Hashing It Out
Hashing It Out

Episode 2 · 3 years ago

Hashing It Out #2: Orie Steele

ABOUT THIS EPISODE

Orie Steele, CTO of Transmute Industries. Orie is the creator of the Transmute Platform, a rapid application development framework for centralized, decentralized, and hybrid Ethereum applications and services. We discuss language features of Solidity, scalability paradigms such as Truebit, building blockchain architectures, and off-chain scalability. We pull from his cyber security training to talk about security and best practices in smart contract development.

Now, enteringcind Atet work welcome to hashing it out potgaspe forretolk to the ATTECH intovators behind blocked in introstructure anddecentralized networks. We dive into the weeds to get at Wyan how peoplebuild this technology the problems they face along the way I'm listening tolearn from the Bestin, the business. You can join our racks, all right episode too hashing it outwith me, Dr Cort, Patty and Calin cuches. Always, and today we have ahoary steel from transmute Mransmute Industrieso we're going to be talkingto him about what they do, why they do it and um or hes general perception onthe entire space, then we're hopefully to get a little technical in fun withUS worry Howr you doing doing all right right on so uh Yiu start et out. Whydon't you give us a quick introduction on who you are what you do and how thatpertains to transmut industries and what they do awesome, yeah, so Mora Steel, CTO attransmute, Um, my backgrounds, insider security, I'vebeen playing in cryptography space since two thousand and seven twothousand and eight. When I initially went to college Um, we founded transmute about a year and ahalf ago, as we were building decentralized applications for somecustomers, and we found that it was like pretty hard to build theselike blocchain applications that were integrating with centralizedapplications, and so we founded the company to solve that problem for customers andso so right now, thes sort of two parts to our company like one PAROT, is thisconsulting services piece, which is you know where we help customers build outo concepts that are focussed on a specific application. usecase. Theother part is o r open source prameworkand platform, which isbasically just to provide developers with the tools they need to build,watching applications, cool and so ory. I've talked to youquite a bit about your your platform in the past, but Igotto say it's a it's a little hard for me to kind of focus on one particularthing at this time. Can you kind of go over a little more about your frameworkand what its goals are? Yeah- and I think, there's one tagline INS,particularl tha- think just stands out m about what you're trying to do forsolidity. So yeah just tollslite more about what you're trying to accomplishwith this. This framework re currently leveraging it yeah so Um. You know withsolidity lk the biggest problem with solidity is: There is not a lot ofdevelopers who understand it. So there's plenty of developers thatunderstand jobscript, and so we focus on sort of making the developmentexperience. For first time, baching developers is familiar to jabascript aspossible, so Um job script. Evelopers that are familiar with reducts willfind our framework really intuitive, because we're basically just using onesoliity smart contract to create a retex like interface for batchingapplication, so just to sort of to g get into the weedsright awaythe way. thes is you know what we do? Is We Take Normal Jabascript objects? We save them to ITFSS, we get hash back for them and we savethose Hashes to the Theorian smart contract and what that lets us do issave larger amounts of data with integrity checking to if Yhou're inblockchain bea sort of a convenient in erface. So if you're a first time, SOIdeveloper and you're, building a dessentualized application and all theapplication is really doing is managing stat everaging the immutable, Obit Logproperty of the block chain, Nanr Framwork, might be a good choice. Iwill mention that you know saving any amount of data to the ther in blockchain is kind of expensive, and so I think our framework, probably right now,is better suited for approof of authorities sort of set up wherethere's little, you know gas cost, but you know t's. The main idea behind theframework is to sort of say, jabascript developers you're familiar with redupts.You can go ahead and use use this framework to do the same kind of thing.You've always been doing and the framework will kind of block you to buyyour normal reducts application. All right, it's there's a lot of differentplaces. I can take this. I'm going to start with there's this concept thatI've I've had a problem with. Maybe I have a problem with, but it's certainlya roadblock that I've found and that slily is a is a language that's basedoff of Jalascript, which means that people who have spenta good portion of their development time in Javascript doing something likeweb development have gained some type of intuition, based on the applicationsthat they build on how to build those...

...applications, and then we develop helanguage. That's that emulates, that which isn't a good type of intuitionfor building smart contracts. RIHT EAH, resay that how you use jabascriptgives you a certain type of skillset which isn't necessarily intuitive forbuilding smart smart contracts. Rigtum. What do you think about that? Well, so I I completely agree with thatUm. You know it reminds me of when, when I was in school- and I was youknow- learning fundamentals of cryptography and we are starting totalk about N W building secure applications, one of the things thatgot drilled in my head over and over and over r again was just w. You seefor everything and absolutely never ever trust any cryptography. That'sdone in job script period, then Li professors and classmaits. Hewent on to work, you know in great places and they were all really reallynegative about. You know jabascript and you know heabibily to do anything secure in it and also sort ofjust like you said, like some of the general patterns that M job scriptdevelopers tend to pick up because of the structure of the language. So Ithink, like I agree with you, that it's it's a Dan, it's a dangerous place tostart. However, you know one of the biggest problems that I see in t eWatcchain base right now is seat of the lack of sort of adoption and jobscriptis a language that lots of people know and so, if you're trying to gain. Ifyou're trying to address a wider audience, it makessense to try and happen tossome of that knowledge. Now you Bou really carefulwhen you do that, but I think I think that the idea of behind solidity wasgreat. I think there's a lot of language teachures that it has that arenot really features that are kind of like things. Thich should have beenleft out of the language, so that's my mys of two cents on it. I I think thatit's good that saliditous familiar to jabscript developers in some sentence,but I also think that it, you know a lot of a lot of theinheritance structures and some of the other language features. It's not it'snot obvious to jabascript developers how much trouble they can get in rightaway and the fact that they can't just you know, publish a new distributableto a server and fix the problem has led to a lot of serious bugs yeah. I I kindof I kind of feel like saying that it's a jabascript like language is actuallyjust false like at this point. You know I mean like I, it looks like jabascripts got some some basic foundations of what it is, but like there's, no suchIAS, a mot, offier and jabascript th. There's no there's no like typing inJavascript, I mean you have to they. They tikg like type script. To makethat happen. You know the native core ecmascript standard doesn't necessarilysupport that. I think there's, I think more. The recent standards might, Idon't know I have to double check, but, like you know, there were things likeaction script back in the day for a flash which had typing and that werecool and it made things fast, INA in classes. But then you know like, likeall this amazing name, spacing stuff that you could do um anyway, but tha.Those are extensions over this concept of jabascript. The junscript itself isI I does not do the things that solidity is doing and there's noconcept of of you know. For instance, I I kind of consider thememory, the memory space issue of the state versus you know, memory thosekind of concepts on exist, a jabascript. You know like you, can't you can'tRaplicae D. somebody goes in and goes. Okay solidity is a jabascript likelanguage and then th. They pull up to the desk and they start saying: okay,I'll just get a code, no, no You'e you're, not you're, not you're,starting from scratch. It's a totally different language. It's a totallydifferent thing and it's really kind of a misnover to say: Arn, Novey Ter, butlike a missmisrepresentation to say that it is it is, it is ajabascriptlinguage, O bas of CRI Jus till think. It's the same thing. This is what Isaid. I think that I think there's a lot of language things in it that thatare not bad and modifiers are one of them. I don't dislike things like that.I just don't. Oh always got the face. What's going on Orri I mean so I I think modifiers are okay if you usethem sparingly, but when you start combining them with inheritance, Ithink it ry quickly becomes kind of a runawy train. So one of the things that you know I I look for that when I'mwriting solidity that I try and O is. I try and keep the number of externaldependencies a simple Ini, try and stick to one file as much as possible,and I know that you know given some of the language, some of some of thelibraries out there that people like to use like open Zepplin, like I, I very,very easily- becomes tempting to start importing a whole bunch of really powerful tools in trying toapply them to whatever the problem. Is that you're solving with your solidityCA? Bat, every piece of complexity that you add to a piece of software is HAtax surface, and...

