1 00:00:00,080 --> 00:00:03,520 Broadly Speaking of rogue smart contract is a smart contract 2 00:00:03,640 --> 00:00:08,160 written for one of two purposes, either to advertise criminal 3 00:00:08,160 --> 00:00:13,280 services or to solicit criminal services. 4 00:00:13,760 --> 00:00:16,280 So how does the contract check that? 5 00:00:16,280 --> 00:00:19,600 This is correspondence between news reports and this text 6 00:00:19,600 --> 00:00:23,560 description of the calling card. For that purpose, you would want 7 00:00:23,560 --> 00:00:25,960 to use some form of natural language processing. 8 00:00:25,960 --> 00:00:30,400 You'd use an LLM like ChatGPT. How does a smart contract gain 9 00:00:30,400 --> 00:00:33,400 access to ChatGPT? Who would naturally do that 10 00:00:33,400 --> 00:00:34,600 through an Oracle system? Hello. 11 00:00:34,880 --> 00:00:37,480 And welcome to AP Center, the show which talks about the 12 00:00:37,480 --> 00:00:40,080 technologies, projects and people driving decentralization 13 00:00:40,080 --> 00:00:43,360 and the blockchain revolution. I'm Brian Crane and I'm today 14 00:00:43,360 --> 00:00:47,880 here with RE Jules, who is a professor at Cornell. 15 00:00:48,360 --> 00:00:51,960 He is a Co director of the Initiative for Cryptocurrencies 16 00:00:51,960 --> 00:00:54,760 and contracts. He's also chief scientist at 17 00:00:54,760 --> 00:00:59,640 Chain link and and he's written a book recently called The 18 00:00:59,640 --> 00:01:01,880 Oracle, which I've read a few months ago. 19 00:01:01,880 --> 00:01:07,840 So it's kind of a sci-fi novel that deals with smart contracts 20 00:01:07,840 --> 00:01:11,720 and and oracles. And he was a previous guest here 21 00:01:11,720 --> 00:01:14,160 actually long time ago. We're just noting it's almost 22 00:01:14,160 --> 00:01:17,520 eight years that he was a guest. So really excited to speak with 23 00:01:17,520 --> 00:01:19,640 him. But you know, just before we get 24 00:01:19,640 --> 00:01:23,320 into that, I want to share a few words about our sponsors this 25 00:01:23,320 --> 00:01:26,520 week. If you're looking to stake your 26 00:01:26,520 --> 00:01:29,560 crypto with confidence, look no further than Course one. 27 00:01:30,040 --> 00:01:33,640 More than 150,000 delegators, including institutions like Bit 28 00:01:33,640 --> 00:01:36,240 Go, Pantera Capital and Zedger Trust Course One with the 29 00:01:36,240 --> 00:01:38,560 assets. They support over 50 block 30 00:01:38,560 --> 00:01:40,840 chains and are leaders in governance on networks like 31 00:01:40,840 --> 00:01:44,000 Cosmos, ensuring your stake is responsibly managed. 32 00:01:44,440 --> 00:01:47,320 Thanks to the advanced MEV research, you can also enjoy the 33 00:01:47,320 --> 00:01:50,440 highest staking rewards you can stake directly from your 34 00:01:50,440 --> 00:01:53,880 preferred wallet, set up a white label note, restake your assets 35 00:01:53,880 --> 00:01:57,560 on Eigenia or Symbiotic, or use the SDK for multi chain staking 36 00:01:57,560 --> 00:02:00,640 in your app. Learn more at Chorus .1 and 37 00:02:00,640 --> 00:02:05,040 start staking today. This episode is proudly brought 38 00:02:05,040 --> 00:02:08,000 to you by Gnosis, a collective dedicated to advancing a 39 00:02:08,000 --> 00:02:11,160 decentralized future. Nosys leads innovation with 40 00:02:11,160 --> 00:02:15,800 Circles, Nosys Pay and Metri, reshaping open banking and 41 00:02:15,800 --> 00:02:18,640 money. With Hashi and Nosys VPN, 42 00:02:18,640 --> 00:02:21,560 they're building a more resilient, privacy focused 43 00:02:21,560 --> 00:02:24,160 Internet. If you're looking for an L1 to 44 00:02:24,160 --> 00:02:27,880 launch your project, Nosys Chain offers the same development 45 00:02:27,880 --> 00:02:31,000 environment as Aetherium with lower transaction fees. 46 00:02:31,320 --> 00:02:35,720 It's supported by over 200,000 validators, making Nosys Chain a 47 00:02:35,720 --> 00:02:38,240 reliable and credibly neutral foundation for your 48 00:02:38,240 --> 00:02:41,520 applications. Gnosis Dow drives Gnosis 49 00:02:41,520 --> 00:02:43,920 governance, where every voice matters. 50 00:02:44,280 --> 00:02:47,560 Join the Gnosis community in the Gnosis Dow forum today. 51 00:02:48,240 --> 00:02:52,200 Deploy on the EVM compatible Gnosis Chain or secure the 52 00:02:52,200 --> 00:02:56,560 network with just one GNO and affordable hardware. 53 00:02:56,960 --> 00:03:00,720 Start your decentralization journey today at gnosis dot IO. 54 00:03:01,720 --> 00:03:03,280 OK. Well, thanks so much for coming 55 00:03:03,280 --> 00:03:07,360 on again, Ari. So I don't know how many of our 56 00:03:07,360 --> 00:03:10,520 listeners remember you are aware of you, but I mean, I think 57 00:03:10,520 --> 00:03:12,880 you've been in crypto for a long time and have had like, you 58 00:03:12,880 --> 00:03:15,800 know, a big impact in many ways. You do a little work around 59 00:03:15,800 --> 00:03:19,760 smart contracts, trusted execution environments, dolls. 60 00:03:20,600 --> 00:03:24,200 You were one of the co-authors of the flash boys paper, which 61 00:03:24,200 --> 00:03:30,640 kind of kicked off the whole MEV field and then then more 62 00:03:30,640 --> 00:03:34,160 recently an allist. So thanks so much for coming on 63 00:03:34,160 --> 00:03:36,200 again. I'm delighted to be here. 64 00:03:36,280 --> 00:03:41,680 Thank you for having me. So I actually looked at our old, 65 00:03:42,000 --> 00:03:49,000 the summary of our episode we did in January 2017 and even 66 00:03:49,000 --> 00:03:51,800 criminal smart contracts was was mentioned there already. 67 00:03:52,240 --> 00:03:56,680 And the criminal smart contract is also kind of a theme of the 68 00:03:56,680 --> 00:03:58,800 novel you wrote. And we can share a bit like 69 00:03:58,800 --> 00:04:04,840 what, what motivated you to write this novel And can you 70 00:04:04,840 --> 00:04:08,280 share a bit without maybe giving too much away or no spoilers, 71 00:04:08,280 --> 00:04:11,120 but a little bit the the theme of the novel. 72 00:04:11,920 --> 00:04:15,920 Yeah, there were really 2 seeds for the novel, if you will. 73 00:04:16,000 --> 00:04:19,600 One of them is the paper that you and I discussed on the 74 00:04:19,600 --> 00:04:24,000 shows, as you said, since seven years ago, criminal smart 75 00:04:24,000 --> 00:04:26,520 contracts. In the book I called on rogue 76 00:04:26,720 --> 00:04:30,960 smart contracts. Those have a new found relevance 77 00:04:31,000 --> 00:04:36,840 as we can discuss given the advent of powerful LLMS like 78 00:04:36,840 --> 00:04:40,200 ChatGPT. Not that paper at the time that 79 00:04:40,200 --> 00:04:43,840 was written was somewhat speculative, but it has become 80 00:04:43,840 --> 00:04:47,280 more real and that became a motivation for writing the book. 81 00:04:48,360 --> 00:04:52,320 The second impetus for writing the book, the sort of literary 82 00:04:52,320 --> 00:04:57,880 impetus if you will, was a bridge, Sky bridge in lower 83 00:04:57,880 --> 00:05:02,880 Manhattan, the Cornell Tech campus based at Cornell Tech, 84 00:05:02,880 --> 00:05:09,120 which is Cornell University and Technion Applied Sciences campus 85 00:05:09,120 --> 00:05:12,920 in New York City. The campus used to be in what is 86 00:05:12,920 --> 00:05:15,560 now the flagship Google building, lower Manhattan. 87 00:05:15,960 --> 00:05:18,920 I used to commute there every day on the Highline, this whole 88 00:05:19,040 --> 00:05:23,280 elevated railway, and I passed this beautiful sky bridge, 89 00:05:23,840 --> 00:05:27,280 windows on both sides, and I thought this would be the 90 00:05:27,280 --> 00:05:30,680 perfect office. And I just sort of started to 91 00:05:30,760 --> 00:05:33,240 visualize the hero of the novel sitting there. 92 00:05:33,760 --> 00:05:37,320 And that became, as I said, a kind of second motivation to 93 00:05:37,320 --> 00:05:44,040 write in the book. So for for those who either 94 00:05:44,040 --> 00:05:46,680 haven't heard or don't remember right, the criminal smart 95 00:05:46,680 --> 00:05:51,440 contract episode, what are rogue smart contracts? 96 00:05:51,440 --> 00:05:53,720 How do you envision that? Yeah. 97 00:05:53,720 --> 00:05:57,560 So broadly speaking, rogue smart contract is a smart contract 98 00:05:57,680 --> 00:06:02,200 written for one of two purposes, either to advertise criminal 99 00:06:02,200 --> 00:06:07,360 services or to solicit criminal services. 100 00:06:08,560 --> 00:06:13,200 And if the you construed the definition broadly enough, rogue 101 00:06:13,200 --> 00:06:16,720 smart contracts have already cropped up in practice, mainly 102 00:06:16,720 --> 00:06:21,280 in the form of pyramid schemes like the famous or SAJ scheme. 103 00:06:23,000 --> 00:06:27,760 But in the context of the novel and the paper, what was of 104 00:06:27,760 --> 00:06:33,760 interest was real world crime. So I can give AI guess a simple 105 00:06:33,760 --> 00:06:36,800 example to illustrate if that would be helpful, how these 106 00:06:36,800 --> 00:06:38,680 things work, maybe. Yeah. 107 00:06:39,400 --> 00:06:42,960 So let's take for example, I like to use this example. 108 00:06:42,960 --> 00:06:46,960 This is a relatively benign 1. Let's take for example, the the 109 00:06:46,960 --> 00:06:49,920 Kohinoor diamond. That's this famous diamond with 110 00:06:49,920 --> 00:06:55,080 a very controversial history. It is part of the crown jewels 111 00:06:55,080 --> 00:06:57,640 that belong to the British royal family, sits in the Tower of 112 00:06:57,640 --> 00:07:00,560 London. As I said, as a controversial 113 00:07:00,560 --> 00:07:03,680 history, there are people who believe it should be repatriated 114 00:07:03,680 --> 00:07:06,440 to India. There are a number of people who 115 00:07:06,440 --> 00:07:09,560 believe that it's cursed, right? So you can imagine somebody 116 00:07:09,560 --> 00:07:12,120 would want this thing to be stolen just to have it 117 00:07:12,120 --> 00:07:15,760 disappear, not to own it because as I said, it's cursed. 118 00:07:16,120 --> 00:07:19,280 So how would you create a smart contract for this purpose, 119 00:07:20,000 --> 00:07:21,840 right? You've got 2 challenges in 120 00:07:21,840 --> 00:07:25,520 creating such a contract. The 1st is how's the contract 121 00:07:25,520 --> 00:07:28,640 going to know if the diamond is stolen, right? 122 00:07:29,240 --> 00:07:33,280 And the second is even if the diamond is stolen, how's it 123 00:07:33,280 --> 00:07:35,920 going to know whom to reward for the theft of the diamond? 124 00:07:36,360 --> 00:07:38,800 Let's suppose that the smart contract is paying a bounty of, 125 00:07:39,320 --> 00:07:42,160 you know, $100,000 in cryptocurrency to this purpose. 126 00:07:42,440 --> 00:07:44,600 So how's it going to know where to send the money? 