- Pseudoanonymity breaks down when transaction amounts are known
- Confidential Transactions: makes the transaction amounts private, while preserving the ability of the public network to verify that the ledger entries still add up
- Possible due to homomorphic commitments (Pedersen commitment): commitments that can be added (the sum of a set of commitments is the same as a commitment of the sum of the data)
- Proof of Stake offers:
- Explicit Economic Security: has flexibility to design explicit penalties for Byzantine behaviour (rather than just energy or hardware costs); cost of damage is a proxy for security
- Repeated attacks in PoS are much more costly: as if "your ASIC farm burned down" with each round
- Mitigation of Centralization: mitigates economies of scale that exist in PoW consensus
- Lower energy costs: substitutes realized costs (non-reversible, e.g. power and depreciation) with potential economic value-at-loss (risk of slashing)
- Explicit Economic Security: has flexibility to design explicit penalties for Byzantine behaviour (rather than just energy or hardware costs); cost of damage is a proxy for security
- Issuance costs:
- Internalized costs: PoW miners pass them on to holders
- Externalized costs: environmental and governmental costs
- PoS has much lower issuance costs (and may even reach negative if there are enough tx fees and penalties)
- Casper establishes explicit finality (as opposed to probablistic)
- Explicit finality enables maintaining network security when sharding is introduced
- Design principles:
- Economics to design behaviour
- Maximize cost of attack
- Public (social) cost-benefit, not just private
- Prevent economies of scale
- network security is derived from "skin in the game"
- Design for oligopolies
- Accountable safety (attribute faults to bad actors)
- Plausible liveness (avoid "blocks")
- Minimal synchronicity assumptions (validators can deliberately go offline)
- Decentralized things should be able to regenerate (recoverable from last node standing)
- Disincentivize censorship
- Challenges:
- Nothing-at-stake: during forks, optimal strategy for validators is to validate every chain
- Long range attack: rewrite the entire chain's history; problematic because PoS isn't secured by time-intensive operations
- Criticisms:
- Adverse selection: potentially large risk to participate, so participants will likely be ones with more to gain via some advantage or attack
- Rich get richer: PoS is actually more egalitarian than PoW due to economies of scale in PoS
- 3 Es of Sybil resistence:
- Entry Cost
- Existence Cost
- Exit Penalty
- "Blockchain architecture is mechanism design for oligopolistic markets" -- Vlad Zamfir
- Social scalability: ability of an institution (relationship or shared endeavor) to overcome shortcomings in human minds in determining who or how many can successfully participate
- All about human limitations!
- How does technology constrain or motivate participation in an institution?
- Extra benefits of new person joining - expected costs and harms to other participants
- Technology: moving function from mind to paper or mind to machine, lowering cognitive costs while increasing the value of information flowing between minds, lowering the cost of discovering new participants
- "Civilization advances by extending the number of important operations which we can perform without thinking about them" -- Alfred North Whitehead
- Trust-minimized: reducing the vulnerability of participants to each other's and to outsiders' and intermediaries' potential for harmful behaviour
- Nothing can completely remove all vulnerabilities: trustless is a misnomer (easy to use though)
- Internet: all about matchmaking, baby
- Markets: removing trust in other's altruism but incentivising them to work on our behalf
- Pricing: monopolizing collective intelligence for costs and demands
- Blockchains: trust minimization
- Bitcoin: computationally expensive, but institutionally (socially) cheap
- Scalable markets and prices require scalable money, and scalable money comes from scalable security
- "Lawyers are costly. Regulation is to the moon."
- "Typical computers are computational etch-a-sketch, while blockchains are computational amber"
- "Public blockchains are automated, secure, and global, but identity is labor-intensive, insecure, and local."
- We are limited by our minds; we require redesigned institutions that take advantage of social technological advances
- On chain governance has a number of upsides, e.g. evolves rapidly inside the protocol, not informal and has due process, can impose arbitrary performance requirements for nodes without economic centralization
- Blockchain governance:
- Decision function: inputs are a bunch of decisions / opinions from people; output is decision
- Coordination: governance in layers, where bottom-most is truth, but it can be influenced from above (i.e. coordination institutions that create focal points around how and when individuals should act to coordinate)
- Coordination flags (in coordination games): everyone's watching a signal to do the same things as others; incentivized into mob behaviour because most beneficial (e.g. charging into battle)
- Key questions concerning governance:
- What should the bottom layer be, e.g. what is the "truth" layer, and what parameters / levers can we manipulate in it?
- What should layer 2, i.e. coordination institutions, be?
- Where should voting occur? Layer 1? Layer 2?
- Voting has a lot of bribing vulnerabilities, and so to have things committed automatically via threshold voting may be dangerous
- Think about multifactor systems; e.g. using voting and dev team voice as signals
- Voting is a competitive game
- What would cooperative governance look like?
- Work with others to achieve a shared outcome
- Default mode is failure, so bias is towards action
- Work with others to achieve a shared outcome
- Using NiPoPoW / NiPoPoS to prove transactions across chains (to transfer funds across sidechains)
- Gist of PoPoW: only 1/(2^n) blocks will exist in the chain given n and total number of blocks N such that there are 2^n partitions in the blockhashes in N
- If we choose n large enough, there will only be a small amount number of blocks that should exist within N that maintain the property of existing within a certain partition
- For ~400k blocks, if we choose n = 15, there should only be about 10 blocks with this property
- Frontrunning
- Transactions can be front-runned! Any secrets getting exposed in a transaction (e.g. to solve a puzzle) can be detected and mined earlier by someone else (or a miner)
- Solution: use blind commitments (e.g. ENS: first give hash bids, then later reveal)
- Malicious Wrappers
- Contracts can be constructed to "wrap" existing contracts, potentially avoiding conditions set out in the original contracts (e.g. lock-in periods for tokens)
- Solution: case-by-case, but can be difficult. For some use cases, simply ensuring that users are not smart contracts can be enough (done by asking for a signature that can be checked via
ecrecover: contracts can never own private keys, and hence they cannot create signatures)EXTCODESIZEwill not work if a call happens from a constructor: be aware (it returns 0)!