![Page 1: Intelligent Decentralized Williams_DFINITY _EDCON.pdf · h7 h6 h5 h4 h3 h2 h1 h A sequence of random numbers that is… Deterministic Verifiable Unmanipulable Next value released](https://reader033.vdocuments.net/reader033/viewer/2022041912/5e67d83929379d702a1ac59a/html5/thumbnails/1.jpg)
![Page 2: Intelligent Decentralized Williams_DFINITY _EDCON.pdf · h7 h6 h5 h4 h3 h2 h1 h A sequence of random numbers that is… Deterministic Verifiable Unmanipulable Next value released](https://reader033.vdocuments.net/reader033/viewer/2022041912/5e67d83929379d702a1ac59a/html5/thumbnails/2.jpg)
Intelligent Decentralized
CloudEDCON 18th February 2017 (V1.0)
![Page 3: Intelligent Decentralized Williams_DFINITY _EDCON.pdf · h7 h6 h5 h4 h3 h2 h1 h A sequence of random numbers that is… Deterministic Verifiable Unmanipulable Next value released](https://reader033.vdocuments.net/reader033/viewer/2022041912/5e67d83929379d702a1ac59a/html5/thumbnails/3.jpg)
Casper Extreme availability
crypto:3 Speed, scale-out…
The Code is Law Governance by community
The AI is Law Blockchain Nervous System
Experimental Ethereum Sister Network
BNS
![Page 4: Intelligent Decentralized Williams_DFINITY _EDCON.pdf · h7 h6 h5 h4 h3 h2 h1 h A sequence of random numbers that is… Deterministic Verifiable Unmanipulable Next value released](https://reader033.vdocuments.net/reader033/viewer/2022041912/5e67d83929379d702a1ac59a/html5/thumbnails/4.jpg)
Casper Extreme availability
crypto:3 Speed, scale-out…
The Code is Law Governance by community
The AI is Law Blockchain Nervous System
Experimental Ethereum Sister Network
BNS
Derived & maintains compatibility
“EVM Singularity”
![Page 5: Intelligent Decentralized Williams_DFINITY _EDCON.pdf · h7 h6 h5 h4 h3 h2 h1 h A sequence of random numbers that is… Deterministic Verifiable Unmanipulable Next value released](https://reader033.vdocuments.net/reader033/viewer/2022041912/5e67d83929379d702a1ac59a/html5/thumbnails/5.jpg)
Casper Extreme availability
crypto:3 Speed, scale-out…
The Code is Law Governance by community
The AI is Law Blockchain Nervous System
Experimental Ethereum Sister Network
BNS
New techniques from work dating back to 2014
![Page 6: Intelligent Decentralized Williams_DFINITY _EDCON.pdf · h7 h6 h5 h4 h3 h2 h1 h A sequence of random numbers that is… Deterministic Verifiable Unmanipulable Next value released](https://reader033.vdocuments.net/reader033/viewer/2022041912/5e67d83929379d702a1ac59a/html5/thumbnails/6.jpg)
Casper Extreme availability
crypto:3 Speed, scale-out…
The Code is Law Governance by community
The AI is Law Blockchain Nervous System
Experimental Ethereum Sister Network
DEFINING DIFFERENCE
Everything subject to distributed intelligence. DFINITY is not a conventional blockchain…
BNS
![Page 7: Intelligent Decentralized Williams_DFINITY _EDCON.pdf · h7 h6 h5 h4 h3 h2 h1 h A sequence of random numbers that is… Deterministic Verifiable Unmanipulable Next value released](https://reader033.vdocuments.net/reader033/viewer/2022041912/5e67d83929379d702a1ac59a/html5/thumbnails/7.jpg)
Let’s examine a crucial crypto:3 technique
Delivers finality 50X faster than today…“Threshold Relay in 10 minutes”
TODAY WE HAVE LIMITED TIME
![Page 8: Intelligent Decentralized Williams_DFINITY _EDCON.pdf · h7 h6 h5 h4 h3 h2 h1 h A sequence of random numbers that is… Deterministic Verifiable Unmanipulable Next value released](https://reader033.vdocuments.net/reader033/viewer/2022041912/5e67d83929379d702a1ac59a/html5/thumbnails/8.jpg)
Parameters - Two groups of prime order r
(on two elliptic curves) - Generators - Bi-linear pairing
G1, G2
e : G1 ⇥G2 7! GT
H(m) 2 G1
Q1 2 G1, Q2 2 G2
Key Generation - Secret key: - Public key:
Signing - Message hashed to - Signature:
Verification ?
