No content

World Compute Platform A Brief Tour of DFINITY Doc vers. 22th November 2016 

Mission 

Ungoverned
 “The Code is Law” Governed
 Blockchain Nervous System Availability favoring Casper Scalability, interop… favoring New “crypto:3” protocols Mission | Extend the Ethereum Ecosystem 

DFINITY Foundation Fund and assist advancement of core Ethereum technologies e.g. Ethereum Virtual Machine, P2P, Solidity, state channels, etc Promote DFINITY’s compatibility with Ethereum and drive up the functional breadth, funding and profile of the entire Ethereum ecosystem Fund and advance unique DFINITY technologies e.g. Blockchain Nervous System, crypto:3 techniques, etc Vires in Numeris 

DFINITY
 Overview Core Vision 

The Next Cloud Is Decentralized WORLD COMPUTE PLATFORM GLOBALLY ACCESSIBLE VIRTUAL COMPUTER Ethereum Virtual Machine Compatible STATE MEMORY CPU 

Powerful Properties $ Unstoppable $ Tamperproof $ Extranational $ Autonomous $ Easily verifiable $ Easy interoperation CLOUD PLATFORM APPLICATIONS 

Decentralized Mass Market Services Sharing Micro-blogging “Email” Search Storage DFINITY research is specialized towards supporting massive scalability 

Decentralized Core Infrastructure Phi “decentralized commercial banking” is fully autonomous but economists are saying it could originate loans more judiciously than banks* * presented at Devcon2 - gives out loans and creates stable currency backed by loan collateral BANK REPLACEMENT ? ? 

Root Level Business Reengineering Insurance Financial markets and exchanges Global identity Smart property Internet of Things Electronic medical records Auditing & Compliance Collaborative economy Real Estate & Property Voting & Governance Systems Identity management Legal Intellectual property management Logistics & Asset Tracking urities & Trading Supply chain & Trade finance Customer Acquisition & Loyalty Escrow & Custody services ss-border finance Workforce Digital right Provena Charity Educat 

Blockchain Nervous System Decentralized governance 

Blockchain Nervous System AI STATE MEMORY CPU “The Code is Law” is contingent on a decentralized “brain”… CORRUPT SYSTEM OR DATA 

STATE MEMORY CPU FIX DEADLOCKS MITIGATE HACKS RETURN FUNDS PROTOCOL UPGRADES FREEZE VICE/VIOLENCE CONFIG BNS FROZEN OR FIXED USING PRIVILEGED OP CODES Blockchain Nervous System AI 

Public-Private IOP Made possible by crypto:3 network technology 

PRIVATE NETWORK PRIVATE NETWORK PUBLIC SERVICE Public-Private Interoperability STATE MEMORY CPU STATE MEMORY CPU CALL CALL STATE MEMORY CPU PRIVATE NETWORK PRIVATE NETWORK DFINITY NETWORK Private network software can call into systems on public network ZINC RELEASE - private software method can specify 1 public method call for all or nothing execution 

Public-Private Interoperability Corporations can quickly build complex ecosystems using open business systems just like software libraries Incorporate e.g. stable coin, identity, arbitration systems & interact through e.g a public carbon credit exchange PRIVATE NETWORK PRIVATE NETWORK PUBLIC SERVICE WORLD COMPUTE PLATFORM 

Scale-out Made possible by crypto:3 network technology 

crypto:3 Scale-out Virtual computer is created by P2P clients executing a protocol (no vulnerable servers as per AWS) DFINITY CLIENTS STATE MEMORY CPU NEW CLIENT NEW CLIENT STORAGE CAPACITY: 1.9 EXABYTES PROCESSING CAPACITY: 583473 GAS 

crypto:3 Scale-out DFINITY CLIENTS DFINITY scales-out/grows virtual computer’s capacity as “mining” clients join network* * Capacity Bitcoin and Ethereum networks currently decrease with size STORAGE CAPACITY: 2.1 EXABYTES PROCESSING CAPACITY: 731011 GAS STATE MEMORY CPU 

Exploring In More Technical Depth… 1 Threshold Relay Chain techniques 2 Applications of Randomness 3 Blockchain Nervous System 4 Public-Private Interoperability 5 Release Schedule 

How to organize 1M+ mining clients to produce 1 virtual computer? Composed 1M+ servers Composed 1M+ servers Protocol Design Challenge 

Randomness… 

Proof of Work Randomness is the fundamental engine used to drive stateful decentralized networks FOR EXAMPLE… - Miners race solve puzzle - Solutions found randomly in Poisson distribution - Winner appends block to blockchain - Becomes a temporary “leader” - Next leader is unknown - Cannot DOS, manipulate etc. - Honest majority - Chain functions correctly if majority of leaders
 are honest (~ since selfish mining…) - Adversary cannot control chain OBSERVATION 