127 00:07:45,600 --> 00:07:49,000 The observation we made in the paper is that you can do the 128 00:07:49,000 --> 00:07:51,960 following. You can have a would be 129 00:07:51,960 --> 00:07:54,800 criminal, right? Somebody who's signing up to 130 00:07:54,800 --> 00:07:59,960 steal the Co ignore diamond send to the contract in advance of 131 00:07:59,960 --> 00:08:05,600 the theft a brief description of some detail about the crime that 132 00:08:05,600 --> 00:08:12,840 only the criminal could know. And these details are sometimes 133 00:08:12,840 --> 00:08:16,800 referred to as calling cards. In the criminal world, a calling 134 00:08:16,800 --> 00:08:21,520 card is often it's a physical object that's left at the scene 135 00:08:21,520 --> 00:08:23,800 of the crime to indicate who who committed the crime. 136 00:08:24,560 --> 00:08:28,360 So I like to reference as an example of a calling card, the 137 00:08:30,280 --> 00:08:36,240 glove monogrammed with AP left by the Phantom, the jewel thief 138 00:08:36,559 --> 00:08:38,240 in the Pink Panther movies, right? 139 00:08:38,240 --> 00:08:40,039 That would be an example of a calling card. 140 00:08:41,159 --> 00:08:43,200 Well, let's say you know it's the first time a particular 141 00:08:43,200 --> 00:08:46,440 calling card was being used. Let's suppose that the the the 142 00:08:46,440 --> 00:08:49,480 phantom is the one who's going to steal this the Cohen or 143 00:08:49,480 --> 00:08:51,880 diamond. What the Phantom does is send to 144 00:08:51,880 --> 00:08:57,720 the smart contract a brief text descriptor of the calling card, 145 00:08:58,360 --> 00:09:02,080 monogrammed P GLOG in advance to the crime in hidden form. 146 00:09:02,080 --> 00:09:05,280 You know, cryptographically committed, encrypted, I don't 147 00:09:05,280 --> 00:09:06,640 want to think about it, but concealed. 148 00:09:08,080 --> 00:09:09,840 Then the crime gets committed, right? 149 00:09:10,040 --> 00:09:12,520 Diamond disappears, and there's a famous diamond, as I 150 00:09:12,520 --> 00:09:14,360 mentioned. So, you know, the theft is 151 00:09:14,360 --> 00:09:18,480 splashed across headlines on news sites. 152 00:09:19,280 --> 00:09:24,280 And now the criminal comes back and decrypts, reveals this 153 00:09:24,280 --> 00:09:27,080 description of the calling card monogram peak a lot. 154 00:09:28,040 --> 00:09:32,600 And the smart contract now checks that news stories 155 00:09:32,600 --> 00:09:36,000 correspond to the calling card. You can imagine that the news 156 00:09:36,000 --> 00:09:38,600 stories reporting the theft to the diamond would also report 157 00:09:38,600 --> 00:09:41,760 the fact that a monogram peak glove had been left to the scene 158 00:09:41,760 --> 00:09:44,440 of the crime. This is the the criminal of 159 00:09:44,440 --> 00:09:47,680 course leaves this this calling card in a place that would be 160 00:09:48,000 --> 00:09:52,280 visible, prominent, so the the smart contract can check that 161 00:09:52,280 --> 00:09:56,720 the the calling card was reported in news stories and 162 00:09:56,800 --> 00:10:00,280 presumably it's only as I said, the thief knows in advance what 163 00:10:00,280 --> 00:10:03,280 the calling card is. The calling card would be 164 00:10:03,280 --> 00:10:08,600 selected for that purpose. So whoever revealed the correct 165 00:10:08,600 --> 00:10:12,000 description of the calling card here would be paid the money be 166 00:10:12,000 --> 00:10:16,840 paid the $100,000 or what. This is an example of how these 167 00:10:17,200 --> 00:10:19,120 contracts like being constructed. 168 00:10:20,600 --> 00:10:26,440 And so the basically for the smart contract to be able to 169 00:10:26,440 --> 00:10:32,240 know, OK, this was mentioned in a new story, then you'd have to 170 00:10:32,360 --> 00:10:37,480 have some kind of, I mean, I guess I can imagine different 171 00:10:38,000 --> 00:10:42,080 ways this could work, right? You could have something like, I 172 00:10:42,080 --> 00:10:45,000 mean, right, you're environment chain link, right? 173 00:10:45,000 --> 00:10:50,320 So there could be a bunch of servers, right, that are parties 174 00:10:50,320 --> 00:10:53,880 that, that maybe write such a data on there. 175 00:10:54,400 --> 00:10:59,440 Or maybe could it be that like, I don't know, like in a in a 176 00:10:59,440 --> 00:11:04,560 trusted execution environment, a search is executed or some 177 00:11:04,560 --> 00:11:08,000 commands are followed to then like verify such condition or 178 00:11:08,000 --> 00:11:09,680 like how? How would you imagine that? 179 00:11:09,680 --> 00:11:12,560 That part to work. Yeah, you put your finger on the 180 00:11:12,560 --> 00:11:14,800 nub of the problem here. This is the really interesting 181 00:11:14,800 --> 00:11:17,320 part. So how does the contract check 182 00:11:17,680 --> 00:11:19,400 that? This is correspondence between 183 00:11:19,400 --> 00:11:23,160 news reports and this text description calling card. 184 00:11:23,920 --> 00:11:26,680 But that purpose you would want to use some form of natural 185 00:11:26,680 --> 00:11:30,160 language processing. You'd use an LLM like ChatGPT. 186 00:11:31,240 --> 00:11:34,200 How does a smart contract gain access to ChatGPT? 187 00:11:34,440 --> 00:11:37,200 Would naturally do that through an Oracle system, right? 188 00:11:37,200 --> 00:11:41,120 You wouldn't be able to run an LLM efficiently on chain. 189 00:11:41,560 --> 00:11:43,960 We'd run it off chain and an Oracle system would be the 190 00:11:43,960 --> 00:11:47,600 natural place for this. So the whole scenario in fact 191 00:11:47,600 --> 00:11:52,840 depends upon a convergence of blockchain technology and AI 192 00:11:53,240 --> 00:11:57,360 LLMS in particular with this example we're considering. 193 00:11:58,240 --> 00:12:06,600 And the advent of SHAFT, GPT and and powerful LLMS is what makes 194 00:12:06,600 --> 00:12:11,400 this scenario particularly relevant over the past couple of 195 00:12:11,400 --> 00:12:13,280 years. At the time that we originally 196 00:12:13,280 --> 00:12:17,680 wrote our paper, this was hypothetical, but now it's at 197 00:12:17,680 --> 00:12:22,480 least technically feasible. And then this convergence of 198 00:12:22,480 --> 00:12:25,040 blockchains and LLMS. How? 199 00:12:25,040 --> 00:12:27,840 How would this work? Like technically. 200 00:12:29,440 --> 00:12:34,720 So technically it could be conceptually at least, 201 00:12:34,720 --> 00:12:39,920 relatively simple. You would run an LLM ideally in 202 00:12:39,920 --> 00:12:43,920 a trusted execution environment to ensure integrity and to give 203 00:12:43,920 --> 00:12:46,040 you confidentiality where appropriate. 204 00:12:46,600 --> 00:12:50,520 And you might have a single node do this if you trust TV 205 00:12:50,520 --> 00:12:52,720 sufficiently. Or you would use a decentralized 206 00:12:52,720 --> 00:12:58,160 Oracle network for this purpose and it would ingest news stories 207 00:12:59,120 --> 00:13:03,600 as pointed to by the smart contract, or I should say news 208 00:13:03,600 --> 00:13:09,600 sites, stories from news sites. And this calling card, the text 209 00:13:09,600 --> 00:13:13,760 descriptor of the object left at the scene of the crime. 210 00:13:14,240 --> 00:13:18,400 And this more contract would ask the LLN, does this calling card 211 00:13:18,480 --> 00:13:21,480 match these new stories? Right. 212 00:13:21,480 --> 00:13:23,720 And as I said, this is technically very feasible. 213 00:13:24,320 --> 00:13:26,760 Happily, you can't go just go and build one of these things 214 00:13:26,760 --> 00:13:29,600 today, right? It's technically feasible, but 215 00:13:29,600 --> 00:13:31,840 not realizable with the constant infrastructure. 216 00:13:32,320 --> 00:13:38,400 So in some sense, the paper and the novel are warnings to the 217 00:13:38,400 --> 00:13:42,760 community that this kind of danger is a real technical 218 00:13:42,760 --> 00:13:44,640 possibility. We're not careful about how we 219 00:13:44,640 --> 00:13:49,120 engineer these systems, how oracles make AI functionality 220 00:13:49,120 --> 00:13:52,840 available to smart contracts. Good. 221 00:13:52,840 --> 00:13:55,440 Because like the way it would work is like, let's say you'd 222 00:13:55,440 --> 00:14:00,240 have the smart contract and you say like I specify some program 223 00:14:00,720 --> 00:14:05,720 that should be run in this tee as an example. 224 00:14:05,720 --> 00:14:11,680 And then maybe anyone could go and download this program and, 225 00:14:11,680 --> 00:14:14,560 you know, get access to Intel SGX server, which you know, 226 00:14:14,560 --> 00:14:18,920 presumably is easy to do. And then they would run this 227 00:14:18,920 --> 00:14:23,200 program in there and then they would write the result together 228 00:14:23,200 --> 00:14:27,040 with the proof that that's what they did on chain and and get 229 00:14:27,040 --> 00:14:30,680 some kind of economic reward. Yeah, there there. 230 00:14:30,680 --> 00:14:33,480 There are a few ways to do this. So one would be, you know, to 231 00:14:33,480 --> 00:14:36,840 download the latest Lava model model or whatever and stand it 232 00:14:36,840 --> 00:14:41,320 up in a TE as you're suggesting, and that it would be executed by 233 00:14:41,320 --> 00:14:45,440 nodes in the Oracle network. Or if you're happy just sending 234 00:14:45,440 --> 00:14:48,120 it off to a particular web service, you could actually 235 00:14:48,120 --> 00:14:54,000 query chat GET itself. One of the benefits of standing 236 00:14:54,000 --> 00:15:01,440 up a model in a TE is that you can provide what's known as an 237 00:15:01,440 --> 00:15:04,320 attestation. Certain forms of tea provide 238 00:15:04,320 --> 00:15:07,320 what's known as an attestation, which tells you exactly what 239 00:15:07,320 --> 00:15:10,920 application you're running, exactly what model, and exactly 240 00:15:10,920 --> 00:15:14,320 what the environment looks like. If you go and query a service 241 00:15:14,320 --> 00:15:17,920 like ChatGPT, it's changing under the covers frequently, so 242 00:15:17,920 --> 00:15:20,160 you don't know precisely what you're interacting with. 243 00:15:21,000 --> 00:15:23,280 And in the case of smart contracts, you really do want to 244 00:15:23,280 --> 00:15:27,960 have in general, a precise notion of how the smart contract 245 00:15:27,960 --> 00:15:30,680 is going to behave, and therefore how the Oracle depends 246 00:15:30,680 --> 00:15:36,240 upon is going to behave. So you mentioned we have to be 247 00:15:36,240 --> 00:15:42,360 careful in how, you know, Oracle's LLMS are engineered so 248 00:15:42,360 --> 00:15:45,040 that something like that doesn't happen or these rogue smart 249 00:15:45,040 --> 00:15:49,560 contracts. I mean, it seems, is that 250 00:15:49,560 --> 00:15:53,200 possible or, or is this just something that would be like a 251 00:15:53,200 --> 00:15:55,680 fundamental capability of these systems? 252 00:15:55,680 --> 00:16:00,560 Because that's like, or like how, how do you think the 253 00:16:00,560 --> 00:16:06,080 blockchain AI intersection should be approached to, you 254 00:16:06,080 --> 00:16:09,960 know, maybe prevent malicious use cases and allow us to 255 00:16:09,960 --> 00:16:12,760 leverage the most positive use cases? 