x mod r
P = xQ2 2 G2
H(m) 2 G1
s = xH(m) 2 G1
e(s,Q2) = e(H(m), P )
Boneh-Lynn-Shacham Signatures (BLS)
BLS, 2003
UNIQUE DETERMINISTIC THRESHOLD SIGNATURE SCHEME
SUPPORTING DISTRIBUTED KEY GENERATION
![Page 9: Intelligent Decentralized Williams_DFINITY _EDCON.pdf · h7 h6 h5 h4 h3 h2 h1 h A sequence of random numbers that is… Deterministic Verifiable Unmanipulable Next value released](https://reader033.vdocuments.net/reader033/viewer/2022041912/5e67d83929379d702a1ac59a/html5/thumbnails/9.jpg)
Basic Threshold RelayIncorruptible, unmanipulable and unpredictable randomness
1
![Page 10: Intelligent Decentralized Williams_DFINITY _EDCON.pdf · h7 h6 h5 h4 h3 h2 h1 h A sequence of random numbers that is… Deterministic Verifiable Unmanipulable Next value released](https://reader033.vdocuments.net/reader033/viewer/2022041912/5e67d83929379d702a1ac59a/html5/thumbnails/10.jpg)
A vast peer-to-peer broadcast network of mining clients…
![Page 11: Intelligent Decentralized Williams_DFINITY _EDCON.pdf · h7 h6 h5 h4 h3 h2 h1 h A sequence of random numbers that is… Deterministic Verifiable Unmanipulable Next value released](https://reader033.vdocuments.net/reader033/viewer/2022041912/5e67d83929379d702a1ac59a/html5/thumbnails/11.jpg)
That are registered on the ledger
0x1bd1ccf169d755306e077b38cb9aeae28e245351
0x2b197453dcfabe85be2fbe31c8cc19bd30576ed0
0x2b197453dcfabe85be2fbe31c8cc19bd30576ed0
DEPOSIT: 1000 DFN
DEPOSIT: 1000 DFN
DEPOSIT: 1000 DFN
![Page 12: Intelligent Decentralized Williams_DFINITY _EDCON.pdf · h7 h6 h5 h4 h3 h2 h1 h A sequence of random numbers that is… Deterministic Verifiable Unmanipulable Next value released](https://reader033.vdocuments.net/reader033/viewer/2022041912/5e67d83929379d702a1ac59a/html5/thumbnails/12.jpg)
Are randomly assigned to groups that…
GROUP—
GROUP—
GROUP—
GROUP—
GROUP—
…
![Page 13: Intelligent Decentralized Williams_DFINITY _EDCON.pdf · h7 h6 h5 h4 h3 h2 h1 h A sequence of random numbers that is… Deterministic Verifiable Unmanipulable Next value released](https://reader033.vdocuments.net/reader033/viewer/2022041912/5e67d83929379d702a1ac59a/html5/thumbnails/13.jpg)
GROUP—
GROUP—
GROUP—
GROUP—
GROUP—
…
Try to setup a “BLS threshold” scheme using DKG…
Joint Feldman
DKG
![Page 14: Intelligent Decentralized Williams_DFINITY _EDCON.pdf · h7 h6 h5 h4 h3 h2 h1 h A sequence of random numbers that is… Deterministic Verifiable Unmanipulable Next value released](https://reader033.vdocuments.net/reader033/viewer/2022041912/5e67d83929379d702a1ac59a/html5/thumbnails/14.jpg)
GROUP—
GROUP—
GROUP—
GROUP0x2b197453…
GROUP—
…
And register their PubKey on the ledger too
![Page 15: Intelligent Decentralized Williams_DFINITY _EDCON.pdf · h7 h6 h5 h4 h3 h2 h1 h A sequence of random numbers that is… Deterministic Verifiable Unmanipulable Next value released](https://reader033.vdocuments.net/reader033/viewer/2022041912/5e67d83929379d702a1ac59a/html5/thumbnails/15.jpg)
GROUP—
GROUP—
GROUP—
GROUP0x2b197453…
GROUP—
…
Joint Feldman
DKG
Joint Feldman
DKG
Setup is independent of blockchain progression…
