Reuben Yap From Firo on Battle Hardened, Private Digital Cash

đŸ”„Crypto Fireside #37 — Interviews with crypto people.

Reuben Yap From Firo on Battle Hardened, Private Digital Cash
Reuben Yap.

đŸ”„Crypto Fireside #37 — Interviews with crypto people.

đŸ”„Hello! Who are you, and what do you do?

RY: Hello! I’m Reuben Yap and I’m from Malaysia. More specifically, I’m from a small city called Kuching on the island of Borneo where we are famous for our rainforests, our orangutans, and good food. I’m a huge geek with a love of anime, martial arts, and chess. I am also the head of a small Aikido school here. Before joining Firo (or Zcoin as it was known previously), I was a corporate lawyer for ten years and before leaving practice, I did a lot of studies for the state government on examining their laws and institutional frameworks. I’ve also run a few businesses from a VPN and other tech-related startups.

I’m the Project Steward and Co-Founder of Firo, a privacy-centric cryptocurrency. As the Project Steward, I help steward the coin’s direction and development for the benefit of Firo’s community. I also do a lot of the operational stuff from coordinating our developers and researchers, to liaising with exchanges and ecosystem partners.

Firo logo.

We’ve been instrumental in developing and creating some of the most important privacy protocols in the blockchain space. Firo is meant to form the foundation of an alternative financial infrastructure that empowers people, one that is private, uncensorable, and unseizable, much of what Bitcoin was supposed to be originally. We believe in the power of privacy tech to ensure the freedom of ordinary people from oppression and surveillance. In 2018, we were involved in the world’s first large-scale political election on the blockchain when the Thai Democrat Party used our blockchain for their primary elections and over 127,000 votes were cast nationwide which is an achievement that hasn’t been matched since.

Former Thai PM Abhisit Vejjajiva with Poramin Insom Firo Co-founder.

đŸ”„What’s the backstory, and how did FIRO come about?

RY: Personally, my privacy journey started when I returned from the UK to Malaysia after qualifying as a lawyer in 2007 and found that our local ISPs had started censoring the internet and also throttling certain forms of traffic. I started a VPN service and was sharing a server with someone I found on an internet forum which we then opened to the public. It became a big hit and was featured as one of the top VPN services in the world by Lifehacker. We quickly realized that VPN services, while completely legal, were frowned upon and seen as enabling illicit activity and were cut off from many payment platforms such as 2CheckOut and our local payment processors. The remaining processors charged exorbitant fees. For example, Paypal was charging 3.4% and USD0.30. When some of our packages were a mere USD3.70 this ate into our profits significantly. Fees to payment processors were a huge part of our cost.

We were then introduced to cryptocurrency payments and also being a privacy-focused service, I started delving into privacy coins such as Monero and Darkcoin (now Dash). We were the first online merchant in Malaysia to openly start accepting cryptocurrency payments back in 2013. I became an active member of the Darkcoin community but grew a bit disillusioned as they started focusing more on masternodes and deprioritizing privacy as a key feature. Don’t get me wrong, they’ve done a lot of cool stuff as well and we have adopted technologies from them such as InstantSend and Chainlocks but I always wanted to be with a project that was at the forefront of pushing privacy technology.

Some might ask then why did I not get involved more with Monero, the OG privacy coin? It was more of an initial bad experience that I had when I announced I was going to be accepting Darkcoin payments for my VPN service and I received a bunch of messages from Monero supporters that said if I accepted Darkcoin, I was a scam and they would effectively cancel me. It wasn’t the best first impression for sure! This opinion changed many years later when I had the opportunity to meet and hang out with many key Monero contributors at Monero Village at Defcon and I have deep respect for the project now and its goals.

I then came across Zcoin on the Bitcointalk forums in 2016. Back then Zcoin was just two people, Poramin, a master's student from John Hopkins University who was tasked with coding and implementation, and Gary, a Thiel Fellowship recipient who was in charge of investor relations, community, and marketing. I loved the whole concept of Zcoin as it was pioneering the use of a new privacy model with the Zerocoin protocol. Instead of mixing or obfuscation, it was the first privacy protocol to use zero-knowledge proofs to completely break the links by allowing people to burn their coins and redeem them for brand new ones with no previously associated transaction history. Poramin who was studying under Matthew Green at John Hopkins University was really excited about this protocol and his master's paper was about the practical implementation of Zerocoin. He wanted to make this a reality and this is how the Zcoin project was born.

