In conclusion, from the viewpoint of Security / Accuracy / Achievability / Decentralization / Sustainability / Scalability / Privacy / Transparency / Fairness / Economic / Interoperability / Legality / SmartContract / Finality / Stability including A simple comparison of other leading currencies and Cardano’s “rumors”, research shows that Cardano is “No1”.
I showed you all the reasons why I affirmed … check with your eyes …

“No1” database (blockchain / ledger)=”The world’s most efficient database ①Premise that Security / Accuracy / Achievability / Decentralization / Sustainability  is fully guaranteed,②Balancing each, giving priority to the order listed – Scalability / Legality / Privacy / Transparency / Fairness / Economic / Interoperability /  SmartContract / Finality / Stability “

1 The ultimate purpose of blockchain


The wave of decentralization that originated from the problem of manager fraud and the French Revolution is ended with indirect decentralization by the consortium, consignment, auditor, and the central bank associated therewith. Because there was no technology to manage the database of identity information / money / legal policy etc. by “everyone” instead of “someone”.
Blockchain technology can lead to complete decentralization (direct democracy, distributed autonomous organization, cryptocurrency) by making it possible for “everyone” instead of “someone” to manage a database of policies / laws / money / organizational decision making / transaction brokerage services, etc.

Therefore, the ultimate purpose of the blockchain is to achieve “a database that can be managed by everyone, not someone, and that can support people’s lives most powerfully”.
On the other hand, various problems with Scalabilityand Security have been pointed out in the technology of blockchain.
And now raise question again.

“Which database do you want to live on?”
“Is it a database of the Japanese government (representatives of some Japanese citizens)?, the USA government (representatives of some American citizens)?, Amazon?, Google?, Facebook?, Bitcoin? Ethereum? XRP?”

2 Property and priorities required to achieve objectives


Specifically, the question is

“What kind of Property do you want to live in a database ? “

I would like to enumerate the properties that should be in the general “database” without being bound by the blockchain.
In addition, ultimately there is a trade-off for any property.
For example, “decentralized / security / scalability” and “anonymity (=decentralized / security) / regulation” are difficult to achieve at the same time.
Anonymity is more secure because it makes it harder to attack, but it tends to be hated by regulators, and this balance needs to be considered.
Considering and organizing many documents, I can say this

(1) If it lose it, it will not even have a database … Security
(2) It is a prerequisite for all properties, including Security … Accuracy / Achievability
(3) It is a prerequisite for some properties including Security … Decentralization (premise of security, economy, etc.) / Sustainability (premise of security, superiority of smart contract, etc.)
(4) Things that must be raised to a certain level … Scalability / Private / Transparency / Stability
(5) Depending on the way of thinking, it is better to raise it to the maximum … Fairness / Economic / Interoperability / Legality / SmartContract /Finality

Taking these into account, I defined “No1 Database”.
I will verify if this applies to Cardano in the next pull-down. (The specific definition of each element is defined in each pull-down.)

Conclusion = Cardano’s(1) Security is (2) mathematically proven with (2) realistic assumptions.

But all other projects insist “I am secure !!!”
What is the difference?
This difference can be considered from three perspectives.

1 What is the “Definition” of Security?


Cardano defined safety mathematically.
Security from the viewpoint of database / cryptocurrency = Persistence (recorded transaction is always confirmed) + Liveness (correct transaction will be recorded sometime) is achieved on a realistic basis (strict and detailed definition ; See pull-down below)

Note that many projects claim to be vaguely safe on SNS and HP without officially defining safety.

2 What are the “Premises” of Security?


Cardano has shown mathematically that the premise is quite realistic.
Cardano’s safety premise = “The pool is properly connected to the Internet, and people who have more than half of the ADA are normal” (see the pull-down below for details)

Please note that many projects do not formally present safety assumptions or that are not realistic.

3 What is the “Foundation” of Security?

Cardano proved mathematically the grounds by ①peer-reviewed  the highest academic societies and ②prototyping, formal methods, technical specifications, and functional languages, as described in the next “Accuracy” pull-down. (including quantum tolerance).

Please note that there are many projects whose safety grounds are papers that have not yet been reviewed by SNS, HP, conferences, or peer-reviewed by professional societies.

Here is a quick list of possible attack patterns written in Ouroboros paper, so take a look if you are interested.

Theorem 5.5 of Ouroboros paper says “more than half of the stakes are honest and the Internet is not abnormal, normal transactions are always recorded and the records are always unchanged”.
“more than half of the stakes are honest and the Internet is not abnormal”=Premise

Theorem5.5 Fix parameters k, l, E, ε, σ, R, and L, where R ≥ 2k + 4l and L is an integer multiple of R. Consider an execution E of Π[πDPoS,πDLS] with lifetime L coupled with a (1/2 − ε)- initially-bounded adversary A with corruption delay D = 2R and environment Z exhibiting a stake- shift of σ over l slots. Then persistence, with parameter k, and liveness, with parameter u = 2(k+l), are violated with probability no more than
ε := L · [exp(−Ω(√k)) + O(exp(−2ε2l))] + εH + (L/R)εDLS + εDSIG .
Here εH denotes the probability of a collision occurring among the queries to H (including those of A), εDSIG is the distinguishing advantage of tance of the DSIG implementation. The above the digital probabilities signature implementation, εDLS is are in the conditional space ¬Badthe dis- 1/2−ε−σ.

Suppose I received 100 billion yen by paying 100 million ADA.
If I can do this attack and cancel paid 100 million ADA, I can get 100 million ADA.
This is impossible because transactions are always invariant under Theorem 5.5.

This is a POS-specific attack. Instead of “randomly” approvers depending on the stake, an attack is performed that increases the possibility of being selected as the approver by some kind of attack.
In Cardano, since the randomness generated cannot be influenced because of “Coin tos protocol”, this attack is impossible because it is uniformly random.

An attack that prevents transactions from being confirmed.
For example, suppose I was aiming for ADA in Tanaka’s Daedalus.
A little later, I can get a paper with Mr. Tanaka’s private key, but Mr. Tanaka sent a record of the transaction to move ADA from Daedalus to Yoroi.
That would be inconvenient so I would attack and keep the transaction from being recorded …

This is also impossible because it is always confirmed under Theorem 5.5.

This is an attack that can be possible if more than 50% of the situation does not connect to the Internet, but we assume that this will not happen.

An attack that destroys the peer-to-peer message delivery mechanism. As a result, if the same situation occurs as in the previous section, the attack will be successful.

This happens when the stake of the adversary becomes more than half larger, where the premise of Theorem 5.5 does not hold. Once in this state, the transaction cannot be confirmed, and can become a long-term fork.

An attack that sends a bribe to a stake pool to approve a bad transaction. (For example, let them approve double spending)
In this regard, in the case of POS, intuitively, an attack requires a large amount of stake, but if the attack is known, the value of the stake will be reduced and the damage (cost) for the attack will be too great .
However, since this bribery attack does not formally cover all attacks, it seems that research is now officially underway.

In the case of POW, providing a high bribe rather than generating a block honestly creates an incentive to participate, so it seems relatively easy to do this attack.