256 00:16:14,000 --> 00:16:17,000 That's a great question. Of course, it it extends beyond 257 00:16:17,000 --> 00:16:19,040 the intersection of blockchains and AI. 258 00:16:20,240 --> 00:16:23,080 How do we prevent smart contracts or any kind of 259 00:16:23,080 --> 00:16:27,080 blockchain functionality that's doing harm from continuing to 260 00:16:27,080 --> 00:16:30,800 run in an autonomous way? And people have proposed various 261 00:16:30,800 --> 00:16:35,280 approaches, right, like security councils in the case of Dows, 262 00:16:35,840 --> 00:16:37,840 which could be instantiated elsewhere. 263 00:16:38,400 --> 00:16:43,520 One could imagine the techniques that are being developed for AI 264 00:16:43,520 --> 00:16:47,120 safety deployed within an Oracle system. 265 00:16:47,560 --> 00:16:50,960 So happily the problem is broad enough so that people are 266 00:16:50,960 --> 00:16:52,960 thinking about it in other contexts. 267 00:16:54,280 --> 00:16:57,640 And I think also we can kind of turn this question on its head 268 00:16:58,080 --> 00:17:04,000 and rather than just thinking about Oracle systems as a way of 269 00:17:04,640 --> 00:17:09,079 enabling this intersection potentially in ways that are 270 00:17:09,079 --> 00:17:13,160 Oracle, think about them as gatekeepers and contemplate ways 271 00:17:13,160 --> 00:17:15,440 that they can help enforce AI safety. 272 00:17:16,520 --> 00:17:18,480 And this is one of the things I've started to think about 273 00:17:18,480 --> 00:17:23,480 recently. So for example, I mentioned that 274 00:17:23,480 --> 00:17:27,240 it's very helpful for smart contracts to know exactly how an 275 00:17:27,240 --> 00:17:30,440 Oracle system is operating because that gives you the 276 00:17:30,680 --> 00:17:34,360 determinism, the precise notion you want about how a smart 277 00:17:34,360 --> 00:17:36,320 contract in turn is going to behave. 278 00:17:37,640 --> 00:17:40,560 And So what we really want to have, or what I would refer to 279 00:17:40,560 --> 00:17:46,000 as pinned models, models whose specifications are made fully 280 00:17:46,000 --> 00:17:50,280 transparent to users and can sort of be pinned down, locked 281 00:17:50,280 --> 00:17:53,480 in place. And this, I think, can be very 282 00:17:53,480 --> 00:17:58,440 useful in ensuring that models don't behave in unexpected ways, 283 00:17:58,440 --> 00:18:02,520 that we can at least have a good understanding of which model 284 00:18:02,520 --> 00:18:05,680 we're dealing with and potentially test it to determine 285 00:18:05,680 --> 00:18:08,720 how vulnerable it is to, say, to adversarial examples or how 286 00:18:08,720 --> 00:18:10,800 likely it is to produce hallucinations. 287 00:18:11,280 --> 00:18:16,200 So that's one example of a way that we can build systems that 288 00:18:17,560 --> 00:18:25,280 have with AI safety in mind. So AI in crypto is an area 289 00:18:25,280 --> 00:18:28,560 where, you know, there's seems to be a lot of or there's a lot 290 00:18:28,560 --> 00:18:33,960 of interest in it at the moment. At the same time, it's still a 291 00:18:33,960 --> 00:18:37,880 bit unclear, you know, what are what was actually going to work, 292 00:18:37,880 --> 00:18:39,320 what's actually going to be valuable. 293 00:18:39,600 --> 00:18:43,840 Do you have a view on the kinds of use cases and applications 294 00:18:43,840 --> 00:18:49,160 that this AI plus crypto AI, crypto intersection will be most 295 00:18:49,320 --> 00:18:52,000 suited for? Yeah. 296 00:18:52,040 --> 00:18:56,640 I mean, broadly speaking, one of the strengths of smart contracts 297 00:18:56,960 --> 00:19:00,720 is the fact that they're written in code and therefore they 298 00:19:00,720 --> 00:19:07,120 provide rigid specifications of an agreement, a system that 299 00:19:07,120 --> 00:19:11,520 users interact with. One of their weaknesses is the 300 00:19:11,520 --> 00:19:15,280 fact that they are written in code and therefore are rigid, 301 00:19:15,280 --> 00:19:23,520 right to do this very specific interface that lacks 302 00:19:23,520 --> 00:19:28,000 flexibility. Flexibility can be harmful and 303 00:19:28,000 --> 00:19:31,160 that allows for adversarial behavior, but it can also be 304 00:19:31,160 --> 00:19:36,200 beneficial. And in fact, the lack of 305 00:19:36,280 --> 00:19:43,640 precision in contracts written in natural language, ordinary 306 00:19:43,760 --> 00:19:47,760 legal contracts, is actually regarded by the legal community 307 00:19:47,760 --> 00:19:50,120 as a feature. It enables you to deal with 308 00:19:50,120 --> 00:19:52,640 unanticipated circumstances. And this is something that smart 309 00:19:52,640 --> 00:19:56,160 contracts as their engineer today can't do right. 310 00:19:56,280 --> 00:20:01,560 You can't bake into solidity very easily. 311 00:20:02,440 --> 00:20:04,120 Condition. It says this contract will be 312 00:20:04,120 --> 00:20:08,520 cancelled in the case of an act of God, broadly defined, right? 313 00:20:09,040 --> 00:20:10,440 You have. You can only give a precise 314 00:20:10,440 --> 00:20:13,320 specification of when the contract is going to be 315 00:20:13,320 --> 00:20:16,560 cancelled, and you can't always anticipate all the reasonable 316 00:20:16,560 --> 00:20:18,680 circumstances under which you might want to cancel it. 317 00:20:19,480 --> 00:20:23,160 But if you combine smart contracts with machine learning 318 00:20:23,160 --> 00:20:27,640 models, with LLMS, for instance, you can endow them with some of 319 00:20:27,640 --> 00:20:30,360 that flexibility we benefit from in the real world. 320 00:20:31,040 --> 00:20:34,120 And that I think opens up a whole range of new use cases. 321 00:20:35,080 --> 00:20:38,760 And furthermore, if you combine this with some of the privacy 322 00:20:38,760 --> 00:20:42,200 enhancing technologies that have been developed specifically for 323 00:20:42,200 --> 00:20:44,920 blockchains, or I should say have been catalyzed by 324 00:20:44,920 --> 00:20:48,200 blockchain use cases, then I think the proposition becomes 325 00:20:48,200 --> 00:20:53,160 very powerful. So for example, today the 326 00:20:53,160 --> 00:20:58,960 rigidity of smart contracts when it comes to loans constrains us 327 00:20:58,960 --> 00:21:03,600 to for the most part to using to over collateralized lending, 328 00:21:03,720 --> 00:21:05,240 right? Things like my finger down. 329 00:21:06,200 --> 00:21:11,280 But you can imagine a system in which users are, thanks to use 330 00:21:11,280 --> 00:21:16,360 of a privacy preserving Oracle system, able to import financial 331 00:21:16,360 --> 00:21:22,880 documents from trusted financial institutions trusted by a 332 00:21:22,920 --> 00:21:26,800 lending smart contract. Those documents get interpreted 333 00:21:26,800 --> 00:21:31,400 by an LLM to assess the creditworthiness of the user and 334 00:21:31,400 --> 00:21:33,720 the user gets up to take out a loan on that basis. 335 00:21:34,480 --> 00:21:36,960 In other words, you can imagine a smart contract now looking 336 00:21:36,960 --> 00:21:41,720 more like a real world lending facility or institution. 337 00:21:43,040 --> 00:21:46,080 That's just a rough example. The type of thing you can do 338 00:21:46,080 --> 00:21:47,920 when you combine these two technologies. 339 00:21:48,240 --> 00:21:52,760 Now, there are lots of challenges involved, like the 340 00:21:52,760 --> 00:21:55,680 ones that I alluded to earlier, adversarial examples. 341 00:21:55,680 --> 00:21:58,600 In other words, malicious manipulation of machine learning 342 00:21:58,600 --> 00:22:02,320 models and hallucination machine learning models of making stuff 343 00:22:02,320 --> 00:22:06,240 up. But I think this broad idea of 344 00:22:06,320 --> 00:22:09,760 endowing smart contracts with useful flexibility is what makes 345 00:22:09,760 --> 00:22:13,480 the combination of the two technologies so potentially 346 00:22:13,480 --> 00:22:21,160 transformative. So one thing that I mean, you've 347 00:22:21,160 --> 00:22:25,360 done a ton of work on, and it's probably, I mean, it's, it was 348 00:22:25,360 --> 00:22:28,240 when I got into crypto, you know, it was from when I got in 349 00:22:28,240 --> 00:22:32,360 crypto, you know, 11 years ago or more, it was already like the 350 00:22:32,360 --> 00:22:37,440 most, one of the most the ideas that excited people the most was 351 00:22:37,440 --> 00:22:40,400 the idea of dolls. So the idea that you could have 352 00:22:40,400 --> 00:22:43,720 these organizations, they're like on chain and you know, 353 00:22:44,680 --> 00:22:47,640 people use tokens in some way to coordinate. 354 00:22:47,640 --> 00:22:51,640 And they could be kind of, you know, replacement or successors 355 00:22:51,640 --> 00:22:55,640 to corporations or cooperatives or nation states or like all 356 00:22:55,640 --> 00:22:58,960 kinds of, you know, existing legal institutions that, you 357 00:22:58,960 --> 00:23:01,840 know, humans use to to do things together. 358 00:23:02,400 --> 00:23:07,240 Now, I think if you look at today, the state, I mean, 359 00:23:07,240 --> 00:23:12,240 probably most people, right, if you from back then would be 360 00:23:12,240 --> 00:23:16,760 disappointed in the, the state of Daos today, right? 361 00:23:16,760 --> 00:23:20,320 To the extent to which they are used and do extent which attract 362 00:23:20,320 --> 00:23:23,760 the attraction like the the places where we see traction 363 00:23:23,760 --> 00:23:26,480 today, you know, like stable coins defy stuff. 364 00:23:26,480 --> 00:23:29,440 They're they're generally different types of use cases. 365 00:23:30,080 --> 00:23:34,320 So what, what do you what do you see us as like the state of Daos 366 00:23:34,320 --> 00:23:38,600 today? And what are your faults on the 367 00:23:38,600 --> 00:23:41,920 role that Daos can play in the future? 368 00:23:43,440 --> 00:23:45,920 Yeah, I, I find them really intriguing. 369 00:23:45,920 --> 00:23:50,840 And we're doing this kind of grand experiment in governments 370 00:23:51,200 --> 00:23:54,520 across the blockchain community thanks to DOWS. 371 00:23:55,400 --> 00:23:58,680 That experiment is taking stumbling steps at the moment. 372 00:23:58,960 --> 00:24:01,600 And I think there are, there are a few different reasons for 373 00:24:01,600 --> 00:24:05,720 that. One of the challenges that my 374 00:24:05,720 --> 00:24:08,160 group has been looking at recently in particular, I think 375 00:24:08,160 --> 00:24:11,240 one of the stumbling blocks is not knowing how to measure 376 00:24:11,240 --> 00:24:13,800 whether or not a DAO is successful. 377 00:24:14,480 --> 00:24:16,760 We don't have objective measurements whether DAO is 378 00:24:16,760 --> 00:24:19,440 functioning correctly. Then we don't know how to 379 00:24:19,440 --> 00:24:21,000 conduct the experiment, if you will. 380 00:24:22,400 --> 00:24:26,240 So in particular, we've been asking what is the, what is the 381 00:24:26,240 --> 00:24:28,480 D in DAO really mean? What is the what is the 382 00:24:28,480 --> 00:24:31,760 decentralized part? You can say the fact that a DAO 383 00:24:31,760 --> 00:24:35,120 is running a smart contract means it's decentralized, but 384 00:24:35,320 --> 00:24:39,160 typically people are more interested in intuitive ideas 385 00:24:39,160 --> 00:24:45,280 like making sure that a diverse set of opinions are heard or 386 00:24:45,280 --> 00:24:48,360 credible Neutrality is that things one often hears. 