►
From YouTube: Video 4 of 6: Baseline Protocol v0.1 Privacy Deepdive
Description
The Baseline Protocol team takes you through the code of the v0.1 update.
Previous video: https://youtu.be/l3BDBNMnR_Q
Next video: https://youtu.be/2WXvTHR4_7Q
Go to https://baseline-protocol.org for more information.
A
Hi
everybody-
this
is
john
wolpert
kyle,
thomas
sam
stokes
and
karthik
sullivan
here
for
the
fourth
session
on
the
baseline
protocol.
V's
version
0.1
release
what
you
need
to
know
as
a
developer
as
a
contributor
as
a
user
or
as
a
as
an
extender
of
the
baseline
protocols.
Reference
implementation
be
0.1,
kyle
and
karthik
will
take
it
away.
Sam
and
I
are
going
to
be
asking
questions
sam's
going
to
be
watching
for
code.
B
C
A
For
those
who
don't
know
is
is
a
a
is
a
circuit
development
tool
right
that
allows
you
to
take
a
business
logic
or
or
basically
code
and
turn
it
into
additional
subtraction
and
multiplication
right
so
that
you
can
so
that
a
zero
knowledge,
sur
zero
knowledge
process
can
validate
the
code
without
it
being
in
the
clear.
Is
that
a
fair
statement?
A
A
B
C
B
An
additional
parameter
here
to
correspond
with
the
the
identifier
generated
by
the
privacy
package
and
similar
similarly
upgrade
target.
We
would
be
you
know
similarly,
settings
passing
in
data,
for
you
know
that
included
the
the
identifier
as
jennifer
as
generated
by
the
privacy
package
and
then
there's
this
default
fallback
function.
That
does
the
actual
delegate
call
into
you
know
into
the
into
the
appropriate
verifier.
B
Given
you
know,
given
that
the
call
data
core
you
know
is
compliant
with
the
baseline
protocol
message
that
we
that
we
discussed
before
and
in
having
that
you
know
not
only
the
shield
contract,
which
is
sort
of
you
can
sort
of
think
of
this
proxy
as
sort
of
the
shield
that
the
shield
address,
and
then
the
identifier
to
correspond
with
the
workflow
would
be
provided
with
a
call
of
that.
So
so
do
you
want
to
add
anything
here.
B
C
Yeah
definitely,
I
think
this
is
a
good
coverage
of
what
you
provided
kyle
I'll,
take
a
step
back
and
provide
some
context
around
how
verification
comes
into
picture
or
where
verification
plays
its
significance
and
in
in
doing
so
I'll.
Try
to
answer
even
sam's
question
that
you
posted
on
the
on
the
chat.
So
essentially,
what
we're
trying
to
do
over
here
in
this
process
is
with
the.
So
there
is
two
aspects
of
this:
that's
that's
in
play.
C
Now
that
is
one
way
now.
That
is
a
proof
that
is
generated
now,
as
you
tag
along
more
proofs
say,
for
example,
there
are
subsequent
processes
following
msa
in
the
case
of
supply
chain,
for
example,
purchase
order
or
invoicing,
and
so
on.
Then
you
might
need
to
attach
more
proofs
that
are
are
contextual
to
that
particular
business
process,
just
like
how
msa
may
have
a
certain
business
proof
or
business
validation.
C
Similarly,
a
purchase
order
may
have
a
second
order,
so
to
speak,
validation
where
wherein
it
depends
on
the
fact
that
msa
has
been
proved
and
verified
and
then
subsequently
a
purchase
order
that
is
being
created,
for
example,
is
linked
to
that
particular
previous
proof.
That
is
one
sort
of
like
fundamental
basis
of
traceability
that
you
want
to
establish
between
one
process
going
to
the
next
now
coming
back.
One
step
from
there.
C
How
do
we
establish
that
on
the
mainnet?
That's
where
I
think
these
class
of
privacy
technologies
called
zero
knowledge
proofs
help.
Obviously,
there
are
many
other
encryption
methods
and
technologies
and
by
zkp
plays
a
prominent
role
over
here
is
that
it
provides
a
way
to
not
just
encrypt
data,
but
also
in
quote
unquote,
encrypt
logic.
