tari-labs / tari-university

Tari Labs University is an open source, curated set of materials developed by the Tari Community to help facilitate knowledge transfer and education.
187 stars 49 forks source link

Learning paths feedback #211

Closed hansieodendaal closed 3 years ago

hansieodendaal commented 5 years ago

Hi there, this is to invite feedback on the Learning Paths module in TLU.

When enough comments have been provided, it will be assessed and incorporated.

Thanks

SWvheerden commented 5 years ago

I think we should add a quick explanation about what ECC is and how the notation works as a entry level topic.

But how ECC works should be an advance topic.

CjS77 commented 5 years ago

It's a step in the right direction, and a big improvement on helping people find the information they need.

But the journey is a long one.

Empiech007 commented 5 years ago

Under "Blockchain Basics"; Layer 2 Scaling Survey and Merged Mining are informative, they both brought me up to speed. Although Layer 2 Scaling Survey is extensive, it is pitched at the right level. The brief SWOT analysis and relating each scaling "approach" to whether it would be appropriate for Tari is really cool.

ghost commented 5 years ago

I'm working on the assumption that the TLU is aimed at people with no prior knowledge about blockchain and or cryptography. The TLU under this assumption is not very helpful to get someone up to speed and requires extensive external resources to get up and going.

Things that helped me get a better understanding around ECC was this article and this talk around Diffie Hellman vs ECC. The principles are not that difficult and could be included in the TLU.

Another great resource I found that explained how the ECC was used in a blockchain was the book Mastering Bitcoin: Programming the Open Blockchain. There is nothing in the TLU currently that shows how the (x, y) coordinates and private key from the ECC are stored and used in a practical manner. The book helped a great deal to bring those topics together.

A recurring topic is that prior knowledge is required the be able to read the TLU. An example would be the article on Schnorr Signatures where prior knowledge of the what a hashing functions is or what properties it has.

If some math terms or notations are not common, please include a reference to an explanation. example is multi-set (when I googled it I found Multiset).

Please don't use rust code as example code, rather use python as it is one the most used language according to the latest StackOverflow survey. Python is by default installed in MacOS and most linux distributions and requires little effort to run example code. On this topic, if possible, please use Jupyterlab for the TLU. This will allow anyone to download the Jupyterlab notebook and run the code locally and verify it and be able to play with it.

hansieodendaal commented 5 years ago

Hi @toiletspider, thank you for your valuable comments. W.r.t. use of Rust, I believe those were done on purpose as we mainly use Rust for the protocol development.

We may need some discussion around the integration of Jupyterlab into TLU content as it is rendered using mdbook. FYI, a very recent publication where modelling was done in Python references the source code from the GitHub repo.

Empiech007 commented 4 years ago

On "Learning about Mimblewimble Implementation": The presentation is short and sweet. Security issues regarding the Discrete Log problem and the need for 'hiding' are nicely covered.

Empiech007 commented 4 years ago

Perhaps a few editorial comments are in order.

On the 1st report, "Introduction to Schnorr signatures":

  1. The first paragraph could either be moved to later where security issues are discussed or a brief discussion on the Discrete Log as in the presentation could be inserted.
  2. Under "ECDH": There's a need to state that P_a  is Alice's public-key and that P_a = k_a .G ... same for Bob's.
  3. Under "So why all the Fuss?": The sentence "Elliptic curves have the multiplicative properties" ... It seems it was supposed to say "linearity properties"
  4. Under "Key Cancellation Attack": The point that Bob ends up staging a 'unilateral' signature instead of an aggregated one didn't come out clear ... cf. https://blockstream.com/2018/01/23/en-musig-key-aggregation-schnorr-signatures/
  5. Under "MuSig": That X_i = k_i .G wasn't made clear at the beginning of the discussion.
Empiech007 commented 4 years ago

The Bulletproofs report is substantial, it includes almost everything one needs to know. Definitely a place to go for information on Bulletproofs. I got bogged down with details of inner product proofs mainly due to our discussions on Monday. So I still have a lot to read through. .. Great work.

Empiech007 commented 4 years ago

In Section 2.8 "The Bulletproof Protocols",

  1. The first sentence under "Zero-knowledge Proof for Arithmetic Circuits", ... there shouldn't be any square-brackets, the correct formula for proof-size is 2log_2(n) + 13. (see Page 24 of the Bulletproofs paper)

  2. Same subsection under "Logarithmic-sized Non-interactive Protocol for Arithmetic Circuits", ... end of 1st paragraph; ... (a) The square-brackets shouldn't be there but rather the "ceiling" of log_2(2n). (b) Also, on the same formula, you might want to check if the "8" should perhaps be "2" ... The authors of the Bulletproofs paper use "2" and in the next sentence use "8" with no explanation for why "8".

  3. In subsection "Evolving Bulletproof Protocols", ... 3rd paragraph, ... last sentence, with regards to the Verifiable Shuffles and their complexities, (a) The Bulletproofs paper (on Page 5) mentions - proof size of order O(log(n)), and O(n.log(n)) multiplications instead of O(n) and O(n^2).

Empiech007 commented 4 years ago

On Sec 7.3 MW-GRIN Blockchain Protocol Overview

  1. Under subsection "Commitments"; (a) $G$ and $H$ are not elliptic curves but 'points on the EC' or more specifically 'generator points of the EC group'. (b) Insert the word "scalar" between "(ECC)" and "multiplication" ... (there's actually no multiplication of points in the EC but repeated 'additions' of points.) (c) In the 2nd equation, remove the last '+' symbol. (d) In the 2nd and 3rd equations, remove the index "i" on 'r' as it is unnecessary. Otherwise it needs explanation.
Empiech007 commented 4 years ago

On Sec 7.3 MW-GRIN Blockchain Protocol Overview

Under subsection "Cut-through and Pruning"; (a) The 'cut-through' concept is not as clear as one expected, perhaps an illustrative diagram would have done the trick ... And there's an assumption that the reader understands what a UTXO is.

Empiech007 commented 4 years ago

On Sec 7.3 MW-GRIN Blockchain Protocol Overview

Under subsection "Trustless Transactions"; (a) First line, 2nd sentence, the link at "here" is not working. (b) In Step 8, change "step 5" to "step 6".

Empiech007 commented 4 years ago

On Sec 7.3 MW-GRIN Blockchain Protocol Overview

Under subsection "Multisig"; (a) First sentence after the 5 steps, it is not true that "both parties" do not know $O{ab}$ because Alice has just finalized $O{ab}$ in Step 4. ... the point here is that neither Alice nor Bob can spend $O_{ab}$ because they do not know the whole blinding factor.

Empiech007 commented 4 years ago

On Sec 7.12 MW Multiparty Bulletproof UTXO

Under subsection "Background"; There's a need to separate the discussion of "Bitcoin m-of-n multisig" from "how Bitcoin actually implements scripts" as well a separate discussion on "what scripts are and how they work". That would help avoid having too many new concepts in one place.

An example a '2-of-3 multisig' as an extension of the '2-of-2 multisig' of Section 7.2 would have made things much more lucid.

Empiech007 commented 4 years ago

All-in-all, the learning paths are well arranged and cover most blockchain aspects, especially for privacy blockchains. They help one to come up to speed with the Mimblewimble blockchain.