387 00:24:48,720 --> 00:24:50,800 So what one would like to have these things in a DAO and I 388 00:24:50,800 --> 00:24:55,640 think we would in general regard these as marks of success if 389 00:24:55,640 --> 00:24:57,680 achieved. But again, we we really need 390 00:24:57,680 --> 00:24:59,000 some way to measure these things. 391 00:25:00,240 --> 00:25:02,560 The typically the way that people are measuring 392 00:25:02,560 --> 00:25:06,240 decentralization in Dow's today is just to look at token 393 00:25:06,240 --> 00:25:08,440 holdings across addresses, right? 394 00:25:08,440 --> 00:25:13,200 You say that if tokens are spread broadly and token 395 00:25:13,200 --> 00:25:17,000 holdings are more or less equal across a large number of 396 00:25:17,000 --> 00:25:19,040 addresses, then the Dow is decentralized. 397 00:25:20,160 --> 00:25:23,520 But this is kind of a simplistic way of viewing decentralization 398 00:25:23,560 --> 00:25:25,200 and there are lots of things that can miss. 399 00:25:25,800 --> 00:25:31,840 A simple example would be one user holding multiplicity of 400 00:25:31,840 --> 00:25:35,200 addresses right. You could have a a whale under 401 00:25:35,200 --> 00:25:37,320 the surface of the water, as it were, right? 402 00:25:37,680 --> 00:25:41,080 And then this measure of decentralization would be 403 00:25:41,160 --> 00:25:46,280 completely wrong. And in general, alignment, sort 404 00:25:46,280 --> 00:25:50,760 of hidden alignment among different voters would 405 00:25:50,760 --> 00:25:53,760 constitute a centralizing force. And that's something we really 406 00:25:53,760 --> 00:25:57,400 need to take into account if we're going to measure the 407 00:25:57,400 --> 00:25:59,400 decentralization in Dows effectively. 408 00:26:00,280 --> 00:26:05,800 So what my group has done recently, and this is work led 409 00:26:05,800 --> 00:26:13,640 by my PhD student Andres Abrega, is to formulate a new metric 410 00:26:13,760 --> 00:26:15,520 that we call voting bloc entropy. 411 00:26:16,400 --> 00:26:19,360 And basically the way it works is as follows. 412 00:26:21,240 --> 00:26:25,760 Entropy is essentially a measure of how evenly distributed tokens 413 00:26:25,760 --> 00:26:28,240 are across addresses, right? So when I said people look at 414 00:26:28,840 --> 00:26:31,480 distribution of tokens across addresses to determine whether 415 00:26:31,480 --> 00:26:34,400 it does decentralize, but basically measuring entropy 416 00:26:34,760 --> 00:26:38,400 across addresses step measuring entropy across addresses, we 417 00:26:38,400 --> 00:26:43,200 measure entropy across aligned sets of voters that we call 418 00:26:43,200 --> 00:26:45,440 voting blocs. You can think of them as being 419 00:26:45,440 --> 00:26:49,480 like political pardons. And in this way, we can detect 420 00:26:50,120 --> 00:26:52,240 forms of alignment in the community. 421 00:26:52,680 --> 00:26:55,200 And that we think gives us a better handle on how 422 00:26:55,240 --> 00:26:59,400 decentralization works. And in fact, this idea we have 423 00:26:59,400 --> 00:27:06,280 found is rooted in some of the principles and practices of 424 00:27:06,320 --> 00:27:09,680 machine learning, believe it or not, reinforcement learning in 425 00:27:09,680 --> 00:27:13,080 particular. Plus we, we think of a DAO as a 426 00:27:13,080 --> 00:27:15,640 big Organism that's trying to learn things. 427 00:27:16,320 --> 00:27:20,840 And it turns out that diversity or decentralization has been 428 00:27:20,840 --> 00:27:24,320 shown experimentally to be important in the learning 429 00:27:24,320 --> 00:27:29,600 process if you conceptualize Daos as a learning system. 430 00:27:30,160 --> 00:27:33,760 And so we can take ideas from reinforcement learning, in 431 00:27:33,760 --> 00:27:36,040 particular multi agent reinforcement learning, map them 432 00:27:36,040 --> 00:27:38,320 up to the DAO space. And now we have this metric in 433 00:27:38,320 --> 00:27:42,400 hand, and we think that if you can measure decentralization 434 00:27:42,400 --> 00:27:46,120 effectively, then we can overcome some of the uncertainty 435 00:27:46,120 --> 00:27:50,440 and challenges that the Dow landscape is confronting today. 436 00:27:50,680 --> 00:27:53,480 But but you would take that from the voting behavior. 437 00:27:53,480 --> 00:27:54,960 It's just like some governance vote. 438 00:27:54,960 --> 00:27:59,880 You'd be like how often people vote in the same way or like. 439 00:28:00,600 --> 00:28:02,120 Yeah, Yeah. Great question. 440 00:28:03,000 --> 00:28:07,200 So in theory you look at what we refer to as well, what are 441 00:28:07,200 --> 00:28:11,840 referred to as the utility functions of the voters. 442 00:28:11,920 --> 00:28:15,080 In other words, how much they tend to like particular 443 00:28:15,080 --> 00:28:20,280 proposals and how they value particular proposals personally 444 00:28:21,240 --> 00:28:22,840 regard to their their own interests. 445 00:28:23,200 --> 00:28:26,560 But of course, we don't know voters utility functions. 446 00:28:26,720 --> 00:28:29,400 Voters themselves often don't know their utility functions. 447 00:28:29,400 --> 00:28:32,080 They don't know what their opinions are on questions you 448 00:28:32,080 --> 00:28:34,720 haven't asked them yet and sometimes even on questions you 449 00:28:34,720 --> 00:28:37,280 have asked them. But we can observe how people 450 00:28:37,280 --> 00:28:45,160 have voted, and a voting bloc in this view would be a collection 451 00:28:45,160 --> 00:28:48,280 of users that tend to vote, have tended to vote the same way 452 00:28:48,280 --> 00:28:50,960 historically. That's something we can observe 453 00:28:51,040 --> 00:28:53,680 experimentally. Yeah. 454 00:28:53,680 --> 00:28:57,600 So you'd imagine that like those that have less of these voting 455 00:28:57,600 --> 00:29:00,360 blocks or people vote more in, in, you know, a variety of 456 00:29:00,360 --> 00:29:02,600 different ways, presumably making more of their own 457 00:29:02,600 --> 00:29:05,440 decisions as maybe like, I don't know, following some kind of, 458 00:29:05,720 --> 00:29:08,160 you know, maybe following some leader or following some 459 00:29:08,160 --> 00:29:10,440 particular group that tends to have a big influence. 460 00:29:10,440 --> 00:29:14,040 So, so you imagine those kind of dolls would be more performant 461 00:29:14,040 --> 00:29:17,640 or like actually function better over time? 462 00:29:18,240 --> 00:29:22,160 That's what the theory suggests. So again, if you think of a Dow 463 00:29:22,160 --> 00:29:28,800 as learning to improve some objective function or to achieve 464 00:29:28,800 --> 00:29:31,000 some goal, say it's an investment Dow. 465 00:29:31,200 --> 00:29:34,000 And so it's learning how to make profitable investments. 466 00:29:34,840 --> 00:29:38,920 What the literature, relevant reinforcement learning 467 00:29:38,920 --> 00:29:42,960 literature suggests is that a diversity of viewpoints, taking 468 00:29:42,960 --> 00:29:46,000 into counter diversity of viewpoints is going to make for 469 00:29:46,000 --> 00:29:48,240 more effective learning and therefore will make for more 470 00:29:48,240 --> 00:29:53,280 profitable Dow over time. And in fact, we've stood up a 471 00:29:53,280 --> 00:29:57,520 dashboard on this metric. It's called voting bloc entropy, 472 00:29:57,520 --> 00:30:01,600 as I said, or VDE or VIBE for short, some of that. 473 00:30:01,640 --> 00:30:04,880 So it's the term vibe. So I've got this vibe dashboard 474 00:30:05,200 --> 00:30:08,120 that shows the relative vibes of different Dows. 475 00:30:08,960 --> 00:30:12,800 And we observed that some Dows that are known for having 476 00:30:12,800 --> 00:30:16,960 communities particularly concerned to achieve high levels 477 00:30:16,960 --> 00:30:20,480 of decentralization or to take differences of opinion into 478 00:30:20,480 --> 00:30:23,720 account, like some of the prominent L twos Arbitron 479 00:30:23,800 --> 00:30:28,360 Optimism, actually are exhibiting high vibe today. 480 00:30:28,360 --> 00:30:31,400 In other words, according to this metric have high levels of 481 00:30:31,440 --> 00:30:34,440 decentralization. So there seems to be, even 482 00:30:34,440 --> 00:30:38,000 within the Dow community, some confirmation that this metric is 483 00:30:38,000 --> 00:30:41,280 helpful. Yeah, great. 484 00:30:41,280 --> 00:30:43,520 They are. And I just found that dashboard, 485 00:30:43,520 --> 00:30:46,760 so I'm going to include it in the in the show notes. 486 00:30:47,440 --> 00:30:52,400 OK, so then you're measuring basically the this this kind of 487 00:30:52,400 --> 00:30:55,280 entropy. And have you tried to correlate 488 00:30:55,280 --> 00:30:59,400 this with something like what are the the main metrics a 489 00:30:59,400 --> 00:31:01,920 higher voting bloc entropy correlates? 490 00:31:01,920 --> 00:31:05,280 With. Well, as I said, at least in 491 00:31:05,280 --> 00:31:09,000 principle it should correlate with a better functioning Dow. 492 00:31:09,080 --> 00:31:12,240 In other words, a Dow that was better able to achieve its 493 00:31:12,240 --> 00:31:15,080 objectives. At this point we don't. 494 00:31:15,640 --> 00:31:18,800 The Dow community doesn't have a long enough history and we don't 495 00:31:18,800 --> 00:31:23,080 have a large enough set of Dow's to perform the type of 496 00:31:23,080 --> 00:31:25,120 experiment we would like to perform to see. 497 00:31:25,120 --> 00:31:29,640 For instance, if investment Dows with higher vibe have performed 498 00:31:29,640 --> 00:31:35,360 better over time, that ideally is an experiment we would like 499 00:31:35,360 --> 00:31:37,360 to do. And it may be that we find some 500 00:31:37,360 --> 00:31:40,800 form of natural experiment within the blockchain community 501 00:31:40,800 --> 00:31:45,160 or elsewhere that helps us confirm in this sense the value 502 00:31:45,160 --> 00:31:47,800 of vibe. But as I said, the dashboard 503 00:31:47,800 --> 00:31:54,280 does seem to show that Dows that are known for having 504 00:31:54,280 --> 00:31:57,960 particularly vibrant communities with a multiplicity of opinion 505 00:31:58,440 --> 00:32:00,880 have high exhibit higher levels of odd today. 506 00:32:02,800 --> 00:32:06,560 Right, right. And now what are dark Dows? 507 00:32:08,280 --> 00:32:10,040 Yeah. So this is, well, as the name 508 00:32:10,040 --> 00:32:13,960 suggests, the dark side of Dows. These are something that my 509 00:32:14,000 --> 00:32:18,120 group has been thinking about for many years now and we start 510 00:32:18,120 --> 00:32:21,800 to revisit in our research because we've realized that the 511 00:32:22,360 --> 00:32:28,120 platforms that realize Dark Dows are useful for other purposes 512 00:32:28,120 --> 00:32:32,160 and actually could have a pretty sweeping effect on the crypto 513 00:32:32,160 --> 00:32:36,960 ecosystem the Dark DAO has originally conceived. 