[Cryptography] Bear Bonds - a new crytpocurrency

allen at bearbonds.org allen at bearbonds.org
Sat Nov 14 18:20:41 EST 2015


> Why not include a well-tested algorithm, such as SHA-512, in the  
> hash chain? And assuming one would trust a novel hash algorithm  
> before years of analysis have taken place, why is "a modest memory  
> requirement of 85 KB per input” a good thing? It seems to me such a  
> tiny memory retirement quickly leads to control of mining by the  
> custom chip crowd.

The hash algorithm is not used for mining, it is used in the zero  
knowledge proof.

The creator of a transaction has to include a proof that the values in  
the transaction satisfy the transaction constraints.  The most time  
consuming constraint is to prove membership in the Merkle tree.  This  
requires from 48 to 64 hashes (depending on the capacity of the tree).

The hash we use consists of two knapsacks mixed together by a  
Diophantine polynomial of order 256 computed in the prime field, and  
then finished by another knapsack.  These computations are much more  
efficient to verify in a zero knowledge constraint system than the  
bit-oriented operations in SHA-256 and all other commonly used hash  
algorithms.  Using SHA-256 would require at least 10 times the  
processing time.  For example, on a midrange laptop, our algorithm  
requires about 8 seconds to prove a transaction with 2 inputs and 2  
outputs.  Using SHA-256 would take at least 80 seconds.

We believe our hash algorithm is just as secure (i.e., one-way and  
collision resistant) as any other hash with a 256 bit output, and we  
invite anyone to analyze it to confirm this.  The details of the  
algorithm can be found in the "Transaction Protocol" document posted  
on our website at https://www.bearbonds.org under the "Technology" tab.

Existing hash algorithms are not designed for efficient verification  
by a zero knowledge proof, and that is why we created a new one.  We  
believe it is well-suited for that purpose, and just as secure.

Thanks,

Allen




More information about the cryptography mailing list