This is a POS-specific attack that involves artificially creating a long chain that includes double expenditures.
This is impossible in two ways.
① If many stake pools do not participate, the protocol will not give the data necessary for POS
② The protocol rejects chains that were created long ago
Artificially created chains are invalidated from (1) and (2) because they are made by an attacker who controls a small part of the stake.

This is also a fairly serious attack unique to POS, and is a method of artificially creating a chain and attacking the system.
This is not possible because forkable strings and old chains are ignored.

This is a special version of Nothing at stake attacks.
In fact, Theorem 5.5 requires that there is no huge stake movement, which can be dangerous. In other words, it was a story that POS requires a large amount of stake when attacking, and it is costly, but in this case, if you sell off the stake at the time of attack, there is no need for extreme stakes, so that There is no cost in meaning.
This sounds terrifying, but in reality there is a fundamental question as to who will buy such a huge stake and whether it will be able to attack immediately at the moment of purchase. However, it is a possible attack in theory.

It is an attack that creates blocks that are convenient for adversaries and gets a lot of mining rewards by accepting or not approving the blocks for adversaries convenience.
In Cardano, the right to approve a block is proportional to the amount of stakes, so even if you do not approve the block, the reward will not increase, making it a meaningless attack.

* This refers to information on the IOHK blog, not a paper.
Although it is written in various ways, the essential reason Cardano is not affected by this attack is because it does not copy Bitcoin.

US research teams have shown that the POS stakes in 26 different POS currencies using PoSv3 are vulnerable to fake stake attacks, but Cardano is not among them.

* This refers to information on the IOHK blog, not a paper.
Sybil is the name of a woman with multiple personalities who describes how one person can attack using multiple IDs. With Cardano, one person can create a large number of stake pools, so it seems possible to create 1000 stake pools and gradually collect stakes to attack.

In conclusion, this is inefficient and requires so many stakes that it will not succeed.

・ Cardano does not require a deposit for staking, but if you make a lot of deposits, profitability will increase slightly. In other words, if you create many pools separately, the attractiveness of each pool will be low.

・ Furthermore, there are plans to link it to the reputation system. Pools that contribute more to the community and are more trustworthy are more profitable, while relatively large pools are less attractive.

sorry, this is japanese only now

※注意※まず、私は数学者でも暗号学者でもないため、正確性は保証できませんand sorry , this is japanese only






→そもそもPOWとは厳格に作業量に応じて(selfish mining等によりゆがむ可能性あり)ランダムにした次のブロックを作る人を選ぶ選挙。


・proof of space;物理リソースは必要だが、エネルギーは少なくなる
・proof of space-time;何れにせよexpensive physical resourceが必要








・コインフリッピングプロトコルの(単純な)安全なマルチパーティ実装⇨grinding attacksを防ぐ


・「forkable string」の組み合わせ概念に関する確率論的議論が中心
・covertly forkable strings are a subclass of the forkable strings with much smaller density; 2つの議論を展開できる。
covert attacks,(敵が密かにプロトコルを破ろうとする攻撃)に対応するforkable string technique
・forkable strings;分岐可能な糸。POSを超えた概念になりうる。密かな分岐可能な糸はかなり小さな密度を持つ分岐可能な糸の継承版。


④インセンティブ構造の考慮;block withholding and selfish-mining を軽減する合理的手数料・インセンティブ;ナッシュ均衡・ゲーム理論
⇨Specifically, we discuss double spending attacks, transaction denial attacks, 51% attacks, nothing-at-stake, desynchronization attacks and others. これを議論できる。



①Sleepy consensus;mixed corruption setting対策; “corruptions with delay” settingだけがここで議論されたが、それだけでなく、adaptive corruptionsと fail-stop and recover/sleepy corruptionsを含む広いモデルで分析される必要がある。
②Snow White;degree of “grinding”が可能で敵対者の選出確率を上げることができるが、さらにランダムで効率的にできる。

簡単にいうと、①Sleepy consensusは分析不足だよね、②Snow Whiteはもっと効率良いやり方あるよね、④フルーツチェーンはナッシュ均衡を示したけど、我々も同じことをしましたよ、ということを言ってます。




Transaction Ledger Properties.ープロトコルΠは堅牢な取引元帳を実装。Πの元帳はブロックに分割され、取引が元帳に組み込まれる順番が決定される。以下2つを満たす。
Persistence, with parameter k N. Once a node of the system proclaims a certain transaction tx as stable, the remaining nodes, if queried, will report tx at the same position of the ledger and agree on the entire prefix of the ledger (prior to tx). Stability is defined in terms of the blockchain: a transaction is declared stable if and only if it is in a block that is more than k blocks deep in the ledger. あるノードが「Tx=安定」と伝達→残りのノードは①照会されたらTxを同じ位置にあると報告+②元帳のTxより前全体部分に同意。Txがkより前の深さのブロックにあるとTxは安定していると宣言される。
Liveness, with parameter u N. If all honest nodes in the system attempt to include a certain transaction, then after the passing of time corresponding to u slots (called the transaction confirmation time), all nodes, if queried and responding honestly, will report the transaction as stable. 全正直ノードがTxを含めたUスロット対応時間経過後、全ノードはTxを安定していると認識する。


Common Prefix (CP); with parameter k N. The chains C1,C2 adopted by two honest parties at the onset of the slots sl1 ≤ sl2 are such that Ck1 C2, where Ck1 denotes the chain obtained by removing the last k blocks from C1, and denotes the prefix relation.  ;共通接頭辞=Ck1 C2=ある二人の正直パーティーが採用したチェーンは、必ず、Kブロックより前は、同じチェーンになっている、ということ。=安定していると宣言された取引の次にのみ、ブロックが生成され始めるということ=最終的にチェーンは全て安定していくということ=Persistenc特性を持つということ
Honest Chain Growth (HCG); with parameters τ(速度係数) (0,1] and s N. Consider the chain C adopted by an honest party. Let sl2 be the slot associated with the last block of C and let sl1 be a prior slot in which C has an honestly-generated block. If sl2 ≥ sl1 + s, then the number of blocks appearing in C after sl1 is at least τs. The parameter τ is called the speed coefficient.
正直なチェーンの成長。正直ノード採用チェーンCの場合で最後のスロットSl2,その前をSl1とする。 sl2≧sl1 + sの場合、sl1の後にCに現れるブロックの数は少なくともτsである。

Existential Chain Quality (CQ); with parameter s N. Consider the chain C adopted by an honest party at the onset of a slot and any portion of C spanning s prior slots; then at least one honestly-generated block appears in this portion. ;存在するチェーンの品質;正直ノードにより採用したチェーンCとそれ以前のsスロットにまたがるCの任意部分見ると、少なくとも1つの正直に生成されたブロックが表示される。


Chain Growth (CG); with parameters τ (0,1] and s N. Consider the chain C adopted by an honest party at the onset of a slot and any portion of C spanning s prior slots; then the number of blocks appearing in this portion of the chain is at least τs.