514 00:32:37,480 --> 00:32:42,840 And it was my then PhD student, Phil Diane, who was leading work 515 00:32:42,840 --> 00:32:47,360 on on Dark Dows at the time. We're first considering it as we 516 00:32:47,360 --> 00:32:51,960 were defining it then dark Dows are were dows whose purpose was 517 00:32:51,960 --> 00:32:56,920 to disrupt or influence the operation of victim dows, if you 518 00:32:56,920 --> 00:33:01,960 will, and to do that through bribery, voting bribery. 519 00:33:02,760 --> 00:33:06,360 They were dark in two senses. Dark in the sense that they had 520 00:33:06,360 --> 00:33:12,480 this kind of malevolent or at least adversarial goal swing 521 00:33:12,480 --> 00:33:16,240 votes on proposals in the Dow. Dark also in the sense that we 522 00:33:16,240 --> 00:33:18,800 showed that they could be constructed confidential, 523 00:33:19,000 --> 00:33:22,640 confidential and we were considering at the time the use 524 00:33:22,640 --> 00:33:25,600 of trusted execution environments for this purpose. 525 00:33:26,800 --> 00:33:32,760 But so in principle, you can set up a Dow in a trust execution 526 00:33:32,760 --> 00:33:37,160 environment whose operations and behavior are not visible on 527 00:33:37,160 --> 00:33:42,600 chain that orchestrates bribery, allows voters in a particular 528 00:33:42,600 --> 00:33:46,760 Dow to go claim rewards if they commit to voting a particular 529 00:33:46,760 --> 00:33:49,080 way. That was that was the idea in 530 00:33:49,080 --> 00:33:51,320 the nutshell. As I said, this has more 531 00:33:51,320 --> 00:33:54,760 sweeping ramifications because it turns out that the ways that 532 00:33:54,760 --> 00:33:59,840 you would enforce compliance with a bribery regime in the 533 00:33:59,840 --> 00:34:03,520 dark Dow can be used to manipulate other systems as 534 00:34:03,520 --> 00:34:05,120 well. We can talk about some of the 535 00:34:05,400 --> 00:34:10,719 potential other impacts of dark Dow, like approaches to control. 536 00:34:10,960 --> 00:34:17,480 So like an example here would be there is a, you know, some 537 00:34:17,480 --> 00:34:22,840 community pool has some money in it and I make a proposal, pay it 538 00:34:22,960 --> 00:34:28,719 to me and I put up some bounty that anyone who votes in this 539 00:34:28,719 --> 00:34:34,040 direction can then, for example, get a bunch of maybe I'll put 540 00:34:34,040 --> 00:34:37,360 like half of this payout in in that fool. 541 00:34:37,679 --> 00:34:42,760 And then people who vote that way can basically sort of get 542 00:34:42,760 --> 00:34:47,080 the money and plunder it. Something like that would be 543 00:34:47,080 --> 00:34:48,880 like an example. Or. 544 00:34:50,080 --> 00:34:52,080 Yeah. So that's so that's basically 545 00:34:52,120 --> 00:34:55,520 the the idea. And in fact such bribery markets 546 00:34:55,600 --> 00:35:00,160 exist today or certain D5 protocols that was basically a 547 00:35:00,160 --> 00:35:05,000 quarter billion dollar market in on chain bribery protocols. 548 00:35:05,640 --> 00:35:10,360 But the particular danger that a dark doubt poses is the fact 549 00:35:10,360 --> 00:35:12,840 that you can do this confidentially and that means 550 00:35:12,840 --> 00:35:15,160 it's hard to orchestrate defenses against it. 551 00:35:15,840 --> 00:35:19,960 The basic technique involved here is something we call key 552 00:35:19,960 --> 00:35:23,000 encumbrance. Basically the idea is that you 553 00:35:23,000 --> 00:35:28,440 hand over your private key to an application running in a trusted 554 00:35:28,440 --> 00:35:31,280 execution environment. Think of it as a private smart 555 00:35:31,280 --> 00:35:33,440 contract, right? So your key is now sitting in 556 00:35:33,440 --> 00:35:37,080 this private smart contract. It's like a like a wallet 557 00:35:37,080 --> 00:35:40,880 contract. And you can use this contract to 558 00:35:40,880 --> 00:35:43,960 commit to doing things like voting a particular way in the 559 00:35:43,960 --> 00:35:46,960 Dow. But you can also have this 560 00:35:47,800 --> 00:35:51,640 wallet contract, if you will. Private wallet contract can have 561 00:35:51,640 --> 00:35:55,480 you commit to doing other things or constrain uses of your keys 562 00:35:55,480 --> 00:35:58,800 in other ways so that you can take your control. 563 00:35:59,760 --> 00:36:02,880 Take the control you have over particular assets, either 564 00:36:02,880 --> 00:36:06,360 governance tokens or something else, and do a whole range of 565 00:36:06,360 --> 00:36:10,240 interesting things, lending them, selling them, renting 566 00:36:10,240 --> 00:36:13,640 them. And that, as I said, can have 567 00:36:13,760 --> 00:36:19,080 pretty sweeping implications for the crypto ecosystem as a whole. 568 00:36:20,480 --> 00:36:26,800 So to give an example here, let's say I'd have, you know, a 569 00:36:26,800 --> 00:36:31,480 token like Lido. I would then basically like, 570 00:36:31,480 --> 00:36:36,480 let's say some kind of wallet would be created that presumably 571 00:36:36,480 --> 00:36:41,040 I, that would be like maybe the code would be open source so I 572 00:36:41,040 --> 00:36:46,960 could inspect it and then it would run on some tee and I 573 00:36:46,960 --> 00:36:53,880 would put my, my coins on there. And then for example, let's say 574 00:36:53,880 --> 00:36:55,560 they would be locked there for a month. 575 00:36:55,560 --> 00:36:59,080 I couldn't transfer them out and someone else could, could, could 576 00:36:59,080 --> 00:37:01,480 just vote them but not do anything else. 577 00:37:02,120 --> 00:37:04,840 So use them in governance and they compensate me for that. 578 00:37:04,840 --> 00:37:07,440 And then after a month I can sort of like take them out 579 00:37:07,440 --> 00:37:11,160 again, something like that. Exactly. 580 00:37:11,200 --> 00:37:15,080 So you need to generate your key inside this wallet because if 581 00:37:15,120 --> 00:37:20,080 you generate it elsewhere then you have control, individual 582 00:37:20,080 --> 00:37:22,880 control over it as opposed to having the wallet controlled 583 00:37:22,880 --> 00:37:25,960 exclusively, right. But yes, so you'd set up a 584 00:37:25,960 --> 00:37:29,120 wallet and indeed you can lend to assets that way and you can 585 00:37:29,120 --> 00:37:32,040 do lots of other things. So for instance, you know, this 586 00:37:32,040 --> 00:37:35,480 is notion of soul bound tokens, which are credentials that a 587 00:37:35,480 --> 00:37:37,720 user is not supposed to lend to others. 588 00:37:37,800 --> 00:37:42,640 As the term soul bound suggests, it's supposed to be associated 589 00:37:42,640 --> 00:37:46,040 with a single individual or an entire lifetime. 590 00:37:46,520 --> 00:37:49,680 Well, if you had a soul bound token in this environment, in 591 00:37:49,680 --> 00:37:55,080 this key encumbered environment, confidential wallet environment, 592 00:37:55,480 --> 00:37:58,880 you could, you could lend it out to someone else and the fact 593 00:37:58,880 --> 00:38:01,240 that you're lending it out would not be visible on shape. 594 00:38:01,760 --> 00:38:05,720 And so you would basically be breaking the fundamental 595 00:38:05,720 --> 00:38:09,000 property of the soul bound token would no longer be soul bound. 596 00:38:09,360 --> 00:38:14,080 That's another example. Yet another example would be pre 597 00:38:14,080 --> 00:38:19,280 selling air drops or taking tokens that are supposed to be 598 00:38:19,280 --> 00:38:23,960 subject to a locking period and unlocking them prematurely by 599 00:38:24,160 --> 00:38:28,200 transferring ownership in this kind of hidden wallet off chain. 600 00:38:28,640 --> 00:38:31,240 There's a couple of the other things you could do with this 601 00:38:31,240 --> 00:38:36,440 type of environment. How, how would such a wallet be 602 00:38:36,440 --> 00:38:39,440 hosted? Because like somebody it is now 603 00:38:39,440 --> 00:38:43,240 in some server, let's say it runs Intel SGX. 604 00:38:43,720 --> 00:38:48,480 And I mean, presumably someone could just unplug that server 605 00:38:48,880 --> 00:38:52,440 and maybe they can't like steal the money, but also they could 606 00:38:52,440 --> 00:38:55,520 sort of interrupt it from functioning or, or would this 607 00:38:55,520 --> 00:38:59,240 have to, would this have to be its own decentralized network? 608 00:39:00,880 --> 00:39:04,920 So there there are a couple of options here. 1 is to use a 609 00:39:06,040 --> 00:39:09,080 centralized system like a cloud provider. 610 00:39:09,360 --> 00:39:14,920 They have pretty good uptime and pretty strong guarantees around 611 00:39:14,920 --> 00:39:17,480 the availability of resources to end users. 612 00:39:17,880 --> 00:39:19,680 But of course they're not decentralized systems. 613 00:39:19,680 --> 00:39:22,040 They don't give you the guarantees for accustomed to web 614 00:39:22,040 --> 00:39:24,800 3. An alternative is to use a TE 615 00:39:25,240 --> 00:39:29,200 based blockchain like Oasis. I don't know a secret network or 616 00:39:29,200 --> 00:39:32,600 something right Which are designed essentially for 617 00:39:32,920 --> 00:39:35,960 applications of this type. Obviously not the malicious 618 00:39:35,960 --> 00:39:40,720 variety, but applications that run the equivalent of smart 619 00:39:40,720 --> 00:39:43,880 contracts in trusted execution environments. 620 00:39:44,960 --> 00:39:47,680 But like, let's say if in the first example, if it's like on 621 00:39:47,680 --> 00:39:52,120 AWS or something, then well, some party still has, you know, 622 00:39:52,120 --> 00:39:56,000 is the owner of that AWS account and they could go in that admin 623 00:39:56,000 --> 00:39:59,480 dashboard and be like, oh, stop this server from running. 624 00:40:00,680 --> 00:40:03,640 Yeah. So that that indeed would be 625 00:40:03,960 --> 00:40:05,600 that would be a potential risk, right. 