Loki Service Nodes: Brief Functionality Overview

As Loki is the first Monero fork (and CryptoNote coin, by extension) to have an active implementation of Masternodes, we are staggering releases and adding features as we go. This is new territory and each change we make to the the Monero codebase must be extensively tested before release.

What Loki Service Nodes do in the short term? (Right now)

As part of the 1.0.0 release, Loki Masternodes (called Service Nodes) will have minimum functionality; they will store a full copy of the blockchain, and every hour they will publish an uptime proof, which is essentially a ping to the network letting the network know that they are still live. Nodes that have not submitted an uptime proof in 2 hours will be deregistered by voting quorums. Voting quorums are randomly selected sets of 10 nodes which vote on the state of the network every block.

Although the first implementation of Masternodes on a Cryptonote coin is a large move forward in the Masternode world, the major advantages that Service Nodes provide during this beginning stage will be greater privacy when transacting. However, Loki Service Nodes have larger plans ahead, and release 1.0.0 represents only the foundation.

In the Medium Term (3-6 Months)

In the medium term we are working towards making Service Nodes useful to the end user. This includes a couple of essential features:

  • Every Service Node will now be a remote node that serves the blockchain to users.
  • Every Service Node can now run tests and collect data on other Service Node performance; they can assess blockchain storage, bandwidth statistics, and provide message storage for Loki Messenger.
  • Based on these tests, Service Nodes can deregister any underperfoming node if the voting quorum reaches consensus.
  • Lokinet will be deployed on Service Nodes, along with the Loki Message server.

Adding these features to Service Nodes allows us to deploy our first end-user Loki Service called Loki Messenger. Loki Messenger (based on the Signal protocol) allows users to communicate more privately than ever through the first market-based Sybil resistant mixnet network, Lokinet.

In the Long term (6-12 Months)

In the long term Loki Service Nodes will need to have high capacity bandwidth connections to provide to the Loki network with routing data. Lokinet will become a fully fledged mixnet providing anonymous access to the internet, and will also have direct integration with browsers, providing an integrated solution for private messaging, internet access and finances .

Want to Know More?

Our Whitepaper details the technicals behind Loki’s network architecture and Service Node functionality, and our Cryptoeconomics paper provides an in-depth analysis on the economics around our Service Nodes.





Bitcoin Talk




Laying Down Layer One: Loki

Over the last three months, there has been significant focus on Loki’s layer two, with numerous papers and articles revealing the true scope of Loki’s Service Node functionality with Loki now becoming a fully fledged mixnet. There has also been much talk about how Loki as a currency, or layer one transactional medium, will function in this framework. Initially we envisioned Loki would act as an access token to prevent Sybil attacks, however there are some downfalls of that system which we addressed in an article here. Given we have focused so much on Loki’s second layer, it’s time to give Loki’s first layer some explanation, and demonstrate why Loki is not only an advancement in layer two design, but also what makes it a worthwhile cryptocurrency.

A Move Towards Scaling

Monero and most other Cryptonote coins have dynamically scaling block sizes, meaning there is no hard limit to how many transactions can theoretically take place on the blockchain. However in practice, nodes must transmit data between each other, and as each block is accepted into the network and the block size grows, low performance nodes can struggle to keep up with the higher bandwidth requirements and suffer computational stress trying to verify all transactions. This can centralise the operation of full nodes to miners, who make up one of the only parties that have an incentive to operate full nodes.

If we can create a way to incentivise the operation of full nodes, we can avoid the aforementioned issues. This is one of the goals of Loki Service Nodes; to create a network of full nodes that are incentivised to hold and serve a full copy of the blockchain. These nodes must meet standards of service that are tested by a distributed method of flagging called Swarm Flagging. Because nodes are competing for a limited block reward and can be removed from the staking reward pool, they are always incentivised to serve copies of the blockchain to users and relay transactions.

Theoretically, this means that Loki can scale to handle much larger blocks and thus, handle a higher transaction throughput. This is predicated on the fact that the full nodes operating on the Loki network offer higher bandwidth/storage and compute performance than nodes on the Bitcoin or Monero network.

Instant Transactions with Blink

In a typical blockchain system, the confirmation time for any given transaction is the time it takes for a transaction to be included in a block. However, because of competing miners, withheld blocks, and Finney attacks, recipients usually require a number of additional blocks to be created on top of the block which holds a transaction before it is considered to be complete.[1] Depending on a multitude of factors specific to each blockchain, this process can take 10-60 minutes, which is inconvenient for merchants and customers who must wait for confirmations before they release goods or commence services.

Because of Loki’s Service Node architecture, near instant transactions are possible. Blink enables the same transactions that would occur on the Loki mainchain to be confirmed in seconds rather than minutes, assuring both the sender and the receiver of the validity of the transaction, and protecting the receiver against a double spend.

Blink works in a similar fashion to DASH’s InstantSend.[2] However unlike DASH’s InstantSend, Loki maintains all of its privacy properties throughout the process. Any third party looking at a Blink transaction will have no idea of the amount, nor the address of the sender and receiver. This opens up a range of new use cases for Loki, where face-to-face payments become increasingly practical and online payments become quicker and easier for users.

Stable and Formally Defined Funding Model

Funding models for cryptocurrencies are generally tricky, weak and informal, and donation only models can lead to the creation of special interest groups like blockstream, Bitcoin Unlimited and Bitcoin ABC. These groups typically act as for profit companies who drive an agenda that might not align with the community as a whole. The downside to most formally defined models is they act as a sort of tax, either through emissions or some kind of fee. This can be seen to take choice away from users as they are unable to allocate their funds to the projects they see as important.

Attempting to solve some of the aforementioned issues, Monero maintains a forum funding system, which is fully funded by a donations model. Projects vetted by the the Monero core team are featured on the Seeking Funding page, and users are free to donate Monero to projects they feel are worthy. The Monero core team also has an official donations wallet which often contributes large amounts of Monero to projects seeking funding. The advantage of the donations model is that users have full autonomy over how they spend their funds and what specific projects they support. However, there are also disadvantages to this model: funding is never guaranteed for high quality projects, and a large number of the projects receive about 1/5th of their donations from their ‘General Donations’ fund for Monero itself. The ability for a community like Monero to continue to self-fund and provide core contributions may decrease over time, and that’s something we want to avoid with Loki.