![Page 16: Intelligent Decentralized Williams_DFINITY _EDCON.pdf · h7 h6 h5 h4 h3 h2 h1 h A sequence of random numbers that is… Deterministic Verifiable Unmanipulable Next value released](https://reader033.vdocuments.net/reader033/viewer/2022041912/5e67d83929379d702a1ac59a/html5/thumbnails/16.jpg)
GROUP0x7de4ac5…
GROUP0x8fb251b…
GROUP—
GROUP0x2b197453…
GROUP—
…
And occurs asynchronously
![Page 17: Intelligent Decentralized Williams_DFINITY _EDCON.pdf · h7 h6 h5 h4 h3 h2 h1 h A sequence of random numbers that is… Deterministic Verifiable Unmanipulable Next value released](https://reader033.vdocuments.net/reader033/viewer/2022041912/5e67d83929379d702a1ac59a/html5/thumbnails/17.jpg)
As regards the blockchain itself…
![Page 18: Intelligent Decentralized Williams_DFINITY _EDCON.pdf · h7 h6 h5 h4 h3 h2 h1 h A sequence of random numbers that is… Deterministic Verifiable Unmanipulable Next value released](https://reader033.vdocuments.net/reader033/viewer/2022041912/5e67d83929379d702a1ac59a/html5/thumbnails/18.jpg)
There is always a current group…
h
![Page 19: Intelligent Decentralized Williams_DFINITY _EDCON.pdf · h7 h6 h5 h4 h3 h2 h1 h A sequence of random numbers that is… Deterministic Verifiable Unmanipulable Next value released](https://reader033.vdocuments.net/reader033/viewer/2022041912/5e67d83929379d702a1ac59a/html5/thumbnails/19.jpg)
That signs the previous group’s signature…
BLS Signature Scheme
![Page 20: Intelligent Decentralized Williams_DFINITY _EDCON.pdf · h7 h6 h5 h4 h3 h2 h1 h A sequence of random numbers that is… Deterministic Verifiable Unmanipulable Next value released](https://reader033.vdocuments.net/reader033/viewer/2022041912/5e67d83929379d702a1ac59a/html5/thumbnails/20.jpg)
To select the next group and “relay”
Gh+1= G[�h
mod |G|]
![Page 21: Intelligent Decentralized Williams_DFINITY _EDCON.pdf · h7 h6 h5 h4 h3 h2 h1 h A sequence of random numbers that is… Deterministic Verifiable Unmanipulable Next value released](https://reader033.vdocuments.net/reader033/viewer/2022041912/5e67d83929379d702a1ac59a/html5/thumbnails/21.jpg)
To select the next group and “relay”
![Page 22: Intelligent Decentralized Williams_DFINITY _EDCON.pdf · h7 h6 h5 h4 h3 h2 h1 h A sequence of random numbers that is… Deterministic Verifiable Unmanipulable Next value released](https://reader033.vdocuments.net/reader033/viewer/2022041912/5e67d83929379d702a1ac59a/html5/thumbnails/22.jpg)
This is what Threshold Relay looks like
�h�1
SIGNATURE
h� 1
![Page 23: Intelligent Decentralized Williams_DFINITY _EDCON.pdf · h7 h6 h5 h4 h3 h2 h1 h A sequence of random numbers that is… Deterministic Verifiable Unmanipulable Next value released](https://reader033.vdocuments.net/reader033/viewer/2022041912/5e67d83929379d702a1ac59a/html5/thumbnails/23.jpg)
The signature created at h-1 selects the group at h
Gh= G[�h�1
mod |G|]=)
h
![Page 24: Intelligent Decentralized Williams_DFINITY _EDCON.pdf · h7 h6 h5 h4 h3 h2 h1 h A sequence of random numbers that is… Deterministic Verifiable Unmanipulable Next value released](https://reader033.vdocuments.net/reader033/viewer/2022041912/5e67d83929379d702a1ac59a/html5/thumbnails/24.jpg)
