This article was originally published on The Daily Chain, 7th July 2020.
“Swap is focused on stability, usability, and decentralization. Many project will claim the same, but will only pay lip-service to any one of these, adding features that breaks one or more of these tenets in some way.”
Long Huynh (Leafy), Swap co-founder
Introduction
Swap (XWP) is a privacy coin with as rigorous and determined an ambition for fair mining as any cryptocurrency I have encountered.
“Swap is the first CryptoNote coin to integrate Cuckaroo for fair mining. This change brings the Swap blockchain superior security and stability.”
Swap website
Unlike other CryptoNote privacy coins (Swap is a Monero fork), XWP uses a variant of the Cuckaroo mining algorithm first popularized by GRIN, and first used by Aeternity.
XWP founder Seb Green, who started mining Bitcoin in 2011 and whose tweets and YouTube channel demonstrate high levels of political engagement, explained this choice of mining algorithm in a 2019 interview.
“Being peer-reviewed is important because it gives a measure of trust to the software. However, because of the obfuscation and complexity in the PoW used by Monero and other CryptoNote protocol based coins, we felt that we needed to move from their PoW and find something better. After all, their PoW is not peer-reviewed.”
Seb Green, 2019
Swap had a fair launch in 2018 and its team are funded with community donations. Despite modest resources the team of developers have furnished the busy community with a range of wallets (mobile, desktop, web) and even Ledger support
The name Swap derives from the team’s plan to integrate atomic swaps which can be used in a DEX and other DeFi applications. On this subject and a range of others I have the pleasure of catching up with Leafy, a leader in the Swap community.
But before we get to the Leafy interview we’ll take a quick look at Cuckaroo. It has been my practice to provide real world analogues to describe complex technologies in cryptocurrency.
In the past I have likened CryptoNote’s use of ring signatures in transaction anonymization with the cup and ball game, and now I will try to explain Cuckoo Cycles in a similar fashion.
Cuckoo Cycles for Dummies
“Cuckoo Cycle is the first graph-theoretic proof-of-work, and the most memory bound, yet with instant verification. Unlike Hashcash, Cuckoo Cycle is immune from quantum speedup by Grover’s search algorithm. Cuckatoo Cycle is a variation of Cuckoo Cycle that aims to simplify ASICs by reducing ternary counters to plain bits.”
John Tromp, Cuckoo Github
This video about Cuckoo Cycles with inventor John Tromp elegantly describes this proof-of-work in half an hour of viewing.
In cryptocurrency a proof-of-work (PoW) is used to reach consensus and distribute coins to miners. A good proof-of-work is a cryptographic puzzle which must be both hard to solve and easy to verify.
Symmetrical PoW
Adam Back’s HashCash proof-of-work is symmetrical, meaning the process to generate a block is the same as the process to validate a block. This is the system used in Bitcoin.
The vast majority of proof-of-work algorithms are based on HashCash and also symmetrical. The Ethereum Ethash mining algorithm is symmetrical, and according to Tromp, can take longer to verify a block than to generate one.
Where most crypto currencies differ is in the choice of hash function; the Hashcash flavor as it were. Besides Bitcoin’s `vanilla’ flavor of SHA256, there is Litecoin’s scrypt, Cryptonote’s CryptoNight, Darkcoin’s X11, and many more. Most alternative flavors have the explicitly stated goal of reducing the performance gap between custom and commodity hardware, either by use of memory, or by sheer complexity.
Asymmetrical PoW
John Tromp’s Cuckoo Cycles proof-of-work is asymmetrical, meaning the process to generate a block is not the same as the process to validate a block.
An asymmetrical proof-of-work makes it easier for peers on the network to validate transactions and sync to a blockchain. Other examples of asymmetrical PoW algorithms include EquiHash, used by Zcash and its many forks.
“Proofs of work must not only be found, but verified as well, by every single client, including smartphones and other devices with limited resources. In Hashcash, verification amounts to evaluating the hash function on the given nonce and comparing the output with the difficulty threshold. Which is exactly the same effort as a single proof attempt.”
“Beyond the Hashcash Proof-of-Work”, John Tromp
The Cuckoo Cycle PoW fills and connects the empty slots of two linear hashtables (and can also remove and replace slot entries like a cuckoo bird might another bird’s egg) with numbers resulting from birthday attack collisions in two separate hash functions. This can be visualized as a graph with patterns similar to the passage of photons in an optical cable.