Loki’s long-term funding model is quite different from the donations model used by the cryptocurrencies mentioned above, and we think it will provide a significant advantage to consistent development, which will be in the interest of our users. Proposed in the whitepaper V3 is a revised governance block reward, which allocates 5% of each block reward to fund governance operations. Of this, 5% block reward 3.75% is controlled by the Loki Foundation, a registered Australian non-profit which is legally bound to spend the block reward as per its constitution.

“facilitating the development of an open source, highly secure, decentralised data

transmission network that allows individuals, business and government to freely

transact and communicate without the threat of malicious third party interference”

The other 1.25% is controlled by the Service Nodes through the Loki funding system. The Loki funding system is an entirely non-custodial system of proposal funding, meaning the Loki Foundation cannot control how its funds are allocated. Because Service Nodes are not bound by Australian law or a constitution, this greatly expands the range of proposals that can be funded. To distribute funds to proposals, Service Nodes vote on proposals that occur on-chain, and funding is allocated every two months via special funding blocks which pay a portion of their block reward to proposal addresses. Because Service Nodes represent players with a high stake in the Loki system, they are incentivised to vote on proposals which will increase the value of their stake.

Remote Node Availability

Due to the design of all CryptoNote coins, the blockchain cannot be easily queried by connection to a full node. Instead of simple queries being made for the balances of public keys, full nodes must transmit full blocks to users, and the user has to scan every transaction in the block and identify whether they can calculate the private spend key for the destination stealth address. This results in significant stress being placed on every remote node operator with no reward, and Monero and other Cryptonote coins therefore rely on the altruism of community members to fund these operations, which can be problematic.

It is common for mobile users in Monero to cycle through 3 or 4 remote nodes before connecting to one that is reliable. Additionally, as any user can become a remote node that serves blocks to the community, there is the possibility that “popular” remote nodes will provide an altered history of the blockchain. Though this altered history cannot be used to directly steal a user’s funds, in combination with other malicious attacks, a remote node could potentially convince a user to send funds twice to someone who has already received the transaction.

By rewarding Service Nodes, Loki creates a large, decentralised network of nodes with a full copy of the blockchain. These nodes are incentivised to serve copies of the blockchain to users and relay transaction. If a user chooses to connect to these nodes at random, ‘popular’ nodes are no longer an issue. This also balances the load of remote syncing across the whole network instead of onto a select few nodes.

Lokinet, SNApps and Highly Integrated Payments

Work is ongoing on Lokinet, which when fully launched will be a private, decentralised and Sybil resistant overlay network for the internet. You can read a detailed article about it here.

Anyone can host services on Lokinet, which will be called SNApps (Service Node Applications). With SNApps, any web developer will be able to host websites that are completely anonymous; the website owner won’t know the IP address of their visitors, and and the visitors won’t know the IP address of the website they connect to. All content hosted inside Lokinet will be accessible through the Loki browser.

The Loki browser will have an inbuilt wallet. Users will be able to fund this wallet with Loki, and the browser will automatically hook into SNApps that display Loki addresses for payments. This will make it very easy for a user to operate a store, or take or make payments for goods and services while maintaining anonymity between both networking and transactional layers. Lokinet will also have exit functionality, so any website operator who serves a website on the wider internet will be able to implement these hooks for users of the Loki browser to easily manage Loki payments.

In Summary

Loki’s value is derived not only from an inventive layer two, but also as a layer one transactional medium, or cryptocurrency. Although Loki is moving away from the use of $LOKI as simply an access token, there are still some significant advantages to $LOKI over other privacy based coins. Most of these advantages are a result of the widely distributed set of Sybil resistant nodes, called Service Nodes.  Due to Loki’s high scalability, Loki can handle a higher transaction throughput and offer higher bandwidth/storage and compute performance than nodes on the Bitcoin or Monero network. Leveraging Service Nodes, Loki can be sent near instantly and privately using Blink bringing instant new use-cases. Loki’s unique funding model provides strong governance and avoids the pitfalls and potential risks that donation-only models pose. Due to Loki’s incentivised Service Nodes, remote syncing loads are balanced across the whole network and the issues caused by ‘popular’ nodes are avoided. Layer one, coupled with an impressive layer two provides a whole suite of services to assist Loki users transact and communicate with absolute freedom.

[1]  “Irreversible Transactions – Bitcoin Wiki.” 15 Mar. 2018, https://en.bitcoin.it/wiki/Irreversible_Transactions. Accessed 25 Apr. 2018.
[2] “Whitepaper · dashpay/dash Wiki · GitHub.” https://github.com/dashpay/dash/wiki/Whitepaper. Accessed 27 Jul. 2018.

Changing the Loki Emission Curve

We’re very pleased to present this proposal to the community after many weeks of patience. We have reviewed the Loki cryptoeconomics extensively with assistance from Dr Brenden Markey Towler of the University of Queensland, working with the RMIT Blockchain Innovation Hub.

Today we present two documents. The first is our economics paper: Proposal: Alterations to the Loki Cryptoeconomics. This document outlines the problems we have considered, some solutions to them, and an explanation of our final selection.

The second is a report by Dr Brenden Markey-Towler, Cryptoeconomics of the Loki network,  which lays out the game theory at play in the Loki ecosystem. This report goes into some of the mathematics at play and makes some cases for potential solutions based on that maths. Our proposal to the community makes several references to this report, so if you want a greater understanding of the formulas we have used to derive values in our proposal, you can look there.

The crux of the matter is that we propose to initiate a hardfork at block height 64324, or approximately the 30th of July, 2018. This hardfork will only change one parameter in the current Loki implementation, which is the emission curve. The reason for this change is that we have come to the conclusion that the current emissions scheme would be completely untenable as a sustainable rewards scheme for the Service Nodes whilst retaining Sybil attack resistant properties. As it turns out, this is a very complex subject, so we strongly encourage you to Read the proposal.

