1/ Thread from the @SimonsInstitute workshop on:
Blockchain in Society: Applications, Economics, Law, and Ethics.
Schedule and livestream here: simons.berkeley.edu/workshops/sche…
Blockchain in Society: Applications, Economics, Law, and Ethics.
Schedule and livestream here: simons.berkeley.edu/workshops/sche…
1a/ First, Kobbi Nissim on "Predicate Signaling Out". (PSO)
AFAIU, it is a technical definition of privacy that formalizes the legal requirements of GDPR. (Asks the question—when could an adversary "signal out" a single person/row from a database?)
arxiv.org/abs/1904.06009
AFAIU, it is a technical definition of privacy that formalizes the legal requirements of GDPR. (Asks the question—when could an adversary "signal out" a single person/row from a database?)
arxiv.org/abs/1904.06009
1b/ I didn't really understand the math of PSO, but some other learnings:
-Differential privacy (DP) and k-anonymity are defined mathematically. Contextual Integrity and Robot Lawyers are defined with formal logic.
-Nissim tried to create a math def of FERPA. It ended up ~= DP.
-Differential privacy (DP) and k-anonymity are defined mathematically. Contextual Integrity and Robot Lawyers are defined with formal logic.
-Nissim tried to create a math def of FERPA. It ended up ~= DP.
1c/ Intuitively, k-anonymity should conform with PSO. (k-anon creates k rows that are anon w.r.t. each other. PSO is all about singling out *one* row.)
But, surprisingly, k-anon does not conform with PSO! (Why? Maths that I didn't understand.)
But, surprisingly, k-anon does not conform with PSO! (Why? Maths that I didn't understand.)
2a/ @BKCHarvard's @yaoeo now begins a talk on "Regulation through Governance".
First, Prim explains on-chain vs. off-chain governance.
- On-chain is enforcement BY the infrastructure. Enforcement of rules.
- Off-chain is enforcement OF the infrastructure. Creation of rules.
First, Prim explains on-chain vs. off-chain governance.
- On-chain is enforcement BY the infrastructure. Enforcement of rules.
- Off-chain is enforcement OF the infrastructure. Creation of rules.
@yaoeo @aantonop 3/ I don't have deep notes on @mysteryfigure's talk (on Game Theory).
But I do love this graph (that shows how mining pools have increased as a % of total hash rate).
nber.org/papers/w25592.…
But I do love this graph (that shows how mining pools have increased as a % of total hash rate).
nber.org/papers/w25592.…
@yaoeo @aantonop @mysteryfigure 4a/ @elibensasson from @starkwareltd gives a talk on "Inclusive Accountability at Scale via Proofs".
See @riabhutoria's: medium.com/circle-researc…
See @riabhutoria's: medium.com/circle-researc…
4b/ @EliBenSasson Key idea is: What are the best ways to get *computational integrity*? (Executing a program and reporting its output in a reliable way.)
4 ways:
- Naive Replay
- Delegated Accountability
- Trusted Execution Environments (SGX, etc.)
- ZKPs
4 ways:
- Naive Replay
- Delegated Accountability
- Trusted Execution Environments (SGX, etc.)
- ZKPs
4c/ @EliBenSasson
Each has tradeoff space around privacy, scalability, trust, and attack vectors.
Right now, 99% of computational integrity is done with Naive Replay or Delegated Accountability. But Eli is (obviously) excited by using more ZKPs.
Each has tradeoff space around privacy, scalability, trust, and attack vectors.
Right now, 99% of computational integrity is done with Naive Replay or Delegated Accountability. But Eli is (obviously) excited by using more ZKPs.
@EliBenSasson 4d/ Good addition from @josephbonneau:
To add a 5th option for CI: fraud-proofs (e.g. @Truebitprotocol @offchainlabs).
With these, the trust is in "economics". (The game theoretical equilibrium of the incentives.)
To add a 5th option for CI: fraud-proofs (e.g. @Truebitprotocol @offchainlabs).
