Keyed nonces are not just a way to add stronger in-protocol support for privacy solutions. They are also a potential first foray into a new state scaling strategy for Ethereum: create new types of storage that are more optimized for handling categories of use cases that we care about, with restrictions on their use that make them usable at extreme scale while preserving the protocol's decentralization.
Let's zoom in on this case (in-protocol nullifiers). Let's say we get to 2000 TPS of privacy-preserving transactions onchain, for eight years. Then we get 2^11 tx/sec * 2^25 sec/year * 2^3 years = 2^39 [ie. 500 billion] nullifiers stored onchain (the challenge with nullifiers is that they are fundamentally not possible to prune).
It's actually far easier to keep Ethereum decentralized if we have 500 billion nullifiers onchain in a dedicated nullifier store, than if we just let them grow in the current state. The reason is that the more restrictive structure of nullifiers (only used to check validity, and we can require the nullifier ID to be explicitly specified in the tx) enables more decentralized ways of handling them. This includes:
* Sharding: each node (incl builders) can hold a small percentage of nullifiers, and make sure to have a connection to an honest peer in each other shard
* Bloom filters: see this somewhat wacky idea here for reducing the VOPS requirement for nullifiers to ~8 bits per nullifier: https://t.co/M2HgDru1NV
Both techniques are not possible to use for dynamically accessible state. And so builders would have to download the full 16 TB to become viable (not just optimal, viable!), and privacy protocol users would not be able to use FOCIL without providing a Merkle branch proving that their nullifier is unspent, and there would be very few nodes capable of providing such a branch...
Zooming back out, the moral of the story is that fully dynamic state is much harder to handle at extreme scale (tens to hundreds of TB) than state that is more controlled and restricted in how it can be used. And so if we can move the majority of usage into these more specialized forms of state (which we can make much cheaper in terms of gas), then we can keep Ethereum decentralized, and highly scalable, and keep the fully dynamic state available for applications (eg. defi) that really need its full functionality.
🔐 New EIP-8250: Keyed Nonces for Frame Transactions 🔐
by @soispoke, @nero_eth, @lightclients and @VitalikButerin
This replaces the single sender nonce with (nonce_key, nonce_seq), giving frame transactions independent replay domains.
For privacy protocols, the key can be
@VitalikButerin @eth_limo That’s not IPFS directly - just yet another gateway waiting to get compromised. 😅
Browser with actual built in IPFS/swarm/ENS:
The kind people at @eth_limo have warned me that there has been an attack on their DNS registrar. So please do not visit https://t.co/BVfZIYrDKe or other https://t.co/OgoUF2qKUY pages until they confirm that things are back to normal.
You can check my blog via IPFS directly here: https://t.co/SPMT3qScNI
🍿 Can you scale a movie critic?
That's the question behind Kleros Foresight's first experiment. 16 movies, 1 judge: Kleros CTO @clesaege. Judge Dredd, Mamma Mia, 12 Angry Men, Barbie... all in the same pool.
For each film: "If Clément watches this, what percentile score will
[X] I affirm the direction set out in the mandate, will help translate it into thoroughly reasoned strategies for my domain, and will maintain an exclusive and energetic focus on the mission-critical tasks necessary for its implementation, from today until my last day at the EF.
A new fast confirmation rule mechanism lets you get a hard guarantee that Ethereum will not revert after one slot (12 seconds)
Security assumptions are (i) supermajority honest, (ii) network latency under ~3s. So one step below economic finality, but very strong for many use cases.
https://t.co/5UbEi5gioy
We should be open to revisiting whole beacon/execution client separation thing.
Running two daemons and getting them to talk to each other is far more difficult than running one daemon.
Our goal is to make the self-sovereign way of using ethereum have good UX. In many cases that means running your own node. The current approach to running your own node adds needless complexity.