As we believe this to be a time sensitive matter, please present any feedback you have in the Discord channel under #governance

Gaming This Change

A concern we have had while constructing this proposal is the potential repercussions in years to come. A number of accusations could arise as a result of this proposal, even if it is successful and has the desired effects we have described.

An example of such an accusation could be that the Loki core team deliberately set the emissions curve to be high at the beginning of the project in order to crash the price, during which, we could have accumulated Loki at very low prices, implemented this change to cut emissions, and then sold at a higher price.

We set the original emission curve to be as high as it is for a couple of reasons. Firstly, Monero uses the same emission curve, so it seemed reasonable that we inherit it from our parent project. Knowing that this would mean very high inflation (at least at first), we believed it would help us argue against a concern that turns out to have been far less prominent than we had anticipated: our premine. Our 15% premine has successfully funded this project for the next 3 years, provided incentive to the founders, advisors, and investors, and has allowed this project to scale and evolve at a rapid pace. However, community concerns over ‘premines’ have historically been a common occurrence in the cryptocurrency community, and we wanted to make sure that by the time Service Nodes launched, enough Loki had been emitted to counteract the argument that the founders or Foundation could have dominance over the network based on the ownership of their Loki. However, if one accepts the 59% presale of premined coins alone to have actually taken place, it is already mathematically impossible for all the remaining parties who control premined Loki to collude and achieve Service Node network dominance without purchasing more. The high emissions have resulted in a very large hashrate compared to the size of our market, which has meant there has been ample distribution of Loki amongst several thousand miners.

While we are proposing to cut the emission curve, it is not for the purpose of or own personal gain, or the gain of the Loki Foundation. Since the launch of the mainnet, the Loki Foundation has participated very little in the Loki market, only making relatively minor purchases of Loki to pay certain parties for their efforts without touching Foundation reserves. Similarly, the founders have only ever made minor purchases of Loki for their own personal use, and certainly haven’t sold any. The first vesting period has not yet elapsed for any of the founders or advisors, which can be verified by anyone using the information disclosed in the premine report. This can also be used to verify the impossible chances of founder dominance when Service Nodes launch.

We hope that by disclosing our intentions and concerns we can form an ongoing trust with the community and continuously strive towards transparency.

And so, with those concerns laid out, we propose to implement this change to the emissions curve as soon as possible. If you haven’t already, please read the proposal and submit your feedback or signal your support.

Technical Details

In the coming days, we will release a new binary for Loki. Once this binary is released, all users of Loki must update their daemons within 7 days. This includes all pools, exchanges, remote nodes, and users operating their own nodes. Where possible, we will reach out to all concerned parties that we are aware of and inform them of this change.

After block height 64324, the Loki block reward will go from being calculated in terms of the circulating supply with an emission speed factor of 20, to be derived from the block height. Defining the base block reward based on height will mean that the typical block size penalty will simply under-emit if miners attempt to create abnormally large blocks. However, this should not negatively impact Service Nodes as we attend to apply this penalty on the miner’s reward output only once the Service Node hardfork takes place in the coming months.

Once the new binary is running, users will not need to do anything to initiate this hardfork. The new emission rules will roll over automatically at block 64324.

Stay tuned to the Loki communication channels for updates on the binary release.

Preventing Sybil Attacks: Runes, PoW, and CAPTCHAs

Put simply, Sybil attacks are where one person or entity creates multiple fake identities, usually to either subvert some part of a reputation system, or to effectively create large scale denial-of-service attacks. [1] Sybil attacks present problems to systems that maintain a low barrier of identification. With Loki’s focus on privacy and its P2P nature, methods are required to identify unique individuals without requiring some proof of personhood (i.e. government ID or License) .

In Loki’s case, Sybil attacks could be used to either spam path creation on Lokinet (more on this later) or, more worryingly, to force Service Nodes to store offline messages on behalf of the attackers, quickly exhausting the storage capacity of Service Nodes. Without user verification, both of these attacks could have a potentially crippling effect on the use of Lokinet and Loki Messenger.

There have been a number of software tools devised to identify legitimate, unique identity without requiring real world ID. Most people interact with these tools everyday- the most common being CAPTCHAs. In a CAPTCHA, a human is faced with a problem that is typically hard to solve for a computer but easy for a human. This slows down the automation process that a malicious party would use to construct large numbers of identities. Another system commonly used is browser fingerprinting. Services like Cloudflare use these tests often, with the idea being that they can determine, through the use of cookies, referrals and a number of other browser specific cues provided through javascript, whether a user is a robot.

Although the above methods provide some effective protections from Sybil attacks, they all require a strong element of centralisation in that they require a centralised server to verify the solution to each CAPTCHA. Unfortunately, this goes against Loki’s core philosophy of decentralisation. There are two well used and well studied systems, however, that allow us to achieve a similar effect without the same centralisation. The first is proof-of-work (PoW); in this system, the user performs a set of difficult calculations and then attaches this as a certificate to send a message or create a path. An attacker who pretends to be thousands of different people, would be required to perform that calculation thousands of times, costing money in computing cycles and making the attack considerably more difficult and inefficient.

The second commonly used system is fee-for-service; every time a user utilises the system to create a tunnel or send a message, they pay a fee. With this model it becomes costly to spam the network due to the additional fees invoked.

Both of these systems have some inherent flaws. The difficulty (pun intended) with PoW systems is deciding how hard it should be to produce one of these proofs which you can attach to a message or path creation. Make it too hard, and users with low spec computers or mobile devices will struggle to use your system. Make it too easy, and it will be cheap enough for an attacker to produce large quantities of proofs, negating the effectiveness of your system. The major issue with fee-for-service models is that they restrict usage of the service you provide. As services are increasingly provided for free, users have become reluctant to go through the process of purchasing a cryptocurrency and paying micro transactions each time they send a message. Additionally, since the groups that potentially benefit the most from Loki are the underprivileged, marginalised and persecuted, requiring them to purchase Loki from an exchange would be a non-starter.