Group members at h broadcast signature shares
BROADCAST
{�hp , p 2 Gh}
h
![Page 25: Intelligent Decentralized Williams_DFINITY _EDCON.pdf · h7 h6 h5 h4 h3 h2 h1 h A sequence of random numbers that is… Deterministic Verifiable Unmanipulable Next value released](https://reader033.vdocuments.net/reader033/viewer/2022041912/5e67d83929379d702a1ac59a/html5/thumbnails/25.jpg)
Collect threshold of shares & create only possible group sig…
SIGNATURE
�h = bls({�hp , p 2 Gh})
h
![Page 26: Intelligent Decentralized Williams_DFINITY _EDCON.pdf · h7 h6 h5 h4 h3 h2 h1 h A sequence of random numbers that is… Deterministic Verifiable Unmanipulable Next value released](https://reader033.vdocuments.net/reader033/viewer/2022041912/5e67d83929379d702a1ac59a/html5/thumbnails/26.jpg)
That selects the next group, ad infinitum
Gh+1= G[�h
mod |G|]=)
h+ 1
![Page 27: Intelligent Decentralized Williams_DFINITY _EDCON.pdf · h7 h6 h5 h4 h3 h2 h1 h A sequence of random numbers that is… Deterministic Verifiable Unmanipulable Next value released](https://reader033.vdocuments.net/reader033/viewer/2022041912/5e67d83929379d702a1ac59a/html5/thumbnails/27.jpg)
This creates a decentralized VRF
�h�4�h�7 �h�6 �h�5 �h�3 �h�2 �h�1 �h
A sequence of random numbers that is…Deterministic Verifiable Unmanipulable
Next value released on agreement a threshold of the current group…Unpredictable
. .
, , , , , , ,
![Page 28: Intelligent Decentralized Williams_DFINITY _EDCON.pdf · h7 h6 h5 h4 h3 h2 h1 h A sequence of random numbers that is… Deterministic Verifiable Unmanipulable Next value released](https://reader033.vdocuments.net/reader033/viewer/2022041912/5e67d83929379d702a1ac59a/html5/thumbnails/28.jpg)
Random numbers should not be generated with a
method chosen at random
- Donald Knuth
“
![Page 29: Intelligent Decentralized Williams_DFINITY _EDCON.pdf · h7 h6 h5 h4 h3 h2 h1 h A sequence of random numbers that is… Deterministic Verifiable Unmanipulable Next value released](https://reader033.vdocuments.net/reader033/viewer/2022041912/5e67d83929379d702a1ac59a/html5/thumbnails/29.jpg)
Autonomous loan issuance and crypto “fiat”
Advanced Decentralized “Applications”
Scale-out Decentralized Network Protocols
Validation Towers
Validation Trees
USCIDs
Lottery Charging Lazy Validation
TLDR; unmanipulable randomness is v useful…
PSP Blockchain Designs
Financial exchanges
Data harvesting
![Page 30: Intelligent Decentralized Williams_DFINITY _EDCON.pdf · h7 h6 h5 h4 h3 h2 h1 h A sequence of random numbers that is… Deterministic Verifiable Unmanipulable Next value released](https://reader033.vdocuments.net/reader033/viewer/2022041912/5e67d83929379d702a1ac59a/html5/thumbnails/30.jpg)
Processes 10,000
Faulty 3,000
(Correct) 7,000
Group Size 400
Threshold 201
Fault Tolerance Example
NETWORK METRICS
Note: in practice the probability 30% of professionally run mining
processes “just stop” is very low. Miners will generally deregister IDs to retrieve deposits when exiting.