A slide from Tromp’s presentation (see video above)
Miners take the complex patterns produced by the interaction of the two hashtables and trim the extraneous edges of the graph in order to reveal shapes (or cycles).
The puzzle is solved by finding “cycles” where the numbers in the hashtables point to each other in such a way that a loop or contiguous shape is discovered.
Animation of edge trimming down to a 6-cycle loop
Think of Cuckoo Cycle PoW as a cryptographic game of Connect the Dots.
If the amount of sides is 42, as was the original implementation of Cuckoo Cycles, we can also say this is equivalent to solving 42 birthday attack collisions .
Cuckoo Cycle has been transformed into two flavors, CuckARoo and CuckAToo, optimized for GPUs and ASICs respectively. Swap only uses the former.
While the mathematical beauty of the system is worthy of admiration, the takeaway for the reader is two-fold.
Firstly that the Cuckoo Cycle proof-of-work is asymmetrical and thus offers the opportunity for low-powered devices like phones to easily sync to the chain.
Secondly that Cuckoo Cycle is not a pure hashing function like HashCash, but rather a memory intensive graph theory-based algorithm — and is therefore more resistant to ASICs.
Cuckoo Cycle is a graph theory-based algorithm. It tries to find a fixed length L ring in the Cuckoo Cycle bipartite graph randomly generated by Siphash. As the scale of the graph increases, the L value increases and becomes more difficult to find a ring that fits the length of L. Solving the solution (i.e., the process of finding a loop) itself requires a relatively large amount of memory to store the sorting of data.
“WTF is Cuckoo Cycle PoW algorithm that attract projects like Cortex and Grin?”
Swap was the first CryptoNote privacy coin to implement CuckARoo, and now that we understand a little more what the implications of that are, I gladly introduce Long Huynh (aka Leafy), a Swap founder with oversight on network ops and community management.
Leafy
Q. Is Swap doing things differently with its CryptoNote implementation?
Swap is focused on stability, usability, and decentralization. Many project will claim the same, but will only pay lip-service to any one of these, adding features that breaks one or more of these tenets in some way.
Stability. Most CN implementation will hard-fork every 2–6 months. Frequent hard-forks are disruptive to the network and generally a nuisance to exchanges, merchants, pool operators, miners, and especially the end users. The end users should not be expected to understand how blockchains work to operate it, and constant hard-forks are some of the more confusing aspects of using the blockchain as payment system, which hinders mass adoption of it. Surprisingly, the most common reasons for these hard-forks are not to add in new features or security fixes as one expects, but to tweak PoW algo to be anti-ASIC/FPGA or to fix block timing issues caused by poorly implemented difficulty adjustment algorithm. This is evident by the fact that Swap is able to maintain feature and security-parity with Monero without needing to hard-fork for the past 15 months — most new features and security fixes are not consensus breaking. Ideally, Swap will reach a point where no further hard-fork is necessary, but realistically, our goal is minimize the number of hard-forks to once every year or two.
Usability. Swap does not aim at to be yet another digital gold storage or a money printing scheme for their stake holders. It aims to be used for everyday commerce. Swap provides one of the fastest block timing at 15 seconds per block (7.5s average for confirmation from time of transaction). This is good enough for non-trivial purchase, but our end goal is to implement a Lightning Network layer for instantaneous transaction for smaller everyday transaction.
Decentralization. Swap Network is not held hostage by centralized oracles, masternodes, or premined funds being locked up in one of the developer’s wallet. Swap Network is fully trustless and decentralized — No permission is required to use it — anyone can run their own node, and no node is considered any more essential than others to the health of the network. Furthermore, Swap specifications is designed to encourage mining decentralization. Approximately 5,760 blocks are generated per day, allowing even the smallest miner a chance at finding one. Extremely fast block verification and propagation minimizes the risk of orphan block that is commonly associated with mining on smaller pools. To encourage solo and small-group mining, Swap also provides fully optimized reference pool software in both fully-featured and micropool variants.
