Professional Documents
Culture Documents
The Cartesi Defi Presentation
The Cartesi Defi Presentation
There’s a new OS
www.thecartesi.io
FOUNDATION NOTICE
Cartesi is a blockchain-based operating system (“The Blockchain OS”) that aims to bring
mainstream scalability and convenience to developers and users of decentralized software
applications. The Cartesi technology continues to evolve through the efforts of a growing and
decentralized ecosystem of contributors.
The Cartesi Foundation is an active member of that ecosystem that provides funding, publicity,
and strategic support to the following activities, among others:
The Cartesi Foundation is a non-profit organization, but some of its activities or investments
may generate revenue. Any revenue or investment returns generated by the Foundation are
reinvested in the community (through initiatives such as the Cartesi Labs grant program) and
used to fund the activities of service providers and other contributors to the Cartesi ecosystem.
The above-described technology, upgrades, features, applications, content, and other activities
of the Cartesi Foundation are referred to in this Notice as our “Software, Content, and
Activities.”
Setting the legal jargon aside, we want everyone to understand the following:
over the technology than any other contributor or participant in the ecosystem. Anyone
can use it. Anyone can propose new features or upgrades. The Cartesi technology is
being built for everyone, to be governed by a decentralized community of stakeholders,
including token holders, stakers, DApp developers, DApp users, and other ecosystem
contributors and participants.
● When you use the Cartesi technology, or any applications running on the Cartesi
technology, you do so at your own risk. Unless we tell you otherwise in writing, we
are not responsible for, and make no representations or warranties regarding, the
Cartesi technology, its functioning, or any software running on it or associated with it.
● The Cartesi operating system is permissionless, meaning anyone who wants to
build an application to run on The Blockchain OS may do so, without authorization
from us or anyone else. Neither the Foundation nor its service providers are
responsible for the functioning of any applications that run on The Blockchain OS. Be
careful and always do your own due diligence before engaging with The Blockchain OS,
or any DApps that run on the OS, regardless of who built or implemented them. Never
assume that something will function how you expect it to without verifying it first.
● We want to be clear: The Cartesi Foundation does not censor who may use or
build on The Blockchain OS. Unless we tell you otherwise in writing, the goals,
visions, missions, beliefs, statements, or representations made by or associated with
DApps or DApp developers integrating The Blockchain OS do not reflect those of the
Cartesi Foundation or its service providers.
● You are responsible for the private keys to any wallet you use to hold CTSI or any
other coins or tokens, or to otherwise interact with The Blockchain OS or any
DApps running on it. Do not share your private keys with anyone. And don’t lose
them! Once lost, there is nothing that can be done to recover access to your blockchain
wallet.
● We attempt to comply with applicable laws, rules, and contractual obligations with
respect to our Software, Content, and Activities. However, that landscape is in constant
flux and differs from jurisdiction to jurisdiction. It is your responsibility to conduct
your own inquiry to ensure that your activity as it relates to The Blockchain OS
complies with all applicable laws, rules, and contractual obligations.
● Anytime we link to, quote, or otherwise reference a third party or reproduce or
incorporate their information, content, or material, it is solely for informational purposes
and we have not necessarily verified its accuracy.
● When we talk about ideas for the future of the Cartesi technology, we are
expressing our vision and hope that those ideas may one day become an
eventuality, without any guarantee or commitment that we will implement any of it,
or that it will work. The world of blockchain technology is new and fast-evolving. The
Cartesi technology is, and will continue to be, a first of its kind. There is no technological
precedent to follow. Our aspirations, estimates, predictions, and visions for the
future of the Cartesi technology are just those, and may change as a result of
further research, development, and an evolving technological landscape.
THE CORE
OF CARTESI
www.thecartesi.io
The Core of Cartesi
Augusto Teixeira Diego Nehab
Abstract of critical importance to all parties and therefore require global con-
sensus. Otherwise, for most interactions mediated by the blockchain,
Cartesi is a layer-2 platform for the development and deployment of it is perfectly safe to limit access and verification responsibility to
scalable decentralized applications. Cartesi DApps are composed of the few parties that can potentially be affected. The blockchain can
both blockchain and off-chain components. Off-chain components then be used to provide finality and to guarantee local consensus in
run inside Cartesi Nodes that represent the interests of each DApp the rare occasions where a dispute arises between these parties. In
user. Cartesi Nodes provide DApp developers with reproducible other words, global consensus is a precious resource that should be
Cartesi Machines, where large scale verifiable computations can used with parsimony. In recognition of this fact, layer-2 scalability
be run. These verifiable computations are easily integrated into solutions such as plasma, side chains, TrueBit, or state channels
smart contracts by powerful primitives that provide strong conflict- move as much data and computation as possible off-chain. Layer-1
resolution guarantees. More precisely, any dispute arising over the and 2 scalability solutions are discussed at some depth in section 2 .
