Blockchain Engineering - class of 2024 - Team Democracy-2: Cypto Core

[synctext]

Project assignment for Delft University of Technology master course called "Blockchain Engineering".

Democracy-2: Cypto Core

• Analyse existing running code with multi-sig, taproot, Schnorr signatures, and threshold voting

• Get existing code running with 4 laptops with Android emulators or real phones. Add new debug dashboard of connected peers with external IPv4, last-response-time, time-outs, new peers discovered, and alerts for incoming packets.

• Identify the exact location of security vulnerabilities such as lack of message signing, lack of pre-commitment, lack of leader election (or leaderless mode), and lack of FROST-type of security guarantees.

• FIX and craft hardened code

• Superapp checkout, Emulator working, get BTC operational,

@Mozafar7 @M-Butenaerts @QuintenVanOpstal

Sprint goal:

• get a Regtest/testnet BTC node operational and get working with "Free Bitcoin" button inside superapp.
• fetch major code update for superapp modules and IPv8 sub-module
• understand existing code

[InvictusRMC]

Here you can find the Bitcoin node source: https://github.com/Tribler/Bitcoin-Regtest-Server

[synctext]

• not really fast start of the project
• Todo BitcoinJ upgrade
• run own node and connect to this one from various emulators
• debug dashboard inside app of connected nodes (simple ping)

[InvictusRMC]

• Upgrade bitcoin dependency to latest version
• Understand differences between mainnet, testnet, and regtest

[QuintenVanOpstal]

• Upgraded my local git library, and compiled a new app
• Looked at differences between mainnet, testnet and regtest.
• Started my own bitcoin node
• connect multiple devices to this node
• Looked at the dashboard when multiple devices were connected

[Mozafar7]

Worked on getting the regtest node working on my device and getting the getBTC button working (with the major code update). I tried to connect to it from various emulators, but I did not manage to get that working.

[M-Butenaerts]

• Worked out how to run the server

• connected my emulator to the server

• got the "get bitcoin" button working

• Exploring the structure and code of the application

[synctext]

• No coordination to collaborate and share workload
• Little coordination meetings to help all team members make progress
• Not on track to pass this course
• Please accelerate
• No FROST deep-dive yet
• No reading of FROST yet
  • for next sprint identify vunerabilities
  • what can be fixed
  • FIX and craft hardened code
• please post issue update

[InvictusRMC]

Next sprint:

• Please divide work
• Proposal:
  • 2/4 members work on operational bitcoin node:
    • Upgrade to latest bitcoinj
    • Get working with superapp
    • Output: small demo showcasing it works on testnet
  • 2/4 members work on crypto analysis:
    • Read frost & musig papers
    • Analyse current implementation --> make workflow graphs
    • Compile shortcomings of current implementation: what is not safe? how can we improve this? what are bottlenecks crpyto-wise?
    • Output: summary of papers, workflows graphs of current implementation, and plan of improvements to current implementation.
    • Analyse current design

[InvictusRMC]

Please read the folllowing papers:

• FROST
• ROAST
• SPRINT
• The many faces of Schnorr

[JoepMulder]

• Edited server code & android app code to connect to local BTC node via HTTPS on Regtest
• Reading, understanding & summarizing of FROST
• Read & summarized SPRINT
• Read & summarized "The many faces of Schnorr"
• Identified the flaw of current multi signature scheme implementation (MuSig is n-n so all participants must sign, not ideal for DAO purpose)
• Plan of improvement concerning signature schemes: Implement FROST protocol as it supports t-n (t <= n) signing, it suitable for ROAST and FROSTS's main techniques can be combined with SPRINT to improve robustness & efficiency at a later stage.
• Started with analyzing the current MuSig implementation and how we can replace this with FROST.
• Fixed error occuring when trying to run unit tests

[InvictusRMC]

Demo goals:

• Showcase code running on testnet!
• Please upgrade core to version 26: https://github.com/bitcoin/bitcoin
• Make debug screen:
  "Get existing code running with 4 laptops with Android emulators or real phones. Add new debug dashboard of connected peers with external IPv4, last-response-time, time-outs, new peers discovered, and alerts for incoming packets."

Demo Pointers:

• Get all peers from coincommunity --> IPv8Android.getInstance().getOverlay<CoinCommunity>()!!.getPeers()
• Change service ID to only find your own peers for demo purposes
• TIP: use your own tracker and hardcode the IP address in the base Community class.
• Run own tracker using gradle tasks and hardcode its IP address: https://github.com/Tribler/kotlin-ipv8/blob/476dc36d0a5208d4a6ef21d953e00e4a440046a4/ipv8/src/main/java/nl/tudelft/ipv8/Community.kt#L649

[QuintenVanOpstal]

We updated the bitcoin core to run on version 25

We updated the bitcoin configuration file to run the bitcoin daemon on the testnet. We had to debug quite a lot during this process in order to get the testnet working on the server.

We tested the communication between the android application and the server running on testnet. The communication is working, but since we don't have funds on the testnet wallet, we get an error when retrieving BTC.