I I I think you know modifiers when itcomes to inheritance, like you can very easily get into a situation wherepeople aren't really aware of what's going on, because the logic hasbeen split out so like. If you look at the the Viper language, like Readin, OGodhob, like the first, the bit of it or like the features that biper doesn'thave, that solidity has, and I think they, when I think about modifiers aninheritance siciliity. I think about that list. On Te, Wier Reed Mabe MeanMondifiers are essentially just a water down decorator. You know just I thin. Ireally like Biper, I think, is at in her the python go ahead. Ocory yeah,it's it's! It's! The overall design concepts, I think, is what or he'strying to get at is that when you start including a bunch of modifiers likesmart contract code should be easily MoD like auditible, in that youunderstand eactly what you're typing and what it's supposed to do, and itdoes what it's supposed to do and when someone reads your code they can. Theycan glean what you're trying to do and what it. I actually does, en you startadding modifiers and things that some of the features of of solidity, thenthe auditor or the person who's reading your code is jumping around atremendous amount or things get offuscated to a point that you can'tfigure out what it's actually doing. Even when the like say, you're callinga modifier that says only owner, but the actual on only owner code doesn'tdo that. That would be very lard to find unless you go and find that codand that's not something, that's not the type of design pattern you wo wouldfor code that cannot fail, and when I was Sov an hire auditor that didn'tchuck you're right things like you gotmultile like that's t, O responsibility. Theres is on the OTER. Let's face it,you can say that you're trying to protect the world from itself but likethe owness of responsibility, is always on the end user and the person who isactually going to implement this. The reason they have modifiers in the codeis because it makes very a more efficient bike code M and it's it'salso allows for kind of more of an upfront cost, as opposed to like, if Iput this statement in every single function and that to me makes perfectsense from an implementation standpoint when deploying on the network now um doI think that it makes the most readable code? It's really not necessarily true.Do I think it makes the most efficient code. Actually, I think, in a lot ofcases, it does not M. I think, though, as a concept modifiers are not bad.They just need to be used responsibly. Just like everything else inprogramming I mean it gets. I guess it sort O itgets down to like you know who are these new developers that are cominginto the ecosystem, thatare picking up solity for the first time, and are theygoing to be able to actually read? You know, th, you know consensus BestPractices for solidity. You know all the documentation on that. Are theygoing to start writing to that's in line with that, or are they going tostart exploring the language features and just t you know, shoving pot outinto production yeah? That's that's something. I've noticed too, is some ofthe the code. That's out. There is very Um. It takes very m HM designeprinciples, which I think aren't really conducive to making efficient smartcontracts. T's point earlier, awhat's that that was mypoint orderthere is that we've we've sold this language as a jabascript likelanguage which makes people who know Javascript, which are people who do webdevelopment jump in because they think they can quickly and th the way youdesign smart contracts and docentralize e applications is very different thanthe way o Deni have web development or Wer Webb friend ends or webapplications. Me Tot to Inexcin B, when you'd make asmart contract. I have to repeat: It has to work the first time or you haveto find a way to upgrade it so that you can do that in a secure way, especiallyif it's storing money- and I feel like I feel like some ofthis- is also if yo we're w. We kindo are Treatin it like like. We, like you,said Ut. I think a better model for the development process for anything we dowith egard to smart contracts is to take take it from Firmar deolpers yeah.You know those people, yet it have to be like ninety nine percent correct ineverything they do, or else the entire product is gubard. You know, there'stypically not a strong upgrade path for anything that that's that's firmworkand I mean ninety nine point: Nine, nine Nin Ni. You know five nines. Ifyou can nothing's a hundred percent, I won't give it that. But, like you know,you need to be solid in what you're doing and a lot of a lot of thecavalier nature of dug jobscript developers, you're you're right in thatmentality, wise especially it doesn't it doesn't, it doesn't apply. I rea onefunction, that's really SUPERCR super efficient M and big. Then one functionand just put the cost up front for Storin. Storing the contract, then thenhave like a bunch of decomposed things that have possible leav room forpossible errors that we couldn't DISAC ofor. So I guess we're all in the samepageo just say in t in kind of a different way, but that's it. I think theresponsibility still is on the implementer as and it always will be,and so you can talk about the auditor not checking whether or not only owneris actually point only owner. That's a...

...shitty auditor. You know what I mean.You have to check this stuff h code goes through e Yn, there's,there's different sort of levels of of confidents that you have in indevelopment. So you know, let me just so o say real quickly, like a lot ofthe work that we do at transmuwe're, developing tod that hasn't been audited.Yet it's in Alpha were exploring sord of the Co, the concepts and theinterfaces that developers might might really enjoy, one that doesn'tnecessarily translate directly to production code and what y th theprocess of like having you know, one or two or three audits, like Iamelly, onyour smart context before you before it gets all the way out. It's it's similarto the the process you go when you're designing, like an actual circuit board,like I think, smart contracts and printed circuit boards are almostequivalent, like you at t at the point which you've actually got the boardmanufactured. That's it like it either works or it doen't, and if there's adefect, that's built into it, it's there forever and you'. EON have to go,build another board to get oner. I wonder if we could build like a bite code, clike io from vhdo or VidioShel WATV's called the th chip language. With enough, you know,R, you probably G, I'm not sure it's a baer language in Salu wellit has more rigor behind it inlonger history, Um, B, Yeah. No so I mean, I guess, Youe looked into thePiper project at all. I I kindaf like what I see, but it's not going anywhere.It's note et in the traction. I'm on an that's that's my m, my srbiggestfrustration with it is it's the sort of power law distribution. You know,solity was first and it's got all this gravity and all these developers keepcoming in just reinforcing solidity and wiper has a lot of features that I'mreally excited about that I want to see developed, but I d I mean I' ve playedaround with it a little bit. I don't really have the confidence to stand onit or to start building on top of it, given the kind of attraction that ithad so far like Ye said, I'm excited about this axlane project. I don't knowif you guys are familiar with this, but it's like a Lik a language is, you know,basically putting formal varification fort first for Saluevt for not forsolidity, development for Ebm M, smart contracts and it's, I guess, sort of similar to thebamboo project, which is another project. That's focused on formalverification, I'm wondering Lok what you guys think about formalverification in the space, especially compared to traditional audits. I havevery strong feelings about all of it. As you can imagine. I have strongfeelings about everything, so it starts off with like backing up and explaining,if for those listeners that don't quite understand that any of these languages,these high level languages that we're talking about, are used so that aprogrammer can create code. That does what he thinks it should do in a veryhuman, readable fashion and then compiles down to pfor anything Theoriambase the EVM Bite Code, which is something that a machine is more likelyto understand and that translation is incredibly important so that what youthink your programming actually ends up being programmed ane Blochin, and so wehave different languages that we model around, that we think maybe good or badin terms of M, that that translation from human, readable code to machine,readable code and formal verification is a process in which you make humanreadable code that you can run through a machine that guarantees what youthink it does is what it does inthe machine level code. I think it'sincredibly important that we have something like that M, but at the endof the day, because open block chains work the way thatthey do no one's really going to use them until they make contracts thathave held money for a long period of time that have experience. That's theonly reason that Um these design patterns are worth their salt isbecause we have real deployed contracts being attackedby people who want the money in sight of them, and so you have a certainlevel of guarantee some quantifiable metric. That says this works because ithas worked and people have tried to break it. Yeah yeah, hi, totally agreeind. Ithink that sort of highlights something that I've seen Um in the industry,which I'd like to call out which ust to the bug bounies that you set for youryour a smart contract library, if you're, a small you're, a small companyand you've just released a new multisigwallet and you've put like you,know, two thousand dollars equivalent on your bug. Bouty. No one is going toburn their exploit on that. Like so Yuknowto your point like this, the contracts that are holdingyou know real lar, really large amount.