Q. What progress has been made with Atomic Swaps to Bitcoin with Lightning Network?
There have been some stumbling blocks along the way, but it is something our lead Developer, Sebastian Green, still express interests in and believe is possible to port to cryptonote. It remains one of the major road map item for this project, but we may be implementing a simpler Hashed Timelock Contracts based atomic swap in the interim.
Q. The first sentence of your bio on the website says: “Started mining in late 2017, and quickly became interested in CryptoNote technology.” By 2017 Ethereum, Zcash and many other new technologies were being developed. Please tell us a bit more about yourself, and explain what drew you to CryptoNote specifically?
I found Monero solely because that was most profitable coin on WhatToMine for my GPU at the time. From there, I looked into other Cryptonote coins, which are often unlisted and offered better mining profit. While mining, I noticed that mining profit for certain coins were consistently much lower than expected, so I began digging around to try and understand why. I eventually met Seb, who shared the same interests in maximizing mining profit by researching the root causes of these problems. His pool data and expertises in Cryptonote provided a solid wealth of the information that I was missing for my research. We got along well and my interests in Cryptonote technology grew. At the time, I didn’t know about ZCash, but fortunately, I’m later convinced that Cryptonote is superior in privacy tech. Ethereum was wrought with many ponzi scheme and pointless tokens on it’s platform, so I found it unappealing and never really approached it.
Q. What are your thoughts on the origins and history of CryptoNote?
Bytecoin was the first Cryptonote coin, but its poorly documented launch with possibly falsified blockchain history and inclusions of a questionably de-optimized miner hindered its community growth. Monero had a much cleaner and well documented launch, which did wonder for its community growth.
While there are many Cryptonote projects out there, most can generally be grouped into one of two major family — one based on Bytecoin and one based on Monero. Each family has its own unique set of features, but I consider Monero’s feature set superior to those of Bytecoin’s.
Most of the unique features of Bytecoin feels very superficial to me. Monero, by contrast, focused on developing their blockchain fundamentals, adding many optimization and privacy features to their core technology that are still missing from Bytecoin. For this reason, Swap has been source-forked from Monero.
Q. Unusually for a CryptoNote coin, Swap uses its own variant of Cuckatoo Cycle (Cuckaroo29s Cycle PoW) as a mining algorithm. You have already mentioned the hard forks other CryptoNote coins (usually using a flavour of the CryptoNite algo) perform to make mining fairer or to thwart ASICs. Why did SWAP pick Cuckaroo, and why make a variant?
The Cryptonight family of algo has been falsely labeled as being ASIC-resistances, but they are in fact, very ASIC-friendly. Cryptonight have been defeated since late 2017, and every variant thereafter have been a fork-every-6-months race against ASIC manufacturers to give their GPU miners temporary relief. It is also a very complex algo filled with obfuscated coding with no known optimal solution, so there have been several optimizations that happened over its lifetime, including several known ones that have been used in private. I would hardly consider it a fair algo.
CuckARoo is Asic-Resistance. CuckAToo is Asic-Tolerance. All variants of the Cuckoo Cycle family of algo have asymmetrical proof-of-work, with the verification step being trivially fast to verify (measured in nanoseconds versus milliseconds for most Cryptonight variants). This is important for Swap as it generates a block every 15s that has to be verified as quickly as possible to avoid potential clashes between miners trying to submit their blocks at the same time. The massive increase in sync speed is a nice bonus for the end users, which is important because Swap also generate 4–8 times more blocks than your typical Cryptonote coin. The choice to use our own unique variant of Cuckaroo was to avoid sharing the same hash rental market with Grin, which had a much larger network strength, thus avoiding a potential 51% attack vector. However, we did choose to remain similar to Grin’s own Cuckaroo29 algo to encourage development of 3rd-party mining software for Swap.
Q. I was surprised to see on your future roadmap a plan to transition to an “ASIC Friendly Cuckoo Algorithm” Could you elaborate on this plan and explain whether this would lead to the centralized mining silos so many cryptocurrencies choose to avoid?
