📜 [專欄新文章] Using MPC to Help Achieve Blockchain Privacy
✍️ Yahsin Huang
📥 歡迎投稿: https://medium.com/taipei-ethereum-meetup #徵技術分享文 #使用心得 #教學文 #medium
This post answers some of the most commonly asked questions about using multi-party computation (MPC) in blockchains.
What is MPC?
Multi-party computation (MPC) is a cryptographic protocol that does a joint computation involving multiple parties over their inputs while keeping those inputs private.
A famous example of MPC is Yao’s Millionaires Problem. Two millionaires want to know who is richer without finding out information about each other’s actual wealth. Naively they can simply tell their wealth to a third party. Then the third party compares their wealth and lets them know who is richer. But then this option is undesirable because the third party learns the information of their wealth.
The challenge of Yao’s Millionaires Problem is the computation wouldn’t be able to have a result without the two parties’ private information. To get the end result, you need those information involved in the computation. But at the same time, you are not allowed to reveal those private information to the party who performs the computation. That’s the main problem that MPC wants to solve.
Why it matters in blockchain?
In the real world, not everyone’s a millionaire. Not everybody wishes to compare their assets and wealth with others. In the blockchain space, there’s a need to ensure the inputs are shielded from multiple parties for privacy purposes; hence, the need for MPC protocols.
If we look at the current landscape of the blockchain world, notice there are blockchains doing great for programmability, such as Ethereum blockchain, allowing developers to build great tools and applications on top of them. There are also blockchains doing great for privacy, such as ZCash blockchain, allowing users to send transactions in a privacy-preserving way.
However, there’s a lack of blockchains that are designed for maximum programmability with maximum privacy. That’s why a lot of folks are pushing forward the work on incorporating MPC protocols into blockchain designs.
Why ZK is not enough?
Zero Knowledge Proofs (ZKP) is great at shielding private information that involves only one party. ZKP alone cannot be applied to provide privacy in multiple-party settings, such as auctions or in the case of Yao’s Millionaires Problem. In those settings, computations would involve private inputs from multiple parties, and so ZKP wouldn’t be enough. We would need to turn to MPC to achieve that.
Recent developments in MPC
In his presentation “MPC as a Blockchain Confidentiality Layer,” Miller gave a high-level overview of how MPC can be viewed as a confidentiality layer for blockchains as illustrated in the slide. Credit: https://youtu.be/0VuBELYfChM
How does MPC work with blockchains?
HoneyBadgerMPC builds a sidechain that performs MPC protocol computation. The sidechain acts as a confidentiality layer to the public blockchain, where secret data is stored.
How can developers build MPC applications?
Developers are able to develop MPC applications with Ratel language. Writing Ratel feels very similar to writing Solidity contracts. The compiler compiles Ratel code into two parts: the Ethereum part, and the MPC as a sidechain part.
Ratel code looks like this: https://github.com/initc3/HoneyBadgerSwap/blob/coconut/ratel/trade.rl
Learn more about MPC as a sidechain
One of the biggest news this past month was you could now play with HoneyBadgerSwap’s demo website. HoneyBadgerSwap is basically a dark pool version of Uniswap using MPC. You will need some Kovan ETH to test it out. Yunqi Li (UIUC, IC3) made a great Medium story about HoneyBadgerSwap. Read it here: “HoneyBadgerSwap: Making MPC as a Sidechain,” published on April 22, 2021.
Watch a really great talk by Andrew Miller “MPC as a Blockchain Confidentiality Layer,” presented at the IC3 Blockchain Camp 2020, to understand the HoneyBadgerMPC protocol more.
If you are someone who would like to delve into the topic with textbooks, be sure to add the book “A Pragmatic Introduction to Secure Multi-Party Computation” to your reading list. The content is available in PDF.
Using MPC to Help Achieve Blockchain Privacy was originally published in Taipei Ethereum Meetup on Medium, where people are continuing the conversation by highlighting and responding to this story.
👏 歡迎轉載分享鼓掌
同時也有10000部Youtube影片,追蹤數超過2,910的網紅コバにゃんチャンネル,也在其Youtube影片中提到,...
