00:00hi everyone welcome to the a 6 & Z
00:02podcast I'm sonal today's episode is all
00:05about blockchain based voting systems
00:07which has implications for crypto
00:10economic security and for governance
00:12especially when you think about the
00:14differences both good and bad between
00:16real world and online systems for
00:18coordinating groups of people to vote on
00:20something whether it's a decision in a
00:21boardroom or an election or anything
00:23else this episode was recorded as part
00:26of our New York City podcast Roadshow
00:27and so it features Phil day on a PhD at
00:30Cornell Tech working with Ari jewels
00:32there his research focuses on broad
00:34questions of security of distributed
00:36systems specifically block chains
00:38he also wrote a post last year with
00:40Tyler Cal Ian Mears and Ari Jules on
00:42quote on chain vote-buying and the rise
00:45of dark daos joining Phil in this
00:48hallway style Jam to discuss these
00:49topics is Aliya who was previously a
00:52software engineer and machine learning
00:53researcher at Google acts in Google
00:55brain he also gave a talk at ASIC since
00:57the summit on crypto and the evolution
00:59of trust which you can find on our
01:01website and he's a partner on a six in Z
01:03crypto speaking of please note that the
01:06content here is for informational
01:07purposes only should not be taken as
01:10legal business tax or investment advice
01:12or be used to evaluate any investment or
01:15security and is not directed at any
01:17investors or potential investors in any
01:19fund for more details please also see a
01:216 & Z crypto comm slash disclosures the
01:24conversation that follows covers ways in
01:26which blockchain systems are different
01:28from real-world voting systems ways the
01:31system can be gamed and what that means
01:33for security as well as possible
01:35solutions and more importantly questions
01:37all blockchain system designers should
01:40think about instead of making naive
01:41assumptions but first Phil Annalee began
01:45by very briefly summing up the issues in
01:47real world elections and electronic
01:49voting systems the first voice you'll
01:51hear is those followed by oles so one
01:54challenge people have seen is
01:55straight-up hacking of course if there's
01:57electronic voting in use just tampering
01:59with the integrity of the election
02:01itself or the integrity of the
02:02registration another challenge that
02:04people have been worried about in the
02:05past is vote buying and selling so if I
02:08want you to vote a certain way maybe I
02:10directly bribe you to do so or maybe
02:13even in the currency
02:13I can indirectly do it but it's very
02:17difficult to bribe someone in person and
02:19sort of understand how they're going to
02:21act in an election yeah you have this
02:23great example of how if the price of a
02:25vote is a beer and you take me out for a
02:27beer and say Ali I want you to vote for
02:29X candidate I could drink your beer and
02:31then go to the poll and like submit that
02:33whatever that ballot I want you have no
02:36real mechanism to enforce my vote and
02:38one way or another and you then point
02:41out how this is not so much the case
02:43when you go to the world of electronic
02:45voting yes the price of the vote is a
02:46beer is actually kind of realistic like
02:48vote buying in general is empirically
02:50pretty cheap for two reasons number one
02:52is actually the poorest and like least
02:54advantaged people that are the most
02:55inclined to sell their votes and number
02:57two is most people are disinterested in
02:59most elections so this actually makes
03:01vote-buying pretty cheap and an
03:02electronic voting this is a big problem
03:04because with many electronic voting
03:06protocols you can actually tell at the
03:08end of the protocol how someone voted so
03:10it becomes much easier for me to bribe
03:11you because I can just say essentially
03:13I'll give you a beer if I check
03:14afterwards and you voted with my
03:15candidate rather than sort of trusting
03:17you to go in the polling booth and make
03:19the right decision where socially I
03:20can't follow you into that booth and
03:22look over your shoulder exactly how you
03:24point out how in the world of human
03:26voting there are three things that tend
03:27to be tend to make vote-buying a little
03:29bit more difficult and it's the
03:30inefficiencies of the human world that
03:31actually worked to your advantage here
03:33so the first is that in the human world
03:35it's a crime to buy votes and that
03:37itself kind of can serve as a deterrent
03:39which doesn't really exist so much in
03:41the jurisdiction list crypto world the
03:43second one was that ballots tend to be
03:45casted in secrecy so there's no way of
03:47me to produce a proof that I voted in
03:49one way or another which makes the
03:51buying of the vote difficult to enforce
03:52and the third one you mentioned is that
03:54if you tell me that you're going to pay
03:56me in the future for voting one
03:57direction or another I have a hard time
03:59trusting you that you actually in the
04:01end pay me and so there's a sort of
04:03counterparty risk and so in the same way
04:05that sort of block chains mitigate trust
04:08and improve coordination for good
04:12purposes they can also be used to
04:14improve coordination for sort of
04:17malicious purposes in this case vote
04:19buyings is like a double-edged sword
04:20block chains can be used to increase the
04:23efficiency and effectiveness of bribery
04:27in the traditional world there's been a
04:28long line of academic research so very
04:31early on people said we want to vote
04:32electronically it'll make tallying
04:34cheaper it can maybe use cryptography to
04:36increase the integrity of our elections
04:37so we don't rely on these pieces of
04:39papers sort of with this weird chain of
04:41human custody and things like that but
04:43early schemes sort of suffered from this
04:45receipt property where I could produce a
04:46proof that like here is the outcome and
04:48here is what I actually voted to lead to
04:50this outcome so there was a wide range
04:52of work early on on how to how to sort
04:54of solve this issue and create voting
04:55schemes that are receipt free which
04:58means that after the fact I cannot
04:59produce a receipt or a proof to tell you
05:01which way I voted and it's sort of
