Blockchain-free cryptocurrencies

From CryptoWiki
Jump to: navigation, search

Blockchain-free cryptocurrency – is a cryptocurrency that use any mechanisms different from Blockchain, the way all the major cryptocurrencies like Bitcoin do. Blockchain is a distributed database that maintains information about all transactions in the form of blocks, protected against revision and tampering. Thus, Blockchain-free cryptocurrencies use other mechanisms to perform the same operations and functions as Blockchain in Blockchain-based cryptocurrencies.



Sergio Demian Lerner was the pioneer of blockchain-free cryptocurrencies. In 2012 he developed the first concept of a cryptocurrency - DagCoin, replacing Blockchain with DAG. The article was published in September 2015. [3].

The article by Anton Churyumov was published in 2015, describing the project of a new Blockchain-free cryptocurrency - Byteball, which is based on DAG. The start of the cryptocurrency is expected in January 2017 [2].

April 3, 2016 the article by Sergey Popov was published, providing an overview of Tangle technology, based on DAG. Tangle is the framework for the Blockchain-free cryptocurrency IOTA, which is aimed at effecting payments between the Internet of Things gadgetry [4].

In September 2016 the article “Blockchain-free Cryptocurrencies. A Rational Framework for Truly Decentralized Fast Transactions” by Xavier Boyen, Cristopher Carr and Thomas Haines from Queensland University of Technology was published on the Cryptology ePrint Archive website [1]. They introduced a way of addressing the 2 major problems with Blockchain-based cryptocurrencies:

  1. the so-called “mining pool” oligopolies - a process, resulting from the fact that mining pools are technologically more advanced, which, taking into consideration the competitive manner of Bitcoin mining, makes mining gainless for individual miners, who are less prepared technologically,
  2. no possibility to speed up the validation process.


DAG-based technologies

DAG (directed acyclic graph) – is a directed graph with no directed cycles. In DAG-based cryptocurrencies each new transaction confirms one or more previous transactions. As a result, transactions perform a structure which represents a directed graph with no directed cycles. The major problem of developing DAG-based cryptocurrencies were limitations on width growth. The situation, when users can pick the same transaction as a parent, was forbidden. Limitations on choosing old transactions as parent transactions also caused problems [7]. Thus, the key objective of designing a new cryptocurrency was developing an algorithm, which during operation presented transactions in the form of a DAG-chain, a directed acyclic graph, whose length is much more than its width (Figure 1, Figure 2). In this case, the graph’s length corresponds to the number of edges of the longest chain, which connects the first transaction with the current transaction. The graph’s width is the number of points, having the same parent point (transaction) and not connected by edges.

Figure 1: A graphic representation of a DagCoin cryptocurrency. Transaction 2 approves Transactions 3 and 4, which, in their turn, approve Transaction 5, because within this cryptocurrency a new transaction can approve one or more transactions.
Figure 2: An example of a database of transactions in the DAG-form for the Byteball-cryptocurrency, where the G-marked нода is the primary transaction or the so-called Genesis Unit.


Tangle – technology at the basis of certain Blockchain-free cryptocurrencies, including IOTA [5]. In fact, Tangle refers to DAG, however, the basic difference between DAG in DagCoin and DAG in IOTA is the minimum of transactions, that should be approved in the new transaction. Thus, in DagCoin every transaction must have at least one parent transaction, whereas in IOTA there must be at least two, that is every new transaction approves at least one old in DagCoin and at least two in IOTA (Figure 3). Besides, as for the design of the cryptocurrency, there is another difference from Blockchain-based cryptocurrencies, which is the lightweightness promoted by the developers, as IOTA was designed to carry out microtransactions between the IoT gadgetry (Internet of Things) [5]. Compared with Blockchain, where microtransactions are processed as long as the ordinary transactions, IOTA speeds up the process with the help of Tangle. IOTA also helps escape extra processing costs, which could add to the net cost of such transactions, as there are no extra costs within the IOTA network.

Figure 3: DAG-chain for the IOTA cryptocurrency, where every new transaction must approve the two previous transactions. The most recent transactions are in grey color.

The project of Boyen, Carr and Haines

"Blockchain-Free Cryptocurrencies. A Rational Framework for Truly Decentralised Fast Transactions" [1] by Boyen, Carr and Harris describes the project of a cryptocurrency based on DAG with certain limitations. In this case a transaction is a basic element of the cryptocurrency operation. However, compared with DAG in DagCoin and with Tangle every new transaction in this project refers strictly to the two previous transactions. As a result, a DAG-chain of all the transactions is the same DAG type, but every transaction will always have two parent transactions.


When designing Blockchain-free cryptocurrencies, developers seeked to avoid the faults of Blockchain or try to minimize their impact on the usage of the cryptocurrency. They also tried to further improve the benefits of Blockchain. However, using Blockchain-free mechanisms presumes that we maintain the functions originally implemented in Blockchain, namely validation of transactions, security from revision and tampering.