I had been involved in almost all aspects of cryptocurrencies then from mining, trading, receiving it as a merchant, and many others, and wanted to see how it was being involved in a project so I offered to help out the Zcoin project in October 2016 on a part-time basis by making the technology more accessible and managing the growing community. This was very shortly after its launch of Zcoin’s mainnet on 28 September 2016.

The project took a big turn when there was a disagreement between Poramin and Gary. The community rallied behind Poramin and Gary left and took all the seed money that was earmarked for the project claiming that it was his. The project was left without funding which placed us in a tough situation and Poramin and I had to navigate through these tough times which extended my role past just being a community manager.

It was a bit of a baptism of fire as being underfunded, we also had to deal with progressing the project forward and also being subject to hacks and attacks. As a result, I acquired a lot of experience and knowledge on the job about the subtleties of privacy protocols and their inner workings. Gradually over time, I started taking over more duties and progressed to taking the role of COO after going full time at the end of 2017 and then finally Project Steward and Co-Founder as I was recognized as someone who helped grow the coin for most of its life.

We pioneered the use of Zerocoin (not to be confused with the Zerocash protocol used by Zcash), the first privacy protocol that used zero-knowledge proofs to burn and redeem coins which became one of the most widely used privacy protocols until its retirement due to a cryptographic flaw we discovered and responsibly disclosed. We then released Sigma, a modified version of Zerocoin that didn’t have a trusted setup and had much smaller proof sizes. This was again the first deployed privacy protocol in the world that used a specific zk proof called one-out-of-many proofs which now forms the basis of a whole family of privacy protocols such as Lelantus, Lelantus Spark, Lelantus-MW, Triptych, and Seraphis. In 2020, Zcoin was rebranded to Firo (pronounced fee-roh) to reflect that we no longer used the Zerocoin protocol and to make it sound closer to currency, and also to tie in with our privacy mechanism of burning coins.

Aram and Aaron (left and 2nd from left), cryptographers that came up with Lelantus Spark.

đŸ”„Describe the process of launching (or in your case re-launching) FIRO.

RY: Firo started as Zcoin in 2016 and had the first live implementation of Zerocoin, a completely new privacy protocol. We had some prominent seed investors including Roger Ver who provided us with some seed capital. Back then, the privacy scene was basically Darkcoin and Monero or other coins based on it. Zcash was launched a month after us with the Zerocash protocol. There was a lot of interest for sure but when we had that falling out between the co-founders, lost our seed funding and a hack after that, a lot of people wrote us off, and understandably so.

Despite these initial challenges, we powered through and we thank both the community and team members who have stuck with us through thick and thin. I think it’s a testament to the resiliency of the project, there were dedicated sustained attempts to take us down. I suppose you could say we are battle-hardened due to it.

Through this hardship, our team has evolved a lot to include world-class cryptographers and expert developers who have been behind very important contributions to the privacy cryptocurrency space. For instance, while we were the first to implement the Zerocoin protocol into production we also discovered and responsibly disclosed a cryptographic flaw in Zerocoin which was then one of the most widely used privacy protocols and saved a lot of projects from irreparable inflation.

We then further built on the Zerocoin idea with developments of Sigma, Lelantus, and most recently Lelantus Spark. These solved many issues on Zerocoin from removing trusted setup, improving scalability, hiding amounts, and having full flexible stealth address support. These developments have paved a way for a new family of privacy protocols that were inspired by our work such as Triptych, Seraphis, and Lelantus-MW.

This family of privacy protocols offers anonymity sets that are several magnitudes larger than RingCT-derived privacy protocols while still relying on standard cryptographic building blocks, no trusted setup, and have much fewer moving parts when compared to the zkSNARKs family of privacy protocols.

When we transitioned to the Lelantus protocol we felt that it was time for a fresh brand to go with it. While it remained the same chain, the name Zcoin was a bit of a crutch that despite our innovations and using completely different cryptography, we were often confused with Zcash. As mentioned previously Zcoin was named after the Zerocoin protocol that we used and since we had moved away from it, we wanted to have a name that was reflective of our vision beyond just being about a privacy protocol.