Swap Founding members believe that privately optimized mining, including the uses of privately optimized GPU-mining software, hurt network decentralization as it can gives certain miners enough advantages to force everyone else off the network. The whole anti-ASIC narrative is a gross misunderstanding of the root problem, which is the witholding of optmized mining hardware and software by their manufacturers and developers, respectively. Originally, our plan was to fork to Cuckatoo31 once Grin shifted toward Cuckatoo32+. Doing so would allow Swap to assert dominant over its own computation network, which means Swap miners will have a vested interests in ensuring that Swap’s network remains viable. It also makes coin hopping, commonly employed on CPU/GPU-minable coin, an unviable mininig tactic. This is without needing to become large enough to attract ASIC manufacturers naturally with the aforementioned problem associated with some of these manufacturers. Unfortunately, Cuckatoo ASICS never came to fruition, so the plan was never carried out. Fortunately and unlike Grin, we made the conscious decision to not have a set date for switching over to an ASIC-friendly algorithm. Instead, we opted to wait until ASIC becomes more mainstream and competitive before making any further moves toward ASIC-friendliness.
Q. Swap has an impressive array of wallets, including hardware, light, mobile and web. The team is focused on a fair and solid foundation, with an eye on usability. However the space is crowded with a torrent of coins, many of which are CN coins. Can SWAP become a Top 100 coin (by market cap), is price important, and what are your goals?
As long as Swap remains a GPU-minable coin, its network security is closely tied to its daily emission in dollar values, which is directly affected by price. In other words, Swap has to compete with other GPU-minable coins for a slice of the GPU-mining ecosystem, so yes, a sustainably high price is important to ensure that a large slice of the pie is committed to Swap’s network. The goal is to build a network that is as secured as possible relative to coins with similar market cap and orderbook size. In the next section, you’ll understand why none of the founding members are fond of unsubstantiated promotion of Swap. However, we do acknowledge that some of our investors are holding the coin solely for the economic benefit, and we have no problem with that. Since we consider them to be part of Swap’s natural economy, we tend not to interfere with how they or the rest of our community choose to promote or demote the coin.
Q. Please talk about the team, how Swap started, and funding of development.
Most of the founding team were former miners of the infamous Cryptoknight.cc community mining pool (this pool has since closed down). Seb was the pool operator; I was technical support; Nick, Greg, and Tiago were long-standing members of the community. Many of the coins we host on our pool turned out to be broken or outright scam. Many were just copy of other broken coins, and the only thing many of these coins end up implementing were just creative ways to collect their dev fees. Unfortunately, pointing out these flaws and faults tend to draw the ire with members of said coin community, so the pool didn’t develop a good reputation outside the community. One of these community, relevant to Swap’s history, was Haven (this coin has since been taken over by a new development team). Long story short, the Cryptoknight.cc and Haven community loved to poke fun at each other. This resulted in the birth of “FreeHaven” — a parody coin that does everything Haven does, better, and without the dev fees. This was originally proposed by Nick and implemented by Seb. Several talented people from the community, including myself, were called onboard to help out various things. The rest of the Cryptoknight.cc community quickly became supportive of the endeavor and an ANN was soon made on BitcoinTalk to officiate the launch. It was a truly transparent grassroots movement, made completely for fun by a ragtag team of volunteers without any thoughts of profiting from it. Instead, we felt we had created something awesome, and thus, Freehaven was eventually re-branded to Swap to establish a stronger brand identity. Oweing to the events leading up to its genesis, I would say that Swap is one of the purest, blameless, coin ever created. Swap is run completely by volunteers, all of our current exchange listing have been for free, and servers running our network and websites have been contributed by staff and various members of the community. All of which are very much appreciated.
Q. What can we expect from Swap in the coming months?
We’re looking forward to the release of Swap 3.2, which will refresh the codebase for future research and development. Once Seb has more free time on his hand, we’ll begin planning on the direction we want take with Swap. Until then, Swap development will mainly focus on maintenance. There is a whitepaper on Atomic Swap for Cryptonote coins in development that looks promising to us. If the timing of this whitepaper’s release is right, an implementation of Atomic Swap will be attempted. At the same time, the team will be working toward setting up a foundation for Swap, which will be useful for things like listing on certain exchanges or getting future apps on the iOS App Store.
Thanks Leafy
Conclusion
A bunch of milestones under belt and many more in the pipeline, Swap’s move to Cuckoo Cycle is the totem for its commitment to fair mining and innovation in the CryptoNote space.
While atomic swaps may not be implemented yet, a cheeky bird is busily swapping numbers in hashtables and connecting the dots for Swap.
The Swap slogan rings true. No bullshit. As advertised.
