So excited for the latest work threshold DSA work from @rgennaro67 and @sgoldfed, and humbled to make the motivating intro @keep_project. Huge protocol improvements in the pipe thanks to this!
You should give the paper a read, but the TL;DR for the cryptocurrency space is a stronger, "off-chain" approach to multisig that's indistinguishable from single-sig.
The approach by the same authors in 2018/19 meant an efficient approach to threshold ECDSA. But using it meant losing "identifiable abort"- knowing which participant refused to take part in a particular signature.
This might seem like a small change, but it is going to explode the design space we've explored in #tBTC, and hugely improve cross-chain communication between Bitcoin-era chains and newer technology. Better, faster, cheaper, safer- and with less collateral.
1/ Recently, a couple @keep_project and @nucypher community members reached out to broker a call. Two whirlwind weeks later, and the teams are putting a joint proposal in front of our communities.
The proposal? To join forces in the first on-chain protocol hard merge.
2/ What’s a hard merge?
@tbitls coined the term to describe two protocols merging into a third. It’s sort of like a hard spoon, but with multiple protocols coming together.
Both NuCypher and Keep are threshold cryptography networks. Both have off-chain actors that can custody parts of secrets and compute over them, giving on-chain contracts super powers.
Both communities value censorship resistance, privacy, and security — first.
2/ As far as I know, this release is the first permissionless, censorship-resistant Bitcoin bridge on Ethereum. Anyone can mint $tBTC by connecting to the Bitcoin and Ethereum chains, and no one can censor transactions or redemptions.
3/ Of course, censorship-resistance is on a spectrum. Today, there are ~67 signers powering the bridge- not 1000s. That number is increasing every hour, and I hope we'll see 500+ signers online before the end of the year.
What does a "fair launch" mean when the same players are showing up to mine liquidity, over and over? Fair to whom?
If a vanilla SHA-256 coin is launched and it accrues some modest value, it's a freebie for existing Bitcoin miners. The only real cost is the opportunity of the hashpower, but for them it's a drop in the bucket
Fair launches today in DeFi are a subsidy for whale LPs. A strong launch should bootstrap a new community or extend an existing one, not enrich the same 5 aggro DeFi hedge funds.
Minting tBTC on Ethereum's mainnet is a gas-heavy process. It involves a BLS-based random beacon 🔀 and cross-chain SPV proofs 🧑🔬 so you don't need to trust a central party for RNG or minting (!!!). Awesome, but expensive in terms of gas / blockspace 💰🔥
I've been thinking about "blind" staking — staking mechanisms that allow stakers to retain some amount of privacy.
It's a fun problem. Stakers deposit funds into some sort of anonymity pool. Stakers then prove they are in the pool as of some height, and are "eligible" for whatever the staking enables.
There's a wide pool design space. In a system like @keep_project, the funds don't need to be able to be transferred within the pool. They do, however, need to able to be burned by objective rules enforced across the pool.