result of computations run inside Cartesi Machines can be fairly
adjudicated at negligible cost on the blockchain. Cartesi Nodes also Computation environment Everycomputationthatcaninfluence
allow DApp developers to run native code. Native computations can a transaction, whether performed on-chain or off-chain, must be re-
leverage the node’s full processing power, including any available producible by all parties playing a validating role. Reproducible
GPUs. Whether performed natively by the node or inside Cartesi computational models must be self-contained and deterministic. In
Machines, off-chain components run under a complete Linux oper- other words, the complete state for the computation and the entire
ating system that provides the full ecosystem required by complex sequence of modifications to this state must be fully specified and
computations. Cartesi enables DApp developers to use all the pro- agreed upon. Sadly, real computing architectures were not designed
gramming languages, tools, libraries, software, and services they with these constraints in mind, and therefore are not reproducible.
are already familiar with. By moving most of the complex logic of Blockchain platforms solve this problem by employing custom vir-
their DApps to portable off-chain components, developers are freed tual machines (VMs) when processing smart contracts. These VMs
from the limitations and idiosyncrasies imposed by blockchains. In are reproducible, but also domain specific. On the one hand, they
this way, Cartesi empowers developers to select the best run-time offer native support for features useful to smart contracts (e.g., ac-
environment in which to host each part of their DApps. counting, rollback, associative memory, authentication, cryptogra-
phy etc). On the other hand, they lack valuable features found in
1 Introduction general-purpose architectures (e.g., floating-point arithmetic, virtual
memory, interrupts etc).
Public blockchains are mechanisms through which networks can The revolution in software capability the world experienced over
maintain decentralized consensus over a shared state. Typically, this the last few decades can be attributed to two key factors. The first
state holds, among other data, a payment system. The stake held by is an exponential increase in the speed at which modern hardware
participants in the resulting economy works as their incentive for platforms can process vast amounts of data. The second, and equally
making the state widely available to others and for rejecting invalid important, is the ever-increasing expressive power of software devel-
transactions. In this virtuous cycle, the payment system is built on opment environments. Indeed, general-purpose computations do not
top of the decentralized consensus, which only functions due to happen in isolation. Rather, they are assembled from inter-dependent
incentives created by the payment system itself. Both the payment building-blocks created by a worldwide collaboration of software
system and the consensus can then be used for other purposes. developers. These components and services rely on standard-library
As new applications for blockchain technology are envisioned, the facilities hosted by an underlying operating system (memory man-
demands on the underlying infrastructure are constantly increasing. agement, process management, file systems, networking, etc). It is
At the moment, the two major obstacles to widespread adoption of the operating system that ties everything together. Such facilities
blockchain technology are its poor scalability and lack of a solid are not available from the free-standing programming languages and
development environment. The main contribution of Cartesi to the compilers that typical blockchains offer to smart contract developers.
blockchain ecosystem is overcoming both these issues. Reproducibility and scalability concerns have made on-chain com-
Scalability Currently deployed consensus mechanisms are based putation environments very restrictive. To boost productivity and
widen the scope of blockchain development, we need a reproducible
on full redundancy [ Nakamoto 2009 ; Wood 2018 ]. They require
computation model that supports modern operating systems.
every transaction to be stored permanently and to be validated by
every participant. This inefficiency is the key limiting factor to the
growth of the transaction rate, the amount of data involved, and the Cartesi
intensity of computations within transactions. High transaction costs
and increased latency have become a barrier to many innovative This paper describes Cartesi, a layer-2 platform for the develop-
applications that would otherwise benefit from the flexibility that ment and deployment of scalable decentralized applications. Cartesi
smart contracts bring to the blockchain. DApps are hybrid , i.e., they include both blockchain and off-chain
components.
Attempts to improve blockchain scalability can be divided into
layer 1 and layer 2 solutions. Layer 1 scalability solutions change The off-chain component runs in a network of Cartesi Nodes (sec-
the underlying blockchain infrastructure itself. Examples include tion 6 ), each representing the interests of a DApp user. The off-chain
the optimization of block sizes, sharding, and Delegated Proof of component is further divided into two modalities. Native compu-
Stake (DPoS). Because they operate at the infrastructure level, these tations run directly in the host hardware. Although native compu-
solutions are burdened by the requirement of preserving global con- tations have access to the node’s full processing power (including
sensus. Certain aspects of the state, such as the payment system, are GPUs), the computations are not reproducible, at least not a pri-
1
www.thecartesi.io
ori. Reproducible computations run instead inside Cartesi Machines applications access to the tools, libraries, services, and software they
that are controlled by the Cartesi Node. These are general, fully are already familiar with, Cartesi chose to support Linux. A realistic
self-contained Linux systems, that run on a deterministic RISC-V ISA, such as RISC-V, is much better suited for this purpose.
