whole hour where the attacker is in control.
“Due to the way we use proof of work, it means the window that people could be renting hashing power for is a shorter period of time. These are issues we have to grapple with,” conceded Ong.
There are economic incentives for the malicious actor to play nicely, however. Having spent energy on getting 400 nodes through the proof of work and having them land all in one shard, they will then only get block rewards by signing transactions. In this system, every node that makes it into each shard signs every transaction, and gets paid for each transaction they sign. So, if the bad actor starts missing transactions, they lose out on mining rewards. But, if it’s just one large double spend that needs to be rewritten—this might not be a problem.
Zilliqa is well aware of the difficulties. It’s been using Amazon Web Services to create a test environment of 2,400 nodes, and has launched multiple test attacks against its own network. In addition, the code has gone through several rounds of security audits from different auditors and has had a private bug bounty program since November, 2018. Also, Zilliqa has developed a reputation-based protection mechanism to fend against short-term attacks.
Ong said: “The team has been continuously fixing bugs. We’ve done about three code audits right now. We’re going to be releasing the results. There’s no major issues. But as far as bugs are concerned, there are a lot.”
The mainnet launch is scheduled for tomorrow, and will kickstart a one-month bootstrap phase where usability will be limited. During this safety period, no transactions will be made on the network. And while miners will receive mining rewards, they will be unable to spend them until the period is over. This is to ensure the network can withstand attacks in a real-world environment (assuming hackers attack during this time) and to allow the hashrate—computing power which protects the network—to rise, to keep it safe.
This is a rare situation in the blockchain world. Normally mainnet launches go without a hiccup, apart from EOS which stalled a few times. But the experimental nature of the Zilliqa blockchain—which has great promise—also has new areas of possible failure. The period of bootstrapping is necessary—and perhaps there should be more—considering there’s $170 million at stake. Zilliqa wants to really speed things up but, before it can do so, it must take some baby steps.