「conversation topic pdf」的推薦目錄:
- 關於conversation topic pdf 在 Taipei Ethereum Meetup Facebook 的精選貼文
- 關於conversation topic pdf 在 Taipei Ethereum Meetup Facebook 的最佳貼文
- 關於conversation topic pdf 在 コバにゃんチャンネル Youtube 的最佳解答
- 關於conversation topic pdf 在 大象中醫 Youtube 的最讚貼文
- 關於conversation topic pdf 在 大象中醫 Youtube 的最讚貼文
- 關於conversation topic pdf 在 1000-Conversation-Questions---PDF - Pinterest 的評價
- 關於conversation topic pdf 在 School Conversation, School Dialogue - YouTube 的評價
conversation topic pdf 在 Taipei Ethereum Meetup Facebook 的最佳貼文
📜 [專欄新文章] Uniswap v3 Features Explained in Depth
✍️ 田少谷 Shao
📥 歡迎投稿: https://medium.com/taipei-ethereum-meetup #徵技術分享文 #使用心得 #教學文 #medium
Once again the game-changing DEX 🦄 👑
Image source: https://uniswap.org/blog/uniswap-v3/
Outline
0. Intro1. Uniswap & AMM recap2. Ticks 3. Concentrated liquidity4. Range orders: reversible limit orders5. Impacts of v36. Conclusion
0. Intro
The announcement of Uniswap v3 is no doubt one of the most exciting news in the DeFi place recently 🔥🔥🔥
While most have talked about the impact v3 can potentially bring on the market, seldom explain the delicate implementation techniques to realize all those amazing features, such as concentrated liquidity, limit-order-like range orders, etc.
Since I’ve covered Uniswap v1 & v2 (if you happen to know Mandarin, here are v1 & v2), there’s no reason for me to not cover v3 as well ✅
Thus, this article aims to guide readers through Uniswap v3, based on their official whitepaper and examples made on the announcement page. However, one needs not to be an engineer, as not many codes are involved, nor a math major, as the math involved is definitely taught in your high school, to fully understand the following content 😊😊😊
If you really make it through but still don’t get shxt, feedbacks are welcomed! 🙏
There should be another article focusing on the codebase, so stay tuned and let’s get started with some background noise!
1. Uniswap & AMM recap
Before diving in, we have to first recap the uniqueness of Uniswap and compare it to traditional order book exchanges.
Uniswap v1 & v2 are a kind of AMMs (automated market marker) that follow the constant product equation x * y = k, with x & y stand for the amount of two tokens X and Y in a pool and k as a constant.
Comparing to order book exchanges, AMMs, such as the previous versions of Uniswap, offer quite a distinct user experience:
AMMs have pricing functions that offer the price for the two tokens, which make their users always price takers, while users of order book exchanges can be both makers or takers.
Uniswap as well as most AMMs have infinite liquidity¹, while order book exchanges don’t. The liquidity of Uniswap v1 & v2 is provided throughout the price range [0,∞]².
Uniswap as well as most AMMs have price slippage³ and it’s due to the pricing function, while there isn’t always price slippage on order book exchanges as long as an order is fulfilled within one tick.
In an order book, each price (whether in green or red) is a tick. Image source: https://ftx.com/trade/BTC-PERP
¹ though the price gets worse over time; AMM of constant sum such as mStable does not have infinite liquidity
² the range is in fact [-∞,∞], while a price in most cases won’t be negative
³ AMM of constant sum does not have price slippage
2. Tick
The whole innovation of Uniswap v3 starts from ticks.
For those unfamiliar with what is a tick:
Source: https://www.investopedia.com/terms/t/tick.asp
By slicing the price range [0,∞] into numerous granular ticks, trading on v3 is highly similar to trading on order book exchanges, with only three differences:
The price range of each tick is predefined by the system instead of being proposed by users.
Trades that happen within a tick still follows the pricing function of the AMM, while the equation has to be updated once the price crosses the tick.
Orders can be executed with any price within the price range, instead of being fulfilled at the same one price on order book exchanges.
With the tick design, Uniswap v3 possesses most of the merits of both AMM and an order book exchange! 💯💯💯
So, how is the price range of a tick decided?
This question is actually somewhat related to the tick explanation above: the minimum tick size for stocks trading above 1$ is one cent.