Short-term, maybe we want some more standardized basic wrapper that lets you install dockers of any client and make them talk to each other easily? Also good that @ethnimbus unified node https://t.co/BWpU939wIM exists. Longer term, we should be open to revisiting the whole architecture once @leanethereum lean consensus is more mature.
you go deep, we'll go broad
I respect and appreciate the EF clarifying its focus and mandate so that others know what gaps to fill and which alternative threads to follow so we make maximal impact as a collective
At @Etherealize_io we'll stay the course and focus on
This is the new EF Mandate.
For many of you, the contents should be no surprise, and a clarification along the lines that we have been going and thinking for the past few months. But the clarification is nevertheless worth making.
Ethereum is a unique object and has a unique role in the world. Its role is to be a sanctuary technology, to preserve technological self-sovereignty, to enable cooperation without coercion, domination or rugpulling, and to provide an escape hatch, to ensure that no single person, organization or ideology's victory in cyberspace can be total.
The Ethereum Foundation is a steward of Ethereum - the original steward, and today, the steward specifically dedicated to preserving and expanding the above aspects of Ethereum. This means a heavy emphasis on CROPS (censorship and capture resistance, open source, privacy, security), both at the protocol layer, and at the access layer, user-facing applications and tools that we create or contribute to.
There are things that we do in Ethereum because we believe that they are valuable for the underlying goals that we have for Ethereum. There are things that we do not do because from the perspective of our values we find them uninteresting (or worse, harmful). But there are also things that we do not do because while they are useful, they are not our role.
At the Ethereum protocol layer, we focus on decentralization, verifiability, inclusion guarantees, protocol liveness, security and privacy first and foremost. We also value capabilities (eg. L1 scale, account abstraction, perhaps some forms of in-protocol aggregation), particularly because improvements in these capabilities better enable users to properly benefit from Ethereum's CROPS properties and displace the need for higher-layer intermediaries that might weaken the extent to which Ethereum's properties carry over into the full stack.
We also believe that the Ethereum protocol must strive to pass the walkaway test. "We do X to specialize to serve the use cases of today, if more use cases appear later, we will continue to keep adding more EIPs for them later" is logic fit for many other blockchains whose names you hear often on this forum, but we do not believe it is logic fit for a decentralization-first blockchain like Ethereum.
At the application layer, we focus on making "the zero option" - user experience that goes hard on ensuring security and privacy, avoiding dependence on intermediaries, and respecting the user's agency - as high quality as possible. We see this as complementary to work in the Ethereum ecosystem that "goes broad", starting from the world that it exists, and brings it onchain and improves its properties over time. Such work has its natural home outside the EF. We intend to be supportive of such efforts. We believe that the two are complementary: tools that are developed within the EF can be adopted by anyone, including partially, and even partial adoption that improves people's security, privacy and agency is a good thing.
But the form of user experience that is more heavily insistent on CROPS properties is where we want the EF to develop its center of expertise. This does not mean shrinking from the hard questions. We believe in a vision of self-sovereignty that protects users, and does not leave users in the cold to face environments where they lose their life savings if they make a mistake, and click "yes" on a confirmation screen by accident two seconds after. But such protection must be designed based on a philosophical baseline of empowering the user, not empowering centralized organizations that claim to act in the user's name. This quadrant of design space - caring about users' (including non-experts') well-being and safety, and yet insistent on doing this in a way compatible with their agency and freedom, is underserved (not just in crypto, but in the world). We wish to use Ethereum as a platform to build out and showcase this quadrant, and ideally work with others to expand its reach over time.
This is also a new chapter in how we see our position in the world. We must see ourselves not just as the Ethereum community, but also as maintainers of the Ethereum tool within what you might call the CROPS community or the sanctuary tech community, or a dozen of other words that have for a long time been used by people with similar values to us but far outside Ethereum. This means open-mindedness to new conceptions of what things in the world are our natural allies.
Ethereum is not the world. Ethereum is a specific object in the world that is here to have specific properties. The Ethereum Foundation is a specific organization within Ethereum - one steward, not the sole one.
I encourage all to read the mandate in detail; it includes concrete examples of how we intend to deal with the challenges and nuances of these ideas. We are doubling down on Ethereum and are excited about its next chapter.