We first and foremost wanted to be currency and therefore had to have a name that sounded like a currency. We thought about how currencies were named such as the Euro, Yuan, Dollar, Pound, or Peso, and realized that they were all short and were easy to roll off the tongue. We also thought about how we wanted something that tied into our privacy mechanism of burning and redeeming coins while not tying it into a specific privacy protocol as these can change or evolve. After several iterations, we came up with Firo that embodied both of these themes together with images of Fire while remaining easy to say and unique at the same time.

Credit dining.gifts.

đŸ”„Describe your hybrid PoW and LLMQ Chainlocks Blockchain system in an easy-to-understand way and tell us why you chose it?

RY: Pure proof of work chains are susceptible to 51% attacks unless they are the dominant coin in that particular hardware class. For example, GPUs for Ethereum and CPUs for Monero or Bitcoin for SHA256 ASICs.

This can be challenging for newer or up-and-coming coins that do not have hardware dominance yet. We have seen how blockchains like Ethereum Classic, Horizen, Bitcoin Gold, Beam, Grin, and also Firo have all been 51% attacked regardless of whether they were secured by GPUs or ASICs. GPU mined chains are probably in a more difficult position since there are a lot more GPU mineable coins and the death of one GPU mineable coin would not affect the value of the underlying GPUs, unlike ASICs whereby if you attack the coin that you’re mining, you’re also affecting your investment.

Another problem with proof of work chains is the lack of finality in that you have to wait several confirmations before a transaction can be considered secure which is also subjective. This is because a longer chain with more accumulated proof of work can appear and reorganize transactions. This is a challenge to usability and adoption and some chains adopt very fast block times to mitigate this but also results in a lot of unnecessary bloat if most of the blocks are empty.

Long living masternode quorums (LLMQs), an innovation from Dash, solve this by creating a secondary layer of protection. Masternodes are nodes that have collateral backing them which provides resistance against Sybil attacks, meaning you cannot just simply spin up a million nodes, you need Firo backing it. There are currently over 4000 masternodes on Firo’s network.

Like its namesake, these masternodes organize themselves into groups/quorums of 400 nodes. At any one time, there are 4 of these quorums active. These quorums also are reformed every 12 hours introducing randomness which makes it difficult to pinpoint exactly which masternodes would be in a quorum. When a block is found on the network through the mining process, one of these 4 quorums will be deterministically picked to vote on the block. What they’re voting on is which block they saw first and once 60% of these nodes in a quorum vote on a particular block, that block gets ‘signed’. Once a block is signed, no other block can override it and this is why it’s called a ‘ChainLock’.

What this means in simple terms is:

  1. Blocks are final after 1 confirmation once signed by the LLMQs. This makes single deposit confirmations safe.
  2. To take over the chain, one needs to either disable a large number of masternodes to prevent the quorum from voting or control 40% of the total masternodes. The fact that a random quorum is picked on each block and the quorums are reformed every few hours makes it hard to target which masternodes to attack. Once they are disabled, an attacker will then need to amass enough hashrate to reorganize the chain while keeping the masternodes down at the same time.

This dual-layer protection greatly increases the cost of attack and provides transaction finality while retaining the decentralized nature of commodity hardware mining and distribution.

We are however always on the lookout for other cutting-edge technology to secure our chain without sacrificing decentralization or scalability such as Avalanche post-consensus.

đŸ”„What has worked to attract and retain users?

RY: The biggest thing that has worked for us has been elaborating the vision of Firo as private decentralized money and how our technology supports that vision along with its rationale. In a world where money is increasingly being weaponized as a tool of control, the use case of Firo is much more apparent. Unfortunately, privacy is one of those things that are only valued when privacy breaches happen or when our freedoms get taken away.

Being engaged with the community directly through our socials, instant messengers and community meetings instead of operating as a business has also been really important in creating community members that would stick with you. Giving recognition and shoutouts to community members that do good work also creates much more loyalty than pure remuneration.

