Author Topic: BYTEBALL: Totally new consensus algorithm + private untraceable payments  (Read 130 times)

0 Members and 1 Guest are viewing this topic.

Offline vindyne8

  • Trade Count: (0)
  • Doge
  • **
  • Posts: 133
  • Shiba Inu
    • View Profile
For full technical description, read the white paper:

Testnet is already online.  Try it out by downloading the wallet:

iOS   Android   Mac   Windows   Linux
or build from source at github

Desktop wallets are full nodes (will take a while syncing with the network after the first start).  Mobile wallets are light clients.

After installing the wallet, visit and click the clink to receive free bytes to play with.  The link will open your wallet:

The design

There are no blocks in Byteball, and no block size issue.  Instead, every new transaction references one or more earlier ones (parents) by including and signing their hashes.  The links among transactions form a DAG (directed acyclic graph):

By including its parents, each new transaction also indirectly includes and confirms all parents of the parents, parents of the parents of the parents, and so on.  As more transactions are added after your transaction, the number of confirmations you receive grows like snowball, that’s why the name Byteball (our snowflakes are bytes of data).


There is no PoW, no PoS, and no mining.  Instead, we have the DAG, which already establishes partial order between transactions, plus we add the main chain within the DAG:

The main chain (MC) allows to define total order between transactions: the transaction which gets included (directly or indirectly) earlier on the MC, is deemed earlier in the total order.  When there is a double-spend, the version of the transaction that comes earlier in the total order is deemed valid, all others are deemed void.

The main chain is defined deterministically based on the positions of transactions in the graph.  Refer to the white paper for details, but as a general rule, the MC gravitates towards transactions authored by well known users, which we call witnesses.  The list of witnesses is defined by users themselves as they include the list in every transaction they post.  The MC then follows the path within the DAG such that:
1. the witness lists of the neighboring transactions on the chain are either identical or differ by only one mutation,
2. the chain goes through the most number of witness-authored transactions, compared with alternative chains.

The above is very brief and sketchy description with many important details omitted, refer to the white paper for a full technical story.

Fees and intrinsic value

The fees paid for storing one’s transactions (or any other data) in the Byteball database are equal to the size of the data being stored.  If your transaction size is 500 bytes, you pay exactly 500 bytes (the native currency of Byteball) in fees.  This means there is intrinsic value in bytes: it is the utility of permanently storing that size of data in a decentralized immutable database.  For data that represents financial transactions, the value is social rather than personal, because you absolutely need to store the full coin history in order to be able to prove the value and authenticity of the coin to each subsequent owner.

The fees are collected partially by those who are first to reference your transaction as parent and partially by witnesses.  The former incentivizes referencing the most recent transactions as parents, which results in the DAG growing in one direction only, like the trunk of a tree, and being as narrow as network latency permits.  If new transactions are rare enough, such that all nodes have enough time to sync before a new transaction appears, the DAG will look almost like a chain, with only occasional forks and quick merges.

Money supply

The total number of bytes is 1015, all bytes will be issued in the genesis transaction. Since the fees paid are returned into the circulation, the money supply will remain the same.

Deterministic finality

In Byteball, there is a protocol rule that a transaction must include the previous transaction (if any) sent from the same address, i.e. there must be partial order between subsequent transactions from the same address.  Breaking this rule is considered equivalent to double-spending, therefore at least one of such unordered transactions will become void.  If we assume that most witnesses follow this rule (that’s what they are elected for), they have to reference only sufficiently recent transactions as parents and can’t inherit from old enough parents.  Therefore, they can no longer influence the MC (which is attracted to witnesses) in the old enough part of the DAG, and that part of the MC becomes stable, hence the total order relative to this MC also becomes stable.  See the white paper for discussion of exact criteria of reaching stability, here it is important that the criteria are deterministic, and once a transaction appears on the stable part of the MC, it is final, and, unlike all other cryptocurrencies, no re-orgs are possible. 

This is extremely important for applications in financial industry and for wider adoption in general, as most people are used to expect certainty in matters of money and property ownership, and the concept of probabilistic finality is a difficult sell.

Assets and on-chain exchange

Bytes is the native currency of Byteball.  Users can issue any other tokens (assets), e.g. to represent debt.  The debt can be expressed e.g. in fiat currencies or in natural units (barrels, ounces, kWh, etc).  The issuers of the debt can reveal their real-world identities and/or be voluntarily attested (i.e. their real-word identities be verified by a well known third party such as CA).  This enables the use of the existing legal system to secure against fraud.