@ilex_ulmus @FLI_org Yeah, I agree slowdowns/pauses on either hardware or frontier AI work or both are good. If "it's unrealistic because the other guy will move forward anyway", then the right solution is for the entities involved (corps and govs) to publicly say "I am willing to not do [X] if
One tool that seems to me would lead to large wins for safety at very low cost to civil liberties, is that everyone should have easy and deniable on-hand ways of calling the police.
Think: you pre-select a few secret words, and when your watch or phone or local device in your house hears these words, it silently auto calls 911, and temporarily streams to the police your real-time location.
This could work very well for eg. crypto holders who are worried about getting kidnapped / robbed. If we create an environment where if you rob someone (whether at home or outside), there is at least a 20% chance that the police will be on their way immediately, so you won't have time to take anything from them and you don't even realize whether or not the alarm got triggered, then that type of crime flips to being very non-viable.
And because this requires deliberate action from the victim in order to function, the risk that this can be used by the government against people seems relatively quite low.
There are often posts mentioning that I donated a very large amount of funds to @FLI_org years ago and connecting me to various policy actions that they take. I thought I would make clear the record both on the nature of my connection to them, and on similarities and differences between my approach to the AI risk topic and theirs.
First, what happened:
* In 2021, I received a large amount of SHIB and other dog coins, seemingly because the creators wanted to use "Vitalik owns half our supply" as a marketing tactic and be "the next Dogecoin"
* The tokens quickly rose in value, and at the peak the "book value" of those tokens was over a billion dollars
* I felt that surely this was a bubble, it would pop quickly and the price would drop massively, and so I scrambled to retrieve the funds from my cold wallet (this included things like calling my stepmother in Canada and asking her to go into my closet and read out a 78-digit number, and then adding it to a different 78-digit number transcribed from a paper in my backpack). I sold what I could for ETH and donated to relatively more "normal" things (eg. $50m to GiveWell). But then I was still left with lots of SHIB
* I sent half to @CryptoRelief_ (half of _those_ funds ended up supporting Balvi, and the other half is being spent by @sandeep and team on improving medical infrastructure in India). I sent the other half to FLI
* At the time, they presented me with a comprehensive roadmap that focused on improving all major existential risks (bio, nuclear, AI...) as well as general pro-peace and pro-epistemics (ie. helping us know the truth in adversarial contexts) initiatives
* I thought that surely they would cash out at most $10-25M, because there's no way the SHIB market is deep enough to cash out more
* Instead, they managed to cash out ... something like $500M (same with cryptorelief)
* Since then, FLI had an internal pivot by which they started focusing on cultural and political action as a primary method, quite different from the original approach.
* Their justification is that the situation has changed greatly since 2021, AGI is coming very soon, and their pivot is needed to affect the world fast enough, and to counteract the lobbying warchests of large AI companies.
* My worry is that large-scale coordinated political action with big money pools is a thing that can easily lead to unintended outcomes, cause backlashes, and solve problems in a way that is both authoritarian and fragile, even if it was not originally intended that way.
* For example, their primary approach to biosafety has been "how do we put guards into bio-synthesis devices and AI models so that they refuse to create bad stuff?". I view this as a very fragile solution: there are many ways to jailbreak, fine-tune or otherwise get around such restrictions. Ultimately, putting all your eggs into this strategy can lead to very dark places like "let's ban open-source AI" and then "let's support one good-guy AI company to establish global dominance and don't let anyone else get to the same level". Approaches like this VERY EASILY backfire: they make the rest of the world your enemy.
* More generally, historical experience tells us that when regulations are made on dangerous tech, "national security" orgs (today, realistically incl Palantir) inevitably get exempted, and in fact those very same orgs are a major source of risk (see: pandemic lab leaks typically coming from government programs). This is something I worry about.
* My approach on these topics has been centered around d/acc: build the tech (eg. air filtering, early detection, continuous passive PCR-quality air testing, prophylactics etc for pandemics, greatly improving software and hardware verifiability for cybersecurity...) to help us survive a much higher-capability world safely, and open-source the tech so that the entire world can freely incorporate it.
