A Brief Tour of DFINITY

Transcript

1. None

2. World Compute Platform A Brief Tour of DFINITY Doc vers.

   22th November 2016

3. Mission

4. Ungoverned
 “The Code is Law” Governed
 Blockchain Nervous System Availability

   favoring Casper Scalability, interop… favoring New “crypto:3” protocols Mission | Extend the Ethereum Ecosystem

5. DFINITY Foundation Fund and assist advancement of core Ethereum technologies

   e.g. Ethereum Virtual Machine, P2P, Solidity, state channels, etc Promote DFINITY’s compatibility with Ethereum and drive up the functional breadth, funding and profile of the entire Ethereum ecosystem Fund and advance unique DFINITY technologies e.g. Blockchain Nervous System, crypto:3 techniques, etc Vires in Numeris

6. DFINITY
 Overview Core Vision

7. The Next Cloud Is Decentralized WORLD COMPUTE PLATFORM GLOBALLY ACCESSIBLE

   VIRTUAL COMPUTER Ethereum Virtual Machine Compatible STATE MEMORY CPU

8. Powerful Properties $ Unstoppable $ Tamperproof $ Extranational $ Autonomous

   $ Easily verifiable $ Easy interoperation CLOUD PLATFORM APPLICATIONS

9. Decentralized Mass Market Services Sharing Micro-blogging “Email” Search Storage DFINITY

   research is specialized towards supporting massive scalability

10. Decentralized Core Infrastructure Phi “decentralized commercial banking” is fully autonomous

    but economists are saying it could originate loans more judiciously than banks* * presented at Devcon2 - gives out loans and creates stable currency backed by loan collateral BANK REPLACEMENT ? ?

11. Root Level Business Reengineering Insurance Financial markets and exchanges Global

    identity Smart property Internet of Things Electronic medical records Auditing & Compliance Collaborative economy Real Estate & Property Voting & Governance Systems Identity management Legal Intellectual property management Logistics & Asset Tracking urities & Trading Supply chain & Trade finance Customer Acquisition & Loyalty Escrow & Custody services ss-border finance Workforce Digital right Provena Charity Educat

12. Blockchain Nervous System Decentralized governance

13. Blockchain Nervous System AI STATE MEMORY CPU “The Code is

    Law” is contingent on a decentralized “brain”… CORRUPT SYSTEM OR DATA

14. STATE MEMORY CPU FIX DEADLOCKS MITIGATE HACKS RETURN FUNDS PROTOCOL

    UPGRADES FREEZE VICE/VIOLENCE CONFIG BNS FROZEN OR FIXED USING PRIVILEGED OP CODES Blockchain Nervous System AI

15. Public-Private IOP Made possible by crypto:3 network technology

16. PRIVATE NETWORK PRIVATE NETWORK PUBLIC SERVICE Public-Private Interoperability STATE MEMORY

    CPU STATE MEMORY CPU CALL CALL STATE MEMORY CPU PRIVATE NETWORK PRIVATE NETWORK DFINITY NETWORK Private network software can call into systems on public network ZINC RELEASE - private software method can specify 1 public method call for all or nothing execution

17. Public-Private Interoperability Corporations can quickly build complex ecosystems using open

    business systems just like software libraries Incorporate e.g. stable coin, identity, arbitration systems & interact through e.g a public carbon credit exchange PRIVATE NETWORK PRIVATE NETWORK PUBLIC SERVICE WORLD COMPUTE PLATFORM

18. Scale-out Made possible by crypto:3 network technology

19. crypto:3 Scale-out Virtual computer is created by P2P clients executing

    a protocol (no vulnerable servers as per AWS) DFINITY CLIENTS STATE MEMORY CPU NEW CLIENT NEW CLIENT STORAGE CAPACITY: 1.9 EXABYTES PROCESSING CAPACITY: 583473 GAS

20. crypto:3 Scale-out DFINITY CLIENTS DFINITY scales-out/grows virtual computer’s capacity as