C
So
whenever
there
is
a
business
logic
or
a
business
rule
associated
with
a
particular
data
element,
and
that
particular
logic
also
needs
to
be
proved
or
a
proof
that
needs
to
be
generated
based
on
that
particular
business
rule,
then
that's
where
I
think
the
strength
of
this
class
of
privacy
technologies
called
zkp's
come
into
picture
now,
as
kyle
was
covering.
The
socrates
is
one
such
tooling
or
library,
so
to
speak,
which
leverages
a
particular
type
of
zkp
called
zk
snarks
to
essentially
run
this
mechanics
of
generating
proofs.
C
A
A
C
Is
that
we
abstract
these
components
as
much
as
possible,
so
that
one
we
do
not
tie
ourselves
to
a
particular
tooling
or
a
particular
type
of
say
zkp,
even
like
you
know
not
tying
ourselves
to
just
z
case
knocks,
but
also
to
provide
a
way
for
the
community
to
say
that
it's
not
just
tied
to
one
type
of
zkp
solution.
You
can
keep
adding
other
types
of
zkp
solutions
too.
Now
that's
where
sam's
question
comes
into
picture.
In
what
scenario
would
you
use,
socrates
versus
say,
plonk
or
anything
else?
C
C
These
the
specific
technologies
or
this
specific
class
of
technologies,
crudely
speaking,
is
they
are
efficient
at
doing
so,
but
now
in
the
in
there
are
some
other
technologies
out
there
like
bullet
groups
and
so
on,
where
they
focus
on
a
different
type
of
a
problem
where
the
focus
is
on
constraint,
checks
or
range
proof,
checks
and
so
on.
So
to
the
extent
that
a
particular
sort
of
a
business
problem
requires
a
certain
sort
of
privacy.
C
A
So
I
see,
while
you
were
talking
karthik
and
thanks
for
that
I
mean
it
was
you
know
it's
good
that
we're
getting
this
on
video,
because
I'm
going
to
need
to
go
back
through
what
you
just
said
about
three
times
and
I'll
rock
it
from
there.
That's
pretty
deep
stuff.
I
think
you
know
it's
kind
of
instructive
that
we're
watching
kyle
actually
put
together
some
of
the
code
right
there
in
front
of
us
now,
sam.
I
think
you
had
a
couple
of
questions
right.
D
Yeah,
I
think
karthik
and
kyle
kyle
type
in
here
is
kind
of
addressing
what
I
was
asking
yeah
carter
gary
alluded
to
it,
but
yeah
one
of
the
questions
was:
do
you
envision
a
scenario
where
somebody
might
want
to
use
a
combination
of
zk
circuits,
so
you
could
where
you
could
could
potentially
have
like
a
zocrates
generated
circuit,
which
you
said
might
be
more
geared
towards
a
very
specific
set
of
business
logic
combined
with
another
zkp?
That's,
I
guess
better
geared
towards
being
generalized.
B
C
Yeah,
I
was,
I
was
just
saying
that,
like
as
kyle
was
pointing
out,
like
you
know,
it's
pretty
much
pick
a
circuit
for
a
type
of
a
problem,
so
it
sort
of
becomes
a
little
bit
of
a
solution.
Rather
the
the
the
issue,
not
issues
this,
it's
more
around
the
solution
of
which,
like
or
design
of
which
sort
of
circuit.
You
want
to
choose
for
a
certain
type
of
process.
C
But
you
don't
need
to
run
multiple
verifications
for
each
type
of
proof,
but
you
can
roll
them
up
into
one
verification
so
that,
even
if
you
have
a
composition
of
multiple
proofs
that
could
work,
but
then
that
would
mean
all
of
them
have
to
be
homogeneous.
Then
you
cannot.
We
cannot
switch
between,
like
you
know,
zk
circuit
here
and
a
long
circuit
there,
or
something
like
that.
Unless
there
is
an
initiative,
something
that
can
be
come
up
in
baseline,
maybe
to
like,
have
some
sort
of
a
proof,
composition,
method
which
will
work.
A
B
A
First
of
all,
I
think
right
now
the
generalized
circuit
that
we
already
went
through
in
the
previous
session
is
a
right
is
a
talent
that
we
went
through
that
in
session
one
or
two
that
is
two-party
right
now
correct
you
wouldn't
be
able
to
do
a
synchronization
between
records
in
three
or
more
three
or
more
parties.
Currently
right.
That's
that's
still
work
to
be
done.