Increasing speed

Low speed is one of the most wide-spread problems with Blockchain-based cryptocurrencies. It is due to the fact that it takes too long to process a block of transactions, which is the primary element of the operation of any cryptocurrency and represents a large data structure. This issue leads to mining becoming gainless for individual miners with low technological capabilities, as mining pools (with higher speed) can gain more benefit in the mining process. Blockchain-free cryptocurrencies, in their turn, outrun Blockchain-based ones, because the primary element of their operation is a single transaction, which takes much less time to process both in a mining pool and with an individual miner.

Increasing reliability

The mechanism of multiple confirmation of transactions in DAG-based cryptocurrencies makes it possible to increase security of payments and decrease the possibility of “double expenses”, which is a situation when the chain of transactions breaks into branches and every branch “doesn’t know” about the expenditures and transfers going on within the other branch. Theoretically, it gives an opportunity to spend the cryptocurrency twice. Blockchain-free cryptocurrencies overcome this problem by means of direct and indirect confirmations, whose descriptions are unique for every currency. For example, in IOTA a situation when there are at least to edges of confirmation between two transactions is considered an indirect confirmation. Consequently, one edge of confirmation is viewed as a direct confirmation.

Simplifying mining

In order to fully understand this principle of Blockchain-free cryptocurrencies, one should describe minig process within Blockchain-based cryptocurrencies. Mining is carried out by means of calculating the nonce component of a block of transactions. The difficulty of this calculation is defined beforehand and is based upon the noninvertibility of one-way hash-function. Besides, mining has a competitive nature: one who is the first to calculate nonce, which fulfils the condition, will get the reward. For instance, with Bitcoin the reward is 50 BTC. Presently, when we have such widespread cryptocurrencies as Bitcoin, individual mining becomes unprofitable. Having lower technological possibilities, individual miners have little chance to calculate the value fast and get the reward. On the other hand, mining pools, getting together many miners under one pool, become more profitable. The block is calculated by all the miners inside the pool: in case of a win, the charges of the pool are subtracted from the overall reward and the sum left is divided between all the other participants. Such a method reduces the profit for every individual miner, but raises the chance for success. Such a phenomenon is called the mining pools oligopoly. When developing Blockchain-free cryptocurrencies developers try to avoid this phenomenon. It is achieved by means of designing such algorithms of operation, which do not give a clear technological advantage when mining. Particularly, this is achieved by means of speeding up the processing of transactions, which is connected with the key role of transactions and not blockss in Blockchain-free cryptocurrencies.

Technical overview

The project of Boyen, Carr and Haines

Collaborative Proof Of Work

  • A Proof-of-Work Scheme is characterised by a function S = Sc taking arbitrary strings a, along with some solution string b, where S(a, b) returns either true or false. The most common proof-of-work schemes are based on hash functions, where the difficulty is easily tunable, verification is quick, and inputs can be arbitrary [1].


  • Transactions perform all roles in our framework: they mint cash, redistribute value, spend money, add fees and—crucially—confirm the legitimacy of previous transactions. To create a transaction, certain information is provided: payment information, a reference to two previous transactions xl , xr, the difficulty being solved c, the fee f, the mint m, and a solution value s,.Transaction 1.JPG
  • Transaction ordering. Let P be a set of elements called transactions. For a and b, two distinct elements in the set, we write a ≺ b if and only if b contains a within the Proof-of-Work Scheme. The set P equipped with its (partial) ordering relation is a Transactional Partially Ordered Set, or T-POSET [1].
  • Transaction weight. Let P be a T-POSET and let x ∈ P be a transaction or element therein. The weight of x is defined as the sum of the proof-of-work difficulty contributed by every one of the all the descendants of x.Weight 1.JPG
  • Fees. Every transaction x must post a Fee(x) ≥ 0 to offset the distributed cost of conveying and verifying the transaction[1].
  • Prize. Intuitively, the prize of a transaction Prize(x) is the total fee that is still available, from x and all of x’s ancestors, for all of x’s future descendants (not yet in P). Prize is a dynamic notion: it is highest when x is new and has no descendant, and monotonically decreases as the graph P grows and the fees from x and its ancestors are picked up by x’s descendants [1].
  • Minting. Minting is the process whereby new “coins” are created with every valid transaction, as an extra reward. More critically, minting is the process whereby the money supply is gradually and “fairly” inflated from its initial supply of zero. Coins are minted when creating a transaction. A user selects a challenge and pays to themself a value. This value is determined from available data before closing the transaction , and calculated, e.g., as either Mint 1.JPG or Mint 2.JPG [1].
  • Verification. Users verify transactions as they recieve them. Upon receiving notice of a transaction x, the client first checks that the two previous transactions included within x are acceptable transactions. There are three possibilities: the included transactions have been previously verified and accepted, at least one of the included transactions has not previously been seen or at least one of the included transactions has been seen previously and is invalid. The next step of validation is to check that the transaction has the correct proof of work attached. A final part for verification is to check that the transaction x itself is valid, which requires that it be both intrinsically correct or well-formed, and extrinsically admissible or valid in the current ledger context [1].
  • Conflicts and resolution. A conflict arises when two or more transactions x1 ∈ P1, x2 ∈ P2, etc., are published, such that there can be no single P that contains them all. This normally would require a deliberate attack, such as double spending; but this can also happen by accident. Maintaining a consensus across multiple verifiers in our framework requires the formal notion of the height of a transaction. For a transaction x, Height(x) is the total proof-of-work difficulty expended by all the ancestors of x [1].
  • Algorithm for consensus. The rule for conflict resolution is then simply stated as follows: The tallest well-formed transaction prevails (breaking ties deterministically). In other words, a new verifier that comes online can share the network’s consensus view of the current T-POSET P of valid transactions, by applying the following algorithm: collect all transactions ever posted, flagging all the ill-formed transactions as permanently ignorable, as long as there remain well-formed transactions that have neither been deemed valid or invalid: select the maximum-height or “tallest” well-formed transaction not yet classified, and classify it as valid as well as all of its ancestors, while doing do, mark as invalid any other transaction that conflicts with any of the newly validated ones [1].