    “mining” clients join network* * Capacity Bitcoin and Ethereum networks currently decrease with size STORAGE CAPACITY: 2.1 EXABYTES PROCESSING CAPACITY: 731011 GAS STATE MEMORY CPU

21. Exploring In More Technical Depth… 1 Threshold Relay Chain techniques

    2 Applications of Randomness 3 Blockchain Nervous System 4 Public-Private Interoperability 5 Release Schedule

22. How to organize 1M+ mining clients to produce 1 virtual

    computer? Composed 1M+ servers Composed 1M+ servers Protocol Design Challenge

23. Randomness…

24. Proof of Work Randomness is the fundamental engine used to

    drive stateful decentralized networks FOR EXAMPLE… - Miners race solve puzzle - Solutions found randomly in Poisson distribution - Winner appends block to blockchain - Becomes a temporary “leader” - Next leader is unknown - Cannot DOS, manipulate etc. - Honest majority - Chain functions correctly if majority of leaders
 are honest (~ since selfish mining…) - Adversary cannot control chain OBSERVATION

25. Threshold Relay Unpredictable deterministic randomness on demand in decentralized networks

    Example crypto:3 technique

26. A network of processes… - Mining “processes” - Fundamental unit

    of computational resource - P2P broadcast network - E.g. gossip based. Can use Kademlia structure - Each process has “mining identity” - Public key with meta data attached - IDs mediate participation - Private network: trusted dealer defines list - Public network: CC security deposit, USCIDs - Massive network size

27. is organized into random groups… - Random members - Each

    process is a member of multiple groups - Groups intersect, have e.g. 400 members - Groups setup threshold crypto - Run VSS secret sharing protocol - 51% threshold e.g. 201+/400 needed create signature - BLS signature scheme - Math magic… If 51% of group members broadcast “signature shares” on a message, these can be combined to create the group’s threshold signature. This will always be the same irrespective of which 51% subset signs (the system is “unique and deterministic”)

28. current group signs… signature of previous group - Signature is

    random number - Otherwise it would be predictable/insecure - Number selects next group - g = G[ r % |G| ] - Next group use prev no. as message - Thus sequence is entirely deterministic - Verifiable Random Function - Numbers verifiable using group public key - New values produced on threshold agreement - Unmanipulable, unpredictable…

29. SELECTS NEXT GROUP NEW RANDOM NO. (BLS THRESHOLD SIGNATURE) BLOCK

    HEIGHT ECTS NEXT GROUP h 2 mod |G| ] h 1 = bls ts({ h 1 p , p 2 Gh 1}) h = bls ts({ h p , p 2 Gh}) Gh = G [ h 1 mod |G| ] NEW RANDOM NO. (BLS THRESHOLD SIGNATURE) msg = h 1|h h 1 h msg = h 2|h 1 Signature “share” on h-1 threshold signature by process p LEGEND BY EXAMPLE Threshold signature at height h (h-1 signature used as message) h p Gh |G| The total number of threshold groups in network Threshold group that will sign at height h h AD INFINITUM

30. GROUP SIZE Group size 400 Threshold 201 MESSAGE FORMAT Process

    ID 20 bytes Signature share 32 bytes Signature on comms 32 bytes Total 84 bytes Overhead Example COMMUNICATION OVERHEAD Maximum only 34 KB When a group must sign the previous signature, each member process creates a signature share using it as the message. This must be broadcast together with some other information If all group members are active, a total of 34 KB messages will be created each round. In practice, broadcast halts as soon as the 32 byte group signature is broadcast (requires 17 KB of messages)

31. Processes 10,000 Faulty 3,000 (Correct) 7,000 Group Size 400 Threshold

    201 Resilience Example NETWORK MAKEUP Note: our example assumes almost one third mining processes in the network are faulty. In practice this would be an extreme situation where professional mining is involved. Calculate odds using any hypergeometric probability calculator http://www.geneprof.org/GeneProf/tools/hypergeometric.jsp Probability that 200 or more processes in randomly selected group are faulty, preventing production of signature: 1e-17 Nb. groups expire to address “adaptive” adversaries