Ofe funds like for those for thosecontracts at the point at which you're holdingreally large amounts of funds in them th the the incensative for the attackeris now there. But if you're, if you're, you know doing a bug, Boundyn andyou're saying our contracts, ire secure, 'cause W, we have a bug bounty. The BugBouny was, for you know too grand like it's nowhere near the the right amountof value to attract S, someone to actually report and disclose. You knowthat appropriately. So I just think it's it's one of them en I every nowand then I come across a project and someone's you know touting their bug,downy and when I think about what it would what it would be like. Youactually had an exploit that worked on that, like your chances, hove actuallyreporting it and claiming that Bouni or elove. Well, you know some people are, do wearwhite hats, so you know some people have ethics and morals N. I guessrewarding that that kind of behavior is not a bad idea, but I see exactly whereyou're coming Fromhi take the twenty thousand dollar bug dony or do DoiSifen a hundred and eighty million dollars out of this particular contract.Like what do I do hm I'm sure I can find a way to launder a hundred andeighty million dollars bring im back to bring it back to thethe formal verification. Part of that is that having having things like thatthat help you feel more secure about your human,readable code being transpiled or compiled into machine redable code, sothat you have Le, what's known as Zero Day exploits, helps you take that initial step ofputting a significant amount of money into the contract that you deploy, andso then you can have like the real um guarantees or or more quantifiableguarantees of security and smart contracts. Well Y, I I'll just say this. I thinkthat our approach, O small cartracks as being single units and containers of ofvalidation, is not going to work, meaning that we need to kind of putlike a firewall system in front of a lot of the stuff that we're alreadydoing so. Contracts need to be calling contracts if they want to. You know,pull out any significant amount of money, no minor trades. Actually, Ithink they could pllow a lot more freely, but at some point we got to gookay. This is the unit of value where I got to say, look, I'M gonna! Thistransaction needs to be validated by another. You know transaction anothercontract or authorized by another ensty. If it's going to be above this certainamountain, it's easy to do in smart contracts, N, not difficult, but itwould cost more to employ e would be more engineering effort and, of course,you'd have to make a very thin way of doing it. So you can guarantee that thecontainer C I don't know firewall contract is something you can auditeasily and ensure that you could configure it easily and not mess up andUm. You know, I think, that's the only real safety w rguarantees we're goingto get out of this there's really small things that are easy to guarantee thatyour value is protected garden, standing in front of the very largecontainers of value that we have in these smart contracts right now, yeah I mean I think it's you know,rreally know what you're saying is. There is always this trade off betweenlike efficiency and security, and sometimes like the best security meansthat you have that you have to eat a lot of inefficiency to get to get thebest security. So, like time, locks M, like you know, restrictions on theamount of volume and it can be withdrawn from a smart contract with inperiod of time like these are all things that actually are theyr ey. Theycreate inefficiency in the system and then y you're protected by the factthat thatefficiency exists nd. The same thing applies to you know the proof ofWor, mind mining and algorithms and, to some extent you know proofof Stakalborithms as well like we build security on pop ofinefficiency and what you're saying about you know.Proxy contracts makes me think that you know it's. This is like a valid approach toto that problem. You know by AB adding m extra time, delays or extras orMiddlewair or extra inconvenience. From the perspective of an attacker whostrying to drain your puns, you know, that's that's GOINGTA, ultimately begood for th e contract owner yea, N and Zeppelin libraries. You look at them,they have this conceptable Paus yeah and you can. You can literally just say:okay, something bad is going on. I'm going to execute the pause and Tho onlypersoe ould do that is the owner and if there was time delays, it's a reallygreat idea that implement in other places, but that's Y,something I wish Brougt arlier like it's it's it's something that you canpause on. Youcan go! Okay! I see this event its happening. I have enough timeto react. I have something monitoring this like you, get an alert and then Ican hit pause on whatever's going on. That's great. You Know Um Y. AH, butagain this increases decreases. The efficiency increases the cost ofoperating your system and really, when you say, efficiency in this, we'retalking about two things, her gas limits, and you don't want to cross that andyou on you only get two too x too too...