Some of the best marketing efforts have been community-led such as Firo Punks, a completely community-led effort that allows Firo-themed NFTs to battle each other and has been listed on the Binance NFT marketplace. The creator Fahim even donated a portion of his mint proceeds to the core team to continue development which is great! We’ve also had another community member volunteer to step up to create a bi-weekly show called “Show me the Firo” which covers what’s new in Firo and privacy issues in the world today.

This fares much better than hosting paid AMAs or videos or hosting events/booths at conferences. Conferences are where you meet people in the industry and build partnerships or source talent as opposed to building your user base. At the end of the day, paying people to do work or pure airdrops is ineffective. Focusing on TA or price also leads to short-term traders that are fickle. While PR firms can help get coverage in crypto publications or podcasts, organic community reach often can achieve the same results if not better.

Utility is also extremely important and having places to use your FIRO in the real world gives legitimacy to its use case as a currency for e.g. our integrations with Travala and Locktrip allow you to spend FIRO for hotels and flights around the world! There’s something special about having your magic internet money buy you things in the meatspace.

The combination of PoW via GPU mining and masternode staking has also created a diverse community that is incentivized to participate and contribute to the project.

Moving forward, as the core technologies of Firo are solidified with Lelantus Spark, FiroPoW, LLMQ Chainlocks, and InstantSend, we now begin to expand Firo’s ecosystem starting with Elysium and focusing on becoming more than just a privacy coin, but a whole privacy ecosystem with Firo at its core from making your own private assets, bridging over assets from other chains to enjoy privacy or even privacy-preserving voting.

Firo Punks.

đŸ”„Take us through your daily process. What is it the co-founder of a privacy coin project does on a daily basis?

RY: I wake up in the morning, usually around 8 am, and I go to the local boxing gym where I train to get my body awake and my daily quota of exercise! After that, I go for an early brunch and a coffee, sometimes with friends, and get my daily social quota in. I generally start my workday around 11 am after cleaning up all ready to go but there are times I do have several meetings in the morning to cater to East Coast US people.

I then generally sit in front of the computer for a good part of the day with frequent stretch breaks. The day-to-day work is varied from attending development or research meetings, catching up on what’s going on within the Firo community, or discussions with contractors, partners, or other projects that we can work with. I also put some time aside to stay abreast of what’s going on in the privacy scene.

I’ll take a break for dinner, catch up with the wife a bit and then work until about 10 PM though at times this stretches on until midnight especially if there are meetings with people in other timezones. To unwind, I watch some Netflix, or YouTube or play video games.

My team is mostly located in Europe while I do have people in the US I work regularly with so arranging meeting times can be a challenge, and keeping a work-life balance or schedule since you’re switched on all days of the week and at all times. Often as the project steward, I have the responsibility to respect my colleague’s working hours hence I’m the one who has to meet their timing. We generally coordinate through Matrix with check-ins on how progress is coming along and ad-hoc meetings where needed. Our development is mainly guided through our Github, research in our Matrix channel, and community/socials through Trello. Our team has a lot of autonomy and my job is to just guide the development and research direction and ensure things get done despite everyone working from home or from their co-working spaces.

For some of our launches before public release, we let some long-term community members who have a more technical background get an early preview so that we can get feedback on the user experience or anything that we have missed out on.

đŸ”„What does the future look like for FIRO?

RY: This year is a very big one if not the biggest for Firo as we roll out two really big roadmap items, Lelantus Spark and Elysium. Lelantus Spark is a really innovative privacy protocol that really offers holistic privacy and flexibility while relying on simple and well-proven constructions. The cryptographic libraries have been coded and we’re in the process of implementing them into our wallet.

Elysium is on testnet and we are resolving some bugs before releasing it which begins our transition into becoming more than just a privacy coin but a privacy ecosystem and infrastructure for other chains. The idea behind Elysium is to allow others to build their own tokens or bridge their own tokens over from other chains such as stablecoins to allow people to use our privacy technology cheaply. Our partnership with DotOracle would allow the first bridges of stablecoins from Ethereum, Binance Smart Chain, Polygon, and a bunch of other chains off the bat but we also are exploring other options for bridging.