32. Threshold Relay Blockchain Probabilistic Slot Protocol (PSP)

33. Start Your Timer When Gh is selected, the members start

    their stopwatches… 1s 2s 3s 1s 2s 3s 1s 2s 3s h 1 h 1 h 1 p 2 Gh p 2 Gh p 2 Gh

34. SLOT Publish Points h h+1 h+2 h+3 h+4 h+5 0

    6+ secs 1 pt P2313 P4792 P1101 P3883 P877 P7615 1 7+ secs 1/2 pt P3493 P103 P2993 P4652 P2840 P5620 2 8+ secs 1/4 pt P939 P9291 P9742 P8746 P7221 P66 3 9+ secs 1/8 pt P93843 P382 P4207 P7723 P9837 P2811 Choosing Leaders Randomness selects priority list block forgers at height h block broadcast @ h ignored before 6 seconds… block broadcast @ h ignored before 7 seconds…. block broadcast @ h ignored before 8 seconds… block broadcast @ h ignored before 9 seconds… Ordering of all processes in network… d = 6s t = +1s q = 0.5

35. SLOT Publish Points h h+1 h+2 h+3 h+4 h+5 0

    6+ secs 1 pt P2313 P4792 P1101 P3883 P877 P7615 1 7+ secs 1/2 pt P3493 P103 P2993 P4652 P2840 P5620 2 8+ secs 1/4 pt P939 P9291 P9742 P8746 P7221 P66 3 9+ secs 1/8 pt P93843 P382 P4207 P7723 P9837 P2811 Choosing Leaders Randomness selects priority list block forgers at height h d = 6s t = +1s q = 0.5

36. Short Term Convergence Correct processes try to build on the

    highest scoring chain + 4 points + 23/4 points BEST PARENT SLOT Publish Points h h+1 h+2 h+3 h+4 h+5 0 6+ secs 1 pt P2313 P4792 P1101 P3883 P877 P7615 1 7+ secs 1/2 pt P3493 P103 P2993 P4652 P2840 P5620 2 8+ secs 1/4 pt P939 P9291 P9742 P8746 P7221 P66 3 9+ secs 1/8 pt P93843 P382 P4207 P7723 P9837 P2811 d = 6s t = +1s q = 0.5

37. Threshold Timestamping A group signs blocks at h until next

    group appends another Broadcast sig. share on block Broadcast sig. share on σ h-1 STOP Block @ h received from p Thresh. sig. on block at h received Block timestamp amplification Threshold relay and halt Signing behavior of member current group at h Is valid and p’s SLOT ready? Signed higher scoring chain? NO YES

38. Chain Convergence VERY FAST- valid blocks reference “signed” parents SLOT

    Publish Points h h+1 h+2 h+3 h+4 h+5 0 6+ secs 1 pt P2313 P4792 P1101 P3883 P877 P7615 1 7+ secs 1/2 pt P3493 P103 P2993 P4652 P2840 P5620 2 8+ secs 1/4 pt P939 P9291 P9742 P8746 P7221 P66 3 9+ secs 1/8 pt P93843 P382 P4207 P7723 P9837 P2811 d = 6s t = +1s q = 0.5

39. Timestamping Benefits Threshold power! SUPER FAST - during normal operation

    expect overwhelming probability of transaction irreversibility (“finality”) in: 6s Threshold groups timestamping blocks resolves several security challenges… - Nothing At Stake - Equivocation - Selfish Mining SPV Prove to a light client that only has Merkle root of groups Predictable risk Total points recent blocks predict “risk” visible chain not final

