►
From YouTube: Devcon VI Bogotá | The cold forest stage - Day 4
Description
Official livestream from Devcon VI Bogotá.
For a decentralized version of the steam, visit: https://live.devcon.org
Devcon is an intensive introduction for new Ethereum explorers, a global family reunion for those already a part of our ecosystem, and a source of energy and creativity for all.
Agenda 👉 https://devcon.org/
Follow us on Twitter 👉 https://twitter.com/EFDevcon
A
A
A
A
A
A
A
A
A
A
A
A
A
A
A
A
A
A
A
A
A
A
A
A
A
A
A
A
A
A
A
A
A
A
B
B
B
B
B
We
are
very
exciting
for
this,
for,
for
the
last
day,
in
depcon
talk,
we
have
a
Skyline
privacy
with
Nightfall
and
a
Starlight.
We
are
having
two.
D
Paul
Brody
I'm
the
global
blockchain
leader
at
ey,
I'm
delighted
to
be
here.
This
is
my
third
Devcon
and
it's
very
nice
to
be
here
on
the
last
day
without
like
a
little
typhoon
bearing
down
on
us
as
well.
So
I
only
have
a
few
sessions.
I
want
to
give
all
the
time
to
my
co-star
chitanya
as
much
as
possible.
I
want
to
take
just
a
couple
minutes
to
talk
about
a
little
set
this
up
right
and
you
know
it's
good
to
see
the
Hardy
crowd
here.
10
a.m
on
a
Friday
morning.
D
Right,
that's
that's
not
when
you
expect
most
people
to
be
fully
awake.
So
what
is
the
point
of
privacy
right,
financial
and
Industrial
use
cases?
Privacy
is
fundamentally
essential,
right,
I
think
you
know
we
talk
a
lot
about
the
value
privacy
in
the
world
of
blockchain.
We
don't
actually
do
a
lot
about
it,
but
if
you
serve
large
companies,
we
do
a
few
Enterprises.
What
you'll
discover
pretty
quickly
is
that
most
of
the
things
that
enterprises
do
aren't
suitable
for
fully
public
consumption
right.
D
They
don't
publish
their
contracts,
they
don't
tell
people
how
much
they're
buying
they
do
in
the
in
the
aftermath
right,
they
publish
their
financial
statements,
but
they
won't
tell
you
in
advance
exactly
what's
going
on
at
the
time
and
they
don't
want
to
disclose
what
they're
buying,
how
much
they're
paying
for
it.
So
privacy
is
really
essential
and
one
of
the
things
that
a
lot
of
people
don't
realize
is
that
you
really
need
actually
two
kinds
of
privacy.
D
You
need
one
kind
of
privacy
which
is
to
represent
digital
assets
or
physical
assets
to
tokens
right,
but
then
you
need
a
second
kind
of
privacy
to
represent
the
business
agreements
that
move
tokens
between
Enterprise
is
right.
At
the
end
of
the
day,
every
business
agreement
boils
down
to.
One
party
has
money,
the
other
party
has
stuff
and
they're
exchanging
them
under
the
terms
of
some
kind
of
agreement
right.
D
So
in
theory,
if
you
can
represent
the
money
and
the
stuff
as
tokens,
and
you
can
move
them
around
with
privacy-
and
you
can
represent
the
business
Logic
the
rules
of
that
exchange
with
privacy,
then
you
can
pretty
much
manage
and
operate
any
kind
of
business
process
on
a
public
blockchain
and
for
those
of
you
who
don't
know
at
ey,
we
are
fanatically
committed
to
public
blockchains
right,
that's
really
not
just
public
blockchain,
but
very
specifically
to
ethereum.
We
only
build
on
ethereum
right.
We
only
build
on
ethereum.
We
only
build
on
public
blockchains.
D
That's
been
our
policy
for
many
years
now,
so
we've
got
one
piece
of
this
puzzle.
It's
called
Nightfall
Nightfall
allows
you
to
move
tokens
around
it's
currently
in
in
beta
on
the
test
net.
We
will
be
in
production
one
way
or
another
at
some
point
in
the
very
near
future,
and
that
allows
you
to
put
things
into
a
shield
contract.
In
the
sense
it's
it's
a
little
bit
like
Z
cash,
but
for
any
kind
of
fungible
or
non-fungible
asset.
D
The
second
thing
that
we're
building
on
and
the
thing
that
my
colleague
shitanya
is
going
to
talk
a
lot
about
today
is
how
is
both
the
combination
of
Nightfall
and
starlight
and
you're
mostly
going
to
talk
about
Starlight
right
right,
so
Starlight
allows
us
to
do
something
pretty
useful
and
clever,
which
is
to
make
business
logic
private
on
the
public
blockchain,
and
this
is
the
really
hard
thing
we.
We
spent
a
lot
of
time.
Thinking
about
this
right,
it
it's
really
hard
to
teach
developers
to
use
Socrates.
D
How
many
of
you
use
Socrates
it's
hard
right,
it's
really
hard,
but
there's
an
easier
way,
which
is
what
if
we
could
make
a
compiler.
So
you
could
just
mark
up
a
standard
solidity,
smart
contract
and
then
recompile
it
as
a
zero
knowledge
circuit,
and
then
you
could
run
it
on
the
main
net
or
on
a
layer
two,
then
you
would
have
a
really
simple,
straightforward
way
and
a
scalable
way
to
have
secure
Private,
Business
Logic
on
the
public
ethereum
ecosystem.
So
that
is
our
strategic
goal.
D
It's
nothing
short
in
my
opinion
than
trying
to
completely
transform
how
the
entire
world
does
business
by
moving
Enterprise
transactions
from
private
blockchains
or
private
systems
onto
public
ethereum,
but
with
the
kind
of
privacy
that
enterprises
need.
D
I
just
want
to
close
out
by
saying
that
both
Nightfall
and
starlight
are
in
the
public
domain
right,
we're
a
large
company,
so
people
are
sometimes
a
little
suspicious
of
what
it
is
we're
doing
right.
Everything
that
we
have
done
is
in
the
public
domain.
We
have
relinquished
our
ownership
rights
to
it.
It's
not
just
open
source,
it
is
fully
public
domain
right
and
so
there's
a
lot
of
stuff.
That
still
needs
to
be
done.
We
are
always
looking
for
help
in
this.
D
We
are
trying
to
build
a
true
open
source
ecosystem
around
industrializing
and
scaling
privacy
with
that
I
am
going
to
hand
over
to
the
true
star
of
this
presentation,
which
is
chitanya
Kanda.
She
is
one
of
the
heads
of
our
research
organization
and
has
been
working
on
both
Starlight
and
Nightfall
for
six
years
now,
I
think
yeah,
six
years,
like
that's
real,
real
effort.
Please.
E
Thank
you,
Paul
I'm,
Titania
and
I
work
in
ui's
R
D
team
as
an
applied
cryptographer
before
we
begin
I'd
like
to
mention
Miranda,
Wood
and
swathi
Ravel,
both
of
whom
are
not
here
today
to
present
this,
but
have
been
putting
immense
work
and
effort
to
bring
it
to
where
it
is
today.
E
E
That
is
just
not
practical,
because,
as
ey,
we
need
to
be
able
to
churn
out
private
applications
at
a
much
quicker
rate
than
the
developers
can
actually
learn,
and
that's
pretty
much
one
of
the
reasons
why
Starlight
was
born.
But
in
order
to
do
that,
you
now
need
people
who
are
experienced
in
writing.
Xenology
proof
circuits
that
itself
is
another
problem,
because
the
number
of
people
who
can
do
that
today
is
very
very
few.
E
E
First
thing:
we've
only
realized
after
actually
building
this
application
is
that
it
did
something
a
lot
more
crucial
in
order
to
build
private
applications.
Now
it's
pretty
much
instantaneous
in
the
fact
that
the
amount
of
time
it
takes
you
to
create
private
applications
is
the
amount
of
time
it
would
take
you
to
write
a
solidity
smart
contract
and
modify
it
a
bit
and
that's
it
instantaneously.
You
have
private
applications
ready.
E
Most
importantly,
what
we've
also
realized
with
an
r
d
is
that
as
a
bunch
of
people
who
were
hired
to
be
smart
and
to
do
smart
work,
we've
not
done
very
smart
choices,
because
essentially,
what
we've
done
is
we
automated
our
jobs?
What
do
we
do
now?
Well,
sadly,
I
think
Paul
had
that
today,
so
he
might
or
might
not
have
realized
that
until
now,
but
there's
no
going
around
it
anymore,
very
smart
again.
E
Now
how
does
Starlight
work?
You
take
a
solidity
smart
contract
and
we
pick
solidity
because
it's
the
most
popular
programming
language
that
blockchain
developers
know
today
you
take
a
solid,
easy,
smart
contract
and
then
you
mark
certain
parts
of
the
smart
contract
private
and
then
you
create
this
other
contract,
called
smart
contract
or
zero
knowledge
proof
compatible
with
smart
contract,
and
you
take
that
decorated
small
contract
and
when
you
call
zapify
zapify
stands
for
zero
knowledge,
apify
private
app.
If
I
is
pretty
much
what
it
can
raise.
E
Essentially
what
you
have
are
contracts
contracts
that
hold
the
private
business
logic
in
terms
of
proof
verifications,
and
then
you
have
circuits
which
have
a
bunch
of
statements
that
you
then
have
to
generate
a
proof
with,
and
then
you
have
what
we
called
Timber
now
Timber
is
another
ey
product.
That
is
actually
one
of
our
best
work.
In
fact,
what
Timber
is?
E
Is
it
a
Markle
tree
that
holds
as
Leaf
commitment,
Leaf
nodes
commitments
to
values
that
you
would
like
to
have
private
and
the
best
part
of
it
is
that
on
Smart
Con
on
on
chain?
All
you
store
is
the
root
of
this
Markle
tree
you're,
not
storing
any
of
the
leaf
nodes,
none
of
the
commitments,
but
you
also
store
what
we
call
a
frontier.
E
The
front
here
is
a
bunch
of
nerds
at
various
Heights
of
this
tree,
which
is
used
to
compute
the
root
in
a
much
more
efficient
way
than
you
can
traditionally
compute
today
in
a
Markle
tree
and
the
leaf
nodes
which
hold
the
commitments,
the
intermediate
nodes
of
the
Markle
tree
and
the
root
itself
are
held
inside
a
local
database
which
is
listening
to
the
blockchain
events
from
Timber.
So
that's
what
Timba
does
timber
has
a
list
of
private
States?
E
Essentially,
and
then
you
have
a
blockchain
client
which
will
be
used
to
do
transactions
of
Starlight
you,
you
use
a
blockchain
client
to
send
those
transactions,
and
then
you
have
Socrates
now.
Socrates
is
a
tool
that
lets
you
create
right
circuits,
compile
them
create
trusted
setup
of
these
circuits.
E
If
you're
using
a
trusted,
setup
related
stuff,
and
then
you
can
generate
proofs
with
it
as
well
as
do
off-chain
verification,
which
is
not
too
relevant
for
us,
because
we
do
on-chain
verification
and
then
finally,
we
also
create
test
end-to-end
tests
that
show
the
entire
application
or
private
application
working.
So
it
has
to
call
the
contracts,
generate
the
proofs
from
the
circuit
and
then
give
you
the
final
end
state.
E
Now
what
it
is
that
we
do
by
taking
a
plain,
vanilla,
solidity:
smart
contract,
you
need
to
use
certain
keywords
to
specify
what
parts
of
logic
needs
to
be
private
and
what
kind
of
lot
business
logic
do
you
actually
want
to
hide,
and
in
order
to
do
that,
we
have
three
keywords
that
we
use.
The
first
one
is
Secret
is
used
on
any
state
variable
that
is
meant
to
be
private
or
the
value
of
which
has
to
be
confidential.
E
So
any
value
that
is
held
inside
a
commitment
is
not
visible
to
the
outside
world,
only
visible
to
the
people
who
can
open
the
commitment,
and
it's
bound
to
that
value
too.
So
you
have
to
create
a
commitment
of
whichever
it
is
that
the
state
variable
that
is
declared
as
secret
now
to
take
a
quick
look
at
the
example
here
you
have
a
very
basic
example:
you
have
a
state
variable
called
X.
E
You
declare
that
to
be
a
secret,
so
which
means
any
value
that
is
held
inside
X
has
to
be
secret
to
the
outside
world
can
only
be
visible
to
the
owners
of
that
commitment,
and
then
you
have
a
function
called
add
which
takes
in
as
its
parameter
a
variable
called
Y,
which
is
also
meant
to
be
secret.
So
what
ad
does
it?
It
increments?
E
E
So
the
next
keyword
that
we
have
is
is
called
known.
This
secret
State
variables
are
useless
if
all
they
do
is
hold
the
variable
and
do
nothing.
What
you
need
to
be
able
to
do
is
to
actually
make
changes
to
these
variables.
You
need
to
be
able
to
update
them,
but
the
question
becomes:
who
can
update
them?
Should
it
be
the
owners
of
these
commitments,
or
should
it
be
other
people
too,
and
there
are
instances
where
you
need
both
of
those
situations?
E
E
So
that
just
does
not
reveal
which
commitment,
you're
actually
using
then
you'd
actually
have
to
show
that
you
can
change
that
commitment.
By
proving
that
you
know
the
secret
key
of
the
public
key
that
is
used
within
the
commitment
and
that
public
key
essentially
refers
to
the
owner
of
the
commitment
right.
Then
you
will
have
to
nullify
the
old
commitment
by
creating
a
nullifier,
and
then
you
would
have
to
create
a
new
commitment
which
holds
the
updated
stage,
which
is
X
Plus
Y
in
in
place
of
X.
E
E
Plus
Y
is
defined
as
known,
essentially,
what
you're
doing
is
you're
creating
all
of
these
statements,
which
will
then
be
generated
as
proof
and
the
only
person
who
can
create
that
would
be
the
owner
of
the
commitment
to
begin
with,
and
then
you
have
unknown
now
unknown
is
the
opposite
of
exactly
what
known
is
so
known
was
someone
who
owns
it?
Making
changes
to
it
unknown
is
someone
who
does
not
own.
This
commitment
should
also
be
able
to
contribute
to
the
value
of
that
state.
E
E
So
if
you
want
to
know
the
exact
value
of
that
secret
variable,
that
does
not
come
from
one
commitment,
but
it
comes
from
the
summation
of
all
of
the
part
commitments
and
these
part
commitments
themselves
can
be
seen
as
utxo
like
nodes
that
can
then
be
individually
used
to
move
around.
So
that's
what
part
commitment
does
and
to
take
a
quick
look
at
how
that
will
work.
We
have
an
example
again
here,
a
slightly
different
example:
you
have
a
secret
variable
which
is
called
balances,
which
is
a
mapping.
E
It's
a
mapping
from
addresses
to
the
balance
amount.
You
have
two
functions,
one
is
deposit.
Whoever
calls
deposit
is
going
to
be
able
to
increment
their
balance
by
the
set
amount,
and
then
you
have
transfer
and
whoever
calls
transfer
will
transfer
a
certain
amount
from
their
balance
to
somebody
else.
E
What
I
want
you
to
notice
here
is
that
just
the
yellow
bits
of
the
code,
so
you're
declaring
balances
to
be
secret,
which
means
you
want
no
one
to
understand
whose
balance
is
how
much
and
then
you
have
the
function,
parameters,
amount
and
recipient
to
be
secret.
So
if
you
want
to
do
a
transfer
to
a
certain
user,
a
recipient
and
it's
by
a
certain
amount,
we
want
both
of
those
to
be
secret
too,
so
those
will
become
private
inputs
to
your
proofs.
E
Finally,
the
last
table,
where
you
see
unknown
balances-
that's
the
other
bit.
So
the
way
our
known
works
is
by
creating
part
commitments
and
that
particular
statement
you
will
notice
that
you're
incrementing
the
balance
of
somebody
else,
not
your
own
balance.
That's
why
you
need
to
frame
it
as
unknown
instead
of
calling
it
known
and
the
compiler
will
be
able
to
create
part
commitments
instead
of
throwing
an
error
at
you
very
quickly.
I
keep
talking
about
commitments
just
want
to
talk
about
what
commitment
actually
holds
for
your
normal
variables.
E
Well,
you
can't
see
what's
happening
there,
but
I
will
tell
you
it's
about
it's.
This
mapping
kind
of
state
variable,
which
holds
balances
that
are
mapped
from
address
to
the
balance
amount.
It's
essentially
in
that
situation,
there's
a
slight
change
where
the
first
part
of
that
hash
has
the
state
variable
ID
and
the
mapping
key,
which
in
this
case,
will
be
the
address
of
who's
ever
balance.
E
It
is,
and
you
hash
them
together,
and
that
becomes
the
first
part
of
the
commitment
structure,
and
that
is
literally
how
the
commitment
structures
work
now
in
terms
of
the
various
steps
that
we
go
through
to
actually
have
the
completed
private
application.
These
are
the
steps.
First,
you
will
take
the
solidity
smart
contract,
which
is
the
solidity
smart
contract
with
the
keywords
added
to
it
by
the
developers.
You
then
syntax
verify
it.
There
will
be
various
cases
where
developers
would
not
use
the
keywords.
E
The
right
way
and
you'd
have
to
be
able
to
throw
errors
and
warnings
at
it
and
install.
It
is
smart
enough
to
be
able
to
show
that
then.
The
first
step
is
to
actually
remove
the
keywords
that
you
added
these
three
keywords
and
you
will
have
a
plain,
vanilla,
looking
solidity:
smart
contract,
you
take
that
contract
run
it
through
solidity,
compiler
and
it
output
an
api.json
file
which
essentially,
is
the
syntax
with
the
various
State
variables
and
functions
that
this
contract
holds.
E
Now
it's
a
Json
object
of
the
nested
type,
but
essentially
you
can
parse
it
as
what
we
as
what
we
know
as
abstract,
abstract,
syntax
tree
and
AST.
So
what
abstract
syntax
tree
is
it
lets
you
take
a
new
program
and
split
the
syntax
of
this
program
into
a
tree
and
in
the
case
of
facility
smart
contract,
you
would
have
your
contract
at
the
very
top,
which
will
then
be
split
into
State.
Variable
declarations
and
function.
E
Definitions,
State
variables
will
then
be
split
up
into
the
type
of
the
variable
and
the
value
of
the
variable
and
the
function.
Definitions
will
be
split
up
into
the
type
of
the
you
know:
the
function
parameters,
the
return
parameters
and
the
body
the
function
parameters
and
the
return
parameters
will
be
split
up
pretty
similar
to
the
state
variables
between
the
type
and
the
value
they
hold.
And
then
the
body
which
is
the
important
bit
is
going
to
be
split
up
into
the
kinds
of
statements
that
can
exist.
E
Expression,
statements,
assignment
statements,
so
you'll
have
the
operation
on
on
one
end,
with
its
children,
node
being
the
left
hand
and
the
right
hand
operands
of
this
operation.
That's
that's
how
your
abstract,
syntax
tree
would
normally
look
like.
So
you
take
that
tree
now,
once
it's
generated
from
the
abi.json
and
then
you
put
back
the
keywords
that
you
used
originally
in
the
solidity
into
this
tree.
So
if
a
variable
was
Secret
into
its
type,
you
will
now
say
secret
type.
E
Variable
now
from
this
modified
abstract
syntax
tree,
you
will
have
to
generate
four
different
output
files,
the
files
being
circuits
contract,
the
orchestrator
code
and
the
test
code
for
generating
that
you
will
actually
have
to
create
four
different
kinds
of
abstract
syntax
trees,
which
will
represent
what
the
code
should
look
like
in
files
from
these
original,
abstract,
syntax
tree
and
from
those
abstracts
and
tax
trees.
You
will
then
generate
the
code
files.
That's
pretty
much.
How
it
works
sounds
simple,
and
the
code
is
painful.
E
I
tell
you
now
just
to
give
a
quick
idea
of
what
the
architecture
looks
like.
You
would
have
your
Zol
contract,
which
has
three
functions,
all
of
which
you
need
to
have
all
of
which
have
secret
variables
that
it
manipulates.
Then
you
will
have
the
orchestrator.
The
orchestrator
holds
the
API.
Essentially
a
user
will
call
the
API
and
the
API
will
have
an
API
endpoint
for
each
of
those
functions.
So
once
you
call
the
API,
the
API
will
then
orchestrate
by
interacting
with
the
proof
generation
or
the
contracts
accordingly.
E
Now
you
also
Orchestra
can
also
do
setup
for
your
circuit,
which
generates
the
private
and
proving
keys
and
the
verification
keys
for
these
circuits,
and
then
it
will
also
deploy
the
required
smart
contracts
onto
the
whichever
blockchain
you're
using.
But
in
this
case
we
always
use
ethereum
pretty
much,
and
it
will
also
deploy
the
verification
key
into
the
verify
your
smart
contract.
And
then
it
also
holds
the
database
of
the
commitments
that
pertains
to
the
user
who's
using
this
orchestrator,
as
well
as
the
secret
information
that
is
required
to
open
the
commitments.
E
It
will
also
hold
Keys,
which
suggest
about
the
ownership
of
the
of
a
commitment,
and
all
of
this,
of
course,
can
be
rear.
Architected
a
bit
more
for
production
scenario,
while
you're
storing
this
information
much
more
securely
in
a
HSM
wherever
you'd
like
and
then
you
will
have
the
smart
contract
and
you
have
the
shield
contract,
which
is
the
con.
The
function,
which
is
the
contract
that
gets
called
when
somebody
wants
to
do.
E
One
of
these
functions,
which
will
in
turn
call
the
verify
your
smart
contract
to
verify
the
proof
that
you've
just
submitted
to
it.
Using
the
verification
key
that
is
relevant
to
that
verification,
and
then
you
will
have
the
timber
tree
that
we
just
spoke
about
earlier.
All
it
holds
is
just
the
root,
that's
why
you
see
it
in
yellow
the
rest
of
it.
E
It's
not
really
held
inside
the
smart
contract
cost
purposes,
and
then
you'll
have
the
Socrates,
which
holds
the
proving
Keys
the
circuit
files,
which
will
help
in
the
generation
of
the
proof
for
each
of
these
different
circuits,
and
then
you
would
have
the
timber
Markle
tree,
which
holds
all
of
the
nodes
of
the
Timber
Markle
tree
itself,
now
taking
grommos
the
final
bits
so
giving
a
quick
example,
and
here
we
have
an
invoice
smart
contract
and
the
secret
variable
in
this
case
is
in
Wise,
which
is
a
mapping.
It
holds
against
an
address.
E
How
much
invoice
is
owed
by
that
address.
Now
you
have
two
different
functions.
Add
invoice
paying
wise
the
way
adding
Voice
works
is
that
somebody
who
wants
to
invoice
a
party
a
that
wants
in
what
invoice
party
B
will
add
to
party
B's
invoice
pinning
invoice
amount
they
demand
they
should
be
invoiced
by,
and
so
that's
why
you
will
see
that
I
am
invoicing.
Somebody
else
so
I'm
setting
their
stage
so
I'll
have
to
specify
unknown
and
that's
pretty
much
what's
happening
here
and
then,
when
pain
was
called.
E
What
it
essentially
does
is
I
will
pay
my
pending
invoice
to
whoever
I'm
supposed
to
pay
and
while
doing
that,
I
have
to
reduce
the
amount
owed
in
my
invoice
amount
of
depth
statement,
State
variable
by
the
amount
I
paid
by.
So
that's
what
pain
wise
does
now,
just
tracking
through
the
various
steps
that's
going
to
happen
is
you
know
you
have
on
absolutely
smart
contract
which
will
spit
out
all
of
these
different
bits
of
logic.
A
user
will
first
call
add
invoice
API
because
they
just
want
to
add
an
invoice.
E
When
that
happens
immediately,
the
orchestrator
will
look.
Oh,
should
I
fetch
a
commitment
from
inside
my
DB
or
not
in
this
case,
because
I'm
adding
an
invoice
with
somebody
else,
I
I,
don't
have
any
of
my
commitments
that
I'm
spending
I'm
just
creating
a
new
commitment
for
somebody
else
with
their
publicly
as
the
ownership,
so
I'll
just
be
creating
a
commitment
from
scratch.
Once
that
is
done,
I
will
then
have.
E
The
orchestra
will
then
have
to
speak
to
the
Socrates,
asking
you
to
generate
a
proof
with
the
private
inputs
and
the
public
inputs
required
for
this
function,
using
the
private
proving
key
of
the
ad
invoice.
Once
that
is
done,
we
get
back
the
proof
to
the
orchestrator
to
the
orchestrator
and
the
orchestrator
will
then
speak
to
Shield
contract
by
calling
the
ad
invoice
function.
E
The
Shield
contract,
which
in
turn
will
receive
this
proof
from
orchestrator,
will
have
to
call
verify
your
contract
to
verify
that
bit
of
proof
using
the
relevant
verification,
key
of
adding
wise
and
unsuccessful
verification.
We
update
the
state
by
adding
the
commitments
to
this
Markle
tree
and
the
route
is
updated
at
which
point
the
timber
tree,
which
is
a
Timber
container,
which
is
listening
to
the
timber
events
of
chain,
will
receive
the
latest
commitment
and
The
Roots,
and
then
it
will
store
that
within
itself.
E
D
Thank
you,
Titania
and
I
will
just
add
one
final
message,
which
is:
if
you
want
to
play
with
this
stuff,
it's
out
there
on
GitHub,
it's
github.com
eyblockchain.
It
is
free,
it's
open
source.
It's
maturing
quickly,
I
think
we're
in
a
pretty
good
beta
now
and
it's
getting
better
by
the
day.
So
please
go
try
it
make
zaps
and
please
use
our
our
phrase.
Zapped.
Do
we
have
any
questions
or
just
gratuitous
flattery?
Yes,
you,
sir.
F
I
just
want
to
say
this
project
is
super
awesome,
one
of
the
most
exciting
things
I've
seen
here
at
Devcon.
Now
I
did
notice
on
the
GitHub
there's
a
lot
of
disclaimers
everywhere.
Basically
saying
please,
please
please
don't
use
this
in
production.
I
just
was
curious.
What
do
you
guys
have
a
road
map
or
what
are
your
thoughts
around
when
you
think
it'll
eventually
be
a
little
bit
more
mature
and
ready
for
production
applications.
