WE NEED Privacy and Scaling on Blockchain - w. Prof Dawn Song Oasis Network (ROSE)

Hey guys and welcome back to BloxMining. Today we have a very esteemed guest, Dawn San. She's the professor at Berkeley and also the recipient of the MacArthur Fellowship, which is one of the most esteemed prizes in computer science or fellowships in computer science. And today she's sharing a lot of insight about what's happening in the blockchain space and talking a little bit about something that we don't cover too much on this channel, which is privacy on blockchain. So Dawn, welcome to this channel. Hope you're doing well. Great. Yeah, thanks a lot for having me. So I think like it's your first time on a channel and I just wanted to get my audience quite familiar with you. So can you just tell a little bit about, you know, kind of your story and how you got into the blockchain space? Yeah, that's a very good question. So I have been working in security and privacy for a really long time. I think more than two, like two decades now. Right. Actually, it's interesting. I think one of my earlier papers actually was proof of retrievability. And actually, I invited him to give a guest lecture in my blockchain class earlier. And then he actually talked about my paper, how that helped inspire some of the design in the Filecoin protocol as well. So I think actually, that was one of the, actually, you know, one of the earliest papers in this proof of retrievability. And so that's just an example showing that when you look at blockchain, really the key is, I mean, security is a core part of blockchain. So in some sense, like, I actually have been working in space for a very long time. And then essentially, in terms of the fundamental technologies. And also, it's interesting, I also, you know, have been working in AI and machine learning. And then, and then I, I think, as blockchain, you know, continues to develop those, I think, I taught some blockchain classes in 20, I think, 2018 timeframe, and so on. And, and really, I think, as many of us here, we do think that blockchain, as you just say, and the blockchain is going to change the world, but it has a very interesting path. And the more I work in the space, the more I think you come to understand the path and so on. So that's, and in my research lab, we have been developing kind of technologies in security, privacy and blockchain. And at the time, essentially, I was seeing the challenges, for example, Ethereum was facing, and so on, and really for blockchain to change the world, to have real world impact to really, you know, fulfill the vision that we have, for blockchain really needs better fundamental technology in space. So that's essentially what's drove me to blockchain. Like, I see machine learning AI is one really important advancement for the world, and that really just helped us to build more intelligent systems. But for blockchain, it's interesting, it has a more, potentially have deeper impact in the structure in our society, the relationship between individuals and relationships between individuals and institutions and entities. So it's a, it's a very different type of destructive innovation. And, and yeah, so I, given, you know, the vision I see, and also the needs I see in the space. I see. I see. Very different. That's very interesting. I think that's a very interesting angle as well, because I think there's very few people who can say, yo, you know, one of my initial publications directly led to a lot of this innovation here. So definitely, that's a very cool angle to come from, because you've been in the, you know, space, the research space, and the computer science space for such a long time, that you see all this innovation come and you see, okay, what does it need, right? I think that's a very interesting angle. You have the, the idea of what it needs. And I think I want to push to that as well. I mean, you see Ethereum right now and you're talking a little bit about privacy. What drove you to that angle? I see. Okay. So, right. For example, Ethereum and most of today's blockchain platforms, really everything is in the public. So, when you have that, of course, you can say you have the transparency, you can go check whether this is something, you know, everything is correct and so on. So, it has some advantages. But on the other hand, that significantly limits the use cases, right? Because ultimately, in this world, everybody, I think, has their private information and there's users, individuals, or entities like financial institutions and so on. Being able to protect your sensitive information is really important. And as we build up the blockchain platform, I think improving scalability is one thing and also having better privacy protection. That's really important. That's going to help us to expand and enable more use cases. That's actually very interesting because, like, right now, I think we're using one of the transparency aspects of blockchain. I mean, with the rise of decentralized finance, we can see where our funds go, which is great, right? Now, you can start tracking where the funds go. It might be very complicated to see, like, with all this yield farming or DeFi yield aggregators, but at least you know where the funds are. You can trace it, track it on the blockchain. But you're talking about something that's also quite different here, which is not everything needs to be private, right? And I think this is one of the unique aspects that drove me into look into Oasis because at the same time, you want to keep some of the information. If it's sensitive company information, like, for example, where funds are stored for a particular institution, they don't want that information to be revealed publicly, right? So where does this come into play? Like, how does this kind of all work out? Where do you see kind of this fitting in? Do you think that everything, is everything on Oasis private? Is everything on it public? How does this all fit together? And also I want to add