architecture (section 3 ). Nodes interact with Cartesi Machines by
means of a well-defined host interface (section 4 ). One of the differences of greatest consequence is in how Cartesi
aligns the interest in off-chain computations with the responsibility
Within the blockchain, a Cartesi DApp can specify reproducible off- for their execution. In TrueBit, there is no such alignment. A smart
chain computations to be performed over large amounts of off-chain contract posts the computation to a pool of untrusted parties and
data (section 5 ). Cartesi Nodes can automatically follow these speci- waits for one of them to perform it off-chain and post the result
fications to perform the computations off-chain. DApp developers back. In this sense, TrueBit can be seen as a means for increasing
can instruct the nodes to submit results or verify and dispute results the computational power of individual smart contracts. Cheating is
submitted by others. From the blockchain’s perspective, undisputed prevented with a complex incentive layer that rewards pool members
computations take negligible resources. Even in case of disputes, the for successively disputing incorrect results. To keep the members
settlement cost is only the logarithm of the storage and time required engaged, computations with incorrect results must be artificially
during the computation. Off-chain, Cartesi Nodes never experience injected by the incentive layer. This inefficiency is a fundamental
more than twice the space and time required by the computation. In part of the design of TrueBit. Conversely, Cartesi can be seen as a
this way, Cartesi virtually eliminates the gap in storage and com- way for off-chain computations to be endorsed by a smart contract.
putation power between smart contracts and traditional computer All parties that could be affected by this endorsement are responsible
programs. for performing the computation off-chain and, if needed, starting
Moving computations off-chain brings several advantages beyond a dispute. Although the ensuing verification can be outsourced to
scalability. Cartesi Machines enable DApp developers to use all the a dispute resolution market (see section 6.2 ), there is no built-in
programming languages, tools, libraries, software, and services they inefficiency and no need for an incentive layer.
are already familiar with. Moreover, the way in which computations The large storage requirements of real-world computations pose a
are formulated is agnostic to the underlying blockchain. By isolating significant challenge that TrueBit does not address. Explicit repre-
all the complex smart-contract logic into reproducible off-chain com- sentations of code and data do not fit within the blockchain. Instead,
putations, developers can make their DApps more portable across a Cartesi Machine, together with its code and data, are represented
different blockchains. on-chain by a hash of its state. This arrangement allows for complex
The focus of this document is the core of Cartesi. It includes the transactions built from several rounds of off-chain computations to
full specification for the Cartesi Machine, the host interface for con- be fully specified. The states themselves are only ever known ex-
trolling it, the blockchain interface for specifying complex off-chain plicitly off-chain, by interested parties. Some applications can face
computations, and the Cartesi Node interface for performing and data availability issues to which Cartesi offers a range of original
verifying these computations. Higher-level tools, interfaces, and a solutions [ Teixeira and Nehab 2019a ].
variety of use cases built on top of this core functionality will be de-
Finally, Cartesi is committed to making off-chain computations
scribed in a future document [ Teixeira and Nehab 2019a ]. Detailed
portable across different blockchain platforms.
documentation on all interfaces, as well as the development environ-
ment for Cartesi Nodes and Cartesi Machines will be available from
the Cartesi SDK [ Teixeira and Nehab 2019b ]. 2.1 Other related technologies
2 Related work New blockchain technologies emerge at such a high rate that any
attempt at a comprehensive survey is doomed to become obsolete
The work most closely related to Cartesi is TrueBit [ Teutsch and before it is even published. Nevertheless, some general trends merit
Reitwießner 2017 ]. The connection between Cartesi and Truebit discussion. Specific examples cited in the discussion should be seen
comes from the fact that both technologies move intensive compu- as representatives of entire categories, rather than exhaustive lists.
tations off-chain and then, within the blockchain, use a verification
game [ Feige and Kilian 1997 ] to efficiently settle disputes regarding Layer-1 scalability solutions The scalability trilemma put forth
the results of these computations. Despite this similarity, many other by Buterin [ 2018a ] poses that no simple workaround can improve
design decisions set these two technologies apart. transaction throughput without reducing the decentralization or se-
curity of a blockchain. On the one hand, requiring higher throughput
TrueBit is based on WebAssembly [ 2018 ], a VM ISA designed by from nodes raises their operating cost, which centralizes power in
a W3C Community Group to support efficient web applications. 1
the hands of the few players that can afford them. On the other,
In contrast, Cartesi is based on RISC-V [ Waterman and Asanovi´c fragmenting consensus into independent chains makes each of them
2017a , b ], an open ISA designed in UC Berkley for implementation more vulnerable to 51% attacks.
by native hardware. The WebAssembly and RISC-V ISAs are of
similar complexity. The key difference is their position in relation to The two leading proposals for breaking the trillema are refinements
applications and the operating system. WebAssembly was designed of these two ideas. Delegated Proof of Stake (e.g., Larimer [ 2017 ])
to sit between applications and the underlying operating system. requires a small number of powerful nodes to validate every single
RISC-V is instead meant to sit under the operating system and the transaction. However, these nodes are democratically elected by all
applications it supports. TrueBit’s choice is consistent with a focus parties that hold a stake in the blockchain. The alternative proposal
on extending the computational power of smart contracts, which is to split the state and history into multiple shards that are verified
tend to operate under severely restricted environments. Real-world independently [ Buterin 2018b ]. These shards are then connected to
applications, however, cannot exist in isolation. They depend on a main chain in a way that reduces the odds of successful attacks.
rich, complex run-time environments that are invariably built on top
of a modern operating system. To give developers of decentralized Both ideas are expected to significantly improve the throughput of
transactions processed by the blockchain. They must nevertheless
1 It was originally based on the LLVM back-end for an obscure Myricom achieve universal consensus among nodes on each transaction. This
NIC embedded processor design used internally at Google. imposes a super-linear global cost as computation sizes grow.