D
I
mean
I
think
we
are
I
mean
we
will
say
when
we
think
we're
sort
of
at
version
1.0
right
and
we
encourage
people
to
test
and
play
with
it,
but
and
and
we
will
probably
get
some
third-party
verification
as
well,
but
you
know
fundamentally,
we
do
like.
We
can't
tell
other
companies
what
to
do
and
we
certainly
don't
want
to
be
responsible
if
things
go
wrong
which
they
always
do
in
software.
So.
G
Thank
you
for
the
talk,
so
one
question
is
there
a
way
that
two
private
keys
can
really
reach
the
information
not
approve,
so
in
that
sense,
you
always
have
been
figure
out
that
the
balances,
for
example,
the
only
one
looking
at
this
imbalance,
was
the
address
who
owns
the
balance.
So
is
there
a
way,
for
example,
is
there
a
regulator
or
somebody
who
needs
to
have
all
the
access
at
all
the
proof
to
be
included
in
the
information
you.
E
Mean
to
say
if
a
commitment
can
be
owed
by
more
than
just
one
key
well,
ownership
is
just
always
with
the
one
key
and
ownership
is
defined
as
not
whose
key
there
is
inside,
but
also
actually
the
knowledge
of
the
commitment.
If
you
wish
to
share
the
knowledge
with
more
than
just
one
person
either
of
them
can
now,
you
know,
spend
that
commitment.
So,
if
you'd
like
multiple
parties
to
be
able
to
spend
a
commitment,
you
just
share
the
secret
information
with
them
that
that's
what
makes
them
the
owner.
G
E
So
as
part
of
events
you're
not
actually
revealing
these
secret
variables
at
all,
all
that
get
sent
out
as
part
of
the
events
is
commitment,
which
is
hiding
such
that
no
one
can
actually
see
what's
in
inside
it
anyway
and
then
nullifiers.
Those
are
really
what
will
be
the
variables
that
events
transmit.
H
This
is
definitely
great,
so
nothing
binds
it
to
just
ethereum.
It
is
any
evm
compatible
blockchain
this.
This
should
work
right
well,.
E
It
spits
out
solidity
smart
contracts,
obviously
it's
within
in
the
byte
code
that
is
required
for
solidity.
So
in
that
sense,
if
that
yes,
but
if
you
want
to
hack
it
to
something
else,
you
literally
have
to
change
the
code
such
that
it
spits
out
the
bytecode
that's
relevant
to
whichever
blockchain
you'd
like
to
use
it
for
okay.
H
So
that's
well,
that's
one
and
the
second
thing
is
like:
if
we
want
to
optimize
for,
like,
let's
say
proof,
size
or
verification
time
or
whatever
yeah
16
versus
block
or
what?
How
where
do
we
set,
that
up.
E
So
the
proof
itself
is
generated
by
Socrates.
As
long
as
the
proving
system
that
you
want
is
supported
by
Socrates,
you
can
actually
have
it
generate
the
proof
in
exactly
The
Proven
system
that
you
want
don't
think.
Planck
is
currently
supported
by
Socrates,
so
you
wouldn't
be
able
to
do
that,
but
I'm
sure
they're.
Looking
to
add
it
thanks
awesome.
I
I
Hi,
my
name
is
Adrian
I'm,
the
founder
of
cismo
and
I'm
excited
to
speak
today
about
GK
buddies
that
are
a
new
primitive
for
you
to
leverage
fully
your
own
chain
data.
You
also
run
data,
so
this
talk
will
cover
the
notion
of
sovereign
identities,
but
but
before
getting
into
that,
I'd
just
like
to
spend
a
few
words
about
sismo.
I
We
think
that
there's
too
much
power
in
the
hands
of
big
companies
holding
our
personal
data
and
in
governments
that
can
access
it
at
will,
and
so
what
we
want
to
do
is
really
to
add
a
privacy
and
the
centralization
layer
in
identity
systems,
so
that
will
remain
Sovereign.
We
want
to
predict
Humane
Society,
meaning
that
we
want
to
be
sure
that
individuals
remain
in
control
of
their
societies
and
that
we
keep
unchecked
the
central
entities
that
are
public
or
private
institutions.
I
So
what
we
do
is
build
Primitives
to
empower
our
self-solving
identities,
so
the
first
primitive
that
we
built
are
GK
badges.
They
allow
you
to
leverage
your
Sovereign
data
we'll
see
that
later,
but
they
are
soluble
tokens.
They
are
non-trustworld
tokens
that
are
attestation,
meaning
that
when
you
have
SDK
badge
it
means
something
about
your.
I
Data,
your
reputation,
your
history,
they
allow
to
you
to
do
three
things.
First,
they
allow
you
to
import
reputation
from
an
account
to
another.
Let's
say:
I
have
a
address
and
I
want
to
prove
that
on
another
address,
have
an
attestation
I
get
to
ZK
batch
on
the
new
address
and
I
have
the
proof
that
I
have
a
book.
It
also
allows
me
to
selectively
reveal
what
I
want
from
my
account.
So
granularly
reveal
some
personality.
Let's
say
that
I
have
an
account
with
a
lot
of
data
I'm
able
to
pick
one
piece
of
data.
I
Let's
say
the
crypto
plank
ownership
and
I'll
be
able
to
reveal
that
to
someone
I
own
that
without
giving
my
address
or
anything
else,
the
the
last
thing
is.
It
allows
you
to
aggregate
your
data.
Let's
say
that
you
have
a
punk
on
an
address
and
a
bank
on
another
one
and
you'd
like
to
prove
that
you
have
two
points
without
creating
a
link
between
your
accounts.
That's
what
DK
badges
allow
you
to
do,
so
it
allows
you
to
do
to
control
your
identities
and
without
creating
links
between
them.
I
Let's
say
your
Twitter
account,
you
choose
your
username
your
password,
and
they
give
you
an
account.
Actually
they
don't
really
give
you
the
accounts,
it's
still
theirs,
but
you
can
access
it
if
they
are
willing
to,
and
you
start
doing
things
on
Twitter
you
interact
with
others,
and
you
are
starting
to
build
your
identity.
So
here
you
have
an
identity
in
a
webto
account.
That
is
not
yours.
It's
your
identity!
You
have
the
same
with
Facebook
with
Instagram
with
LinkedIn.
You
have
your
identities
that
are
on
rented
accounts.
I
An
interesting
thing
about
this
identities
is
that
you
still
have
some
control
over
them.
You
can
use
them
to
connect
to
other
services,
that's
the
singer.
Sign-On,
for
instance,
I
can
connect
to
type
fully
with
my
Twitter
account,
and
it
allows
me
to
I
can
bring
some
part
of
my
identity
that
is
on
on
Twitter
totally.
So
there
is
some
sort
of
portability,
but
of
course
it's
super
restricted
at
any
point.
If
Twitter
thinks
that
type
release
is
competing
with
Twitter,
they
will
remove
the
access
of
these
accounts.
I
So
we
see
that
that
yeah
web
2
identities
are
not
yours.
It's
super
restricted.
What
you
can
do
with
your
identities.
Of
course,
there's
no
possibility
to
link
your
identities
together,
meaning
that
it's
impossible
to
create
an
event
where
you
you
invite
your
Facebook
friends,
your
Twitter
friends,
your
LinkedIn
friends,
because
they
are
actually
competing
on
your
accounts
like
it's,
not
your
accounts,
it's
theirs!
It's
their
asset,
that's
how
they
make
money.
They
want
you
to
put
as
much
data
on
it
as
possible,
and
so
that's
not
two
islands.
I
You
cannot
fully
leverage
it
and
on
the
other
side,
we
have
the
sales
serving
accounts-
data,
for
instance,
ethern
wallet,
it's
owned
by
a
private
key,
meaning
that
the
private
key
is
the
thing
that
you
must
have
the
private
key
to
do
anything
with
these
accounts.
What's
amazing,
too,
is
that
it's
permissionless
anyone
can
create
self
surrender
accounts
without
asking
permission
to
anyone.
So,
okay,
that's
great
what
I
can
do
with
it?
I
Of
course,
I
can
start
adding
some
ether
to
it,
for
instance,
and
I
can
trade
off
uni
swap
it
starts
also
to
build
my
density
now.
I
have
some
financial
data
on
my
account
that
is
mine,
I
can
buy
a
ens
name:
I
can
buy
a
nft
and
I
interact
on
social
on
social
medias
on
chain.
So
by
doing
this,
a
bit
like
on
Twitter
I
built
my
identity,
but
this
time
this
identity
is
mine.
I
I
Accounts
are
better
than
than
traditional
accounts,
even
at
web
2
stuff.
So,
okay,
I
can
connect
to
snapshot
with
my
ethereum
wallet.
I,
send
a
message:
they
say:
okay,
you're
logged
in
and
what's
great,
is
that
you
bring
your
whole
identity
to
the
app.
So
what
does
Snapshot
is
okay,
you're
logged
in
as
data
notice
or
you
have
some
other
or
you
have
some
uni
swap
tokens.
You
can
vote
on
my
governance
with
it.
So
that's
where
you
cannot
you.
You
start
to
see
the
sovereignty
that
we
have
over
our
identities.
I
With
wallets
that
I
can
bring
my
identity
to
the
app,
but
there's
something
that
is
less
cool
because
it's
the
beginning,
we
immature
is
the
fact
that
when
I
do
this
I
actually
share
everything
all
my
identity.
Let's
say
that
I
have
An
Occurrence
my
menu
account,
that
is
private.
With
a
lot
of
data.
My
erc20
is
my
assets,
my
nfcs
so
many
things
and
that
I
want
to
access
an
app
to
let's
say
that
are
created
by
crypto
pen
Corners,
because
I
just
want
to
be
part
of
a
cool
community
and
access.
I
The
chat
app
using
sign
in
with
ethereum
I
would
have
to
connect
with
my
main
wallet
and
give
so
much
data
about
myself
here.
What
we
saw
is
that
at
every
time
that
I
connect
to
an
app
with
signing
with
them
I
bring
all
my
data,
but
again
the
sales
training
accounts
are
amazing,
they're
controlled
by
a
private
key,
and
you
can
do
even
more.
I
You
can
do
zero
knowledge
proofs,
and,
with
this
account
you
can
basically
select
a
piece
of
data
that
you
want
to
share
and
and
that's
it
so
again,
it's
super
powerful
and
that's
everything.
That's
that's
what
badges
are
about.
It
allows
you
to
selectively
reveal
some
part
of
your
Sovereign
data.
So
again
what
they
are.
They
are
tokenized
at
attestation,
meaning
that
when
a
wallet
has
this
SBT,
this
non-traceable
token
it
means
that
it
means
something
about
the
identity.
It's
an
attestation
like
they
have
a
crypto
pen,
the
voted
on
the
governance.
I
They
have
a
certain
number
of
Twitter
followers
stuff,
like
that.
It's
DK,
because
it's
it's
minted
by
a
ZK
attester.
This
is
a
smart
contract
that
accepts
zero
knowledge,
proofs
and
okay.
You
brought
me
the
knowledge
proof
that
you
have
a
crypto
bank.
Now
I
give
you
the
badge
that
you
have
a
crypto
pack
and
it's
on
evm
chance.
I
It's
deployed
on
currently
on
polygon,
but
we
plan
to
go
everywhere,
especially
on
on
layer
2,
of
course,
now
a
small
thing
about
badges
that
a
small
Nuance,
that's
not
very
important,
but
still
these
are
ERC
1155.
Each
badge
has
a
token
ID
in
this
contract,
and
that
means
that
each
bus,
each
badge
is
a
sort
of
erc20.
It's
not
really
a
NFC,
so
erc20
and
for
the
same
batch
you
can
have
different
balances.
So
we'll
see
that
later.
I
Why
is
interesting,
but
you
have
a
value
of
the
attestation
corresponding
to
the
balance
of
your
batch
and
the
higher
balance.
Maybe
it
means
that
you
have
more
followers,
or
your
batch
means
more
we'll
see
that
later.
So
the
process
of
meeting
aziki
badge
is
pretty
simple:
I
have
a
source
account
here.
Is
the
adrian.eth
I?
Have
data
I
need
my
serving
data?
One
piece
of
data
is
that
I
have
a
crypto
bank
I
want
to
prove
it.
I'll
generate
a
GK
proof
and
send
this
easy
key
proof
to
the
Tester.
I
The
accessor
validates
that
okay
has
a
punk
high
value.
That
I
mean
the
badge,
but
the
SD
card.
Tester
at
no
point
will
know
about
my
address
last
thing
he
does
is
that
it
stores
only
fires
we'll
see
that
later
so
to
to
really
understand
better
GK
badges
I
like
to
use
two
identities.
Let's
say
that
I
have
my
public
wallet
again:
did
you
not
eat
I?
I
Have
my
ens
names
I
donated
a
Bitcoin
I'm,
a
verified
human
meaning
that
I
docs
myself
I
uploaded
a
video
with
my
name,
raster
name,
and
it's
linked
to
my
address.
So
this
address
is
completely
docked
like
everybody
can
know
everything
about
it.
I
have
some
nfts
I,
introduce
two
conferences,
so
I
have
some
pop-ups
and
actually
I
have
another
wallet.
This
is
this
mine
is
my
private
wallet.
That's
where
I
do
my
DJ
and
stuff
I
have
a
lot
of
transaction
I,
maybe
have
a
lot
of
assets.
Hopefully
that's
the
dream.
I
Let's
I
want
to
use
them
together
because
both
have
valuable
data
and
I
want
to
use
them
together.
So
that's
what
rck
badge
is
about,
so
the
first
thing
that
it
allows
you
to
do
I'm
a
verified
human
and
they
do
not
eat
I'm
doxed.
But
now
let's
say
that
I
want
to
access
my
private
wallet,
an
application
that
requires
you
to
prove
that
you
are
human.
Of
course,
I
don't
want
to
link
them
together.
I
So
what
I'll
do
is
that
I
will
have
the
proof
of
humanity,
the
key
batch
online
wallet
and
it
will
just
reveal
what
I
need
that
is
I'm
a
human
I
have
somewhere
a
slow
circum
that
is
doxed
and
I
was
able
to
do
this
badge
only
once.
Okay,
so
now
we'll
get
into
the
technicalities.
How
everything
is
done.
The
zkr
tester
I
told
you
about
the
one
we
currently
use
is
the
Hydra
s1z
cat
tester
Hydro
S1
is
for
the
proving
scheme,
because
we,
this
statistor,
accept
a
certain
type
of
GK
proofs
and
I'll.
I
Explain
what
those
UK
proofs
are
so
behind
the
hydrox20
care
tester
there's
always
a
group
of
eligible
accounts,
that's
how
it
works.
So,
for
instance,
behind
the
ZK.
The
proof
of
humanity
is
the
cable.
There
is
the
list
of
all
the
registrants
that
are
on
the
poh
registry.
So,
of
course
there
is
my
address.
We
see
this
that
there
is
a
value
to
each
address
to
each
account.
This
value
will
be
the
balance
of
the
batch,
and
with
this
you
can
you
you
can
use
it
to
to
code
some
sort
of
tiers.
I
So
let's
say
imagine
that
in
V2,
poh
have
a
super
verified
user
like
it's
verified,
but
very
well
with
kyc
or
I,
don't
know
what
you
could
have.
Maybe
there
will
not
use
with
the
value
2
and
it
will
give
the
badge
with
the
balance
too,
and
everyone
that
has
two
badges
like
that.
Has
balance
two
of
these
batch
means
they
are
super
verified.
So
again,
yes,
here
is
just
you
have
pH
UI
in
the
group
with
one
you
are
not
you're,
not
in
the
group,
so
you
have
the
group
of
eligible
accounts.
I
These
are
the
accounts
that
will
be
able
to
meet
the
badge
and
we
put
them
in
a
Merkel
tree.
It's
a
position
Markle
tree,
so
that
it's
not
friendly,
which
is
that,
but
in
the
leaves
you
have
all
the
eligible
accounts.
We
have
the
route
we
publish
the
root
and
chain
and
we'll
see
what
we
do
use
everything.
So
the
the
the
the
way
the
the
badge
is
minted
is.
I
First,
you
go
to
your
front
end,
so
I'm
on
sismo
I'm,
connected
with
the
arduino.if
the
four
seconds
I
first
I
upload
the
miracle
tree
now
I
have
in
my
front
end
everything
happens
on
the
front
end.
That's
what
guarantees
the
Privacy
so
on
in
my
front
end
I
have
the
miracle
tree.
I
have
my
account
and
what
I
will
do?
I
will
do
three
things.
First,
I
will
prove
that
I'm,
the
owner
of
the
internet.e,
and
these
three
things
will
be
done
in
the
Ezekiel
circuit.
So
first
thing
I'm
the
owner
of
the
adrian.t.
I
Second,
the
engineers.e
is
in
the
Mercury
Beyond
local
proof,
and
the
third
thing
is
I
actually
own.
The
destination
account.
Let's
make
sure
that
I
cannot
give
budgets
to
others
or
that
I
cannot
spam
another
account.
So
these
three
things:
I
I'm,
daniel.is
Source,
account
destination,
accounts,
I'm
part
of
the
tree.
I
do
that
in
the
GK
snack
I
get
the
ZK
proof.
The
executive
proof
reveals
nothing,
but
there
is
an
address
that,
like
this
users
has
proved
to
have
an
address.
That
is
part
of
the
tree.
I
I
give
that
to
the
zika
tester
and
the
decal
to
sell
does
two
things.
First,
it
verifies
the
proof:
okay,
it's
valid,
ZK
magic
and
then
it
register
a
nullifier
I
think
that
there
was
some
presentation
Defcon
about
this,
but
it's
a
way
to
make
sure
that
from
One
Source
I
can
do
only
one
batch
and
for
this
I
register
on
unifier,
it's
the
anonymized
version
of
my
address.
Basically,
so
that's
great
and
now
I
have
my
badge
on
my
destination
account
and
there's
no
leak.
I
So
again
we
saw
that
this
DKR
tester
allows
you
to
prove
from
a
group
to
create
from
a
group
SDK
badge,
and
actually
this
is
anyone
here
in
the
in
the
room,
can
create
its
own.
The
keyboard,
that's
what
we
build
system.
We
don't
build
this
mode
to
do
some
Partnerships
or
something
like
that.
It's
a
primitive
everything
is
open
source
of
course,
and
very
easily
in
15
minutes.
If
you
are
developers,
we
have
a
tutorial
that
helps
you
with
that.
I
You
can
fetch
from
your
subgraph
from
a
bigquery
from
anything
you
can
fetch.
Your
group
choose
the
metadata
for
your
badge,
choose
the
visual
and
that's
done
so
again.
Anybody
can
create
this.
Dk
badge
can
create
a
group
as
a
keyboard,
and
we
just
released
today
the
factory
of
sismore.
It
allows
for
even
people
that
are
neither
color
or
designers
to
build
a
GK
badge.
It
works
that
way.
You
you
add
metadata.
We
have
a
SVGA
Editor
to
create
your
CK
badge
and
then
you
have
just
to
copy
past
the
list
of
address.
I
You
push
the
button
and
done
you
have
your
SDK
badge
available.
So
that's
I.
Think.
That's
super
great,
so
I
invite
you
to
try
that
and
before
that
I'd
like
to
before
getting
yeah
now
I
want
to
speak
about
the
protocol.
So
we
saw
that
sismo
is
open.
Anybody
can
add
its
group.
It
will
have
your
their
own
GK
badge
for
their
user
Community,
but
even
better.
Actually,
so
that's
what
I
told
you
about
anybody
can
add.
I
I
So,
for
instance,
you
can
use
smr4
it's
another
SDK
scheme
that
will
be
a
GK
tester,
but
you
can
also
use
a
public
accessor,
like
the
proof
that
you
would
require
from
user
is
not
a
secret
proof,
but
a
market
proof
and
the
signature
is
recover
or
you
could
even
create
a
centralized
tester,
meaning
that
the
proof
that
you
have
to
send
to
get
your
badge
is
a
signature
of
the
third
party.
So
again,
that's
that's.
What
we're
trying
to
do
is
really
primitive
we're
not
here
to
yeah.
I
We
want
you
to
have
fun
with
this,
so
that
you
can
really
control
the
data
of
your
users
and
and
that
you
can
build
weird
stuff
like
if
I
did
in
2020.
It
did
real
stuff
with
composability
between
all
the
financial
applications.
Here.
What
we
want
to
do
is
we'll
stuff
about
the
social
capital
that
you
have.
So
that's
it
again.
All
these
open
source
invite
you
to
read
the
docs
and
I'll
get
a
so
now
we
get
back
a
bit
to
recap
a
bit.
So
what
it
allows
you
to
do.
I
I
told
you
that
it
allows
you
to
import
reputation
from
the
public
to
an
unknown
wallet,
but
you
can
do
the
reverse
again.
If
I
was
a
degener
in
my
and
on
wallet,
I
could
import
this
reputation
to
my
public
wallet
have
ethernet
power
users,
only
top
0.1
percent
ethereum
users
can
means,
and
so
that's
why
I
approved
as
they
generated
that
I'm
a
Degen
but
I
never
revealed
my
wallet.
So
that's
yeah
one
big
thing,
the
other
thing,
if
you
think
about
it,
what
happens?
I
If
I
mint,
the
badge
on
a
one-time
address,
fresh
new
address,
What
I've
Done
by
doing
this,
is
that
I'm
able
to
reveal
just
exactly
what
I
need
it's
not
about.
Building
an
identity
is
to
I
need
to
prove
to
someone
that
I
meet
some
criteria.
I
create
a
new
address
I'm
in
the
batch
there
and
I
will
also
prove
exactly
what
I
need.
So
here
on
the
adrian.e
again,
I
have
a
lot
of
data.
One
of
the
data
that
is
mine,
sorry,
is
that
I
have
a
lot.
I
have
the
HTC
prep.
I
The
group
of
eligible
users
is
people
that
went
to
either
a
Defcon
or
HTC
or
eat
Berlin,
very
legit
physical
events
and
so
I'm
able
to
mean
that
to
a
fresh
new
address
and
then
I
can
use
this
address
to,
for
instance,
get
private
merchandising
or
access
air
jobs
to
get
into
events,
and
with
this,
what
I
was
able
to
do
is
prove
that
I
went
into
one
of
the
top
conferences
that
I'm
a
human
and
not
that
I
went
with
no
time
the
Adrian.
That
is
that's.
I
That's
leveraging
your
data,
that's
what
we
call
it.
So
it's
super
excited
about
this.
The
last
thing
that
we
intend
to
do
that
is
not
life
is
the
way
to
aggregate
your
reputation
in
cismo.
Our
governance
is
not
token
based,
or
it
is
token
basement,
but
not
Financial.
Token
based
it's
been
is
based
on
contributions,
meaning
that
the
more
contributions
you
did
for
sismo
the
higher
voting
power.
You
have
again
it
reuses
the
things
that
I
told
you
about
the
balance
of
the
token.
I
Basically,
the
more
contributions
you
did
you,
the
higher
you
will
be
in
the
tier
of
contributor
and
the
higher
voting
power.
So
here
with
ZK
badges,
you
will
be
able
to
aggregate
your
reputation
from
your
private
wallet
that
maybe
you
held
by
using
a
lot
sismo
and
from
your
public
wallet
that
maybe
you
held
by
doing
some
threads
some
communication
about
this
more
so
yeah,
again,
I
think
for
governance
power.
I
This
is
very,
very
interesting
to
have
reputation
based
governance
instead
of
just
like
who
has
been
like
instead
of
erc20
is
only
that
is
financial
capital
or
communities
that
are
ruled
by
your
nft
that
you
just
have
to
first
come
first
serve
and
it's
like
a
airdrop
Farmers,
this
kind
of
stuff
here
these
tokens
means
a
lot
and
it's
private.
So
you
can
really
speak
your
mind.
There's
no
risk
at
knowing
that
you're,
a
team
member
or
I
don't
know.
So
we
are
super
excited
about
this
new
primitive.
I
So
now,
I
I'd
like
to
speak
about
the
long-term
vision
of
system,
again
I'm
able
to
aggregate
view
I
I'm
able
to
aggregate
data.
The
way
it
works
is
that
basically
anytime
I
want
to
use
an
account
to
prove
themself
about
it.
I
will
send
a
message
with
it
and
it
gives
this
account.
The
ability
to
be
in
the
ZK
world,
like
from
now
on
I,
can
prove
everything
about
my
data.
So
the
way
it
works
that
I
will
import
into
the
system
of
world.
I
That's
your
encrypted
data
volt
that
is
only
accessible
to
yours.
I
will
store
the
signatures
that
I'll
tell
you
about
so
I
signed
with
digital.is
now
I'm
in
the
world,
with
the
unknown
I'm
in
the
world,
and
now,
as
a
user
I'm,
the
only
one
that
has
access
to
all
my
data,
and
now
it
doesn't
matter
whether
it
comes
from
an
address
to
address
or
I,
don't
know
what
I'm,
the
user
I
have.
Yeah
access
to
everything
and
I
can
use
it
as
I
want.
I
So,
for
instance,
let's
say
that
I
want
to
access
an
airdrop
and
they
require
me
to
prove
that
I'm,
assuming
that
it's
a
civil
resistant
airdrop
that
would
be
great
to
have
that,
so
they
require
me
to
prove
and
that
I'm
a
human
and
that
I
don't
know
that
I
traded
a
lot
on
their
platforms
or
that
I
am
a
big
user.
So
that's
what
allows
me
the
world
to
do.
I
can
generate
the
ZK
proof.
I
What
we
did
with
DK
is
the
ability
to
programmatically
code
reputation
in
in
in
some
sort.
So
we
are
very
bullish
and
this
is
nsbc's,
but
but
we
are
mainly
using
tokens.
It's
a
big
question:
why
we're
using
tokens
because
they
are
great
at
standardizing
once
you
have
reputation
as
a
token,
it's
super
easy
for
anyone
to
fetch
it
to
know
that
we
have
designing
with
the
term
tools
and
all
these
things,
but
on
the
long-term
vision,
do
we
really
need
to
send
those
UK
proof
to
a
Smart
contract
to
mean
the
badge?
I
If
what
we
want
to
prove
is
to
a
third
party.
Let's
say
that
I
want
to
prove
to
a
merch
store
that
I
have
crypto
Bank.
Do
I
really
need
to
send
a
badge
on
an
address?
Maybe
not
I
can
directly
send
the
ZK
badge
to
this
third
party.