Elysium v2 on the other hand is already in the planning stage which would expand the functionality of this asset layer to support more advanced functions such as much easier bridging, NFT support, and greater DEX options. The vision is to be more than a privacy coin and instead be a privacy ecosystem that supports both native assets and allows easy bridging from other chains to enjoy the privacy provided by Firo cheaply. Elysium v2 would also implement Spark assets (Spats) which is a modification to Lelantus Spark that even hides the asset type being sent. This means that any asset sent on Elysium v2 be it a coin, a voting token, or even possibly NFTs would be indistinguishable from each other.

There are also some ongoing discussions about changing how our block reward is being divided between miners, masternodes, development, and the creation of a community fund. The community fund would be a great shift in making the project less reliant on the core team and slowly shift Firo into becoming totally community run which is the goal of any decentralized project.

Aura is an e-voting protocol that preserves privacy and is an important component in decentralizing governance. We are finalizing the details of this but it builds on Lelantus technology to allow voter privacy and also protects ballot progress. This also has applications for the rise in DAOs in other projects which for the most part the votes are done completely transparently.

In the next 1–2 years Firo enters a new stage of its life cycle. As our technology stack is solidifying, the core team’s focus turns to the development of an ecosystem backed by our technology, increasing the overall utility of Firo and strengthening and educating our community. I see Firo as not just a leader in the privacy coin space as Lelantus Spark rolls out but also becoming a privacy infrastructure for other chains to bridge their tokens to and enjoy privacy, utilize voting applications, and build their own privacy tokens on Firo.

I am super excited about the upcoming proposal for the creation of the community fund that has gained wide community support. This would allow the community to be directly funded to grow FIRO and promote greater community ownership and even further decentralization. The poll should be ending in 2 weeks and we’ll implement it in the coming quarter.

Lelantus Spark.

đŸ”„How is FIRO doing today? Let’s talk numbers!

RY: Being a UTXO and privacy chain makes it hard to assess absolute numbers but we do have several metrics that can be measured.

1,469,527 used addresses.

79,876 addresses that hold a balance.

21,035,777 transactions on the blockchain.

54,627 current Lelantus anonymity set.

Over 4,120,695.42 coins have been anonymized using our privacy tech (46.54% of supply).

We follow a Bitcoin emission schedule and at the time of writing Firo is at a USD $62.5 million market cap with a unit price of USD $4.81 per FIRO. Currently, 41.180% of our supply has been distributed.

There are currently over 4100 active masternodes which are also full nodes though there are also additional full nodes.

We have over a thousand unique active GPU miners at any one point in time.

Twitter followers: 81.8k

Discord: 11,454 members

Telegram: 4,657 members

Our Twitter and Discord numbers have been steadily growing.

Being a privacy project, our community is generally quite protective of their personal lives and our website doesn’t do any tracking. However, I can tell you, that we do have significant communities in the US, Europe, Turkey, Indonesia, and China.

đŸ”„Mistakes were made. What were they and what did you do?

RY: Zcoin/Firo has been a huge learning experience. When the project started in 2016, the crypto scene was very different and altcoins were born from simple Bitcoin forks with a change in mining algorithm, block times, or emission. When the Zcoin project started, we were naive to think that implementing a privacy protocol could be done with 1 or 2 developers and as a result, just a few months after launch, we suffered a vulnerability from a typo in the code and also had vulnerabilities in the cryptographic library. While we had later engaged cryptographers, a dedicated audit of the code and the cryptographic library might have spotted the errors sooner.

We also spent an inordinate amount of time and resources on MTP, a mining algorithm aimed at democratizing mining when we should have been focusing on our privacy technology while leaving mining algorithms to people with hardware knowledge. MTP, while revolutionary for its time, had many drawbacks, such as a large proof size and didn’t really achieve the desired parity between CPUs and GPUs due to faulty assumptions by the authors of the paper who were not hardware experts. This is why we moved away from MTP and switched to FiroPOW which is a ProgPOW variant that was written by experts on mining and mining hardware and therefore knew how to design a mining algorithm tailored for a hardware class.