Calculated using hypergeometric probability.http://www.geneprof.org/GeneProf/tools/
hypergeometric.jsp
Probability that a sufficient proportion of the group are faulty that it cannot produce a signature
Note: groups should expire to thwart “adaptive” adversaries
1e�17P (Faulty � 200)
![Page 31: Intelligent Decentralized Williams_DFINITY _EDCON.pdf · h7 h6 h5 h4 h3 h2 h1 h A sequence of random numbers that is… Deterministic Verifiable Unmanipulable Next value released](https://reader033.vdocuments.net/reader033/viewer/2022041912/5e67d83929379d702a1ac59a/html5/thumbnails/31.jpg)
GROUP SIZE
Group size 400
Threshold 201
MESSAGE FORMAT
Process ID 20 bytes
Signature share 32 bytes
Signature on comms 32 bytes
Total 84 bytes
Communications Overhead Example
COMMUNICATION OVERHEAD
Maximum 34 KB
In order for a group to produce a threshold signature, its members
must broadcast “signature shares” on the message that can be
combined. Here is a typical packet carrying a signature share.
400 messages involve 34 KB of data transfer. However, only 17 KB (half
the messages) are required to construct the signature. Thereafter signature shares are not relayed, so a more typical overhead is 22 KB.
![Page 32: Intelligent Decentralized Williams_DFINITY _EDCON.pdf · h7 h6 h5 h4 h3 h2 h1 h A sequence of random numbers that is… Deterministic Verifiable Unmanipulable Next value released](https://reader033.vdocuments.net/reader033/viewer/2022041912/5e67d83929379d702a1ac59a/html5/thumbnails/32.jpg)
Threshold Relay BlockchainA Simple “Probabilistic Slot Protocol” (PSP)
2
![Page 33: Intelligent Decentralized Williams_DFINITY _EDCON.pdf · h7 h6 h5 h4 h3 h2 h1 h A sequence of random numbers that is… Deterministic Verifiable Unmanipulable Next value released](https://reader033.vdocuments.net/reader033/viewer/2022041912/5e67d83929379d702a1ac59a/html5/thumbnails/33.jpg)
At each height, the randomness orders the processes…
P4243
P4802
P0392
P3911
h� 3
![Page 34: Intelligent Decentralized Williams_DFINITY _EDCON.pdf · h7 h6 h5 h4 h3 h2 h1 h A sequence of random numbers that is… Deterministic Verifiable Unmanipulable Next value released](https://reader033.vdocuments.net/reader033/viewer/2022041912/5e67d83929379d702a1ac59a/html5/thumbnails/34.jpg)
At each height, the randomness orders the processes…
P4243
P4802
P0392
P3911
P7891
P0763
P9583
P7502
h� 2h� 3
![Page 35: Intelligent Decentralized Williams_DFINITY _EDCON.pdf · h7 h6 h5 h4 h3 h2 h1 h A sequence of random numbers that is… Deterministic Verifiable Unmanipulable Next value released](https://reader033.vdocuments.net/reader033/viewer/2022041912/5e67d83929379d702a1ac59a/html5/thumbnails/35.jpg)
At each height, the randomness orders the processes…
P4243
P4802
P0392
P3911
P7891
P0763
P9583
P7502
P6302
P4692
P9276
P9833
h� 1h� 2h� 3
![Page 36: Intelligent Decentralized Williams_DFINITY _EDCON.pdf · h7 h6 h5 h4 h3 h2 h1 h A sequence of random numbers that is… Deterministic Verifiable Unmanipulable Next value released](https://reader033.vdocuments.net/reader033/viewer/2022041912/5e67d83929379d702a1ac59a/html5/thumbnails/36.jpg)
At each height, the randomness orders the processes…
P4243
P4802
P0392
P3911
P7891
P0763
P9583
P7502
P6302
P4692
P9276
P9833
P6110
P8720
P1003
P3293
hh� 1h� 2h� 3
![Page 37: Intelligent Decentralized Williams_DFINITY _EDCON.pdf · h7 h6 h5 h4 h3 h2 h1 h A sequence of random numbers that is… Deterministic Verifiable Unmanipulable Next value released](https://reader033.vdocuments.net/reader033/viewer/2022041912/5e67d83929379d702a1ac59a/html5/thumbnails/37.jpg)
Indexes are priority “slots” for forging (zero highest)
P4243
P4802
P0392
P3911
P7891
P0763
P9583
P7502
P6302
P4692
P9276
P9833
P6110
P8720
P1003
P3293
hh� 1h� 2h� 3
SLOT0
SLOT1
SLOT2
SLOT3
...