So
that's
the
the
big
big
vision
of
system
is
ready
to
be
to
be
a
Google
connect
on
top
of
your
server
and
identities.
You
add
your
all
your
accounts,
your
Twitter
account
your
GitHub
account.
You
also
learn
the
address
your
Bitcoin,
whether
it's
your
ethereum
wallet.
I
You
upgrade
all
of
that
and
then,
when
you
want
to
send
to
an
app
they
say,
Okay
I
want
a
bit
like
when
you
connect
to
with
Google
connect.
They
say:
okay,
they
will
access
your
email,
your
contacts,
your
all
these
things.
What
we
don't
hear
is
that
okay,
I
I
connect
with
this
more.
This
app
want
to
see
your
amount
of
I,
don't
know,
nfts
your
total
net
worth
all
these
things
and
you
choose.
I
You
choose
what
you
want
and
if
you
choose
your
food
to
bring
your
full
reputation,
maybe
maybe
we'll
you'll
have
access
to
the
best
services,
but
you
can
also
choose
to
just
reveal
what
you
want,
because
if
you
don't
want
to
give
to
this
application
everything
so
yeah,
that's
that's
really
about
system
is
trying
to.
I
We
have
more
and
more
engine
data.
We
have
more
and
more
great
projects
that
are
bringing
of
chain
data
to
Unchained
data,
but
today
we
cannot
really
leverage
it.
We,
the
Privacy,
is
a
real
issue
about
identity,
because
we
are
used
to
web
to
Identity
that
are
private
because
they
are
closed.
It's
closed
Gates.
I
They
don't
want
to
see
anything
so,
of
course,
it's
private
by
Design,
but
on
web3
with
public
by
Design,
but
this
also
caused
some
issues,
so
I
hope
that
that
I
share
my
excitement
about
what
we
can
do
with
serving
identities
and
we're
hiring
by
the
way.
So
if
the
mission
is
exciting
to
you,
we
are
very
small
team.
We
are
just
seven,
but
we
are
very
passionate
about
what
we
do
so
feel
free
to
reach
out
and
again,
everything
is
open
source.
I
K
Hi,
thank
you
for
the
talk
that
was
super
interesting,
so
my
question
was
about
updating
of
ZK
badges,
so,
for
example,
in
the
example
you
gave
you
said
you
own
the
punk,
and
then
you
create
the
zika
badge
that
you're
on
the
punk.
What
happens
to
that
batch
when
you
transfer
the
punk
and
don't
own
it
anymore?.
I
I
You
could
code
that,
like
the
way
to
for
a
central
party
to
update
the
route
and
make
sure
that
the
badges
that
were
issued
are
no
longer
issued,
but
I
think
that
it's
still
a
bit
complex
and
the
best
way
is
really
to
think
about
DK
badges
as
a
snapshot
attestation,
and
it's
up
to
the
application
to
ask
for
users
to
renew
so
yeah.
That's
really
the
way
we
think
about
it.
Now.
L
Thank
you
very
much,
really
cool
stuff
lack
of
privacy
is,
of
course,
one
of
the
barriers
in
this
ecosystem.
So
thank
you
for
addressing
that.
Have
a
general
question
about
how
do
you
collaborate
with
individuals
and
and
projects
within
the
space,
because
at
the
end
of
the
day,
it's
about
going
to
Market
and
it's
it's
promoting
it
all
to
yeah
individuals
and
teams
that
are
building
could.
I
You
explain
what
kind
of
projects
any
projects.
I
So
I
think
we
are
a
project
that
that
should
be
used
by
many
applications.
First,
I
think
that
we
are
one
of
the
first
teams
that
are
using
ZK
for
a
very
concrete
case
and,
as
I
told
you
about,
we
can
have
multiple
zkr
testers.
So
if
we
have
a
zika
team
that
has
created
a
musical
scheme,
we
are
using
row
16
Hydra
as
well.
That
is
very
specific.
I
But
if
another
team
has
another
way
to
create
attestations,
we
can
think
about
change
links
GCO,
for
instance,
they
are
able
to
do
zika
attestation
from
web
to
data.
They
will
come
to
visitor
here
and
that's
why
we
beat
it
for
other
teams.
It's
if
you
want
to
do
repetition
within
your
governance.
You
can
create
your
CK
badge
or
even
better.
You
can
create
your
own
zkr
tester
and
build
logic
in
it,
and
so,
whenever
somebody,
let's
say
Minto
ZK
badge
that
I
played
on
on
a
certain
game.
I
M
I
have
a
question
here
really
fascinating
talk,
super
amazing
and
one
of
the
things
that
popped
into
my
mind
when
you
said
that
this
is
comparable
to
the
D5
movement
of
the
D5
summer.
D5
came
with
a
lot
of
hacks
and
a
lot
of
blood
by
fire.
So
how
do
you
protect
the
Privacy
say
we
put
all
our
addresses.
Have
this
like
great
identity,
and
you
know
how
yeah
some
of
the
risk
of
that,
and
what
do
you
see
for
that?
Yeah.
I
When
I
was
doing,
that
is
that
D5
was
raw.
It
was
the
first
time
we
discovered
like
before
Banks
and
insurance
and
all
like
all
the
financial
services
were
provided
by
webto
applications
that
didn't
talk
together
and
we
discovered
what
I
can
deposit
in
a
landing
tool
and
then
use
that
to
bring
liquidity
to
an
exchange
and
then
use
that
to
take
somewhere
and
it's
huge,
but
we
could
do
the
same
with
social
Capital
like
today,
it's
impossible
to
use
your
let's
say
you
are
Uber
driver
2000
drives
five
stars.
I
P
Can
I
and.
B
Now
we
are
going
to
present
our
next
speaker
he's
going
to
talk
about
towards
a
fitter
completely
completely
a
bug
background
compatible
privacy
layer
for
ethereum
is.
P
Yes,
thank
you
very
much
for
the
intro,
so
more
privacy
times
coming
up.
Of
course,
we're
here
to
talk
about
privacy
layers
in
particular.
What
are
privacy
layers?
Why
do
we
need
privacy
layers
and
how
are
we
going
to
get
a
private
layers
that
people
need
so
first,
let
me
State
the
why?
For
privacy
layers,
obviously
the
reason
why
we
need
privacy,
because
we
don't
have
it
right
now.
P
You
know
if
you
go
to
Easter
skin,
every
single
transaction
is
public
right,
you're
able
to
see
the
entire
history
of
all
the
wallets.
So
the
second
reason
why
we
need
privacy
is
that
if
we
want
mainstream
adoption
or
plastic
Technologies,
we
really
need
privacy
right.
P
It's
one
of
the
main
hurdles
alongside
scalability
and
you
know,
identity
and
other
issues,
and
finally,
I
would
like
to
just
quickly
address
on
you
know:
privacy
and
regulation
issues
and
there's
effectively
a
spectral
Solutions
right
when
you
build
a
privacy
technology,
we're
on
one
side,
you
build
fully
self-sovereign
Solutions,
where
only
the
individual
control,
their
information
and
assets
and
the
other
side
you
could
give
you
know
a
lot
of
control
to
The
Entity,
actually
controlling
this
ecosystem,
while
preserving
privacy
between
individuals
and
so
on,
the
right
side.
P
You
have
something
like
cptcs
and
the
livestock
has
something
like
Toyota
cache
right
and
perhaps
actually
in
the
middle.
We'll
have
something
that's
more
or
less.
Maybe
you
know
Best
of
Both
Worlds,
where
we
could
have
a
privacy
preserving
system
yet
give
some
limited
form
of
control
to
you
know
some
set
of
authorities:
okay,
so
enough
enough
on
the
Y.
Let's
talk
about
what
I
mean
by
privacy
layers.
P
P
So
anonymity
is
the
inability
to
tell
who
is
doing
a
transaction
right.
So
if
somehow
you're
going
to
etherscan-
and
you
look
at
transaction-
and
you
can't
really
tell
who
the
address
you
know
who's
the
engineering
address,
then
we
say
that
this
system-
that's
the
anonymity
and
second,
is
the
notion
of
confidentiality.
P
If
you're
going
to
use
here-
and
you
cannot
see
exactly
what
the
trades
are,
then
we
say
this
system
is
confidential
and
it
turns
out.
Confidentiality
is
really
really
hard
on
ethereum,
it's
pretty
much
impossible
until
unless
you
want
to
redesign
entirety
of
etherea
right.
So,
on
the
other
hand,
anonymity
is
actually
quite
easy
right.
We
can
use
any
mixer
to
mix
the
funds
and
every
single
time
we
want
to
do
an
operation.
However,
this
is
very,
very
unusable
right
to
the
extent
that
only
you
know
we
only
we
very
much
need
this.
P
Would
you
do
such
a
thing
right?
Normal
users
would
not
do
this
for
every
single
operation
that
would
do
D5
protocols.
So
the
goal
is
really
to
make
this
very
usable
right.
How
do
we
get
usable
anonymity
for
ethereum?
So
so
what
do
I
mean
by
again?
So
just
reiterate,
the
system
will
have
anonymity.
If
you
go
to
etherscan-
and
you
cannot
see
you
know
who's
already
using
all
these
contract
calls
right.
So
the
question
is:
can
we
get
something
like
this
with
ethereum
right?
P
So
and
you
know
we
don't?
We
don't
want
privacy,
an
enemy
just
for
payments.
We
want
list
of
identity
for
any
type
of
smart
plug.
So
you
can
see
you
know
on
ethereum.
You
can
do
many
many
different
things.
P
You
know
it's
an
ecosystem
of
the
apps,
not
just
payments,
not
just
you
know,
peer-to-peer
swapping
of
asset,
not
just
in
empties
it's
whatever.
You
can
imagine
on
top
of
token
standards
right.
We
want
to
have
an
enemy
by
default
for
all
the
apps.
P
So
that's
the
question
and
that's
also
what
I
mean
by
a
privacy
layer
apparently
for
ethereum
should
have
the
following.
You
know
set
of
features,
but
let
us
look
at
what
are
the
current
solutions
for
privacy
layers?
P
If
you
look
at
the
entire
ecosystem,
we
have
many
many
different,
UVM
chains.
That's
you
know
more
or
less.
You
know
you
could
run
a
d
app
and
typically
you
know
any
any
of
them
and
we'll
have
many
many
applications,
sometimes
on
one
popular
chain,
sometimes
on
many
chains
and
what
are
the
Privacy
Solutions?
Well,
we
have
some
mixers
and
we
have
you
know
some
solutions
that
offer
some
type
of
D5
compatibility
and
we
have
solutions
that
more
or
less
act
as
a
layer
two
and
with
privacy.
P
So,
for
instance,
Aztec
and
zika
Opera
are
great
examples
of
this
and
then
on
the
other
hand,
we
have
also
about
privacy,
old
ones,
and
the
examples
are
like
friends,
for
example,
allele
and
Manta,
where
you
know
it's
a
separate
chain,
it
might
be
a
different
ecosystem
and
you
have
a
bootstrap,
although
liquidity,
and
so
it
turns
out,
you
know,
there's
no
single
solution
that
works
with
all
the
D
apps.
P
So
if
you
look
at
what
these
Solutions
do
so
real
guide
and
zinc,
copper
actually
only
to
support
some
limits
in
the
form
of
swaps
and
project,
as
I
connect
allow,
you
know
actually
pretty
good
differential
probability,
but
it's
not
completely
compatible
with
every
single
D
app
right.
So,
for
as
that
connects
you
need
to
write
this
custom
Bridge
contract
and
in
fact
you
know
that's.
P
Basically,
if
you
go
to
every
single
Aztec
hackathon
like
that's
what
people
do
is
you
know
they
build
Bridge
contract
for
every
single,
the
app
you
know,
and
that's
not
scalable
if
you
want
to
want
this,
to
support
every
single
dfat
projects
out
there.
So
you
know
this
is
observation.
We
don't
have
a
private
solution
that
you
know
it's
default
and
really
usable
right,
so
so
yeah.
So
let's
look
at
what
I
mean
by
privacy
layer
and
what
we
should
get
in
this
previous
layer.
P
So,
first
of
all,
it
should
be
feature
complete.
Okay.
So
so
what
I
mean
by
that?
You
should
have
two
features.
You
should
be
able
to
use
this.
You
know
privacy,
layer
exactly
the
same
way.
You
would
use.
You
know
ethereum
right,
so
you
should
be
able
to
use
a
processor
solution
or
Ned
app
that
you
want
any.
P
And
ideally
you
know
with
basically
the
same
interface
right.
You
go
to
you
go
into
a
Dr
front
end.
You
click
some
buttons
and
you
you
know
you
do
a
swap
and
second,
you
should
be
able
to
disclose
what
you
have
done.
Okay,
so
if
you
look
at
you
know
existing
privacy
Solutions,
it's
actually
really
hard
to
tell
someone
else
that
you
did
something.
You
know
the
interface
is
not
intuitive,
whereas
right
now
for
the
transparent
solution.
P
If
you
give
someone
your
address,
they
know
you
know,
because
your
entire
history
right,
so
we
want
some
type
of
form
of
information
disclosure
right.
So
if
you
own
set
of
nfts-
and
you
want
to
prove
to
your
friends
that
you
know
I
own
this
at
nfts
and
I-
authorize
a
message-
you
can
do-
that
you
should
be
able
to
do
that
really
really
easily
right.
P
Okay-
and
the
second
thing
you
should
you
should
do-
is
be
backwards
compatible
right,
because
we'll
have
all
this
amazing
ecosystem
out
there,
obviously
apps
that
people
use,
we
don't
want
to
you,
know,
throw
it
out
to
waste
and
build
something
completely
brand
new
like
we
want
to
reduce
existing
ecosystem.
P
So
vehicle
system
should
be
to
support
erc20,
721
1155
standards,
and
you
know
you
should
more
or
less
work
with
existing
applications
right
and
finally,
most
importantly,
you
should
actually
offer
some
from
a
privacy
which
in
this
case
anonymity
right
so
recall
back
to
the
previous
slides.
P
You
will
be
the
form
you
know,
use
this
thing
and
everybody
will
use
this
privacy,
layer
and
you're
going
to
easily
scan.
No
one
can
figure
out
who
did
what
action
right.
So
the
question
for
my
talk
is
you
know:
can
we
build
such
a
thing
and
actually
the
goal
of
my
talks
to
convince
you
that
we
could
build
such
a
privacy
layer
for
ethereum
today
and
we're
building
one
okay?
P
So
so,
let's
look
at
how
we're
going
to
do
this
right.
So
so,
let's
look
at
this.
You
know
set
of
three
things
that
we
want
for
our
privacy
layer
and
it
you
know
if
you
kind
of
categorize
them
the
first
two.
Your
two
features
are
basically
what
the
smart
contract
wallet
gives
you
right.
So
if
you're
familiar
with
their
kind
of
abstraction-
or
you
know
any
type
of
smart
contract
wallet,
this
is
the
two
things
that
this
should
offer.
You
right,
you
should.
P
P
P
So
this
is
the
most
basic
form
of
private
solution
that
you
know
we've
had
since
the
Bitcoin
days
right,
so
it
allows
you
any
user
to
deposit
and
later
on,
you
should
be
the
withdrawal,
but
by
the
time
that
you
withdraw,
nobody
else
should
know
who's
actually
withdrawing
right,
so
you
withdraw
to
a
fresh
UA
address,
so
that's
the
no
geometry
pool
or
mixer
and
second,
let's
recall
Notions.
Actually
this
should
say
wallet,
let's
recall
those
on
the
contract.
What
is
your
contract
wallet
well
for
a
contract
wallet?
P
The
users
actually
do
not
own
a
uoa
anymore
right
so
for,
for
instance,
for
account
abstraction.
You
will
have
different
address
that
we
use,
and
you
know,
but
basically
you
know
for
your
for
your
smart
contract
wallet.
You
should
be
able
to
do
the
exact
same
things
that
you
would
do
with.
You
know.
Your
meta
mask
right:
you
should
be
able
to
submit
it.
P
Arbitrary
smart
contract
calls
and
get
executed
right,
and
this
is
done
in
the
form
of
intermediary
contract
wallet
that
verify
some
signature
and
carry
out
the
calls
for
you.
Okay,
so
that's
not
contract
wallet
and
recall
we
want
to
do
before.
We
know
we
said
that
you
know.
The
thing
we
want
to
build
is
basically
a
show
that
plus
a
Smart
Control
wallet.
So
so
here's
what
we're
actually
going
to
do
we're
going
to
take
the
two
and
just
put
them
together.
Okay,
so
it
seems
to
be
a
shielded
contract
wallet
right.
P
So
what
can
I
do?
You
should
be
able
to
use
anything?
That's
on
ethereum
and
every
single
time
you
use
the
wallet.
Nobody
should
actually
know
who's
to
actually
use
a
wallet
right.
So
there's
one
single
shielded:
contract
wallet,
that's
shared
by
all
the
users
in
the
ecosystem.
P
Okay,
so
so
you
know
that's
on
a
very
high
level,
but
how
does
this
actually
work
right?
So
for
sure
the
pools
like,
like
we
said
before
it,
supports
deposits
and
withdrawals
and
for
contract,
wallets
you'll
support,
arbitrary
calls
and
we'll
put
them
together.
You
will
support
again
deposits
and
withdrawals,
but
but
also
crucially,
something
that
you
you
can
use
to
to
call
any.
P
You
know
the
app
all
right,
so
so
here's
the
picture,
here's
how
it's
gonna
work,
it's
going
to
be
a
smart
contract
in
ethereum,
where
you
allows
any
any
user
to
you
know,
enter
this
ecosystem
and
once
they
enter
they're
able
to
use
it
as
if
it's
you
know,
a
metamask
wallet
and
when
different
users
submit
application
transactions,
they
will
you
know
they'll
be
reflected
on
chain.
P
So
if
you
want
to
call
unit
swap
you
want
to
call
openc,
you
should
just
work
and,
furthermore,
on
etherscan
you
have
no
idea
of
who's
actually
behind
the
scene
during
this
operation.
Right.
P
So,
and
as
a
bonus,
actually
we
can
make
this
smart
contract
contract
wallet
compatible
with
account
abstraction
or
eip4337
Okay.
So,
as
it
turns
out
like
there's
two
problems,
you
know,
if
you
want
to
build
this,
if
we
want
to
build
this,
you
know
just
combine
and
show
the
pool
with
the
smart
contract
wallet.
P
The
first
problem
is
that
when
user
submits
a
transaction
that
you
know
contains
arbitrary
calls,
you
can
actually
just
steal
the
funds
of
the
entire
contract
right.
So
here,
if
the
user
only
owns
supposed
to
own
one
ethereum
in
the
pool,
but
it
constructs
a
call,
you
know
that
consumes
20
ethereum,
you
know
this
is
we
should
let
this
happen
right,
because
you
know
people
would
be
able
to
still
the
entirety
of
the
funds
of
the
entire
protocol.
So
what's
the
solution?
P
Well,
the
solution
for
this
problem
is,
as
we
actually
just
separate
out
of
two
contracts
into
a
contract
that
actually
holds
the
the
auto
funds,
what
we
call
a
vault
contract
and
the
wallet
contract,
which
I
will
actually
carry
out
the
calls.
P
So
in
this
way,
users
will
unwrap
the
tokens
that
they
have
and
only
the
tokens
that
they
have
is
inside
the
wallet
when
they're
actually
going
to
call
this
is
actually
kind
of
equivalent
to
the
other
way
of
doing
it,
which
is
you
also
have
a
router
and
have
the
wallet
holding
all
the
funds
and
putting
the
things
into
the
router.
P
What
is
called
you
know,
that's
included
in
the
nodes
before
you
insert
it
into
the
protocol
right,
so
so
everything
has
to
be
known
in
advance,
whereas
in
D5
protocols
you
have
no
idea
how
much
tokens
you're
getting
back
right.
So
there's
this
uncertainty
of
the
smart
contract
decides
how
much
you
get
back,
but
traditionally
for
children
pools.
You
know
everything
has
been
doing
in
advance.
P
This
is
like
you
know,
one
feature
that
we,
you
know
didn't
really
know
how
to
do
before
and
there's
a
solution
for
this,
which
is
that
we
have
this
notion
of
refunding
to
Anonymous
address,
so
we
have
to
be
able
to
randomize
addresses
and
respond
to
them.
P
Okay,
so
I
realized
I.
Actually,
you
know
basically
spread
through
my
entire
deck
and
this
well
and
the
end
of
the
talk.
So,
let's
recap:
what
have
we
learned
in
this
talk?
So
first
of
all,
privacy
is
really
important.
We
do
not
have
privacy
on
ethereum.
We
need
some
type
of
privacy
solution
for
ethereum,
that's
really
usable
before
ethereum
can
go
mainstream
and
a
shielded
contract
wallet.
Combining
a
shielded
pool
and
a
contract
wallet
is
our
bad
shots
at
this
backwards,
compatible
feature
complete
privacy,
layer
and
finally,
we're
building
this
out.
P
We,
you
know,
hope
to
put
something
on
the
public
and-
and
the
hope
is
that
you
know
long
term
for
this
ecosystem.
Most
people
will
actually
be
inside.
You
know
a
privacy
layer
instead
of
the
standard,
uoa
layer
and,
if
you're
interested
in
contributing
to
this
effort.
Please
come
talk
to
me
and
I
realized
I
didn't
do
a
self-introduction
at
the
beginning.
My
name
is
way:
Dai
a
research
partner
at
Ben
caprico
and
come
ask
me
if
you
found
more
questions
about
this
project,
but
I'll
take
any
questions
from
here.
C
I
congrats
for
the
work
I
think
privacy
is
very
important.
I've
worked
for
a
few
years
on
having
trying
to
make
users
have
like
smart
contract
wallets
by
default,
and
the
big
problem
is
the
gas
cost
of
of
just
having
to
onboard
someone
and
already
having
to
spend
like
ten
dollars,
five
dollars,
sometimes
a
hundred
dollars.
How
do
you
think
that
that
can
be
solved.
P
Yeah
very
good
question
I.
Think
two
things
one
is
the
you
know
actual
cost
of
gas
over
time
as
we
build
these
scalability
layers
should
go
down
right
as
we
build
more
Roll-Ups
and
the
second
is
we
could
use
batching
to
amortize
the
gas
cost.
So
usually
you
know
actually
in
437,
there's
notion
of
bundlers
and
aggregators,
where
you
know
you
compress
authentication
information.
P
You
know
from
multiple
transaction
from
multiple
transactions
into
into
a
single
authorization
for
for
all
the
transactions,
and
you
know,
there's
different
tricks
to
kind
of
further
optimize
the
gas
cost
so
over
time.
Through
these,
you
know
two
Avenues.
The
hope
is
that
the
the
additional
cost
incurred
to
to
get
a
contract
wallet
with
privacy-
it's
not
prohibitive
for
for
users,
for
you
know,
for
vast
majority
of
users.
Q
Great
talk,
I'm
interested
how
you
figure
out
ofac
and
tornado
cash,
because
if
this
is
like
an
opt-in
coming
from
over
here,
oh
yeah
hi.
No,
how
you
think
about,
because
if
you
look
at
tornado
cache
and
the
ofax
sanctions,
how
do
you
think
about
sort
of
avoiding
that
kind
of
thing
with?
Because
my
understanding
is
that
this
would
be
like
an
opt-in,
smart
counter
wallet.
So
how
can
you
avoid
that
and
kind
of
adverse
selection?
And
these
types
of
things.
P
Yeah,
so
so,
referring
back
to
my
slides,
where
I
show
the
special
Solutions
you,
you
know
I
think
as
a
builder,
we
should
be
flexible
in
kind
of
so
good.
What
is
privacy
right?
Privacy
is
appropriate
for
all
of
information.
P
I,
don't
think.
Privacy
is
as
absolute
notion
where
everything
should
be
private
to
you.
You
know,
there's
there's
some
societal,
like
consensus
on
what
is
appropriate
for
a
lot
of
information
right
and
everybody
can
have
their
own
interpretation
of
that.
You
know.
Government
agencies
have
their
own
interpretation.
Individuals
in
ethereum
community
can
have
you
know,
you
know
our
interpretation
and
they
might
be
incompatible
but
I
think
as
Builders.
P
We
should
be
open
to
different
versions
of
you
know
what
is
appropriate
for
all
of
information,
because
technology
is
really
flexible
and
you
know
over
time
there
should.
There
will
be
communities
that
might
be
incompatible,
but,
like
you
know,
we
should
work
towards
the
solution.
That's
more
toward
the
center
I
would
say
where
we
include
as
many
users
in
our
ecosystem
as
possible,
yet
give
some
sort
of
control,
perhaps
maybe
to
some
set
of
people
to
be
able
to
prevent
illicit
activities.
P
P
P
So
there's
well,
there's
many
many
different
contract
wires
out
there
with
different
Focus.
It's
this
is
a
contract
with
privacy.
You
know
I
think
it
doesn't
make
sense
to
well
I
mean
we
could
take
existing.
You
know
we'll
take
the
existing
437.
P
You
know
standards
reference
code
base
and
just
you
know
fit
this
into
there.
The
main
difficulty
is
actually
not
being
a
contract
wallet.
It's
really
like
how
to
add
privacy
I
think,
because
when
you
also
change
the
front-end
apis,
so
I
mean
every
single
smart
contract.
All
in
have
to
do
this,
but
like
I,
think
for
for
privacy
is
more
important
because
the
a
lot
of
schematics
need
to
change
right.
So,
if
you
think
about
how
currently
you
pull
balances
ready
accounts,
you
first
connect
your
wallet.
You
pull
like
you
know.
P
P
You
know
so
so
a
lot
of
things
to
change
when
something
needs
to
be.
You
know
it's
you
want
to
imagine
a
privacy
preserving
system,
so
I
would
love
to
collaborate
with
you
know,
contract
wallet
projects
and
that's
how
also
another
reason
why
we're
trying
to
stay
compatible
with
437,
because
we
can
reuse
or
you
know,
have
the
same
bundler
infrastructure
and
this
you
know
kind
of
abstraction
man
pool.
So
we
will
be
part
of
the
ecosystem
and
contribute
to
the
efforts
as
well.
S
Great
Doug,
thanks
what.
I
J
P
Yeah,
so
so
you
know,
as
it
turns
out
the
easiest
way
to
prototype.
Something
like
this
is
circle
still
like.
There's
nothing
better
out
there
that
you
can.
You
know
rather
zero
dollar
shortcut
and
have
like
solidly
verifier
and
like
up
you
know.