Security Model.(機能F(複数機能)より、Persistence・Livenessを満たす);セキュリティ分析のために導入される機能



機能Fのインターフェース=FD(diffuse拡散(同期機能でもある))+KT(key and transaction)
Fの制限を超えて、プロトコル実行を実行している環境Zからmessage (Corrupt,U) の許可が与えられている場合のみ、攻撃者はステークホルダーを破損させることができる。

・各スロットsljにおいて、環境Zは希望するステークホルダーの任意のサブセットをアクティブにすることが許可されています。 それらのそれぞれはおそらく他のステークホルダーに送信されることになっているメッセージを生成するでしょう。


Restrictions imposed on the environment.環境への制限


・ステークホルダーのビュー=次の形式の公開鍵とステークペアのセットSj(r)∈{0,1} *×Nが含む。
・破損鍵の総ステークスを総ステークスΣisiで割った値が1 /2-δ未満であることが成り立つ場合、敵対者は特定の実行においてパラメータδ> 0の範囲内で(1/2  – δ)に制限されると言える。
・上記に違反すると、イベントBad1 / 2-δが起きた!という。
性質Qが成り立つとき、同時に、QBad1 / 2 −δも無視できない確率で同時に成り立ち、敵対者とBad1 / 2 −δを引き起こす環境を排除する。

ここもほとんど何を言っているのかわからないと思いますが、シンプルにいうと、Bad1 / 2 −δが起きたら大変で、ざっくり言えば、過半数以上のステークが悪いステークだと大変だ、ということです。


ε, σ=ステークの変化;最初は(1/2  – ε)実行中は(1/2  – ε – σ)を限界とするσ以下のステークの変化は十分に短い機関にて発生する。
→つまり開始時点で、敵対ステークが(1/2  – ε)だったらBAD。実行中に(1/2  – ε – σ)になったらBAD


(1)静的ステーク。D=L=R。初期のままのステークでエポックの分割もなし。環境制限により、1/2 −ε以下の敵対的ステークホルダーはありうる。FLSよりρについてステークに応じたリーダー選出が行われる。m個の鍵のサブセット選出し、Rにおいて圧倒的確率で正直多数の委員会を形成する。最長チェーンルールより、敵対者はフォークが可能となるが、定理4−24から、(隠れた敵はセクション6にて)新規組み合わせ理論より、k共通接頭辞とならない確率は指数関数的に√kで低下することを証明する。

(2)ビーコン、敵対的先読みE、R個のスロットのエポック期間、および遅延D≒2R Lを用いた動的ステーク
ビーコン=規則的な間隔で一様にランダムな文字列を発信する信頼プロトコル(スロット{(j − 1)・R + 1、…、j R}の間に、後続のエポックのためのリーダー選挙機能をシードするj番目のランダムなストリングを明らかにする。)
静的ステークとの違い=ステークの分布は変更が許可され、ブロックチェーン自体から引き出されること=(j≧2​​の)j番目のエポックの間に採用されたステークの分布が、適切なパラメータkに対して(j − 1)・R − kより小さいタイムスタンプを有する最新のブロックによって決定されることを意味(kは後ほど正確な公式が与えられる)=環境を通じて取引をステークホルダーに転送される
・ステークの分布はσだけずれても問題ない。また、(1/2 +ε+σ)が正直なプレーヤーであることを前提とする。→過去の分布から、正しいステークの分布の推定をできる
セキュリティ証明=静的ステーク証明で示された基本ケース付きのエポック数L / Rの帰納的結論=敵対ステークに縛られる(1/2  – ε – σ)はセキュリティとして十分と結論づけられる。
(そして委員会の規模mを克服するために選択されるべきである)。システムの寿命がそのような数の連続するエポックを含むことを考えると、サイズln(L / R)の付加項も含まれる。








Theorem 5.5. Fix parameters k, l, E, ε, σ, R, and L, where R ≥ 2k + 4l and L is an integer multiple of R. Consider an execution E of Π[πDPoS,πDLS] with lifetime L coupled with a (1/2 − ε)- initially-bounded adversary A with corruption delay D = 2R and environment Z exhibiting a stake- shift of σ over l slots. Then persistence, with parameter k, and liveness, with parameter u = 2(k+l), are violated with probability no more than
ε := L · [exp(−Ω(√k)) + O(exp(−2ε2l))] + εH + (L/R)εDLS + εDSIG .
Here εH denotes the probability of a collision occurring among the queries to H (including those of A), εDSIG is the distinguishing advantage of tance of the DSIG implementation. The above the digital probabilities signature implementation, εDLS is are in the conditional space ¬Badthe dis- 1/2−ε−σ.

定理5.5。 パラメーターk、l、E、ε、σ、R、およびLを修正します。ここで、R≥2k + 4lおよびLはRの整数倍です。ライフタイムLをaと結合した] [πDPoS、πDLS]の実行Eを考えます。 1/2-ε)-破損遅延D = 2Rの初期バウンドの敵Aと、lスロットにわたるσのステークシフトを示す環境Z。 次に、パラメーターkを使用した持続性とパラメーターu = 2(k + l)を使用した活性は、最大で次の確率で違反します。
ε:= L・
[exp(−Ω(√k))+ O(exp(−2ε2l))] +εH+(L / R)εDLS+εDSIG。
ここで、εHはH(Aのクエリを含む)のクエリ間で衝突が発生する確率を示し、εDSIGはDSIG実装のタンスの際立った利点です。 上記のデジタル確率シグニチャの実装、εDLSは条件付き空間¬Badthedis-1 /2-ε-σにあります。



・n個のステークホルダーU 1、…、Unの固定集合は、プロトコルを通して相互作用
・プロトコル開始前に、Ui は si ステークを持つ。
・Definition 4.1(Genesis Block)=B0=①公開鍵により識別されたステークホルダーリスト②各々のステーク(vk1,s1),…,(vkn,sn) ③補助情報ρ(ρ;スロットリーダー選出のシードに利用される)
・Definition 4.2 (State). =string st {0,1}λ.
・Definition 4.3 (Block). =ブロックB (スロット sl {1,…,R} から生成)= ①現在の state②data d {0,1}③スロット番号sl③署名σ = Sign sk(st, d,sl) =Uに対応するskのもとで計算されたもの
Definition 4.4 (Blockchain). B0のブロックチェーン=厳密に増加する一連のスロットで接続された一連のブロック(B1,…,Bn)、でBi=H(Bi-1)を満たすもの
・Definition 4.5 (Epoch).=集合S = {1,…,R}=R個の隣接スロット

・Definition 4.6 (Adversarial Stake Ratio)=α=(∑jUA sj)/(∑ni=1 si)=

n=the total number of stakeholders
si stakeholder Ui’s stake.
・Definition 4.7 (Leader Selection Process)ステークホルダー分布のS = {(vk1,s1),…,(vkn,sn)}, (D,F)におけるリーダー選出過程=分布+関数
・関数=ρ←Dのとき、すべてのslj{sl1slR}に対して、FSρslj)はpi = si /∑nk=1 skの確率(ステークの保有率)でUi{U1Un}を出力する。(si Uiの保有ステーク・確率変数{F(S, ρ,slj )}は独立・この結果はスロット間で独立)
・Definition 4.8 (Valid Transaction)=(tx, σ)は以下が成立すればVにより確認される取引
・Vrfvk1(σ, tx)=1.
Definition 4.10 (Characteristic String).;The characteristic string w {0,1}n of S =「the adversary controls the slot leader of slot i + k. 」→「wk=1」(1以外なら正直ステーク、1なら敵対ステーク)
 前提;Fix an execution E with genesis block B0, adversary A, and environment Z.Let S = {i + 1,…,i + n} denote a sequence of slots of length |S| = n.
Definition 4.11 (Fork).=F w=Fはストリングwのフォーク= rooted tree F = (V,E) with a labeling l ・ V → {0,1,…,n}
・Let w {0,1}n and let H = {i | wi = 0} ;正直なストリングの集まり
• each edge of F is directed away from the root;
• the root r V is given the label l(r)=0;
• the labels along any directed path in the tree are strictly increasing;
• each honest index i H is the label of exactly one vertex of F;
• the function d : H → {1,…,n}, defined so that d(i) is the depth in F of the unique vertex v for which l(v) = i, is strictly increasing.
(Specifically, if i, j H and i
Definition 4.12 (Tines, depth, and height)
・We borrow the “truncation operator,” described earlier in the paper for chains:
・for a tine t we let tk denote the tine obtained by removing the last k edges;
if length(t) ≤ k, we define tk to consist solely of the root.