Threshold Relay Unpredictable deterministic randomness on demand in decentralized networks Example crypto:3 technique 

A network of processes… - Mining “processes” - Fundamental unit of computational resource - P2P broadcast network - E.g. gossip based. Can use Kademlia structure - Each process has “mining identity” - Public key with meta data attached - IDs mediate participation - Private network: trusted dealer defines list - Public network: CC security deposit, USCIDs - Massive network size 

is organized into random groups… - Random members - Each process is a member of multiple groups - Groups intersect, have e.g. 400 members - Groups setup threshold crypto - Run VSS secret sharing protocol - 51% threshold e.g. 201+/400 needed create signature - BLS signature scheme - Math magic… If 51% of group members broadcast “signature shares” on a message, these can be combined to create the group’s threshold signature. This will always be the same irrespective of which 51% subset signs (the system is “unique and deterministic”) 

current group signs… signature of previous group - Signature is random number - Otherwise it would be predictable/insecure - Number selects next group - g = G[ r % |G| ] - Next group use prev no. as message - Thus sequence is entirely deterministic - Verifiable Random Function - Numbers verifiable using group public key - New values produced on threshold agreement - Unmanipulable, unpredictable… 

SELECTS NEXT GROUP NEW RANDOM NO. (BLS THRESHOLD SIGNATURE) BLOCK HEIGHT ECTS NEXT GROUP h 2 mod |G| ] h 1 = bls ts({ h 1 p , p 2 Gh 1}) h = bls ts({ h p , p 2 Gh}) Gh = G [ h 1 mod |G| ] NEW RANDOM NO. (BLS THRESHOLD SIGNATURE) msg = h 1|h h 1 h msg = h 2|h 1 Signature “share” on h-1 threshold signature by process p LEGEND BY EXAMPLE Threshold signature at height h (h-1 signature used as message) h p Gh |G| The total number of threshold groups in network Threshold group that will sign at height h h AD INFINITUM 

GROUP SIZE Group size 400 Threshold 201 MESSAGE FORMAT Process ID 20 bytes Signature share 32 bytes Signature on comms 32 bytes Total 84 bytes Overhead Example COMMUNICATION OVERHEAD Maximum only 34 KB When a group must sign the previous signature, each member process creates a signature share using it as the message. This must be broadcast together with some other information If all group members are active, a total of 34 KB messages will be created each round. In practice, broadcast halts as soon as the 32 byte group signature is broadcast (requires 17 KB of messages) 

Processes 10,000 Faulty 3,000 (Correct) 7,000 Group Size 400 Threshold 201 Resilience Example NETWORK MAKEUP Note: our example assumes almost one third mining processes in the network are faulty. In practice this would be an extreme situation where professional mining is involved. Calculate odds using any hypergeometric probability calculator http://www.geneprof.org/GeneProf/tools/hypergeometric.jsp Probability that 200 or more processes in randomly selected group are faulty, preventing production of signature: 1e-17 Nb. groups expire to address “adaptive” adversaries 

Threshold Relay Blockchain Probabilistic Slot Protocol (PSP) 

Start Your Timer When Gh is selected, the members start their stopwatches… 1s 2s 3s 1s 2s 3s 1s 2s 3s h 1 h 1 h 1 p 2 Gh p 2 Gh p 2 Gh 

SLOT Publish Points h h+1 h+2 h+3 h+4 h+5 0 6+ secs 1 pt P2313 P4792 P1101 P3883 P877 P7615 1 7+ secs 1/2 pt P3493 P103 P2993 P4652 P2840 P5620 2 8+ secs 1/4 pt P939 P9291 P9742 P8746 P7221 P66 3 9+ secs 1/8 pt P93843 P382 P4207 P7723 P9837 P2811 Choosing Leaders Randomness selects priority list block forgers at height h block broadcast @ h ignored before 6 seconds… block broadcast @ h ignored before 7 seconds…. block broadcast @ h ignored before 8 seconds… block broadcast @ h ignored before 9 seconds… Ordering of all processes in network… d = 6s t = +1s q = 0.5 

SLOT Publish Points h h+1 h+2 h+3 h+4 h+5 0 6+ secs 1 pt P2313 P4792 P1101 P3883 P877 P7615 1 7+ secs 1/2 pt P3493 P103 P2993 P4652 P2840 P5620 2 8+ secs 1/4 pt P939 P9291 P9742 P8746 P7221 P66 3 9+ secs 1/8 pt P93843 P382 P4207 P7723 P9837 P2811 Choosing Leaders Randomness selects priority list block forgers at height h d = 6s t = +1s q = 0.5 