626 00:40:05,600 --> 00:40:08,200 So you would need to find some way to prevent that from 627 00:40:08,200 --> 00:40:14,840 happening, and not entirely clear how you do that, but you 628 00:40:14,840 --> 00:40:17,400 might may be able to lock yourself out of your own account 629 00:40:17,400 --> 00:40:22,240 demonstrably, or you can have group administered service or 630 00:40:22,240 --> 00:40:27,800 something else. The other example would be like, 631 00:40:27,800 --> 00:40:33,800 let's say the Oasis example you made that I guess sort of tie 632 00:40:33,800 --> 00:40:36,400 seems to tie in a little bit with this like chain abstraction 633 00:40:36,400 --> 00:40:39,440 topic, for example, right? Because let's say Oasis is on 634 00:40:39,440 --> 00:40:43,880 blockchain. If I would want to control some 635 00:40:43,880 --> 00:40:47,880 let's say Lido token, right, which can vote on Ethereum or 636 00:40:47,880 --> 00:40:51,480 it's an Ethereum token, then I'd have to be able to generate like 637 00:40:51,480 --> 00:40:54,200 an Ethereum address in there, have an Ethereum contract and 638 00:40:54,200 --> 00:40:59,880 then it could generate emit this transcend transaction from Oasis 639 00:40:59,880 --> 00:41:03,960 that then somehow somebody would take and broadcast on Ethereum 640 00:41:03,960 --> 00:41:06,480 or. Yep, and that's exactly what 641 00:41:06,480 --> 00:41:09,760 we're doing in a research project we'll be releasing a 642 00:41:09,760 --> 00:41:13,000 paper on imminently. This is led by my PhD student 643 00:41:13,120 --> 00:41:18,120 James Oustken. We have created a system we call 644 00:41:18,120 --> 00:41:24,000 Liquefaction that runs on Oasis but enables all these 645 00:41:24,000 --> 00:41:28,320 applications in Ethereum or on any blockchain of your choice, 646 00:41:28,440 --> 00:41:30,640 right. So the the key is encumbered or 647 00:41:30,640 --> 00:41:34,120 controlled in or sitting in a wallet in Oasis, but the key is 648 00:41:34,120 --> 00:41:37,440 for assets on some other blockchain, potentially like a 649 00:41:37,440 --> 00:41:39,600 Sherry. Cool, cool. 650 00:41:39,960 --> 00:41:45,360 I mean presumably also lots of non nefarious utilities for this 651 00:41:45,360 --> 00:41:47,160 kind of application. Yeah. 652 00:41:47,160 --> 00:41:48,920 So 2 important things to point out. 653 00:41:49,040 --> 00:41:52,600 Number one, that there are lots of beneficial applications as 654 00:41:52,600 --> 00:41:54,160 well. So an example would be, for 655 00:41:54,160 --> 00:41:58,320 instance, a privacy preserving version of Constitution Dow. 656 00:41:58,320 --> 00:42:01,680 Do you remember Constitution Dow raised, you know, 10s of 657 00:42:01,680 --> 00:42:05,280 millions of dollars to buy a copy of the US Constitution at 658 00:42:05,280 --> 00:42:07,680 auction. But the project was completely 659 00:42:07,680 --> 00:42:11,040 transparent. So, you know, hedge fund manager 660 00:42:11,040 --> 00:42:13,080 was able to come along in but and easily outbid them. 661 00:42:13,800 --> 00:42:18,920 You could create a confidential version of constitution Dow 662 00:42:18,920 --> 00:42:23,920 where investors get either no indication or only a very 663 00:42:23,920 --> 00:42:27,400 general indication of what funds have been raised up to a certain 664 00:42:27,440 --> 00:42:31,000 point and could do that. And and there are lots of other 665 00:42:31,120 --> 00:42:33,240 potential applications as well known as this. 666 00:42:33,800 --> 00:42:37,320 We're basically talking about turning assets liquid right and 667 00:42:37,320 --> 00:42:39,640 liquid staking. You might, depending on your 668 00:42:39,640 --> 00:42:43,400 perspective, view as a positive application and liquification if 669 00:42:43,400 --> 00:42:47,000 you will. Liquefaction of other assets can 670 00:42:47,000 --> 00:42:50,280 be beneficial as well. Second important point to make 671 00:42:50,560 --> 00:42:54,760 is that if you don't want your system to be subject to 672 00:42:55,920 --> 00:42:59,960 liquefaction of this type as you want a system whose assets can't 673 00:42:59,960 --> 00:43:05,040 be liquefied, there is a countermeasure to key 674 00:43:05,040 --> 00:43:07,600 encumbrance to use of T ES as ones. 675 00:43:08,120 --> 00:43:10,040 And that's something called complete knowledge. 676 00:43:10,920 --> 00:43:17,360 And this is a system that or idea that my group developed in 677 00:43:17,360 --> 00:43:19,000 collaboration with Vitalik Bootre. 678 00:43:19,440 --> 00:43:24,000 And the the idea essentially is that in order to use the system, 679 00:43:24,360 --> 00:43:27,320 you need to prove that the key you're using, private key you're 680 00:43:27,320 --> 00:43:31,960 using to interact with it is not sitting in a TE application of 681 00:43:31,960 --> 00:43:34,480 the type we've been described. It is not encumbered. 682 00:43:35,400 --> 00:43:38,480 How do you do that? Well, one simple way is to fight 683 00:43:38,480 --> 00:43:43,080 fire with fire. You generate your key in a TE 684 00:43:43,080 --> 00:43:47,160 application that spits out the key and then proves that it's 685 00:43:47,160 --> 00:43:50,200 spitted out. In other words, it demonstrates 686 00:43:50,200 --> 00:43:53,440 that you, the user, know the key and therefore it can't be 687 00:43:53,440 --> 00:43:56,960 controlled exclusively by one of these confidential wallets. 688 00:43:57,440 --> 00:44:00,000 So it's a fairly practical countermeasure. 689 00:44:01,080 --> 00:44:05,360 Could you run the tee inside another tee or something to then 690 00:44:05,400 --> 00:44:07,920 prove that you discarded the spit out key? 691 00:44:08,440 --> 00:44:10,240 That yeah. So that would be a problem. 692 00:44:10,240 --> 00:44:14,560 If you had nested T ES that then we'd be in trouble or you would 693 00:44:14,560 --> 00:44:18,920 need nested proof of complete knowledge. 694 00:44:19,480 --> 00:44:22,240 Go down that path and things get pretty tricky. 695 00:44:22,520 --> 00:44:25,640 But you make an important point that which is that we're we're 696 00:44:25,680 --> 00:44:29,440 we're assuming at least in the initial development of these 697 00:44:29,440 --> 00:44:32,640 things that that there are no nested Tees sitting around 698 00:44:32,640 --> 00:44:34,360 anywhere. Yeah. 699 00:44:34,360 --> 00:44:38,320 OK, OK, great. I guess we are starting to to, 700 00:44:39,120 --> 00:44:43,320 to see stuff like that. I mean, I, I feel like probably 701 00:44:43,320 --> 00:44:47,880 the most the one of the most obvious use cases, right for T 702 00:44:47,880 --> 00:44:51,280 ES, I do imagine is that kind of intersection right between. 703 00:44:51,280 --> 00:44:53,560 I mean, we've kind of talked about it earlier a bit with the 704 00:44:53,560 --> 00:44:59,160 Oracle thing, right, where you have some smart contract and the 705 00:44:59,160 --> 00:45:04,360 smart contract wants to be able to use an LLM, right? 706 00:45:04,360 --> 00:45:08,240 And then have some kind of something, you know, LM is 707 00:45:08,240 --> 00:45:11,280 called off chain and the result is written back on chain. 708 00:45:11,280 --> 00:45:15,080 And I mean, I think that could be interesting from the 709 00:45:15,080 --> 00:45:19,720 perspective of, you know, this AI crypto merger, but maybe also 710 00:45:19,720 --> 00:45:24,120 actually very powerful to get dials really to the place where 711 00:45:24,120 --> 00:45:28,840 they become more powerful and functional. 712 00:45:29,480 --> 00:45:32,560 I mean, I know, for example, the topic of, you know, prediction 713 00:45:32,560 --> 00:45:35,440 mark is also one thing that people were, you know, been very 714 00:45:35,440 --> 00:45:36,800 interested in since the beginning. 715 00:45:36,800 --> 00:45:39,920 And they've kind of haven't gotten too much traction, maybe 716 00:45:39,920 --> 00:45:42,800 except some like very limited use cases like the elections. 717 00:45:43,440 --> 00:45:46,200 But I know for example, diagnosis people that were 718 00:45:46,200 --> 00:45:49,360 working a lot of that they they felt that like, well, if you can 719 00:45:49,360 --> 00:45:54,240 have like LLMS that are basically playing like bought 720 00:45:54,240 --> 00:45:57,240 that are betting in these prediction markets, maybe you 721 00:45:57,240 --> 00:46:00,320 can start having, you can start actually using them for like 722 00:46:00,440 --> 00:46:04,480 fine grained decisions somehow. Yeah. 723 00:46:04,480 --> 00:46:12,120 So TS would be a good way to execute LLMS with strong trust 724 00:46:12,120 --> 00:46:15,200 assurances. I mean, we do TS are very 725 00:46:15,200 --> 00:46:19,400 powerful and as you know, they're making real inroads into 726 00:46:19,480 --> 00:46:23,120 the crypto community. But we, it is important to 727 00:46:23,120 --> 00:46:25,800 emphasize that historically they've had pretty serious 728 00:46:25,800 --> 00:46:28,000 security vulnerabilities. And so of course there are a lot 729 00:46:28,000 --> 00:46:30,720 of people are skeptical ultimately about what sort of 730 00:46:30,720 --> 00:46:34,720 security we can afford. And additionally, as you were 731 00:46:34,720 --> 00:46:38,440 pointing out earlier, a TEE on its own doesn't give you any 732 00:46:38,440 --> 00:46:42,840 kind of liveness or censorship resistance guarantee, right? 733 00:46:42,840 --> 00:46:46,200 For that, you need to have a, a network of teens in place. 734 00:46:46,200 --> 00:46:48,960 You need to incorporate them into a blockchain or a 735 00:46:48,960 --> 00:46:51,840 decentralized Oracle system on something else. 736 00:46:52,160 --> 00:46:56,560 But that said, I I think they're an incredibly powerful and 737 00:46:56,560 --> 00:47:00,960 promising technology, and I would expect them to have a huge 738 00:47:00,960 --> 00:47:05,000 impact on the crypto ecosystem if we can live with their 739 00:47:05,000 --> 00:47:07,320 potential vulnerabilities, right? 740 00:47:07,400 --> 00:47:10,720 In fact, they are able to do essentially all of the fancy 741 00:47:10,720 --> 00:47:15,360 cryptography that has received so much attention of like in the 742 00:47:15,360 --> 00:47:18,760 crypto community. 0 knowledge proves to be an example or 743 00:47:18,760 --> 00:47:21,640 secure multi party computation. All these things essentially get 744 00:47:21,640 --> 00:47:24,200 consumed by TE if you trust the team. 745 00:47:25,480 --> 00:47:27,120 Yeah. And they become like much 746 00:47:27,120 --> 00:47:29,880 simpler and much more achievable in the short term and much 747 00:47:29,880 --> 00:47:31,920 cheaper and more scalable, right? 748 00:47:31,920 --> 00:47:35,800 Because I guess if you know things like ZK, right, very 749 00:47:35,800 --> 00:47:41,880 computationally extensive, slow, and a lot of challenges around 750 00:47:41,880 --> 00:47:43,800 that. Yeah, exactly. 751 00:47:44,920 --> 00:47:48,520 So TESI mean, we mentioned SGXA bunch of times. 752 00:47:48,520 --> 00:47:52,040 I think that's as far as I am aware, I don't know, but was 753 00:47:52,040 --> 00:47:54,720 maybe like the first one or first one to get like traction, 754 00:47:54,720 --> 00:47:58,120 so created by Intel. But of course, always one of the 755 00:47:58,120 --> 00:48:00,840 contents just like, well, this is like, you know, one large 756 00:48:01,200 --> 00:48:05,640 company that controls these that could potentially, I think also 757 00:48:05,640 --> 00:48:08,680 like maybe I don't know if that's actually true, if they 758 00:48:08,680 --> 00:48:15,240 could like sort of attest or or declare things to be ATE that an 759 00:48:15,240 --> 00:48:17,320 Intel SGX server that actually is not. 760 00:48:18,120 --> 00:48:19,560 There's a lot of. Innovation happening there. 761 00:48:19,560 --> 00:48:24,520 Do we see a lot of maybe open source T ES or alternatives 762 00:48:24,520 --> 00:48:29,640 where you're not as dependent on Intel? 763 00:48:30,600 --> 00:48:32,480 Yeah. So a few things to note here. 764 00:48:32,520 --> 00:48:38,840 Number one, the range of TE technologies available to the 765 00:48:38,840 --> 00:48:44,200 community is is slowly growing. Recently NVIDIA for instance has 766 00:48:44,200 --> 00:48:51,800 started to support essentially extension to the Intel Trust 767 00:48:51,800 --> 00:48:59,200 domain in in its GP US. AMD has a kind of variant on the 768 00:49:00,520 --> 00:49:05,920 Intel TE, and in fact, ARM has begun to incorporate recently 769 00:49:05,920 --> 00:49:10,360 into its chipsets T ES that look like Intel T ES. 770 00:49:11,000 --> 00:49:13,600 T ES, to be clear, been around for a while. 