...much y. You can't ye Y. Your contractcan't spend too much and then the other one is just the fact that the currencyitself is so incredibly overvalued right now, um. I have no problem with incentivemodels being in fact I love it being bilgient to the threof network. It T Iit's that's built for that. It's it's one of the things I love about it, butwhen people are trading at four hundred dollars a coin, God forbid one thousand. You know that is not worth it um to run thenetwork at the moment, especially with thes Bllo limits. L, the high throughthe low through puttinins at's, word of it like there's just too much. It's tootoo cost too much. I O just the most basic thing. So the idea that I'mthinking is like a lot of the stuff that we're talking about won't matter.If the currency relative to the Fiat goes down or if the kino disappear,alltogether Um, because we could we could we'd be in a different world atthat point, and these arguments that were making about efficiency if, ifscalability is improved and computational power is, is, is able tobe done off chain for a lot of this stuff. I know you're working a trup bit,for instance m. If a lot of this is able to be brought off chain, thatlowers the cost of running your coat in the network, so you can build bettersolutions which make more fucking, sents and right now, allot of the stufffere doing is small and tight, because we can't afford to do anything otherthan that and that is actually causing more problems. It's actually losing USmoney yeah from a philosophical standpoint. I think that in time thiswell Il just kind of play out and futures looking great, but right nowyou know people are designing big, you know whatever yeah I made my pieace. I saidmy wok. What you're saying about you know. Basically people using, I think, a lot of there's a lot of people oereou know coming in now because of the I'm high. You know around a thousandlike people who e heard about that who are are new to the system and they'rthey're coming INTHR, maybe their jobs, scrp web developers, they're writingtheir ffrst solidity contracts and they're doing everything in the blockchain. They're doing everything in solidity and to your point you know Ithink etheorium is for if for this immutable audit log and forverification like really smart varication, which is why I really likewhat you know what your bid is doing nd. I think that any all the solutions forscaling off chain computation, an aunching, verifiable manner, reallyinteresting, because I think etheorium is olike. Ultimately, the best the bestthing for it to be focusing on is is justic to the secure multiparty,computation verification game. Like that's the thing that I want it to do,and I want really scalable easy to use offchain computation s. You know solutions that I can plug into atheorium where I can get the performance that I want off channes andthe tools that I'm already familiar with. But I can I can be heldaccountable, andverify that compentation on change. So tell me alittle more about what you're using truebook. For then Um sounds likeyou're already getting into the weeds with that and you're the only person Iknow who is so wa Gon. Yes, we're, there's no public Wy available coderight now in our framework, it's aactively using Troit, but what we'vebeen doing is we've been sort of you know following the progress Ontroi andil I'll just sort of explain at a very high level, like truebits sort ofgenius, so ttrubit solves this problem of likehow do I prove that I performed a computation correctly and theo. The you know. The mechanismthat troet uses for that is is is complicated and pretty auesome, but oneof those so key componements of it is that Um. If you just trusted people to beperforming computation, Um, like you know honestly, then they could start to. They could startto sort of deceive you based on the inputs and so part of the true Teyalrathem. It's really awesome is that Ey injects these faults and it looksfor them in the the guys that are doing computation and verification, and so by doing that, it can encourage Um group forage users to use to actually perform thecomputations correctly, because, if they're caught like cheating or likeusing a store o impput, when one of those failures h is injected and thattheywill be punished, thoit's like one cartographers or or map designers wouldput big streets in Thap, so hat they could detect. If somebody stole theircopy right of material in the map when they, when yeah, they ould actually althe fake H Street Yeh. So back of the day, it was a big promims. So You d gothrough all the effort of mapping out all the streets to has city and thenthey'd published their map. Okay, they'd have authorized people copy, butthen they had other unauthorid people resell their maps. So, in order to to Iforget, they had a specific name for the street, but a actually they putlittle streets in in the in there in the map that don't exist, yeah and sowhen, when they wanted to prove that...

...somebody stole their stuff, Ohtheyhadto go. That's my sthat's, my street. I got a notor ice documentsaying that that's my that's my thick street that I put in and this personhas it. Therefore they copied my mouth. That's awesome. I've I've heard ofsomething similar for Persian, rubs, Ise, really intricate rug patterns that sometimes people will specificallyintroduce laws in, I particular part of them, and then some of the machine generatedtolkis won't have those flaws, and so it's a way of sproving authenticity T.I think it's it's interesting that we received these parallels throughoutthroughout history and throughout time and throughout different mediums for asort of guaranteeing e authenticity. An Sin Super Cool I'd like to uh kind of shift, the the conversation alittle bit, because this is something that I don't think get's a lot of uh attention at all: an that. What you're doing enchangeentindustries is mainly focused towards trying to enable enterprises todissipate in this desentralize economy or build applications N in a way thathelp them do what they do, but in a desentralized way. That's notnecessarily what the majority of the people who are working on open blockchains care about, but yea. There is a lot of demand from the enterpriseperspective and what I think is important to note. I I work for one ofthose massive enterprises myself and I am a blockan developer for them. So Iunderstand that there's pretty big difference in that the types ofproblems enterprises are trying to solve, have very different constraintsand ideas than what open block chain developers are trying to solve ordevelop, and that, like Um, the incentive structure or the trustmodel that we usually go into or assume from the very beginning or verydifferent for enterprises than an open network. How do you see that being played outwhen trying to Um create platforms or infrastructure for enterprises to solvethese types of problems, because you can't do what everyone else is doing ine open network? If you want to try and Um solve products to them, yeah, that's it's a! This is a reallygood question and it's struggling with this is is basically you know a hugepart of what Wa gets me up in the MORNINGTO work chancemen. This is whatI'm most excited about Um. So the first thing I'll say is that you know obviously we're at the beginning ofthis sort of Wa chain era and we're not really sure how long it's Gong to goand what the future holds. But certainly these are the early days. So it's hard to talk about the value toenterprises right now, because it's like talking about the Balue of theInternet when, like three rty percent of the United States, has it and it'sfifty six K- and you know it's it's hard to sort of imagine how it's reallygoing to tran transform business, but the one thing on I will say about it:Is it it's built on top of this property, the security property, whichis that desentialized systems are inherently more secure than centralizedone? So you think about really what block chains are they're distributingthe liability or the risk F, O brach by basicallymaking each participant manage their own encryption keys. So in a worldwhere an enterprise you know, has a sequel database with a bunch ofpersonal information, n enterprise is compromised that whole secret at Segel,daybase is, is dumped and you know everyone' Smad, that their identity'sbeen stolen and you could think about. This is an analogy, but you knowimagine that that sequel database we each row Ora customer is encrypted n,the customer encripted that data and then the customer sensincripto data tothe Enterprise. Now when the ENTERPRI is, is breach, the enterprise has tosay yet we are reached all of our encrypted records. Um Were Werewere,stolen and bat. The good news is that all the Encryptian keys used for thoserercords were managed by the users, and so, like you know, as long as you havesecured your keys as a user, you should feel confident that the informationsstill imcrepted, and I think that theres there's a lot of value forenterprises just off of that sort of distributed. Key, you know Distriproveted encryption model, especially in a world where you know P.Enterprises are losing customer Dato, more and more and the APROFATS, andface book in theseer situations that are causing users to Tro to questionwhether we can trust centrualized information providers. And you now mypersonal perspective. With the background in Sycra security is th t.You should never trust anyone with your encryption keys ever and if you're INCR.If you're, not encripting your data and you're, not in control of the keys andthe software, is controlling you and it's it's not the other way around, andso I think it's really important that users understand that they have to useincryption themselves and they have to...