* This is the sort of thing that the ~$40m I recently allocated is for. A big part of that pot is for secure hardware, which is good both for Ethereum users who do not want to lose their coins, and for humanity if we want ubiquitous computer chips to not be hackable (incl by AI) and spy on us. If I had the FLI warchest and tweet-chest, I would use it to do more of those things.
* I have shared my difference in perspective with them on several occasions.
* At the same time, I've also been heartened by many of @FLI_org 's recent moves. I think the "pro-human AI declaration" ( https://t.co/eoRAM0855f ) is a very good philosophical path forward. It unites conservatives, progressives and libertarians, America, Europe and China, people worried about unemployment, surveillance, psychosis and paperclip doom, atheists and the Pope. They have also been researching ways to avoid concentration of power resulting from AI. These things are all good. I wish them best of luck on these positive initiatives, and hope that they operate with the caution and wisdom that their task deserves.
0/ Privacy in the Ethereum ecosystem is undergoing an evolution. A Renaissance, even, to sound a bit fancy.
What exactly is behind these changes and how might neo-Cypherpunk be involved?
A guest thread by @post_polar_ and @nicksvyaznoy.
I was recently at Real World Crypto (that's crypto as in cryptography) and the associated side events, and one thing that struck me was that it was a clarifying experience in terms of understanding *what blockchains are for*.
We blockchain people (myself included) often have a tendency to start off from the perspective that we are Ethereum, and therefore we need to go around and find use cases for Ethereum - and generate arguments for why sticking Ethereum into all kinds of places is beneficial.
But recently I have been thinking from a different perspective. For a moment, let us forget that we are "the Ethereum community". Rather, we are maintainers of the Ethereum tool, and members of the {CROPS (censorship-resistant, open-source, private, secure) tech | sanctuary tech | non-corposlop tech | d/acc | ...} community. Going in with zero attachment to Ethereum specifically, and entering a context (like RWC) where there are people with in-principle aligned values but no blockchain baggage, can we re-derive from zero in what places Ethereum adds the most value?
From attending the events, the first answer that comes up is actually not what you think. It's not smart contracts, it's not even payments. It's what cryptographers call a "public bulletin board".
See, lots of cryptographic protocols - including secure online voting, secure software and website version control, certificate revocation... - all require some publicly writable and readable place where people can post blobs of data. This does not require any computation functionality. In fact, it does not directly require money - though it does _indirectly_ require money, because if you want permissionless anti-spam it has to be economic. The only thing it _fundamentally_ requires is data availability.
And it just so happened that Ethereum recently did an upgrade (PeerDAS) to increase the amount of data availability it provides by 2.3x, with a path to going another 10-100x higher!
Next, payments. Many protocols require payments for many reasons. Some things need to be charged for to reduce spam. Other things because they are services provided by someone who expends resources and needs to be compensated. If you want a permissionless API that does not get spammed to death, you need payments. And Ethereum + ZK payment channels (eg. https://t.co/1Q2Hqg0DZg ) is one of the best payment systems for APIs you can come up with.
If you are making a private and secure application (eg. a messenger, or many other things), and you do not want to let people to spam the system by creating a million accounts and then uploading a gigabyte-sized video on each one, you need sybil resistance, and if you care about security and privacy, you really should care about permissionless participation (ie. don't have mandatory phone number dependency). ETH payment as anti-sybil tool is a natural backstop in such use cases.
Finally, smart contracts. One major use case is _security deposits_: ETH put into lockboxes that provably get destroyed if a proof is submitted that the owner violated some protocol rule. Another is actually implementing things like ZK payment channels. A third is making it easy to have pointers to "digital objects" that represent some socially defined external entity (not necessarily an RWA!), and for those pointers to interact with each other.