■Covert Adversaries秘密裏の敵対者とは?


こういう攻撃をする人を、Covert Adversaries秘密裏の敵対者という。

■匿名プロトコル拡張の説明 Anonymous Communication and Stronger Adversaries

・DF;右記以外は、セクション2のように機能する。受信者Urの受信トレイ配信前、送信者の情報を全てのメッセージから削除して回る。実際はMix-networks [19] or DC-networks [20] の実装




(1)Double spending attacks


(2)Grinding attacks


(3)Transaction denial (censorship) attacks


(4)Desynchronization attacks


(5)Eclipse attacks

Desynchronization attacks同様、敵対者をパーティーに組み入れた場合、攻撃可能とな理、組み入れたパーティーには活力と持続性は保証されない。

(6)51% attacks


(7)Bribery Attacks


(8)Long-range attacks


(9)Nothing at stake attacks

ステークホルダーがオンラインであれば、 ①analysis of forkable strings(敵対者があらゆる戦略を行なっても、実行可能なものはない。)②チェーン選択ルール(前回オンライン時から昔のフォークは無視される)により処理される。
一部のPOSでは“tragedy of commons”;ステークホルダーが攻撃を止めることができず、攻撃に加わらなくても経済損失を招く可能性があり、それを見越して、代替通貨での少額の賄賂で攻撃に参加してしまう、ということを招く。
Vitalik Buterin. Proof of stake faq., 2016.

(10)Past majority attacks

Nothing at stake attacksの特別版



I will talk a little about quantum tolerance. As you may have noticed, the word “quantum tolerance” has disappeared in new roadmap.

Does this mean that Cardano has lost to Quantum PC?
I want to mention a little,

In conclusion, research is underway at this stage.

Sub-ledger implementation, specific attack pattern identification, countermeasures

Measures are scheduled to proceed in the form of, but in the first place quantum PCs themselves (of course, there are quantum PC products with incomplete performance to break prototypes and cryptocurrencies) are rarely mentioned because they are still under development.

According to Charles, at present, quantum PCs may break simple protocols such as BTC, but they will not have the power to break complex protocols.

In fact, quantum PCs are good at performing a lot of very simple processing, but at present, they are not good at performing a lot of complicated processing.

However, as quantum PCs evolve, it is of course important to prepare for the threat.

There is no immediate danger, but it is going on research.

The reason is simple

① If the attack target is unknown, attackers can not attack (difficult to)
②If the node is anonymous, the government and the UN cannot control it (censorship resistance)
So privacy is often taken up as a trade-off with regulations, but it must also be considered from a security perspective.

The Bitcoin Backbone Protocol Against Quantum Adversaries

October 2019, EPrint Archive

Decreasing Security Threshold Against Double Spend Attack in Networks with Slow Synchronization

Lyudmila Kovalchuk,Dmytro Kaidalov,Andrii Nastenko,Mariia Rodinko,Oleksiy Shevtsov,Roman Oliynykov

March 2019, CryBlock 2019

Leakage-Resilient Cryptography from Puncturable Primitives and Obfuscation

Yu Chen,Yuyu Wang,Hong-sheng Zhou

February 2019, Asiacrypt 2018

Memory Lower Bounds of Reductions Revisited

Yuyu Wang,Takahiro Matsuda,Goichiro Hanaoka,Keisuke Tanaka

February 2019, Eurocrypt 2018

Impossibility on Tamper-Resilient Cryptography with Uniqueness Properties

Yuyu Wang,Takahiro Matsuda,Goichiro Hanaoka,Keisuke Tanaka

February 2019, EPrint Archive

A Formal Treatment of Hardware Wallets

Myrto Arapinis,Andriana Gkaniatsou,Dimitris Karakostas,Aggelos Kiayias

January 2019, Financial Cryptography 2019

The Combinatorics of the Longest-Chain Rule: Linear Consistency for Proof-of-Stake Blockchains

Erica Blum,Aggelos Kiayias,Cristopher Moore,Saad Quader,Alexander Russell

October 2018, SODA20

Ouroboros-BFT: A Simple Byzantine Fault Tolerant Consensus Protocol

Aggelos Kiayias,Alexander Russell

October 2018, EPrint Archive

Ouroboros Genesis: Composable Proof-of-Stake Blockchains with Dynamic Availability

Christian Badertscher,Peter Gaži,Aggelos Kiayias,Alexander Russel,Vassilis Zikas

October 2018, CCS 2018 (ePrint Archive)

Formal specification for a Cardano wallet

Duncan Coutts,Edsko de Vries

September 2018, IOHK

Account Management and Stake Pools in Proof of Stake Ledgers

Dimitris Karakostas,Aggelos Kiayias,Mario Larangeira

August 2018, IOHK

MARS: Monetized Ad-hoc Routing System (A Position Paper)

Berndardo David,Rafael Dowsley,Mario Larangeira

June 2018, CryBlock’18

Stake-Bleeding Attacks on Proof-of-Stake Blockchains

Peter Gaži,Aggelos Kiayias,Alexander Russell

April 2018, Crypto Valley’18

Ouroboros Praos: An adaptively-secure, semi-synchronous proof-of-stake protocol

Berndardo David,Peter Gaži,Aggelos Kiayias,Alexander Russell

June 2017, Eurocrypt’18

SCRAPE: Scalable Randomness Attested by Public Entities

Berndardo David,Ignacio Cascudo

March 2017, ACNS

Fireflies: A secure and scalable membership and gossip service

Havard D Johansen,Robbert Van Renesse,Ymir Vigfusson,Dag Johansen

November 2016,

Blockchain Mining Games

Aggelos Kiayias,Elias Koutsoupias,Maria Kyropoulou,Yiannis Tselekounis

October 2016,

Ouroboros: A Provably Secure Proof-of-Stake Blockchain Protocol

Aggelos Kiayias,Alexander Russell,Berndardo David,Roman Oliynykov

September 2016, CRYPTO’17

Fair and Robust Multi-Party Computation using a Global Transaction Ledger

Aggelos Kiayias,Hong-Sheng Zhou,Vassilis Zikas

March 2016, EPrint Archive

Conclusion = Accuracy in Cardano is mathematically assured from (1) theoretical aspects and (2) implementation aspects.