A
Correct
so
so
two
questions,
one
is:
if
I
wanted
to
build
a
brand
new
circuit
right
for
some
specific
business
process,
maybe
I'm
a
regulator,
maybe
I'm
an
auditor-
or,
I
think,
would
know
some
things
about
that
teddy.
Why
you
know,
if
I'm,
if
I'm
trying
to
be
sure
that
there's
correctness
in
a
particular
piece
of
business
logic-
and
I
want
to
make
the
effort
of
adding
a
specialized
circuit-
not
just
use
the
generic
consistency
check
circuit.
A
C
Okay,
so
I
it's
actually
a
very
good
question
in
general
as
to
how
would
we
solve
like
a
multi-party
signature
under
the
context
of
a
zero
knowledge
group?
I
think
one
way
to
do.
It
would
be
like
somewhat
more
at
a
proof
level,
in
the
sense
that
we,
the
proof
level,
has
an
at
the
circuit
level,
where
we
add
in
like
multiple
party
signatures,
like
as
a
part
of
the
inputs
to
the
document,
but
that's
basically
that
doesn't
exactly
it's.
C
It
solves
for
a
problem
where
the
number
of
parties
are
sort
of
finite,
but
the
thing
is
that
as
the
number
of
parties
grows
and
it's
indeterminate,
then
maintaining
such
a
circuit
or
having
like
a
general
circuit
or
general
business
logic
that
would
work
for
any
n.
Such
parties
is
it's.
It's
definitely
a
difficult
problem
at
this
point.
B
Web
circuits
is
where
these
these,
the
circuit
library
loads.
You
know,
I
think
we
would
probably
want
to
look
into
as
far
as
the
actual
solution,
something
around
multi-party
computation
in
terms
of
one
of
the
public
inputs
to
to
this
to
a
circuit
and
then
yeah,
it's
pretty
complicated.
I
would
say
I
would
say,
beyond
that,
a
multi-party
computation
could
be
probably
part
of
the
first
generation
process.
A
Yeah,
it
turns
out.
80
of
business
processes
are
bilateral,
but
there
are
some
notable
cases
where
they
are
multilateral,
where
at
least
the
consistency
needs
to
be
more
than
two
parties
right.
So
that's
definitely-
and
I
know
that
that's
on
our
roadmap-
and
it's
it's
not
it's
not
like
it's
weird
science
to
get
there.
A
It's
just
hard
work
right
and
and
choices
to
be
made,
but
I
think
it's
really
interesting,
and
actually
I'm
really
glad
to
have
this
piece
of
the
of
the
video
to
show
folks
I
mean
if
I
think
this
is
really
great.
What
you're
doing
right
now,
at
least
in
high
def
people,
should
be
able
to
see
the
the
where
the
where
they
should
be
going.
C
Well,
I
think
kyle
pointed
out
the
one
of
the
approaches,
one
of
the
one
of
the
approaches
that
has
been
considered
or
that
has
been
discussed.
I
think
even
sam
is
also
aware
of
this
around
using
ring
signatures
as
one
approach
to
be
able
to
sign
a
document
in
such
a
way
that
it's
a
it's
a
combination
of
multiple
user
inputs
or
like
multiple
private
keys
in
general.
C
I
think
that
could
be
like
that
is
a
definitely
a
good
approach.
The
whole
aspect
of
how
ring
signatures
would
effectively
transform
into
like
a
circuit
that
could
be
different.
That
is,
I
think,
still
still
under
way
a
cylinder,
I
would
say
still
under
construction,
but
in
terms
of
where
people
could
go
for
or
how
they
could
go
about.
This
is
one
very
simple
crude
way
is
to
take
a
create
agreement
circuit
and
just
add
multiple
signatures
to
it
and
keep
verifying
the
signatures
one
after
it's
very
crude.
It's
very
yeah.
C
Yeah,
there
is
a
better
approach.
There
are
better
approaches,
singling
signatures
are
one
approach
and
it
comes
along
with
ring.
There
is
still
work
to
be
done
in
terms
of
if
you
use
a
ring
signature.
How
do
you
verify
it
under
zero
knowledge
that
has
been
signed
by
n
number
of
at
least
m
of
n
parties
and
so
on
and
so
forth?
There
are
some
open
problems
out
there
and
I
believe
that
there
is.