With these, the trust is in "economics". (The game theoretical equilibrium of the incentives.)
@EliBenSasson @josephbonneau @Truebitprotocol @OffchainLabs 4e/ imo, @EliBenSasson does a great job of responding to questions.
1. He listens to the question/comment
2. Then reflects it. "If I understand correctly, you're saying..."
3. *Then* responds.
Almost no one does #2. But it's crucial!
1. He listens to the question/comment
2. Then reflects it. "If I understand correctly, you're saying..."
3. *Then* responds.
Almost no one does #2. But it's crucial!
@EliBenSasson @josephbonneau @Truebitprotocol @OffchainLabs 4f/ @EliBenSasson moves to accountability.
Traditionally, we've had "delegated accountability": use a trusted third party to verify the system.
With blockchains, we have "inclusive accountability": *anyone* can verify the system.
But this sacrifices privacy and scalability.
Traditionally, we've had "delegated accountability": use a trusted third party to verify the system.
With blockchains, we have "inclusive accountability": *anyone* can verify the system.
But this sacrifices privacy and scalability.
@EliBenSasson @josephbonneau @Truebitprotocol @OffchainLabs 4g/ And the key idea is that ZKPs (zkSTARKs) can add privacy and scalability, while still having inclusive accountability.
(The best of both worlds!)
(The best of both worlds!)
@EliBenSasson @josephbonneau @Truebitprotocol @OffchainLabs 5a/ *Super* interesting discussion by @angela_walch on "Miners as Blockchain Intermediaries."
tl;dr: claiming that blockchain doesn't have intermediaries is wrong. Miners are intermediaries.
tl;dr: claiming that blockchain doesn't have intermediaries is wrong. Miners are intermediaries.
5b/ @angela_walch likes to make these controversial/brave claims. :)
e.g. The crypto world has a strong norm of:
"Crypto devs != fiduciaries"
and
"Crypto miners != intermediaries"
(Angela has pushed back on both.)
e.g. The crypto world has a strong norm of:
"Crypto devs != fiduciaries"
and
"Crypto miners != intermediaries"
(Angela has pushed back on both.)
5c/@angela_walch on how miners are intermediaries
-Only miners add new tx, and can change time/order
-Can front run (@phildaian's Flash Boys 2.0)
-Censor (Zcash pool @f2pool_official wasn't adding shielded tx b/c they didn't add that code)
-Rewind (@cz_binance's casual proposal)
-Only miners add new tx, and can change time/order
-Can front run (@phildaian's Flash Boys 2.0)
-Censor (Zcash pool @f2pool_official wasn't adding shielded tx b/c they didn't add that code)
-Rewind (@cz_binance's casual proposal)
5d/ @angela_walch with more on miners as intermediaries:
- How miners incentives change w/ L2 (see @paddypisa's homepages.cs.ncl.ac.uk/patrick.mccorr…)
- Also see @_prestwich's overview here: blog.keep.network/miners-arent-y…
- How miners incentives change w/ L2 (see @paddypisa's homepages.cs.ncl.ac.uk/patrick.mccorr…)
- Also see @_prestwich's overview here: blog.keep.network/miners-arent-y…
5e/ @angela_walch legal decisions are made w/ miners as *not* intermediaries:
- FinCEN doesn't think they're a money transmitter
- NY Bitlicense didn't categorize miners as such
And with miners *as* intermediaries:
- OFAC blacklisted Bitcoin addresses
- FinCEN doesn't think they're a money transmitter
- NY Bitlicense didn't categorize miners as such
And with miners *as* intermediaries:
- OFAC blacklisted Bitcoin addresses
5f/ @angela_walch w/ great convo at this point w/ @interfluidity @valkenburgh
- Should ISPs count as intermediaries? (Answer seems to be that they would get in trouble for OFAC addresses.)
- From FinCEN POV, does "adding tx" count as "accepting and transmitting" $$?
- Should ISPs count as intermediaries? (Answer seems to be that they would get in trouble for OFAC addresses.)