Other platforms are also  Insist. “i am accurate!!”
What is the difference?
You can consider from two perspectives.

1 What is the basis for accuracy in “theoretical aspects”?

Cardano has made a mathematically unambiguous proof, and the proofing process has been reviewed by experts from the highest-ranked societies in the top 4% of the world’s societies.

・ Major system Ouroboros-related (Ouroboros Classic; Crypto17 Society, Ouroboros Praos; Eurocrypo18 Society, OuroborosGenesis; CCS2018 Society) is approved by the society with the highest A✴︎ (within the top 4%) (Academic Rank Rating page)

There are many projects that insist on accuracy with presentations at SNS, HP, conferences, papers that were created internally and not reviewed by third parties, and papers that have been peer reviewed but are not the highest academic societies Please be careful.

2 What is the basis for accuracy in “implementation”?

Cardano uses prototypes, technical specifications, formal methods, and functional languages ​​based on theoretically accurate papers and implements them while mathematically confirming that they are implemented according to the content of the paper.

1) Prototyping → Producing technology use by repeating trial production
2) Technical specifications → Confirm that “theory” matches “implementation” with the technical specifications for functionality and operation.
3) Formal development methods → rigorous, mathematical techniques for testing that software works exactly as intended
4) Functional programming Haskell → Less ambiguous than other languages and easy to test mathematically.

Keep in mind that many projects do not mathematically prove that the code properly reflects the paper or vision of the project.

No.1 papers in the blockchain world

■A site where you can confirm that your most important Ouroboros family articles have already been peer-reviewed
(1)Ouroboros: A Provably Secure Proof-of-Stake Blockchain Protocol CRYPTO’17


(2)Ouroboros Praos: An adaptively-secure, semi-synchronous proof-of-stake protocol Eurocrypt’18


(3)Ouroboros Genesis: Composable Proof-of-Stake Blockchains with Dynamic AvailabilityCCS 2018 (ePrint Archive)

CCS 2018

■ Other important papers (all high-ranking academic societies)
Leakage-Resilient Cryptography from Puncturable Primitives and ObfuscationFebruary 2019, Asiacrypt 2018
Ouroboros Crypsinous: Privacy-Preserving Proof-of-Stake, IEEE Symposium on Security and Privacy
Memory Lower Bounds of Reductions RevisitedFebruary 2019, Eurocrypt 2018
Sonic: Zero-Knowledge SNARKs from Linear-Size Universal and Updateable Structured Reference StringsFebruary 2019, ACM Conference on Computer and Communications Security ACM CCS 2019.
Proof-of-Stake SidechainsJanuary 2019, IEEE Symposium on Security and Privacy
A Treasury System for Cryptocurrencies: Enabling Better Collaborative IntelligenceDecember 2017, NDSS’19

Achievability in Cardano = ① Development activity is always the overwhelming first place in all currencies. ② Funds are secured by financial system (see “Sustainability” pull-down).

Objectively measured development activity index from Github etc., Cardano is always the “overwhelming” first place development activity among all currencies(santiment

1 How much is ADA’s development activity among the top 100 market cap crypto ?




2 How much is ADA’s development activity among the top 100 development activity crypto ?




3 How many papers in Cardano?




・To make it even easier to understand, if you show how much times CardanoADA development more active compared to other currencies.

For example, ADA is actively researching and developing 6.5 times that of BTC.BTC x6.5

ETH x2.15
XRP x28.23
BCH x 274.92
BNB x 497.47
EOS x3.88
XLM x5.89
TRX x 10.62
XMR x 33.06
HT x40.49
LINK x 8.17
MIOTA x 7.18
DASH x33.80
ATOM x 4.22
NEO x17.91
MKR x 13.89
ONT x 37.44
DOGE x10447
BAT x15.68
ZEC x 39.27
PAX x 117.38
HEDG x5223.49
VET x180.12
TUSD x2089.39
ZRX x4.35
QTUM x29.42

Many sites simply count only the number of commits, but since santiment takes into account the total number of PRs, comments, wiki edits, and functioning repositories, the number is fairly close to reality.

■ Hmm … Isn’t it just showing a lot of development activity by playing with Github appropriately? If you think that, Cardano Update can be seen on the site where Cardano commits are increasing.

Decentralization in Cardano = (1) Quantitative; it is possible to decentralize 100 times and 1000 times of other projects, theoretically infinitely. + (2) Qualitative , almost any person in the world can enter a decentralized system (and is mathematically proven)

Other projects are also Insist. “I am Decentralized!!!”
What is the difference?
This difference can be considered from two perspectives.

1 Quantitative decentralization-1000 times the other, theoretically infinite decentralization (mathematical proven)


To be exact, “Ouroboros can set how much it is decentralized in game theory (and it has been proved mathematically).”

Currently, Ouroboros is designed to finally become “1000 people maintain with 0.1% power each” (Not mean 1 person has 99.9% power and 999 people has 0.0001% power!).
There is no absolute definition of how many pools are distributed. It can be changed to a setting that will create 10,000 or 1 million pools with the same power in the future.

When talking about decentralization in other projects, be aware of how decentralized it really is in game theory.


2 Qualitative decentralization-low barriers to entry, almost anyone in the world can enter a decentralized system (mathematical proven)


Even if there are many maintainers, if the conditions for becoming a maintainer are severe, the system will be maintained by people with limited attributes and will not be decentralized qualitatively.

The participation conditions of the Cardano database are that it is always online and can be handled by a medium-sized computer (about tens of thousands of yen), so no deposit is required and anonymous participation is possible.

・ BTC and other POW-related currencies require a very strong computing power and need to invest in their dedicated high-priced machines. Also, when handling large blocks such as BCH / BSV, a high network speed is required.
・ ETH and many other POSs require a deposit and fund lock. Eth requires a 32Eth deposit and has an 18 hour lock.
・ Many BFT consensus, including XRP, must establish a list of nodes with a certain level of trust, impose restrictions on participation, and anonymity (to prevent attacks by regulations and bribes risk) is prone to loss.

If you look closely at each mechanism, there are unique restrictions such as expensive investment, specific area, anonymity, high-speed Internet environment, etc. It may be something that ordinary people like you can not participate easily Please be careful.

Assuming 100 stake pools, if pools A and B are 0.3% and 1.2% stakes, respectively, A will receive 0.3% of the reward pool, but B will receive only 1%. Pool B is therefore adjusted to be 1% stake. That way, if each act with their own interests, 100 decentralized stake pools of less than 1% will be created.
For more information, check out the reward system commentary site
【Reward Sharing Schemes for Stake Pools】
【Commentary Site】

And, Perhaps the first time in the world, “Ouroboros Chronos” will handle “time” in a distributed manner.

Sustainability in Cardano = sustainable for thousands of years with (1) voting function for core system addition / change decision (2) Cardano core system development funding function.

This is a natural function. But as a platform, as a currency, unbelievable things are happening…

1 Voting function for core system addition / change decision


Cardano has decided that ADA holders as people who want to grow the Cardano system and who are decentralized will have the authority to add or change core systems (or can grant authority to someone who is suited).

