►
From YouTube: Video 4 of 6: Baseline Protocol v0.1 Privacy Deepdive
Description
The Baseline Protocol team takes you through the code of the v0.1 update.
Previous video: https://youtu.be/l3BDBNMnR_Q
Next video: https://youtu.be/2WXvTHR4_7Q
Go to https://baseline-protocol.org for more information.
A
Hi
everybody-
this
is
john
wolpert
kyle,
thomas
sam
stokes
and
karthik
sullivan
here
for
the
fourth
session
on
the
baseline
protocol.
V's
version
0.1
release
what
you
need
to
know
as
a
developer
as
a
contributor
as
a
user
or
as
a
as
an
extender
of
the
baseline
protocols.
Reference
implementation
be
0.1,
kyle
and
karthik
will
take
it
away.
Sam
and
I
are
going
to
be
asking
questions
sam's
going
to
be
watching
for
code.
A
That
would
not
be
obvious
to
a
normal
practitioner
and,
and
so
sam
you're
gonna
watch
out
for
that
and
ask
kyle
and
karthik,
where
you
see
stuff,
like
that
in
the
inline
code
and
I'll,
be
asking
some
architectural
questions
so
kyle
take
it
away.
B
All
righty,
so
I
think
today
for
today's
episode.
We
want
to
talk
about
a
little
bit
more
in
depth
around
the
privacy
package.
C
B
It
and
how
and
how
another
implementation
may
present
itself
beyond
just
the
socrates
service,
for
example,
zk,
sync
or
plonk
implementations,
dk
sync
could
could
be
useful
in
the
context
of
the
privacy
package
as
a
as
a
scaling
as
an
additional
provider
alongside
socrates,
to
help
with
with
scaling.
A
For
those
who
don't
know
is
is
a
a
is
a
circuit
development
tool
right
that
allows
you
to
take
a
business
logic
or
or
basically
code
and
turn
it
into
additional
subtraction
and
multiplication
right
so
that
you
can
so
that
a
zero
knowledge,
sur
zero
knowledge
process
can
validate
the
code
without
it
being
in
the
clear.
Is
that
a
fair
statement?
A
A
B
Yes,
yes,
it
is
sort
of
an
alternative
alternative
mechanism
to
doing
it
doing
setup
it's
more
of
like
a
setup
once
it's
more
it's
more
generic,
where,
like
socrates
circuits,
are
very
specific
to
the
use
case.
B
Potentially
you
know
the
circuits,
then
the
setups
that
we
would
run
in
in
like
a
dk
sync
context,
would
be
more
useful
in
in
a
generic
sense
of
the
you
know
of
the
word,
meaning
a
single
setup
could
be
used
for
like
we
might
have
a
set
up
for,
for
example,
the
radish
34
use
case.
A
Right
so
in
the
radish
34
for
people
who
don't
know,
there's
a
there's,
a
a
specialized
circuit
right
that
that
specifically
governs
the
relationship
of
purchase,
orders
to
a
discount
rate
table
make
sure
that
the
rate
table
is
correctly
formed
and
that
updates
to
the
to
the
right
like
as
you
as
you
order
new
stuff.
A
B
So
yeah
so
so
we're
looking
at
looking
at,
for
example,
the
proxy
con
contract
within
the
zk
stink
context.
You
know
one
one.
One
thing
that
we
have
been
looking
at
is
turning
this
proxy
contract
into
the
work
group
proxy.
B
A
work
group
proxy
contract
that
has
is
essentially
a
proxy
to
to
to
verify
our
contracts
per
per
identifier,
and
so
essentially
a
little
bit
of
refactoring
would
be
required
to
modify
like,
for
example,
the
upgradability
of
each
of
each
verifier,
where
each
each
verifier
is
a
target,
and
instead
of
instead
of
calling
set
target,
we
would
have
a
we
would.
C
B
An
additional
parameter
here
to
correspond
with
the
the
identifier
generated
by
the
privacy
package
and
similar
similarly
upgrade
target.