Approver,
that's
rather
than
like
a
browser
circle
is
the
only
ecosystem,
so
this
is
like
another
ranks.
I
would
use.
You
know
the
like
most
efficient
proof
system
out
there,
like
it,
probably
more
like
plunk,
but
that
tooling
is
not
there
and
also
like
over
time.
P
It
sounds
like
you're
familiar
with
the
subsystems,
but
like
over
time,
there'll
be
like
kind
of
two
separate
proof
systems
right.
So
one
is
on
the
user
side,
where
you
essentially
want
zero,
zero
knowledge
property
only
for
privacy.
So
you
know
what
is
this
thing
there
is
it's
a
the
overall
design
is
very
similar
to
like
any
other
shooter
pool.
P
You
have
a
Merkle
tree
of
notes,
right,
you're,
referring
to
a
note
and
spinning
it
without
revealing
which
no
you're
you're
referring
to
right,
and
that
for
that
you
needs
your
knowledge
to
preserve
your
privacy,
and
you
actually
don't
really
need
to
explain
this
and
we're
not
going
to
have
this
like
aggregation
layer
that
roll
up
these
user
spending
proofs,
and
for
that
you
really
want
to
synchronous
right.
You
want
to
be
able
to
verify
on
the
contract
side
really
efficiently
right,
and
so
you
know
I
think
this.
P
This
is
something
that
has
been
discussed
a
lot
in
Defcon
in
the
past
couple
days,
which
is
you
have
the
notion
of
inner
proof
and
Order
proof
right.
So
for
us,
this
inner
proof
will
basically
be
the
user
proof
that
have
zero
knowledge
right.
We
can
use
I
think
over
time.
You
know
which
we'll
probably
evaluate
things.
That's
really
fast
in
the
browser
adds
to
your
knowledge
and
maybe
some
type
of
compression.
P
T
So
one
approach
to
solving
this
problem
would
be
to
make
backwards
compatible
contracts
on
ethereum.
Other
approaches
might
be
to
wait
until
there's
an
L2
that
has
more
Primitives
built
in
that
support.
This
and
I'm
just
curious
to
learn
more
about
your
thinking
of.
If
it
ever
makes
sense
that
privacy
will
be
in
one
place
and
non-private
things
can
exist
in
another.
P
I
think
yeah
so
yeah.
The
question
is,
you
know:
do
we
build
privacy
Solutions
on
top
of
existing
things?
Where
do
we
build
a
new
ecosystem
to
build
privacy,
presenting
Solutions
and
I?
Think
the
key
question
is
what
are
the
Privacy
supporters
and
what
is
the
features
of
those
applications
and
so
I?
So
it
turns
out
that
the
short
answer
is:
there's
no
privacy,
preserving
ecosystem
right
now
out
there
that
actually
support
more
features:
the
anonymity
okay.
P
So
if
you
look
at
like
a
Leo
or
like
Mina,
it's
really
just
a
solution
to
build
roll
ups.
Like
you
know,
with
with
zero
knowledge,
you
cannot
get
privacy
for
share
States,
so
I
actually
discussed
this
in
another
talk
of
mine.
P
So
if
you
think
about
the
features
we
can
support,
I
think
unless
you
have
vastly
more
capabilities
to
support
privacy,
presumable
Solutions,
which
I
think
is
actually
in
the
privacy
of
shared
States,
it
doesn't
make
sense
to
have
a
complete
brand
new
ecosystem,
because
the
Privacy
that
we
that's
achievable
is
the
same,
so
there's
no
benefit
to
building
a
new
ecosystem
that
do
the
same
thing
right.
P
U
P
Yeah,
so
there's
actually
kind
of
two
two
different
things
right.
So
four,
four,
three,
three
seven!
You
have
the
notion
of
bundlers
and
we
could
basically
use
that,
so
we
could
actually
so
bundlers
so
I
think
it's
yet
to
determine
exactly
what's
in
the
standards,
but
isn't
that
for
every
single
contract
wallet
bundler
needs
to
run
custom
code
to
be
able
to
compress
different
user
operations
to
one.
So
we
could.
P
You
know
when
it's
more
finalized
to
be
able,
you
know
to
to
to
have
essentially
to
plug
into
that
ecosystem
right,
so
it
could
be
like
different
437
bundles.
That's
supporting
different
smart
contract
wallets
and
will
be
one
of
them
and
in
that,
in
that
way
we
can
decentralize
bundling,
and
the
second
is
yeah.
So
exactly
so,
there
might
be
this
management
of
Merkel
trees.
That's
separate
to
many.
You
know,
compressing
multiple
user
operation
proofs
into
one
and
we
can
make
that
permissionless.
Yeah
I
think
it's
a
current
thinking
right.
P
So
so
it's
okay.
What
is
the
overall
story?
Is
that
so
because
we
support
backwards
and
particle
I
will
support
the
exact
same
set
of
operations.
We
that
users
need
to
pay
more
gas
right.
It's
like
that's
the
you're,
paying
the
same
amount
of
gas
by
default
and
the
additional
things
that's
you
know
the
overhead
to
like
maintain
everything,
and
the
idea
is
to
like
make
it
as
small
as
possible,
and
the
only
way
to
do
that
is
to
Outsource
this
aggregated
work
into
some
sequence
or
bundler.
P
So
so
it's
basically
necessary
if
you
want
to
make
this
usually
usable
and
so
yeah.
So
you
know
to
decentralize
I
think
you
know
make
it
permissionless
and
some
really
design
incentives
around
this
right.
That's
because
these
are
bundlers
sequencer,
providing
a
service
behavior
and
make
it
provincialized
and
design
kind
of
this
ecosystem.
That's
so
self-sustainable
right,
because,
because
I
think
that
users
will
pay
for
privacy
if
it's
cheap
enough
and
you
can
get
this
network
effect
right.
B
B
W
Cool,
hey
everyone,
I'm,
kabsheep
and
I
work
with
the
research
focused
organization
called
Xerox
Park.
Today,
I
will
be
talking
about
this
idea
of
zkps
and
programmable
cryptography,
which
is
a
phrase
that
we
use
to
describe
a
lot
of
what
we
focused
on
at
Xerox,
Park
I'll
describe
what
programmable
cryptography
means
and
why
we
think
it's
important
for
anyone
who
is
interested
in
the
future
of
Next
Generation,
blockchain
and
decentralized
applications.
W
So
first
off
I'll
give
a
little
bit
of
context
into
what
Xerox
Park
is
for
folks
who
have
not
heard
about
this
organization.
Xerox
Park
is
a
relatively
new
research,
focused
org,
which
supports
what
we
call
application,
Level,
r
d
on
ethereum
and
other
decentralized
platforms.
W
So
this
means
trying
to
better
understand
what
is
possible
to
do
on
these
kinds
of
you
know:
smart
contract
platforms
or
with
new
decentralized
application
technologies
that
isn't
necessarily
currently
possible
today,
but
might
be
on
the
horizon
projects
that
we
support
include
things
like
Dark
Forest,
as
well
as
Persona
Labs,
building
things
like
hey,
Anon
or
if
folks
were
around
the
applied
ZK
showcase.
Yesterday,
you
might
have
seen
proof
of
email
or
various
ZK
machine
learning
experiments.
W
We
also
build
circuit
Primitives
for
ZK
snarks,
and
focus
a
lot
on
infrastructure
and
maintenance
and
third-party
development
of
tool
Stacks
like
snark.js,
sir
com,
Halo,
2
and
more,
and
we
also
do
a
lot
of
community
building
efforts
and
we
work
on
Cross
team
and
ecosystem-wide
projects
as
well
cool.
So
one
of
our
largest
areas
of
focus
at
Xerox
Park
is
applied.
Zk
cryptography,
which
means
that
a
big
Focus
for
us
is
understanding
what
is
possible
to
do
with
DK
crypto.
W
What
you
know
theoretically
should
be
possible
to
do
with
DK,
crypto
and
decentralized
apps,
and
what
we
need
to
do
to
to
get
there
to
eventually
bring
those
kinds
of
tools
to
production
and
apply.
Zk
is
one
of
a
category
of
relatively
newer
cryptographic,
Primitives
that
we
categorized
under
this
term
programmable
cryptography
and
in
order
to
describe-
or
you
know,
give
a
feeling
for
why
programmable
cryptography
is
important.
First
I
want
to
go
into
a
little
bit
about
the
a
couple
of
the
reasons
that
we
think
that
applied.
W
Zk
is
especially
as
important.
So
there's
two
concrete
reasons
that
I
think
are
especially
compelling
in
terms
of
why
ZK
is
going
to
be
powerful
for
unlocking
the
next
generation
of
decentralized
applications
and
I'll
just
go
through
those
real
quick.
So
the
first
thing
is
that
zero
knowledge
cryptography
gives
us
what
I
think
of
as
an
expressive
language
for
claims.
W
So
what
does
that
mean?
We'll
go
through
an
example
to
to
get
a
sense
for
what
an
expressive
language
for
claims
looks
like?
Let's
take
the
example
of
ZK
snarks
and
group
membership
proofs
in
the
context
of
claims
about
digital
identity,
so
the
simplest
kind
of
identity
claim
that
we
have
from
cryptography
and
something
that
we've
known
how
to
do
for
many
decades
is
prove
a
statement
like
I
know
a
private
key
corresponding
to
someone
say
like
Alice's
public
key,
which
implicitly
identifies
me
as
Alice.
W
So
this
is
something
that
I
can
do
with
a
digital
signature,
something
like
you
know:
RSA
or
ecdsa.
The
invention
of
public
key
cryptography
made
proof
like
this
possible
or
made
provable
statements
like
this
possible,
and
this
is
infrastructure
that
underlies
so
many
of
the
digital
systems
that
we
know
and
rely
on
today,
including
you
know,
secure
traffic
on
the
internet
as
well
as
blockchain
systems
like
ethereum
or
Bitcoin.
W
So
going
up
one
level
in
complexity
from
the
previous
slide,
we
have
claims
like
I,
know
a
private
key
corresponding
to
one
of
the
public
keys
in
a
group.
So,
for
example,
I
know
a
private
key
corresponding
to
one
of
Alice
Bob
or
Charlie's
public
Keys.
This
kind
of
claim
is
commonly
referred
to
in
the
literature.
W
As
a
group
signature
or
a
ring
signature,
we
do
have
cryptographic
protocols
that
are
purpose
built
to
enable
people
to
generate
you
know,
group
signatures
or
ring
signatures,
but
they
are
again
special
purpose
built
for
this
kind
of
claim
and
the
math
or
like
the
cryptographic,
protocols
that
make
these
sorts
of
claims
possible
are
oftentimes
incompatible
with
the
math
used
for
ordinary
signature
schemes.
So
you
know
we
figured
out
how
to
do
these
group
signature
schemes
a
few
years
after
we
figured
out
how
to
do
digital
signatures
in
general.
W
However,
it
is
the
case
that,
in
order
to
make
claims
like
these
or
in
order
to
build
up
a
system
or
a
network
in
which
people
can
make
these
claims,
you
have
to
build,
you
have
to
bootstrap
like
an
entirely
new.
W
You
know
key
registry,
you
have
to
build
a
different
key
generation
algorithm
and
you
have
to
popularize
that.
So
you
know
the
math
involved
in
making
a
claim
like
this
can
be,
can
be
incompatible
and
require
you
to
sort
of
move
to
an
entirely
different
system
than
if
you
want
to.
You
know,
use
systems
that
allow
you
to
make
claims
like
this.
W
So
one
thing
that
I
want
to
note
is
that
today,
however,
we
have
another
much
easier
way
of
enabling
these
kinds
of
claims
and
a
manner
which
a
way
which
is
you
know,
actually
compatible
with
systems
for
proving
the
first
kind
of
claim,
so
with
CK
snarks.
W
If
I
have
a
primitive
that
allows
me
to
prove
in
a
ZK
circuit
that
I
possess
a
public
key
corresponding
to
some
private
secret,
then
what
I
can
do
is
I
can
construct
a
ZK
circuit
that
says
I
know
some
public
key,
corresponding
to
some
secret
private
key
I'm,
going
to
keep
that
public
key
Secret
and
that
public
key
minus
hash
one
times
public
key
minus
hash,
two
times
that
public
key
minus
hash
three
equals
zero.
W
W
So
this
way,
I
now
have
this
system
which
uses
the
exact
same
key
generation,
algorithm
or
key
generation
strategy,
as
a
system
that
allows
me
to
you
know,
simply
prove
that
I
know
the
private
key
corresponding
to
Alice's
public
key
and
we've
turned
essentially
this
problem
of
Building
Group
signatures
from
a
math
problem
where
we
have
to
go
to
a
cryptographer.
They
have
to
write
us
a
paper
or
do
all
this
stuff
bootstrap
a
new
key
registry
into
essentially
a
programming
task
that
you
know
any
developer.
W
Familiar
would
say:
Circle
can
carry
out
okay,
so
slightly
more
complicated
than
this.
We
can
go
a
level
even
further
up
and
consider
augmentations
to
this
protocol
such
as
I
know
a
private
key
corresponding
to
one
of
Alice
bobbert
Charlie's
public
keys
and
the
other
two
either
can
or
cannot
prove
that
they
did
not
generate
this
message.
So
sometimes
this
is
this.
Property
is
called
by
various
different
names,
some
call
it
like
disavowel.
So
as
an
example
like
suppose,
I'm
Bob
and
I
generate
a
signature
that
is
either
coming
from.
W
You
know
you
can
see
is
coming
from
one
of
Alice,
Bob
or
Charlie,
Alice
or
Charlie
might
be
able
to
generate
a
proof
that
they
did
not
create
that
signature.
So
yeah,
there's
cryptographic
systems
that
allow
you
to
toggle
this
property
on
or
off.
W
But
again
these
use
new
math
are
incompatible
with
previous
systems
and
are
generally
fairly
difficult
to
engineer
again,
however,
with
DK
snarks,
this
is
a
pretty
trivial,
like
two
line
circuit
code
change,
so
again
we're
sort
of
seeing
this
idea
of
this
language
that
allows
us
to
build
these
expressive.
Claims
that
are
compatible
with
you
know
previous
claims
that
other
cryptographic
systems
will
allow
us
to
generate.
W
And
finally,
we
can
get
to
claims
you
know
of
this
level
of
complexity,
something
like
I
know,
a
private
key
corresponding
to
one
of
Alice,
Bob
or
Charlie's.
Public
Keys
and
I
either
possess
the
signed
attestation
from
one
of
David,
Eve
or
Fred.
One
of
these
trusted.
You
know
attestation
service
providers
or
during
a
block
with
header
X
I
knew
the
private
key,
corresponding
to
an
account
with
at
least
32
eth,
and
you
know
dot
dot.
You
can
kind
of
compose
a
bunch
of
arbitrary.
W
You
know,
predicates
on
this
identity
claim
and
I
think
it's
pretty
fair
to
say
that
there's
like
no
cryptographer
in
the
world
who
you
could
go
to
and
ask
them
to
build
a
special
purpose,
new
cryptographic
tool
that
would
allow
you
to
prove
this
specific
kind
of
claim.
Nor
would
it
even
make
sense
to
but
again
with
DK
snarks.
This
actually
becomes
fairly
trivial.
You
have
your
building
blocks
in
ZK
circuits.
W
For
each
of
these
things
you
know
key
pre-image
signature
recovery,
proof
of
inclusion
in
the
ethereum
Merkel
Patricia,
try
and
then
you
can
just
put
all
these
together,
essentially
calling
all
these
like
different
functions
in
your
ZK
circuit
code
to
start
building
out
these
claims.
W
So
another
framing
of
this
idea
of
the
expressive
language
for
claims
is
that
ZK
Starks
turn
math
problems
into
programming
tasks
rather
than
having
to
go
to
a
cryptographer
to
write
you
a
new
paper
every
single
time.
You
want
a
new
kind
of
digital
identity
claim
to
exist
in
the
world
and
be
provable.
You
can
just
have
a
ZK
circuit
developer,
compose
the
right
Primitives
inside
ZK
circuit
code,
okay,
so
cool
thing
number
two,
which
is
closely
related
to
cool
thing
number
one
is
that
ZK
adds
interoperability
to
cryptographic
systems.
W
So
what
does
this
mean
well
to
explain
this
first
I
just
wanted
to
do
a
quick
breakdown
between
two
terms:
snark
friendly
versus
snark,
compatible
cryptographic,
Primitives
Stark,
friendly
cryptographic.
Primitives
are
you
know,
Primitives
like
hashing
algorithms
or
digital
signature
schemes
or
encryption
algorithms
that
are
specifically
purpose
built
for
to
be
efficiently
provable
inside
of
ZK
snark
proving
systems
so,
for
example,
the
Mims
here
Poseidon
hash
functions
or
eddsa
signatures.
W
W
However,
most
of
the
cryptographic
systems
that
exist
in
the
world
use
cryptography
that
was
invented
before
we
knew
about
CK
snarks.
So,
for
example,
a
lot
of
hash
functions
use
a
lot
of
bitwise
operations
which
are
very
costly
to
do
inside
of
ZK
snarks,
and
so
these
these
systems
are
not
snark
friendly,
but
they
are
what
we
have
to
work
with.
So,
for
example,
all
the
signatures
on
you
know,
emails
signed
by
mail.
Servers
that
are
being
sent
out
are
not
going
to
be
snark
friendly
signatures.
W
However,
we
can
start
to
at
least
connect
all
of
these
different
snark
compatible
systems
together
by
embedding
these
different
signature.
Algorithms
hash
functions,
encryption
teams
Etc
inside
of
snarks,
even
if
it
is
costly,
so
as
an
example
of
a
few
crypto
systems
that
exist
out
in
the
wild
we've
got
key
distribution
and
identity.
Registries
such
as,
like
you
know,
you
can
build
a
an
identity
registry
of
like
gpg.
Keys
GitHub
allows
you
to
generate
locally
a
key
pair
and
upload
it
and
make
it
publicly
accessible
to
anyone
so
that
anyone
can
verify.
W
You
know
your
commit
history
or
things
like
that.
Repos
you've
contributed
to
so.
For
example,
if
you
go
to
github.com
you'll,
see
like
my
RSA
Keys
ethereum
and
Bitcoin
rely
on
the
ecdsa
signature
scheme,
so
addresses
are
going
to
be.
You
know
a
hash
of
an
ecbsa
public
key
in
ethereum
and
I.
Think
mail
servers
use
the
dkim
protocol
to
sign
and
authenticate
messages
which,
under
the
hood,
relies
on
RSA.
W
So
one
of
the
things
that's
going
on
with
all
these
different
signature
schemes
is
that
they
kind
of
can't
really
talk
to
each
other.
You
know
if
you're
running
on
the
RSA
protocol,
you
can't
really
understand
an
ecdsa
signature,
however,
by
making
all
of
these
Primitives
snark
compatible
by
implementing
RSA
signature,
verification,
ecdsa,
signature,
verification,
etc,
etc.
Inside
of
snarks,
what
we
can
start
to
do
is
we
can
start
to
build
adapters
between
all
these
different
systems.
W
So
again,
if
I
have
an
RSA,
primitive
and
an
ecdsa
primitive
inside
of
a
snark,
then
I
can
start
to
make
claims
like
either
I
have
a
GitHub
account.
That's
contributed
to
the
you
know:
ethereum
GitHub,
org
or
I
possess
at
least
100
East
and
again
by
making
existing
cryptography
snark
compatible
and
combining
that,
with
this
expressive
language
for
claims,
we
can
start
to
make
statements
about
all
sorts
of
digital
or
online
activity.
W
So
both
of
these
features
are
examples
of
the
power
of
programmable
cryptography,
which
probably
is
you've
grok
from
now.
You
know
both
of
these
features
are
giving
us
these
tools
to
much
more
flexibly,
manipulate
digital
objects.
W
W
W
One
week,
I
would
say
that
smart
contracts,
Also
spiritually
kind
of
fall
in
the
same
category
as
a
lot
of
these
other
programmable
cryptography
Primitives.
So
you
know
imagine
very
early
on
in
the
history
of
this
idea
of
blockchains.
We
would
have
these
consensus
engines
where
people
could
come
to
consensus
on
only
very
simple
or
specific
data.
Transformations
data
Transformations,
like
you
know,
Bob,
can
decrement
his
balance
by
100
ether
to
increment
Alice's
balance
by
100
ether.
Nowadays,
with
smart
contracts
and
programmable
blockchains,
we
can
sort
of
execute
arbitrary
predicates.
W
W
So
in
each
of
these
examples,
there's
this
common
thing
theme
of
moving
from
the
specific
to
the
general
with
ZK
snarks
I
can
move
from
proofs
of
specific
claims
to
a
general
purpose.
Language
of
claims.
Smart
contracts,
allow
us
to
move
from
coming
to
consensus
on
canonical
data
that
can
be
modified
in
only
very
specific
or
narrow
ways
to
a
general
purpose:
language
for
modifying
or
executing
code
on
this
canonical
data.
W
Witness
encryption
moves
us
from
a
world
where
we
can
permission
data
to
only
be
read
by
a
specific
person
or
specific
set
of
people
to
having
a
language
for
specifying
arbitrary
predicates
for
read
permissions.
So
I
kind
of
imagine
this
as,
like.
You
know,
decentralized,
oauth
tokens
where
anyone
can
plug
into
this.
W
Like
Global
authentication
system
and
specify
who
can
read
what
and
when
and
there's
all
these
New
Primitives
that
are
continually
getting
better
and
better
and
more
and
more
feasible
things
like
fully
homomorphic
encryption,
multi-party
computation
even
really
far
out
things
like
indistinguishability,
obfuscation
and
more,
oh,
and
you
know,
I,
there's
a
couple
of
folks
who
have
sort
of
independently
come
up
with
this
categorization
or
framework
I
believe
this
Thursday
team
calls
these
computational
crypto
systems,
so
you
know
very
similar
in
general
Spirit
to
what
we're
calling
programmable
cryptography.
W
Okay.
So
the
second
part
of
this
basically
thesis
is
that
programmable
cryptography
itself
seems
like
a
very
powerful
tool.
Blockchains
are
also
a
very
powerful
a
powerful
tool,
but
it's
not
sort
of
a
priori
obvious
like
why
these
two
things
are
related
to
each
other,
except
that
they
both
sort
of
derive
from
similar
mathematical
principles.
W
But
I
claim
that
there's
actually
a
very
deep
and
complementary
marriage
between
these
two
powerful
things
and
to
explain
why
I
think
that
is
first
I
want
to
give
my
kind
of
mental
image
of
what
ethereum,
as
a
data
availability
layer
looks
like
say,
like
five
or
ten
years
out
from
now.
So
in
my
head,
the
way
that
I
kind
of
conceptualize,
the
idea
of
you
know,
ethereum
the
global
data
availability
layer
is
I.
W
Think
of
ethereum
almost
as
this,
like
you
know,
giant
super
thick,
coaxial,
cable
that
basically
streams
Humanities
like
Global
stream
of
Consciousness,
so
Humanities
you
know
promises,
bets,
Secrets,
debts,
dreams,
etc,
etc,
and
this
coaxial
cable
is,
you
know,
made
available
to
any
person
or
Computing
device
in
the
world.
So
you
know
any
phone,
any
computer
that
like
lives
on
some.
You
know
like
institutional
server.
W
Anything
like
that
can
hook
into
the
one
gigabyte
per
second
canonical
data
stream,
look
up
data
and
know
that
they're,
seeing
exactly
the
same
thing
as
someone
across
the
world
is
seeing
now
right
now,
this
data
stream
is
completely
transparent
and
that
has
been
a
design
decision
that
has
been
necessary
in
order
to
gain
acceptance
of
this
particular
data
stream.
That
we're
wanting
to
claim
is
the
canonical
data
stream
or
the
legitimate
data
stream.
W
So,
in
order
to
build
acceptance,
we
have
this
principle
of
don't
trust
verify
and
in
order
to
verify
you
need
to
be
able
to
see
all
of
the
data,
but
I
claim
that
this
is
actually
extremely
limiting.
There
is
a
wide
class
of
applications
that
you
might
care
about
to
build
where
you
don't
want
every
piece
of
data
to
be
completely
public
and
I.
W
Think
that
when
a
lot
of
people
talk
about
this
idea
of
privacy
or
information
asymmetry,
you
know
people
have
various
different
beliefs
on,
like
various
ideological
nuances
around
privacy,
but
I
want
to
go
even
a
level
lower
to
explain
why
I
think
this
is
important.
W
Read,
write,
execute
permissions
on
this
canonical
data
stream,
that
is
the
blockchain
and
the
way
that
we
do
this
is
you
know
in
fact,
programmable
cryptography,
programmable
cryptography
gives
us
these
expressive
tools
and
languages
for
enforcing,
read
permissions
like
we
mentioned
with
things
like
witness,
encryption
or
write
or
execute
permissions
which
we're
seeing
with
things
like
you
know:
ZK,
snarks
and
smart
contracts,
and
more
so,
to
give
just
the
toy
example
of
why
this
kind
of
permissioning
or
access
control
is
really
important.
W
I
want
to
consider
the
example
of
games,
so,
for
example,
let's,
let's
consider
poker
in
poker
a
lot
of
the
depth
of
the
game,
relies
on
the
fact
that
I
know
my
cards,
but
I,
don't
know
your
cards
and
you
know
your
cards,
but
you
don't
know
my
cards
poker
as
a
game
would
simply
not
work.
If
we
knew
each
other's
cards,
it
would
be
completely
degenerate
right,
like
it
wouldn't
really
make
sense,
it
wouldn't
be
any
fun,
and
you
know
a
slightly
more
complex
example
of
this
might
be
strategy
game.
W
So,
a
couple
of
days
ago
we
had
a
talk
on
Dark
Forest,
which
is
a
fully
on
on
chain
strategy
game.
You
can
kind
of
imagine
it
as
something
like
Starcraft
on
the
blockchain,
and
one
really
key
mechanic
of
Dark
Forest
is
that
in
Dark,
Forest
players
respective
locations
are
all
hidden
which
gave
which
gives
the
game
a
lot
of
its.
W
You
know
relative
strategic
depth,
so
the
general
pattern
here
with
games
is
that
oftentimes,
what
we're
going
to
do
is
we're
going
to
have
players
commit
to
a
state
that
they
keep
private
and
whenever
they
want
to
make
a
state
transition
they're
going
to
provide
a
zero
knowledge
proof
that
they
are
making
a
valid
update
on
their
private
State
and
committing
you
know
a
valid
State
commitment
to
the
network,
so
this
proof
might
prove
something
like
I'm
moving.
