Home
Contribute Contact Us Browse all meetings
Home Contribute Contact Us Browse all meetings
IPFS / Virtual Meetups / 26 Mar 2021
IPFS / Virtual Meetups / 26 Mar 2021
Previous Meeting Next Meeting
Add meeting Rate page Subscribe
youtube image
From YouTube: How to secure a blockchain using IPFS with the Scala Project

Description

The Scala Project joined us during the March meetup to talk about how they used IPFS to create a novel methodology to checkpoint block hashes to secure a blockchain.

For more information on IPFS
- visit the project website: https://ipfs.io
- or follow IPFS on Twitter: https://twitter.com/IPFS

Join your local IPFS meetup to attend our next event: https://www.meetup.com/pro/ipfs/

Sign up to get IPFS news, including releases, ecosystem updates, and community announcements in your inbox, each Tuesday: http://eepurl.com/gL2Pi5

A

So hi everyone, I'm mastermind, which is obviously not my real name. uh Well, I'm an application developer at scala, I'm with hazam, also a developer, blockchain developer and donovan both are developer at scala. We are very excited to be with you today to present our project and how we use ipfs technologies within our ecosystem.

A

The presentation will take place in three parts. First, donovan will introduce our lib ipfs library, which allows us to use ipfs within our applications.

A

Then hazam will present in a concrete way how we are planning to use ipfs to secure our blockchain against potential attacks. And, finally, I will present some other users of ipfs within our project.

A

But, first of all, let me introduce scala and we are and what we do so. Our first goal is to keep privacy as a priority in everything we do. This is why we forked from monero in the first place and providing a pack blockchain untraceable payments, unlinkable transactions and blockchain analysis resistance.

A

Our vision is to distribute wealth for everyone and every device. We want to be the people's coin, and to achieve this goal, we focus on implementing solutions that are mobile, friendly and very energy efficient.

A

There are about four billion mobile devices in the world, and we want to make sure that our ecosystem takes that into account. We also take a lot of time to improve the user experience so that our applications are can be used easily by anyone.

A

And, finally, one of our goals is to solve real world problems, obviously, in a way that is economically viable for the project and to sustain our growth.

A

um So now I'm gonna leave I'm gonna. Let donovan for the next part.

B

Yes, thank you for that. uh One of the goals of our project is has always been to be as decentralized as we can possibly make it.

B

We don't ever want to get into a position where we're called the central authority of the chain where we can manipulate things, and when we started looking at ways of securing our blockchain, we knew that ipfs would really align with that vision, and I believe that has led us to become one of the first projects, that's using ipfs in a way that can actually impact the consensus of the blockchain in the way that aizam will be explaining it in in the next section.

B

Another goal of our project, like it was just mentioned, was to have ease of use. We want to make it as simple as possible for anyone to get involved, and for that reason we knew that our ipfs integration needs to be part of our core package and not require any additional dependencies to be installed or any additional downloads and registrations all over the place.

B

So with that in mind, we explored our options, our main diamond that runs on client computers on servers with exchanges, that's built in cnc plus plus, however, ipfs is written in go and at the time we started looking at this, which was probably more than a year ago now there were no implementations to use ipfs directly from c plus plus without having a stand-alone ipfs running and using http apis.

B

So one of the good things with go is obviously that you can link go libraries into c plus code, and that made it really a possibility for us to take ipfs and pull it into our main daemon and from there lib ipfs as we call it was born.

B

Our initial integration with ipfs was actually was quite low level. If I could, if I could call it that our library would set up initialize and run ipfs from within our own go code. What I mean with that is it. We used a lot of the startup logic that you can find in the standard, ipfas daemon itself, and we ran that inside of our library.

B

What was great about that is. It allows us a great degree of control of what we start and what we don't start with the we disabled at the beginning, the http api, because we didn't need it. The other reason for that is cryptocurrency exchanges, typically don't want anything other than the core network tools, because they don't want the overhead, especially the smaller exchanges that don't really have a binance kind of setup to to operate these chains on.

B

So the other great thing about integrating on that level was that we could expose different ipfs features directly to our daemon by wrapping that feature inside of a simple c plus to go call, and the first version of this test was done in the fourth major revision of our software, that was about probably a year year and a half ago, and that fetched some of the seed nodes and some of the core network data that it needs to start up from ipfs and, to our surprise, almost no issues.

B

Apart from some some users that ran a very restrictive network setup, some of those calls were blocked, but other than that it really worked really well fast forward. A few months later, we reviewed our integration and we found that dependency management in the long run is going to be really really tricky. This was a time when go was in that awkward space of not really having an official dependency management system like it does now with go modules.

B

Some projects were using govender, I believe ipfs had gx and some other ones just had none to speak of, and it became obvious that, because we had such a low level integration, that any changes in the ipfa score would disproportionately impact our integration, which obviously takes time away from our main focus being the the cryptocurrency.

B

So to overcome this, we recently took a bit of a higher level approach. We still needed.

B

We still need the go wrapper around ipfs so that we can start the diamond from c plus plus, but instead of doing all the work initializing the network and connecting and all of that, we package a compiled, ipfs, binary and embed that inside of our library, with a tool named escape or esc, and when the daemon starts up, it calls a function. It extracts that package starts the ipfs daemon and we can communicate then using the http api, which works perfectly fine.