2
www.thecartesi.io
Cartesi, on the other hand, is designed to achieve local (instead of very different from Cartesi’s. Future applications may wish to com-
universal) consensus over its computations. More precisely, only bine both technologies by running part of their native computations
affected parties are required to perform the computation, while inside hardware enclaves within Cartesi Nodes, or by running an
any possible dispute among them can be resolved in logarithmic entire Cartesi Node inside a hardware enclave.
time. This design allows for intensive computations to be performed
off-chain only by the impacted participants, who still enjoy strong Zero knowledge proofs Another approach to enable private and
conflict resolution guarantees. scalable computations on the blockchain is to use general purpose
In this way, DPoS and sharding are orthogonal to Cartesi. Cartesi zero-knowledge proof systems such as zk-SNARKS [ Blum et al.
benefits from the faster and cheaper transactions provided by the 1988 ; Bitansky et al. 2012 ] or zk-STARKS [ Ben-Sasson et al. 2018 ].
underlying infrastructure. Conversely, the blockchain benefits from These systems achieve verifications in a fast, non-interactive and
Cartesi’s ability to specify and adjudicate large-scale realistic com- private manner. However, the computations that can be specified
putations. within these models are very restrictive as they are derived from
arithmetic circuits without control flow. Therefore, they are not
Layer-2 scalability solutions Various solutions have been pro- Turing complete and cannot run arbitrary code.
posed on the second layer to increase blockchain scalability in terms
of transaction throughput, such as Plasma or State Channels. These In off-chain environments, this technology is reaching maturity
developments have particularities of their own, but are generally through projects such as Pinocchio [ Parno et al. 2013 ] and lib-
designed to register large amounts of transactions off-chain, which snark [ Ben-Sasson et al. 2013 ]. Meanwhile, zero-knowledge proofs
are only committed on-chain in order to reach finality or in the case have first appeared in blockchain technology with privacy coins,
of a dispute. A common requirement of these solutions is that the where shielded addresses protect the identities of parties involved
blockchain should be able to resolve any dispute that may arise (after in a transaction [ Miers et al. 2013 ; van Saberhangen 2013 ]. In the
a Plasma exit, or when a channel is closed). These exit mechanisms Metropolis (Byzantium) fork, Ethereum introduced zk-SNARKS
impose strong limitation on the maximum transaction size that either primitives into its virtual machine and some libraries have already
Plasma or State Channels can handle. So for example, if two parties started to be developed [ Schaeffer 2018 ]. In this context, Cartesi
disagree on an off-chain transaction that requires a large computa- can accelerate this development by bringing more mature off-chain
tion to be completed, they would be unable to settle who is correct implementations of zk-SNARKS, such as Pinocchio or libsnark,
on the main chain. directly into the blockchain.
Cartesi can greatly improve these technologies, as it allows both a Compilers and Virtual Machines Besides the scalability solu-
Plasma chain or a State Channel to specify full Cartesi computations tions mentioned above, several projects try to provide different
within its transactions. And in case a dispute lifts the computation languages for developers to write smart contracts in, such as Vyper,
to the main chain, the settlement can still be efficiently and safely LLL, Bamboo, etc. Although these projects provide a welcome set
resolved. of languages and tools for the development of smart contracts, they
do not fully alleviate the most fundamental restrictions that currently
Reputation solutions Several projects intend to bring large scale hamper blockchain development. The main reason being that all
and flexible computations to the blockchain by relying on a system these languages run on a free standing environment and therefore
of redundancy, reputation, and verification (e.g., SONM [ 2018 ], they do not offer the advantages that come with Cartesi’s underlying
Golem [ 2016 ], and iExec [ 2017 ]). Although all these systems have operating system, as described in section 3 below.
different designs, the main idea is that computations are sent to a
pool of off-chain providers, who submit their results independently.
If someone challenges the presented results, a randomly assigned 3 Cartesi Machine specification
verifier decides on the correct outcome.
The Cartesi Machine is a self-contained and deterministic computa-
Although these systems have a built-in reputation mechanism to tional model that can host modern operating systems. Real-world
discourage misbehavior, it is not yet clear whether they are resistant computations happen inside operating systems for good reasons.
to collusions or bribing in case the outcome of a computation can Developers are trained to use toolchains that operate at the highest
have financial consequences. Cartesi gives instead mathematical possible abstraction level for any given job. These toolchains isolate
guarantees on its dispute resolutions. them from irrelevant hardware details and even from the particulars
Trusted execution environment Several projects are integrating of a given operating system. Inventing an ad-hoc new architecture
would then require the porting of a toolchain and operating sys-
enclaves (e.g., Intel’s SGX, ARM’s TrustZone, or AMD’s SEV) with
tem. Instead, Cartesi Machines are based on a proven architecture
the blockchain [ TEEX 2018 ; Song et al. 2018 ; Enigma 2018 ; Cheng
for which a standard toolchain and operating system are already
et al. 2018 ]. In a nutshell, enclaves are hardware-supported features
available.