05:02equally likely from your perspective
05:04that I voted in any direction later work
05:07sort of said that this is not strong
05:09essentially the high level is if you're
05:12looking over my shoulder electronically
05:13like you have a virus on my computer or
05:15you're just physically looking over my
05:16shoulder at the time that I'm voting
05:18even receipt freedom is not enough
05:20because you might be able to see in real
05:21time the direction in which I'm voting
05:23and enforce my vote that way so that led
05:26to an even stronger property called
05:27coercion resistance which is that even
05:29if you compromised me for some period of
05:31time you still are not able to get me to
05:33vote a certain way in a way that you can
05:35trust yeah that's very interesting and
05:38so let's connect this to so the
05:39blockchain world these questions of
05:42electronic voting have existed for
05:43decades and predate the world of
05:45blockchains and crypto networks but now
05:48there's like a resurgence of research in
05:49this direction because so many
05:51blockchain encrypted network projects
05:53want to use Unchained voting for all
05:55sorts of purposes so I mean in
05:57blockchain networks in general you often
05:58need to make decisions that's like part
06:00of the attractive point of block chains
06:02that it makes coordinating group
06:04decisions among actors who don't trust
06:05each other a little bit easier and to
06:08make these decisions sort of a natural
06:09response is just vote right that's
06:12something you see in the real world is
06:13something you see in corporations with
06:15stockholders it's something you've seen
06:17in boardrooms it's something you see in
06:18political elections and all sorts of
06:20other social systems so it's just I
06:22think a natural human tendency when
06:23asking sort of how to organize these
06:25things that voting is the only real
06:27clear shelling point answer that we can
06:29come up with so I think an important
06:31distinction on why this stuff really
06:33matters in the blockchain worlds is that
06:34the blockchain world and the real world
06:36don't operate in the same models if
06:38you're going to a boardroom with someone
06:40next to the person right we're sort of
06:42operating in this model of social
06:43honesty where people can see each other
06:45face to face and you have shared
06:47interests in the company you sort of
06:48know their history at least somewhat
06:49whereas in blockchains you're operating
06:51in an economic sort of an economically
06:53rational game theoretic model so you
06:56need much stronger guarantees from your
06:57systems your systems need to be strong
06:59even in the presence of economically
07:01motivated adversaries and they need to
07:03be secure assuming people are rational
07:05rather than honest so we don't get to
07:06lean on this sort of honesty that we
07:08have in the real world in blockchains
07:09and I think that's where a lot of the
07:11mechanisms that people try to sort of
07:13poured over naively break down right and
07:15this is this is especially important
07:16because in most of the crypto networks
07:18that are actually interesting the model
07:20is one where anyone can participate and
07:24people refer to this as the
07:25permissionless setting and that anyone
07:27can connect to the network anyone can
07:29pass or participate in this in that in
07:31the decisions that are made through the
07:32governance processes of the crypto
07:35network which makes the environment the
07:36very hostile one because anyone anywhere
07:38can opt to participate and they have an
07:40economic incentive to do so because if
07:42they can game the system or if they can
07:44sort of subvert it in some way then they
07:46could potentially profit exactly when
07:48Satoshi released his white paper in oh
07:50nine and academics first started looking
07:52at Bitcoin and its success in its rise
07:53and asking like what is actually the
07:55interesting lesson to be learned here
07:57from what we've been doing for the last
07:5820 years there was a whole space of
08:00consensus protocols and Byzantine fault
08:02tolerant protocols that came to
08:04consensus on something even in the
08:05presence of malicious users but what was
08:08really new about Bitcoin is that it let
08:10anyone join and leave the network at any
08:11time and these people didn't need to ask
08:14the people who are already in
08:15participating in the network whether
08:17they can join or not so in most
08:19consensus protocols you have a sort of
08:20quorum that's coming to decisions and if
08:22you want to join you need to ask the
08:24quorum to join because the quorum needs
08:26to agree on who's in the quorum so they
08:27need to sort of come to consensus on the
08:29fact that you're allowed to join whereas
08:31in something like Bitcoin if you want to
08:32start mining Bitcoin you just turn on
08:34your rig and as soon as you succeed
08:35people will accept that mathematically
08:37they don't need any sort of membership
08:39proof or anything like that what I think
08:41is relevant to voting is that
08:42fundamental to the permissionless model
08:43if you're gonna use cryptography which
08:45all block chains do is that if I can
08:47join and leave at any time I need to be
08:49able to like generate my own key and
08:50join at any time right I mean the uses
08:54Unchained voting we're voting within
08:56fluctuating projects range all the way
08:59from setting the parameters like some
09:01parameter in the protocol that maybe
09:03maybe something minor kind of like that
09:05the price of gas for example all the way
09:07over to sort of some intermediate level
09:10where people use governance and voting
09:12to decide how to allocate funds and then
09:15this goes all of the way over to
09:16actually deciding how to change the
09:18protocol itself so their projects that
09:21that are sort of self amending and that
09:23they use governance as a way of
09:25proposing updates to the protocol and
09:28then deciding on which updates should go
09:30through and which FDA updates should not
09:31and so that the stakes are high and that
09:34if you have a governance system that um
09:36can be gamed then all of these use cases
09:39may end up being vulnerable to that kind
09:42of attack one way of thinking of
09:43governance that are quite like that I
09:45think was proposed by vitalik is the