What if your dollar splits into a dollar and a dollar classic, and such a disruption has occurred once every few years?
A shop that can only be settled in dollar, a shop that can only be settled in dollar Classic, and a shop that only deals with dollar Classic Cash when it appears … It’s a nightmare, something like a joke.
Since there is no formal procedure for how to change the core system, this is the norm in the world of cryptocurrency and database development.

The person who has the merit for system growth should be decided, but it is not decentralized for developers / major miners / charismatic founders to decide by collusion / discretion. In particular, very important matters such as the “issue limit” should not be determined by such a small number of collusions.

So Cardano decided to do the above. You can vote for it directly, or you can entrust someone (example IOHK CEO Charles / Emurgo CEO Kodama).

2 Core system development funding function

At Cardano, ADA holders as people who want to grow the Cardano system and who are decentralized has the authority to give the developer the development funds saved from the transaction fee (or can grant authority to someone who is familiar).

What if the American government bows in the news every day to get donation about dollar development fee? Or what if volunteers are doing maintenance on the dollar ? (see Wikipedia donations)
Do you want to put the most important money after your life in such an unstable currency or database?
Since there is no formal way to raise funds, this is the norm in the world of cryptocurrency and database development.

Cardano can gradually send ADA from the transaction fee to the financial warehouse, which can be used to fund the development of the Cardano system, and can continue to evolve without relying on donations and volunteers in the future.

Scalability in Cardano = For the first time in history, Cardano will be able to withstand the use of billions of people while still being “decentralized” and “security”, and will continue to be scalable and cheap.

1 Shading (Basho; Ouroboros Hydra)

Speedup by parallel processing called “shading” of Ouroboros Hydra compatible with distributed security implemented in the Basho period (3 times faster by managing the database divided into 3 group) Technology) and this is the biggest feature.

It should be noted that no project has been able to introduce shading that is both decentralized and security. In the first place, shading itself is usually done in AWS. Since it is extremely difficult to achieve both “decentralization” and “security”, it is necessary to consider this point in particular.

2 Layer separation approach

Cardano plan to increase the speed by dividing the payment layer and processing layer, and by using a lightning network.

3 High speed of language

Haskell, a fast and error-free language, creates the main protocol and the SmartContract Plutus / Marlowe.

4 RINAnetwork

In the form of a network suitable for decentralized type, it will be possible to increase the security, make the network simpler and faster.

5 Speed ​​up in all other development processes

High speed is pursued in the whole development process (light wallet / optimization of UTXO coin selection).

What i strongly want to say is one thing.
Please keep calm and think “WHY SLOWEST BTC IS STILL NO1 Market Cap?”

High speed is easily available at the expense of Security and Decentralization
In the first place, if you want a high-speed database, it is enough to use Amazon’s service called “AWS”.
The assertion that “HEY!! This currency / database is so fast that it surpasses bitcoin!” is very very stupid, and probably don’t understand anything. (I used to do that.)
Is the currency / database decentralized? Are there any barriers to entry? Has security been proven?

Again, Please keep calm and think “WHY SLOWEST BTC IS STILL NO1?”

And once again, make sure Cardano”s security decentralized accuracy in each pull-down.

There is a very fast and inexpensive technology called DAG.
Cardano chose POS + shading when choosing between DAG and POS + shading.
This is because DAG is certainly fast and inexpensive, but it is possible to increase the speed even with POS + shading and to ensure security, decentralization, and interoperability.
I think this judgment is reasonable at this stage.
In the future, if research on DAG progresses and other advantages other than high speed are found one after another, I think that it would be enough to consider moving to DAG.

Legality in Cardano = has balance between “individual rights” and “market rights” and has maximum legality.
“market rights” = do  “①Granting identity data to transactions, ②accuracy of identity data itself, ③compulsory execution related to taxes and transaction restrictions” for “①Anti-money laundering, ②customer confirmation to eliminate anti-social forces, ③clarification of transaction details”

1 Balance between “individual rights” and “market rights”

Cardano has reached a position to balance “individual rights” and “market rights”.

[Individual rights] In order for government financial institution companies to function even in corrupt developing countries, governments cannot forcibly confiscate assets without individual permission. This “individual right” is thoroughly protected.
[Market rights] On the other hand, the market has also made it possible to require trading conditions from individuals. If an individual is OK with this, the individual must follow the rules of that market.
For example, suppose you deposit ADA at a DEX (Distributed Exchange) in America. At this time, the decentralized exchanges have “market rights”
・This ADA have to be accompanied by accurate identification data, and if it falls under anti-social list data or is underage data, compulsory refund processing is possible.
・ If the profit for a specific period is automatically paid to America as a tax, or if the tax is not properly paid to America, the ADA is forcibly seized by using a private key held only by the American regulator Being able to process
If you want to join it on a decentralized exchange, you will follow the rules of this market.

Bitcoin has abandoned identity data to eliminate intermediate exploitation, making the market difficult to handle. There are also currencies that give the state a compulsory seizure right, but this is not in line with ADA’s vision to withstand use in corrupt countries. Therefore, we decided to proceed with the above balance type.

2 Checking the accuracy of metadata using a distributed reputation system


The most difficult question is “How to make sure that the metadata is correct, while protecting your privacy?”
There is no absolutely accurate way to confirm that Tanaka-san is really Tanaka-san while maintaining dispersibility. There is only a better way.
One concept for this is a decentralized reputation system.

By voting with ADA, etc., give a reputation that this person can be trusted. Initially IOHK and Emurgo will be on the reputation list, but this will gradually be decentralized.
An account that is particularly reputed on this reputation list will send Tanaka’s driver’s license and passport from the Cardano account, Tanaka-san, and authenticate the identity data.
Accounts that are particularly reputed on this reputation list authenticate their identity data when they receive Tanaka’s driver’s license and passport data from Cardano’s Tanaka account.
Furthermore, the Acri Juel’s Town Crier protocol also enables secure web scraping for use in smart contracts and other applications.

Privacy in Cardano = (1) Increase confidentiality to the limit where regulation is not an issue+(2)The traceability part of the payment layer will into account the balance between regulation and community views.

1 Other Privacy( regulation no issue level )

Increased confidentiality by smart contract confidentiality Kachina, etc.

2 Privacy( regulation issue level )

The research has been peer-reviewed, but because of the interests of people who already own ADA whether it is actually implemented depends on community voting in the voting system.

With the pull-down below,I comment on it.
・ Privacy is also an element to protect security and decentralization
・ Problems of common sense about Privacy
・Cardano may not be optimal when purely seeking Privacy

■ Confidentiality is important in protecting “safety”
Confidentiality affects security, not just the level of embarrassment when seen.
This is because if the transaction is completely anonymous, the hacker’s point of view does not know where to attack.
A less anonymous currency is less secure in that respect.

■ Confidentiality is “natural”
“There are people who hide their knives in their pants, so please go out naked.”
What do you think?
I know that nobody says “I don’t hide the knife in my pants, so I can be naked in out”.
You think as “Why? Why do I have to be embarrassed for such a few dangerous people? I cannot!”

“Some people are laundering money, so please open all the contents of your bankbook.”
If you are asked that way for some reason, you may say: “I don’t have drug deals, so I can’t help walking with my passbook open.”
But, you can think as “Why? Why do I have to be embarrassed for such a few dangerous people?”