that allow user-level code to create an execution environment whose
privacy and integrity is protected even from processes running at On the other hand, off-chain computations performed by Cartesi
higher privilege levels. Machines must be verifiable by a blockchain. The blockchain must
Computations running inside enclaves are not, a priori, reproducible. therefore host a reference implementation of the entire architec-
Using remote attestation in lieu of verification is equivalent to trust- ture. If it is ever to be trusted, this implementation must be easily
ing the hardware manufacturer. Whether this level of centralization auditable. To that end, both the architecture and the implementa-
is justifiable or not depends on the application at hand, the manu- tion must be open and relatively simple. Together, these require-
facturer’s competence, and on the potential for conflicts of interest. ments point to RISC-V. The RISC-V ISA is based on a minimal
Even setting these issues aside, privacy is not always guaranteed, 32-bit integer instruction set to which several extensions can be
as recent attacks show [ Weichbrodt et al. 2016 ; Brasser et al. 2017 ; added [ Waterman and Asanovi´c 2017a ]. Orthogonally, operand and
Moghimi et al. 2017 ; Lee et al. 2017 ]. address-space widths can be extended to 64 -bits (or even 128 -bits).
Additionally, the standard defines a privileged architecture [ Water-
Enclaves may yet play an important role in the future of blockchain man and Asanovi´c 2017b ] with features commonly used by modern
technology. However, their threat model and security guarantees are operating systems, such as multiple privilege levels, paged-based
3
www.thecartesi.io
Table 1: Instruction counts by extension. Entries in the form x + y
refer to 32- and 64-bit variants of the same facility.
The Cartesi Machine can be separated into a processor and a board. mvendorid is used to test for matching on-chain and off-chain
The processor performs the computations, executing the traditional implementations. mimplid is incremented with each update to a
fetch-execute loop while maintaining a variety of registers. The matching pair. The remaining default state is set to zero.
board defines the surrounding environment with an assortment of
memories (ROM, RAM, flash) and devices. To make verification 3.2 The board
possible, Cartesi Machines map their entire state to physical mem-
ory in a well-defined way. This includes the internal states of the The interaction between board and processor happens through de-
processor, the board, and of all attached devices. Fortunately, this vices mapped to the processor’s physical address space. Table 3
modification does not limit the operating system or the applications shows this mapping. There are 64KiB of ROM starting at address
it hosts in any significant way. 0x1000, where execution starts. The central role of this ROM is
holding the devicetree [ DTSpec 2017 ] describing the system hard-
3.1 The processor ware. Inaddition, abootstrapprogramatROM-basesetsregister x10
to 0 (the value of mhartid), x11 to point to the devicetree, and then
Following RISC-V terminology, Cartesi Machines implement the jumps to RAM-base at 0x80000000. This is where the entry point
RV64IMASU ISA. The letters after RV specify the extension set. of the boot image is expected to reside. Finally, a number of addi-
This selection corresponds to a 64-bit machine, Integer arithmetic tional physical memory ranges can be set aside for flash-memory
with Multiplication and division, Atomic operations, as well as the devices. These will typically be preloaded with file-system images.
optional Supervisor and User privilege levels. In addition, Cartesi
2 The x86 ISA defines at least 2000 (potentially complex) instructions.
Machines support the Sv48 mode of address translation and memory
4
www.thecartesi.io
Table 3: Physical memory layout for a Cartesi Machine.
The next two approaches add the F or D extensions to the ISA. The most important of these primitives is the Cartesi Machine. Smart
Naturally, this means the off-chain machine must implement all contracts cannot afford to store the states for a Cartesi Machine
RISC-V floating-point instructions. Furthermore, the blockchain within the blockchain, let alone perform the implied computations.
verifier must include a perfectly matching implementation. After all, the costs in terms of processing power and storage capacity
would both be prohibitive. To solve these problems, Cartesi uses
Emulation by native integers In this approach, floating-point cryptographic hashes to concisely represent machine states in the
instructions are still emulated off-chain. However, the emulation blockchain. From the blockchain’s perspective, a computation is
now uses native integer instructions, rather than RISC-V integer simply a pair of hashes corresponding to the initial and final states of
instructions. There are several high-quality open-source soft-float the machine. The contents of the memory subtended by such hashes
implementations from which to choose [ Bellard 2016 ; Houser 2017 ]. are known only off-chain. Cartesi defines a variety of additional
This makes the off-chain machine even faster. primitives that allow smart contracts to conveniently manipulate the
contents of the states corresponding to these hashes.
Native off-chain floating-point The next step in performance
comes from using native floating-point instructions off-chain. Ob- 5.1 Machine state representation by hashes
taining reproducible results from two distinct fully conforming
IEEE 754-2008 implementations requires the cooperation between Merkle trees [ Merkle 1979 ] are binary trees where each node con-
language standards, compilers, and, most regrettably, users. The tains a hash. In Cartesi, Merkle trees are based on the keccak hash
prospects are improved in Cartesi’s context, since the reference im- function [ Dworkin 2015 ].3 Let s be a Cartesi Machine state, giving
plementation controls all these components and can fully specify the entire contents of its 64-bit address space. The Merkle tree m
any omissions in the standard. These corner cases include, but are for s , or, equivalently, its root node, is
not limited to, underflows, the sign of zero, and operations involv-
ing infinity or NaNs. Even with the added overhead, this approach m = merkle ( s ) . (2)
should be the fastest one off-chain.