The underlying meaning of a tick size traditionally being one cent is that one cent (1% of 1$) is the basis point of price changes between ticks, ex: 1.02 — 1.01 = 0.1.
Uniswap v3 employs a similar idea: compared to the previous/next price, the price change should always be 0.01% = 1 basis point.
However, notice the difference is that in the traditional basis point, the price change is defined with subtraction, while here in Uniswap it’s division.
This is how price ranges of ticks are decided⁴:
Image source: https://uniswap.org/whitepaper-v3.pdf
With the above equation, the tick/price range can be recorded in the index form [i, i+1], instead of some crazy numbers such as 1.0001¹⁰⁰ = 1.0100496621.
As each price is the multiplication of 1.0001 of the previous price, the price change is always 1.0001 — 1 = 0.0001 = 0.01%.
For example, when i=1, p(1) = 1.0001; when i=2, p(2) = 1.00020001.
p(2) / p(1) = 1.00020001 / 1.0001 = 1.0001
See the connection between the traditional basis point 1 cent (=1% of 1$) and Uniswap v3’s basis point 0.01%?
Image source: https://tenor.com/view/coin-master-cool-gif-19748052
But sir, are prices really granular enough? There are many shitcoins with prices less than 0.000001$. Will such prices be covered as well?
Price range: max & min
To know if an extremely small price is covered or not, we have to figure out the max & min price range of v3 by looking into the spec: there is a int24 tick state variable in UniswapV3Pool.sol.
Image source: https://uniswap.org/whitepaper-v3.pdf
The reason for a signed integer int instead of an uint is that negative power represents prices less than 1 but greater than 0.
24 bits can cover the range between 1.0001 ^ (2²³ — 1) and 1.0001 ^ -(2)²³. Even Google cannot calculate such numbers, so allow me to offer smaller values to have a rough idea of the whole price range:
1.0001 ^ (2¹⁸) = 242,214,459,604.341
1.0001 ^ -(2¹⁷) = 0.000002031888943
I think it’s safe to say that with a int24 the range can cover > 99.99% of the prices of all assets in the universe 👌
⁴ For implementation concern, however, a square root is added to both sides of the equation.
How about finding out which tick does a price belong to?
Tick index from price
The answer to this question is rather easy, as we know that p(i) = 1.0001^i, simply takes a log with base 1.0001 on both sides of the equation⁴:
Image source: https://www.codecogs.com/latex/eqneditor.php
Let’s try this out, say we wanna find out the tick index of 1000000.
Image source: https://ncalculators.com/number-conversion/log-logarithm-calculator.htm
Now, 1.0001¹³⁸¹⁶² = 999,998.678087146. Voila!
⁵ This formula is also slightly modified to fit the real implementation usage.
3. Concentrated liquidity
Now that we know how ticks and price ranges are decided, let’s talk about how orders are executed in a tick, what is concentrated liquidity and how it enables v3 to compete with stablecoin-specialized DEXs (decentralized exchange), such as Curve, by improving the capital efficiency.
Concentrated liquidity means LPs (liquidity providers) can provide liquidity to any price range/tick at their wish, which causes the liquidity to be imbalanced in ticks.
As each tick has a different liquidity depth, the corresponding pricing function x * y = k also won’t be the same!
Each tick has its own liquidity depth. Image source: https://uniswap.org/blog/uniswap-v3/
Mmm… examples are always helpful for abstract descriptions 😂
Say the original pricing function is 100(x) * 1000(y) = 100000(k), with the price of X token 1000 / 100 = 10 and we’re now in the price range [9.08, 11.08].
If the liquidity of the price range [11.08, 13.08] is the same as [9.08, 11.08], we don’t have to modify the pricing function if the price goes from 10 to 11.08, which is the boundary between two ticks.
The price of X is 1052.63 / 95 = 11.08 when the equation is 1052.63 * 95 = 100000.
However, if the liquidity of the price range [11.08, 13.08] is two times that of the current range [9.08, 11.08], balances of x and y should be doubled, which makes the equation become 2105.26 * 220 = 400000, which is (1052.63 * 2) * (110 * 2) = (100000 * 2 * 2).
We can observe the following two points from the above example:
Trades always follow the pricing function x * y = k, while once the price crosses the current price range/tick, the liquidity/equation has to be updated.