So, what does Loki do differently? Previously, Loki presented the idea of Runes and the Runechain- with Runes representing a medium term (30 Days) access token to the Loki network that could be mined and sold. However, over time we have realised that Runes are not the most optimal solution. Runes present a number of issues. First, if Runes ever become profitable to mine, then average users will lack the means to produce them from a home computer. This would be the natural result of miners rushing to produce a profitable token that they can sell, increasing the hashrate significantly and strangling out the average consumer. In turn, this would mean that users would have to buy Runes from somewhere… But where? A centralised exchange? This creates another vector for temporal analysis where exchanges can collect the identity of users and link this with sold Runes, essentially assigning real IP addresses to Lokinet users. It has become clear that Runes create more problems than they solve; they also increase the complexity of Loki, in requiring two separate blockchains be maintained.

What’s the solution? Loki can functionally prevent Sybil attacks using a PoW system- it just needs a little tweaking, hence the new scheme: Loki Messenger now requires a Blake2b hash with sufficient difficulty to be produced for every offline message sent. This hash is attached to the header of each message, which is functionally similar to schemes used by Bitmessage and Hashcash. [2][3]

However, unlike other PoW systems, the difficulty of Loki’s hash function is based on the desired Time-To-Live (TTL) for each message. This means that if User A wants to send a message that lasts on User B’s swarm (an article on swarms will be coming soon) for 6 hours, the POW User A needs to calculate will be much less difficult than a message that needs to last for 24 hours. This difficulty adjustment method combats the constant rise in difficulty that stops low computing power individuals from using Loki messenger.

This scheme operates similarly for path creation in Lokinet. The fear with path creation is that users can request for Service Nodes be part of their paths. If they spam this process and require that Service Nodes stay in their paths for long periods of time, they can end up saturating Service Nodes with unnecessary paths that won’t be used. This would deny service to legitimate users. To prevent this, paths that are longer lived than the default path TTL will be required to attach a PoW to their request, this PoW difficulty rises linearly with the TTL for the path.

By using a TTL adjusted PoW system, Loki can prevent Sybil attacks while maintaining an equitable network that is free and open to users all over the world, as well as to those who may not have access to Loki or a powerful computer.

[1] “The Sybil Attack – The Free Haven Project.” https://www.freehaven.net/anonbib/cache/sybil.pdf. Accessed 25 Jun. 2018.
[2] “Bitmessage: A Peer-to-Peer Message Authentication and Delivery ….” 27 Nov. 2012, https://bitmessage.org/bitmessage.pdf. Accessed 25 Jun. 2018.
[3] “Hashcash – A Denial of Service Counter-Measure – Hashcash.org.” 1 Aug. 2002, http://www.hashcash.org/papers/hashcash.pdf. Accessed 25 Jun. 2018.


Loki’s Exploration into the Mixnet Space


We have been dropping lots of not-so-subtle hints that we have been working on a decentralised mixnet, and it’s finally time to reveal what we’ve been working on. This article, along with the soon-to-be-released white paper version 3 should get everyone up to speed on Lokinet.

Mix What?

Mixnet is a term used to describe an overlay network that operates on top of the internet. You might have heard of Tor or I2P- these are both mixnets. So what’s the idea behind a mixnet? Typically, when you make a connection to a website, your IP address is visible to the web service you connect to. Internet IP addresses are similar to street addresses in the physical world; they identify where information (known as ‘packets’) should be sent. The problem is that every time you connect to a web service, you give away your IP address. This makes internet browsing anonymously very difficult. Services you connect to can use your IP address to work out your general location, and state level actors can use legal processes to extract your IP address from web services and connect your IP address with your real world identity.

The solution to this problem is a mixnet. Mixnets work by using groups of nodes (other computers) all around the world. Instead of your connection going directly to the web service, it first hops through multiple nodes selected at random. These nodes are typically called ‘relays’ or ‘routers,’ and the path you create through them is called a ‘circuit’ or ‘tunnel’.

When using a mixnet, your connection to a web service does not look like it is coming from you. The web service only sees the IP address of the node that is the last hop in your circuit. Similarly, your internet service provider (who can usually see the connections you make to web services) only sees your connection to the first node in your circuit. To make things even trickier, most mixnets use techniques called “Onion Routing” and “Garlic Routing.” With these techniques, each hop in your circuit only knows the previous node (where the packet came from) and the next node (who they need to send the packet to). They do not know where the packet originated from, which means they do not know who you are. This limits the information that even dishonest nodes can gather about you when you use a mixnet.

Loki is building its own mixnet. Why? There are perfectly good mixnets out there right now, why don’t I just use those?


The Problem With Current Mixnets


Although there are several mixnets currently in use, this article will focus on problems with the two largest and most used: Tor, and I2P.


Tor has been the most used anonymous mixnet for the past 10 years. The Tor network maintains a high level of censorship resistance, and is a valuable tool for preserving internet privacy. Tor, however, is not a decentralised network. Tor is reliant on a group of “Directory Authorities,” which are centralised servers operated by a group of volunteers close to the Tor Foundation [1]. These Directory Authorities perform two main functions; they provide a list of all of the nodes so that users can create circuits, and they categorise nodes according to their speed (fast or slow). Nodes are given less or more responsibility based on these results.

This high level of centralisation means Tor can face attacks. In 2014, Tor received information of a credible threat to take down the Directory Authority servers [2]. Since the location of the Directory Authority servers is known, collaboration between the German and US governments or the US and Netherlands Governments would be enough to shut down five of the ten Directory Authority servers. A take-down of five or more Directory Authorities would result in a highly unstable Tor network, with new nodes being greatly diminished in their ability to interact with the network.

I2P takes a slightly different approach to a mixnet. I2P doesn’t use centralised Directory Authorities, it uses a “Distributed Hash Table” (DHT). A simplified explanation of how a DHT works is that each node holds a table that specifies every other node on the network, and how to contact them. This means no centralised authority is needed, which in turn offers less single points of failure. However, because of this weaker consensus model, nodes in I2P can hold different versions of the state of the network. This can create confusion when circuits are created and can result in unreliable circuits.