The tree is built up from its leaves in the following way. First, the
At present, the emulator makes the first two options available, that is, state is partitioned into 2 61 64-bit words. The tree leaves contain
floating-point is emulated by RISC-V integer instructions. Support the hashes for these words. Since there is no chance for ambiguity,
for the next two alternatives is planned for the future, when demand we can simplify notation by identifying each node in the tree with
for faster floating-point grows. the associated hash. Then, internal nodes v in the tree are built from
their two children u 1 and u 2 by the relation
5 Cartesi Machines in the blockchain v = keccak ( u 1 ,u 2 ) . (3)
Here, keccak computes the hash of the concatenation of two input
Recall that Cartesi is a platform for the development of decentralized
hashes. The procedure builds a tree of depth 61. The set of nodes
applications. Cartesi DApps enable parties that do not trust each at depth d partition the state into 2 d ranges with 2 64 − d bytes each.
other to enter into a binding contract in the blockchain that depends
Each node can therefore be identified by its depth and the starting
on the results of off-chain computations. It is convenient to use the address a for its range, which is aligned to a 2 64 − d boundary.
characters Alice and Bob to represent these parties. Note that Alice
and Bob are roles, not people. They may even represent competing Figure 5 shows a sample machine state s . It has the special property
collective interests. In fact, both roles will be played automatically that devices have been aligned to nodes in m . For example, node v 4
by Cartesi Nodes that defend the interests of whomever controls subtends everything in the machine apart from the flash devices. It
the off-chain computer where the node runs. Cartesi DApps are covers the shadows of the processor and the board, the ROM, the
therefore a collaboration between a set of smart contracts running CLINT and HTIF devices, and the RAM. Nodes v 0 –v 3 and v 5 each
in the blockchain, and the off-chain software running on Alice’s cover an independent flash device.
and Bob’s nodes. As a general rule, the same DApp developer is
responsible for the smart contracts and the Dapp specific off-chain 3 This eases integration with the Ethereum blockchain. Like Ethereum,
software. The role of DApp developer will be played by Charlie. Cartesiassumesthereisnopracticalwaytoengineercollisionsforthe keccak
Alice and Bob trust Charlie, otherwise they would not engage with hash function.
8
www.thecartesi.io
Moreover, given a valid proof for v in m , the same procedure can
be used to attest that a root hash m results from replacing v in m
with any given node v . These verifications are very efficient, each
requiring only d applications of the keccak hash.
We are now ready to define the first two Cartesi primitives
v = slice ( m,a,d) and m = splice ( m,a,d,v ) . (7)
In the absence of disputes, slice returns v and splice returns the
result m of replacing v in m with v . To successfully defend these
results in disputes, one can simply present siblings ( m,a,d) and v
to the blockchain.
For convenience, Cartesi defines two additional primitives
9
www.thecartesi.io
total incurred off-chain computation is O ( n log n ) . However, by several machines that exchange data with each other. An empty
preserving a snapshot of s i , they can bring the cost down to O ( n ) . DAG is first initialized with a call to:
Settling the dispute At this point, the blockchain has found the dag = dag()
disagreement step [ i,i + 1] , where i ∈ { 0 ,...,n − 1 } . It knows
both m i and m i +1 according to Bob. Alice agrees with m i , but dis- Each DAG vertex corresponds to a primitive. A primitive’s inputs
putes m i +1 . To decide the party with just cause, the blockchain must come from the outputs of its children vertices. The primitive’s output
effectively compute m i +1 = merkle step ( s i ) and compare it with can in turn serve as input to one or more primitives.
Bob’s m i +1 . However, the blockchain does not have unrestricted
access to s i . All it has is the root hash m i = merkle ( s i ) . Primitives are divided into two categories. Disputable primitives
behave as future values promised to Alice by Bob. Their outputs are
Alice is expected to post her off-chain state access log for step ( s i ) to set by Bob, and must be accepted or disputed by Alice. Disputable
a memory manager contract. Off-chain, these accesses progressively primitives can only appear as internal vertices in the expression
modify the state s i = ( s i ) 0 into ( s i ) 1 , ( s i ) 2 ,... until after the DAG. They are the read , write , slice , splice , step , and compute
k th and last access it becomes ( s i ) k = s i +1 . All machine steps primitives described in sections 5.1 and 5.2 .
take O (1) time to simulate and number k of accesses is always small.
Constant primitives have their outputs set by Charlie. They are are
Entry j in the log, for j ∈ { 1 ,...,k } , contains implicitly accepted by both Alice and Bob throughout their interac-
1. An operation o j for the access (read or write); tions with Charlie’s DApp. These primitives potentially represent
2. An address a j for the access; large chunks of data and the availability of their contents has to be
3. The word r j at a j in ( s i ) j − 1 ; guaranteed by Charlie, possibly with help from our data availability
3 . In case of writes, the word w j at a j in ( s i ) j ; primitives. Naturally, word, hash, string, and id literals are constants.