Short Term Convergence Correct processes try to build on the highest scoring chain + 4 points + 23/4 points BEST PARENT SLOT Publish Points h h+1 h+2 h+3 h+4 h+5 0 6+ secs 1 pt P2313 P4792 P1101 P3883 P877 P7615 1 7+ secs 1/2 pt P3493 P103 P2993 P4652 P2840 P5620 2 8+ secs 1/4 pt P939 P9291 P9742 P8746 P7221 P66 3 9+ secs 1/8 pt P93843 P382 P4207 P7723 P9837 P2811 d = 6s t = +1s q = 0.5 

Threshold Timestamping A group signs blocks at h until next group appends another Broadcast sig. share on block Broadcast sig. share on σ h-1 STOP Block @ h received from p Thresh. sig. on block at h received Block timestamp amplification Threshold relay and halt Signing behavior of member current group at h Is valid and p’s SLOT ready? Signed higher scoring chain? NO YES 

Chain Convergence VERY FAST- valid blocks reference “signed” parents SLOT Publish Points h h+1 h+2 h+3 h+4 h+5 0 6+ secs 1 pt P2313 P4792 P1101 P3883 P877 P7615 1 7+ secs 1/2 pt P3493 P103 P2993 P4652 P2840 P5620 2 8+ secs 1/4 pt P939 P9291 P9742 P8746 P7221 P66 3 9+ secs 1/8 pt P93843 P382 P4207 P7723 P9837 P2811 d = 6s t = +1s q = 0.5 

Timestamping Benefits Threshold power! SUPER FAST - during normal operation expect overwhelming probability of transaction irreversibility (“finality”) in: 6s Threshold groups timestamping blocks resolves several security challenges… - Nothing At Stake - Equivocation - Selfish Mining SPV Prove to a light client that only has Merkle root of groups Predictable risk Total points recent blocks predict “risk” visible chain not final 

PoW On Ethereum Bitcoin Could Consume as Much Electricity as Denmark by 2020, Motherboard 3/29/2016 Ridiculous!!! - Currently 50+% of blocks mined are empty… - Proof-of-work’s “Poission distribution” is cause - Publishing an empty block without delaying to validate transactions is more profitable… - Building on an empty block that does not involve validation delay is more profitable… - Per block gas limit set to tiny levels to combat problems - Sooner you publish, greater chance of being “confirmed” 

Relative Performance Threshold power! Block time “TX finality” (speed) Gas available Average 10 mins varies wildly Average 20 secs varies wildly Average 6 secs low variance 10 confirmations avg. 1.5 hrs+ 12 confirmations 3 mins Normally 6 secs - - - Low due to Poisson distribution 25-50X Ethereum Using Threshold Relay as optimization: scale-out will deliver unlimited throughput 

Scaling-out The Virtual Computer 

CONSENSUS Threshold relay chain generates randomness, records network metadata & validation tree “state root”. VALIDATION Scalable “Validation Tree” composed “Validation Towers”. Does for validation what Merkle does for data. STORAGE State and updates to state stored on shards. State transitions passed to Validation Tree. 3 layer architecture “scale-out” architecture STATE ROOT RANDOM BEACON DRIVES TREE (TX, ReadT X, S) STATE SHARDS TX 

Other Applications of Randomness 

VALIDATION TOWER Each additional level of the tower validates new state transitions applied to some storage shard, and is built by processes selected by the random beacon. These processes must also validate levels beneath them to some validation depth d. Once a level has been added, a process becomes economically inactive until it has been buried by d further levels. It cannot predict who will build these levels, and thus it become computationally infeasible to collude with shards and have bad transitions validated. LAZY VALIDATION LOTTERY CHARGING Some queries of data on the virtual computer are relatively inexpensive and do not warrant the cost of a validation in a Validation Tower. For example, a search of a Web index is a low value operation. Nonetheless, validation is still necessary, since otherwise miners might insert advertising into search results. To address this situation, query results are validated 1. only occasionally upon direction of the random beacon and 2. after the query has been returned to the user. While we can use lazy validation to reduce the cost of low value operations such as search queries, any operation that involves currency (in this case “dfinities”) must necessarily be fully validated - after all, lots of small frauds make a big fraud!!! A problem thus exists, because the computer cannot make any operation free or it will be DOSed. The solution is to multiply charges by e.g. 1000, and then only apply them 1/1000 times as directed by the random beacon. SCALING USER EXPERIENCE COST REDUCTION The Power Of Randomness Scalable global validation layer Instant D-Web search Inexpensive D-Web search 

EXTRACT FROM DEVCON2 PRESENTATION 

Decentralized commercial banking and stable currency _ EXTRACT FROM DEVCON2 PRESENTATION 

Security deposit Anyone can become a PHI Validator by making a security deposit to the computer. If a loan you approve becomes delinquent the computer takes compensation from your deposit. Anyone Can Be A PHI Validator Computer Deposit Max Loan Max Loans $50,000 $5,000 $500,000 Example (paid in PHI) EXTRACT FROM DEVCON2 PRESENTATION 