Unlike Tor, I2P lacks formal support for accessing the internet anonymously. I2P only formally allows for accessing internally hosted websites, which they call “Eepsites”. This has greatly reduced the ability for the I2P network to reach users whose main purpose for using anonymising networks is to access the wider internet. I2P is built so that the majority of users that connect to the I2P network also become nodes in the network. This is problematic as the resulting network often lacks sufficient bandwidth speeds to be able to build fast tunnel, and because the tunnel speed in I2P is bottle-necked by the least capable node, this results in reduced performance for the end user.

Problems With Both

Neither I2P nor Tor have fully mitigated Sybil attacks. A Sybil attack occurs when sufficiently motivated attackers (who have enough time and capital) buy large numbers of nodes in the system and perform attacks where traffic is correlated between nodes. This significantly decreases privacy [3]. Additionally, both networks are operated entirely by volunteers who donate both their time and money to the operation of nodes.

We believe that if the correct incentives are provided, networks like Tor and I2P can be grown and strengthened against attacks, and potentially provide a better service that extends beyond volunteering.

What Lokinet Does Differently


The combination of the Loki Service Node network and the underlying protocol of Lokinet (LLARP) provides a solution for the issues discussed with Tor and I2P. Lokinet operates without Directory Authorities and instead relies on a DHT built from blockchain staking transactions, which permissions each Service Node to act as a router on the network. In Lokinet, nodes are not sorted on performance by a centralised authority, but as the result of “Swarms” (groups of other service nodes) that assess each node and make judgements on their performance.

This process of decentralised registration in order to become a node on Lokinet also extends to de-registration. Lokinet enforces (by consensus) minimum standards for bandwidth, message storage and blockchain storage. This means when building circuits through the network of nodes, the speed at which packets will be sent and received will be much faster than other mixnets that still allow for slow nodes to route. Additionally, in Lokinet every Service Node also acts as an exit node allowing access to the wider internet, and not just internal services (which we call SNApps).

This high bandwidth low latency network architecture is achieved by not requiring Lokinet users to be nodes. Only Service Nodes (which, by their nature are proven to be high quality) are allowed to be connected to in the network. Lokinet actually disallows users to route packets in the system, meaning that Lokinet exposes a much lower attack surface for a Sybil attack due to the significant capital outlay required to begin Service Node operation. This means there will be a greatly reduced chance that privacy on the network will be compromised by correlation attacks.

Lokinet offers a strong array of incentives, more than any other mixnet currently in operation. Each Service Node is paid for the services they provide through block rewards, and instead of relying on volunteers, Lokinet relies on Service Node operators that are financially incentivised to act honestly and provide high levels of service to the network, increasing the value of their stake.

Why Do I Care About Any Of This?


We can build a system that provides users with a way to access the internet and internally hosted sites, faster and more anonymously than ever before.

Powering this whole network is the Loki cryptocurrency which will also be implemented right into the Lokinet browser (similar to the Tor browser). Users who set up internally hosted sites will be able to accept payments anonymously and will also be contactable through the the Loki browser without ever having to leave the network.

How Far Along Are You?


Over the last 3 months, we have been working hard on LLARP (the underlying routing protocol).

For those curious about the acronym, it stands for, “Low Latency Anonymous Routing Protocol”. Currently most of the code is infrastructure code, and our progress can be seen here. 

Lokinet is still quite a while away, and as always we will keep everyone updated on our progress. Additionally, if you’re a developer or a keen code monkey, please reach out to us or start contributing by making a pull request, issue etc. We have bounties set aside for open source development.

Who Is Working On This?


We’ve hired a couple of network programming specialists. First, we have Jeff, who has a lot of experience working on mixnets. You might have seen him roaming around in the Loki discord. He has worked on I2P extensively (specifically the C++ implementation of I2P called I2PD), and he also worked briefly on Kovri. Second, we have Ryan, who is a network application developer and has worked across a number of low latency streaming platforms with a focus towards network engineering. You can check out both of their github profiles below.




I Want More Details! Give Me The Protocol Definition & The Design Docs!  


What a specific request… SURE! You can find both here, in the readme.

[1] “Tor Project: Docs.” https://www.torproject.org/docs/faq#KeyManagement. Accessed 12 Jun. 2018.
[2] “Possible Upcoming Attempts to Disable the Tor Network | Tor Blog.” 19 Dec. 2014, https://blog.torproject.org/possible-upcoming-attempts-disable-tor-network. Accessed 12 Jun. 2018.
[3] “Identifying and Characterizing Sybils in the Tor Network.” 25 Feb. 2016, https://arxiv.org/abs/1602.07787. Accessed 21 Jun. 2018.

The Problem With ASICs

In the context of a cryptocurrency, an ASIC (Application Specific Integrated Circuit) is a chip that is specifically designed to mine a certain cryptocurrency or a certain hashing algorithm. Recently, there have been a number of high profile ASIC miners released for cryptocurrencies previously believed to be ASIC resistant [1]. So what’s the problem with ASICs?

ASICs usually provide a significant advantage over graphics cards (GPUs) and CPU mining; so much so that once ASICs are released it is generally un-profitable to mine without one. This in itself it not entirely a bad thing. Similar issues have arisen when comparing GPU and CPU mining; it often becomes unprofitable to CPU mine a coin that has been optimised for GPU mining.

Rather, the larger issue with ASICs is that there are very few companies that step into the space as manufacturers. When you have a centralised manufacture process like this, the result is that one or two companies own nearly all the distribution rights to the hashing power for a cryptocurrency and this creates a quasi-centralised mining system.

Individuals can buy ASIC miners, but there were cases even in 2016 where Bitmain (an ASIC manufacturer) was shown to have built a secret back door into a lot of their miners, which allowed them the ability to turn off a large portion of Bitcoin miners around the world, and crash the hashrate [2]. This is why centralisation in mining should be avoided.

