1 coin per second forever. Simply fair. Simply disinflationary. Decentralize the wealth.
Simple block interval
One minute. 60 seconds. 60 coin subsidy.
Simple consensus
Proof of Work. Most cumulative difficulty wins.
Simple protocol
In (pure) Mimblewimble, outputs are Pedersen commitments r*G+v*H
combining value v and blinding factor r into a single curve point.
The blinding factor serves both to hide the value and to control ownership.
Simple audit
Σ unspent-outputs = Σ kernel + offset * G + height * 60e9 * H
Each kernel is a provable commitment to 0 (as is offset * G)
height * 60e9 is the expected number of nanocoins emitted in height blocks.
Simple PoW algorithm
Cuckatoo Cycle. Find a 42-cycle in a huge random graph. Instantly verifiable in 42 lines of code.
CoinSwap can non-interactively mix thousands of self spends each day or hour.
Simple scripting
No scripts, aka scriptless scripts.
Supports nearly all Bitcoin script functionality, with none of the complexity:
multi-signatures, atomic swaps, discreet log contracts, bidirectional payment channels, etc.
Simple implementations
Small Rust and C++ codebases.
Simple security
Complexity is the enemy of security. Keep it simple to keep it secure.
where we add an artificial input that prints height * 60e9 coins from thin air? Then it becomes obvious that a chain audit and a transaction audit are the same thing.
Perhaps the fact that all transactions are an interactive multisig between all the participants is also simpler because there’s no logical branching. Though that’s on the wallet level.
P.S. I tried to compress some of this info grin_tldr.md · GitHub as I think it’d make a cool tshirt content
That becomes a little nontrivial to explain, if you want to describe both in one equation. In general, balancing a transaction is a lot easier than balancing the entire history, so I wanted to emphasize that even the latter is simple in Grin. If histories are balanced, then necessarily, transactions (essentially, their derivative) are as well.
Looking quickly at it, it seems the quotes may help with formatting. Here’s the difference:
code block
No scripts, aka scriptless scripts.
Supports nearly all Bitcoin script functionality, with none of the complexity
multi-signatures, atomic swaps, discreet log contracts, and bidirectional payment channels, etc.
quote block
No scripts, aka scriptless scripts.
Supports nearly all Bitcoin script functionality, with none of the complexity
multi-signatures, atomic swaps, discreet log contracts, and bidirectional payment channels, etc.
Multiple wallets sharing the same seed (which is not called multi-sig) is possible, with some restrictions. E.g. they wouldn’t be able to share payment channels, or other things that require temporary wallet state. Signing a tx on one device that you initiated on another might not be supported. Or overlapping different txs, as both wallets might try to spend the same inputs (less of an issue with late locking).
I removed occurences of the name Grin, so as to make the text more suitable for posting on other forums, as I did for example at [1].
Hopefully this will intrigue people and they may be delighted to learn that such a wonderful thing already exists.
This is what most people think of when they think of “multi-sig”. For that reason, we should probably remove that or clarify the language a bit. Wouldn’t want to mislead.
If we are talking about both parties needing to approve a transaction before it completes, maybe there is a better term for that. Contract-based transfers to reduce mistakes?
You can do a multisig today on grin, in fact each transaction is a multisig (two keys sign each transaction, sender and receiver). Using the same seed on different devices has some limitations - because not everything is on-chain, eg. if you start SRS on device1 (first step) then you can’t simply decide to do the last step on device2 since device2 doesn’t have this “pending contract/transaction” (or whatever you want to call that) in its DB, so it won’t work (unless wallet would implement some “share” mechanism). So you can use multiple devices for on-chain stuff, but all steps of transaction building process must be done on the same device. Also if you do a transaction on device1 then you won’t have its payment proof on device2 (even if they both use the same seed because that’s “local” data, it’s not on the chain). What does a multi-sig wallet mean? You can do utxo’s which require multi-sig from different owners but in grin the current limitation is that you need to get all of the signatures (n of n), you can’t have 3 of 5 multi-sig for example.
I’m not sure it will end up being decisive, but to me it is important. I really think that grin is the most fair (least scammy) cryptocurrency in existence. Happy to be here