- From FinCEN POV, does "adding tx" count as "accepting and transmitting" $$?
5g/ @angela_walch with open research qs:
How differentiate intermediaries?
- Intermittent intermediaries. (Miners can only censor tx *some* of the time.)
- Multiple intermediaries. (Miners as part of governance process to determine forks.)
- Types (mining pools vs. cloud etc.)
How differentiate intermediaries?
- Intermittent intermediaries. (Miners can only censor tx *some* of the time.)
- Multiple intermediaries. (Miners as part of governance process to determine forks.)
- Types (mining pools vs. cloud etc.)
5h/ And more research questions from @angela_walch:
- To achieve outcomes, when should we trust game theoretical incentives vs. regulation?
- @avivz78 Should miners be regulated as critical infrastructure? (From cybersecurity POV.)
- To achieve outcomes, when should we trust game theoretical incentives vs. regulation?
- @avivz78 Should miners be regulated as critical infrastructure? (From cybersecurity POV.)
@angela_walch @Avivz78 6a/ @josephbonneau on Blockchains and Publicly-Verifiable Lotteries.
First up, this interesting (non-formal) consensus trilemma. I've never seen this before. It's a pretty way to conceptualize classic BFT vs. Round-Robin vs. PoW/PoS.
First up, this interesting (non-formal) consensus trilemma. I've never seen this before. It's a pretty way to conceptualize classic BFT vs. Round-Robin vs. PoW/PoS.
@angela_walch @Avivz78 @josephbonneau 6b/ @josephbonneau w/ a really interesting section on different options for "getting non-cryptographic randomness":
- Natural. (How hot is it?) Issue is different sensors.
- Trusted 3rd-party. (Random.org) Issue is trust. Just a company.
- Natural. (How hot is it?) Issue is different sensors.
- Trusted 3rd-party. (Random.org) Issue is trust. Just a company.
6c/@josephbonneau
-Viewable physical randomness. (Pulling lottery balls.) But can be attacked. (Lead balls.)
-Financial data. In US, lotteries were illegal until 1950. So organized crime did it. They used NSYE digits for randomness. (But can be attacked by messing w/ markets.)
-Viewable physical randomness. (Pulling lottery balls.) But can be attacked. (Lead balls.)
-Financial data. In US, lotteries were illegal until 1950. So organized crime did it. They used NSYE digits for randomness. (But can be attacked by messing w/ markets.)
@josephbonneau 6d/ @josephbonneau now looking at cryptographic randomness protocols. Good overview of options.
6e/ @josephbonneau with a *super clear* overview of the different kinds of VDFs.
a) You can take away V to get DF (just repeated hashing).
b) But if you want V, you can naively just SNARK the DF. (But super expensive.)
How do V better?
a) You can take away V to get DF (just repeated hashing).
b) But if you want V, you can naively just SNARK the DF. (But super expensive.)
How do V better?
6f/@josephbonneau w/ 3 options for V, all of which were co-invented June 2018: eprint #'s 601 623, 627. (!)
-Still snarky: eprint.iacr.org/2018/601.pdf
-Variants on repeated squaring, which is log(n) efficient to V by binary searching. eprint.iacr.org/2018/623.pdf eprint.iacr.org/2018/627.pdf
-Still snarky: eprint.iacr.org/2018/601.pdf
-Variants on repeated squaring, which is log(n) efficient to V by binary searching. eprint.iacr.org/2018/623.pdf eprint.iacr.org/2018/627.pdf
@josephbonneau 7/ @valkenburgh w/ a great synthesis of securities law from 1st principles.
- Regulation is NECESSARY if asset is bought for investment, not utility. (¬ bottom row)
- Regulation is JUST if we can find a "least cost avoider". A single issuer not a huge network. (¬ left column)
- Regulation is NECESSARY if asset is bought for investment, not utility. (¬ bottom row)
- Regulation is JUST if we can find a "least cost avoider". A single issuer not a huge network. (¬ left column)