*Technically*, for every use case other than use cases handling ETH itself, the smart contracts are "just a convenience": you could just use the chain as a bulletin board, and use ZK-SNARKs to provide the results of any computations over it. But in practice, standardizing such things is hard, and you get the most interoperability if you just take the same mechanism that enables programs to control ETH, and let other digital objects use it too.
And from here, we start getting into a huge number of potential applications, including all of the things happening in defi.
---
So yes, Ethereum has a lot of value, that you can see from first principles if you take a step back and see it purely as a technical tool: global shared memory.
I suspect that a big bottleneck to seeing more of this kind of usage is that the world has not yet updated to the fact that we are no longer in 2020-22, fees are now extremely low, and we have a much stronger scaling roadmap to make sure that they will continue to stay low, even if much higher levels of usage return. Infrastructure for not exposing fee volatility to users is much more mature (eg. one way to do this for many use cases is to just operate a blob publisher).
Ethereum blobs as a bulletin board, ETH as an asset and universal-backup means of payment, and Ethereum smart contracts as a shared programming layer, all make total sense as part of a decentralized, private and secure open source software stack. But we should continue to improve the Ethereum protocol and infrastructure so that it's actually effective in all of these situations.
@zengjiajun_eth 保证安全 + 去中心化 + 隐私 还是好不容易 ...
你们怎么思考这个问题?尤其是在无法测试的adversarial情况下(比如,你的agent看对方的ENS profile, 这个ENS profile包括一个jailbreak让你的agent发你所有的币给他
每一个大交易需要人手动确认?做这个比不做好多了,但是还是不完美...
Deep funding is continuing, and recently finished a major round!
https://t.co/PxBqYMSvRN
I think my main advice to @devanshmehta is to keep refining this (incl the prediction market version) but figure out how to make sure that the details of the design, the funding sources, etc are all compatible with chaotic era needs [see my recent tweets on democratic things: https://t.co/FJNFCfpKO0 ]. I think deep funding already is compatible with (ii) being meritocratic and not being over-egalitarian in a dumb way, and (iii) getting benefits from AI in a way compatible with human agency. But as for (i), when I look at the construction now, there's definitely a "stable era" vibe to it ("let's make a big large-scale gadget that crystallizes a principle of justice and all socially agree to pump money into it"), and we want to think about how to make it work in a world that doesn't work that way.
The Ethereum Foundation is using DVT-lite to stake 72,000 ETH:
https://t.co/V5x9TrdXoU
My hope for this project is that in the process, we can make it maximally easy and one-click to do distributed staking for institutions. Choose which computers run your nodes, make a config file where they all have the same key, and then from there everything gets set up automatically.
The idea that "running infrastructure" is this scary complicated thing where each person participating must be a "professional" is awful and anti-decentralization, and we must attack it directly.
It should be a docker container or nix image or similar, one click or command line per node, enter the same key in each node, and they automatically find each other, the networking is set up, the DKG happens, and the staking begins.
I also plan to use this soon, and I hope more institutions holding ETH can stake in this way. We want the authority over staking nodes to be highly distributed, and the first step to doing this is to make it easy.
I actually do the whole new year's resolutions thing, and it actually works.
The key thing to understand is that humans are creatures of habit. Doing the same action you've already done regularly takes very little mental effort, whereas inserting a new one-time task takes much more. And so if you want yourself to do certain things more, you need to make it a habit.
The year boundary is as good a place as any to evaluate the habits that you're chosen to impose on yourself, and see whether they are effective and sustainable, and adjust, add or remove any.
My style is to make them measurable, trackable, and targeted to exactly the level of effort that I know will not make me want to abandon them, even during my months of busiest work, most intensive travel schedule or call schedule, etc.
Examples I've done:
* Walk an average of >= 6km/day each month
* Run >= 50km each month
* Write >= 1 blog post each month
* Study some language for 30 min each week
* Do >= 2 major cryptography programming projects each year
At every year boundary, re-evaluate your old list, and decide on your new list. And yeah I have txt files for tracking this (sorry, not gonna use some corposlop app that makes me dependent on third-party servers)
You actually want each one to be relatively trivial, so that you can stack multiple, and because the benefits of maximizing are less important than the risk that you will give up on the whole thing.