09:47coordination model of governance and
09:49that really all governor's decisions are
09:51in essence a way of coordinating
09:54collective action he talks about how
09:56there there are multiple layers to to
09:59governance right the bottom layer is
10:00like what's closest to the real and
10:02physical world yeah so maybe let's go
10:04bottom-up on everywhere you have voting
10:05in block chains at the very base level
10:07all consensus mechanisms are a vote so
10:09proof-of-work itself is a form of voting
10:11on which block is valid in which history
10:13is accepted by the network so you have
10:15voting at that layer then that half
10:17layer up like you said is this
10:18governance layer of how do block chains
10:20actually change their underlying code
10:21and respond to attacks or new situations
10:24or new technology or whatever it may be
10:27traditionally this has sort of gone with
10:29the fork model where you just sort of
10:31spin up new code and try to lobby
10:33everyone to just run this new system
10:34instead of the old one this model has
10:36seen a lot of political strife a lot of
10:38inefficiency a lot of sort of lobbying
10:41and traditional politics like nastiness
10:43in the blockchain space you can look at
10:46the Bitcoin block size debate whether to
10:48change the 1 to a 2 which spawned like a
10:50year-long rift between the communities
10:53that ended up in like several summits
10:55and agreements and eventually a
10:56permanent split so some people look at
10:59that and say maybe we can make this more
11:00efficient by just using voting and
11:01allowing the coin holders to express
11:03their preference and sort of just going
11:05with that and then another layer up from
11:08have the application layers like you
11:09were saying so these are your da OS
11:11these are your smart contracts that want
11:12to use voting to make decisions they
11:14could be for example on how to allocate
11:17funds they could be on how to change
11:18parameters within their own smart
11:20contract so you really have voting
11:22throughout the blockchain stack a lot of
11:24projects are using it and it has a very
11:25sort of wide impact as a general problem
11:27so one observation that comes out of all
11:30of this is that today's governance
11:33systems in sort of block chains and
11:35crypto networks the way that they exist
11:37today will likely devolve into two tock
11:40recei simply because the mechanisms for
11:42vote-buying are so effective as you've
11:44described and some proponents of on
11:46chain governance will argue that pitaka
11:48see may not actually be that bad of a
11:49thing there may be a bad thing for
11:51democracies but not so much for for
11:54block chains in the blockchain world for
11:56a crypto network it's not so much a bad
11:59thing because it's in a sense incentive
12:02compatible at least at a surface level
12:03if they are voting using their coins for
12:06anyone upgrade to the protocol they will
12:08want to vote in the interest of other
12:11people who also hold the coins in the
12:12interest of the network because they
12:14they own it and they have a stake in it
12:15and also they're their incentive to
12:18protect the network is proportional to
12:20how many coins they own so so like
12:22larger voters or stake holders who have
12:23more coins in the network having an even
12:25greater incentive to to protect the
12:28network what are your thoughts are there
12:29so I think every blockchain project
12:32should take a step back and ask do we
12:33want photography do we want vote buying
12:35in our system and what are the
12:36consequences of that for many of them
12:38maybe it's more acceptable than for
12:40others for example if you have like a
12:42small closed sort of contract that has a
12:45few shareholders something like an
12:46investment firm and you have like one
12:48guy who decides whether people get in or
12:50not maybe you're not so concerned about
12:51vote-buying in that kind of a scheme or
12:53if you have even like some sort of
12:56closed setting where you can you can say
12:58things about the participants maybe
13:00you're not so concerned about
13:01vote-buying in a wider system whether
13:03let's say the whole world is
13:04participating in it eventually I think
13:06the fundamental point is that most
13:07people are disinterested in most votes
13:09and the utility they get from the system
13:11is not directly sort of correlated with
13:14whether they vote a or B on this given
13:15issue nonetheless there are certain
13:17groups of people who are extremely
13:18interested in whether people vote a or B
13:21and these are often pretty money groups
13:23so in this way that kind of governance
13:25does sort of degenerate into plutocracy
13:27and if that's acceptable for your system
13:29that's fine I think for many systems
13:31it's not you need to care about these
13:32attacks and you need to reason about why
13:34your system is secure against this and
13:36why your system actually doesn't
13:38degenerate chip gluto cracy people have
13:39tried to get around this in two ways in
13:41blockchains the first one is they add
13:43some sort of identity so they have a
13:44third party service that like you send
13:46your cell phone number or something like
13:48that and it sends you a text and sort of
13:49anti Sybil's you that way and then
13:51you're able to participate in a vote
13:53yeah so at least you can you can sort of
13:55attach some entity to the person and and
13:58then count votes per entity rather than
14:00per coin this actually still degenerates
14:02into plutocracy because of the the way
14:04the dart dhow works because as long as
14:05these identities are keys that people
14:07can sort of generate at any time they
14:09can be bought and sold and using the
14:11Darktown model and you can essentially
14:13sell people like the right to your
14:15identity or you can sell people the
14:16right to a certain vote using your
14:18identity or even more specific things
14:19than that so that kind of doesn't work
14:22unless you have a strong social
14:24protection where like the person has to
14:25come in very often and the the network
14:28sort of authenticates that they're human
14:29or something like that that becomes very
14:31complicated and steps much more into the
14:33messy world of real world elections and
14:35maybe doesn't work for a global