  • Tip - is a transaction with no references to it from any other transactions [4].
  • Transaction weight. The weight of a transaction is proportional to the amount of work that the issuing node invested into it; in practice, the weight may assume only values 3 n.JPG where n is positive integer and belongs to some nonempty interval of acceptable values [4].
  • Cumulative weight of a transaction is defined as the own weight of this transaction plus the sum of own weights of all transactions that approve this transaction directly or indirectly [4].
  • Height - is the length of the longest oriented path to the genesis [4].
  • Depth - is the length of the longest reverse-oriented path to some tip [4].
  • Low load regime - one of available regimes of work for IOTA cryptocurrency, the typical number of tips is small and there are no attackers [4].

that try to inflate the number of tips artificially. Regimes based on amount of time to approve the transaction [4].

  • High load regime - one of available regimes of work for IOTA cryptocurrency, the typical number of tips is large. This may happen when the flow of transactions is big enough, and the computational delays together with the network latency make it likely that several different transactions approve the same tip. Regimes based on amount of time to approve the transaction [4].


  • Preventing too many transactions merging too many transactions - is a mechanism that allow perform the DAG-chain from DAG, graph with the length which is more greater than the width. This can be achieved by benefiting the users to reference as many previous transactions as possible and by limitation the amount of references to the same transactions [3].
  • Confirmation score of transaction - is amount of transactions that confirmed this transaction. Confirmation score for transaction without confirmations is zero [3].
  • Safely accepting Double-spends. If two conflicting transactions appear, as more transactions are added to the

DAG-chain, the number of confirmations of one of the two will increase, but the other will not. If there are two conflicting transactions, then the one with highest score prevails [3].

  • Checkpoint - is a transaction that has outbound references to all previous transactions in the network directly or indirectly[3].


  • The Main Chain selection algorithm should be based only on knowledge available to the unit in question, i.e. on data contained in the unit itself and all its ancestors. Starting from any tip (a childless unit) of the DAG can be build the Main Chain based on searching best parent with the larger amount of confirmations among transactions until the algorithm reachs the genesis unit [2].
  • Double-spends resolution algorithm If a user tries to spend the same output twice, there are two possible situations: there is partial order between the two units that try to spend the same output, i.e. one of the units (directly or indirectly) includes the other unit, and therefore comes after it. In this case, it is obvious that we can safely reject the later unit or there is no partial order between them. In this case, we accept both. We establish a total order between the units later on, when they are buried deep enough under newer units (see below how we do it). The one that appears earlier on the total order is deemed valid, while the other is deemed invalid [2].
  • Unit - is a transaction before the formation of Main Chain [2].
  • Ball - is a transaction after a unite become stable and it became the part of Main Chain. Every ball includes information about all its ancestor balls (via parents) [2].