to it, you guys, like, on one hand, transparency is helpful so you can see exactly what's happening. But on the other hand, you have to keep in mind that everybody can see that information. And then there's a lot of, you know, like, attackers out there, bad actors. When you have that information, they can utilize that information for harm as well. So that's why, for example, there are always front-running attacks, there are back-running attacks. There are various attacks that people can launch for big parties because information is out there so they can see everything and hence, when they see your information, they potentially may be able to leverage that and mount attack on you. So that's why, right? But everybody needs to protect their information that you need that to protect yourself. That's actually very true. You brought up the front-running attack and I just explained this to people because, like, I think a lot of people, when they're buying on Uniswap, you know, the moment that you start executing an order, it becomes public because now it's sent to the blockchain. But the blockchain hasn't processed that yet. So something that was very interesting, I just wanted to add to this here, is that there are people who are specifically designing bots to see where large orders are going and then to exactly front-run them. So then they can get the order. So let's say if someone wants to buy 500,000 worth of X token, let's say call it bunny token or whatnot. But if that is the case, if someone sees that and this is sent on the blockchain and someone can scan that, then a bot can also execute the same order before them. And then they can get the advantage because they know that price is going up so they can buy some beforehand, price gets pushed up and now they can profit off that. And there's a lot of bots for that. And that's one of the issues of being fully transparent all the time where there's now issues of front-running. There's also issues of data breach. So then, okay, can you talk to me about how more about how you're solving that then? Right, exactly, exactly. So actually, even last year, actually, on our Olysis platform, we have developed this, we call, for example, private uniswap. In this case, essentially, your audit will be encrypted when it stands to the smart contract when you enable this confidential smart contract. So then, exactly like you explained, then the attackers won't be able to see your audit before it's executed. So there's no front-running attack. And so this, right, so this uniswap smart contract runs in the secure execution environment as a confidential smart contract. So then you have privacy protection and you don't have these front-running attacks because the attacker cannot see you. So, Andy, right. So this type of, this is actually very interesting because this is not just protecting privacy for the address, but it's also protecting the information that's being processed. Exactly. I think that's a very big difference here because obviously, I think my audience, we, you know, as a community, we know about privacy coins, right? We don't know about Monero that tries to hide the address or kind of obscure where transactions are going. But at the same time, it's not just about the address, but now you're protecting the information, the smart contract. So you're encrypting that data so people can't read, oh, look, I want to buy half a million dollars of bunny tokens. It would just be garbled, it'd be a garbled to them. But the blockchain on the other side, the smart contract itself understands that so then it can execute the order as per instructed. Right, yeah. And the Oasis platform is a unique platform to support this. And you asked earlier how we do this and so on. So the Oasis platform has a very unique architecture that we call the paratime architecture. So this architecture actually enables all these different advantages, including actually scalability as well. I can explain. Yeah, sure. Explain a bit more detail. So how does that work then? Yeah, yeah, yeah, yeah. Exactly, exactly. So the way to think about it is so with Ethereum and most of the blockchains out there, so they have the scalability issues actually for, there's a main reason for that. So when you look at the blockchain, usually there are three key functions that need to be performed. Consensus, how different nodes reach consensus and compute to execute smart contracts and storage to store the states of the smart contract account and so on. So for example, Ethereum, all these three functions are bundled together, so each node has to do all three functions and hence this can actually naturally lead to these bottlenecks and so on. Because also each node can do the same thing and so on. So in our case, then in Oasis, the architecture, we have a novel, a modular architecture. We actually decouple these functions. We separate the execution from consensus. So what it means is we actually have two main layers. We have the consensus layer. The consensus layer runs proof-out stake, so the nodes just do consensus. And then on top, we have what we call paratime layer. So paratime stands for like parallel runtime, so it's short for parallel runtime. So what it means is we actually have this natural parallel execution architecture. So in the paratime layer, we can have many paratimes running at the same time. Each paratime is run by a paratime committee and this committee can be dynamically selected in a pool of compute nodes and so on. So in other nodes that participate in the network, for example. And then each paratime can have its own paratime engine, which is essentially like a smart contract VM. And this also naturally enables us to actually concurrently support different types of smart contracts virtual machines. So for example, we are fully backwards compatible with EVMs, so we can support solidity smart contracts very easily. you can just and all the Ethereum developer tooling all works for that and it's really easy to have an