W
My
you
know:
secret
night
from
secret
location,
a
to
secret
location,
B
I'm,
not
going
to
tell
you
what
a
or
b
are,
but
this
zero
knowledge
proof
proves
that
you
know,
there's
an
L
shape
between
them
or
zero
knowledge.
Proof
might
prove
something
like
drawing
some
card
I'm
drawing
it
validly,
according
to
the
rules
I'm
drawing
it
out
of
a
randomly
shuffled,
deck
I'm,
not
cheating
and
just
like
continually
drawing
a
bunch
of
aces.
W
So
you
know,
there's
a
bunch
of
game
examples
which
we
can
kind
of
Imagine,
where
the
game
just
simply
does
not
work
if
all
of
the
information
is
transparent
and
while
those
are
kind
of
toy
examples,
I
think
they
allow
us
to
start
to
hint
at
this
more
complex
future,
where
we're
using
blockchains
for
a
much
wider
range
of
use
cases.
So
you
know
I
think
one
completely
digital
completely
reasonable
digital
interaction.
W
I
give
the
merchant
one
token
that
permissions
them
to
access
some
specific
data
on
my
preferences
for
an
hour
and
another
token
that
allows
them
to
transfer
a
limited
amount
from
my
balance
after
that
transaction
completes
I
update
my
transaction
history,
that's
private,
to
me
and
committed
on
chain,
but
only
visible
to
myself.
W
So
you
know
each
of
the
components
of
this
interaction
today
are
not
possible
due
to
the
fact
that
there's
so
many
things,
there's
so
many
constraints
on
what
we
can
keep
private,
but
again
with
things
like
fully
homomorphic
encryption,
witness
encryption,
ZK,
snarks,
etc,
etc.
These
kinds
of
interactions
may
start
to
be
unlocked,
while
still
preserving
the
neutrality,
where
all
this
data
is
living
on
some
like
globally,
verifiable
blockchain
or
data
availability
system.
W
So
the
last
kind
of
like
analogy
that
I
want
to
make
here
to
kind
of
create
an
image
of
what
this
future
might
look
like
is
you
know,
I
want
to
kind
of
describe
the
concept
of
an
Ender
Chest
from
the
game.
Minecraft.
So
Minecraft
is
a
you
know,
sandbox
game
in
which
you
can
Harvest
resources
and
build
stuff,
and
in
Minecraft
is
this
concept
of
chests
so
with
a
wooden
chest.
If
I
build
a
wooden
chest,
I
can
like
place
it
down
here.
W
I
can
put
items
in
into
the
chest
if
I
leave
and
come
back,
the
items
are
still
going
to
be
there.
The
chest
is
a
very
important
like
primitive
in
Minecraft.
If
anyone
else
goes
to
the
chest
and
they
open
it,
they're
going
to
be
able
to
see
all
the
items
that
I've
placed
in
there
in
Minecraft
there's
also
a
very
powerful
tool
called
the
Ender
Chest,
which
is
sort
of
similar
to
a
chest.
W
So
if
I
put
an
ender
chest
down
here
and
put
down
like
you,
know,
five
stone
or
something
and
then
I
put
an
under
chest
down
over
there
and
like
I,
walk
over
there
and
open
it
I'm
going
to
see
that
same
five
Stone
and
if
someone
else
walks
into
the
walks
over
to
the
under
chest,
they're
not
going
to
see
that
same
inventory
that
I
have
they're
only
going
to
see
you
know
what
they've
put
into
the
under
chest.
W
W
Just
makes
it
easier
for
you
to
do
a
lot
of
things
and
I
think
as
more
of
our
social
and
economic
activities,
Move
online,
we're
going
to
need
Primitives
like
these,
these
digital
ender
chests
that
allow
us
to
carry
things
like
our
reputation,
our
financial
history,
our
social
context
across
different
platforms,
and
in
order
to
do
that,
we're
going
to
need
these
new
privacy,
preserving
mechanisms
that
fall
under
this
category
of
programmable
cryptography.
W
T
Foreign
thank
you
for
the
talk.
As
we
went
through
a
lot
of
the
slides,
there
were
examples
of
ZK
things
where
you
have
a
claim
and
it's
true
or
false,
and
you
prove
it
but
I
guess
the
bigger
picture
of
all
programmable
cryptography
could
have
other
sorts
of
statements
like
I
summed
all
these
numbers-
and
this
is
the
true
sum
and
so
I
guess
those
are
other
flavors
and
maybe
that's
homomorphic
encryption
I'm,
not
sure
how
friendly
are
those
with
each
other
right
now,
like
proving
things
and
doing
math
and
getting
continuous
results.
W
Yeah,
this
is
a
great
question.
So
right
now
you
know,
as
you've
probably
noticed
like,
we
are
specifically
very
focused
on
zero
knowledge.
Cryptography,
which
is
you
know,
one
of
one
piece
of
this
like
much
broader
category,
but
it
seems
like
disproportionately
represented.
So
why
is
that
the
case?
Well,
one
reason
is
that
zero
knowledge,
crypto
systems
are
simply
much
more
mature
today
than
a
lot
of
these
other
systems.
Where
there's
there
only
exists,
theoretical
constructions
or
academic
implementations.
W
W
X
W
So
I
think
Quantum
cryptography
is
a
slightly
like
orthogonal
direction
to
what
a
lot
of
these
tools
are
going
to
enable
specifically,
for
example,
like
one
way
that
we
think
about
the
interaction
of
quantum
cryptography
with
these
tools
is
considering
which
of
these
tools
Quantum
or
like
which
you
know,
for
example,
ZK,
algorithms
or
like
fhe
algorithms.
We
have
are
quantum
resistance,
in
other
words,
once
we
have
quantum
computers
which
of
these
algorithms
might
we
be
able
to
break
now?
W
That's
kind
of
a
different
thing,
however,
from
necessarily
you
know
the
affordances
of
these
tools.
So,
for
example,
like
you
know,
it's
when
I
think
about
programmable
cryptography,
I
usually
think
about
it
from
the
perspective
of
like
what
these
things
can
do
for
us,
rather
than
necessarily
like,
what's
the
underlying
algorithms
and
what
are
the
computational
models
in
which
they
might
you
know
broken
by
or
enabled
by
whether
that's
Quantum
or
elliptic
curves
or
you
know
large
Prime
fields
or
things
like
that,.
Y
Thank
you
for
talk,
you
can
ask
you
if
I
understand
it
correctly,
the
state
currently
in
Dark
Forest,
you
keep
it
locally
and
you
just
put
the
proofs
on
chain
that
may
not
be
ideal
for
the
future.
If
you
lose
the
state,
you
kind
of
lose
the
game
like
what
are
your
thoughts
on
how
to
keep
the
state
safe
in
in
other
ways,
either
using
a
homo
marketing
prescription
or
your
general
thoughts
around
it.
W
Yeah,
this
is
a
great
question
and
I
think,
like
you
know,
as
an
extension
of
the
debate
that
people
have
around
the
viability
of
you
know.
Everyone
custodying
their
own
keys,
for
example,
on
a
blockchain
I
think
that
there
are
a
couple
of
things
here
that
might
be
possible.
One
is
like
you
mentioned
fully
homomorphic
encryption
might
allow
us
to
store
private
State
on
that
is
encrypted
on.
W
You
know
cloud
services,
but
still
be
able
to
like
retrieve
that
data
and
perform
operations
on
it
just
like
we
would
if
it
was
local,
while
still
preserving
the
privacy
of
that
data.
That's
pretty
far
out,
though,
and
in
the
meantime
I
think.
The
most
immediate
thing
that
we
can
focus
on
doing
is
like
building
more
user-friendly
solutions
that
allow
you
to
keep
critical
or
sensitive
data
on
your
own
machine,
I
mean
everybody
already
does
keep
critical
and
sensitive
data.
W
So
it's
a
question
of
like
as
the
volume
of
that
data
or
has
the
sensitivity
of
that
data
grows.
Then
how
can
we
make
those
systems
even
more
and
more
ergonomic
and
more
and
more
secure.
Z
Hi
thanks
for
the
talk,
what
do
you
think
about
the
fundamental
bottleneck
of
like
zkp's
being
quite
slow,
and
you
have
this
trade-off
between
like
proof,
generation
and
verification?
Do
you
think
we
will
have
sort
of
more
like
external
offram
Solutions,
maybe
like
layer
2
is
very
full
ZK
or
like
do
you
see
the
most
promising
Solutions
being
in
like
fundamental
zkp
research
like
what
do
you
think
of
that
whole
I've
fallen
straight
off.
W
Yeah
so
personally,
I
think
that
there's
still
a
ton
of
low-hanging
fruit
in
terms
of
performance,
optimization
for
these
currently
very
expensive
crypto
systems,
for
example
with
ZK
by
some
metrics
over
the
last
three
years,
these
or
like
over
the
last
four
years,
the
size
of
circuit
or,
like
the
size
of
computation
that
you
can
ZK
prove
in
browser
efficiently.
W
Has
you
know
expanded
by
like
three
orders
of
magnitude
and
we're
still
seeing
like
rapid
improvements
via
new
protocols,
new,
better
engineered
libraries
for
proving
Stacks,
more
efficient
circuit,
implementations
and
things
like
you
know,
ZK
friendly
Hardware
are
just
getting
started,
so
I
think
that
like
well,
eventually,
there
may
be
some
industry
of
services
that
arises
around.
You
know
offloading
computation
or
things
like
that.
At
the
moment
there
are
still
a
lot
of
optimizations
that
have
not
yet
been
fully.
W
You
know
explored
that
I
think
can
enable
some
really
really
complex
proofs,
even
on
like
small
client
devices
like
mobile
phones,.
AB
B
B
B
B
B
B
B
B
A
A
A
A
A
A
A
A
A
A
A
A
A
A
A
A
A
A
A
A
A
A
A
A
A
A
A
A
A
A
A
A
A
A
A
A
A
A
A
A
A
A
A
A
AC
AC
AC
AC
AC
AC
AC
AD
AD
AD
AD
AD
AD
AD
AD
AD
AD
AD
A
A
A
A
A
A
A
A
A
A
A
A
A
S
S
S
S
S
S
S
Yesterday
so
good
afternoon,
everybody
I
hope
you
enjoyed
your
lunch
I'm
going
to
be
your
MC
for
for
this
afternoon
my
name
is
Joseph
and
it's
my
Pleasant
duty
to
introduce
Juan
David,
the
community
supporter
in
the
ethereum
space
and
he's
going
to
introduce
more
ethereum
community
events.
AE
Yeah
there's
going
to
be
some
sort
of
like
a
panel,
so
we
have
with
some
event
organizers.
We
just
like
have
a
group
where
a
lot
of
amazing
and
talented
organizers
have
been
doing
great
stuff.
So
we're
going
to
have
two
minutes
per
presenter
and
they're
going
to
tell
us
why
they
created
this
an
invitation
to
join
and
basically
that's
it.
So
first
I
don't
see
Carol
Carol.
Where
are
you
Carol
Carol
donde,
estas
Carol
is
not
coming,
but
we
are
going
to
start,
maybe
with
Eleanor
from
eat
them.
This
is
alphabetical
order.
AF
Thank
you,
hi
everyone.
My
name
is
Eleanor
blank
I'm,
a
crypto
educator
first
and
the
founder
of
cryptic
canal,
and
this
year
it
had
the
honor
of
organizing
each
day
and
defy
day
during
devconnect,
and
it
just
makes
absolute
sense
for
me
to
just
keep
the
flame
alive
and
burning
in
Amsterdam
and
to
create
a
conference
hackathon
dedicated
to
privacy.
AF
We
have
a
situation
right
now
in
the
Netherlands,
with
Alex
of
tornado
cash
being
in
jail
and
I
want
to
dedicate
this
event
in
the
spirit
of
The
Cypher
Point
movement
and
make
this
a
very
special
event
for
the
Amsterdam
community,
as
mentioned
by
Tim
Baker.
On
the
first
day,
we
need
to
know
integrate
these
developers
that
have
a
difficulty
attending
conferences.
So
I
would
like
to
extend
the
invitation
to
all
core
devs
who
have
worked
on
the
merge
to
join
me
in
Amsterdam
May
2023
for
eat
them.
Thank
you.
AE
AE
AG
AG
AG
AG
AG
AG
AE
In
March
I
think
we
want
to
go
to
Rio
one
of
the
most
beautiful
city.
So
thank
you
so
much
Carol.
AG
AH
Disguise
we
are
super
excited
to
be
here
to
have
con,
spend
an
amazing
week,
and
it's
just
such
a
pleasure
for
us
to
see
more
community
of
communities,
because
Ethan
Bear's
been
around
since
2018
we're
one
of
the
longest
running
events
in
the
space,
and
we
are
super
excited
to
come
back
for
another
year
for
those
of
you
who
joined
us
last
year.
We
had
a
lot.
We
had
a
couple
of
hiccups.
AH
It
was
a
little
bit
trickier
than
normal,
We
Grew
From
about
2500
to
about
12
000
this
year,
which
was
pretty
crazy
for
us.
Thank
you
all
for
those
of
you
who
had
to
wait
in
line
who
dealt
with
some
of
the
restroom
situations,
but
this
year
we're
super
excited.
We've
got
a
new
venue,
we're
all
going
to
fit
under
one
big
canvas,
we're
gonna
be
on
site
together
and
I'm
dumber
than
the
clicker.
AH
Thank
you
so
again,
like
big
activations,
we're
going
to
have
like
200
cots
on
site
this
year,
so
we're
gonna
have
more
emphasis
on
scholarships.
Obviously
the
event
is
going
to
be
free,
as
it
always
is
so
people
can
just
come
attend.
The
focus
is
on
really
contributing
to
web3.
We
want
to
make
sure
that
we're
adding
that
we're
building.
So
we
onboard
newbies
it's
free
for
everyone
to
attend.
We
feed
everybody,
three
meals
a
day.
We've
got
bodegas
like
they
have
here
and
big
activations
again.
AB
Z
AI
Okay,
I
think
you're
gonna.
Do
the
green
one?
Hey
everyone
nice
to
see
you
all!
Thank
you.
You
came
to
present
eat
Gathering,
Barcelona
2022.
There
we
go
okay,
so
it's
actually
next
month.
So
it's
very
soon.
We
basically
want
to
do
something
specifically
for
what
three
teams
I
think
I've
been
working
at
maker
for
about
a
year
and
the
biggest
benefit
that
we
get
from
here
is
actually
getting
all
together
meeting
each
other
and
collaborating
in
person.
So
we
kind
of
want
to
craft
that
experience.
AI
We
have
in
two,
let's
say
two
sides
of
it:
one
is
the
Gathering
week
we
invite
everyone
to
come
work
from
lovely
Barcelona
and
collaborate
with
other
teams
and
then
in
the
conference
weekend
we're
going
to
be
doing
panel
discussions,
workshops
and
working
sessions.
Apart
from
having
some
technical
talks,
let
me
talk
about
working
sessions.
These
are
probably
meetings.
I
can
have
with
people
across
the
industry.
AI
You
close
the
door
and
you
really
talk
about
what's
really
important
so
because
I
think
we
all
have
the
same
issues
with
all
trainers
have
the
same
challenges.
AI
Yeah.
We
actually
have
the
main
themes
which
are
D5
security,
dials
and
data,
but
we
also
have
other
subtopics
such
as
staking
and
wallet
ux
and
security,
so
very
welcome
to
everyone
and
please
join
us.
Tickets
are
available
also
still
have
some
sponsorship
spots
and
workshop
spots.
That
would
love
to
have
you
and
then,
if
anyone
is
here,
the
organizers,
if
anyone
has
a
tool
to
do,
show
the
scheduling
on
the
website.
Please
please
talk
to
me.
Thank
you.
AJ
Hey
folks,
I'm
divyanshu
I
work
at
the
folio
and
I
would
like
to
invite
you
all
to
eat
India,
which
is
an
event.
We
are
co-organizing
with
each
Global
and
yeah.
So
this
is
the
event
it's
going
to
be
Asia's
biggest
ethereum
hackathon
and
the
focus
is
on
Asia,
not
just
India,
and
one
core
reason
why
partner
with
these
Global
is
a
lot
of
each
Global.
Events
are
in
the
west.
We
would
want
that
same
experience
in
Asia,
and
this
will
be
easier
for
a
lot
of
folks
to
attend
right.
AJ
So
that's
what
we
want
to
do.
It's
happening
in
December,
second,
to
Fourth
and
yeah.
So,
like
kind
of
just
going
through
the
planning
phase
right
now,
I
just
wanted
to
share
this
artwork.
We're
really
proud
of
it,
but
yeah.
AJ
It's
going
to
be
big,
it's
the
third
iteration
we
started
in
2018.
We
did
it
in
2019,
then
the
pandemic
happened,
which
was
a
blessing
in
disguise,
because
the
ecosystem
has
really
really
grown.
Now
in
18
and
2019,
we
had
around
200
folks
show
up,
but
now
in
our
programs
we
see
thousands
of
folks
applying
and
trying
to
get
in.
So
this
one.
We
are
trying
to
invite
as
many
people
as
you
can.
AJ
We
have
capacity
for
over
1500
folks,
so
anyone
who's
looking
to
get
in
I'm
happy
to
host
you
in
India.
It's
going
to
be
fun.
It's
going
to
be
at
48
hours,
long,
hackathon,
36
hours,
long
hackathon
with
workshops.
So
we
are
onboarding
Partners.
If
you're
interested
in
being
a
partner.
We
are
doing
that
if
you're
interested
in
just
hacking
just
want
to
welcome
you
all.
It's
happening
in
Bangalore,
December,
2nd
to
4th.
AE
AK
Hi
everyone,
my
name-
is
Jason
I'm
from
Malaysia
and
next
year,
eight
months
from
now
we
are
organizing
Malaysia's
first
ethereum
event,
it's
called
Eve
Malaysia.
How
do
I
do
this?
The
green
one
right
so
if
Malaysia
is
inspired
actually
by
Shannon
and
Joshua
Lupitas
will
organize
Eve
Denver.
So
if
Malaysia
is
going
to
be
a
fork
of
Eve
Denver,
it's
going
to
consist
of
a
hackathon
which
we
are
in
talks
right
now
with
social
house
to
run
the
hackathon
and
so
that
we
can.
AK
They
have
very
interesting
ideas
to
basically
increase
the
KD
quality
of
the
submissions
of
the
hackathon.
Also
it
will
have
a
conference
and
you'll
have
fun
activities
as
well.
The
location
we
is
going
to
be
held
at
the
Petronas
Twin
Towers,
which
we
took
six
months
to
secure
it's
going
to
be
surrounded
with
a
lot
of
greenery,
and
we
want
to
really
make
a
big
statement
okay
to
in
in
Asia.
AK
For
this
event,
so
the
goal
is
to
basically
onboard
new
people,
okay
in
Southeast
Asia,
and
to
show
them
and
put
a
focus
onto
public
goods
that
web
tree
is
more
than
just
about.
You
know
just
price
action
and
we
only
have
one
ask
okay.
AK
One
asked
just
one
ask
which
is
that
my
teammate
one
of
my
teammates
is
here:
this
is
her
name
is
Bowie
right,
and
this
is
her
first
Defcon
that
she's
ever
attended
after
attending
the
opening
ceremony,
she
felt
immediately
in
love
with
ayam
miyaguchi
right
with
her
speech,
okay
about
subtraction
philosophy
and
I.
Think,
okay,
that
I
know
it's
only
eight
months.
AK
I
know
it's
eight
months
away,
but
I
think
it
would
really
mean
a
lot
okay,
if
we
could,
if
the
Italian
Foundation
is
here
and
can
show
us
how
we
can
invite
her
and
confirm
her
as
a
speaker
on
our
main
stage,
all
right
that
would
make
Bowie
really
happy.
Thank
you
very
much.
Everyone
see
you
in
Malaysia
next
year.
S
Well,
hey
everybody!
This
is
not
end
of
the
segment.
I
have
another
thing
to
show.
So
obviously,
as
I
said,
I
just
woke
up
so
I
didn't
prepare
slides,
but
we
are
again
organizing
eat.
Proc.
S
S
The
the
event
is
focused
on
sustainability
and
it's
solar
Punk
theme,
so
we're
focusing
on
urbanism
and
overall
sustainability,
not
only
like
the
material
one,
but
also
just
the
systemic
sustainability
of
how
you
build
social
systems
that
can
last
next
year.
The
event
is
happening
in
June
I
think
the
dates
are
set
to
June
9
to
11.,
and
it's
also
going
to
be
last
time.
We
as
parlonopolis
or
The
Institute
of
crypto
energy
crew
are
going
to
organize
eat
Prague
afterwards.
S
It
will
be
free
for
like
any
member
of
the
community
to
take
it
over.
But
the
reason
for
that
is
that
with
you-
and
we
don't
only
want
to
gather
the
ethereum
community,
but
we
want
to
bring
new
people
who
are
coming
from
the
sustainability
background.
Let
It
Be
academics,
Let
It,
Be,
sci-fi
writers,
Let,
It,
Be
practitioners
to
come
and
teach
the
ethereum
community.
What's
actually
what
are
the
code?
S
Rod
codes
causes
of
the
issues
that
we
are
facing
and
next
year
there
will
be
there'll,
be
the
last
time
that
we
focus
on
the
ethereum
community.
Specifics
and
we'll
be
labeling
the
event
as
eat
Prague
and
the
year
after.
We
actually
want
to
invite
all
of
the
members
of
the
ethereum
community
to
come
to
a
new
event
which
will
be
solely
focused
on
the
solar
Punk
values
and
on
sustainability
as
such.
So.
S
AL
So
yeah,
so
spaghett
teeth
was
born
last
year
and
we
had
the
first
event.
What
is
spaghetti.
Spaghetti
is
basically
an
umbrella
for
and
like
a
an
accelerator
for
the
Italian
communities
in
general,
and
we
will
we
started
the
last
year
in
Milan,
but
we
are
planning
to
do
each
event
in
a
different
city
in
Italy
to
include
all
of
the
Italian
communities,
and
so
it
is
an
event,
but
it
is
also
an
educational
Network.
AL
These
are
some
pictures
of
last
year
we
had
400
parties
participants,
so
it
was
not
super
big
and
it
was
both
Builders
and
none,
and
it
was
good
because
we
started
actually
two
new
communities
in
Milan.
That
probably
will
organize.
Also
it
Milan,
but
for
us
is
something
bigger.
AM
So
something
that
we
just
released
is
a
new
website,
so
also
thanks
to
Marco
and
Simone.
It's
a
sort
of
interactive
map
where
you
can
choose
and
find
your
own
Regional
communities
and
also
by
doing
a
pull
request
on
a
GitHub.
You
can
merge
new
communities.
If
you
want,
please
click
and
yeah.
What's
next,
we
will
have
a
midterm
event
in
January
in
Rome,
a
one-day
educational
thing
for
University
students
of
computer
science,
economics,
political
sciences,
Etc
run
by
the
spaghetti.
Community
spaghettis
number
two
will
be
very
likely
happening
in
southern
Italy.
AM
AE
AN
Hi
everyone,
my
name,
is
Queen,
so
I'm
present
for
eat,
Vietnam,
so
I'm
even
I'm,
here
alone,
but
I
present
for
the
whole
community.
So
maybe
we
are
the
youngest
Community.
This
is
the
first
time
we
do
eat
Vietnam,
but
who
are
we?
We
have
100
million
population,
we
top
three,
like
you
know,
market
for
crypto
user,
about
eight
to
ten
million
crypto
user
in
Vietnam.
We
have
the
very
young
debt
committee
who
are
you
know
like
even
the
young
deaf
like
Wu.
AN
He
born
in
2001,
also
like
study
English
by
himself
live
in
the
rural
area
because
he
wants
to
study
zkp
and
now
he
also
like
working
for
EF
and
another
guy,
also
like
he
also
like
working
for
AI,
also
boy
in
like
2003
and
now
also
like
building
the
AI
machine
learning
applies
dkp
and
also
mentored
by
Barry
Whitehead.
Also,
we
have
many
top
depth,
also
from
great
projects
like
RC,
infinity
or
kyber
Network
Cipher,
and
we
all
hunger.
You
know
to
view
the
great
projects.
AN
So
that's
why
we
want
to
do
eat
Vietnam,
and
this
is
the
first
time
that
we
built
and
also
for
in
Vietnam
we're
gonna.
Do
you
know
like
building
in
the
independent
Palace,
which
is
one
of
the
most
like
historical
building
for
all
the
government
also
have
the
you
know,
meetings
with
the
important
like
diplomatic
and
other
government
and
we're
gonna.
Do
it
in
November
from
25
to
27.
this
year.
AN
The
first
time-
and
we
have
the
hackathon
we
right
now
have
about
like
70
team-
joins
register
for
the
hackathon
already
we
also
have
the
demo
day.
We
also
like
you
know,
do
a
lot
of
prevent
Workshop.
More
than
40
Workshop
focus
on
layer,
2
and
Dev
committee
hope
to
see
all
of
you
guys
there,
and
also
we
gonna,
do
it
like
next
year
for
eat
Vietnam,
and
you
know
what
like
you
know
right
now.
AN
AC
AC
Here
we
go
yeah,
so
the
story
of
V4
so
begins
almost
exactly
one
year
ago,
in
Lisbon,
out
of
all
the
places
we
went
to
East
Lisbon
with
this
great
group
of
people,
mostly
web
free
engineers,
and
we
were
surprised
about
how
many
Engineers
we
polish
Engineers
we
met
in
Lisbon
turns
out
that
there
is
a
huge
community
of
web
free
builders
in
Poland,
but
we
didn't
have
a
chance
to
read
them.
So
we
decided
to
build
a
community
for
the
web
free
builders
in
in
Warsaw.
AC
O
More
yeah,
hello,
everyone,
my
name
is
Marcin
and
yeah.
We
are
after
the
first
edition
of
iforso,
which
happened
this
September.
Some
of
you
have
been
over
there.
I
heard
couple
of
good
feedback,
even
during
Defcon,
which
is
extremely
rewarding.
You
can
see,
like
our
team,
is
super
engaged
in
the
web
free
community,
even
over
here
in
Bogota,
which
is
like
14
hours
away
flight
from
from
Poland.