771 00:49:13,600 --> 00:49:15,880 And if you have an iPhone, you've got ATE. 772 00:49:16,200 --> 00:49:20,520 But some of them, like the one in your iPhone, lack what are 773 00:49:20,520 --> 00:49:22,600 known as attestation capabilities, the ability to 774 00:49:22,600 --> 00:49:24,440 prove things to the third parties. 775 00:49:24,840 --> 00:49:27,440 But all of the different variants I mentioned just a 776 00:49:27,440 --> 00:49:29,960 moment ago have attestation capabilities. 777 00:49:29,960 --> 00:49:32,400 So T ES with attestation capabilities that become more 778 00:49:32,400 --> 00:49:35,560 widely available. Those are still not open source. 779 00:49:35,720 --> 00:49:39,480 There are attempts to create open source T ES with 780 00:49:39,480 --> 00:49:43,560 attestation capabilities, but that's a really challenging 781 00:49:43,560 --> 00:49:47,880 problem that encompasses both computer science and physics, 782 00:49:48,160 --> 00:49:51,560 and I don't have tremendous confidence that we'll see 783 00:49:51,560 --> 00:49:53,520 anything of that kind in the near future. 784 00:49:55,480 --> 00:49:58,840 Maybe one more topic that we can we can touch on. 785 00:49:59,400 --> 00:50:04,120 So you know I mentioned earlier. You're working around Mev, you 786 00:50:04,120 --> 00:50:08,240 know you co-authored with Phil. Diane who went on to start Flash 787 00:50:08,640 --> 00:50:13,240 bought the paper Flash Boys 2.0, which was sort of the the 788 00:50:13,240 --> 00:50:17,360 inception certainly in the same in the, in the in the mind or in 789 00:50:17,360 --> 00:50:23,960 the awareness of MEV and you've done some work around proof of 790 00:50:23,960 --> 00:50:29,240 Fair transaction ordering. Can you explain what is, what 791 00:50:29,240 --> 00:50:32,080 does that mean and how does that work? 792 00:50:33,720 --> 00:50:38,520 Yeah, so since the flash boys 2 dot O paper came out and since 793 00:50:38,560 --> 00:50:43,520 the rise of in some cases exploitive forms of MEV 794 00:50:43,560 --> 00:50:45,920 extraction. Not all forms of MEV are bad of 795 00:50:45,920 --> 00:50:48,920 course, but detrimental ones around. 796 00:50:49,600 --> 00:50:54,520 My group has been thinking about ways to mitigate the the impact 797 00:50:54,520 --> 00:51:00,000 of MEV, ideally to get rid of most forms of exploitive MEV. 798 00:51:00,880 --> 00:51:03,600 One of the approaches that we've been looking at is what we call 799 00:51:03,600 --> 00:51:06,040 fair ordering. In particular share temporal 800 00:51:06,040 --> 00:51:10,480 ordering, which is really just a fancy name for first come, first 801 00:51:10,480 --> 00:51:14,880 serve ordering of transactions. And that seems like a simple 802 00:51:14,880 --> 00:51:17,440 thing at first, right? You know, you set up some 803 00:51:17,480 --> 00:51:20,600 machine and it just orders transactions according to the 804 00:51:20,600 --> 00:51:23,800 time that it sees them. Turns out to be actually quite 805 00:51:23,800 --> 00:51:27,000 tricky if you do it want to do it in a decentralized way. 806 00:51:27,800 --> 00:51:30,640 And the reason is that you've if you've got a network of say 10 807 00:51:30,640 --> 00:51:34,640 nodes receiving transactions, those nodes depending on where 808 00:51:34,640 --> 00:51:36,920 they're sitting and where the transactions originated are 809 00:51:36,920 --> 00:51:39,120 going to see different transactions at different times 810 00:51:39,360 --> 00:51:42,120 and in different orders and somehow they have to reconcile 811 00:51:42,120 --> 00:51:44,800 their disparate views of when transactions have been received. 812 00:51:45,360 --> 00:51:47,640 In addition, you know, maybe some of those work nodes go 813 00:51:47,640 --> 00:51:51,720 rogue and cheat and try to order transactions adversarially. 814 00:51:52,400 --> 00:51:56,280 So we've developed some techniques that address this 815 00:51:56,280 --> 00:52:03,640 problem achieving forms of Fair ordering that are resilient to 816 00:52:04,160 --> 00:52:08,960 some number of malicious nodes and provide some nice properties 817 00:52:08,960 --> 00:52:11,480 even when nodes transactions at different times. 818 00:52:11,960 --> 00:52:14,280 And this is this is something we worked on for a few years. 819 00:52:14,760 --> 00:52:17,720 The problem with the approaches we developed was that they 820 00:52:17,720 --> 00:52:22,160 assumed that you've got, you know, a quorum significant 821 00:52:22,160 --> 00:52:25,800 majority of honest nodes. And the question is, how do you 822 00:52:25,800 --> 00:52:28,760 enforce that, right? We've seen that there's a 823 00:52:28,760 --> 00:52:32,640 willingness, I mean, there's a monetary incentive to order 824 00:52:32,640 --> 00:52:36,680 transactions in ways that support arbitrage nodes that 825 00:52:36,680 --> 00:52:40,920 allow users, I mean, to put it bluntly, that allow users 826 00:52:40,920 --> 00:52:42,840 pockets to be picked. If there's money on the table, 827 00:52:42,840 --> 00:52:45,280 somebody's going to pick it up. So how do you ensure that nodes 828 00:52:45,280 --> 00:52:47,160 are actually ordering transactions parallel? 829 00:52:47,880 --> 00:52:50,960 And we couldn't find a solution to this problem until recently 830 00:52:51,440 --> 00:52:55,800 when we developed a system that we call Prof, which stands for 831 00:52:55,920 --> 00:52:59,560 protected Order flow. The concept behind Prof is 832 00:52:59,560 --> 00:53:02,680 pretty simple. And again, it it leverages trust 833 00:53:02,680 --> 00:53:05,440 execution environments. As we were discussing that very 834 00:53:05,440 --> 00:53:06,680 powerful. It's a number of different 835 00:53:06,680 --> 00:53:08,640 things. So here's the idea. 836 00:53:09,120 --> 00:53:12,080 Transactions get ordered. Let's just assume that some 837 00:53:12,080 --> 00:53:17,880 transactions get ordered fairly and are incorporated into a 838 00:53:17,880 --> 00:53:21,680 bundle on the TE and you can order them fairly however you 839 00:53:21,680 --> 00:53:24,600 like using the first come first serve approach I suggested. 840 00:53:24,640 --> 00:53:28,360 Or just have transactions enter the TE encrypted form that can 841 00:53:28,360 --> 00:53:31,320 also ensure some degree of fairness or both the number of 842 00:53:31,320 --> 00:53:33,480 different ways you can do this. But let's suppose you got this 843 00:53:33,480 --> 00:53:36,640 bundle of fairly ordered transactions sitting in the TE. 844 00:53:37,200 --> 00:53:40,720 The question is now how do you get those transactions on chain 845 00:53:41,240 --> 00:53:45,360 in a way that is going to carry the right incentives? 846 00:53:45,400 --> 00:53:50,800 That's how do you incentivize validators not to muck with 847 00:53:50,800 --> 00:53:54,120 these transactions to accept the bundle in its fairly ordered 848 00:53:54,120 --> 00:53:57,200 form as a prop does this in a very simple way. 849 00:53:57,960 --> 00:54:02,640 It takes a block that was about to go to a validator and it 850 00:54:03,240 --> 00:54:08,840 basically adds to it internally this fairly ordered bundle and 851 00:54:08,960 --> 00:54:12,560 it makes this take it or leave it proposition to the validator. 852 00:54:12,640 --> 00:54:15,640 And I'm simplifying things, of course, not considering all the 853 00:54:15,640 --> 00:54:19,080 nuts and bolts infrastructure that offers this kind of take it 854 00:54:19,080 --> 00:54:21,560 or leave a deal. The valid IT says, OK, you can 855 00:54:21,560 --> 00:54:25,320 take this block that has this extra bundle attached. 856 00:54:25,880 --> 00:54:28,320 And if you do that, we're going to give you a little extra 857 00:54:28,320 --> 00:54:31,320 reward, like an epsilon reward, say an extra penny. 858 00:54:31,800 --> 00:54:34,640 So you can do that, but you have to leave the bundle intact and 859 00:54:34,640 --> 00:54:37,120 the TS going to make sure that you leave the bundle intact. 860 00:54:37,720 --> 00:54:40,280 Or you can just not take the bundle, you get the original 861 00:54:40,280 --> 00:54:41,920 block and then you give up the penny. 862 00:54:43,080 --> 00:54:46,640 Well, a rational validator, profit maximizing validator 863 00:54:46,640 --> 00:54:50,160 obviously is going to choose to allow this bundle that will pend 864 00:54:50,160 --> 00:54:52,680 it to the end of the block. That's better to have an extra 865 00:54:52,680 --> 00:54:56,720 penny than not. And so this simple mechanism we 866 00:54:56,720 --> 00:55:03,160 think makes barely ordered transactions monetarily 867 00:55:03,160 --> 00:55:07,040 appealing within existing infrastructure now within the 868 00:55:07,120 --> 00:55:09,560 the PBS infrastructure and the supply chain. 869 00:55:11,960 --> 00:55:14,280 OK, actually I didn't totally understand why that would. 870 00:55:14,280 --> 00:55:15,480 Be the case. So. 871 00:55:16,840 --> 00:55:18,400 So you get a, you're a validator. 872 00:55:18,400 --> 00:55:20,120 I'm giving you a choice between two blocks. 873 00:55:20,320 --> 00:55:23,920 Give you block a which was constructed by a builder 874 00:55:23,920 --> 00:55:25,160 somewhere, right? So this is. 875 00:55:25,280 --> 00:55:29,080 Oh, so you you're assuming here the proposal builder separation, 876 00:55:29,080 --> 00:55:32,080 so this. Is you? 877 00:55:32,160 --> 00:55:33,680 Yeah. So we designed it to work with 878 00:55:33,680 --> 00:55:37,800 proposal builder separation. Although we can work, it's a, it 879 00:55:37,880 --> 00:55:39,640 operates on a pretty general principle. 880 00:55:39,720 --> 00:55:43,320 So it, it could work outside existing PBS infrastructure. 881 00:55:43,680 --> 00:55:46,400 But the idea is, you know, you got the, you can take this block 882 00:55:46,440 --> 00:55:49,280 a, right, which is just constructed by a builder or 883 00:55:49,280 --> 00:55:51,280 constructed somehow doesn't really matter. 884 00:55:53,240 --> 00:55:58,720 And you get a certain reward, you know, reward RR dollars or 885 00:55:58,800 --> 00:56:00,680 you can take block B. What is block B? 886 00:56:00,680 --> 00:56:04,440 Block B is block A plus this extra little bundle with A with 887 00:56:04,440 --> 00:56:09,000 A1 penny additional incentive. So if you take block B, you get 888 00:56:09,000 --> 00:56:12,840 R dollars plus a penny. And obviously you as a 889 00:56:12,840 --> 00:56:14,480 validator, you want to maximize your profits. 890 00:56:14,480 --> 00:56:17,360 You're going to take block B, we'll take the extra penny, and 891 00:56:17,360 --> 00:56:21,560 in so doing you will accept this barely ordered bundle that comes 892 00:56:21,560 --> 00:56:24,920 at the end of block B. That's the idea in a nutshell. 