√(x * y) = √k = L is how we represent the liquidity, as I say the liquidity of x * y = 400000 is two times the liquidity of x * y = 100000, as √(400000 / 100000) = 2.
What’s more, compared to liquidity on v1 & v2 is always spread across [0,∞], liquidity on v3 can be concentrated within certain price ranges and thus results in higher capital efficiency from traders’ swapping fees!
Let’s say if I provide liquidity in the range [1200, 2800], the capital efficiency will then be 4.24x higher than v2 with the range [0,∞] 😮😮😮 There’s a capital efficiency comparison calculator, make sure to try it out!
Image source: https://uniswap.org/blog/uniswap-v3/
It’s worth noticing that the concept of concentrated liquidity was proposed and already implemented by Kyper, prior to Uniswap, which is called Automated Price Reserve in their case.⁵
⁶ Thanks to Yenwen Feng for the information.
4. Range orders: reversible limit orders
As explained in the above section, LPs of v3 can provide liquidity to any price range/tick at their wish. Depending on the current price and the targeted price range, there are three scenarios:
current price < the targeted price range
current price > the targeted price range
current price belongs to the targeted price range
The first two scenarios are called range orders. They have unique characteristics and are essentially fee-earning reversible limit orders, which will be explained later.
The last case is the exact same liquidity providing mechanism as the previous versions: LPs provide liquidity in both tokens of the same value (= amount * price).
There’s also an identical product to the case: grid trading, a very powerful investment tool for a time of consolidation. Dunno what’s grid trading? Check out Binance’s explanation on this, as this topic won’t be covered!
In fact, LPs of Uniswap v1 & v2 are grid trading with a range of [0,∞] and the entry price as the baseline.
Range orders
To understand range orders, we’d have to first revisit how price is discovered on Uniswap with the equation x * y = k, for x & y stand for the amount of two tokens X and Y and k as a constant.
The price of X compared to Y is y / x, which means how many Y one can get for 1 unit of X, and vice versa the price of Y compared to X is x / y.
For the price of X to go up, y has to increase and x decrease.
With this pricing mechanism in mind, it’s example time!
Say an LP plans to place liquidity in the price range [15.625, 17.313], higher than the current price of X 10, when 100(x) * 1000(y) = 100000(k).
The price of X is 1250 / 80 = 15.625 when the equation is 80 * 1250 = 100000.
The price of X is 1315.789 / 76 = 17.313 when the equation is 76 * 1315.789 = 100000.
If now the price of X reaches 15.625, the only way for the price of X to go even higher is to further increase y and decrease x, which means exchanging a certain amount of X for Y.
Thus, to provide liquidity in the range [15.625, 17.313], an LP needs only to prepare 80 — 76 = 4 of X. If the price exceeds 17.313, all 4 X of the LP is swapped into 1315.789 — 1250 = 65.798 Y, and then the LP has nothing more to do with the pool, as his/her liquidity is drained.
What if the price stays in the range? It’s exactly what LPs would love to see, as they can earn swapping fees for all transactions in the range! Also, the balance of X will swing between [76, 80] and the balance of Y between [1250, 1315.789].
This might not be obvious, but the example above shows an interesting insight: if the liquidity of one token is provided, only when the token becomes more valuable will it be exchanged for the less valuable one.
…wut? 🤔
Remember that if 4 X is provided within [15.625, 17.313], only when the price of X goes up from 15.625 to 17.313 is 4 X gradually swapped into Y, the less valuable one!
What if the price of X drops back immediately after reaching 17.313? As X becomes less valuable, others are going to exchange Y for X.
The below image illustrates the scenario of DAI/USDC pair with a price range of [1.001, 1.002] well: the pool is always composed entirely of one token on both sides of the tick, while in the middle 1.001499⁶ is of both tokens.
Image source: https://uniswap.org/blog/uniswap-v3/
Similarly, to provide liquidity in a price range < current price, an LP has to prepare a certain amount of Y for others to exchange Y for X within the range.
To wrap up such an interesting feature, we know that:
Only one token is required for range orders.