O
We
get
over
here,
like
with
big
team,
huge
shout
out
to
Shannon
and
the
whole
Eve
Denver
team
and
Eve
Lisbon
team
for
huge
help,
like
their
support,
was
extremely
valuable
for
us.
But,
okay,
we
don't
stop
over
here.
So
what's
going
to
happen
next,
we
are
going
to
have
like
in
real
life
monthly
meetups
every
month,
a
meet
up
mostly
like
with
a
dedicated
topic:
let's
call
it
ZK
Singh,
ZK,
Roll-Ups,
dowels
and
so
on,
workshops
for
students,
but
not
only
like
mainly
technical
ones.
O
O
It's
going
to
be
second
or
the
third
week
of
September
2023
and
yeah,
as
I
said,
like
monthly
meetups,
ID
student
workshops
online,
oh
yeah,
and
on
top
of
that
we
are
going
to
have
like
an
online
hackathon
and
one
day
Summit
in
Spring
2023
to
warm
up
the
community
a
little
bit
more.
So
if
you're
interested,
you
can
scan
the
QR
code
over
here.
There
is
a
forum
to
sign
up
for
news
about
the
next
Edition
and
you
can
follow
us
on
Twitter
at
if
Warsaw
yeah.
AC
To
get
the
time,
but
yeah
I
mean
pull
out
your
smartphone
and
scan
this
QR
code.
If
you
want
to
be
part
of
V4,
so
if
you
want
to
attend
any
of
the
events,
if
you
want
to
be
as
become
a
sponsor
or
speak
at
some
of
our
events,
a
little
insight
from
the
sponsorship
side,
our
sponsors
were
really
happy
with
the
hackathon
submissions
quality.
So
that
speaks
a
lot
to
the
skills
of
polish
web
free
Engineers
Martin.
Would
you
like
to
add
anything.
AE
Do
you
have
that?
No
do
you
just
want
that?
Okay,
I
thought
you
were
one,
the
one
who
was
going
to
okay.
O
AN
AE
For
sure
you
can
take
a
yeah
all
of
the
organizers,
yeah
yeah.
AE
Yeah
I
didn't
introduce
myself,
I'm,
Juan,
David
and
I'm.
Well,
I
didn't
have
the
time
to
add
the
Eid
latam.
So
this
is
something
quite
interesting.
That's
going
in
the
region,
so
I
would
love
also
to
chat
with
all
of
you
later
of
all
the
things
that
we
can
learn
Marco.
No,
we
want
the
open
source
map.
People
are
already
asking
for
that.
Each
country
should
have
one
of
those
quite
sure
the
GitHub
order.
AE
Thank
you
so
much
Eleanor
has
something
to
add.
AF
I
forgot
I
forgot
that
well
it's
a
bit
different
we're
trying
to
so
it's
going
to
be
a
conference
hackathon,
and
we
want
to
invite
all
previous
winners
of
ethereum
hackathons
to
compete
and
they
All-Stars
Champions
League
model
we're
still
brainstorming
on
the
format
but
I'm
very
tempted
to
make
them
start
one
month
earlier
and
then
present
in
a
special
track
for
the
All-Stars
hackathon
winners.
Thank
you.
AE
S
Thank
you,
Juan
David,
so,
in
the
next
five
minutes
we
are
going
to
start
a
lay
one
protocol
track
and
the
next
talk
is
going
to
be
on
light
clients
after
the
merch.
So
in
five
minutes,
if
you're
interested
in
that,
please
stay
in
the
room.
If
you
want
to
talk
to
the
the
event
organizers,
I'm
sure
they
will
be
around,
you
can
meet
them
outside
of
the
room
or
catch
them
after
they
leave
the
room
thanks.
Everybody.
S
S
S
S
S
S
S
S
Yeah,
hey
everybody.
Welcome
to
the
cold
Forest
stage
for
one
of
the
later
one
protocol
talks,
the
talk
is
going
to
be
about
light
clients
after
merch
presented
by
Eden
kisslink,
a
client
engineer
from
Nimbus.
So
please
welcome
on
stage
Ethan.
AO
AO
Hello
to
my
presentation
about
light
clients
after
the
merge,
so
many
of
us
are
asking
ourselves
what
is
a
like
client
and
to
answer
that.
First,
let's
look
at
what
you
actually
need
for
a
full
node.
At
the
very
least,
it's
a
Raspberry
Pi,
eight
gigabytes
of
RAM,
two
terabytes
of
storage,
one
terabyte,
A
month's
internet
and
a
live
client
is
basically
anything
that
doesn't
support
those
specs
like
a
browser
wallet
to
the
left
side,
metamask
or
in
the
center
the
status
mobile
or
on
the
right
Hardware
wallet.
AO
AO
Here
someone
approaches
you,
he
wants
to
donate
0.5
East
to
you
so
sounds
good.
0.5
is
a
lot
of
money.
You
give
them
the
QR
code,
they
send
the
money
and
they
send
you
the
transaction
and
seems
good.
But
when
you
check
it,
you
see
they
accidentally
sent
five
E's.
So
we
need
to
refund
4.5
of
those,
and
luckily
we
brought
our
Hardware
wallet
but,
as
you
know,
the
Wi-Fi
is
not
too
great
here.
So
let's
just
ask
can
use
their
laptop
and
they
agree.
AO
We
connect
the
letter
to
their
laptop
and
we
see
here
the
9.75
eth,
so
the
plus
five
and
we
signed
the
transaction
for
4.5.
The
letter
protects
our
keys,
so
they
cannot
be
extracted.
We
see
here.
The
amount
is
correct,
the
address
is
correct
and
we
confirm-
and
we
thank
them
for
the
donation,
so
like
clients
very
powerful,
that
there
is
a
problem
when
you
go
back
to
the
hotel,
you
actually
realize
that
this
transaction
of
the
five
is
missing.
AO
So
what
went
wrong?
We
confirmed
that
everything
is
correct,
but
one
key
piece
is
missing
there.
The
actual
balance
was
4.75
East,
so
they
lied
to
us
with
the
975.
This
is
actually
the
same
problem
with
traditional
banking.
When
I
create
a
transaction
to
an
unknown
destination.
They
only
ask
me
HTML,
correct
and
the
address,
but
they
don't
verify
that
the
intent
why
I
am
sending
the
transaction
is
really
why
yeah.
AO
AO
Actually
it's
just
this
is
the
call
that
metamask
is
doing
is
get
balanced.
You
posit
the
address
the
block
number
and
the
response
you
just
get
the
raw
balance,
no
security
whatsoever.
Just
trust
me
bro,
so
in
this
case
the
attacker
simply
added
the
five
E's.
If
it's
our
address,
this
is
the
complete
attack
code.
This
thing
I
tried
with
a
real
metamask.
AO
So
now
the
question
is:
how
can
we
make
this
more
secure
to
understand
that
we
need
to
understand?
We
need
to
see
what
are
what
is
actually
stored
in
ethereum
and
all
of
these
things,
any
one
of
you
probably
interacted
with
at
least
one
of
them:
nft
ownership,
game
characters,
tokenized
assets,
exchange
rates
or
even
just
the
plain
East
balance
that
we
have
seen
before.
AO
All
of
that
is
just
data
stored
as
part
of
the
ethereum
state
and
because
it's
data,
it's
just
a
bunch
of
bytes,
and
we
can
arrange
it
as
we
want,
for
example.
Here
we
can
order
it
and
then
what
we
can
do
is
we
can
compute
the
hash
function
on
pairs
of
each
of
them.
So
a
hash
function
is
just
a
one-way
function.
It's
a
cryptographic
checksum!
AO
The
idea
is
that
if
any
of
these
change,
for
example,
if
someone
modifies
the
B,
then
the
hash
also
changes,
and
we
can
apply
this
to
the
entire
data
and,
as
you
can
see
here,
we
now
have
only
four
of
them.
Then
we
do
it
again.
We
only
have
two
of
them
until
we
have
a
single
state
root
hash.
So
how
is
this
useful?
AO
If
we
have
our
balance
down
here,
the
4.75
we
can
see
the
root
touch
contains
information
about
all
of
it.
So
whenever
someone
changes
that,
for
example,
to
9.75
to
lie
to
us,
Everything
Changes
up
to
the
true
test,
so
if
we
know
the
correct
routes,
we
can
know
that
whether
something
was
tampered
with
or
not.
AO
So
how
do
we
actually
send
a
proof
that
the
4.75
East
was
used
as
part
of
this
hash,
and
for
this
we
need
to
work
this
entire
path
to
the
top?
Let's
start
with
this
node
here
to
compute
that
we
also
need
this
one,
and
then
we
go
to
the
next
node
here
and
for
that
one
we
need
the
A
and
B
and
then
from
there
we
go
all
the
way
to
the
top.
What
is
missing
is
EFG
and
age.
AO
AO
So
how
do
we
obtain
those
proofs?
The
answer
is
is
get
proof.
The
interface
looks
surprisingly
similar
to
the
get
balance,
but
instead
of
just
a
balance
in
the
response,
we
also
receive
the
Merkel
proof,
and
this
marker
proof
can
be
used
to
verify
that
the
balance
that
we
get
is
indeed
part
of
that
root.
Hash
so
now
the
question
is:
how
do
we
obtain
the
root
test?
AO
This
is
where
the
lifeline
protocol
comes
in.
If
we
look
at
the
Beacon
chain,
it's
a
series
of
blocks
that
point
to
the
parent
block
with
a
address.
That's
part
of
the
block,
it
forms
a
chain
and
since
the
merge
actually
the
root
hash
is
just
part
of
those
blocks.
So
the
question
now
is:
how
do
we
obtain
that
latest
block
with
the
correct,
true
test
and
a
full
node?
Does
this
by
just
following
all
the
signatures
and
verifying
them?
AO
The
student
committee
has
a
set
of
just
512
validators
that
the
like
client
can
keep
track
of,
and
they
also
sign
each
block.
They
sign.
Whatever
is
the
latest
block
and
if
you
know
those
keys,
you
verify
the
signature
and
more
than
two-thirds
of
it
agreed
on
the
same
block.
You
can
trust.
That
is
the
same.
That
is
correct.
AO
So
how
do
you
get
these
link
committees?
And
the
answer
here
is
it's
from
the
previous
student
committee.
Every
day
the
student
committee
changes
and
the
previous
student
committee
signs
a
message
that
passes
on
this
power
of
signing
the
latest
block
to
the
next
student
committee
and
the
previous
student
committee.
How
do
you
get
that?
AO
This
data
is
really
small.
It's
just
about
25
kilobytes
each
and
to
obtain
the
final
root
hash.
It's
just
about
300
bytes,
one
thing
for
certain
applications
that
can
be
done
if
you
are
really
offline
for
a
long
time.
Those
committee
messages
can
be
combined
into
a
CK
proof,
and
then
you
can
essentially
jump
from
any
point
in
time
to
the
present
in
constant
time
with
a
very
small
proof.
AO
Those
apis
are
available
to
download
the
data.
It's
on
rest,
andly,
P2P,
it's
already
standardized
part
of
the
official
specs
on
the
portal
Network
there
is
a
PR
and
load
star
and
Nimbus
are
currently
implementing
the
lip
p2pn
rest
apis.
So
if
you
want
to
try
those
feel
free
to
do
so,
then
security,
how
secure
is
it?
There
is
some
research
that
shows
that,
with
a
few
minor
modifications
to
the
protocol,
it
can
be
made
so
that
you
can
actually
only
stream
every
four
months.
AO
AO
This
was
where
we
started.
We
had
our
wallet
just
get
balance
to
infurum
and
it
returned
us
to
4.75
eth,
not
very
secure,
but
it's
it's
the
best
that
could
be
done
before
the
merge.
AO
That
is
quite
huge
like
if
you
don't
want
to
modify
metamask.
You
can
also
put
a
proxy
in
between
that.
Does
this
translation
so
metamask
is
unmodified?
It
still
does
this
old
get
balance
call
but
the
verifying
proxy.
It
keeps
track
of
the
latest
root
hash
using
the
light
client
data,
and
it
translates
the
get
balanced,
call
to
the
get
proof
and
verifies
that
the
return
data
is
correct.
It
can
alert
you
if
it
was
tampered
with
like
in
our
original
case.
AO
This
verifying
proxy
is
available
today
from
Nimbus.
It's
it's
a
part
of
the
Nimbus
eth1
repo
in
the
LC
underscore
proxy
subfolder,
and
yesterday
someone
announced
on
this.
Port
is
r
d
in
the
light
clients
Channel
a
product
called
keflar.
That
also
does
this,
including
proof,
verification
for
nft
ownership
and
token
balances.
AO
AO
Of
course
that
needs
a
modification
to
the
letter
software,
but
it
could
be
done
in
a
way
where
we
just
dump
all
of
this
data
to
The
Ledger,
and
it
can
actually
just
verify
that
it's
correct
it
uses
the
live.
Client
data
to
update
to
the
latest
public
keys
then
obtains
the
latest.
True
touch
then
verifies
that
the
balance
that
we
give
it
is
correct
using
the
Merkel
proof,
and
then
it
can
show
this.
It
can
show
the
balance
with
the
timestamp,
and
you
can
verify
that
this
transaction
is
really
something
you
want
to
do.
AO
So
what
else
can
we
do
with
this
protocol
for
full
nodes
right
now?
It's
always
a
bit
tricky.
Where
do
you
obtain
that
initial
State
from
usually
you
just
go
to
infuro
and
scrap
States
finalized,
and
then
maybe
you
go
to
Beacon
chain
and
check
that
it's
the
correct
one,
but
with
this
protocol
you
can
just
hard
code.
AO
The
merge
transition
block,
for
example,
into
the
client
and
then
use
the
lifeline
protocol
to
jump
to
the
latest
State
download
that
state
and
then
use
that
as
your
bootstrap
checkpoint,
without
having
to
validate
it
against
Beacon
chain
or
another
use
case,
a
decentralized
wallet
that
doesn't
need
to
talk
to
any
server
Geth
has
a
Mode
called
Les.
Currently,
it's
sort
of
a
thing
that
you
have
to
enable,
but
the
key
point
is
that
it
doesn't
require
a
huge
database.
AO
AO
So
you
just
need,
like
the
little
like
client
on
the
consensus
side,
25
kilobytes
a
day
about
20
bytes
per
second
to
follow
the
blocks
continuously,
and
then
you
can
pass
the
headers
over
to
guess
Les
and
it
can
then
filter
for
the
blocks
that
contain
interesting
transactions
and
just
download
those
few
blocks.
It's
not
every
block
for
sure.
AO
So
if
we
go
a
bit
further
to
the
Future
layer,
twos
are
getting
more
important
and
for
them
the
problem
right
now
is
they
get
attacked
all
the
time
like
they
usually
get
operated
by
Oracle
nodes
that
are
trusted.
There
is
a
multi-seek,
maybe
five
out
of
nine
four
out
of
seven,
but
it
turns
out
that
one
party
owns
four
of
those
when
they
get
compromised.
AO
Everything
gets
hacked
and
if
you
add
this
like
client
protocol
there,
it
can
sort
of
act
as
an
additional
safety
net
so
that
the
Oracle
notes
cannot
just
send
the
bogus
information.
So,
for
example,
when
you
make
a
deposit
into
a
bridge,
you
can
create
a
miracle
proof
that
you
made
that
deposit
in
the
ethereum
state
and
if
there
is
a
light
client
deployed
to
that
layer
2.
AO
You
can
then
use
this
as
a
as
an
endpoint
like
if
you,
if
you
submit
a
Merkel
proof
to
that
bridge,
it
can
verify
using
that
light
client
that
it's
a
valid
deposit
and
can
transfer
that
tokens
to
the
layer,
2.
and
also
Internet
of
Things
devices.
AO
AP
Hello,
thank
you
for
the
great
talk.
I
see
a
lot
of
deformed
Bitcoin
Maxes,
who
say
that
it's
putting
too
much
pressure
on
the
nodes,
while
you're
part
of
the
sync
committee,
so
I
just
wanted
to
ask
what
do
the
resources
of
the
machine
look
like
while
you're
part
of
a
sync
committee,
CPU,
RAM
and
bandwidth.
AO
So,
as
part
of
the
same
committee,
you
are
already
doing
extra
work
so
doing
this
extra
lag.
Client
work
is
actually
not
that
much
extra.
Basically,
what
you
need
to
do
is
you
need
to
Hash
the
state
and
you
need
to
grab
a
bit
of
static
data
out
of
it
because
you
already
loaded
the
state
I'm
getting
those
hashes
is
basically
instantaneous.
So
this
really
just
doesn't
add
that
much
for
nimbos
we
collect
the
like
client
data
by
default
and
no
one
has
ever
complained
about
any
CPU,
Spike
or
bandwidth
Spike.
Due
to
that.
S
Thanks,
do
we
have
any
any
more
questions
from
the
audience.
V
Or
coinbase
or
Ledger
like
what
does
this
actually
what's
the
future
opportunity
of
using
like
clients,
and
how
does
that
change?
How
wallets
actually
operate
in
the
future?.
AO
AA
AO
We
are
still
call,
for
example,
right
now
getting
access
to
the
execution.
Payload
header
is
not
that
easy.
You
need.
You
still
need
to
download
the
full
block
for
that,
but
we
are
targeting
a
couple
improvements
there
for
Capilla
that
further
reduce
the
amount
of
information
that
needs
to
be
exchanged
to
be
fully
synced
to
the
latest
head.
AR
Oh
hey,
thanks
for
the
talk,
I
just
have
a
question
about
the
attack
that
you
showed
at
the
beginning
with
metamask
and
the
solution
that
you
came
up
with
at
Nimbus
as
how
to
mitigate
that
attack.
I'm,
just
curious,
if
you
use
my
excuse,
my
ignorance
here
on
this
question
but
like
why
doesn't
metamask
or
these
like
client
wallet
providers,
just
build
the
solution
and
instantiate
it
themselves
like
what
does
Nimbus?
Why
does
nimbus
need
to
be
brought
in
to
mitigate
this
attack?.
AO
Well,
the
reason
there
is
that
actually
those
protocols
just
are
getting
standardized
right
now,
for
example,
the
rest
protocol
was
standardized
on
Monday,
so
that's
when
it
got
merged.
So
there
was
just
not
enough
time
yet
and
we
hope
for
sure
that
metamask
and
Ledger
will
integrate
those
security
enhancements
directly
into
their
products,
or
you
could
also
Imagine
a
scenario
where
Apple
and
Google
put
it
into
the
Android
and
iOS
operating
systems
as
a
background
service.
AO
AS
Hey
John:
what
are
the
sort
of
assumptions
that
are
being
made
or
the
security
implications
of
just
trusting
the
data
that
comes
into
the
like
client
headers,
and
how
do
we
mitigate
this
so.
AO
All
of
the
security
Implement
implications.
The
student
committee
is
sampled
by
random
from
the
full
validator
set,
so
the
full
Beacon
chain
currently
operates
under
an
honest
majority
assumption.
So
as
long
as
a
majority
is
honest,
the
beacon
chain
works.
So
if
we
sample
randomly
512
validators
from
that
set,
that
is
considered
to
be
honest
maturity,
then
the
same
can
be
assumed
for
the
smaller
set,
and
there
is
also
this
additional
safety.
AO
That's
why
it's
more
than
the
weak
subjectivity
period
where,
because
like
it,
has
to
be
exactly
those
512
validators
that
are
only
assigned
for
that
particular
day
that
you
need
to
compromise.
If
you
look
at
it,
how
long
does
it
take
for
validators
to
exit
it
takes
about
four
months
until
enough
validators
are
exceeded
so
that
they
can
then
sign
conflicting
histories
to
compromise
this?
So
as
long
as
you
stay
within
the
four
months,
and
as
long
as
we
improve
the
protocol
with
those
flashing
methods,
then
I
think
it's
quite
a
secure
way.
AO
What
you
have
to
keep
in
mind,
though,
is
that
the
student
commit
is
512
validators
and
each
of
them
has
32
E's.
So
if
you
combine
all
of
these
balances,
it's
about
2
million
dollars,
so
that's
about
the
highest
cost
you
can
get,
even
if
everyone
would
be
fully
slashed
down
to
zero
any
attacker.
Who
can
offer
the
student
committee
a
higher
amount
than
that
can
compromise
this
so
right
now
for
highly
secure
applications
such
as
layer,
2,
Bridges
I,
would
recommend
it
as
an
additional
safety
net.
AO
So
in
case
the
Oracle
nodes
get
compromised
that
you
can
still
verify
that
they
are
compromised.
But
I
would
not
trust
this
solely
for
high
security
for
the
wallet
use
cases.
It's
already
an
improvement
compared
to
just
trusting
infuro.
AT
AO
S
S
Catch
eaten
outside
of
the
room
and
in
the
next
five
minutes
we
are
going
to
have
Daniel
Faron
on
stage
talking
about
compatibility
of
ethereum,
tooling
and
with
other
blockchains
alternative
blockchains
and
what
it
can
teach
us
about.
Ethereum's
future,
starting
in
five
minutes.
S
S
S
S
S
S
S
S
S
Tooling
can
teach
us
about
ethereum's
future
by
also
one
of
the
one
of
the
cool
people
in
the
space
thanopharyn.
The
principal
software
engineer.
Oh
please,
yeah
yeah,
one
round
of
applause
for
Dino
is
a
principal
software
engineer
from
hederer
hashgraph
he's
also
the
maintainer
of
the
hyperologic
base
2.
So
please,
without
further
Ado
that
don't
come
on
stage.
AU
AU
AU
So
I
thought
I'd,
ask
Dolly
to
the
AI
generation
program
to
create
an
image
of
me
of
a
covered
wagon
on
a
Seaside
looking
out
over
a
shipwreck
and
what
I
got
instead
was
something
more
awesome.
I
got
this
over
here
you
see
a
broken
down
wagon,
it's
broken.
This
is
the
real
wreck
and
this
isn't
a
ship.
This
is
a
wagon,
that's
converted
its
cover
into
a
sail.
So
this
isn't
the
East
Coast.
If
you're
heading
west,
this
is
the
West
Coast.
AU
AU
So
how
do
we
this
presentation?
Most
of
these
slides,
are
going
to
be
in
two
columns
on
the
left
is
going
to
be
what
other
chains
do
in
some
of
the
details
that
are
relevant
and
on
the
right
is
what
ethereum
could
learn
from
it?
Sometimes
we
learn
good
things.
Sometimes
we
learn
things
not
to
do,
and
sometimes
that's
that's
just
a
neat
thing
to
know,
but
it
really
won't
work
for
ethereum
and
I
kind
of
live
in
both
worlds.
AU
On
this,
the
reason
I
I
came
up
with
the
idea,
for
this
talk
was
I
work
at
hedera.
Hashgraph
I
was
one
of
the
maintainers
of
hyperledger
Basu
and
they
wanted
to
improve
their
ethereum
compatibility
game.
So
the
idea
was
well
hedera's,
Java
based
basis,
Java,
based,
let's
just
complementize
out
their
evm
and
bring
it
into
hedera
and
bring
that
software
over
and
suddenly
boom
100
evium
compatible.
AU
It's
not
that
simple,
there's
a
lot
more
to
it
than
just
reading
byte
code
and
executing
programs.
So
I'm
going
to
talk
about
three
separate
areas.
The
first
area
is
going
to
be
accounts
of
cryptography.
Then
I'm
going
to
spend
a
little
bit
of
time
on
the
evm
itself
and
then
I'm
going
to
talk
about
transactions
and
and
transacting
with
ethereum,
which
is
is
kind
of
an
important
thing.
If
you
can't
put
your
transaction
on
a
chain,
the
chain
may
as
well
not
exist.
AU
So
the
first
thing
to
talk
about
on
on
crypto
on
the
accounts
is
the
cryptography
accounts
for
in
ethereum
are
intrinsically
tied
to
your
public
key
and
a
lot
of
other
operations
are
intrinsically
tied
to
hashing
operations.
Nearly
every
different
chain
out.
There
has
a
different
setup
for
the
encryption
that
it
uses.
AU
Ethereum
uses
ecdsa
on
secp
256k1
hedera
uses
Edwards,
as
does
near
polka,
dot
uses
a
combination
of
schnor
and
curve
25519,
which
is
pretty
unique
and
insensible,
and
the
consensus
layer
uses
bls-12381
and
there's
a
lot
of
variation
in
there.
And
then
you
look
at
the
hashing
algorithms
there's
an
older
draft
of
of
shot
three
culture
contract
that
ethereum
uses,
then
there's
actual
shot
3
which
hedera
uses,
but
they
use
more
bits
near
uses,
shot
256
as
as
the
consensus
layer
and
polka
dot
uses
Blake
2..
AU
So
one
of
the
things
looking
at
this
is,
you
might
think
we
can
just
pick
one
and
go
with
it.
The
problem
is
need
cryptography
needs
change
over
time.
Attacks
against
cryptography,
don't
get
worse.
They
only
get
better
new
ideas
get
found.
One
of
the
big
things
on
the
horizon
is
quantum
resistance.
If
we
want
ethereum
to
last
10
20
50
years
at
some
point,
we're
going
to
have
to
change
some
of
these
algorithms
and
at
some
points
we're
going
to
have
to
do
significant
changes.
AU
So
we
should
continue
to
build
with
this
in
mind
that
we're
going
to
want
to
change
it.
I
mean
as
it
is
right
now.
We
may
want
to
change
it
to
use
the
wrong
button.
This
is
the
laser
we
may
want
to
use
BLS
12
381
for
some
of
our
accounts.
It's
not
just
useful
on
ethereum
mainnet,
on
ethereum,
on
the
consensus
layer
for
aggregating
signatures,
but
it's
useful
on
layer
Twos
for
aggregating
all
of
their
transactions
into
one
signed
transaction.
Now
that
comes
along
with
some
problems.
AU
AU
I'll
talk
about
on
this
slide,
so
the
the
BLS
and
Edwards
require
you
to
bring
your
public
key
ecdsa
doesn't
so
we
need
to
put
more
space
in
some
of
these
transactions
and
normalize
the
practice
of
setting
your
public
key
or
your
ethereum,
and
you
can't
send
your
ethereum
address.
You
actually
need
the
public
key
for
the
cryptography,
so
for
some
of
these
signatures
we
would
need
to
socialize
that
so
the
next
interesting
issue
comes
along
with
the
account
addresses
hedera
uses.