B

What's nice about this approach again is we can add command line flags to our c plus code to disable that functionality for exchanges which keeps them happy? We still achieve the goal of not having additional software to be installed by our users, and we we get a one out of that, so that we don't need to worry about dependencies and we can just take advantage of all the new ipfs functionality as it becomes available by just repackaging that binary into our code.

B

So that's a that's an overview of how we do this on a low level and I'll pass on to hazem now, which will explain how all of this comes together to really secure our blockchain.

C

Hello, everyone hope you're all doing well, I'm gonna start by actually proposing a question: um why do we need industrial security for the blockchain? Is it not supposed to be like inherently secure without the free third-party applications?

C

I'd say it's a pretty uh difficult question to ask: it's not a necessity for a point like bitcoin or something like that, because they have a lot of miners and modes and all this stuff to ward off most of the common attacks.

C

uh Our problem is pretty niche and our solution is quite niche, too, mostly applicable to projects that don't enjoy the same level of decentralization such as that bitcoin.

C

So um before we jump in uh jump into how their image is all the problem, let's take a look at some common network level. Attacks against the blockchain in particular, uh distributed denial of service attacks.

C

They are pretty common on blockchain these days since, if you're a small project, especially with not a lot of players hosting the chain, it's pretty easy to take out with those that are good to cause a lot of havoc, and uh the next type of attack, I would say, is cyber attacks and recently monero had this very specific attack for a bunch of nodes pretended to be honest and tried to find origins of certain transactions, which was pretty complex and, at the end, was able to pass a lot of problems now.

C

Moving to the main kind of attack that causes the most amount of problems in the industry is 51 percent, and if a dishonest sphere has enough compute to overbought the majority of the network, there would be a glory right here, basically mostly to spend the same amount of point multiple times.

C

I'm sure you've all heard about this issue before this can be devastating, especially for medium to small size projects, and it could cause huge amounts of losses for exchanges, and there are quite a lot of existing methods that work towards protecting the blockchain against attacks, specifically 51 attacks and.

C

um One of the best in the market, uh which a lot of coins actively use, is the delayed proof of work by komodo. It's actually pretty smart as well. They use the uh bitcoins blockchain to store arbitrary data in this case, block hashes of a network that tomorrow is trying to protect, and it is regarded as one of the go to solutions for a lot of projects at the moment, especially popular ones like ninja square fire, changes for professional theories and another solution. That is also pretty popular recent times.

C

It's just pro like glasses checkpoints where, basically, they just don't allow any kind of the organization's past envelopes in the past. This actually could cause a lot of issues uh as they already had in mind, but uh there is no other option.

C

So now that we've taken a look at some of the existing situations, let's uh take a look at our solution, which is called dr and in essence, it works a lot like uh kmd's creative work, but instead of using the bitcoins blockchain to store opportunity, we use ipfs since it's a lot cheaper, faster and more likely, and uh even though bitcoin has a lot of compute and security behind it, it is still vulnerable to 51 attacks.

C

So if somebody has a lot of compute, they can overpower the chain and they.

C

uh Certain nodes that consistently take block caches, which are blocks in the network and then publishes those block hashes along with the height and some other parameters onto ipfs and then ipip, so that the client blockchain demons can resolve it and get the checkpoint and then add it to their local databases and then the way we pick these uh load maintainers is by a yearly election that this gives people a chance to be a part of this uh secondary network and also decentralizes some of the power that these notes have, because they have a lot of of it.

C

Power uh they're also incentivized, with tokens from the network, so they don't have an incentive to cyber attack us and then uh about 25 percent of the blockchain was right now goes to location on our network.

C

So uh essentially, this is a solution in very, very simple terms and uh I've actually written a simple web application to show this in action. Just uh side note uh right now we're in private data looking to move to public in the next few weeks and.

C

Yep, this is the thing I was talking about. So basically, uh you can see three nodes here. They are taking uh block hashes from scalars blockchain right now and then adding that to ipfs, so that other nodes in the network would affect these hashes from here and add it as a permanent block so that there cannot be any organization past this world and it's pretty cool and- uh and I would say, latest update pointing it is really fast.

C

I mean, like ipns resolutions, used to take like three minutes on at most now it takes like 10-15 seconds at most and it's really cool, because you know it avoids a lot of ddos paths and all that stuff, so yeah I'll give back control over to mastermind and thanks for the opportunity and hope you all have a nice day.

A

All right, thank you, usm, um so I will now introduce um uh to conclude our presentation, some other users of ips ipfs in our project.

A

First, our official website is hosted on ipfs, which makes makes it decentralized, scalable and less expensive to maintain you can access it at scalabproject.io. If you, if you want more information about that about what we we build.

A

In addition, we have also developed a proof-of-work algorithm that makes mining on mobile devices possible. So we have recently released the scala miner, which is a mobile application that allows mining on any android device.

A

The application provides a detailed dashboard to track all the mining activities, as well as two layers of temperature control to protect your device from overheating.

A

We use ipns dns link address using ipfs gateways to fetch the list of mining pools which ensures maximum service availability and you can download the application at mobileminer.scalaproject.io.

A

And finally, we are currently working on phantom, uh which is in development. uh It's a content, delivery, uh distributed content, delivery network, a cdn, it's gonna, hello, allow us to offer our users a secure and decentralized file, hosting leveraging our ipfs notary nodes and, obviously our mobile ecosystem.

A

So that's it for uh for scala. If you have any questions, feel free to ask them at the end of the meetup. Thank you.

A

Everyone.