![Page 38: Intelligent Decentralized Williams_DFINITY _EDCON.pdf · h7 h6 h5 h4 h3 h2 h1 h A sequence of random numbers that is… Deterministic Verifiable Unmanipulable Next value released](https://reader033.vdocuments.net/reader033/viewer/2022041912/5e67d83929379d702a1ac59a/html5/thumbnails/38.jpg)
Value of candidate blocks scored by author’s slot…
P4243
P4802
P0392
P3911
P7891
P0763
P9583
P7502
P6302
P4692
P9276
P9833
P6110
P8720
P1003
P3293
hh� 1h� 2h� 3
1pt
1
2pt
1
4pt
1
8pt
![Page 39: Intelligent Decentralized Williams_DFINITY _EDCON.pdf · h7 h6 h5 h4 h3 h2 h1 h A sequence of random numbers that is… Deterministic Verifiable Unmanipulable Next value released](https://reader033.vdocuments.net/reader033/viewer/2022041912/5e67d83929379d702a1ac59a/html5/thumbnails/39.jpg)
First publish/relay delay too (an optimization)…
P4243
P4802
P0392
P3911
P7891
P0763
P9583
P7502
P6302
P4692
P9276
P9833
P6110
P8720
P1003
P3293
hh� 1h� 2h� 3
1pt
1
2pt
1
4pt
1
8pt
� 5s
� 6s
� 7s
� 8s
![Page 40: Intelligent Decentralized Williams_DFINITY _EDCON.pdf · h7 h6 h5 h4 h3 h2 h1 h A sequence of random numbers that is… Deterministic Verifiable Unmanipulable Next value released](https://reader033.vdocuments.net/reader033/viewer/2022041912/5e67d83929379d702a1ac59a/html5/thumbnails/40.jpg)
We can create & score blockchains that converge
hh� 1h� 2h� 3
1pt
1
2pt
1
4pt
1
8pt
� 5s
� 6s
� 7s
� 8s
31
2pts
3pts
BEST PARENT
![Page 41: Intelligent Decentralized Williams_DFINITY _EDCON.pdf · h7 h6 h5 h4 h3 h2 h1 h A sequence of random numbers that is… Deterministic Verifiable Unmanipulable Next value released](https://reader033.vdocuments.net/reader033/viewer/2022041912/5e67d83929379d702a1ac59a/html5/thumbnails/41.jpg)
Very nice. But usual limitations. O no…
The adversary can withhold blocks to gain an advantage
over honest processes.
Selfish mining attacks increase the confirmations
necessary for finality.
SELFISH MINING ATTACKS
The adversary can go back in time and create forks from below h to Double Spend.
He only needs to be lucky and be granted a sequence of
zero slots.
NOTHING AT STAKE
![Page 42: Intelligent Decentralized Williams_DFINITY _EDCON.pdf · h7 h6 h5 h4 h3 h2 h1 h A sequence of random numbers that is… Deterministic Verifiable Unmanipulable Next value released](https://reader033.vdocuments.net/reader033/viewer/2022041912/5e67d83929379d702a1ac59a/html5/thumbnails/42.jpg)
Solution?
Threshold groups “notarize” (sign) at least one block at their height before relaying…
A valid block proposed at h must reference a block that was notarized at h-1
Thus, blocks must be published in good time or have no chance of notarization
![Page 43: Intelligent Decentralized Williams_DFINITY _EDCON.pdf · h7 h6 h5 h4 h3 h2 h1 h A sequence of random numbers that is… Deterministic Verifiable Unmanipulable Next value released](https://reader033.vdocuments.net/reader033/viewer/2022041912/5e67d83929379d702a1ac59a/html5/thumbnails/43.jpg)
When group selected, its members start their timers…
1s 2s 3s�h�1
�h�1
�h�1
p 2 Gh
1s 2s 3s
1s 2s 3s
Members start processing blocks
after expiry BLOCK_TIME. Clocks will be
slightly out-of-sync, but that's OK!