Practical implementation of Blockchain-free cryptocurrencies


DagCoin – is the first Blockchain-free cryptocurrency, created by Sergio Lerner in 2012. He was the first to publically suggest to use DAG as a replacement for Blockchain. The major advantages of DagCoin are [3][7]:

  • Safely accepting Double-spends in the DAG-chain: when there are two conflicting transactions, one will dominate the other, which is one of the bases of the cryptocurrency. In this case dominance will be in the “weight” of transaction: the number of other transactions that refer to this transaction.
  • Preventing too many transactions merging too many transactions: algorithmically defined limitation on the maximum number of parent transactions, which the new transaction can refer to, as well as limitation on the maximum number of new transactions, which can refer to the specific previous transaction.
  • Preventing Unbounded Cascade Updates to Confirmation Scores. The weight of transaction, mentioned earlier, is the number of transactions referring to a particular transaction directly or recursively. Cascade updates are prevented on software level via the mechanism of so-called checkpoints. Checkpoints are transactions (vertices in DAG) that have direct or indirect references on previous transactions. The weight of the vertice, which is a checkpoint, is primarily zero, thus, afterwards, the weight of all the future transactions will be calculated on the basis of this figure.
  • Periodic re-computing to reduce computation load – operations, aimed at mitigating the functioning of client software. The problem is that, when a conflict arises, client software can spend considerable resources on resolving the conflict. The weight of transactions is calculated from time to time so as to avoid these expenditures.


Byteball – is one of the modern Blockchain-free cryptocurrencies, which appeared in September 2015. The project was designed by Anton Churyumov. Byteball is based not on Blockchain, but on DAG. Launch is expected in January 2017 [6]. Byteball cryptocurrency is unreachable for mining: all the coins available will be issued in the course of the Primary or Genesis Unit, their number is 10 raised to the 15-th power. Byte is a monetary unit, that is there will be 10 raised to the 15th power bytes issued. Such a choice is grounded in the fact that 10 raised to the 15th power is the maximum integral number which can be processed in JavaScript [2]. However, as for the functioning of the cryptocurrency, money supply will remain fixed, as the charges are brought back into circulation. Another interesting peculiarity of the cryptocurrency is the principle of primary distribution of resources between the participants: users should connect their Byteball-wallets to their Bitcoin-wallets and the bytes of the Byteball cryptocurrency will be divided as a proportion of the balance of Bitcoin-wallets [7].


IOTA – a modern cryptocurrency, based on Tangle, which, in its turn, is based on DAG. At the moment, beta-tests are carried out [5]. Tangle, the mechanism at the basis of IOTA, is described in the article by Sergei Popov, published on April 3, 2016 [4]. IOTA cryptocurrency is unreachable for mining: the number of coins issued is strictly defined and the issuing of new coins is not allowed. IOTA developers say that the DAG-based Tangle mechanism that they developed solves the following problems of Blockchain [5]:

  • Centralization of control – the phenomenon, which happens, when control over the operation of the cryptocurrency is in the hands of few miners. It may lead to improper use of these possibilities, however, at the moment there have been no cases of the kind.
  • “Obsolete” cryptography – the problem of cryptocurrencies like Bitcoin, which results from a possible arrival of quantum computers in the near future. The calculating capability of these computers would be much more than that of the modern computers, used in the operation of cryptocurrencies. Thus, in order to ensure the longest operation period of the cryptocurrency possible, one should take into account the possibility of such a situation when designing the currency, as well as aim at minimizing the potential damage to the users of the currency.
  • Inability to conduct micropayments – the problem of cryptocurrencies like Bitcoin, which results from the charges on transactions, which adds up to the overall value of small payments.
  • Partition intolerance – a phenomenon, which takes place when part of the new transactions is processed separately from the other transactions, for example, when processing is carried out within a local network, with no access to the global one. In such a situation, most of the transactions processed separately may be canceled. Also, there is no possibility of the chain of transactions branching, when it is necessary.
  • Discrimination of participants – a phenomenon in modern Blockchain-based cryptocurrencies, connected with a strict division of roles between the participants in the operation of the cryptocurrency. In case of conflict, such an approach demands from certain participants to spend their resources on resolving the situations, which undermines the overall level of comfort of using the cryptocurrency.
  • Scalability limits - a problem of modern cryptocurrencies, which employ some magic numbers, defined before the start of the cryptocurrency and aimed at hedging the lims. Poor judgement of the person defining these magical variables may lead to problems coming out in the future. The lim value that is too low may impede the entry of new users. The lim value that is too high may lead to the possibility of attacks, that may undermine the cryptocurrency operation.
  • High requirements for hardware result from the complexity of the logic of processing transactions. There are two major approaches to organizing the operation of modern cryptocurrencies: Bitcoin-like method and a scenario, borrowed from the banking sector, both demands good technical infrastructure for the operation of the complicated logic of processing transactions, which leads to financial expenditures and raising the financial level of the entry threshold.
  • Unlimited data growth results from the need to keep all the changes to the condition of the system, which leads to a fast growth of data volumes. However, it doesn’t lead to a considerable growth of the information kept about the balance. Thus, such a phenomenon may lead to some faults in the operation of the currency in case of high demand.



Go to List of references for "Blockchain-free cryptocurrencies"

Okorokov V.A., 2016