...ask for enterprises to supportinterfaces where they can hand the enterprising cryptto data, and so Ithink, a lot of the innovation in the space and the interest from enterpriseslike how to how to c build experiences for their customers. That do that, sothe enterprise can be safer M in the event of a breach. So it's not acatastrophic failure where all these records are stolen, but also so thatthe customer can have a a better experience working with thatenterprise. They can can trust that the they can trust the software winouttrusting the company. You know this is, I think why enterprises are interestedin this space and to get back to you, know youroriginal question to build useur experiences that arepleasant right now. I think you need to leverage a lot of existing enterprise,sensralized software and technology. So you know our framework and a lot of theopen soursoftware that we're poling together is blending, centralizedsecurity concepts with these centralized ones and censralizedapplication hosting experiences with decentralize ones, and we want to makeit easy for enterprise software engineers to buildwith tools that they're familiar with and patterns deveelpment that they'refamiliar with, where they're leveraging you know, centralized technologies toprovide user experiences that are good, Um hat, where the performance isacceptable to users right now, Um and then all the while that are thinking andsort of witwith an eye towards how are we going to decentralize these cmpesepieces? In the future, when these sentualized technology performance sortof catches up so I's, like a specific example that you I really love, I pfs,I think it's great m, there's some cases where you're better off justusing Cassandra y know and like, and I I think, depending on what theenterprise you know is trying to build in a solution. Theyr they're makingsometimes it's okay- to make that trade off F, especially as you're S,developing initial prove concepts. No well. My take o. It is the the intentof a blatching intent. AFL. These decentralize systems is that they hookinto some trustless entity, some single source of truth n. You can have aCasandra clouster and if it's, if it's operating or checkingin with a plaz machine, you know you've got some doubt ofalidity to that COSANDRICOSC cluster. But you know to bring back to yourother point about controlling your identity and controlling your privatekeys. I think it's really interesting in one of the more compelling use casesof of Bachin, as it is Um, not just the equifacts and everything contained. Buthow do you establish an identity? You had an articular project that I thoughtwas interesting and I might actually have to replicate it here. I in thefuture Um with h biometric data yeah and I'm kindof I'm kind, O curious. You know if you could tall talk about your experienceswith that and how you actually dcentralize some biometric data for iffor one of your customers yeah, so that that's a it's an interesting eastcaseso like I, I can talk about it generally, though you diit with me asalso yeah. So, like you know, basically you knowone of the the keys archallenges like Wat. Youknow I mentioned, is you know this? This keymanagement problem like it's a big, it's a big step for a lot of users tounderstand that they have to defend and protect private keys. So you might youmight ask yourself Wel, you know in in Thi Middle Term. You know how do I makea if I'm an enterprise, and I want users to have the sort of experience of block chain sort of security, but Idon't want to actually make them responsible for private keys. I'm goingto use some people call them like cloud wallats. You know they're private keys in this case or managed byan enge enterprise and then the access to those private keys and tecae. Theways that those private keys can be used to interact with block chains iscontrolled by centralized Software Inein Enterprise, web application andso in in a case of cloud wallets you youhave the same authentication problem that you've always had when you'rebuilding of application. So you know a user comes to a website. They lock init they're using in a password. They get Y, U Adjacon, Webtoe and like abarrew token, and then that token you know, is the thing that they can use topresent to services to claim to be a specific identity. And so you canimagine logging in to a website getting a beer token, and then saying you know,I wanta check my balance. I want to transfer some funds and in in those cases the cloud walletwill take those actions. If the bearer token is correct- and- and you know,that's really scary, because I just steal your barer topen and now Icontrol like whether or not I can see your balance or can send fluns tosomeond one. So then people say, Oh Lok, let's add on multiple factors to theauthentication propessess. So let's,...

...let's ask for you to prove that you'rein control of a phone number prove that you remember. You know your yourpassword and prove that you're in control of some biometric you knowmaybe prove to your control of two or three biometrics, different differentones, and so, when you're building these like these cloud wallets, are agreat opportunity to sort of blend. You know the state of the art, ancentralized biemetric security technologies with decentralizedtechnology, because you you can, you can lay on all these concepts and thenyou can say you know this. This enterprise is gonnaonly allow certain kinds of actions. If all that guarantees are are met so andand you can boot strap, you know those identities from fron from bochingidentities as well. O know you can. You can have a client prove that they're in controlof a private key and then use that then log in with using IM and password, andyou keep adding these layers on and t at some point, you have confidence thatwhen an action is happening in a sensialized system that there's there'sreason to believe that the human on the other end of that action is still theperson they claim to be so like. This is something that I've II think a lot of enterprises will probably do as they start to build outbotching applications for their customers. They will initially use thiscloud wallet pattern because it's familiar to them like they. They likethe idea of being in control of what a user can and can't do in the system,but ultimately that there's a problem there, because if the user isn't theone who's actually in control of the private key, then all of this extrabiometric stuff that you're doing is doesn't really matter Um. So I think you know the experience that we've hadis Bensir of blending, centralized security concepts, biometrics and withblock chain M afpenication. But I think the really interesting thing that wehaven't spent a whole lot of time, on which I think there's there's some really interestingpapers out there you can sort of dig around and look at t is like the ideaof secure desentralized biometrics on the block chain, where you're, storing,true biometric templates and decentralized storage technologies andthe verification and authentication can be done in a completely distributedmanner. Yeah. One of the things I was looking Atto is how how we could usebiometrics is sort of an entry point, so you must first pis the biometrictest, O Eres, a lot of this computation stuff that we have to do for thatrequires things like bk, trees and and really a complex fuzzy, fuzzy logic.You know you know you want to do hamming codes, a million times h overon on on a table of m mapping, just TA detective. You got that existing inthere it's it's really difficult to do in a decentralized manner with thecurrent technology, but with something like true that it might actually makeit viable. So I'm kinda interested in how that kind of works out in the longrun yeah. So I'm kindo curious. What what are you guys doing with theFramework Right now? Where's the progress on that and how's that going?What's your roadmap, Oh man, so h! Well, there's a couple of things I mean.One thing I think you know I should say is that for for a while, the frame work,wiz was sort of really really forward. Looking trying to take advantage of allthe coolest little developer, sugars that I could find out there and it gotkind of bloated, and so I had t had to go ahead and rewrite a big chunk of itand get rid of all these dependencies that had snuffed their way in therethat we're making it hard for users m. So we have a long ways to go. I think youKno high level the framework right now it wor it works well for UM building, desentialized applicationswith a theory in an IPFs in six secure, sandbox, environment, so that's kind ofthe the short term gold. I it I think it meets. You know roughly Bhut, it'sstill, you know actively under development. You know I like what you said about.You know it being kind of hard to handle some ofthese dessentualize afpenication Um concepts and wh N. I think about whatthe framework is really attempting to be M. I want it to be theabstraction that you reach for when you, when you counte Er some of theseproblems I want I want it to saw I wantit to. I want it to be easy to apply to solvesome of these higher order problems, so we're adding layers on top of this sortof event, source model to support those use cases. So encryption support is thes sort of coming soon and I'm hoping that by providing like areally simple interface on top of libodium and iifas and during smartcontracts, we can provide some sort of general standards for how to handle Umencrypted a off cane data with integreting Manashon chain, and...