40. PoW On Ethereum Bitcoin Could Consume as Much Electricity as

    Denmark by 2020, Motherboard 3/29/2016 Ridiculous!!! - Currently 50+% of blocks mined are empty… - Proof-of-work’s “Poission distribution” is cause - Publishing an empty block without delaying to validate transactions is more profitable… - Building on an empty block that does not involve validation delay is more profitable… - Per block gas limit set to tiny levels to combat problems - Sooner you publish, greater chance of being “confirmed”

41. Relative Performance Threshold power! Block time “TX finality” (speed) Gas

    available Average 10 mins varies wildly Average 20 secs varies wildly Average 6 secs low variance 10 confirmations avg. 1.5 hrs+ 12 confirmations 3 mins Normally 6 secs - - - Low due to Poisson distribution 25-50X Ethereum Using Threshold Relay as optimization: scale-out will deliver unlimited throughput

42. Scaling-out The Virtual Computer

43. CONSENSUS Threshold relay chain generates randomness, records network metadata &

    validation tree “state root”. VALIDATION Scalable “Validation Tree” composed “Validation Towers”. Does for validation what Merkle does for data. STORAGE State and updates to state stored on shards. State transitions passed to Validation Tree. 3 layer architecture “scale-out” architecture STATE ROOT RANDOM BEACON DRIVES TREE (TX, ReadT X, S) STATE SHARDS TX

44. Other Applications of Randomness

45. VALIDATION TOWER Each additional level of the tower validates new

    state transitions applied to some storage shard, and is built by processes selected by the random beacon. These processes must also validate levels beneath them to some validation depth d. Once a level has been added, a process becomes economically inactive until it has been buried by d further levels. It cannot predict who will build these levels, and thus it become computationally infeasible to collude with shards and have bad transitions validated. LAZY VALIDATION LOTTERY CHARGING Some queries of data on the virtual computer are relatively inexpensive and do not warrant the cost of a validation in a Validation Tower. For example, a search of a Web index is a low value operation. Nonetheless, validation is still necessary, since otherwise miners might insert advertising into search results. To address this situation, query results are validated 1. only occasionally upon direction of the random beacon and 2. after the query has been returned to the user. While we can use lazy validation to reduce the cost of low value operations such as search queries, any operation that involves currency (in this case “dfinities”) must necessarily be fully validated - after all, lots of small frauds make a big fraud!!! A problem thus exists, because the computer cannot make any operation free or it will be DOSed. The solution is to multiply charges by e.g. 1000, and then only apply them 1/1000 times as directed by the random beacon. SCALING USER EXPERIENCE COST REDUCTION The Power Of Randomness Scalable global validation layer Instant D-Web search Inexpensive D-Web search

46. EXTRACT FROM DEVCON2 PRESENTATION

47. Decentralized commercial banking and stable currency _ EXTRACT FROM DEVCON2

    PRESENTATION

48. Security deposit Anyone can become a PHI Validator by making

    a security deposit to the computer. If a loan you approve becomes delinquent the computer takes compensation from your deposit. Anyone Can Be A PHI Validator Computer Deposit Max Loan Max Loans $50,000 $5,000 $500,000 Example (paid in PHI) EXTRACT FROM DEVCON2 PRESENTATION

49. How Computer Issues Loans 1. Ask for loan 2. Create

    loan application 3. Proposer 4. Checker 5. Checker 7. Issue Loan ‣ Random sequence validators - Nobody knows who’s next ‣ Choice validators - Size of their deposit - Reputation ‣ Loan application - Format is open standard 6. Create new PHI EXTRACT FROM DEVCON2 PRESENTATION

50. Blockchain Nervous System Decentralized governance

51. Proposal Processing BNS MEMOR CPU STATE MEMORY 1. Submit proposal

    - Standard types of proposal - A fee is paid in dfinities 2. BNS evaluates proposal - Process is type dependent - Output is yes | no 3. Voting triggers decision - Use privileged EVM op codes - Freeze contracts, move tokens - Run arbitrary privileged code - Configure platform