Our main objection to ASICS is not that they provide a significant performance increase over GPUs, but that their manufacturing process is so centralised. And this leads into the big debate: can the manufacture of ASICs be decentralized?

What would decentralised manufacture and distribution look like? We would want to get to the point where it is possible to buy an ASIC from your local computer hardware store, like you can currently with GPUs. We would want to see 10 or 20 companies competing to produce the cheapest and most available hardware built specifically for mining. Some assumed that Bitcoin hardware would diversify in this way, however ASICs for Bitcoin have been available for 5-6 years now and it’s becoming clear that the market is growing more centralised, not less, with Bitmain and Bitfury dominating.

Many have proposed the idea of leveling the playing field with a hashing algorithm like SHA-3. SHA-3 is easier to implement on hardware than SHA-256, and it would force all ASIC development companies to start from scratch, and hopefully not just Bitmain and Bitfury but every ASIC chip manufacturer [3]. However, it is unclear if this would lead to a decentralised market or if, again, the companies with the most money would come out on top.

For the above reasons, when a manufacturer releases an ASIC, the development team of a cryptocurrency must make a decision: do they fork away and deal with the issues of forking, or do they accept there may only be 2 or 3 manufacturers producing ASICs who will control the distribution for the hashing power?

Monero decided to fork away, which means they will slightly change their hashing algorithm every 6 months. ASICs are built to be a physical implementation of the hashing algorithm, so if you change the hashing algorithm just slightly, usually the manufacturers have to build a completely new machine. This costs millions of dollars in research and development, and is meant to deter ASIC manufacturers.

However, forking every 6 months carries its own risks. Firstly, every hard fork that changes your hashing algorithm creates the possibility of introducing critical bugs into your code. Secondly, the developers in this instance carry more power, as they are the ones that decide whether an algorithm is included or not. And third, the developers are vulnerable to bribery and infiltration attempts by ASIC manufacturers, who, with the correct knowledge could future proof their ASIC from upcoming forks.

The strategy of forking every 6 months, however, does not address the presence of FPGA (Field Programmable Gate Array) miners. Like ASICs, FPGAs are also specialised chips that solve certain algorithms. FPGAs, however, are highly programmable meaning any insignificant change to a hashing algorithm would not invalidate their hardware; rather, a software patch could be released to allow the FPGA to continue to mine. Although this could represent an issue, FPGAs generally offer far less performance efficiency and cost more, limiting their market saturation. Unless the market reaches full saturation with FPGAs, GPUs can often still reach a profitable level of mining, even with FPGAs present.

There are many things to consider when going down the forking model, and we think there are better models out there. We are currently exploring newly proposed ASIC resistant hashing algorithms like Argon 2, Cuckoo Cycle, and RandProg, however in the meantime Loki will maintain its ASIC resistance by forking. In the future we will reassess our options, but our aim will always be to maintain an equitable distribution of the hash rate and to be as decentralised as possible.

[1] “Bitmain.” https://shop.bitmain.com/product/detail?pid=000201803132107063379CD35Gxy064F
[2] “Antbleed – Exposing the malicious backdoor on Antminer S9, T9, R4 ….” https://www.antbleed.com/
[3] “monero-project/monero – GitHub.” https://github.com/monero-project/monero/issues/3387
By Kee Jefferys

Why Add a 2nd Layer to Monero?

The 2nd Layer solutions proposed by Loki allow users significant functionality that cannot be provided by a Monero fork alone. Namely, Loki will incentivise a group of nodes that perform specific networking tasks and will build the basis for a new type of mixnet.

Mixnets that have the properties of Sybil attack resistance are highly resilient to large-scale network analysis. This protection is provided by market operations, which make it prohibitively expensive to own a large portion of nodes operating on the mixnet.

Operating on top of this incentivised second layer will be applications that can route traffic anonymously, called SNApps (Service Node Applications).  The first SNApp will be Loki messenger, a novel way to send messages privately in a decentralised system.

Loki Messenger is important because although most messaging systems like Telegram and WhatsApp offer end-to-end encryption, they are based on centralised servers which have proven vulnerable to censorship attacks. As Loki is entirely decentralised, the nodes operating on the network are constantly changing, making it difficult for a state level actor to blanket ban the service. Additionally the Loki foundation will run domain-fronting bridges with the aim of allowing access through even the most restrictive ISP level firewalls.

Once SNApps run on top of an incentivised service node layer, Loki will have created a system with a security model that hasn’t been seen before. This is why Loki has put a second layer on top of Monero; because we think we can do something really unique with it.

Loki Premine Report


We started Loki because we believed we had ideas that could improve the range of tools people use in their pursuit of privacy and safety online. Thankfully, it appears thousands of people see the potential in our ideas, and dozens of firms, funds and individuals have supported our project to date. With this support, I believe we can create a protocol that will help people across the globe keep their data safe. We have always intended to be as transparent and open as possible, and we wish to share the details of our set up and activities so far with the community. We will continue to publish updates when legal and commercial considerations permit.


This document was prepared to outline the funding scheme that underpins the development of the Loki project. It is to act as reviewable evidence to those auditing the project’s origins, and to provide maximum transparency to members of the cryptocurrency community seeking to understand how Loki has been distributed.


Loki as a concept was created in late 2017 by a group of Australian cryptocurrency enthusiasts. What started as a part-time passion between friends quickly evolved into something bigger, and at the beginning of 2018, the project attracted seed funding and subsequently, a talent pool.

While decentralisation is a key component of what makes cryptocurrency a useful technology, successful decentralised teams rarely form organically, and the need for extensive funding to carry this project out at a desirable speed and scale necessitated a presale and premine.

With legal advice and assistance from multiple advisors, we found a suitable structure for the project and through it, sold out of premined Loki in a presale.

I wish to stress that while the launch, private sale, and all major works so far have been carried out by our team, Loki is an open source project and will remain so. We make no claim to the ownership of the Loki concept, brand, or technology. We consider our work to be authorship only.

Legal Entity

In order to attract funding to the project, it was necessary to create a separate legal entity to ensure that the individuals and teams working on this project were protected.