14:36blockchain community mm-hmm another way
14:39people have tried to get around it which
14:40also kind of requires identity is this
14:42new line of work by Vitalik Glenn wale
14:45and a few other people which is
14:46quadratic voting where you actually
14:48allow vote buying so you allow people to
14:50buy boats but only at an exponentially
14:52increasing price and this may who kind
14:54of look like plutocracy because you're
14:56allowing people to buy votes but if you
14:58actually do the math on the incentives
14:59it turns out that through this
15:00increasing function essentially people
15:02will express their true preferences in
15:04the end and one rich person who really
15:06cares about a versus B won't be able to
15:08sort of overwhelm a disinterested
15:10majority that weakly prefers a and maybe
15:13each don't have as many funds as that
15:14one individual so this fixes some known
15:17pathologies in in real world voting
15:19systems and also blockchain voting
15:21systems but it does require identity and
15:23it's extremely vulnerable to
15:24manipulation if this one rich person can
15:26pretend that there are two rich people
15:28or something like that the gig is sort
15:30of up and that's what these new
15:31coordination mechanisms allow yes I
15:33think I think this dependence
15:35identity that you are pointing out is
15:37very important because as you pointed
15:39out anyone can pretend to be more than
15:40one person they can generate ten
15:42different sets of key pairs or hundreds
15:44of sets of key pairs and pretend to be
15:46hundreds of people yeah that's the only
15:47thing you can do is wait by coins
15:49basically exactly in that world you end
15:51up with unfair representation of you're
15:53trying to assign a single vote to to a
15:55key pair so proponents of on chained
15:57coin holder governance which means that
16:00one coin gives you one vote will argue
16:03it's at the very least civil resistant
16:05which means that if you have like ten
16:07million coins staked on one particular
16:10vote they're basically used to vote for
16:12one particular outcome it's very hard to
16:14argue that those ten million coins come
16:16from trolls are trying to sway the
16:18election because there's real weight and
16:20real capital at stake than one in one
16:22direction or another whereas if you're
16:24not using coin voting then that becomes
16:26more possible and so if you have a
16:28mechanism for identity wear and you
16:31securely associate one human to one vote
16:34or something like that then more
16:36sophisticated voting scheme is become
16:37possible I think today because we would
16:40lack we lack that kind of a mechanism
16:42people end up gravitating towards this
16:44simple and somewhat perhaps somewhat
16:46naive one coin one vote model which is
16:50vulnerable to this vote buying attack
16:51yeah and this opens up a range of other
16:54issues so one problem that people have
16:57when they analyze blockchain systems and
16:59they sort of design these mechanisms is
17:00that they look at their mechanism and
17:02reason about its security properties but
17:04they do that in isolation and an
17:05important point is that none of these
17:06systems really exist in a vacuum right
17:08so take a look at any sort of blockchain
17:11that uses coin holder voting to decide
17:13the the outcome of its consensus rules
17:15and there's at least two such block
17:17chains that are sort of using this model
17:19if these two very large projects are
17:21approximately the same size or one is a
17:23little bit bigger than the other one or
17:24one is twice as big as the other one or
17:26something like that it's in the economic
17:28interests of everyone who holds coins in
17:31the bigger project to buy up coins on
17:33the smaller project and influence votes
17:35in ways that are sort of counter
17:36competitive and maybe even if they can't
17:38buy up enough of a block to influence
17:40votes they can so chaos and and
17:42confusion and things like that
17:44so while one of these systems you may
17:46say in isolation like okay the coin
17:49wrists are represented by this
17:50plutocracy that doesn't really work when
17:52you have a whole world around it that's
17:53full of money that can frictionlessly
17:55enter and exit the system at any time
17:57there's no guarantee whatsoever that the
17:59people who are economically in right the
18:01second have an interest in that system
18:03especially when there are much bigger
18:04systems that are competing with it so I
18:06think that's a very important point that
18:07people overlook right and again we
18:09mentioned that there's this sort of
18:10stack of voting even at the consensus
18:12later that has implications on the whole
18:14stack so if you have a fork that's like
18:1610% of the size of a project and this
18:18fork could potentially impact the price
18:21of the larger project it's absolutely in
18:23the interest of that larger project to
18:24launch attacks on that base layer
18:26proof-of-work vote and do things like
18:27censorship use some small percentage of
18:29their hash power to do 51% attacks or
18:31denial of service or whatever they need
18:33to do to make sure that that network
18:35goes down in price and that attack might
18:37even be profitable especially if there
18:39are mechanisms to short that sort of
18:40smaller project yeah that's a very good
18:42point I think most proponents of coin
18:45holder voting would argue that it is
18:47just not in your interest to sell your
18:50vote because you'd be damaging the value
18:52of the asset that you hold you hold a
18:54coin and if you sell if you sell the
18:56votes associated with that coin and that
18:57might reduce the value of the coin in
18:59some way that sort of results in a net
19:01loss for you but that analysis happens
19:03entirely in a vacuum it happens sort of
19:06assuming that there aren't any kind of
19:08external mechanisms via which you could
19:10profit from the loss of value of this
19:12particular coin like for example what
19:13you're mentioning competition between
19:15block chains if I'm a stake holder a
19:17much larger stake holder in a competing
19:19Network then I might have a strong
19:20interest in reducing the value of this
19:22particular coin and that that's
19:24associated with this one competing
19:25crypto network because it may result in
19:27a larger profit outside of the system is
