Originally posted on Medium

ChainSafe is proud to announce the completion of a collaboration with xx network, one of the world’s first quantum-resistant and privacy-focused blockchain ecosystems.

A few months back, xx network enlisted our help to implement Winternitz One Time Signatures (W-OTS+) for Substrate-based chains and automated Placards generation. The primary goal of this engagement was to introduce post-quantum-security into signatures on Substrate.

Technical highlights
For context, W-OTS+ is a quantum-resistant digital signature scheme that uses relatively small key and signature sizes. And the xx network is a layer one blockchain co-founded by cryptography pioneer David Chaum. XX network is unique in its efforts to guard against cryptography-breaking quantum computing.

This collaboration had two focal points. The first is an implementation of an independent W-OTS+ crypto library that can be used in any context. The second is a Substrate Pallet and Off Chain-Worker Implementation to introduce the W-OTS+ signature scheme and Placards into a Substrate runtime environment.

Both implementations are novel to the Rust-Substrate ecosystem. There’s an existing Golang implementation, but to foster interoperability with Substrate-based chains, the W-OTS+ scheme has been written in Rust.

This package of technologies, therefore, can be regarded as an attractive option for future implementers from various language backgrounds.

Broader implications

W-OTS+ is suitable for post-quantum environments as it’s a hash-based signature scheme. Unlike the current signature schemes generally used in blockchains (e.g., ECDSA, Schnorr, BLS, etc.), which are based on the hardness of the discrete logarithm problem, hash-based schemes are based on the hardness of finding the preimage of a hash.

Unlike the former, there is no efficient quantum algorithm for the latter, making hash-based signature schemes quantum-resistant.

Hash-based cryptography is not the only approach being proposed for a post-quantum world. Isogeny and lattice-based approaches both hope to address the one-time-use limitation of hash-based signature schemes.

However, following the unexpected critical vulnerabilities recently discovered in a NIST finalist SIDH, hash-based cryptography remains a safe approach.

Given that W-OTS+ are one-time signatures, each time a signature is revealed, part of the private key can potentially be recovered. Thus, re-using a private key for multiple signatures eventually leaks the entire private key.

To work around this issue, for the xx network’s use case, a set of keys derived from the same seed and merkleized is published as a validator’s public key. Then, to validate a signature, a merkle proof of inclusion within the tree with the published root is used. The merkle tree of keys is referred to as a “Placard” in the implementation, which can be seen as a simplified version of the XMSS signature scheme.

Summary

As the need for post-quantum cryptography draws closer, the xx network is ensuring its privacy-preserving tech stack is quantum-secure.

This stack includes a private messenger app backed by a mixnet; a novel wallet generation mechanism called Sleeve, which allows embedding a W-OTS+ public key as a backup for any other cryptocurrency wallet — and now, the first step towards integrating quantum secure cryptography into the xx network’s Substrate-based blockchain.

The newly developed W-OTS+ crypto library already empowered the xx network team to implement Sleeve wallet generation in Rust and cross-compile it to WASM for usage in web browsers. Any user can now generate a quantum-ready wallet for any cryptocurrency directly in the xx network web-based wallet and staking app.

Originally posted on Medium

ChainSafe R&D is ChainSafe’s internal applied research and development arm. We provide high quality research to explore new technical and business frontiers in support of larger projects both internal and external to ChainSafe. The ChainSafe R&D team has previously completed (and in many cases continue to maintain) engagements with teams like Gitcoin (“decentralized Grants”), and Polygon (“v3 spec”), to name a few.

ChainSafe has recently concluded a 5-week sprint supporting development of the xx Network as they move toward their mainnet release.

The xx Network blockchain is built using Parity’s Substrate framework in Rust. This has allowed the team to make rapid progress developing the custom chain logic for xx Network while building on top of a battle tested and audited codebase in Substrate.

ChainSafe has been a long time supporter of Substrate with some of our projects including ChainBridge (a flexible solution for bridging Substrate and Ethereum chains), the PINT parachain, and our own runtime-compatible framework Gossamer. We jumped at the chance to help another promising project make it through the final hurdles. Supporting xx Network also highlights our growing capabilities as Substrate developers and code-reviewers in an extremely exciting space in blockchain development.

Network-layer privacy vs. Transaction-level privacy​

In its first form, the xx Network blockchain serves to support and incentivize the already operational mixnet protocol cMix. Mixnets provide network-layer privacy by routing messages between mixing nodes, which effectively erase any link between the sender and the receiver. cMix requires global coordination and incentivization for mix-nodes, and the xx blockchain solves both of these! Nodes participating in consensus must also be active mix-nodes. Their performance as mixers directly affects what they can expect to receive as block rewards. You can learn more in the cMix whitepaper.

Network-layer privacy has seen much less attention in the crypto space compared with transaction-level privacy, as present in other blockchain projects such as ZCash and Monero. However, both will be required for us to one day be able to transact with total privacy, which includes end-to-end encryption and metadata shredding. Moreover, the network layer privacy offered by xx Network will power xx messenger, a private off-chain messaging app available on major mobile platforms shortly after mainnet launch.

The first release of the xx chain adds on-chain logic to support the operation of cMix as well as the unique economic logic for xx coin. Since the pre-sale for xx coin was instantiated on Ethereum as an ERC-1404 token, the network adapted Polkadot’s Claims module in order to allow users to receive their native xx coins at mainnet launch. Furthermore, xx Network plans to use ChainBridge to allow users to swap wrapped ERC20 xx coins on Ethereum to their native form on the xx blockchain.

Contributions from ChainSafe​

As part of the engagement, all new additions were evaluated line-by-line, tests written to ensure full coverage (over 100 tests were added in total!), and benchmarking added to automatically derive weights for all externally callable functions. Several major issues were found and subsequently fixed by the team. Progress! The full report of the review will be available once the codebase is released to the public.

We look forward to the future of xx Network and the value they will bring to the blockchain ecosystem with their privacy preserving technology.

Acknowledgments

Thank you to Tim Ho and Bernardo Cardoso. Your contributions were invaluable to the making of this article.