AU
A
sequential
system
counting
up
from
a
thousand
hedera
is
interesting,
an
alias
system
into
some
of
its
accounts
to
support
some
of
the
needs
of
of
ethereum
mainnet
create
two.
You
have
to
use
the
ethereum
equivalent
address
or
things
like
uniswap
just
won't
work.
We're
also
considering
multiple
accounts
per
model,
but
some
of
the
interesting
things
here
is
that
by
disconnecting
the
public
key
from
the
address,
you
can
do
things
such
as
key
rotation,
which
is
critical
to
some
Enterprise
applications.
AU
But
right
now
your
key
is
tied
to
your
address,
so
account
abstraction
is
a
way
to
solve.
This
I
think
would
be
a
great
way,
but
another
problem
with
compatibility
is
if
we're
going
to
use
a
different
Key
address.
Do
we
do
address
translations
to
ethereum?
AU
Do
we
have
definitions,
for
these,
we'll
probably
need
some
sort
of
a
definition
for
how
you
would
take
a
BLS
12
signature
into
an
ethereum
address
if
we're
going
to
adapt
that
for
various
uses,
and
the
biggest
problem
is
that
ethers.js
and
some
of
the
other
tooling,
when
you
create
a
contract
from
an
account,
they
don't
check
the
return
value.
AU
They
assume
that
you're
following
proper
yellow
paper
definitions
which
for
an
ethereum
tool,
makes
sense,
but
with
it
with
the
possibility
on
the
horizon
that
some
of
these
signature
algorithms
might
be
changing,
that's
not
an
assumption
that
is
safe
anymore.
For
these
tools
to
make.
They
should
believe
what
the
what
the
RPC
tells
them
is
the
new
address
when
it
comes
back
to
them.
AU
Another
problem
is
authorization.
Ec
recover
is
used
by
a
lot
of
contracts
to
authorize
messages
like
0x
to
authorize
the
trades
some
other
out,
some
other
Dows
use
it
to
validate
votes,
and
everything
like
that.
But
this
again
ties
the
account
to
the
key
and
also
includes
key
rotation
hedera.
We
use
this
clinch
law
accounts
which
doesn't
work
well
to
EC
recover.
AU
We
have
to
map
in
it
addressed
to
that
near
uses,
usernames
that
you
have
to
register
ahead
of
time
quite
different,
and
so
we
need
to
have
a
different
approach
to
this
and
we
probably
need
some
sort
of
a
an
account
authorized
pre-compile
to
be
brought
into
ethereum
when
we
do
account
abstractions.
So
you
can
ask
a
question
of
here's
a
address.
AU
Here's,
the
signature
and
here's
the
here's
what
they
signed
is
it
authorized
and
then
just
return,
yes
or
no,
so
I
think
you
know
that
would
help
us
continue
to
keep
easy
recover
as
a
primitive
and
move.
The
questions
about
am
I
authorized
into
a
pre-compile
that
has
deep
integration
with
the
system
and
finally
account
abstraction
one
thing:
I
we
should
learn
from
hedera
on.
AU
This
is
hedera
counts
that
used
to
have
to
create
them
before
you
could
send
crypto
to
them,
which
presented
lots
of
problems
for
exchanges,
creating
new
accounts
for
customers
or
for
somebody
saying
hey,
send
it
to
this.
Send
it
to
this
public
key
you'd
have
to
have
the
account
created
before
anybody
could
send
you,
your
nfts
or
your
crypto,
or
anything
so
hedera
introduced
a
system
where
you
could
have
an
aliasp
account
and
we
would
create
the
account
under
the
covers
for
you
late
the
moment.
AU
We
need
it,
and
the
lesson
here
is
from
the
account
abstraction.
This
was
a
bad
experience,
which
is
why
we
had
to
add
the
aliases.
If
we're
going
to
have
account
abstractions,
we
need
to
have
a
mechanism
that
you
could
that
you
can't
convert
an
existing
end
user
account
to
an
account
abstraction
account.
So
people
can
still
send
you
stuff
ahead
of
time
before
you
create
your
contract.
AU
Hedera's
got
a
unique
process.
Called
Hollow
accounts
that
we're
implementing
here
shortly,
where
you
can
just
set
it
with
partial
information
and
then
fill
it
out
later
and
that's
kind
of
what
would
need
to
happen
in
account
abstraction,
so
I'm.
A
draft
some
drafts
have
this
feature.
Some
drafts
don't
have
that
feature
of
account
abstractions.
So
whatever
approach
we
take,
I
would
really
want
to
be
able
to
convert
an
end
user
account
into
an
existing
externally
owned
account
into
an
account
abstraction
account,
rather
than
requiring
them
always
to
start
from
a
contract
deploy.
AU
So
that
covers
it
mostly
for
accounts.
The
next
area
is
the
ethereum
virtual
machine,
even
though
you
bring
in
the
same
Library,
there's
always
rough
edges
and
Corners
that
you
need
to
deal
with.
One
is
the
issue
of
ergonomics
and
pre-compile
contracts
is
the
way
that
most
change
saw
this
issue.
What,
if
you
need
to
do
stuff
that
you
can't
do
inside
the
evm,
what
if
you
need
to
queue
up
a
layer,
2
withdrawal?
What
if
you
need
to
interact
with
your
native
token
system?
AU
What,
if
you
need
to
change
your
account
information
from
a
smart
contract,
lots
of
lots
of
smart
contracts,
lots
of
different
blockchains
have
different
addresses
for
a
lot
of
their
pre-compiles.
An
interesting
one
down
here
is
stello.
AU
So
they
know
how
to
call
these
contracts
within
it
in
kind
of
a
centralized
place,
but
I
also
want
to
pitch
a
language
change.
As
for
these
contracts
that
there's
going
to
be
a
difference
between
a
pre-compiled
contract,
which
is
a
contract
that
you
could
do
everything
within
the
evm
most
crypto
Primitives
would
cover
into
this.
You
just
can't
do
it
efficiently,
you
can't
do
it
speed
wise.
It
costs
too
much,
so
you
pre-compile
it
into
a
library.
You
need
to
do
it
cheaper
and
faster.
AU
The
other
type
of
contract
would
be
a
system
contract
where
you're
breaking
the
layers
of
the
of
the
ethereum
virtual
machine
and
going
and
doing
things
into
different
parts
of
the
system
that
you
can't
do
in
the
evm.
So
most
of
these
contracts
up
here,
I
would
call
system
contracts
and
only
the
the
BLS
signatures.
I
would
really
call
a
pre-compiled
contract
on
this
list
a
little
bit
here.
We
had
to
do
something
different.
Instead
of
random,
we
used
a
different
hash
and
hedera
has
a
very
complex
fee
system.
AU
It
works
you
just
librarize,
it
gets
lots
of
tests
and
the
takeaway
from
that
is
that
multi-dimensional
1559
much
simpler
than
what
hedera
has
and
what
hedera
does
isn't
too
scary,
if
you
know
what's
going
into
it,
but
you
know
some
end
users,
it's
not
quite
as
simple
as
here's
one
price
and
here's
one
meter
numbers
go
up
as
you
do
more
so
I
think
the
the
multi-dimensional
1559
would
be
a
good
value
and
I.
Don't
think
we're
going
to
be
charging
too
much
for
a
lot
of
our
gas
features.
AU
But
if
we
do,
we
should
consider
letting
some
operations
be
charged
with
ether
rather
than
charging
gas,
because,
if
you're
just
going
to
store
its
store,
take
up
a
lot
of
memory
space
that
you're
not
doing
a
lot
of
compute
from
there's
no
reason
to
keep
the
the
whole
blockchain
shut
down.
Just
do
one
large
operation
that
takes
no
compute,
not
too
big
of
an
issue
off
and
off.
Call
I,
don't
know
that
anybody
that
does
this.
So
this
isn't
a
fair
take,
but
it
would
be
evidence
we
shouldn't.
AU
Do
it
I'll
come
back
to
this
later.
Don't
worry
the
next
thing,
though,
I'd
like
to
use
this
as
a
little
example,
I'll
tell
a
little
parable
about
this
and
a
lot
of
things
that
you're
interacting
with
in
smart
contracts
and
in
in
blockchain.
Sometimes
you
don't
know
if
it's
really
going
on
anywhere.
So
if
it's
going
on
under
the
system
inside
inside
of
it,
so
here's
here's
a
little
scene
from
Westworld
season,
one
where
Billy
is
going
in
and
says
like.
Are
you
real
and
the
Very
pivot
comment
that
comes
out?
AU
So
this
is
something
that
we
did
in
this
in
hedera.
Hedera
has
a
very
rich
token
system
that
has
zero
connection
to
the
smart
contract
system.
This
is
how
they
get
their
10
000
TPS
number
on
token
trades.
Is
they
just
completely
bypass
the
evm,
but
there's
a
lot
of
use
cases
where
you
may
want
to
interact
with
your
smart
contracts
to
interact
with
your
native
hedera
tokens.
So
what
we
did
at
hedera
is.
We
took
the
addresses
of
the
tokens
and
we
made
a
little
jumper
contract.
You
call
into
it.
AU
It'll
immediately
jump
you
into
the
HTS
system
contract
and
do
whatever
you
would
need
to
do,
and
from
this
we
could
make
our
HTS
tokens
look
like.
You
had
deployed
an
open,
Zeppelin,
erc20
or
crc721
contract,
and
it
worked
great.
We
plugged
in
some
some
unicorn
some
uniswap
derivatives
we
plugged
in
0x
protocol
in
some
of
our
metamask
testing.
AU
It
just
magically
worked,
and
none
of
this
was
running
evm
code,
so
the
takeaway
from
this
is
it's
only
the
effects
of
what
happens
in
a
lot
of
these
systems
that
matters
clients
can
do
things
if
they
really
wanted
to.
They
could
pre-compile
the
open,
Zeppelin
contracts.
AU
If
speed
is
the
issue,
this
has
very-
and
this
is
honestly
what
zkevm
proving
is
is
using
in
the
system-
and
you
know
it's
it's
it's
the
side
effects
that
matter
and
I,
don't
understand
the
math,
but
the
math
checks
out,
and
so
you
can
take
that
same
approach
to
the
evm
I.
Don't
understand
the
evm,
but
the
side
effects
check
out.
So
you
can
pull
this
in
later
on
all
sorts
of
other
systems.
AU
Finally,
transactions
and
transacting-
this
is
probably
the
last
hurdle
that
we
had
to
overcome
to
really
up
our
game.
At
hedera
for
ethereum
compatibility,
we
had
to
adapt
the
ethereum
transactions
into
hedera
transactions.
I'll
go
through
this
in
some
of
the
slides,
but
first
I
want
to
talk
about
before
I
get
too
deep
into
the
transactions
a
little
bit
about
hedera's
consensus
mechanism
that
really
drives
a
lot
of
its
features.
Hedera
uses
a
consensus
mechanism
that
fully
separates
ordering
from
execution
and
the
way
they
do.
AU
AU
Eventually,
you
can
get
to
the
point
where
you
know
what
all
the
other
nodes
have
seen
and
what
they've
signed
and
attested
to,
and
you
can
come
to
a
conclusion
about
when
transactions
reached
the
the
majority
of
the
other
nodes
and
you
can
take
an
average
of
when
it
came
and
that's
your
timestamp
and
that's
your
Absolute
Total
ordering.
So
we
can
order
these
transactions
without
even
seeing
what's
on
the
inside
of
them.
AU
Now
one
of
the
great
things
about
this
is:
there
is
no
leader
that
comes
out
of
this
process.
So
so
when
people
say
hedera
is
not
a
blockchain,
it's
probably
better
to
say
that
there's
no
block
producers
in
hedera.
We
don't
go
into
a
memory,
pool
and
pick
and
choose
our
favorite
out
our
favorite
transactions
and
put
them
in
there.
You
get
the
order
that
you
get,
and
this
allows
us
to,
and
this
is
kind
of
the
trick
behind
how
we
get
our
amazingly
High
TPS
numbers
is
we're
running
the
evm
full
time.
AU
You
know
the
base
of
evm
is
not
the
fastest.
That
would
be
evm1,
but
what
we're
running
is
if
we
run
it
all
the
time
we
can
overcome
a
lot
of
those
barriers
and
we
can
get
that
transaction
and
that's
even
15
Mega
gas
per
second
is
even
us.
Holding
back
and
having
some
safety
features
in
there.
In
case
we
get
overloaded
in
other
parts
of
the
system.
Now
the
problem
is
this
really
doesn't
apply
to
ethereum.
AU
Blockchain
has
never
changed
their
consensus,
algorithm
well,
almost
never
and
consent,
and
and
ethereum
mainnet
just
changed.
There
is
over
to
proof
of
stake
and
a
lot
of
things
about
the
culture
are
falling
out
from
this.
Mev
is
accepted
and
endorsed
they're
talking,
there's
talkative
and
shrining
proposer
Builder
separation
into
the
protocol,
so
some
of
these
base
level
decisions
come
up
and
they
affect
the
nature
of
the
ecosystem.
AU
AU
But
this
is
a
problem
that
ethereum
very
strictly
uses
their
notes
and
they
really
use
their
notes.
As
sequence
numbers
I
really
wish
that
when
they
started
this
spec
instead
of
calling
it
a
notes,
we
call
it
a
sequence
number,
but
unfortunately,
that
ship
has
sailed
and
nearly
every
blockchain
out
there.
When
you
see
notes
in
a
transaction,
you
know
it
seeks
its
sequence
number,
except
for
one.
I,
really
had
to
dig
deep
in
my
memory
for
this
one.
This
is
a
blockchain
out
of
China,
that's
very
ethereum-like,
but
it
doesn't.
AU
It
doesn't
do
the
transaction
sequence
numbers
and
the
notes
it
actually
treats
them
as
a
true
nouns,
great
for
performance
and
throughput
horrible
for
memory.
So
not
everyone
does
this,
but
we
had
to
adapt
announces.
AU
The
next
issue
was
meta
transactions.
We
took
a
process
where
we
wrapped
the
transactions
of
the
ethereum
rlp
inside
of
a
hedera
transaction,
and
we
started
the
hedera
transaction
with
one
account
and
the
inner
account
was
responsible
for
it.
This
is
you
know,
plastic
protocol
level,
meta
transactions,
there's
not
too
much
fancy
stuff
going
on
with
it,
and
it
just
transparently
works.
The
Relay
can
agree
to
pay
for
none
of
the
gas,
some
of
the
gas
or
all
of
the
gas
and
the
transaction
on
the
inside
is
responsible
for
the
rest
of
it.
AU
So
so,
if
we
need
to
get
meta
transactions
into
into
ethereum
mainnet,
the
way
to
do
it
would
be
through
in
shredding
in
the
protocol
would
be
the
best
way.
What
we
have
right
now
with
the
Cooperative
impersonation
going
on
is,
is
a
good
enough
way
for
people
that
want
to
participate,
but
account
abstraction
also
has
the
potential
to
solve
this
problem
of
allowing
people
to
to
pay
in
one
account
and
act
in
another.
AU
Now
I
promised
I'd
come
back
to
this
off
and
off
call.
So
it's
not
just
that
other
people
don't
do
it.
It's
that
other
people
solve
the
problems
directly
in
the
protocol.
So
I
think
that
the
people
don't
use
off
and
off
call
is
their
solution.
I
think
is
is
stronger
evidence
and
I.
Think
on
balance
is
going
to
come
by.
AU
Even
if
you
take
these
evidences
out
that
it's
not
worth
the
risk,
maybe
we
should
examine
payer
executor
splits
to
solve
some
of
these
off
and
off
call
problems
and
finally,
there's
Json
RPC.
This
is
truly
the
last
mile
of
ethereum
compatibility.
If
you
don't
speak,
Json
RPC,
all
the
masses
of
retail
tools
and
developer
tools
will
not
talk
to
your
blockchain,
so
we
had
to
write
up
a
relay
server
that
would
stand
up
in
the
middle.
AU
Take
those
RPC
calls
send
it
out
to
consensus
layer,
send
it
to
our
mirror
node,
and
this
looks
a
lot
like
the
portal
Network.
So
the
portal
Network's
idea
of
having
a
proxy
that's
going
to
go
through
and
talk
to
systems
that
aren't
necessarily
live,
but
have
verifiable
information.
It's
going
to
work
great.
It
works
great
for
us,
so
this
is
something.
AU
This
is
something
that
I
have
a
lot
of
Hope
for
I've
been
following
Piper's
work
for
quite
a
while
I
think,
it's
great
and
again
I
think
that
covers
most
oh
yeah.
One
last
ax
ask
this.
Is
this
is
my
last
point?
AU
AU
We
can't
put
good
front
ends
on
it
and
split
the
balance
easier,
it's
just
as
simple
as
putting
the
method
name
in
the
URL,
but
have
huge
impact,
and
so
that's
one
of
the
issues
because
hedera
uses
grpc
and
it's
got
amazing
load
balancing
implications,
but
we
can't
quite
do
the
same
tricks
that
we
do
with
with
Json
RPC.
AU
So
in
the
25
minutes
that
I
had
to
talk
or
the
20
minutes,
I
was
allocated.
Those
are
my
conclusions
of
of
what
we
could
really
learn
from
from
ethereum
from
from
other
networks
and
what
ethereum
could
apply.
I
think
account.
Abstraction
has
great
future
potential
to
solve
a
lot
of
these
problems.
The
evm.
AU
If,
if
a
chain
wants
to
really
run
the
evm,
they
will
do
the
changes
they
need
to
there's
not
too
much
changes.
The
evm
needs
to
do
it's
the
user,
tooling.
That
might
need
to
change
to
deal
with
potential
changes
in
cryptography
that
comes
ahead
and
not
every
chain
is
going
to
be.
A
theory
mean
that
there's
going
to
be
other
changes
that
do
cool
things
that
aren't
compatible
with
ethereum
mainnet.
That's
fine!
AU
Let
them
do
their
cool
things,
let
a
theory
be
ethereum
and
if
you
have
any
questions
or
comments,
my
DMs
are
open.
Just
don't
offer
me
a
pump
and
dump
I
will
delete
you.
S
Thank
you.
You
can
also
catch
him
outside
and
chase
him
later
at
the
conference.
In
about
10
minutes,
2
30.
We
are
going
to
welcome
on
stage
kelsus
to
talk
about
rotkey
and
its
Mission
on
running
an
open
source
project.
So,
if
you're
interested
in
that,
please
come
back
in
about
nine
minutes
now.
S
S
S
A
A
A
A
A
A
S
S
S
S
AD
So
today
we
will
talk
about
open
source
and
local
first
and
why
it
matters
for
the
ownership
and
privacy.
These
are
driving
principles
behind
development.
So,
let's
start
so,
who
am
I?
I
have
been
doing
application,
development,
local
mobile
and
web
since
2010,
most
of
the
time
of
the
most.
The
time
of
this
was
doing
open
source
and
have
I
have
been
a
lot
of
contributors
since
2018
handling
parts
of
the
front-end
infrastructure
packaging.
So
what
you're
doing
startup
pretty
much
attaching
all
over
the
code
base.
AD
So,
let's
start
with
the
problem
today,
the
problem
today
is
that
we
don't
have
enough
decentralization.
A
lot
of
the
software
we
use
daily
is
closers,
it
runs
from
data
centers
and
there
you
don't
have
ownership
or
control
of
your
data.
AD
They
can
use
it
to
train
muscle,
learning
algorithms
use
it
for
whatever
reason
there
is
no
transparency
and
you
have
to
trust
that
they
use
it
as
they
claim
they
might
claim
that
they
have
encryption,
but
you
don't
have
any
way
to
verify
that
there
is
no
master
key
and
there
is
no
way
to
be
sure
that
all
the
claims
are
true.
Then
your
data
can
only
this
can
happen
with
different
ways
like,
for
example,
accidents.
AD
Didn't
know
what
they
were
doing
and
all
your
private
information
is
public
or
hacks,
or
some
companies
just
outright
sell
data.
There
was
a
nice
John
Oliver
episode
about
data
Brokers.
That
was
really
scary
on
how
much
information
they
could
get
about
people
even
sensitive
information
like
healthcare
and
the
exact
point
where
people
were
living
then
other
problems
are
the
companies
can
go
out
of
business
and
then
basically
you
lose
access
to
all
your
data.
Another
problem
can
be
that
they
can
be
platform.
You
something
happens.
AD
Your
account
is
locked
and
then
put
for
your
data
is
gone.
We
can
see
some
examples
so,
for
example,
deeper
started
blocking
all
the
Russian
users,
so
basically
they
lost
access
to
their
funds,
and
then
we
had
the
case
of
Snapchat
where
employees
were
abusing
that
access
to
justify
on
users
and,
as
we
saw
like
uber,
was
hacked
recently
by
a
teenager.
So
it's
easy,
you
know.
If
your
public
information
goes
out,
then
there
is
no
way
back.
AD
Then
we
had
the
leather
hack,
like
people
were
receiving
mail
after
their
homes,
which
can
be
really
scary
because
their
public
addresses
their
private
addresses.
The
home
addresses
were
outside
in
public,
so
let's
talk
about
open
source.
What
these
officers
like.
AD
10
criteria
that
are
defined
open
source.
The
main
idea
is
that
the
open
source
software
is
freely
distributed
along
with
the
source
code
and
it
doesn't
limit
the
users.
There
is
no
discrimination
against
people
and
guess
against
the
use
of
this.
Everyone
can
use
up
into
software.
We
also
have
cases
of
software
that
has
public
available
code,
but
it
is
endometriosis.
Some
examples
include
you
know.
AD
The
delayed
open
source
lines
license
that
units
of
another
have
maybe
mongodb
server-side
public
license
and
in
a
lot
of
cases,
I
can
understand
the
reason
behind
that,
because
it's
really
hard
for
open
source
projects
to
fight
against
big
companies.
You
know
like
the
reason
for
the
server-side
public
license
is
that
AWS
was
taking
all
of
mongodb
selling
it
as
a
service,
and
then
the
developers
didn't
have
the
funds
and
they
had
to
maintain
and
fix
the
issues.
AD
So
why
open
source?
But
there
are
some
strong
benefits,
Building
open
source.
You
can
have
a
strong
Community
involvement,
you
can
have
transparency,
reliability,
security
and
it
also
makes
it
attracting
Talent
easier
and
it
avoids
also
a
vendor.
Looking
so
like
Community
involvement,
there
are
people
around
like
someone
needs
a
feature
we
might
be
over
one
and
someone
with
technical
knowledge
can
come
and
contribute
to
the
code
base
and
not
the
future,
but
they
want
to
use
so
other
people
can
also
use
it.
AD
AD
Because
it's
always
easier
to
hire
someone
that
I
have
previously
worked
with.
You
had
the
good
interaction.
So
then,
maybe
you
also
take
your
code
and
you
can
see
in
an
easier
way
that
someone
is
a
good
fit
for
your
culture
and
which
is
not
always
the
case
when
doing
some
small
interviews-
and
you
know
like
giving
some
kind
of
task.
AD
And
then,
like
I
said
you
can
avoid
better,
but
you
always
have
access
to
the
source
code.
You
know
always
have
access
to
the
application.
You
can
take
the
data,
you
can
access
the
data,
so
in
case
you
want
to
move
and
migrate
from
the
platform.
AD
AD
AD
Centralized
exchanges,
what
this
means
is
that
all
the
processing
of
this
data
happens
locally
on
your
machine
data
is
not
used
to
a
remote
server.
It's
not
used
to
the
remote
API.
Everything
happens
transparently
in
your
machine,
so
your
local
data
is
primary.
Unlike
you
know,
all
these
Cloud
stuff
is
like
using
Google
Drive.
AD
So,
let's
talk
about
the
last
game.
It's
a
nice
project
we
are
building.
Rocky
is
a
portfolio
tracker
and
accounting
tool
that
is
open
source,
local
first
and
it's
focused
on
privacy
and
unlike
what
some
people
believe,
the
rapid
team
is
not
only
the
series,
but
we
know
he's
kind
of
superhumor,
but
he
cannot
do
everything
on
his
own.
Currently
team
consists
of
seven
people,
six
developers
and
one
person
handling
operations
developers.
We
have
the
series
with
most
of
you.
If
not
everyone
knows
then
I'm,
you
know
Business
Development.
AD
It
does
a
lot
of
stuff,
then
I'm
doing
mostly
fronted
the
back
end
intersection,
like
I
said,
then
we
have
zapil
that
can
also
back
in
looking
is
working
with
me
on
trumpet
and
case
has
been
a
really
great
help,
and
then
we
have
Isaac
and
Alexis
with
our
newest
members
that
are
also
plugins,
I.
Think.
Finally,
the
seminar,
the
first
wife
that
really
helps
us
with
you
know
the
non-technical
stuff
that
the
company
needs,
and
we
are
really
glad
to
have
here.
AD
So
we
are
really
Roti
across
some
like
three
basic
principles
is
open
source,
it's
local
first
and
it
uses
to
store
the
data.
With
this,
we
can
guarantee
that
the
functionality
is
like
you
don't
have
to
actually
trust
us.
You
can
verify
on
how
we
handle
your
data
and
how
they
approach,
because
it's
a
local
lab,
don't
need
data.
We
don't
have
access
to
your
data.
We
don't
know
anything
about
different
data.
Any
address
any
account
anything
you
put
on
dropkick
stays
locally
encrypted
in
the
database
in
your
machine.
AD
AD
AD
And
then
you
have
a
global
degree
that
usually
information
is
available
for
Mac,
OS
and
windows,
and
we
now
support
it.
Also.
AD
Although
you
should
be
careful,
design,
I
said
look
at
that,
so
it
would
be
better
if
you
have
a
proxy
in
the
front
for
security
reasons,
and
then
there
is
another
way
if
you
own
the
governor,
there
is
enough
packets
and
we
are
in
close
collaboration
with
Dublin.
We
makes
things
really
easier
and
we
want
to
improve
our
experience
there.
So,
for
example,
we
are
working
to
make
a
automotive
automatic.
AD
Bitcoin,
along
with
a
number
of
centralized
expenses
and
defy
protocols
in
the
next
release
in
this,
we
are
doing
work
so
that
it
makes
it
easier
for
us
to
support
multiple
events
so
slowly
we
will
start
adding
support
for
MultiLing
change,
starting
with
optimism.
AD
So
in
directly
you
can
see
your
account
history.