19:30I think yeah and the incentive
19:32structures that are built in aggregate
19:34tend to be far more complex and they
19:36they kind of interact in ways that tend
19:38to be difficult to analyze and could
19:40result in complexity that could
19:42ultimately result in attacks and you
19:44post you talk a little bit about what
19:46you referred to as the Dark Dao which
19:48sounds like a fairly dark picture for
19:50what could end up being the case in your
19:52view what is the worst-case scenario
19:53here how could how could this unfold in
19:55a bad way yeah so there's a lot of
19:57different variants of the dark Dao which
19:58have different assumptions in the post
20:00some of them require trusted hardware
20:02but the ultimate point of the dark Dao
20:04is that it's a private smart contract
20:06for attacking a vote for vote buying
20:08that essentially hides from the rest of
20:10the world how much money is committed to
20:12this contract who is participating in
20:13the vote buying contract and sort of how
20:15far along the contract is but sort of is
20:18a way to frictionlessly and
20:20permissionless li form a vote buying
20:21cartel for a particular vote and this
20:23could be sort of a funding pool anyone
20:25can come contribute money to it so if
20:26it's outcome specific it could be funded
20:28by anyone who's interested in such an
20:29outcome whether it be other blockchain
20:31projects users on the system outside
20:33groups whatever it may be so once this
20:36dark Dao is funded what it does is sort
20:38of offer up vote-buying
20:39to people in the system and if people in
20:41the system come take this vote buying
20:43they retain access to their funds they
20:45keep using their wallet as they normally
20:46do but they're sort of shackled by the
20:48dark Dao that for this particular vote
20:50they can only vote in this certain way
20:51and this is trustless because both sides
20:53have some guarantees so the vote buyers
20:55or vote or a vote buying network or
20:58whatever it may be has guarantees that
21:00potentially no one will find out who's
21:02being bought or sold and how much money
21:04is pledged to it they're guaranteed that
21:06if they pay for a vote this vote will
21:07actually be executed in the protocol
21:09even if the protocol does have the
21:11classic properties of coercion
21:12resistance another sort of sidebar of
21:14the dark Dao is that trusted hardware
21:16which is a new technology sort of breaks
21:18all classical collision resistance
21:20voting schemes in the blockchain world
21:22and in the regular election world so
21:24once they launch this attack and they
21:25start buying and selling people's votes
21:27they have a number of options available
21:28to them one cool thing you can do is you
21:31can tell everyone in the cartel when a
21:33certain threshold is reached let's say
21:34when like 70% of the or 10% of the votes
21:38are locked into this Dao and you can do
21:40this in a way that's deniable such that
21:41everyone inside the cartel can check yes
21:4370% is reached but no one outside the
21:46cartel has any way of knowing that this
21:48is actually reached so you can enforce
21:50an information asymmetry that allows for
21:52profiting through things like shorting
21:53you can also enforce stronger
21:55information asymmetries so not even
21:56allow the the people who are being
21:58bribed to know at any time how much
22:00money is in it or even potentially
22:03whether they voted at all if the scheme
22:06is receipt free so it's a very very
22:08powerful class of attack you can spin it
22:10up however you want it allows people to
22:11pool their money and buy votes in a way
22:13that they can keep any part of that
22:16a group of people that they want and the
22:18outside system has no way of knowing
22:19sort of how far along the attack is in
22:21some ways it also represents a credible
22:23threat if I were to launch a dart now I
22:24might not even need to necessarily have
22:26people participate in it just its
22:28existence might be enough to shake
22:30people's confidence in that underlying
22:31vote so when we published that blog post
22:34we've had a lot of reactions from voting
22:36projects and other people in the space
22:37and I think there is a good question of
22:39why haven't we seen this already but at
22:41the end of the day these systems are
22:42tiny right block chains today are a drop
22:44in the bucket of like the world
22:45financial system and the incentives just
22:48aren't there yet but if we are to use
22:50these technologies and if we are to
22:51scale things I think these are
22:53absolutely realistic scenarios and
22:55potentially nightmare scenarios yeah
22:57that sounds insane and that's definitely
22:59an outcome that is to be prevented and I
23:01think I mean this matters because if we
23:03just take a step back and think about
23:05why is governance so topical and so
23:07important in the world of crypto and
23:08blockchains today it is because so much
23:11of what drives the space forward and
23:14what what is sort of the underlying
23:15philosophical motivation is that power
23:18over these networks is decentralized and
23:21so the centralization here refers to a
23:23bunch of different things at the same
23:24time I people talk about
23:25decentralization as it refers to sort of
23:27consensus like who gets - who gets to
23:29decide like who modifies the underlying
23:32ledger but also the centralization
23:34applies to who gets to modify the code
23:35these networks are decentralized in that
23:38they're kind of like self-governing
23:39organizations and they don't they don't
23:41have at least philosophically any
23:42central points of control where any one
23:45individual can decide how to how to sort
23:47of modify the code or make it work in it
23:49in any particular way and so all of
23:52these initiatives to try to build in
23:54governance into the protocols are an
23:56effort to try to sort of decentralized
23:58even that aspect and to try to make it
24:00so that the code itself can evolve in a
24:02way that is still community driven and
24:04not and now kind of centrally controlled
24:06by the by the core developer developer
24:08team yet I think the promise of a lot of
24:10these systems is sort of this crypto
24:11economic security right you have this
24:13mechanism and because the mechanism
24:15works and the incentives are set up
24:16right everyone comes together