4. The siblings ( m i ) j − 1 ,a j , 61 . Cartesi’s blob , resource , and machine primitives, described below,
are also constant. Only constant primitives can appear as DAG
The blockchain implementation for the step function is hosted by leaves.
an emulator contract . Alice’s off-chain implementation must match
this blockchain implementation down to the order in which the state Cartesi supported constant and future types are:
accesses are logged. As a benefit of this restriction, the blockchain
implementation can read and write to the state as if itswhole contents constant ::= word | hash | string | id
disputable ::= word-future | hash-future
were available. During its execution, the reference step function
issues a sequence of state accesses to the memory manager. As long Constant primitives accept only constants as input. In contrast,
as the accesses match Alice’s log, everything works transparently. disputable primitives accept both constants and disputables:
Formally, as the reference step function performs k accesses, the word-type ::= word | word-future
memory manager progressively updates m i = ( m i ) 0 to ( m i ) 1 ,
hash-type ::= hash | hash-future
( m i ) 2 , ..., until it reaches ( m i ) k . Access j , for j ∈ { 1 ,...,k } ,
contains the following information Constant primitives Blob primitives represent arbitrary binary
1. An operation o j for the access (read or write); data stored in the blockchain. The provided hash gives the output.
2. An address a j for the access; It must match the root hash for a Merkle tree built from the data,
3. In case of writes, the word w j to be written. padded with zeros to 2 64 − depth bytes:
hash-future = dag :compute{ For completeness, hashes can also be tested for equality and used as
initial-state = hash-type , input for a conditional:
steps = word-type
} word-future = dag :eq( hash-type , hash-type )
word-future = dag :neq( hash-type , hash-type )
The Merkle tree manipulation primitives slice, splice, read, and hash-future = dag :if{
write are available as: condition = word-type ,
hash-future = dag :slice{ if-true = hash-type ,
root = hash-type , if-false = hash-type
address = word-type , }
depth = word-type
} DAG and vertex interfaces Charlie must define the identity of
the players for the roles of Alice and Bob. Recall that Bob proposes
hash-future = dag :splice{ a result and Alice can object or accept it:
root = hash-type ,
address = word-type , dag :proposing-role{id = id , stake = word }
depth = word-type , dag :objecting-role{id = id , stake = word }
target = hash-type
} The stake argument gives the price for buying Alice’s or Bob’s
word-future = dag :read{ position. It measures what is at stake for each of them depending on
root = hash-type , the results of the computation. Charlie sets this value to facilitate
address = word-type Alice and Bob to delegating their roles (section 6.2 ).
}
Primitive creation functions return:
hash-future = dag :write{
root = hash-type , vertex ::= constant | disputable
address = word-type ,
word = word-type A DAG may contain multiple disconnected sub-DAGs. To specify
} or retrieve the root vertex for the DAG, Charlie invokes:
Cartesi also provides a variety of simple primitives that increase the dag :root( vertex )
expressive power of expressions. Disputes over such primitives can This value can be later obtained by anyone that calls:
be settled within the blockchain directly from their inputs. Several
binary operations on words have the signature: vertex = dag :root()
word-future = dag : bin-op ( word-type , word-type ) The primitive for any vertex can be queried:
and mirror the RISC-V ISA.They can be divided into arithmetic: primitive = vertex :primitive()
primitive ::= word | hash | string |
add, sub, mul, mulh, mulhu, mulhsu, blob | resource | machine |
div, divu, rem, remu, sll, srl, sra; read | write | slice | splice |
add | sub | ... | geu | if |
bitwise: word4 | keccak | keccak-hh | eq-hh | if-hh
or, and, xor; Likewise, the children can be obtained by name or index:
and comparisons: vertex = vertex :child-by-index( word )
vertex = vertex :child-by-name( string )
eq, ne, lt, ltu, ge, geu.
Together, the primitive and child functions enable the entire
Signed integers are represented by two’s complement. Boolean sub-DAG reachable from a vertex to be traversed.
values are returned as words where 1 means true and 0 means false.
The DAGs and vertices can change state during their lifetimes:
Conversely, when a Boolean value is expected by a conditional, 0 is
considered false and any other value is considered true. dag-state ::= undefined | proposed | accepted |
objected | sustained | overruled
Conditionals are available as ternary if primitives whose output is
set to if-true if condition is true, and if-false otherwise: vertex-state ::= undefined | proposed | accepted
11
www.thecartesi.io
Constant vertices are always in the accepted state. At construction,
the DAG and all its disputable vertices are in the undefined state.
These states can be obtained from the DAG and vertex objects:
dag-state = dag :state()
vertex-state = vertex :state()
Proposing the value of any vertex changes its state to proposed: Figure 6: Expression DAG corresponding to the decryptor example.