Furthermore, cryptocurrencies that are more anonymous than cash cannot be developed.
For cryptocurrencies, at least a person with a wallet can tell who sent the currency by seizing the wallet, but cannot know who sent if it is cash.
If you want to prevent money laundering, you can say that you should crack down on cash.

■ Cardano is not optimal if only pure confidentiality is required

Other POW currencies / databases specializing in anonymity may be more confidential in principle than Cardano as long as Cardano understands the amount of each stake due to the POS mechanism,

Also keep in mind that if you just want to maximize your anonymity purely, it is best to do cash transactions.

Transparency at Cardano =the development process is the most open.

・ Research results (IOHK paper)
・ Development results+prosess (Github)


1 Development on a test net that can be attended by general community members

Development takes place in a form that involves the community. You can also join today.

2 There is a dedicated telegram in each country ( community can ask questions the core team in the language of that country)

How many blockchain communities have an official non-English community where you can exchange questions in non-English? I think it’s almost English only

3 There will be AMA (Ask me anything) from IOHK CEO Charles and the development team

You can ask questions directly AMA. The community also has a search tool for questions that have been done at AMA, so you don’t have to listen to it all from the beginning.

Fairness in Cardano  = (1) is mathematically proven in paper as a system with complete equality by (2) the only quantifiable reward rate(a constant rate of return on investment). 

Thus, despite some criticism that POS is not fair equality, complete fairness has been mathematically proven.

1 Perfect equality means that the rate of return on investment is constant, for example, the higher the amount of investment, the higher the rate of return on investment.

(Example) In the following, the reward rate is 1%, so it is completely equal.
・ People with 10 billion ADA get 100 million ADA with staking reward → 1% reward rate
・ People with 100ADA get 1ADA with staking reward → 1% reward rate

2 Reward rate is the only way to evaluate mathematically by quantifying fair equality


In the above example, there is a difference in income of 100 million times, so many people may intuitively feel that it is a bad. But unfortunately, reward rate is the only way to evaluate mathematically by quantifying fair equality

For example, if someone who invested in 100ADA has 5ADA added, is it a little fair?
If so, how can 5ADA be mathematically derived?
What is the mathematical basis that “if it is 4ADA, 6ADA, and 4.99999ADA,it is inequality. but 5ADA is fair.” ?

So, fair equality can only be judged mathematically by the reward rate, and Cardano has full equity equality.

関連論文;Cryptocurrency Egalitarianism: A Quantitative Approach
Dimitris Karakostas,Aggelos Kiayias,Christos Nasikas,Dionysis ZindrosAugust 2019, Tokenomics 2019

Economic in Cardano = determines the database maintainer by the amount of stakes not the calculation power, so does not require a large amount of power.

“I don’t care about environmental issues, I don’t sympathize with the poor dolphins and polar bears, and I don’t care about the increase in CO2.” I am honestly not interested in environmental issues and you may think samely.

But even for such me, feel that Proof of Work is too bad.
① Quantitatively (electric power consumption comparable to a small country)
(2) Qualitative (Calculations that are not meaningful in themselves,The development cost of a dedicated computer to perform the meaningless calculation,R & D costs to ensure that only specific, expensive computers are not available for decentralization)

It seems to be a system that is difficult to recommend as a nation because it cannot be said to be a sustainable mechanism from the viewpoint of the global environment.

Interoperability in Cardano = achieves maximum interoperability while maintaining security non-centralized scalability with side chain technology.

Currently in the research and development stage, Cardano wrote a lot of papers related to the side chain.
Furthermore, interoperability with private chains such as Atala is proceeding to introduction into actual society.

In the first place, there is no universal currency.
I think No1 is a Cardano database, but it would be useful if it could interoperate with No2 and later databases and be used within the Cardano system.
・ For example, I don’t know if a function with strong anonymity can be used with Cardano’s main chain ADA.
ADA holders may decide that it is better not to introduce this due to regulations.
In that case, you may want to interoperate with currencies such as Zcash that provide strong anonymity.
・For example, IOT is also planned to be handled by Cardano’s chain, but since it is not a top priority, you may want to interoperate with chains that have been dedicated to IOT functions such as IOTA.

SmartContract in Cardano =  (1) Strict/fast/minimal risk of errors (Plutus)+(2) Easy to use for non-programmers (Marlowe) +(3) Multilingual support (IELE) .

SmartContact makes it possible to manage not only money but all services in this world with “everyone”, not with “someone”,
① Loss irreparable on error is happend. ( The Dao incident that caused ETH to be stolen, causing currency division and history rewinding )
② Difficult to use for non-programmer.
③ Had to learn a specific language.
Therefore, ①Plutus②Merlowe③IELE is developed.

Of course, SDK enhancement and token issuance are also possible. It is similar to Ethereum’s ERC20, but can be handled with reduced cost and increased safety.

1 Plutus – Strict/fast/minimizes of errors for developers of financial institutions / large enterprises

An enterprise-level dedicated platform that uses the functional programming language Haskell to avoid ambiguity and simplify testing, and can use the same code both off-chain and on-chain (often different in other languages).
Testable on Plutus Playground / Udemy / Books are also available.

2 Marlowe – Easy to use non-programmers

Plutus / Haskell-based financial smart language, for non-technical people with no programming experience, such as business / industry experts / financial analysts. Test with the Meadow emulator.
Anyone can easily create a smartphone by assembling blocks like a puzzle in this way.

3 IELE –ultilingual support

It can handle multiple languages ​​and can interoperate with Ethereum. You can test on the IELE test net.

Finality in Cardano = can ues finality function as an additional function

Immediacy (finality) function is
・ The nature of transactions being determined almost immediately.
・ Transactions do not rewind and are advantageous for normal settlement and interoperability with banks and other cryptocurrencies.
・When using this function, the security is low. Specifically, the level of adversary nodes required for the system to stop is 34% instead of 51%.

Cardano decided Immediacy (finality) function is apply as an additional function because security is more important than Immediacy (finality).
Cardano insist that: “use the Ouroboros eventual consensus protocol which is secure under the strongest possible stake-based guarantees as the solid foundation over which services such as near-instant settlement in optimistic network conditions can be safely built.”

it seems very reasonable.

Stability in Cardano = will ultimately be the most stability in price by largest transaction volume in the world because it has no1 property of database.

“Huh? Do you know StableCoin ? It’s very stable because it’s begged in dollars.”
You may think so.
Dollar fluctuates centrally depending on the president’s finger and the US economy / additional dollars, etc.
Nevertheless as of 2019, the dollar has an overwhelmingly large transaction volume so relatively it is stable.
But when cryptocurrency become bigger volume than dollar, the cryptocurrency become more stable than dollar.
I believe it will be the main asset ADA in the Cardano database.

A simple comparison between Cardano and other platforms.
There is certainly a bias in knowledge, and there are many fundamentally different things, so it is too difficult to compare all of them, so just compare “the most important comparison points”. There is a possibility to write a detailed one at a later date.

(1) BTC

Are you surprised to hear that ADA has the closest philosophy to BTC?