...you know moving beyond that. I thinkthat having having that is, a building block is really important for beingable to scale some of the off chained computation pieces and finish some ofthe ettrubate integration work that no we're hoping to do in the future, wherewe consider or by BRIDPROOFS that users at newnetwork are ar doing computation. An these event, streams that are builtfrom user activity r are to be trusted because encryption was was there fromthe start, so the framework has like you know, or our we have a long road nap with a lot ofreally c features in it. Um Yeah. I know governance was a huge part of whatyou're doing. Maybe you could talk a little bit about how you're actuallyintegrating governess models into h? What W T you set up? You Hod a prettydecent ARBAC contract that I saw Um. What's going on with that, I mean isthat kind of where the demand is going for what what you're doing so? The a while ago Um, we wrote thiswoll based access control on interface that was built on top of event streamsand actually kind of have have put that in the attic for e time beinglooked over at somewhat open Zeppelin been doing, and I think that you know It I wrote a bunch of tests for this. This rr RBAC solidity contract that waseven sourced, and I had some confidence that I was working. You knowapproximately correct lady, but I was really the only person using it. Hadn'tbeen audited all and I looked at it compared to these other features andthere's one thing that you know you should never do it's roll your owncrypto and that basically applies to like everything in solidity, sosomething out there. That is more battle tested and you find yourselfmaking your iwnversion of it like that's great if you're learning, but ata certain point, it's time to decide whether it's faty. This is you know. Isthis thing really the thing that you want to be spending your time securingand working with? Or is it time to sort of rely on something? That's been morebattle tested, and so I think, for a lot of a lot of the, I think t opensuplones really great and I I think that their libraries are. I think peopleshould should use things that have been used. You know more often and like, andspecifically you find cool stuff in our our O r framewover, that's great likeplay with it explore. But U K don't go including our stuff in your production.cude right now isn't t they say that about at Agarium,too yeah. I mantione that early with thesedesigne decisions, fased on like how much money's been put into thecontracts that use them. That's you just you just pretty much gave us ascenario as to doing exactly that. I I built something turns out somebodybuilt something that was very similar. That's been used a lot more than what Idid. I should probably yet that, because there's probably a lot moremoney in the contract that use that decision or that that mechanism, whichmeans it's it's inherently more secure, or at least I know that it's more secure becauseit's been tested, yeah yeah, I mean I I think I will say youknow. I think it's important to experiment and play and there's a lotof cool cryptography, that you can reimplement yourself and gain someknowledge of and to have a really pleasant experience. I think you Sumint be careful, not getting lost in that and forgettingwhat you're saying you know, which is that, like you, should be trustingthings that have have proven to be trustworthy in an adversaryialenvironment for a long time now, like even you know the n s a you, know:Sweet Bees, tave like like inscriptous weets, that they they have they're timelimited Um, and I don't know if you don't. You guyswant to get into the whole quantum in their discussion, but things don't lastforever and a lot of the crotography that we're using right now, um it. It may not be be around you knowforever D and or it may not be safe forever, and so I think it's it's worthsort of relying on things that have survived and a reasonably unbrokenformat for long periods of time. That's why a lot of offchained stuff isactually going to be. ACTO is like literally important. Anybody says theycan do everything on chain. I I don't think they've ever worked for anybodythat had really important data, because you need to physical access is the first rule insecurity. Okay, and if you, if you put it out on the chain, everybody hasphysical access. You know you're, not controlling your. You know yourphysical access at Allso Um, I feel like the blockchangeust, gets rid ofthe number one rule in security which is physical access. You need to protectit. I feel like Oess I could be. I could v cut the mustard for for a lotof this uh for mustard or Mustar, whatever M it's it's for for a lot ofthese UH enterprise application, Theun,...

...just enterprise government, Ovan, reive,its private application. I think, to some extent, you're going to need tohold it tight to your chest. The data and encryption, like you said,does not last forever and you know mdfive took ten years, but we found acollision and mind up causing problems. Now that doesn't mean that emptifies Bayou still use it all the time Um, but you know Wyougot a problem with probably shouldn't. You know like think,that's what you're using it for it's a really lightweight easy, quick,cryptrographic Hash, a D that, if you're just trying to take a piece ofDayta and create like a simple checksum for it or you know, just have somethingyou can use it as a lookup table INNEX for it's fine yeah. It's not likeninety five r people, R, like W W. We know there's problems and we've seenattacks and we, you know, can read about like the attacks that have workedon these things like if it's in a piece of software that you are responsiblefor, you should remove it like. If you are using a piece of software. That'susing one of these things y. You might have to accept that you're not going togo rewrite that library to get rid of that broken cryptography, but youshouldn be under any illusion that you're not using a library with brokingcrotography and like I. I just think that Le me give an example. I was. I had asystem where I was going out and skinning webpages and I would interuptthese web pages and I had a a special system for taking to data regardless ofthe content and creating a fingerprint, I use the M D fie function to toactually ultimately create to fingerfrint. I don't care right. I for me from my perspective,uniqueqtofid it enough and that's all I was trying to do so. It really doesapply to the application. Thatsaid I mean. Could I have used a better wellat the time it wasn't broken Um you know, so it was fine. Do I think I'msuper scared for this application. Now that it's broken? No, in fact, I don'tthink they're using it anymore, but the point is: is that you know if therewere? It wouldn't hurt the application at all, because the context in which Iused the actual function didn't didn'thav a ors off hero, something butAyway. Sorry Goincory yeah, it's like, but something you mentioned earlier.Physical access as number one and the purpose of using cryptography is tomove the physical access away from where it's stored, Um, whit, you're,doing with cryptography, and that's why it's been incorporated into thebaselayer of block chain systems is you're, allowing people to hold thevalue themselves and storing it in a place. That's head! That gives accessto everybody, regardless of word. So we have this sential source of truth, theblockchain. What the physical access is within the users in their private keys,who ha who give? Who Change the ownership right? And so what you're?Talking about right now and whether or not you use a certain type of Hashfunction, is the link between where its stored and who has physical access andhow secured that is. And so, when you're talking about something like whohas te question, did you want to ask yourself when thinking about howsecures my Hash function or whether or not to use something, is how manypeople have access to where things are stored and so call em the type ofeuscase that you're talking about you have access to wear that store, soonly you care about function, but in public systems you really care aboutthat function, because it's an adversarial setting. You have to makesure that the length between where something is stored and who hasphysical access to it, is incredibly secure. Otherwise, is entirely broken, correct, I'm okay, sure not going texeet. That at is that summarize, basically ket, both both yourstandpoints. There, I'm saying contexis King, that I just because you have itdoesn't mean you need to replace it necessarily Mi. You know it's probablyeasier not to in certain cases, but for a yeah for a public setting if you'regoing to enable it most contexts with regard to that yeah, you definitelywant to change it. So Yei een running back to the the quantum scenario.That's why people are so worried about it is that quantum cyptography or quantom computers breaks that link between where something is stored and who hasaccess to move it. The link between the public and privaky. That's why Oll careabout it so much because it has the potential, in my opinion, far offpotential, but heavy potential of breaking that link. It is inevitability,and what does that mean when you break that that like? But we already have the solutions?Toquantum, Quatun blockcins, I mean the there theres theres, quite ecure, ou ofrthms, already existing the Conne pprovably Qu c curagrims that we nonuse the problems, we're not using them now, because they're just a little morecostly than I think I want riter, there's definitely implications of thisand I tha this is coming from someone with a WHO's thought a lot about this,and I come from aquanumachenics background. I we may be able to havequantum secure solutions, but we're not using them now, and we have a lot ofvalue in things that do not use them now and we've tied up a lot of Um...