How Computer Issues Loans 1. Ask for loan 2. Create loan application 3. Proposer 4. Checker 5. Checker 7. Issue Loan ‣ Random sequence validators - Nobody knows who’s next ‣ Choice validators - Size of their deposit - Reputation ‣ Loan application - Format is open standard 6. Create new PHI EXTRACT FROM DEVCON2 PRESENTATION 

Blockchain Nervous System Decentralized governance 

Proposal Processing BNS MEMOR CPU STATE MEMORY 1. Submit proposal - Standard types of proposal - A fee is paid in dfinities 2. BNS evaluates proposal - Process is type dependent - Output is yes | no 3. Voting triggers decision - Use privileged EVM op codes - Freeze contracts, move tokens - Run arbitrary privileged code - Configure platform 

Security deposit in dfinities Neuron controller People Create Neurons Neuron’s voting power equals dfinities deposited Neuron key pair configured into laptop or smartphone client Neurons are created by making a security deposit to a special DFINITY smart contract. It takes 3 months to dissolve a neuron and retrieve the deposit, incentivizes good decision making 

Neurons Follow Neurons… Core Dev Reddit Pundit Researcher Investor Foundation Neurons follow other neurons. This enables them to make decisions without benefiting from the input of their direct human controller. People can advertise the address of their neuron 

Neuron Client Software Each proposal submitted to the BNS has a topic. When the neuron controller doesn’t vote, the neuron client software examines the follow list configured for the topic Protocol Policy 945af86d4f6506ca7a4b989e37036d59acea893d be548f6b22e649402daa54d7f837c8a72a1ebc4d 43eaf52618c7450532dffe5d621e56fc42ea6f23 d32541ad489dd7a35e160ab8a649344511596f0a 2e9451d152ac6f0bb3f5f74013dd5e04721b32e3 30171d87353ba1b14286ea970177d8eaa10fa6bb d7fa7efb62791851f7bdf0ba00aa7ebc583c0f49 99e4f4495b652354b4a61909aa7c161daca524ef 155de190f23dbf2ad4938af87c42e694e6830815 66c683cd1fa9855f9eac15a4e4da3f7cefff9dcb c941588dd18ef107c2d70594f289a25298ee088e Add… Mitigation Add… Manage follow behavior 

BNS Properties Neurons cascade to make decisions on proposals - Non-deterministic (depends timing) Highly resilient - Trust graph (follow relationships) exist on edges and are unknowable… - Difficult to kidnap, extort or influence “key holders” - Government, or “frozen” cos cannot capture, sue etc… - Good incentives system Captures wisdom of crowds - Community expertise incorporated - Opaque liquid democracy The BNS learns - Follow relationships are dynamic - Improves over time Decentralized intelligence Thought mining - Neurons earn money - Factor down by proportion votes missed 

Public - Private Interoperability Using special properties of crypto:3 networks 

Internet Network INTERNET SERVICE LAN LAN PRIVATE LANS CONNECTED * * LAN = Local Area Network, run in office or home 

Ethereum Network ETHEREUM SERVICE PRIVATE CHAIN PRIVATE CHAIN BUSINESS PRIVATE CHAINS ISOLATED 

DFINITY Network DFINITY PRIVATE CHAINS CONNECTED SERVICE PRIVATE CHAIN PRIVATE
 CHAIN 

Private Chains Interact DFINITY E.G. PUBLIC CARBON CREDITS EXCHANGE PRIVATE CHAIN SERVICE SERVICE PRIVATE CHAIN EXAMPLE 

Public Systems Are Building Blocks PRIVATE SMART CONTRACT CODE Include “dfinity:StableCoin.sol” Include “dfinity:Arbitration.sol” Include “dfinity:Identity.sol”
 Include “dfinity:Haulage.sol” _ EXAMPLE 

ARBITRATION IDENTITY HAULAGE STABLE COIN CORPORATE SUPPLY
 CHAIN AND & INVOICE FINANCING MARKET PRIVATE CHAIN DFINITY EXAMPLE Public Systems Are Building Blocks 

Release Schedule… 

Release Schedule 2| ZINC - Private - Public IOP 3| TUNGSTEN - State sharding (basic) - Validation Towers (basic) - Asynchronous model for cross-shard programming - USCIDs
 (Unique State Copy IDs) - Advancements in BNS 1| COPPER - Threshold Relay Chain - Blockchain Nervous System (BNS) - Security deposits - State-root-only-chain 4| LITHIUM - Full “Validation Tree” architecture - Micro-sharding - Advanced economic models - zkSNARKs, and other privacy enhancements Objective: race to Tungsten < 1 year More TBA…