In both cases, security decentralization is the highest priority.
Therefore, the features such as probabilistic agreement and stratification are similar.
Therefore, ADA is “BTC POS version” .
It is a reassuring fact for ADA that BTC has the highest market capitalization and has gained market support.

The reason BTC does not use POS is simply because “security” cannot be guaranteed.
In fact, BTC doesn’t like wastefully calculating anything but there were many problems at POS.
But we know that ADA formally proved the security of POS at Ouroboros in a peer-reviewed paper. ADA will be able to beat BTC as a “BTC POS version”.

It should be noted that “scalability” and “richness of functions” are not the reason to beat BTC.

In fact, every major altcoin has a lot of features that are faster and richer than BTC’s. But in fact, it was obtained at the expense of decentralization and security. We have to think it means before think as “market is stupid”

(2) ETH

Are you surprised to hear that ADA is the only currency with developmental activity that surpasses ETH?

Although “self-proclaimed” ETH killer is abundant in this world, only ADA has more development activity than ETH.
Differences from ETH cannot be talked too much about on-chain governance, funding system, deposit, fund lock, time decentralization, separation of payment layer and smart contract layer, UXFO correspondence. But dare to say one The road to ETH 2.0(ETH POS + shading) is too chaotic, while the path of ADA POS + shading (Shelley / Basho) is fairly tidy.

ETH was originally created without assuming the introduction of POS, and it is difficult to replace many of the current smartcontract while running tires of cars running on highways. Shading will be introduced at the same timing, but there is no officially proven safety and it is very chaotic.

I think these will eventually be achieved with the technical capabilities of ETH personnel, but there may be safety issues along the way, or the final implementation may take 10-20 years.

Since ADA is a project that started as POS project, and for better or worse it is now centrally operated by IOHK etc., and materials for formal specifications related to shading is writing. Transition and shading will be much going well than ETH.

(3) XRP

Are you surprised by the fact that “XRP and ADA are similar in that they emphasize“ interoperability with banks ”?”

BTC was born as a resistance to the existing system, and XRP aimed to adapt to the existing system. ADA does not allow censorship from corrupt governments, but has been developed to adapt to existing systems such as banks to the extent possible (see Legality pull-down)

So, I’d like to talk about the difference between XRP and ADA … but I’m not sure about this,
This is because XRP has stated that it will delete the Ripple recommended node list by “making network participants choose their own list based on public data on validator quality”. This is because the details of “Select your own list based on public data” are unknown.

What exactly is this quality and how is its accuracy guaranteed? How many people can enter the list and who decides how many?

I hear that approvers can be equivalent to household electricity, so if people all over the world try to become approvers, it may become quality public data for 10 million approver candidates. Of course, there are approvers that are labeled as of poor quality, and there may be 9 million mixed nodes that are trying to show off the quality but are looking for an attack. (If you don’t use much power, these 9 million nodes may be registered by the same malicious person)

How do network participants form an approver list?

If it is possible without sacrificing security, decentralization, scalability, etc., I think that POW and POS will not be required, so attention is paid to how Ripple can design this.

(4) LTC / BCH / BSV

・ LTC is BTC that increases scalability at the expense of some security
・ BCH/BSV is BTC that have increased scalability at the expense of decentralization.

Whether you can fight these depends on whether ADA succeeds in improving scalability without compromising security decentralization.
Roadmap If the development progresses as expected, it will be able to compete sufficiently.

Also, I hear an interesting story about regulation regarding BSV. There are rumors of granting forced seizure rights to the court.

This can be reasonably heard in developed countries, but since ADA is intended for use in developing countries where governments and courts have been corrupted, any person without an individual’s consent can be seized without a private key.

(5) EOS

EOS is a scalable ETH with 21 approvers and at the expense of decentralization.

If ADA has 1000 approvers and achieves both scalability, it will be able to compete well.

Both the criticism of Cardano and the objection to the criticism were arranged, and although the criticism included a part of the truth, I thought that there was no problem because Cardano’s superiority was overwhelming.

(1) Development delay / price slump problem (Because of it)

Criticism “4 years have passed since 2015, but there is only wallet and it isn’t decentralized. It is no longer a cryptocurrency.
Moreover, it would have been nice to say from the beginning that “four years are incomplete”, but in fact it provided a lot of optimistic prospects. Postponed again and again over and over, and the price is dropping each time. What does that mean?
Is it malicious and delayed from the beginning?
Even if it is not malicious and delayed from the beginning, if the realization ability and prediction ability of IOHK are higher, it should have been completed or able to convey realistic predictions at this time. “

Objection: “IOHK is developing a completely new one, so it will take time. If you look at the development activity of Github and the achievements of the top 4% of academic societies, IOHK have taken biggest action.
Code has been rewritten three times with the policy of placing the highest priority on security.
In addition, SCAM cannot:
・ Development activity at the top of all currencies and peer review of top 4% academic societies
・ Alliances with Ethiopia, Mongolia, Georgia and New Balance. ”

(2) Presale KYC insufficient problem

Criticism “When IOHK first sold ADA, it was not confirmed that the person was an anti-social force.”

Objection “ADA was selling in Japan at that time, but I didn’t have a clear law at that time. But to do best, confirmed personal information.”

(3) Pre-sale “excessive advertising issue”

Criticism “There was an agency that sold the ADA when it was first sold saying ” You will definitely make money “. “

Refutation “At that time, we took utmost care. The selection mistake of the agency was bad, but it is not a big incident that hurts the value of ADA.

(4) The problem of low priority of the mechanism for Finality

Criticism: “ETH, XRP and many other late-currency currencies offer a near-instant deal function as the main function, which will become the mainstream in the future “

Objection “Because of the importance of security, we will not provide it as a main function but will be implemented as a sub-function. This is the best mechanism because ① we think security as the foundation, and ②Bitcoin uses the same mechanism. I think the market is also evaluating this. “

(5) Haskell unpopularity problem

Criticism “The main language of ADA, Plutus, is developed based on Haskell, a super-minor and unpopular language, and it is difficult to use.

Objection: “Haskell is certainly difficult to handle, but in the first place it is a choice that emphasizes security and speed. Even if it is not popular, it can be handled in other languages.
・ In fact, some Haskell such as Facebook and Google are also used.
・ In order to become a global infrastructure, we developed Plutus based on Haskell, considering security and speed more than the name recognition and difficulty of the language itself.
・ We have also developed Marlowe, a financial language that greatly reduces the difficulty.
・ Many other languages ​​are supported by IELE. ”

(6) The problem that DAG might be deprived of hegemony

Criticism “DAG is very fast and cheap. Blockchain is old technology.”

Objection: “We can choose DAG or POS + shading. ” POS + shading “would be more advantageous for other interoperability and security.
DAG is a technology with incomplete security certification. “

(7) It is a problem if Charles is angry

Criticism “Charles is angry and seems to be fighting with EOS and ETH. I wonder if he really aims for interoperability.”

Objection “Basically, if the opponent doesn’t sell the fight, he won’t buy it.”

(8) Charles is traveling but development is delaying

Criticism “It seems to always give photos of traveling on Twitter.”

Objection: “I hear from an IOHK employee, Mr. Charles is demonstrating his leadership. and Travel is at his own expense and is done to participate and interact with events around the world.”