If
there
is
hard
to
talk
in
Tuesday
talking
about
how
we
do
transaction
decoding
here,
you
can
see
how
this
looks
inside
the
app.
In
this
example,
you
can
stream
it
basically
migrating
400
side
to
die
and
then
selling
them
for
1.7
meat
from
kyber.
AD
Then
we
have
a
camping
job
Accounting
in
rock
Keys
customizable.
We
try
to
be
as
general
as
we
can
so
that
we
can
support
us
in
many
jurisdictions.
You
can
parameterize
how
to
generate
your
pin
and
report,
and
then
you
can
export
CSP
that
you
can
pass
to
your
accountant
and
do
your
tax
report.
AD
AD
AD
An
easy
way
would
be
to
you
know:
get
your
top
node,
have
your
full
not
like
a
running
GIF
or
rare
gold
or
Mastermind,
and
then
you
can
use
true
blocks
as
an
indexer,
because
I
mean
rock
at
the
moment.
Do
we
have
a
problem?
Because
there
is
no
easy
way
to
get
an
account
transaction?
AD
You
basically
connect
all
your
information,
like
your
email
address,
your
IP
address
your
account
and
probably
they
they
have
to
prescribe
as
a
policy,
but
you
have
to
trust
them
for
that
because
they
are
closer.
So
the
best
idea
was
happy
to
have
something
like
two
blocks:
running
and
toolbox
can
index
transactions
which
can
benefit
this
way.
You
could
do
a
really
privacy
portfolio,
tracking
and
accounting.
You.
AD
Locally
in
your
mobile
device,
so
that's
you
know
like
we
met
the
user
using.
AD
AV
Hello,
I'm
liking
a
lot
of
these
small
projects
and
I'm,
making
a
lot
of
a
lot
I
find
them.
I
have
I.
How
do
you
finance
Rodney?
That's
my
question.
The
funding
yeah,
the
funding.
How
is
your
are?
You
are
doing
for
freedom
to
release
a
business
model,
because
at
the
end
of
the
day
you
all
have
to
eat.
I
know
you
have
to
eat
yeah.
AD
Exactly
exactly
so,
funding
is
really
hard.
Like
I
said,
we
currently
have
funding
from
Bitcoin
grants,
which
is
I,
think
one
of
the
our
biggest
source
of
support
and
then
that
there
is
I'm
trying
to
find
the
ways
so
that
we
can
get
grants
or
integrating
with
different
protocols.
AD
So
these
I
think
are
the
main
ways
of
planting
and
paying
salaries.
Of
course,
you
know
it's
not
as
an
open
source
project
between
our
fashion,
so
our
salaries
are
not
the
best
like
we
are
below
market
rate,
but
you
know
it's
something.
We
love
to
do
so
yeah,
it's
hard
it's
hard,
and
then
we
have
the
premium
subscription.
But
at
the
moment,
in
a
few
subscription
is
10
euros
per
month.
AD
AD
You
know
like
there
is
a
no
unified
model
of
the
subgraphs,
so
for
every
product
we
support,
we
have
to
add
a
new
subgraph,
and
this
actually
gives
us
a
huge
maintenance
cost,
because
we
have
to
go-
and
you
know
like
Implement
on
our
side.
The
schema
handle
every
substance
in
a
different
way
and
then
like
as
soon
as
the
subgraph
breaks.
AD
We
have
to
fix
it,
but
communicate
with
people
that
are
armiting
the
suburbs,
and
then
we
have
to
release
the
path,
at
least
to
fix
that
for
our
users,
because
the
app
is
working,
and
this
is
why
we're
trying
to
find
the
way
that
is
more
identified
and
more
generic
and
that
doesn't
need
the
examination.
So
you
know
like
the
way
the
enable
system
works
pop
up
and
we
have
to
support
them.
AD
S
And
also
he
tells
us
outside
of
the
roof.
If
you
want
to
ask
in
about
five
minutes
so.
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
A
A
A
A
A
A
A
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
H
H
H
H
H
H
H
H
H
S
Hello,
everybody,
so
we
are
back
with
our
segment.
The
speaker
has
arrived.
So
next
up,
we
are
going
to
hear
a
talk
on
taxation
of
crypto
in
Colombia
by
the
head
of
the
Colombian
tax,
Authority
Luis,
Carlos
Regis.
So
please
everybody
run
of
Applause
for
the
speaker.
AW
Thank
you,
hi.
Everyone
I'm
here
to
remind
you
that,
even
though
crypto
isn't
in
no
type
of
crypto
is
currently
a
form
of
money
in
Colombia,
that
doesn't
mean
you
don't
have
to
pay
taxes
on
it.
That's
a
joke!
Yeah!
No,
but
even
even
you
know,
because
of
this,
we
want
to
make
sure
that
the
rules
for
paying
taxes
on
crypto
and
crypto
related
activities
are
are
clear.
We're
taking
steps
to
make
that
make
things
even
clearer
than
they
currently
are.
AW
A
few
of
you
may
have
wondered,
especially
if
you,
even
if
you
have
just
used
a
crypto
platform,
if
you
are,
if
you
have
to
pay
any
taxes
on
the
gains
that
you
make
from
your
Investments
or
if
you
run
a
platform
I,
don't
know
if
representatives
of
the
the
exchanges
in
the
country
are
are
here,
we
would
like
to
make
sure
that
you
know
exactly
what
rules
you
have
to
to
follow.
AW
AW
So
in
Colombia
you
have
to
you
know
you,
you
have
to
fill
out
a
tax
return
as
just
a
you
know,
a
natural
person,
you
you
have
to
declare
your
net
worth,
which
is
a
very
particular
thing
to
the
Colombian
tax
system.
Many
of
you
guys
probably
have
heard
the
debate
in
Congress
about
a
taxation
of
your
net
worth
how
it's
calculated,
and
so
just
you
know
just
like.
AW
If
you're
curious
about
this,
you,
you
would
basically
have
to
to
tell
us
to
tell
the
the
tax
administration
the
the
value
of
the
crypto
at
the
the
passive
value
that
you
acquired
it
on
on
the
day
when
you
acquired
it,
you
just
have
to
tell
us
there's
currently
no
taxes
on
on
your
net
worth.
AW
There
have
been
in
the
past,
but
this
is
only
for
informational
purposes
and
everything
else
is
essentially
a
capital
gains
taxation,
if
you,
so
if
you,
if
you
buy
crypto
or
other
assets
right,
if
you
buy
nnft
and
it
increases
in
value,
you
don't
have
to
pay
any
taxes
until
the
moment
when
you
sell
it.
So
if
you
sell
it,
you
make
money
on
it.
AW
The
difference
between
the
price
which
you
bought
it
and
the
price
that
that
you
got
for
it
is
the
is
the
basis
on
which
you
have
to
pay
a
rate.
That
rate
will
depend
on
whether
you
have
held
the
the
assets
for
two
years
or
or
more
if
you
have
held
them
for
more
than
two
years.
This
is
the
this
is
the
roughly
speaking
the
capital
gains
tax.
It's
called
in
in
Colombia.
AW
It's
currently
a
10
tax
rate.
If
the
tax
reform
bill
that
we're
working
on
goes
through,
it
will
be
at
15
of
the
the
appreciation.
AW
If
you
sell
the
asset
before
two
years,
then
you
just
have
to
pay
the
the
ordinary
rate,
which
is
a
progressive
taxation
scheme.
It
starts
at
19
percent
and
at
very
high
levels
of
income.
It
goes
all
the
way
up
to
39
percent,
which
is
much
like
what
you
would
pay
in
in
the
United
States
for
ordinary
income
as
well.
AW
You
may
have
wondered
I
know
because
I
have,
if,
if
you're
in
an
exchange-
and
you
buy
and
sell
crypto
right-
maybe
you're
just
playing
around
with
any
type
of
cryptocurrency
you've
made,
and
you
sell
it
to
someone
right
and
if
you,
if
you
like
to
think
about
tax
issues
which
some
people
do
you
may
Wonder.
Does
this
pay
vat,
though
the
value
added
tax
Eva
in
Spanish?
AW
Well,
there
are
activities
such
as
exchanges
that
are
that
do
not
pay
vat
it.
So
when
it
comes
to
intangible
assets
like
like
crypto,
then
as
long
as
they
don't
have
an
intellectual
commercial
industrial
value.
So
this
is
more
like
patents
right
like
if
they
don't
have
that
that
added
value
then
you're
not
responsible
for
paying
vat.
The.
AW
However,
if
you're
selling
say
at
least
some
sort
of
of
nfts,
there
may
be
vat
to
be
be
paid
so,
especially
if
you're
thinking
of
running
a
business
that
operates
buying
and
selling
crypto
nfts
other
types
of
digital
assets.
These
are
things
that
you
may
want
to
take
into
account,
and
we
want
to
make
this
easy
for
those
paying
taxes
right.
You
have
to
pay
them.
AW
The
least
we
can
do
is
make
it
easy
for
you,
so
we
are
here
to
to
help
I
have
I've
given
instructions
to
the
the
the
subdirectorate
in
charge
of
Norms.
You
know
interpreting
the
the
tax
norms
for
specific
cases
in
specific
Industries,
to
compile
all
the
concepts
we
have.
We
have
issued
about
crypto
in
a
single
document,
and
but
also
we
are
here
to
collect
the
questions
that
you
may
have,
and
we
want
to
issue
an
official
concept
about
this.
AW
We
want
to
do
this,
both
in
Spanish
and
in
English.
We
want
to
have
a
clear
rules
for
those
coming
from
abroad
to
to
invest
and
even
though
I
think
we're
all
excited
for
the
for
the
closing
event
at
3
30..
We
are
here
to
to
take
questions,
yeah
sure.
N
AW
AX
You
were
mentioning
that
we
would
have
to
pay
taxes
if
I,
you
know,
purchase
a
Bitcoin.
Let's
say
it
goes
up
in
price
and
then
sell
it
for
fiat
currency,
but
if
I
were
to
buy
a
Bitcoin
and
then
swap
it
to
another
currency,
another
digital
currency,
let's
say
ethereum
and
the
price
was
well
technically
created
a
taxable
game.
How
would
I
pay
that
tax
would
I
pay
it
in
the
value
of
the
local
fiat
currency?
What
I
pay
it
in
one
or
the
other
intangible
ads
assets?
How?
AW
That's
a
great
question
because
currently
ether
and
then
that
Bitcoin
are
not
currently
considered
currency
in
Colombia
and
you're,
just
swapping
assets,
it
may
depend,
but
you
would
probably
just
have
to
pay
the
time
you
sold
the
in
your
example
the
ethereum
for
Fiat
and
then
I
I.
Think
that
also
reason,
the
question
of
what
do
you
do
if
you,
if
you
buy
something
in
crypto
right
like
if
you,
if
you
buy
a
house
in
crypto
like
what
would
you
do?
AW
How
does
it
work
and
then
in
in
that
case,
you
would
have
to
take
into
account
the
the
value
at
which
that
that
house
is
fairly
valued
and
the
value
of
of
your
asset
and
then
that
difference
would
be
the
basis
for
for
taxation.
AY
You
never
specified
whether
for
whether
it
was
first
in
first
out,
which
is
if
I
had
bought,
Bitcoin
and
maybe
I
put
it
off
to
the
side
for
long-term
storage
or
ethereum,
whichever
asset
and
then
later
I
start
trading
with
other
assets
over
here.
So
first
in
first
out
would
say
that
the
very
first
purchase
of
the
asset,
ethereum,
let's
say,
was
at
a
hundred
dollars
and
now
it's
at
fifteen
hundred
dollars.
It
doesn't
matter
my
trades
over
here.
It's
first
in
first
out,
do
you
understand
the
first
day
and.
AW
So
we
in
I
think
the
what's
really
helpful
for
for
thinking
always
is
that
for
all
practical
effects
and
purposes
in
Colombia
crypto
assets
are
intangible
assets,
so
you
would
handle
State
inventories.
In
the
same,
you
would
follow
the
the
current
accounting
rules
right
in
in
Colombia.
This
I
don't
know
what
accounting
rules
you're
most
familiar
with,
but
we
wouldn't
be
using
a
US
U.S
Gap,
but
we
would
be
using
IFRS
rules
for
for
accounting.
AW
So
so
that's
what
would
apply
it
would
apply
in.
In
this
case,
I
I
I
think
we
proudly
in
the
concept
and
then
the
document
that
we
will
post
I
will
post
it
on
on
my
Twitter
account
to
to
start
clarifying
some
of
those
things,
but
mostly
to
invite
questions
like
this,
so
that
we
can.
We
can
give
you
specific,
detailed
answers.
AB
AW
Should
we
tax
that
yeah?
Currently,
we
so
you
you
can
be
paid
in
in
in
in
and
things
other
than
Fiat
in
in
Colombia,
and
that's
that's
already
regulated
right.
AW
You
could
be
paid,
so
some
people
are
paid
in,
or
at
least
partly
in
education
for
their
children
right,
like
their
their
firm
pays,
their
children's
tuition
or
they
give
them
access
to
country
clubs
which
have
a
certain
value
and
all
those
payments
in
basically
and
stuff
the
same
rules
as
for
payments
and
income
and
then
and
excuse
me
and
Fiat
apply.
AW
So
you
would
basically
have
to
tell
the
the
government
what
the
so
what's,
the
the
fair
Market
Fiat
value
of
the
crypto,
and
that
would
be
the
the
basis
of
the
tax
you
pay.
But
you
would
pay
exactly
the
same
as
if
you
were
paying
as
if
you
were
paying.
If
you
were
being
paid
in
in
in
Fiat.
AW
So
suppose
yeah
suppose
you
so
so
you
work
for
a
company,
that's
paying
you
in
in
crypto,
then
they
pay
you
in
the
Italian
government.
This
is
how
many
pesos
this
was
worth.
Then
you
pay
taxes
on
the
basis
of
that.
But
then
your
crypto
continues
to
gain
in
value.
AW
If
you,
if
you
sell
it,
to
buy
something
something
else,
then
at
the
moment
of
selling
it,
you
would
pay
an
additional
tax
on
on
those
capital
gains,
basically
yeah,
and
if
you
you
know,
if
you
found
someone
who
was
willing
to
to
sell
you
stuff
directly
for
for
crypto,
then
this
this
follows
the
same.
AW
There
are
rules
and
regulations
in
Colombia
that
apply
to
exchanges
of
stuff
right
like
if
you,
if
you
trade,
I,
don't
know
if
you
trade
a
house
for
five
cars,
which
is
something
that
people
sometimes
do
you
would.
You
would
apply
the
same
rules
in
the
tax
code
yeah
some.
AZ
AW
So
I'm,
sorry,
the
question
is,
you
have
I.
AZ
Don't
have
one
just
okay:
okay,
hypothetically,
there
is
a
wallet
with
debit
cards.
So
how
do
they
pay
taxes
along
the
way
when
you
have
debit
cards,
the
payment
processors-
and
there
is
a
crypto
wallet
involved.
AW
Right
yeah,
currently
none
of
that,
so
those
are
things
that
would
have
to
be
regulated
by
the
by
the
financial
Authority,
the
the
Colombian
SCC,
the
superintendency
of
financiera,
because
the
regulation
is
still
to
come.
You
would
basically
not
pay
a
lot
of
things
that
you
pay
in
the
current
Financial
system.
AW
There's
you
may
be
aware
that
that
in
Colombia
there's
the
the
cuatro
per
meal,
which
is
like
a
0.4
percent
tax
on
financial
transactions
that
would
apply
only
when
you
convert
that
into
you
know,
into
into
Fiat
and
into
the
traditional
Financial
system.
But
that's
that's
a
great
idea
to
raise
your
Revenue
I'll.
Take
that
one
with
me,
yeah
I'm,
just
kidding,
but.
AW
As
a
collateral
like
for
getting
a
loan
or.
BA
Yes,
exactly
yeah.
This
is.
AW
This
is
still
something
that
has
to
be
regulated
by
the
financial
Authority,
so
I
suppose
you
could
sign
a
private
contract
and
then
you
give
this
as
a
collateral.
As
long
as
someone
else
accepts
it,
you
you
could
sign,
you
could
sign
a
contract
that
that
specifies
it
right.
Yeah.
AW
Right,
okay,
so
in
the
case
of
of
D5
yeah
we're.
Actually,
this
is
one
of
the
questions
that
that
we
currently
want
to
to
address
in
detail,
because
it's
a
question
that
we've
been
yeah,
we're
being
asked
a
lot
so
so
we're
working
on
on
issues
related
to
to
D5
for
sure
yeah.
A
BB
Your
office
here
yeah
your
offer
your
office
published
a
document
like
four
months
ago,
the
former
director
regarding
this
taxes
on
crypto,
that
that
document
is
still
running.
We
have
to
apply
that.
AW
It's
it's
still
in
force.
There
were
roughly
25
documents
that
we
had
published
answering
various
questions,
so
what
we're
doing
is
we're
compiling
all
of
them
in
a
single
document
so
that
you
have
everything
in
One
Source,
but
nothing
has
has
changed.
AW
We
just
want
to
make
this
more
accessible
and,
like
I
said
some
of
these,
you
know
these
questions
and
more,
if
you
guys
want
to
you
know
talk
to
to
the
the
two
lawyers
from
from
the
end
that
that
came
here
with
me,
we
will
make
sure
to
address
them.
We
want
to
give
the
to
have
a
comprehensive
treatment
of
of
how
to
handle
these
tax
issues.
BB
The
context
of
of
my
question
is
because
the
the
former
director
yeah
said
in
inkara
called
noticias
that
people,
that
is,
that
needs
to
declare
their
crypto.
They
have
to
do
it
from
2017
and
they
have
to
pay
the
multas
from
those
years.
17
18
19
20..
And
what
do
you
think
about
that?
Because
the
incentives
are
maybe
not
aligned
and
people
don't
want
to
declare
something
to
be
a
bad
person
and
paying
those
multas?
You
know.
AW
Right
as
part
of
the
the
the
tax
reform
bill
that
we
are,
you
know
shepherding
through
Congress.
We
are
trying
to
make
a
lot
of
those
fines,
not
just
for
crypto
specifically,
but
for
a
lot
of
different
businesses
and
also
just
regular
people
a
lot
more
understanding
of
when
people
are
not
really
at
fault,
and
we
want
to
focus
on
actual
tax
evaders.
The
process
is
still
ongoing.
AW
So,
as
I
said,
we
we
welcome
all
feedback
that
that
you
may
have
about
the
permissions
that
we
have
already
included
in
the
bill,
and
what
else
could
be
could
be
useful.
One
thing
that
we
we
have
gotten
a
lot
of
questions
about
has
to
do
with
whether
we
will
accept
taxes
in
crypto.
It's
it's
something
that
we,
as
of
as
a
tax
administration,
can
can
do.
If,
given
legal
Authority
by
Congress,
we
can
we
can
handle
it.
AW
We
think
it's
actually
very
interesting
if
you
know,
if
a
firm
or
if
a
person
wants
to
be
associated
with
a
specific
wallet
or
sets
of
wallets,
because
that
actually,
as
you
guys
know,
a
lot
of
people
still
think
that
that
crypto
is
cryptic
and
that
you
can't
trace
stuff
we're
actually
interested
in
the
traceability
of
a
lot
of
of
the
cryptocurrencies
and
that
it
that
can
only
be
good
for
us
as
a
tax
administration.
So
we're
very
open
to
all
of
these
proposals.
BC
Here
so
two
two
questions
the
first
one
is:
we've
talked
about
a
lot
of
taxes
right,
but
what's
your
truly
Vision
about
crypto
like
would
you
would
you
be
considered
as
a
pro
crypto
person
or
what
are
you?
Are
you
at
the
tractor?
BC
That's
one
and
the
other
one
which
more
question
that
I
always
ask:
do
you
hold
any
crypto
do
I?
What
do
you
hold.
AW
Any
crypto
I've
I've
held
it
yes,
yeah,
oh
no
for
sure
I
I
mean
look,
I,
think
it's
a
technology.
That's
here
to
stay,
I,
think
it's
promising
I
think
the
I
think
there's
a
lot
of
misconceptions
out.
Crypto
I
think
we
should
help.
Everyone
understand
that
this
is
a
promising
technology.
I
I
look
forward
to
the
forthcoming
regulation
that
various
other
government
agencies,
or
which
I
have
no
control
I,
should
say
that
will
will
issue
at
some
point.
I
think
it
should
be
sooner
rather
than
later.
AW
I
think
there's
one
of
the
developments
that
that
I
find
most
exciting
is
Central.
Bank
issued.
You
know
digital
currencies,
I,
I
I
was
excited
like
I.
Suppose
many
of
you
were
when
the
Central
Bank
announced
that
they
are
studying
the
the
issue.
I
think
I
think
I
think
only
good
things
can
come
from
from
from
this
industry.
AA
Yeah,
okay,
I
have
another
question,
so
it's
more
about
stable
coins
and
usdt
usdc.
So
if
I
get
my
pesos
and
always
convert
them
into
US
dollars
or
well
in
this
case,
USD
or
usdt,
and
then
I
when
I
need
the
money
back
in
Colombia,
I
transfer
them
back
to
my
account.
What
would
be
that
tax
incentive
like
implications
there,
because
you
said
like
it's
like
buying
dollars,
you
know
Cameo
and
then
just
like
either
spending
in
abroad
or
just
having
them
in
your
house
or
whatever.
So
what
would
be
the
implications
there.
AW
Yeah
so
something
like
like
usdt
or
other
stable
currencies,
stable
coins
are,
they
are
not
legal
tender
here
or
anywhere,
so
they
are
under
Colombian
legislation
and
and
then
rules
they
are
considered
just
intangible
assets.
So
the
way
it
would
work
is
say
you
so
suppose
you
you
buy
I,
don't
know
you
like.
You,
go
through
a
whole
process
right,
you,
deposit,
some
Pesos
into
a
local
platform.
You
use
it
to
buy
Bitcoin,
which
then
you
in
a
local
platform.
AW
Then
you
transfer
to
a
platform
abroad
and
you
use
it
there
to
buy
some
usdt
and
then
you
do
some
more
stuff
with
it
and
then
you
bring
it
back
the
way
it
would
work
in
terms
of
of
it
being
taxed.
Is
you
there's
a
certain
amount
of
in
pesos
that
you
paid
at
the
the
exchange
rate?
The
official
exchange
rate
of
that
day.
AW
And
then,
when
you
transform
it
back
into
Pesos
at
the
very
end,
it's
the
difference
between
the
pesos.
You
got
at
the
very
end
and
the
passive
value
of
the
original
asset.
That's
that
would
be
the
the
the
capital
gains
so
to
speak.
Hello.
J
Hi
here
you've
stated
your
position
very
clearly
about
the
the
crypto
coins
and
all
these
coins
that
are
native
natively
digital,
but
there
are
also
other
type
of
tokens
that
represent,
for
example,
real
life
assets
such
as
houses
and
other
kind
of
things,
is
your
take
the
same
for
those
types
of
assets
that
have
a
real
asset
like
as
an
underlying
value,
an
underlying
value,
I'm,
sorry
in
real
life,
but
they're
just
represented
digitally.
AW
I,
like
the
technology
look
I
just
run.
The
tax
administration,
like
those
are
issues
for
the
for,
for
various
government
entities
right
like
I,
think
it's
exciting
to
to
see
how
you
know,
ownership
Registries
would
work
how
the
financial
regulation
really
is.
What,
as
we
all
know,
is
necessary
for
for
this
industry
to
to
have
a
more
solid
footing.
AW
I
and
I
do
hope,
and
then
I
know
that
that
the
people
involved
in
this
understand
the
the
issue
and
they're
working
towards
making
things
like
that
possible.
I
think
I
think
in
general
it's
an
exciting
technology
and
I.
I
also
think
that
we,
we
still
we're
still
trying
to
figure
out
all
the
possible
ways
in
which
the
technology
can
be
used,
so
I
I'm
sure
there's
more
to
come,
and
those
are
good
examples
of
what
we
could
see.
AW
So
when
you
have
underlying
assets
well
in
in
in
that
case,
yeah,
basically
the
difference
between
the
peso
price.
When
you
invested
in
the
peso
price,
when
you
finally
sold
it,
that's
that's
what
will
be
taxed
and
it
will
be
taxed
as
either
capital
gains
or
ordinary
income
meaningless.
BB
Yeah,
you
mentioned
the
cvdc
and
there
is
a
incentive
for
the
tax
authority
to
look
everything
that
the
citizens
do
for
tax
purposes
in
in
that
sense,
what
do
you
think?
What
is
your
position
about
the
privacy
of
of
the
citizens?
What
is
the
balance
between
knowing
and
taxing
what
they
do
and
knowing
a
lot
more,
that
would
you
need
to
to
know.
AW
I
think
that's
that's
a
question
for
for
Colombian
Society
to
answer
as
a
whole
I'm
going
to
be
performed
from
the
point
of
view
of
the
tax
administration,
we're
interested
in
in
the
traceability
of
transactions,
especially
given
that
the
Colombian
economy
is
so
informal,
and
so
many
people
use
cash
I.
Think,
for
instance,
we
you
know
if
we
could,
if
we
could
offer
people
a
digital
currency
that
is
more
convenient
than
cash
even
safer
than
cash
right
like
if
you're
like.
AW
If
someone
steals
cash
from
you,
there's
no
way
of
getting
it
back.
If
it's,
if
it's
highly
traceable
you,
you
may
be
able
to
know
what
happened
to
it
afterwards
right
so
those
I
I
think
I,
think
there
are
trade-offs
in
life
and
and
I
think
it
would
be
particularly
interesting
for
everyone
involved
to
have
a
digital
currency
that
is
not
100
Anonymous
that
can
be
traced,
but
that
also
offers
extra
safety
beyond
the
the
safety
that
that
cash
can
give.
You
yeah,
I,
think
my
time
is
up
and
we
probably.
S
AW
To
go
out
there,
but
thank
you
for
your
questions.
Alfredo
and
Stefania
are
here
to
take
to
collect
some
more
of
those.
If
you
and
yeah,
we
will
be
collecting
them
and
Publishing
an
official
document
answering
them
so
make
sure
to
ask
absolutely
everything
that
you
want
to
ask,
and
this
is
not
the
only
yeah
like
they
will
be
happy
to
share
contact
information
with
you
so
that
we
can
maybe
set
up
a
round
table
between
Diane
and
the
industry
and
and
start
clarifying
some
of
these
questions.