The issued assets can be used as means of payment, along with bytes.  Assets can be exchanged against bytes and other assets by both parties signing a single unit that executes both legs of the exchange, thus the two transactions either happen simultaneously or don't happen at all.  This kind of signing is called multilateral signing.  No centralized exchange is needed, hence no trust is necessary and no exchange fees (apart from the usual fees for the size of the data).

Private untraceable payments

Assets can be either public or private.  All transactions in public assets are visible to everyone on the public decentralized database, just like Bitcoin.  Bytes is a predefined public asset.

Payments in private assets are not published to the public database.  Instead, only the hash of the transaction is stored to the database, while the plaintext of the transaction is sent directly from the payer to the payee.  To protect against double-spends, a spend proof is also published to the Byteball database.  The spend proof is constructed as a hash of the output being spent, so that if the same output is spent twice, the spend proofs will be necessarily the same.

I’ve already described this design at, see more details in the white paper.

Regulated assets

Regulated institutions can issue assets that are compatible with KYC/AML requirements. Every transfer of such asset is to be cosigned by the issuer, and if there is anything that contradicts the regulations, the issuer won't cosign.

This way, banks can issue fiat-pegged assets and stay fully compliant.  They can open demand deposit accounts and track them on Byteball as assets.  These assets are easily exchangeable against bytes and other assets (with bank’s approval).

Other features

- Spending conditions (AKA smart contracts) in an easy to understand declarative language
- Multisig: a special case of spending conditions
- On-chain oracles can post data (such as timestamps, exchange rates, weather, various events) directly to the database, then that data can be referenced from spending conditions
- Private end-to-end encrypted messaging: used to convey private payment data, communicate in multisig scenarios, and chat with a merchant’s bot.

Initial distribution

There will be no ICO, no crowdsale.  I believe the success of a currency depends on the number of people who own it, in fact Peter R’s research suggests that historical marketcap of Bitcoin follows Metcalfe's law:, i.e. it is proportional to the square of the number of active users.  That’s why I want Byteball to be in the hands of as many people as possible:

- 98% of all bytes and blackbytes (the private untraceable currency) will be distributed among bitcoin holders who link their bitcoin and byteball addresses before the launch.  No investment required, you keep your bitcoins, plus receive the bytes and blackbytes.
- 1% I reserve for myself

To link your byteball and bitcoin addresses, you’ll need to make a small BTC payment to a one-time bitcoin address created specifically for you.  Next, you consolidate all your bitcoins on the one address you paid from that we know is controlled by you (if you have only one bitcoin address, you skip this step as all your bitcoins are already on a single address).  Then the number of bytes and blackbytes you receive on the launch date will be proportional to the BTC amount on your linked address in a specific bitcoin block (e.g. in block 437000 which is expected late October - early November).  The detailed instructions and the exact block number will be posted later when we get ready for launching the livenet.

Current status and plans

We’ll have a few test flights before we launch in October or November; now the first test flight is under way.  The launch date may be adjusted if we realize that there is more (or less) work to be done before the launch.

How you can help

- play with the wallets, install them on multiple devices, pair them for multisig.  If you find bugs, report them.
- run a relay on your cloud server to help the network. The relay doesn’t hold any private keys, so you don’t have to worry too much about security.  Get relay source code from
- run a hub to better decentralize the delivery of private payments (the hub also includes a relay).  Again, the security doesn’t matter much as all messages are end-to-end encrypted.  Hub address can be changed by users in their wallet settings.  Get hub source code from
- fix bugs, contribute improvements in our github repositories  In particular, we need faster syncing and faster UI.  Before now, I prioritized simplicity of algorithms over performance, now we need speed too.  A 10x improvement should come easy enough, the next 10x will be probably harder.  Discuss any major changes before actually implementing them.
- develop new tools/apps that you think will be useful for Byteball users
- spread the word about Byteball and remember that its value is proportional to the square of the number of active users

Translations: Chinese, German, Italian, Portuguese, Russian.


One last thing.  The remaining 1% will be given away to the first 100m users who install Byteball wallet, 100 Kbytes to each user.  This will start 6 months from now or later, after we get ready for that scale.


Sitemap 1 2 3 4 5 6 7 8 9 10 11 12 13 14