One of the biggest mistakes we made was not being careful about picking seed investors. We had a total of 3 seed investors, Roger Ver, another prominent investor who wishes to remain anonymous, and one last investor who was brought in at a later stage. The first two investors had helped promote and also gave us additional financial support to get us listed on Huobi and sustain us during a prolonged bear market. The third one, while supportive initially, had a different vision for the project and actively wanted to centralize control with whales along with spending huge amounts on artificial pumps and marketing. He was brought in after our co-founder Gary had taken all the seed money for himself and we were desperate for funding to continue the project. When the community voted against his proposal to increase the masternode requirements by 4–5x to price out smaller holders, he felt that he had lost face and rage dumped our project for an entire year on important events strategically to prove his point.

đŸ”„What have been the most influential things in your life that affected your project? This can include books, podcasts, or people?

RY: Honestly, the way I got into crypto stemmed from my love of anime and in a roundabout way led me down this rabbit hole. I had returned from the UK back to Malaysia after completing my law degree and back then it was hard to get access to anime. My government had started censoring the internet and blocking p2p and that turned to overreach with censorship of political blogs and even a backdoor into everybody’s router (they all had the same admin password). What started as an attempt to retain access to my anime and fansubs, became a full-fledged VPN business which then faced many issues from payment processors who classified our business as high risk despite it being legal or charged super-high fees. This led to me discovering cryptocurrencies and in particular privacy cryptocurrencies as ways to continue receiving payments.

Edward Snowden, while controversial, really opened our eyes to the extent of government-sponsored mass surveillance and that it wasn’t just a conspiracy theory. The Netflix documentary, The Great Hack also made me aware how social media and the lack of privacy over our data was not just a personal issue but had serious ramifications over democracy and society which we are still experiencing today.

đŸ”„Do you have any advice for other creators, entrepreneurs, or developers who want to get started or are just beginning?

RY: Stay humble and remain open (but still critical). I have seen many crypto founders with their success, become overconfident with themselves and their viewpoints resulting in them just settling into their little echo bubble. You can be lauded as a leader and lambasted for being a scammer or a failure the next. Always stay grounded in your principles and reality.

Surround yourself with people who share your ideals yet are generous with honest feedback, regardless of how important, famous, or rich, they are, these will be the people that will share your vision and grow together with you while keeping you on the straight path.

đŸ”„Where do you see the blockchain, cryptocurrency, and decentralization space going in the next 5 to 10 years?

RY: We’re actually starting to see a worrying trend where access to our own money becomes a privilege, not a right. This used to be something we only imagine authoritarian countries doing but what happened in Canada is a huge wake-up call regardless of your stance on vaccinations. Economic warfare through sanctions and freezing of bank accounts is also a rather recent phenomenon and is probably going to increase especially with countries all having plans to implement their own CBDCs which would greatly make this a lot easier. Wide roll-outs of CBDCs will happen in the next 5–10 years but it won’t solve any of the key issues of fiat.

As a side effect of the weaponization of money, I also do see the gradual decline of the US Dollar as a global reserve currency though right now there aren’t any credible alternatives yet. Who knows, we might go back to the gold standard as people’s trust in fiat declines.

Cryptocurrencies without privacy don’t completely solve this as we are also seeing increased use of address blacklists or flags for reasons as small as using a mixer. I think we are beginning to see a resurgence of interest in privacy coins and cross-chain decentralized exchanges. This is why I believe privacy coins like Firo will be playing an important role in keeping access to money as a public utility.

While a controversial opinion, I also think that we will see the Bitcoin community start rethinking the 21 million supply limit or a shift in its consensus mechanism. There is this belief that Bitcoin miners can survive with reduced block rewards and live off fees alone though I seriously doubt that. The current trends of fees and transaction volume do not indicate that this would be possible. Much of the continued sustainability of miner security has been the continuous growth of Bitcoin’s price but it cannot forever go up and will reach maturity. I believe while there is still room for massive growth in Bitcoin’s price, it also has reached mass adoption and knowledge along with competing with many other alternatives. This will be a critical shift in the thinking and messaging around Bitcoin and the sooner people come to grips with this, the sooner we can agree on the best way forward lest it results in further fragmentation of Bitcoin.

đŸ”„Where can we go to learn more?

RY: https://firo.org

Telegram: https://t.me/fironews

Telegram News Channel: https://t.me/fironews

đŸ”„Thank you, Reuben!

Want to know how you can support Crypto Fireside?

Sign up below. It's free and easy đŸ”„.