...second hand implications on the onDisvalue, so our economic fol take, for instance, bick one. This is the examplethat I like to give for Um for implications of Quantu, mechanics orquantum computing. We have Dick One with with a given toll supply incirculating supply of of Tokens that can be passing around the network.These are stored up in public and private keys that are not quantumsecure and overtime. A lot of those bit coins are basically gone dead. Theydon't exist anymore. They may be in the total supply that have been mine longon, but they're, not in circulating supply. They are dead, bitcoin and oureconomic model on how we pin a price to the bitcoin takes this into account.Think about Sotoshi's coins and the percentage of coins that we considerdead, that don't move and how that reflects the current price and what wethink about how scarce this resource is lockchain or open block chains and theTokens on them is digital scarcity, and that's why they have value now, whenyou introduce quarntum croptography, you may be able to change the wayaddresses are created that are quantum secure, and then you have to somehowforce people to then create these new addresses and move funds to them sothat no, they can no longer be broken. But you cannot do that for all of thecoins that we considered dead. I consider this I to e asobable problem,sure and the reason it is Beis very just SOM, ocrip difficult. Sorry, it'sgoing to be a socially difficult problem to solve, because you can'tforce dead coins to move to new addresses or- and so you have to makeone of two decisions: I'm not going to make a false economy, but here are afew decisions you have. You can make you either say all of those coins arereally dead. Now we've removed them from the total supply, or you say: If you don't move them, then they are.They are available to be stolen, suddenly, O know right now theredoesn't matter if they're not in supply the supply, not matter circulation.That matters tell that to somebody who onts to move their coins, that has themlocked up in cold storage through some odd secure, Mechanissik SR as that's atoest Ol them again. That's again, that's a solvable problem that, inother words, I see that as being like a Hay, you have six months to change yourpassword. If you don't, you lose your billions ofit coin or whatever the heck you want like n and people are aren't going towant to do in that. I would love to see what happened to the Stochi Wallet. But,like you know it's it's just one of those things where I feel like it's.It's it's actually solvable through process and procedure. An you know,typical opse, in an just protocol level. OPSAC and just like these soundedthings can be done. Hey we can build. We can build solutions to these thatare social and just because the croptography is is is annoying and wewe 're going to force them to do. It doesn't mean that that it won't. I feel, like everybody's, like worriedthat we're going to suddenly get thislike. Oh my God, the whole worldhas access to quantum computers like today. No we're going to know who hasit wr I'd, be more afraid of, like a state actor withholding than anythingelse Um, but I din't worry about it. What's that I wouldn't yeah, I fe like it's going to be slowenough progression. We can actually say hey. Look we're going to need you toupgrade your your keys in six months. If you don't t en we're just going totake all your coin out of out of circulation, I think, and even in that process wecan inject things like identity and KYC elements to prevent this from happeningagain. If you so mopped in you'R, ' hat's, a Kan of worms, goahead. WORRYTHERE's there's a lot in there. I mean, I would say you know in terms of the like Y: U Knthe application of a quotum computer to a specific problem like in in in thefuture Um. You know. Certainly likenate state actors are the ones who have thekinds of resources, that'll be able to operationalizhis kind of stop first,and I think it'll be akin to you know when we, cracked enigma or you know,purple and red whatever the Japanese cod systems were. You know in World WarTwo in those cases y like once, you've crapped cracked. You know a majorcypher like that and you're the only one who has that capability. You reallyreally don't want everyone to realize that their encryption is broken. Sothere's going to be a bunch of like really, there will be some amount oponif a quantum computer gets to the point where you know it can solve all theseproblems like as easily as they want to for a specific chosen target like therewill be a bunch of times where we're we're probably going to let you knowlet some ship sing or let some attacks go through. Even though we've decriptedthe attack traffic, you know ahead of time because you don't want to revealthe fact that that this is t a capability that you have so justbecause we don't see you know widescale movement of, like you know, dead, bictcoins or widescale like breaking of SSL.

You know on the great firewall, Chinaor that kind of thing. You know that doesn't mean that the capability isn'tthere and that someone isn't withholding it and using it for veryspecific, very very specific targete use cases wherethere's ability to deny that the ability was even there. You know e yeah,that's my fear. I mentioned that earlierbut, you know it's not even afear. It's just like. I think, that's how it's going to play out. That's okay!You know! That's, okay! That's how things in a hundred years. It won'tmatter we'll notige right now is that we look at as the average person is theaverage Joe is the average protocol designer as the average. In a softwareengineer, how do I build something that doesn't lock me in permanently tosomething that I can't possibly ask my users to copgrate in the future? That'swhere we are with the coint, but let's face it: Biquins, antiquated and old,in a trial technology, and it was successful as a trial and etheriumsuccessful as a trial, but they're not done they're not done and our next next.The next phase is going to include something that has a mechanism for forfor everybody, coming to a consensus on upgrading the protocol and requiring itbecause you cannot survive a computational bomb like quantumcomputing or even the next paradime going forward. Unless there's thatmechanism built into the protocol itself to say, Hey this particular iceage, let's just say well force well force you, maybe it increasestransaction feeds on individual accounts, so that, if you don't upgradeyour password or upgrade your your your securitys Y, your authentication in anyway shap perform Um. You know then d. We can prove that you have, then you Um, you haven't even then like upgrading awall. You'd have to literally transfer to another Wal Yeah. If you have atransfor you like, if you have transfor to one in the new wallets, you willneed you know using some. It doesn't ee matter. I guess at that point. It's othe oness on them, but you haven't. If you don't upgrade your your your yoursystem, like you, your transaction fusejust go up like slowly, buteventually it's just Gonn draiving your acount. Next time you try Ando, doanything yeah, a sort of a similar point which I'veheard of is like this idea of like tainted picti coins. I don't know ifyou guys talkd about this onthe firecaskd previously, but no, yourSenyou n episode number two on Hi clock a so all right, so so do youall know whatcainted bbicquins are mhmte. These coins that are Sayyou know like theDepartment of Justice, shut shuts down Alfabe or Silk Road or something theyoh yeah, okaythe bit. Coins in circulation in that dark market are,you know, confiscated, you know hopefully like know, DOJ has controlover the private keyse for all of them. They go to auction them all off. Theyauction them off at a lower than market price, for, like a number of reasons,and one of one of the reasons that it makes sense that the price is lower isthat these coins are connected to this. You know snepherrs. They have anefarious history right so like how o you move a coin. That's connected to! Is these past marketplace activity,that's known to be bad, Yo, move that into a hedge fund and there, and theHedge Fund is running scanning software on all the coins that are coming inthen, transactions they're going to see like hey, like there's, there'stransaction history. Here, that's concerning lit these coithese taintedbick woins are actually worth should be worth less than than untainted. Bit.Coins like what are the Wumblers are for men welllet's. let L S pase into a atechnical stack type of analogy in that your baselayer should be anostic to allof these things. Because Y, U you can always. I said this before you canbuild central lized services on top of decentralized services, but you can'tgo the other way around, and so the types of assumptions that you make onyour basic layer need to give me need to be. The most general is possible,because what you end up using is going to be layers above that in the realworld and so need to allow people to make whatever decisions they want inthe applications that they're building and what's going to end up working andbeing at the en at the induser level, is going to be something that everyoneagrees to. But if you don't build that generality at the base level, thenyou're conctraining how things can be built, which is which is a negativeimpact in my opinion, and that's why I like block tain systems, because it'smore general than a centralized system, which means you can build anything ontop of it, but more than what we've alrd like learned, how to build, andwhen you start making these types of things like Kyc, AML m, forcing peopleto do something. You're constraining the type of things you can do. We canalways build on top of it and that's wat't centivize s right, yeah andseentivizing, there's a difference between constraints and incentives.