Triggered by propagation
threshold signature
![Page 44: Intelligent Decentralized Williams_DFINITY _EDCON.pdf · h7 h6 h5 h4 h3 h2 h1 h A sequence of random numbers that is… Deterministic Verifiable Unmanipulable Next value released](https://reader033.vdocuments.net/reader033/viewer/2022041912/5e67d83929379d702a1ac59a/html5/thumbnails/44.jpg)
Queue blocks score order while waiting BLOCK_TIME
P6110
31
2pts 3pts
Highest scoring chain
head
base score +
base score +
![Page 45: Intelligent Decentralized Williams_DFINITY _EDCON.pdf · h7 h6 h5 h4 h3 h2 h1 h A sequence of random numbers that is… Deterministic Verifiable Unmanipulable Next value released](https://reader033.vdocuments.net/reader033/viewer/2022041912/5e67d83929379d702a1ac59a/html5/thumbnails/45.jpg)
When BLOCK_TIME expires, start notarizing…
Group members sign until ≥1 blocks receive threshold signature
Broadcast sig. share on block
Broadcast sig. share on σ h-1
HALT
Block @ h received from p
Thresh. sig. on block at h received
Sign best or equal best
blocks
Relay and halt
Is valid and p’s SLOT ready?
Signed higher scoring
chain?
NO YES
![Page 46: Intelligent Decentralized Williams_DFINITY _EDCON.pdf · h7 h6 h5 h4 h3 h2 h1 h A sequence of random numbers that is… Deterministic Verifiable Unmanipulable Next value released](https://reader033.vdocuments.net/reader033/viewer/2022041912/5e67d83929379d702a1ac59a/html5/thumbnails/46.jpg)
Fair mining and very fast convergence
hh� 1h� 2h� 3
1pt
1
2pt
1
4pt
1
8pt
� 5s
� 6s
� 7s
� 8s
� �
�
�
Publish sucker!
DEAD
![Page 47: Intelligent Decentralized Williams_DFINITY _EDCON.pdf · h7 h6 h5 h4 h3 h2 h1 h A sequence of random numbers that is… Deterministic Verifiable Unmanipulable Next value released](https://reader033.vdocuments.net/reader033/viewer/2022041912/5e67d83929379d702a1ac59a/html5/thumbnails/47.jpg)
Optimal case. Overwhelming finality in 2 blocks + relay
hh� 1h� 2
1pt
1
2pt
� 5s
� 6s
�
�
� �
DEAD
h+ 1
No alternative chain heador even partially signed chain
head is visible. Yet, for a viable chain head to exist, it must have been shared with some correct processes to collect signatures, and they
would have propagated (broadcast) it…
RELAY
The trap shuts! Now group h+1 has
relayed it will not notarize/sign any more blocks. Too late for any
alternative chain head at h to “appear” and get
notarized…
Gh+1
![Page 48: Intelligent Decentralized Williams_DFINITY _EDCON.pdf · h7 h6 h5 h4 h3 h2 h1 h A sequence of random numbers that is… Deterministic Verifiable Unmanipulable Next value released](https://reader033.vdocuments.net/reader033/viewer/2022041912/5e67d83929379d702a1ac59a/html5/thumbnails/48.jpg)
Gains from Notarization
Fast Optimal Avg. Finality
- Selfish Mining
- Nothing At Stake
- EquivocationSPV
Light client needs only Merkle root of groups
Quantifiable risk
Hooks make possible calculate probabilities more
meaningfully
BLOCK TIME = 5s
7.5s=)
Addresses Key Challenges
![Page 49: Intelligent Decentralized Williams_DFINITY _EDCON.pdf · h7 h6 h5 h4 h3 h2 h1 h A sequence of random numbers that is… Deterministic Verifiable Unmanipulable Next value released](https://reader033.vdocuments.net/reader033/viewer/2022041912/5e67d83929379d702a1ac59a/html5/thumbnails/49.jpg)
Relative Performance Copper Release