52. Security deposit in dfinities Neuron controller People Create Neurons Neuron’s

    voting power equals dfinities deposited Neuron key pair configured into laptop or smartphone client Neurons are created by making a security deposit to a special DFINITY smart contract. It takes 3 months to dissolve a neuron and retrieve the deposit, incentivizes good decision making

53. Neurons Follow Neurons… Core Dev Reddit Pundit Researcher Investor Foundation

    Neurons follow other neurons. This enables them to make decisions without benefiting from the input of their direct human controller. People can advertise the address of their neuron

54. Neuron Client Software Each proposal submitted to the BNS has

    a topic. When the neuron controller doesn’t vote, the neuron client software examines the follow list configured for the topic Protocol Policy 945af86d4f6506ca7a4b989e37036d59acea893d be548f6b22e649402daa54d7f837c8a72a1ebc4d 43eaf52618c7450532dffe5d621e56fc42ea6f23 d32541ad489dd7a35e160ab8a649344511596f0a 2e9451d152ac6f0bb3f5f74013dd5e04721b32e3 30171d87353ba1b14286ea970177d8eaa10fa6bb d7fa7efb62791851f7bdf0ba00aa7ebc583c0f49 99e4f4495b652354b4a61909aa7c161daca524ef 155de190f23dbf2ad4938af87c42e694e6830815 66c683cd1fa9855f9eac15a4e4da3f7cefff9dcb c941588dd18ef107c2d70594f289a25298ee088e Add… Mitigation Add… Manage follow behavior

55. BNS Properties Neurons cascade to make decisions on proposals -

    Non-deterministic (depends timing) Highly resilient - Trust graph (follow relationships) exist on edges and are unknowable… - Difficult to kidnap, extort or influence “key holders” - Government, or “frozen” cos cannot capture, sue etc… - Good incentives system Captures wisdom of crowds - Community expertise incorporated - Opaque liquid democracy The BNS learns - Follow relationships are dynamic - Improves over time Decentralized intelligence Thought mining - Neurons earn money - Factor down by proportion votes missed

56. Public - Private Interoperability Using special properties of crypto:3 networks

57. Internet Network INTERNET SERVICE LAN LAN PRIVATE LANS CONNECTED *

    * LAN = Local Area Network, run in office or home

58. Ethereum Network ETHEREUM SERVICE PRIVATE CHAIN PRIVATE CHAIN BUSINESS PRIVATE

    CHAINS ISOLATED

59. DFINITY Network DFINITY PRIVATE CHAINS CONNECTED SERVICE PRIVATE CHAIN PRIVATE


    CHAIN

60. Private Chains Interact DFINITY E.G. PUBLIC CARBON CREDITS EXCHANGE PRIVATE

    CHAIN SERVICE SERVICE PRIVATE CHAIN EXAMPLE

61. Public Systems Are Building Blocks PRIVATE SMART CONTRACT CODE Include

    “dfinity:StableCoin.sol” Include “dfinity:Arbitration.sol” Include “dfinity:Identity.sol”
 Include “dfinity:Haulage.sol” _ EXAMPLE

62. ARBITRATION IDENTITY HAULAGE STABLE COIN CORPORATE SUPPLY
 CHAIN AND &

    INVOICE FINANCING MARKET PRIVATE CHAIN DFINITY EXAMPLE Public Systems Are Building Blocks

63. Release Schedule…

64. Release Schedule 2| ZINC - Private - Public IOP 3|

    TUNGSTEN - State sharding (basic) - Validation Towers (basic) - Asynchronous model for cross-shard programming - USCIDs
 (Unique State Copy IDs) - Advancements in BNS 1| COPPER - Threshold Relay Chain - Blockchain Nervous System (BNS) - Security deposits - State-root-only-chain 4| LITHIUM - Full “Validation Tree” architecture - Micro-sharding - Advanced economic models - zkSNARKs, and other privacy enhancements Objective: race to Tungsten < 1 year More TBA…