We
would
be
you
know
similarly,
settings
passing
in
data,
for
you
know
that
included
the
the
identifier
as
jennifer
as
generated
by
the
privacy
package
and
then
there's
this
default
fallback
function.
That
does
the
actual
delegate
call
into
you
know
into
the
into
the
appropriate
verifier.
B
Given
you
know,
given
that
the
call
data
core
you
know
is
compliant
with
the
baseline
protocol
message
that
we
that
we
discussed
before
and
in
having
that
you
know
not
only
the
shield
contract,
which
is
sort
of
you
can
sort
of
think
of
this
proxy
as
sort
of
the
shield
that
the
shield
address,
and
then
the
identifier
to
correspond
with
the
workflow
would
be
provided
with
a
call
of
that.
So
so
do
you
want
to
add
anything
here.
B
C
Yeah
definitely,
I
think
this
is
a
good
coverage
of
what
you
provided
kyle
I'll,
take
a
step
back
and
provide
some
context
around
how
verification
comes
into
picture
or
where
verification
plays
its
significance
and
in
in
doing
so
I'll.
Try
to
answer
even
sam's
question
that
you
posted
on
the
on
the
chat.
So
essentially,
what
we're
trying
to
do
over
here
in
this
process
is
with
the.
So
there
is
two
aspects
of
this:
that's
that's
in
play.
C
One
aspect
is
the
the
capability
or
the
functionality
to
generate
a
proof
where
proof
is
any
truth
about
a
business
statement
or
a
business
process,
for
example,
when
we're
talking
in
the
case
of
supply
chain,
as
it
was
implemented
in
radish,
one
of
such
business
documents,
which
marks
the
start
of
the
process,
is
say:
creating
an
agreement
or
creating
a
master
service
agreement,
so
the
truths
or
the
proofs
around
the
master
service
agreement
creation
would
be,
for
example,
checking
whether
or
not
that
master
service
agreement
is
being
signed
by
two
parties,
minimalistically
and
so
on.
C
Now
that
is
one
way
now.
That
is
a
proof
that
is
generated
now,
as
you
tag
along
more
proofs
say,
for
example,
there
are
subsequent
processes
following
msa
in
the
case
of
supply
chain,
for
example,
purchase
order
or
invoicing,
and
so
on.
Then
you
might
need
to
attach
more
proofs
that
are
are
contextual
to
that
particular
business
process,
just
like
how
msa
may
have
a
certain
business
proof
or
business
validation.
C
Similarly,
a
purchase
order
may
have
a
second
order,
so
to
speak,
validation
where
wherein
it
depends
on
the
fact
that
msa
has
been
proved
and
verified
and
then
subsequently
a
purchase
order
that
is
being
created,
for
example,
is
linked
to
that
particular
previous
proof.
That
is
one
sort
of
like
fundamental
basis
of
traceability
that
you
want
to
establish
between
one
process
going
to
the
next
now
coming
back.
One
step
from
there.
C
How
do
we
establish
that
on
the
mainnet?
That's
where
I
think
these
class
of
privacy
technologies
called
zero
knowledge
proofs
help.
Obviously,
there
are
many
other
encryption
methods
and
technologies
and
by
zkp
plays
a
prominent
role
over
here
is
that
it
provides
a
way
to
not
just
encrypt
data,
but
also
in
quote
unquote,
encrypt
logic.
C
So
whenever
there
is
a
business
logic
or
a
business
rule
associated
with
a
particular
data
element,
and
that
particular
logic
also
needs
to
be
proved
or
a
proof
that
needs
to
be
generated
based
on
that
particular
business
rule,
then
that's
where
I
think
the
strength
of
this
class
of
privacy
technologies
called
zkp's
come
into
picture
now,
as
kyle
was
covering.
The
socrates
is
one
such
tooling
or
library,
so
to
speak,
which
leverages
a
particular
type
of
zkp
called
zk
snarks
to
essentially
run
this
mechanics
of
generating
proofs.