24:17harmoniously and produces something that
24:19is a bulletproof and very strong because
24:22of the incentives in the mechanism an
24:24example of this is Bitcoin because if
24:25the money paid to miners people are
24:28burning a small country's worth of
24:30to try to secure this transaction ledger
24:32that has actually worked fantastically
24:33so far so when you design these systems
24:35there needs to be some sort of
24:37underlying mechanism and some sort of
24:38reasoning about the security of that
24:40mechanism but what these these
24:42technologies like the dark Dao and
24:43private smart contracts allow you to do
24:45is use external money to sort of alter
24:47the incentives inside that game and
24:50alter the security properties that
24:51people are actually getting from their
24:53project in a permissionless and and
24:56trustless way so this does sort of speak
24:59to the fundamental coordination of
25:01blockchains right like how do we design
25:04these games to coordinate people to make
25:05choices in a way that's not controlled
25:08by one particular individual as you said
25:10or some social trust hierarchy but by
25:12the economics of the system itself and
25:14in that model if you can't be secure
25:16against economic attacks then you're
25:18sort of building something that doesn't
25:20make much sense in my opinion and so I
25:22guess that's a lot of what my work is
25:24looking at right what do you think are
25:26the implications of vote-buying on proof
25:29of stake so proof of work is where
25:31people use hardware to sort of solve
25:32hard problems and if they solve the
25:34problem then they can post a block to
25:36the network rather than using this
25:38mechanism proof of stake allows people
25:39to vote using their coins so they lock
25:41up their coins for some long period of
25:43time and they can use any number of
25:45protocols to do this
25:46the core idea here is that instead of
25:48proof of work where the economic
25:50security you get is because people are
25:52doing this useless computation problem
25:54that is sort of burning money and
25:55there's some cost associated with doing
25:57this is that people are paying liquidity
26:00costs to lock up these coins for a long
26:01long period of time and they're also
26:03taking risks that these they may incur
26:05penalties if they misbehave in the
26:06protocol and with these liquidity costs
26:09they're taking like massive volatility
26:10risks and crypto currencies right so if
26:12they do something that crashes the
26:13system well their coins are locked up
26:15and they're going to lose money if the
26:16network decides they misbehaved well
26:18they can get rid of all their coins and
26:20they're gonna lose money so it's this
26:21idea of bootstrapping the economic
26:23security of the network from the coins
26:24rather than from some external hardware
26:26source obviously that comes with a lot
26:28of trade-offs that are maybe beyond the
26:29scope of this discussion but at the end
26:31of the day it's also a voting protocol
26:32you have these people with coins they
26:34decide how to vote so where does
26:35vote-buying come in here well obviously
26:37this proof of stake protocol has an
26:39outcome it decides what history of the
26:41network is valid and this outcome has
26:43of economic implications it decides who
26:45gets to send money to who it decides who
26:48is censored in the system it decides
26:50what order transactions happen in
26:52canonically according to everyone in the
26:53system and with that comes a lot of
26:55profit opportunity so I can potentially
26:57profit by censoring you or I can profit
27:00by putting my transactions in front of
27:01yours when you want to execute an order
27:03on a decentralized exchange or I can
27:05profit in sort of any number of
27:06different ways by manipulating this vote
27:08so what you can do with the dark Dao is
27:10the start of staking pool where I say
27:11like you know let me do my algorithmic
27:14trading and decide what order of
27:15transactions makes me the most money you
27:17don't necessarily care if someone who's
27:19doing a transaction on AD X gets front
27:21run and loses like five dollars right so
27:23I'll happily participate in this it'll
27:25still keep the value of my coins high
27:27especially if I don't have a lot of
27:28coins and you're paying me like twice as
27:30much as any other staking pool so it
27:32sort of opens these coordination
27:33mechanisms for attacks on the underlying
27:35transaction history and the underlying
27:36consensus do you think that there's a
27:38way of making a proof of stake network
27:40secure it depends on your definition of
27:43secure I think it really depends on the
27:45type of security you want I guess yeah
27:47and this this all gets to the user the
27:49broader question of like economic
27:50security of a blockchain and in the case
27:52of proof of stake the resources used to
27:54secure the blockchain is internal to the
27:56network in the case of proof of work
27:57it's sort of a electricity and like
28:00hardware that's used external to the
28:01network to secure the ledger and there
28:03are many other kind of approaches like
28:05people people are experimenting with
28:07doing useful work instead of burning
28:09electricity uselessly as you do in proof
28:11of work people try to build a sort of
28:13proof of like space or proof of
28:15space-time protocols where like for
28:18example you're able to store files and
28:21storage becomes the resource that people
28:22use to then secure the network what do
28:25you think of that kind of approach so so
28:27fundamentally tuvo buying it doesn't
28:29actually matter what resource you're
28:30using vote-buying works for a
28:31proof-of-work - right so I could use
28:33dart Dao like technology to start the
28:35mining pool and the properties of the
28:36mining pool would be you come you mine
28:38here I'll pay you more than we're making
28:39because I have some external incentive
28:41to censor someone or reorder
28:42transactions or whatever and then you
28:44get the dark Dao privacy properties if
28:46no one knows how much hash power is
28:48participating in this pool or who's
28:49getting paid or things like that so so
28:52these certainly also apply to systems
28:53that use things like files and other
28:57produce I think there's a whole class of