893 00:56:25,720 --> 00:56:28,000 Yeah. So I mean actually at at course 894 00:56:28,000 --> 00:56:30,200 one, so the the company I mainly run. 895 00:56:30,200 --> 00:56:35,240 So we have, we have done work on exactly that problem with the 896 00:56:35,240 --> 00:56:41,600 DYDX chain. And basically the, the thing we 897 00:56:41,600 --> 00:56:46,040 did there, the the sort of solution or our research team 898 00:56:46,040 --> 00:56:49,280 design, which is the thing that ended up implementing was 899 00:56:49,280 --> 00:56:53,400 basically to say that like, you know, each validator would have 900 00:56:53,400 --> 00:56:56,520 their own local, I mean there's no proposed builder separation, 901 00:56:56,520 --> 00:56:58,240 right? All the transactions go to the 902 00:56:58,360 --> 00:57:01,920 validators directly, but in each validator would basically, you 903 00:57:01,920 --> 00:57:05,480 know, have a local order of transactions as they receive it. 904 00:57:05,920 --> 00:57:08,680 And then when the proposer creates a block, they would 905 00:57:08,680 --> 00:57:13,040 basically see like, oh, how much is the divergence of that from 906 00:57:13,040 --> 00:57:15,360 the other validators and sort of score that. 907 00:57:15,840 --> 00:57:20,760 And then you know, if if the other, I mean it, it basically 908 00:57:21,320 --> 00:57:24,600 accepts that there is like some divergent, right? 909 00:57:24,600 --> 00:57:28,160 Because the validators will receive it in like somewhat of a 910 00:57:28,160 --> 00:57:30,600 different order. But that if it was like, you 911 00:57:30,600 --> 00:57:33,280 know, too much of A divergent, then basically, I mean, 912 00:57:33,280 --> 00:57:36,120 basically the block is scored in terms of how much it by each 913 00:57:36,120 --> 00:57:39,240 valid, how much it diverges from their own local view. 914 00:57:39,800 --> 00:57:43,680 And then you basically have this kind of statistical thing, 915 00:57:43,680 --> 00:57:47,120 right, where it could be like, OK, if they were to sort of mock 916 00:57:47,120 --> 00:57:50,080 with the transaction order, you know, you'd start to see this 917 00:57:50,080 --> 00:57:52,200 divergent and then they could be slashed. 918 00:57:52,680 --> 00:57:55,880 That's kind of like the the approach that that was taken 919 00:57:55,880 --> 00:57:57,120 there. I see. 920 00:57:57,600 --> 00:58:00,600 How do you prevent the validators from colluding so 921 00:58:00,600 --> 00:58:02,960 that they're all ordering transactions the same way and 922 00:58:02,960 --> 00:58:06,440 during the signal? Yeah, you can. 923 00:58:06,440 --> 00:58:11,120 Like, you couldn't really prevent that if there's, but you 924 00:58:11,120 --> 00:58:13,360 would have to probably. Have like a lot of validators 925 00:58:13,360 --> 00:58:16,000 colluding right or? Or like, I mean, it would still 926 00:58:16,000 --> 00:58:19,520 be detectable, I think. Yeah, it depends, right? 927 00:58:19,520 --> 00:58:21,360 If you have everyone colluding, of course they could. 928 00:58:21,360 --> 00:58:25,000 They could obviously cheat this mechanism. 929 00:58:25,880 --> 00:58:28,320 And if you have a majority colluding, then they could maybe 930 00:58:28,320 --> 00:58:31,040 make the ones who are actually honest look like the ones who 931 00:58:31,040 --> 00:58:33,480 are messing with the order, right. 932 00:58:33,480 --> 00:58:37,600 But but I think given that, I mean, this is also a little bit 933 00:58:37,600 --> 00:58:42,280 of a different dynamic or what given that, you know, the 934 00:58:42,280 --> 00:58:46,240 validators are chosen by the DYDX token holders, you know, 935 00:58:46,240 --> 00:58:48,800 who have an interest in the health of the system that helps, 936 00:58:48,800 --> 00:58:51,400 you know, they, it's very unlikely that you're going to 937 00:58:51,400 --> 00:58:54,880 have, you know, a bunch of malicious parties that basically 938 00:58:55,000 --> 00:58:58,720 control all the stake on and then collude against the network 939 00:58:58,720 --> 00:59:02,840 that just, you know, doesn't really, it's not very incentive, 940 00:59:04,360 --> 00:59:07,240 not extremely unlikely to happen, I think. 941 00:59:07,920 --> 00:59:12,560 Yeah, that that makes sense in the in the Ethereum setting, of 942 00:59:12,560 --> 00:59:16,440 course, you you can't assume that validators are not going to 943 00:59:16,440 --> 00:59:18,120 clue. That's what makes it especially 944 00:59:18,120 --> 00:59:20,200 challenging. But in the setting you're 945 00:59:20,200 --> 00:59:23,320 describing, it makes sense. Validators are chosen by the 946 00:59:23,320 --> 00:59:25,640 community. They're, well, I wouldn't be 947 00:59:25,640 --> 00:59:28,360 honest. It's essentially permission set. 948 00:59:29,880 --> 00:59:32,600 Cool. So what's the, what are the, 949 00:59:32,600 --> 00:59:37,000 when you think of the next year or two years, what are the 950 00:59:37,000 --> 00:59:42,200 research questions currently that you know you find most 951 00:59:42,200 --> 00:59:45,800 exciting or challenging or important that you're focusing 952 00:59:45,800 --> 00:59:50,160 on? Well, one of them is thinking 953 00:59:50,160 --> 00:59:56,160 about how blockchain systems can be beneficial to AI in the way 954 00:59:56,160 --> 00:59:58,720 that we were discussing earlier, you know, rather than just 955 00:59:58,720 --> 01:00:02,440 thinking about what AI can do for blockchains and. 956 01:00:03,720 --> 01:00:06,360 People have formulated a lot of answers to this question. 957 01:00:06,360 --> 01:00:09,160 Some of them don't make a lot of sense to me, you know, like 958 01:00:09,200 --> 01:00:12,640 being able to distinguish deep shakes meal conqurant, I'm not 959 01:00:12,640 --> 01:00:15,480 sure I buy. But I do think that the the 960 01:00:15,480 --> 01:00:18,880 tools that the community has developed for both integrity and 961 01:00:18,880 --> 01:00:22,800 confidentiality in the blockchain setting can be 962 01:00:22,800 --> 01:00:25,800 immensely useful in machine learning settings. 963 01:00:25,800 --> 01:00:28,360 So that's one of the things that I at least personally thinking a 964 01:00:28,360 --> 01:00:32,600 lot about. And my group I think will 965 01:00:32,600 --> 01:00:39,160 continue to explore Daos and figure out best practices for 966 01:00:39,160 --> 01:00:41,240 governments. One of the things that we're 967 01:00:41,240 --> 01:00:44,960 trying to understand now is what the mechanics of voting should 968 01:00:44,960 --> 01:00:49,560 look like today, you know, typically happens in snapshot, 969 01:00:49,560 --> 01:00:55,280 tally, whatever. And there's some peculiar things 970 01:00:55,280 --> 01:00:59,560 about the way that those systems are built from the perspective 971 01:00:59,560 --> 01:01:02,400 at least to the academic literature, one of them being 972 01:01:02,400 --> 01:01:06,280 that ballot secrecy isn't preserved throughout the voting 973 01:01:06,280 --> 01:01:09,520 process. It would seem beneficial to 974 01:01:09,520 --> 01:01:13,480 ensure ballot secrecy even through the through the tallying 975 01:01:13,480 --> 01:01:18,880 process, at least from the perspective of classical voting 976 01:01:18,880 --> 01:01:21,520 systems. In blockchain systems, there's a 977 01:01:21,520 --> 01:01:23,600 desire for some degree of transparency, though. 978 01:01:24,160 --> 01:01:30,240 So there's a real tension between what voting Dows want, 979 01:01:30,240 --> 01:01:34,520 DAO communities want, and these kind of foundational properties. 980 01:01:34,520 --> 01:01:35,920 And that's something we're trying to figure out. 981 01:01:35,920 --> 01:01:41,880 And our hope is to design voting systems that preserve as much 982 01:01:41,880 --> 01:01:46,080 privacy as is compatible with transparency objectives in DAO 983 01:01:46,160 --> 01:01:47,760 communities. And that turns out to be quite 984 01:01:47,760 --> 01:01:50,120 tricky. That's another thing we're 985 01:01:50,160 --> 01:01:52,720 thinking about. And then this whole business of 986 01:01:52,720 --> 01:01:55,520 liquefying assets and complete knowledge and figuring out the 987 01:01:55,520 --> 01:01:58,840 balance between those two, that's something we're still 988 01:01:58,920 --> 01:02:00,640 wrestling with. And I think there's a lot of 989 01:02:00,640 --> 01:02:03,800 research to be done, more a lot of interesting and impact 990 01:02:03,800 --> 01:02:06,600 holding research. Cool. 991 01:02:06,600 --> 01:02:09,360 Well, thank you so much, Ari. I think you continue making 992 01:02:09,560 --> 01:02:12,160 working on some really like interesting problems. 993 01:02:12,160 --> 01:02:18,200 And I, I think that definitely that whole teehee merging of AAI 994 01:02:18,200 --> 01:02:22,440 blockchain, I think that's going to end up being like a super 995 01:02:22,440 --> 01:02:24,400 vibrant area. Actually, I was just at dinner a 996 01:02:24,400 --> 01:02:28,960 few days ago where I don't know if you've heard of this thing 997 01:02:28,960 --> 01:02:32,640 called GOAT and something terminal. 998 01:02:34,160 --> 01:02:41,320 It's basically some kind of like AI supposed AI that's, you know, 999 01:02:41,320 --> 01:02:44,000 that's kind of interacting with this meme coin. 1000 01:02:44,360 --> 01:02:46,800 And but like one of the challenges is actually that you 1001 01:02:46,800 --> 01:02:49,480 cannot really like, you know, I'm challenged, I'm like Bob, 1002 01:02:49,480 --> 01:02:52,360 but is it really the AI that's like doing these things or is it 1003 01:02:52,360 --> 01:02:55,200 like some the person who you know? 1004 01:02:55,200 --> 01:02:58,160 Because it's like off. Chain not verifiable, but I 1005 01:02:58,160 --> 01:03:01,840 think it it kind of points to it points to the things that like, 1006 01:03:01,840 --> 01:03:04,960 because I think very, very soon you will be able to have it that 1007 01:03:04,960 --> 01:03:08,760 like, you know, you can have an AI starting to do stuff right 1008 01:03:08,760 --> 01:03:13,160 and people interacting with the AI and I think this is going to 1009 01:03:13,160 --> 01:03:16,000 give rise to some very fascinating and bizarre things. 1010 01:03:16,640 --> 01:03:20,440 For sure. So yeah, thanks so much for 1011 01:03:20,440 --> 01:03:21,680 coming on. I really enjoyed the 1012 01:03:21,680 --> 01:03:24,560 conversation. And of course, for, yeah, the 1013 01:03:24,560 --> 01:03:27,160 people listening, I think you definitely go check. 1014 01:03:27,160 --> 01:03:28,920 Out the the book the. Oracle. 1015 01:03:30,120 --> 01:03:34,080 I really enjoyed reading it. I feel it sort of points to the 1016 01:03:34,680 --> 01:03:39,160 yeah, like to some of the exciting, dangerous, scary 1017 01:03:39,160 --> 01:03:41,760 things that that will become possible with AI in crypto in 1018 01:03:41,760 --> 01:03:43,960 the future. So it was really well written 1019 01:03:43,960 --> 01:03:45,640 too. So if people like science 1020 01:03:45,640 --> 01:03:47,800 fiction, then go check out the Oracle. 1021 01:03:47,800 --> 01:03:49,520 And yeah, thanks so much for coming on. 1022 01:03:49,520 --> 01:03:52,560 I'm excited to, you know, have you again on at some point in 1023 01:03:52,560 --> 01:03:57,880 the future, maybe before 8 years have passed and we can talk 1024 01:03:57,880 --> 01:04:00,520 about, you know, all the, all the new things happening in 1025 01:04:00,520 --> 01:04:02,520 crypto. Thank you bro, it was a real 1026 01:04:02,520 --> 01:04:04,000 pleasure. Thank you for having me on.