This has worked well for me and I recommend it.
One thing that it is worth re-thinking is our perspective on when, and how, it makes sense to build "democratic things". This includes:
* DAOs and voting mechanisms in DAOs
* Quadratic and other funding gadgets
* ZKpassport voting use cases, incl freedomtool type stuff, incl attempts to deploy it for local governance, etc
* Voting systems inside social media
* Attempts at "let's build and push for a brighter and freer political system for my country"
Lately I am getting the feeling that there is less enthusiasm about these things than before. The "authoritarian wave" (a phenomenon that is often viewed as being about nation-state politics, but actually it stretches far beyond that, eg. see the phenomenon of companies lately becoming less "multi-stakeholder" and more founder-centric, and recent disillusionment with social media) is not just a matter of some malevolent strongmen smelling an opportunity to exert their will unopposed and seizing it. It's also a matter of genuine disillusionment with democratic things (of various types, not just nation-state, also corporate, nonprofit, social media).
Defense of democratic things lately has the vibe of actually being conservatism: it's about fighting to preserve an existing order, and ward off hostile attempts to push the order toward a different order (or chaos) that favors a few people's interests at the expense of others, and not about appreciating positive benefits of the existing order. But conservatism is progressivism driving at the speed limit, and so if that's all that there is, it will inevitably lose, it will just take longer.
There is an unfortunate irony to this, because it comes at the same time as we have much more powerful tools to build more effective democratic things: ZK, AI, much stronger cybersecurity, decades of research and experience. But to do so effectively we need to diagnose the present situation. I will break this down into a few parts.
## Stable era and chaotic era
In the 00s and 10s, it was common to dream about things like: creating a global UBI, moving a country wholesale to a better political system like ranked-choice voting or quadratic voting, building a large-scale DAO that could eventually provide billions of dollars to global public goods that current systems miss (eg. open source software).
Today, all of these dreams seem more unrealistic than ever. I see the main difference why as being that the 00s and 10s were a stable era, and the 20s are a chaotic era. In a stable era, more coordination is possible and imaginable, and so people naturally ask questions like "what would be a more perfect order?", and work towards it. In a chaotic era, the average intervention into the order is not a principled act of mechanism design, it's raw selfish power-grabbing, and so there is much less room to think about such questions. It's difficult to imagine eg. moving the United States to quadratic voting or ranked choice voting, when the country cannot even successfully ban gerrymandering.
What do chaotic era democratic things look like? At a large scale, they do not look like hard binding mechanisms for making decisions. Rather, they look like tools for consensus-finding. They look like tools for identifying possible shifts to the order that would satisfy large cross-cutting groups of people, and presenting those possible shifts to change-making actors (yes, including centralized actors, even selfish actors), to make it clear to them that those particular shifts would be easier for them to accomplish, because they would have a lot of support and legitimacy. https://t.co/EJ0MH39onA style ideas are good here, anonymous voting is good, also perhaps assurance contract-style ideas: votes or statements that are anonymous at first, but that flip into being public (and hence publicly commit everyone at the same time) once they reach a certain threshold of support.
This does not create a perfect order, but it gives highly distributed groups *a voice*. It gives actors with hard power something to listen to, and a credible claim that if they adjust their plans based on it, those plans are more likely to get widespread support and succeed.
The Iran war is a good example here. My biggest fear in the ongoing situation has been that while the IRGC is unambiguously awful and murderous, there is an obvious divergence between US/Israel interests, and interests of Iranian common people: while both would be satisfied by a beautiful peaceful democratic Iran, the former would also be satisfied by the perhaps easier target of Iran becoming a low-threat low-capability wasteland, whereas for the latter that would be ruinous. How can Iranian people have a collective voice that carries hard power - not just in some future order that they create, but now, literally this week, while the situation is chaos?
Some "sanctuary technology" is sanctuary money. Other times, it's sanctuary communication. But we need sanctuary tools for collective voice too.