28:59other questions on the economic security
29:00of those systems so you have to be
29:02really careful about where the economic
29:04security comes from I think you have to
29:06be really careful with what useful means
29:07whether the fact that it's useful also
29:10introduces any external incentives to
29:12mess with it right so so you could
29:14imagine like if the if the useful thing
29:17the network was doing was like powering
29:18a search engine or something right those
29:20results are valuable and they bring
29:21external actors in who want to
29:23manipulate that and there's sort of this
29:24feedback loop between the mechanism
29:26securing the protocol and the utility of
29:28what the protocol is actually providing
29:30right there's definitely some people in
29:31the community that look at that and say
29:33this is all way too complicated this is
29:35never going to work you have to have it
29:37be useless because there's no external
29:39incentives and messy things that way
29:41yeah I personally think that's an open
29:43question yeah there's this argument that
29:45people make that if the resource that is
29:46used to secure the network is very it's
29:49very commoditized and just generally
29:50exist in the world in the world and sort
29:52of plentiful quantities that for example
29:54the case of storage of storage is the
29:56research that's used to secure the
29:57network then anyone with a bunch of
29:59storage could presumably attack the
30:00network whereas in the case of a network
30:03affects a say Bitcoin where you have
30:05Asics that are specific to the network
30:07in order to attack the network you have
30:09to get your hands on those a six and
30:11those Asics aren't useful for anything
30:12but my name bitcoins so people get would
30:14argue the security of that kind of
30:16economic security of that kind of a
30:18model is it's better yeah and Joe Bono
30:21has a fascinating line of work on these
30:22problems so if you google Goldfinger
30:24attacks he has a paper and a
30:25presentation there's also the question
30:27of like buying versus renting so if
30:29something is very commoditized you may
30:31be able to rent it which substantially
30:33subsidizes attacks you may be able to
30:35buy it perform the attack and then
30:37resell it into the commodity market
30:38which again substantially subsidizes the
30:40attack so these are all open and very
30:43complex questions but people will build
30:45the systems and we'll see this is sort
30:47of a classic pattern you see in in
30:49traditional finance and then you'll have
30:51sort of black swan and tail risk like
30:53events that surprised people so we've
30:55talked a lot about governance in general
30:57but you obviously are working on a ton
30:59of interesting stuff too generally with
31:02respect to economic security for for
31:04Krypton and Bob jeans are just a
31:05computer security what are some of the
31:07other interesting ideas or
31:10sort of lines of work that you're
31:11exploring so one that I'm extremely
31:13personally interested in is fairness
31:14guarantees for users around these
31:16systems a lot of what attracted me to
31:18them in the first place was this promise
31:19of sort of eliminating the middleman and
31:21making things in control of the user
31:23like be your own bank you don't need
31:25these institutions to tell you how to
31:26set your money supply or how to route
31:28your transactions or what exchange to
31:30use etc etc I look a lot at those
31:33guarantees and sort of the ways in which
31:35modern blockchain solutions are failing
31:36to meet those guarantees so one example
31:39of that is in the in the decentralized
31:41exchange space that's something that's
31:42seen a lot of promise from people who
31:43want to build these exchanges that
31:45aren't vulnerable to hacks and other
31:46user fund theft unfortunately the way
31:49these mechanisms that people are
31:50building interact with the blockchain is
31:52very complex and opens the door for
31:54external actors to make a lot of money
31:56from front-running them and make a lot
31:58of money from doing algorithmic trading
31:59on the network and everything that you
32:01see in the traditional financial worlds
32:03so some of my work is around how how
32:05large is that economy and and what are
32:07the failures of those guarantees what
32:10are some interesting results so far on
32:11that front so it's actually a probably a
32:13bigger market than you think
32:15even though Dex's have not seen
32:17substantial volume so this is a big
32:19problem for users it also highlights a
32:21lot of weird quirks of these systems
32:23such as like allowing for typos that end
32:25up costing users a lot of money when
32:28programmatic actors swoop in and sort of
32:30take advantage of these inefficient
32:31mechanisms and it also raises
32:33fundamental questions about I guess
32:35whether we'll be able to do something
32:36that's different from the current
32:38financial system because there are still
32:40these information asymmetries that come
32:41up and this is a worldwide network and
32:43at the end of the day someone is still
32:45ordering transactions so is this rent
32:48sort of implicit to all blockchains
32:49how large is it and does it threaten the
32:52security of the overall blockchain which
32:54I think it may so I think one very
32:56interesting line of work that you did
32:58was around gas Jokinen and tokenizing
33:01gas on the etherium network so this sort
33:03of came out of this arbitrage project we
33:05wrote a blog post very early on last I
33:08think October November essentially
33:10saying decentralized exchanges are
33:11flawed you can just run this 20 line
33:13Python script and you can profit off of
33:14users in a way that was maybe not
33:16foreseen and is not sort of explicitly
33:18stated to them because of how
33:20inefficient these mechanisms are and
33:21before we wrote this blog post we were
33:23actually doing this too
33:24right and we said we made X dollars
33:25whatever after we wrote the blogpost
33:27sort of this cottage industry spawned of
33:29like a few dozen people who are
33:31competing in sort of this market and
33:33trying to outbid each other to get their
33:36transactions first in that mind order
33:38and take advantage of these
33:40opportunities so we've been studying
33:41that market for quite a while and
33:43competing against these guys and