Constant vertices corresponding to literal values have been omitted
vertex :propose-hash( hash ) for brevity. Variable names are shown in gray.
vertex :propose-word( word )
www.thecartesi.io
value stored in the payload of HTIF’s tohost register tells if the To download the data for all constant nodes in the main sub-DAG
machine halted after it was done decrypting. Figure 6 shows the and verify the computed hashes match the declared hashes:
corresponding DAG, with literal values (i.e., strings, words, and
download-status = off-dag :download{timeout = word }
hashes) omitted.
Charlie oversees Alice’s and Bob’s interaction with the DAG and its download-status ::= accepted | failed | timedout
vertices. After all, Charlie is responsible for the blockchain DApp Once download is complete, all vertices in the main sub-DAG can
component where these objects live. Charlie’s software acting on be evaluated with a single call to:
Alice or Bob’s behalf can issue events that trigger reactions from the
Cartesi Nodes representing Alice and Bob. These reactions are also off-dag :evaluate()
under Charlie’s control, since he is in charge of the off-chain DApp The upload method submits results back to the blockchain. It also
components installed in their nodes. He must, as usual, protect his isolates DApp developers from the details of any potential dispute:
DApp against attacks by rogue users. Cartesi simplifies part of this
process by encapsulating access control in all DAG operations. off-dag :upload{fee = word }
www.thecartesi.io
We’ve taken 30 years of software development and given it a new home. To the
makers and mavericks, the dreamers and the pioneers, we say welcome..
Cartesi is the rst Blockchain OS. It allows developers to build decentralized logic
with Linux and standard programming environments preserving the decentralization
and security of blockchains. That means moving beyond Solidity and coding smart
contracts with rich software tools, libraries, and services developers are used to. All
while, free from scalability limits.
Scalable
Cartesi provides an over 10,000x increase to computational scalability for
blockchain.
Sophisticated
The Blockchain OS allows for much more sophisticated decentralized applications,
which would otherwise be impossible on layer-1.
Secure
Cartesi endows traditional applications with the same level of security guarantees
achieved by the underlying blockchain.
Privacy guaranteed
From games where players conceal their data to enterprise applications that run
on sensitive data, The Blockchain OS preserves privacy on your applications.
14
fi
CTSI
TOKEN
www.thecartesi.io
The token for The Blockchain OS has been designed to overcome the problems of
scalability and inconvenience of blockchain applications. CTSI is the fuel of the
network. When you use and stake CTSI, you collaborate with decentralization,
security, and convenience for The Blockchain OS.
www.thecartesi.io
EARN
WITH OUR
AFFILIATE PROGRAM
www.thecartesi.io
Earn More with Cartesi
Opportunity
Cartesi System stands rmly in support of nancial freedom and the liberty that
Bitcoin provides globally for anyone to voluntarily participate in a permission-less and
decentralized network Every person becomes a companion of the person who joins
it based on your team and token purchase, the software automatically determines its
dividend and provides your share immediately. It works by a special type of OS that is
the world's nest, fast and unique creation it is designed in such a way that it will
remain as the internet remains in the world, and this software will continue to work.
The data contained in it is completely secure and hidden. The data of its registered
users cannot be viewed in any way. Only the user is able to access his data on his
own. Cartesi System is committed to giving more bene ts to its members.
Competitive Compensation
Cartesi BELIEF IN GROWTH, HONESTY AND DEVELOPMENT Running on with
BEP20 & ERC20.
fi
fi
fi
fi
www.thecartesi.io
Why Cartesi Af liate
Instant Withdrawal.
LifeTime Benefits.
100% Distribution.
30 Years Of Experience.
BNB is also a natural medium currency for all BSC based tokens.
www.thecartesi.io
Registration Process
Go To Browser Option
Minimum Fee - $ 50
20% 20%
20% 20%
20%
OS Revenue 20%
The 100% Distribution Algorithm Makes Cartesi More Strong and Trustable,
www.thecartesi.io
Cartesi Revenue
For Example :-
20% from every Deposit will go for Cartesi Revenue, and every day it will be equally distributed to
all The Cartesi USERS who enrolled in The Cartesi Affiliate Program
www.thecartesi.io
Introducer Revenue
For Example :-
Total Introducer : 8 20 50
Get 20% from every Introducer, When they deposit any amount
www.thecartesi.io
OS Revenue
For Example :-
Total Deposit : $1000000 $100000 $10000
Once you complete the above condition then you are a part OS Revenue, 20% from every Deposit
will be goes for OS Revenue, And every week it will be equally distributed to all OS Revenue
Achievers
For Example :-
OS 1 10 (LEVEL 2) 40%
For Example :-
Your Rank : OS 1 OS 3 OS 4
20% from your team deposit will be going to The Appraisal Revenue, And you will get The
Appraisal revenue according to your rank from unlimited depth, if any user achieved any rank then
you get differential
www.thecartesi.io
Wallet & Working Terms
After 200% Your Cartesi Revenue will stop you need to Re-deposit to get more
Cartesi Revenue. In 200% Your All Revenue will be included.
Introducer Revenue will goes to CTSI Wallet once you earned 200% from Revenue
COMPENSATION
PLAN
HIGHLIGHTS
www.thecartesi.io
Compensation Plan
Invest As little as USD 100
And as much as you wish to.
Token sale ongoing at exchanges.
People buying every second
www.thecartesi.io