Sure, but you can't impose certainrules. You can only do incentives and disancentives caus. You have to assumethat people are going to act, I in their own theyrthey're, like what's best for them. Regardlessof the scenario when I go regard this whatever moral or social justice, youthink should be in place. You can't del something with those with those typesof constraints, an mind. It just has to be simple human behavior and allowwhatever to play out and so that you're overwhelmingly more likely to play bythe rules than not, and you can build on top of that in a way that wh thatalliance, with whatever rules that you want, but you don't constrain yourselfto it. Well, when I say Ki Se, I just want to be very clear here. I'm nostsaying: Stick Your name in the Blockchain im saying that you want tobuild a mircale proof about yourself, go et on so there's a whole bunch of uniqueidentify, fying features that human beings have, and you don't have to ownthat data and it's entirely Ono blocking. But you need to be able toprove that that data produces the information that you want, and you can do that construct that in amillion different ways and those ways can be personally upgradable, Um, andthat is more of a KYC. As I see it, N and yes, I have not. I do not have allthe solutions for this, but I'm inventing something kindo in my headcooking it around. I feel like th. The ultimate thing we're looking at isevery human's going to be their own plasma chame and at you basically cansubmit your own facts and claims about yourself and and and those people willbe. You will have your own truth. sens truth eness about you that you can kindof maintain on your own and allow that to apply to the greater world by justproving that that truth is consistent. You don't have to actually put it inthe chain. You'll have to have literal kic, you just have to have abstract kicand it's so difficult to fraud that that you know, or biometric datagespersonal tax to an extreme degree. To you know I don't know, there's PR, Idon't have the necessary solution that, but I feel like it is solvable. I feellike especially as humans augment themselves as sobable, but I don'twantto get into that at this point either. The thing is that I feel likeas we go down the road and you look at what way things are going: Ore Makingrapit Ad Ancementss, so many different ways, the unique identifiinginformation, bout, human being is growing expodentially and they can picka subset of that which is large enough and easy enough for them to confirm. I think, like you know, wh I li I likethe concept of selective disclosure like this idea. That, U Know I can havethese athaattestations God. I can't CANP speen today I can haveyoaddesation attestations Cesus and I can I can allow access to them asI see fit, but I think building solutions that where the user is still in control, butthat, where that this solution is resilient to like key loss or kee tap,where there's like a mechanism for recovery and a continuity of identitylike building solutions like that, it's it's really hard, and so there's there'slikethre's, there's kindof two directions that my mind wants to take. What you're saying like one islike the direction of like how important is privacy as a fundamentalproperty of desentralized technology, like is privacy a feature. That's is clearly like a missing feature inbit. Point and atherium to some extent right now- and you know, is that is howimportant is that feature and how important is it that we we get strongerprivacy, oan primitive before we go and trulybuild thee, centralize technology, an then on the curpolar opposite of that? How important is central, centralizedauthority, an identity issuance in this whole space, so like nd? Whatwhat I mean by that is like there's a part of me that really wants thegovernment to help with this problem ore. The reason is: Thet Yeah, when whN, when I studied social networks, social network malware and Bonnets inschool. There's this c there's this network attackle the sibil attack,where I manifest as multiple identities, and I use the fact that I have multipleidentities to influence a system in some unfair way. So as an example ofthis, like, let's say I created, like hundreds of thousands of facebookaccounts and used them to convince everyone that trumpsure whin theelection o if ITA TAT Etohah happened no way. No, I meat, I I mean in a lotof th e. The even stronger version of thatattack is like. I buy a bunch of legitimate accounts that have realhistory and then I implement that attack again N. Then, in that case,like you can't even count on the fact that the accounts are generated andlinked previously 'cause they're, not...

...they were real accounts and youpurchased them all Li in in both of those cases it. The problem comes fromthe fact that there isn't an a system that stronglytie digital identity to human identity, and the government has historicallybeen t part t. The system that prevent that protects us against civil attacks,like the government, is responsible for managing social security numbers, eventhough there an abomination, you know from from e security in, like you know,protography perspective. Hethe uniteas government manages someof this coupling between digital identity and physical identity andwithout having that system in place. There's there's real risk of of civilattacks and of information manipulation, and I you know part of me really wants tobe able to you know: Go T, go to the DMB and set them as,like. You know one part of my socia recovery scheme, so I can, youknow, have my lawyer: Have the? U S? Government have my know. My parents allshare part of my social recovery in case my private keys are compromise andI need to upgrade from one digital identity to the next. You know I want.I want to be able to trust some centualized authorities to help me withthat, but on the other hand, you know there's bunch of risk in concern therein terms of the privacy trade offs wh. What do you guys think about these?These things? I once again we'll argue on the side of generality. These typesof things can be built on a layer above the baselayer I m an I don't. I thinkwe should go as Egnosic as possible for the thing that's supposed to become thenew Internet and not Constroa Ani go ahead yeah. I agree with that, but M. so, as the main container of value, youhave the backbone. Okay, the backgroand is access, these ultimate oracles. Thisultimate center of truth. Facts exist in this place and facts are watereddown to their most basic parts, the most most fundamental facts, the mosttruthy truth, truth oriented things in the most small container of informationis possible, but a government doesn't necessarily want that and we don'tnecessarily want that, as participants in the government government would haveits Om pleasunt tin to use the pmatein examples. Thegovernment would have its own systems in those plasicic chains for eachdepartment of the government. Each state would have their own sections ofthe their own change, which would basically create this organizationalstructures of facts and truths and value, and I think information is value-is one of the big paradim shifts that we're got to be really looking at here.Sure the center of truth is going to have these very, very, very fundamentalbar bones things, you're you're, suggesting absolutely and as far asthagoes the theorums, the bar bar minimum biable product for that okay.But when we're talking about exchange ofvalue identity, recovery, Um, you know we are, we require laws. These are notgoing. Ao Exist in the Manoru Chan, they're, just not, and as far as that goes, you want tointegrate these ky c elements in and in the end of the day, you might evenhave the situation where the only people that have wallets in the mainroute, our governments ord to say. No, you don't know- I meanthat's just one posible scenario to look at here, but it is in thatsituation. You simplified the route chain significantly and created ascalable scenario for everybody else to participate in this KYC, an xchange ofuniversal value in a trustless manner, but you have still the ability fortaxation and all these other kind of things that we definitely rely on forsociety to function properly, as well as a system of court and rule whichwill allow us to contests people who donot uphold to the social contractthat we engage in which we need. We absufeculutely need it. So we're notdisagre, I'm not disagreeing with anything you're saying I'm just sayingthat when we talk about these areas of identity and KYC, they might not applyon that Rocine, but they're gun to apply somewhere andwith. That or do you have anythingelse? No, I'm as been really awesome. Talkingwith you guys, thank you so much for having me here, um to all your listeners. If you'reinterested in M etherium and development with IPFASOR you want toplay around with our framework, you can find us on a Github, transmut, GashIndustries, Um, it's all Alpa level software. So pleasesubmit bug reports or issues open issues. IILL personally help you, ifyou have any trouble using it, and thank you guys, you know so muchfor having me on here. They definitely join their slack they're, almost alwaysavailable. If you want to Jh Shit chat over there, they're really great greatguys, O wonder a Guysengal yea. We also...

...cohost the AUSTINAT theory and meet upwith consensus, and so, if you're in Austin or you're ever in Austin, Um Felfree to stop by the often, if Yhou're in meet up it's it's pretty good Ollfor focus. We try and keep about software engineering and not you know,cryptocurrency trading and speculation, so um definitely showt up to often ifyou're incommunity hees a bunch of really awetome companies in office andbuilding on top of wathing right now. I think you just said: Awten, that'sGotto, be a thing! I'm surprised! That's O thing already! I'm from I grewup in Dallas. I Surprise Austin isn't povered! I tright thanks, Come Herso.

In-Stream Audio Search

NEW

Search across all episodes within this podcast

Episodes (108)