C
C
This
is
that
there
can
be
different
types
of
such
providers
for
different
types
of
ckp
libraries
or
services
or
technologies
out
there
dislike
how
socrates
is
one
type,
the
the
part
that
zeke
around
zk
sync
and
plonk
that
kyle
was
covering
earlier,
have
some
other
variations
in
how
the
zkp
groups
come
by
the
kid
groups
are
generated,
so
karthik.
A
That
would
you
know
to
net.
That
would
be
that
that
were
future
proofing
and
if
one
particular
zero
knowledge
circuit
provider
or
system
or
protocol
were
to
no
longer
be.
You
know
the
future.
The
the
fact
that
we've
abstracted
this
will
allow
you
to
just
keep
up
with
the
times
correct.
A
C
Is
that
we
abstract
these
components
as
much
as
possible,
so
that
one
we
do
not
tie
ourselves
to
a
particular
tooling
or
a
particular
type
of
say
zkp,
even
like
you
know
not
tying
ourselves
to
just
z
case
knocks,
but
also
to
provide
a
way
for
the
community
to
say
that
it's
not
just
tied
to
one
type
of
zkp
solution.
You
can
keep
adding
other
types
of
zkp
solutions
too.
Now
that's
where
sam's
question
comes
into
picture.
In
what
scenario
would
you
use,
socrates
versus
say,
plonk
or
anything
else?
C
C
They
allow
you
to
to
do
to
run
this
proof
generation
for,
say
any
proof
circuits
like,
for
example,
sorry
any
any
business
logic
generally,
so
they
are
very
efficient
to
take
any
sort
of
arithmetic,
computation
or
a
logical
computation
and
create
a
proof
around
that.
C
These
the
specific
technologies
or
this
specific
class
of
technologies,
crudely
speaking,
is
they
are
efficient
at
doing
so,
but
now
in
the
in
there
are
some
other
technologies
out
there
like
bullet
groups
and
so
on,
where
they
focus
on
a
different
type
of
a
problem
where
the
focus
is
on
constraint,
checks
or
range
proof,
checks
and
so
on.
So
to
the
extent
that
a
particular
sort
of
a
business
problem
requires
a
certain
sort
of
privacy.
C
C
C
You
know
taking
inspiration
from
some
of
the
practices
that
are
being
used
by
zk,
sync
and
plonk
are
coming
into
picture.
A
So
I
see,
while
you
were
talking
karthik
and
thanks
for
that
I
mean
it
was
you
know
it's
good
that
we're
getting
this
on
video,
because
I'm
going
to
need
to
go
back
through
what
you
just
said
about
three
times
and
I'll
rock
it
from
there.
That's
pretty
deep
stuff.
I
think
you
know
it's
kind
of
instructive
that
we're
watching
kyle
actually
put
together
some
of
the
code
right
there
in
front
of
us
now,
sam.
I
think
you
had
a
couple
of
questions
right.
D
Yeah,
I
think
karthik
and
kyle
kyle
type
in
here
is
kind
of
addressing
what
I
was
asking
yeah
carter
gary
alluded
to
it,
but
yeah
one
of
the
questions
was:
do
you
envision
a
scenario
where
somebody
might
want
to
use
a
combination
of
zk
circuits,
so
you
could
where
you
could
could
potentially
have
like
a
zocrates
generated
circuit,
which
you
said
might
be
more
geared
towards
a
very
specific
set
of
business
logic
combined
with
another
zkp?
That's,
I
guess
better
geared
towards
being
generalized.
B
I
can
take
a
stab
at
that.
I
mean
I'd
love
to
hear
your
your
thoughts
too.
I
thought
it
might.
My
thought
is,
you
know
initially
it'll
be
very
much
you'll
pick
your
poison.