Block Time
“TX finality” (speed)
Gas available
Average 10 minsvaries wildly
Average 20 secsvaries wildly
Average 5 secslow variance
6 confirmationsavg. 1 hr
37 confirmationsavg. 10 mins
2 confirmations+relayavg. 7.5 secs
- - - Low due toPoisson distribution 50X+ Ethereum
Unlimited scale-out achieved by applying randomness in
following techniques…
Optimal case normal operation
![Page 50: Intelligent Decentralized Williams_DFINITY _EDCON.pdf · h7 h6 h5 h4 h3 h2 h1 h A sequence of random numbers that is… Deterministic Verifiable Unmanipulable Next value released](https://reader033.vdocuments.net/reader033/viewer/2022041912/5e67d83929379d702a1ac59a/html5/thumbnails/50.jpg)
Miscellanea
3
![Page 51: Intelligent Decentralized Williams_DFINITY _EDCON.pdf · h7 h6 h5 h4 h3 h2 h1 h A sequence of random numbers that is… Deterministic Verifiable Unmanipulable Next value released](https://reader033.vdocuments.net/reader033/viewer/2022041912/5e67d83929379d702a1ac59a/html5/thumbnails/51.jpg)
Death By Poisson Process
Bitcoin Could Consume as
Much Electricity as Denmark
by 2020, Motherboard
3/29/2016
The Simplest Flaws Are The Worst…
50% of Ethereum blocks are empty !
Miners prefer to build on empty blocks
since no need validate/delay= more profitable
An empty block has more chance being
confirmed….
Duh !
![Page 52: Intelligent Decentralized Williams_DFINITY _EDCON.pdf · h7 h6 h5 h4 h3 h2 h1 h A sequence of random numbers that is… Deterministic Verifiable Unmanipulable Next value released](https://reader033.vdocuments.net/reader033/viewer/2022041912/5e67d83929379d702a1ac59a/html5/thumbnails/52.jpg)
ValidationSybil resistance
State storageConsensus
ValidationSybil
resistanceState storage
Consensus
Proof-of-Work Blockchain DFINITY
Separate and decouple concerns
TCP/IP
Application
Transport
Internet
Network Access
Computer Science should not go out of fashion
![Page 53: Intelligent Decentralized Williams_DFINITY _EDCON.pdf · h7 h6 h5 h4 h3 h2 h1 h A sequence of random numbers that is… Deterministic Verifiable Unmanipulable Next value released](https://reader033.vdocuments.net/reader033/viewer/2022041912/5e67d83929379d702a1ac59a/html5/thumbnails/53.jpg)
CONSENSUS Threshold relay chain
generates randomness, records network metadata & validation tree “state root”.
VALIDATION Scalable “Validation Tree”
composed “Validation Towers”. Does for validation what
Merkle does for data.
STORAGE State and updates to state
stored on shards. State transitions passed to
Validation Tree.
3 Layer “Scale-out” Architecture
STATE ROOT
RANDOM BEACON DRIVES TREE
(TX,ReadTX ,�S)
STATE SHARDS
TX
![Page 54: Intelligent Decentralized Williams_DFINITY _EDCON.pdf · h7 h6 h5 h4 h3 h2 h1 h A sequence of random numbers that is… Deterministic Verifiable Unmanipulable Next value released](https://reader033.vdocuments.net/reader033/viewer/2022041912/5e67d83929379d702a1ac59a/html5/thumbnails/54.jpg)
BLS Implementation
Threshold-Relay Simulator, Go Timo Hanke [about to be released, follow my Twitter @timothanke]
BLS Signature based on optimal Ate-pairing, C++/ASM Shigeo Mitsunari, https://github.com/herumi/bls
Distributed Key Generation via Joint-Feldman Verifiable Secret Sharing, Go Timo Hanke [about to be released, follow my Twitter @timothanke]