Algorand’s Releases Pointproofs to Upgrade Fundamental Blockchain Cryptography
The Algorand (ALGO) project has developed a new cryptographic primitive called Pointproofs. The team believes they are a significant improvement to the Merkle proofs used in many blockchain systems.
Cointelegraph spoke with Sergey Gorbunov, Algorand’s head of cryptography, to learn more about the paper that he and his team published on April 19.
A major development for stateless blockchains
Smart contract blockchains like Algorand and Ethereum (ETH) rely on sharing a common state, which is the sum of all account balances and smart contract variables that define the blockchain.
A major issue with this approach is that the state tends to get bloated over time, making the blockchain progressively harder to validate.
In order to fix this, both Algorand and Ethereum are working to implement a “stateless” approach. Instead of storing the entire state, nodes would only compute the changes to the state from one block to the next, relying on cryptographic commitments to ensure that these changes are valid.
This approach still requires nodes that hold the entire state, but they are no longer necessary for consensus. Gorbunov noted:
“By decoupling who stores the state versus who can run the consensus, you are enabling more people to participate in the consensus itself.”
Megabytes of saved bandwidth
The traditional way of using Merkle proofs adds significant overhead restrictions for each transaction. Gorbunov explained that each transaction needs 320 bytes of data for one proof. In a sample of 10,000 transactions, “that ends up being a 3.2 megabyte overhead, if you were to use Merkle trees,” explained Gorbunov.
This poses major issues for a stateless blockchain. One of the tradeoffs of this approach is a significant increase in network bandwidth when propagating new blocks, an issue that could hinder its performance.
This is where Pointproofs come in. They use pairing-based cryptography to allow the aggregation of multiple proofs. The benefits are significant, as he explained:
“Every proof itself submitted by individual users is only 48 bytes. And then you can take these 10,000 proofs in a block of transactions and aggregate them again.”
The result is just one 48 byte proof that can still be verified as entirely correct for all transactions.
Not just for Algorand
Merkle trees operate across many blockchains, including in Bitcoin (BTC) block headers. While Gorbunov explained that Bitcoin is unlikely to need Pointproofs due to having only one Merkle tree per block, he believes that Ethereum’s stateless client implementation may benefit from them.
According to Gorbunov, Ethereum developers are considering a different solution named polynomial commitments, “which are not ideal,” he said. He argued that Pointproofs would be an improvement, urging Ethereum developers to consider including them.