C
Yeah,
I
was,
I
was
just
saying
that,
like
as
kyle
was
pointing
out,
like
you
know,
it's
pretty
much
pick
a
circuit
for
a
type
of
a
problem,
so
it
sort
of
becomes
a
little
bit
of
a
solution.
Rather
the
the
the
issue,
not
issues
this,
it's
more
around
the
solution
of
which,
like
or
design
of
which
sort
of
circuit.
You
want
to
choose
for
a
certain
type
of
process.
C
C
But
you
don't
need
to
run
multiple
verifications
for
each
type
of
proof,
but
you
can
roll
them
up
into
one
verification
so
that,
even
if
you
have
a
composition
of
multiple
proofs
that
could
work,
but
then
that
would
mean
all
of
them
have
to
be
homogeneous.
Then
you
cannot.
We
cannot
switch
between,
like
you
know,
zk
circuit
here
and
a
long
circuit
there,
or
something
like
that.
Unless
there
is
an
initiative,
something
that
can
be
come
up
in
baseline,
maybe
to
like,
have
some
sort
of
a
proof,
composition,
method
which
will
work.
A
Right
and
karthik
that
would
that
would,
if
I
understand
it
correctly,
would
reduce
the
gas
costs
and
increase
the
the
amount
of
workflow
steps
that
can
be
handled
in
any
given
time
frame
on.
In
particular,
people
are
using
the
actual
main
net
as
their
common
frame
of
reference
right.
B
We
have
some
ideas.
We
have
some
ideas
to
reduce
gas
costs
even
in
the
sort
of
unoptimized
approach.
Oh.
A
Sure,
but
but
you
know
given
that
this
is
just
about
making
sure
people
understand
what
what
the
landscape
is
for
b0.1,
let's
stick
with
that,
but
actually
I'm
going
to
break
that
rule
right
now
by
asking
a
couple
of
questions
about
the
implications
of
the
current
code.
A
First
of
all,
I
think
right
now
the
generalized
circuit
that
we
already
went
through
in
the
previous
session
is
a
right
is
a
talent
that
we
went
through
that
in
session
one
or
two
that
is
two-party
right
now
correct
you
wouldn't
be
able
to
do
a
synchronization
between
records
in
three
or
more
three
or
more
parties.
Currently
right.
That's
that's
still
work
to
be
done.
A
Correct
so
so
two
questions,
one
is:
if
I
wanted
to
build
a
brand
new
circuit
right
for
some
specific
business
process,
maybe
I'm
a
regulator,
maybe
I'm
an
auditor-
or,
I
think,
would
know
some
things
about
that
teddy.
Why
you
know,
if
I'm,
if
I'm
trying
to
be
sure
that
there's
correctness
in
a
particular
piece
of
business
logic-
and
I
want
to
make
the
effort
of
adding
a
specialized
circuit-
not
just
use
the
generic
consistency
check
circuit.
A
Where
would
I
go?
What
would
I
do
and
you
might
take,
for
example,
just
how
would
you?
How
would
you
modify
the
the
current
work
to
create
something
that
works
for
three
or
more
parties?
C
So
the
question
is:
how
would
we
think
that,
or
rather,
if
they're
right
now
we're
talking
about
a
two-party
situation,
if
there
are
multiple
parties,
interacting
in
say
the
creation
of
an
agreement
or
say
the
approval
of
a
certain
process
or
or
anything
to
that
extent,
when
multiple
parties
inputs
need
to
be
taken
in
yeah.
A
Or,
for
example,
in
the
current
generic
one
right,
it's
just
then
the
consistency
right
so
but
right
now
it's
only
two
parties.
C
Okay,
so
I
it's
actually
a
very
good
question
in
general
as
to
how
would
we
solve
like
a
multi-party
signature
under
the
context
of
a
zero
knowledge
group?
I
think
one
way
to
do.
It
would
be
like
somewhat
more
at
a
proof
level,
in
the
sense
that
we,
the
proof
level,
has
an
at
the
circuit
level,
where
we
add
in
like
multiple
party
signatures,
like
as
a
part
of
the
inputs
to
the
document,
but
that's
basically
that
doesn't
exactly
it's.