Updated the readme file for the server to make it more convenient when setting up

Created a new page in app that shows list of connected peers with their external ipv4,last response- & request time
https://github.com/JoepMulder/trustchain-superapp

trying to fix personal problem with communication between core, python server and superapp application

[InvictusRMC]

• Try to find a working Testnet Faucet:
  • https://bitcoinfaucet.uo1.net/
  • https://gist.github.com/b3h3rkz/030fa553cf2bc3f1ab09c178df5981e6
• Come up with leader election algorithm:
  • Well-known examples: Afek, Yehuda, and Eli Gafni. "Time and message bounds for election in synchronous and asynchronous complete networks." SIAM Journal on Computing 20.2 (1991): 376-394.
  • https://itnext.io/lets-implement-a-basic-leader-election-algorithm-using-go-with-rpc-6cd012515358
• Currently, the client proposing a transaction / join is the client responsible for executing the final transaction. This poses a security issue --> use your leader election algorithm to find a client that is responsible for executing the transaction.
• Debug screen:
  • Show own IP & PK
  • Show PKs of clients
  • Show activity:
    • Blockchain Engineering - Group 1 - Connection is not working on mobile data? app-to-app-communicator#4
    • https://github.com/ClintonCao/CS4160-trustchain-android/blob/master/docs/source/images/overview_app.png
• Repeated points from last sprint:
  • Get all peers from coincommunity --> IPv8Android.getInstance().getOverlay<CoinCommunity>()!!.getPeers()
  • Change service ID to only find your own peers for demo purposes
  • TIP: use your own tracker and hardcode the IP address in the base Community class.
  • Run own tracker using gradle tasks and hardcode its IP address: https://github.com/Tribler/kotlin-ipv8/blob/476dc36d0a5208d4a6ef21d953e00e4a440046a4/ipv8/src/main/java/nl/tudelft/ipv8/Community.kt#L649

[M-Butenaerts]

• Connected to the same DAO with multiple emulators on different devices over internet.

• Voted in the DAO.

• Researched and decided on a leader election algorithm.

• Updated debug dashboard to show own IP & PK, other Peers PK & activity
  

• Created flowchart for current DAO joining process

• tesnet faucet (testing and applying changes)

[InvictusRMC]

Great progress 🎉

• Continue working on election algorithm:
  • Make a flowchart for the election algorithm and start working on some text reporting on your design
• Push server code and make a PR to our repository

[M-Butenaerts]

• Added first functionalities for leader election to currencyii.

• Updated server read.me file with other.

• Looked into communication through Blockchain and IPv8.

• Added code to send joinDao payload data via ipv8 to Peer in DAO so peer can retrieve signatures and do the joinDaoTransaction instead of the joiner (Question: How should we handle the case where no single member of the DAO is online).

• difficulties:

  • uncertainty about right commmunication channel.
  • push problems with GitHub repository.

• fork: https://github.com/Mozafar7/bitcoin-regtest-node

[InvictusRMC]

Next Sprint:

• Finish flowchart
• Finish connection with app (and TestNet)
• Implement leader election working on purely IPv8
• Make a pull request to the node repository

[M-Butenaerts]

• created diagram
  • 
  • Each peer starts a personal election and requests alive packets to find candidates.
  • If current peer has the highest hashed public key, it is selected as leader and it broadcast an ElectedPayload.
  • Every peer sets its leader as the peer in the ElectedPayload. In case of multiple ElectedPayload, (faulty behaviour/ attacker) the peer takes the peer with the the highest hashed public key among the payloads.
• constructed communication through IPv8.
• created following funtionalities:
  • AlivePayload, ElectionPayload, ElectedPayload, SignPayload.
  • leaderSignProposal, checkLeaderExists, electLeader.
  • onAlivePacket, onElectedPacket.
• bitcoin core updated to 26.
• Server Readme has been expanded and pull request is ready.
• TODO:
  • OnSignProposal
  • testing

[InvictusRMC]

Grading session

• Running code required for passing grade

  • APK file
• Finalize implementation
  • Create test
  • Make performance graphs
• Write README-style report
• Please provide us a with links to all of your code
• Make pull request of all code
• Demo of your functionalities

[M-Butenaerts]

• exported first .apks

• testing:

  • tested electionPayloadRequest
  • tested onAliveResponsePacket
  • tested electionPayload
  • tested alivePayload

• initial version of readme file and graph creation setup

• difficulties:

  • creating tests for private functionalities, should we make them public just for testing?
  • questioning how to handle Ipv8 tests and test related to coinCommunity.

• Continuing with:

  • testing:
    • testing onElectionRequest
    • testing leaderSignProposal
  • report
    - continuing expanding and creating with graphs

[InvictusRMC]

Final session

• Finish implementation & tests
  • Make scalability test using JVM
    • Example: Blockchain Engineering - class of 2024 - Team Democracy-4: networking of crypto core #7914 (comment)
  • Add demo UI
• Finish report
• Make PR before meeting

[JoepMulder]

Pullrequest:
Tribler/trustchain-superapp#197

https://github.com/JoepMulder/trustchain-superapp/tree/61d1267b0d4f0c7d077db413846cf44c3a5324a6/currencyii#version-3

https://github.com/Tribler/trustchain-superapp/actions/runs/8845330808/artifacts/1450149614

[InvictusRMC]

https://filesender.surf.nl/?s=download&token=9681d994-946a-472e-9efb-f2fa6ee9de05

https://github.com/Tribler/trustchain-superapp/actions/runs/8845330808?pr=197