Scalability vs privacy chart

tromp · January 3, 2021, 12:20pm

Chart showing chainsize growth rate (in terms of size of historical 2-input 2-output tx / 100 bytes)
versus privacy leaks. CT=Confidential Transactions. MW=Mimblewimble. RingCT=CT+ring signatures.

Lelantus would sit at 46 (x 100 bytes) for the BEAM implementation (both inputs and outputs shielded).

Privacy leaks

amounts+     |
addresses+   |    BTC
i/o-links    |
             |
             |
addresses+   |                            CT
i/o-links    |
             |
i/o-links    |MW
             |
decoys       |                                           RingCT
none         |                              Zk-SNARK

             0  2  4  6  8  10 12 14 16 18 20 22 24 26 28 30   growth rate

oryhp · December 23, 2020, 2:30pm

Good idea coming up with this way to present the Y axis. I wouldn’t mind a chart like this on the website to see what kind of a tradeoff MW is.

Anynomous · December 23, 2020, 2:40pm

Looks good.
It would be simpler to just show chain size on one axis and privacy on the other axis, but that would indeed remove a lot of details that are relevant such as in which way privacy is improved. Converting so many approaches into any privacy score would be very subjective.
Still it would be nice to have such a simplified graph as well since it immediately makes clear that Grin (and other MW coins) are king in the combination of privacy+scalability. I think the combination of such as simplified graph, plust the graph you have right now in table format, would be best for the website.

oryhp · December 23, 2020, 2:58pm

Perhaps having the Y axis be transparency score would be nice. Grin would be left most on X axis and with a relatively small transparency so it would be placed bottom left.

Edit: the Y axis is exactly what I said it would be nice. I need some sleep.

tromp · December 23, 2020, 5:34pm

I made the Y axis less uniform to reflect relative importance of different privacy leaks.
Also added a Halo2 datapoint according to discussion in https://forum.zcashcommunity.com/t/where-would-halo2-fit-in-this-chart

david · December 23, 2020, 5:57pm

What do you mean by “historical?” Do you just mean already spent? If so, this chart is deceptive. It would be better to compare against bitcoin’s tx history and not just exclude UTXOs (which are still quite large).

Also, are you ignoring MMRs? Each kernel alone, when including MMR hashes, is over 160 bytes. I get that it can be rebuilt on the fly, but that’s not what we do in practice, so is that really a fair comparison?

tromp · December 23, 2020, 6:30pm

Yes, I mean contribution of old transaction with spent outputs to IBD size. Asymptotically, the UTXO set will be an ever smaller fraction of all txos.

david · December 23, 2020, 6:34pm

How hard would it be to provide the values if we base it off of bitcoin’s current tx history? I think it would be a good comparison to see how long it will take until we see the real scalability benefits from grin.

Roelsmajor · December 24, 2020, 3:11am

What about ardor chainsize? I saw on twitter they have just released a new full node. Can it be compared? Because if I’m not mistaken the previous version is only full node for verification. There is no android wallet + full node. The android application will link it to the web wallet.

tromp · December 24, 2020, 7:24am

I never heard of it, but AFAICT, Ardor has no chainsize improvements over Bitcoin, and would thus occupy the same spot?!

oryhp · January 2, 2021, 3:23pm

Where would Lelantus be on this chart? I personally feel that perhaps it’s more relevant than RingCT because if you do choose a path that adds bloat to your chain, you might as well get a higher anonymity set