C
It
solves
for
a
problem
where
the
number
of
parties
are
sort
of
finite,
but
the
thing
is
that
as
the
number
of
parties
grows
and
it's
indeterminate,
then
maintaining
such
a
circuit
or
having
like
a
general
circuit
or
general
business
logic
that
would
work
for
any
n.
Such
parties
is
it's.
It's
definitely
a
difficult
problem
at
this
point.
B
Web
circuits
is
where
these
these,
the
circuit
library
loads.
You
know,
I
think
we
would
probably
want
to
look
into
as
far
as
the
actual
solution,
something
around
multi-party
computation
in
terms
of
one
of
the
public
inputs
to
to
this
to
a
circuit
and
then
yeah,
it's
pretty
complicated.
I
would
say
I
would
say,
beyond
that,
a
multi-party
computation
could
be
probably
part
of
the
first
generation
process.
A
Yeah,
it
turns
out.
80
of
business
processes
are
bilateral,
but
there
are
some
notable
cases
where
they
are
multilateral,
where
at
least
the
consistency
needs
to
be
more
than
two
parties
right.
So
that's
definitely-
and
I
know
that
that's
on
our
roadmap-
and
it's
it's
not
it's
not
like
it's
weird
science
to
get
there.
A
It's
just
hard
work
right
and
and
choices
to
be
made,
but
I
think
it's
really
interesting,
and
actually
I'm
really
glad
to
have
this
piece
of
the
of
the
video
to
show
folks
I
mean
if
I
think
this
is
really
great.
What
you're
doing
right
now,
at
least
in
high
def
people,
should
be
able
to
see
the
the
where
the
where
they
should
be
going.
C
Well,
I
think
kyle
pointed
out
the
one
of
the
approaches,
one
of
the
one
of
the
approaches
that
has
been
considered
or
that
has
been
discussed.
I
think
even
sam
is
also
aware
of
this
around
using
ring
signatures
as
one
approach
to
be
able
to
sign
a
document
in
such
a
way
that
it's
a
it's
a
combination
of
multiple
user
inputs
or
like
multiple
private
keys
in
general.
C
I
think
that
could
be
like
that
is
a
definitely
a
good
approach.
The
whole
aspect
of
how
ring
signatures
would
effectively
transform
into
like
a
circuit
that
could
be
different.
That
is,
I
think,
still
still
under
way
a
cylinder,
I
would
say
still
under
construction,
but
in
terms
of
where
people
could
go
for
or
how
they
could
go
about.
This
is
one
very
simple
crude
way
is
to
take
a
create
agreement
circuit
and
just
add
multiple
signatures
to
it
and
keep
verifying
the
signatures
one
after
it's
very
crude.
It's
very
yeah.
C
Yeah,
there
is
a
better
approach.
There
are
better
approaches,
singling
signatures
are
one
approach
and
it
comes
along
with
ring.
There
is
still
work
to
be
done
in
terms
of
if
you
use
a
ring
signature.
How
do
you
verify
it
under
zero
knowledge
that
has
been
signed
by
n
number
of
at
least
m
of
n
parties
and
so
on
and
so
forth?
There
are
some
open
problems
out
there
and
I
believe
that
there
is.
C
Yeah
yeah,
then,
I'm
sure
that
there
must
be
some
solutions.
Also,
it's
a
matter
of
us
like
collaborating
further
in
this
community
and
reaching
out
to
all
the
good
effort
that
is
going
on
there.
A
Right
on
well:
let's,
let's
stop
here
on
this!
This
is
wonderful.
I
think
this
is
more
than
enough
for
folks
to
really
get
their
teeth
into
the
work,
and
I
think
it
gives
a
good
sense
of
where
the
layout
of
things
are.
So,
let's
move
on
to
just
let's
wrap
this
session
up.