Only when the current price is within the range of the range order can LP earn trading fees. This is the main reason why most people believe LPs of v3 have to monitor the price more actively to maximize their income, which also means that LPs of v3 have become arbitrageurs 🤯
I will be discussing more the impacts of v3 in 5. Impacts of v3.
⁷ 1.001499988 = √(1.0001 * 1.0002) is the geometric mean of 1.0001 and 1.0002. The implication is that the geometric mean of two prices is the average execution price within the range of the two prices.
Reversible limit orders
As the example in the last section demonstrates, if there is 4 X in range [15.625, 17.313], the 4 X will be completely converted into 65.798 Y when the price goes over 17.313.
We all know that a price can stay in a wide range such as [10, 11] for quite some time, while it’s unlikely so in a narrow range such as [15.625, 15.626].
Thus, if an LP provides liquidity in [15.625, 15.626], we can expect that once the price of X goes over 15.625 and immediately also 15.626, and does not drop back, all X are then forever converted into Y.
The concept of having a targeted price and the order will be executed after the price is crossed is exactly the concept of limit orders! The only difference is that if the range of a range order is not narrow enough, it’s highly possible that the conversion of tokens will be reverted once the price falls back to the range.
As price ranges follow the equation p(i) = 1.0001 ^ i, the range can be quite narrow and a range order can thus effectively serve as a limit order:
When i = 27490, 1.0001²⁷⁴⁹⁰ = 15.6248.⁸
When i = 27491, 1.0001²⁷⁴⁹¹ = 15.6264.⁸
A range of 0.0016 is not THAT narrow but can certainly satisfy most limit order use cases!
⁸ As mentioned previously in note #4, there is a square root in the equation of the price and index, thus the numbers here are for explantion only.
5. Impacts of v3
Higher capital efficiency, LPs become arbitrageurs… as v3 has made tons of radical changes, I’d like to summarize my personal takes of the impacts of v3:
Higher capital efficiency makes one of the most frequently considered indices in DeFi: TVL, total value locked, becomes less meaningful, as 1$ on Uniswap v3 might have the same effect as 100$ or even 2000$ on v2.
The ease of spot exchanging between spot exchanges used to be a huge advantage of spot markets over derivative markets. As LPs will take up the role of arbitrageurs and arbitraging is more likely to happen on v3 itself other than between DEXs, this gap is narrowed … to what extent? No idea though.
LP strategies and the aggregation of NFT of Uniswap v3 liquidity token are becoming the blue ocean for new DeFi startups: see Visor and Lixir. In fact, this might be the turning point for both DeFi and NFT: the two main reasons of blockchain going mainstream now come to the alignment of interest: solving the $$ problem 😏😏😏
In the right venue, which means a place where transaction fees are low enough, such as Optimism, we might see Algo trading firms coming in to share the market of designing LP strategies on Uniswap v3, as I believe Algo trading is way stronger than on-chain strategies or DAO voting to add liquidity that sort of thing.
After reading this article by Parsec.finance: The Dex to Rule Them All, I cannot help but wonder: maybe there is going to be centralized crypto exchanges adopting v3’s approach. The reason is that since orders of LPs in the same tick are executed pro-rata, the endless front-running speeding-competition issue in the Algo trading world, to some degree, is… solved? 🤔
Anyway, personal opinions can be biased and seriously wrong 🙈 I’m merely throwing out a sprat to catch a whale. Having a different voice? Leave your comment down below!
6. Conclusion
That was kinda tough, isn’t it? Glad you make it through here 🥂🥂🥂
There are actually many more details and also a huge section of Oracle yet to be covered. However, since this article is more about features and targeting normal DeFi users, I’ll leave those to the next one; hope there is one 😅
If you have any doubt or find any mistake, please feel free to reach out to me and I’d try to reply AFAP!
Stay tuned and in the meantime let’s wait and see how Uniswap v3 is again pioneering the innovation of DeFi 🌟
Uniswap v3 Features Explained in Depth was originally published in Taipei Ethereum Meetup on Medium, where people are continuing the conversation by highlighting and responding to this story.
👏 歡迎轉載分享鼓掌
conversation topic pdf 在 1000-Conversation-Questions---PDF - Pinterest 的推薦與評價
ESL Conversation Topics. So many questions here, you are sure to find something to interest your students. Take a look at ... ... <看更多>