This entity is an Australian public company limited by guarantee, called LAG Foundation Ltd. The company is structured so that it meets the requirements of a registered charity in Australia. The members and directors of this company do not hold shares, and no benefits or profits are distributed to its members. For reference, the constitution is based on the default constitution supplied by the ACNC, and can be read in full here.

LAG Foundation Ltd is operated under the following constitutional objectives:

(a) facilitating the development of an open source, highly secure, decentralised data transmission network that allows individuals, business and government to freely transact and communicate without the threat of malicious third party interference;

(b) ensuring the continuing development of the secure network by funding independent development projects;

(c) providing education and support to developers seeking to build apps utilising the secure network;

(d) ensuring the open source network is developed as a genuinely decentralised system, absent of any external control or influence to ensure the independence, security and longevity of the network;

(e) raising moneys to fund the activities and charitable objectives of the Foundation, including through the offering of the Loki cryptocurrency; and

(f) all other such activities as are ancillary or incidental to the above purposes.

The block reward described in the whitepaper and the 15% premine is controlled by the directors of the LAG Foundation Ltd, who will vote on resolutions to authorise the usage of this premine and the ongoing block reward in accordance with the LAG Foundation Ltd’s constitution.

A number of other resolutions have been passed in relation to the premine and it’s permitted use.

Premine Metrics

  • Premine Size: 22.5 mln (15%), plus 153 normal blocks.
  • Day 0 Circulating Supply: 15,606,500
  • Distribution of Premined Tokens: Token sale (59%), Founders (17%), Advisors (5%), Seed (13%), Community/Reserve (6%)
  • 6,893,500 Loki locked up, released over 12 months.

Locked Coins

Over 7 million Loki is held in escrow for the Founder, Advisor, and Seed allocations. The Founder and Advisor allocations follow a 12 month lockup schedule, where 25% of each allocation is released every 90 days following mainnet launch. The allocations to Founders and Advisors are remuneration for services rendered to the LAG Foundation Ltd.

The Seed allocation follows a similar schedule, with a 30% initial release and 20% every 90 days until the final release of 10%.

To verify that coins are being held in escrow and not being spent, a number of time-locked transactions have been sent to the premine wallet, which release after each vesting period is reached. These time locked transactions can be viewed and verified by restoring the premine wallet from it’s view key and using the show_transfer command.

The TX IDs are as follows:

90 Day Locked TX  
180 Day Locked TX  
270 Day Locked TX  
360 Day Locked TX  

Private Sale Metrics

  • 59% of Premine sold, 13,275,000 Loki coins
  • Raise Target of $9.027m USD reached
  • Minimum contribution was $100k USD
  • Effective price per Loki coin was $0.68 USD

A private sale was conducted on the 59% of the Loki in the Token Generation Event (TGE). Over 50 separate entities took part, with our target of USD$9.027M reached. The first private sale agreement was signed on the 8th of March, 2018 and the sale was closed 18 days later on the 26th of March. Minimum contributions for allocations were $100k USD.

Sale Distribution

The mean transaction size was $173k USD, with the majority of transactions being a USD$100K allocation.

Contributions came from all corners of the globe. This chart displays the distribution of Loki across the contributor’s nation of residence.

*Composite refers to single allocations comprised of multiple countries.

Sale Conduct

Each participant in the sale privately negotiated an allocation with the directors of LAG Foundation Ltd and their authorised agents.

Each sale took place by means of an agreement between LAG Foundation Ltd and each participating entity. The agreement was executed by payment of the participant’s preferred currency. The most popular currency was Ethereum by far. However, over the course of the private sale, the value of Ethereum declined significantly in value.

To meet USD$100K allocations, earlier sales required only around 115 Ether to complete an agreement. At its lowest point, sales in Ether required 259 Ether per sale in order to complete. Shortly after sales were completed, the value of Ethereum began to climb once more.

At the time of report writing, the net value of the Private Sale contributions exceeds the $9.027m USD raise target.

Treasury Management

It is of the intention of the directors of LAG Foundation Ltd to use the funds from the sale to pursue the objectives laid out in the company’s constitution. In order to ensure that these funds guarantee at least 3 years of large-scale development funding, it is necessary to liquidate the vast majority of the Ether raised into fiat currency in order to manage exposure to the volatility of the cryptocurrency market.

The directors of LAG Foundation Ltd believe cryptocurrency to be a useful tool and asset which will become a commonplace means of transaction and a stable and secure store of value in the future. Sadly, the current volatility in the perceived value of cryptocurrencies leave holding assets primarily in cryptocurrency to be a dangerous strategy for the LAG Foundation Ltd, in the interests of ensuring that the Loki project can be securely funded for the next 3 years.

As such, the treasury of LAG Foundation Ltd will be comprised mostly of fiat currency until a suitable treasury management strategy can be devised.

Ongoing Funding

No further major sales of Loki coins are likely to take place. This begs the question, where will the Loki project receive its long-term funding from?

The Founders of this project intended to create a self-funding system so that users can be certain that no external influences drive the development funding of the Loki network in an undesirable direction. The Loki mainnet includes a 5% block reward that is issued to a wallet that LAG Foundation Ltd controls for this purpose.

This is an approach similar to other projects, such as the Zcash Founders reward, who, for the first 4 years of the network’s operation will receive a 20% block reward (some of which ends up in the hands of the Zcash Foundation), and the DASH project, who receive a 10% block reward from the network.

The Loki Foundation will continue to be funded in the long-term by this block reward. In the future, the community may decide that this reward is unnecessary or of too high or too low a proportion, in which case, a hard fork event may change the nature of this block reward split.

Technical Summary

This section will describe the process by which any third party can review and audit the wallets controlled by the Loki Foundation on the Loki blockchain to validate that the resolutions have been correctly followed. Auditors will need to have modified versions of the default wallet software in order to view some of these transactions, as the software by default is not set up to correctly view a second output in a coinbase transaction.

The first block in the Loki blockchain contains a block reward of 22,500,000 Loki. In order to view these outputs correctly, a patch is required to modify the wallet code to spot these unusual outputs, but can also be seen on the lokiblocks.com block explorer by looking at block #0.