33:44unfortunately at some point they started
33:46out competing us so we started competing
33:48on what's called gas which is the price
33:50you're willing to pay per unit of
33:51transaction the way it works is you make
33:53a typo alley it puts a million dollars
33:56on the table for anyone who can get
33:57their order in ahead of that typo and
33:58sort of take advantage of your typos and
34:00then I would like to do a five dollar
34:02transaction to take advantage of Ally's
34:04mistake right and then maybe maybe
34:07someone else is willing to do a ten
34:08dollar transaction because it's a
34:09million dollar opportunity right so we
34:11sort of get into this bidding war of
34:12like minor please pick me first minor
34:14please pick me first that's inherent to
34:16how these transactions are ordered by
34:17minors and what we noticed is that when
34:19you have like ten of these we were
34:20rarely profiting because we didn't have
34:22the best latency we didn't have the best
34:23infrastructure and they were getting
34:25their bids out faster they were getting
34:27them to miners faster and they were
34:28willing to bid up higher than we were to
34:30essentially take these opportunities so
34:32that's where gas token came in it's a
34:34way to sort of store this gas for the
34:36longer term rather than just paying for
34:37it when you do your transaction so gas
34:40is the transaction fee and usually you
34:42say okay I'm willing to pay $100 fee for
34:44this transaction instead what you could
34:46do is sort of Bank a transactions worth
34:48of gas and then just deploy that Bank
34:50gas and not pay as much fee for the
34:51transaction you are doing and that works
34:54by taking advantage of this fundamental
34:55issue in aetherium x' resource model
34:58which has to do with how you pay to sort
35:01of incentivize people to clean up after
35:03so in aetherium you actually give people
35:05a refund in gas if they delete something
35:07they stored in the network previously to
35:09incentivize them to not leave garbage
35:11around that everyone has to store
35:12so what we do is when gas is cheap we
35:14fill the etherium State with junk and
35:16then when it's expensive we delete this
35:18junk which gives us a refund at that
35:20higher price that we can use to
35:21subsidize these arbitrage transactions
35:23which often cost thousands and thousands
35:25of dollars in fees like people are
35:27people are bidding multiple thousands
35:29even tens of thousands and fees on these
35:30transactions right at the clarify for
35:32those not already familiar so gas is
35:34basically the the resource that you used
35:37shanell resources on the etherium
35:39blockchain so if you wanted to buy
35:41computation say instructions that miners
35:43will execute for you you pay for those
35:45in gas if you wanted to buy a storage
35:47you similarly also pay for storage in
35:49gas and the current model of aetherium
35:51is that you buy some storage on the
35:54blockchain for a fixed price up front
35:56and then that storage sort of remains on
35:58the blockchain forever and the theorem
36:00bachchan has this mechanism that if you
36:02if you were to delete that storage if
36:04you were to free it then you will
36:06receive a refund for the amount that you
36:08pay there's some some refund for for you
36:11pay originally for that amount of
36:12storage and so you're basically saying
36:14that when gas is very cheap you can sort
36:18of fill storage on the blockchain and
36:20then we claim a refund later one's gas
36:23is expensive and so the gas will be will
36:26be worth more at that point than it was
36:27when you when you when you store it and
36:29you can sort of leverage that to kind of
36:31a increase the amount of gas that's
36:32available to you yeah and our
36:34fundamental observation was that this is
36:35basically a derivative on gas it's like
36:37it's like a call option on some gas it
36:39led to the broader question of how are
36:41these resources actually priced like how
36:43do people choose how much is paid for
36:45storage how do people choose how much is
36:46paid for computation and in what ways
36:48are these suboptimal
36:49so you mentioned the current model of
36:51pay ones store forever that's something
36:53we certainly address in our work
36:54proposing more of a rental scheme where
36:56you have to pay for ongoing costs that
36:58market rate there's also the issue of
37:00who's getting the payment so the fact
37:02that the miners get payment for storage
37:03when the miners actually don't need to
37:05store the whole state and it's the full
37:06nodes that that bear the costs so this
37:09sort of asymmetry between who's bearing
37:11the costs like where the externality is
37:13and like who's actually profiting is
37:14super important to study it leads to a
37:17sort of tragedy of the Commons in the
37:18worst case where the miners are happy to
37:20take payment for as much storage as you
37:21want because they don't have to store it
37:23and they don't care as long as they
37:24don't break the whole network they'll
37:25they'll happily push out as many full
37:27nodes as they can so these are broader
37:29questions we have a broader initiative
37:30called project Chicago which you can see
37:33at project Chicago do that basically is
37:36studying these questions of crypto
37:37commodities what are the underlying
37:39commodities behind block chains for
37:41example computation relay network and
37:43storage how are these commodities priced
37:45how can you exploit these commodities
37:47how can you exploit like the relay
37:48network to get information about
37:50people's transactions earlier
37:51or the computation layer to to sort of I
37:55don't know do this kind of gas refund or
37:57something like that so there's a lot of
37:59interesting work in that direction yeah
38:01by the way why is it called Project
38:03Chicago so it's called Project Chicago
38:05because our inspiration is sort of the
38:06Chicago Mercantile Exchange
38:08that's how businesses hedge against
38:09volatility and sort of price commodities
38:11in real world markets so we think of
38:14this as sort of exploring something
38:16similar on blockchains and asking like
38:18is that the right model or can we do
38:20better now that we have all these
38:21decentralized tools at our disposal
38:22that's giving well thank you so much for
38:25coming on the podcast yeah thanks for