Public Address: B5Q4XYTd11haHTeFd6mJQ4XBaaxQ9TXuNs7URbBjdLVPQT1WzB9ufzhBFAYibG8gBZsuE7VAj7dAh8W46G8EA3vDPbK1Pt

View Key: d905563f1cc0eada663d0491c78637490a07bd95f4bdb794c20ba605c8a91b00

Please understand that when looking at the premine wallet with the view key, it will show a balance ABOVE 22.5 Million. This is because a view key only allows you to see incoming  transactions. Due to the nature of transactions in Loki (inherited from Monero) most outgoing transactions send more than the desired amount, the remaining change is then sent back to the original address. The amount returned is considered an incoming transaction. The view key does not allow you to see outgoing transactions which is why the amount will look larger than it is in reality. When the funds from the premine wallet have been completely used we will post the key images of all outgoing transactions. Combined with the view key this will show the correct balance.
22.5 million is currently 15% of the total supply of Loki, however because of the inflationary tail emission scheme that has been built into the emissions curve, this percentage will diminish over time.

The network was bootstrapped and mined for approximately an hour before the code was released. The first publicly minable block was block 154. All 154 blocks were mined to a wallet controlled by the LAG Foundation Ltd. The reason the software was not immediately released upon the network’s creation was to ensure that the network was stable and that transfers were working between Foundation wallets. Though fairly inconsequential compared to the rest of the premine, the coins mined from these 154 blocks (approx 18,800 Loki) will be put to good use, as determined by the board of the Foundation in accordance with its constitution.

Every Loki block contains two outputs. One goes to the miner who constructs the block, and the other goes to the Governance wallet specified in the code. Other nodes check that this output was sent to the right place as a consensus rule. Auditors can check the Governance block reward wallet with the same patch to see incoming block rewards for 5% of the expected block reward.

Governance Wallet (BLOCK REWARD)

Public Address: LCFxT37LAogDn1jLQKf4y7aAqfi21DjovX9qyijaLYQSdrxY1U5VGcnMJMjWrD9RhjeK5Lym67wZ73uh9AujXLQ1RKmXEyL

View Key: 934f692dd8506dec9647602ce0b8f31ea92776b8a0d970d55107a7135c7b8409

For security reasons, we will not specify the exact nature of the wallet/private key management of wallets controlled by the LAG Foundation Ltd, but members of the community should know that many considerations have been made regarding the safe storage and usage of these wallets.

Once more, a reminder that the view key will only allow the user to see incoming transactions into the wallets. Key images can also be provided, but should not be considered as a trustworthy source, as no evidence of the ultimate recipient of coins can be derived from these key images.

We are keeping records of all of our transactions and collecting receipts and invoices for payments that are made and the Foundation will be subjected to an audit from a major accounting firm. The auditor will be granted access to the backend of these wallets and be given evidence to prove the validity of the destination addresses. We are in discussions with a number of highly reputable firms in order to produce a financial statement and report on the status of the Foundation’s wallets at the end of its first financial year. This report will be published on the Loki Foundation website when available.

I hope that this report has given you an idea about what we’ve been up to, and gives you a better sense of what we’re trying to build. If you have any questions, concerns, or suggestions, you can always find us on our Discord, or at [email protected]

Is Loki Trying to Compete With Monero?

There are a lot of community members who ask if Loki is trying to compete with Monero. At face value, it seems like an obvious assumption to make. However, our intention is to use Monero as a proven and solid basis to build an additional feature set that goes beyond anonymous payment systems. So long as Monero maintains its efforts to be the pinnacle of private transaction networks, it is unlikely that Loki will ever pose a ‘threat’ to the Monero project.

Competition is a funny concept when it comes to open source projects – any notion of a ‘market share’ is completely incidental to the perceived value of the work that open-source communities produce and what real world use cases that work enables. Crypto is an open marketplace of ideas. Loki is simply harnessing the ideas presented in Monero and using them in a way that we believe sits outside the current scope of the Monero project.

I find it comical to suggest that I, or any other person, could conceivably submit a pull request to the Monero GitHub that included a novel implementation of masternodes which used the network they form to send private communications and have it accepted and merged by the Monero community.

We receive a lot of criticism because of our intention to put a ‘masternode’ system on a Monero based blockchain. It seems that many community members simply don’t like masternodes – which is a fair stance when considering their history – but being so dismissive is hardly scientific. We have made significant efforts to redesign the masternode system so that the issues of centralisation seen in Dash and other masternode based coins are addressed. In theory, masternodes do solve a genuine problem. If Monero or any derivative thereof receives a high transaction volume to the degree that Bitcoin has, weak nodes will come under significant stress and struggle to propagate transactions, and will be dealing with an enormous blockchain that in Monero’s case, can not be pruned. Additionally if you have noticed issues connecting to remote nodes when using the Monerujo android wallet that is because the limited number of remote nodes available limits the quality of the user experience. With no concrete incentivisation of these nodes and as demand for them increases, fewer nodes are run, thus actually centralizing the network.

Bitcoin Core approaches this problem by focusing on making the blockchain as lightweight as possible, so that full nodes can be run anywhere (in theory). For good all privacy coins today, the blockchain bloat problem is always going to be worse, as you will always have to include more information in a transaction, so the ‘lightweight’ approach will not be as tenable in our opinion.

Furthermore, the masternode system allows us to convincingly use the full-node software to carry out secondary activities where the participants are incentivised to do so, while malicious actors have a high cost of entry. Without an economical framework, we would expect that any decentralised service could be (and historically have been) subject to resource deprivation and exploited by malicious actors whose participation allows them to perform attacks on the network and/or it’s users. The Tor network is a perfect example of this.

The purpose of Loki is to use this economic layer to enable a decentralised, anonymous networking protocol that can be used primarily for private communications. That economic layer needs a basis in proven technology, and the ideas presented in Monero are the obvious choice for the job.


Want to join the discussion? Join the subreddit! https://www.reddit.com/r/LokiProject/