Ethereum solidity smart contract to just run on our platform. And so that's with a paratime committee that runs this paratime, this EVM paratime engine, that's how it works. That's actually quite crazy. So I just kind of wanted to interrupt you there because like just to put everything in perspective because, you know, development is actually quite time intensive and we're just beginning to figure out how Ethereum kind of development can be improved because obviously you've seen numerous hacks on Ethereum in the past and developers now are just trying to get the code better. So I think I took a lot of knowledge in just now. So a few things that I kind of understood is you decoupled the consensus from also the execution which is very, very interesting. So now you have the ability to not only scale but you can also support multiple environments as well which is super interesting. So one of those environments being Ethereum so now you can be compatible with Ethereum and the EVM. And another one can be you can develop which supports smart contract language using Rust so you can actually write smart contracts in Rust which is a mainstream programming language. a lot of developers really love it. So it's a beautiful language. And also then going back to secure computing and so we support so one of the paratime committees for example the nodes can run secure hardware and then and then we can support confidential smart contracts using secure hardware. Got it. And you can have right. So naturally then you can support all these different concurrents and parallel run times paratimes that we call and it gives you natural better parallelization and also extensibility and flexibility and also actually naturally supports a seamless combination of permissioned and permissionless use cases. that's insane that's a huge amount of knowledge down here but I think it's absolutely insane the implications of this is absolutely crazy because like a few things questions just pop off the head so you said okay look this can support Ethereum so now can you make a bridge to Ethereum as well in that case like bridge assets between Ethereum because it's closer exactly absolutely and can developers also port code over so I think one of my concerns is let's say let's say there's an amazing app that's been on Ethereum let's say it's Uniswap or someone and it's open source can they just port code over to Oasis or is there any risk as well is the EVM environment exactly the same or would there be slight differences as well in the kind of the execution environment right so we support actually different versions of the EVMs like different teams have been developing different EVM engines and it's very easy to run them because you can just have different paratime different paratime to support that have different paratime communities to run them so yes we right and today basically most of the solid-disc smart contract on Ethereum they just run in this environment with no changes in it okay so that's very interesting so they can directly port their applications over with very minimal changes and then start running that on Oasis something that's actually quite interesting is because you can support different run times does that mean there will be compatibility issues as well let's say if one decentralized application on Oasis is you know really really popular and then it wants to interact with another application let's say you have Uniswap you're doing some tokens and now can those tokens be ported over to another runtime or is there a limitation there right so these different run times or different part times they can communicate through sending messages sending transactions to each other and so on so then there's no issue with the compatibility because they don't need to all run in the same runtime or same paratime so essentially one we can think about is that these different paratime environments you can think of them as like different sub networks that each one essentially can fully have its own flexibility like I said they can choose its own paratime engine they can have its own criteria what kind of nodes it wants to participate so for example for some applications maybe they only want nodes in certain geographic regions or like I said for some if you want to support confidential smart contracts maybe then you want to have nodes that have secure hardware capabilities and also for some use cases like I said they may be a permission use case where a certain enterprise they just want to have nodes like you know a few enterprise together they just want to have themselves maintaining the nodes and so on so in that case it will be permission setting but the whole architecture because all the different paradigms they share the same consensus layer so their states basically are synced in the sense that each paradigms state the root hashes get synced to the consensus layer so then this allows all these different paradigms to communicate with each other and also at the same time they essentially they share the same strong security for consensus from the consensus layer and also allow them to share the same nature to make it different to communicate with each other that that it's actually very very interesting I think it's very different from everything that I've seen so far you know and also what's better is that actually the scalability actually is better so for example the way we you have to actually tie this paradigm layer to the consensus layer because otherwise in the consensus layer is doing consensus how do you know whether this time the state is correct and so on so we have a way to tie the paradigm layer to the consensus layer through what we call discrepancy detection so the idea is that let's say you have this paradigm committee that runs a paradigm engine and basically executes the smart contract in that environment and then through this committee we so through this discrepancy detection what it means is as long as one node is honest is doing the right thing then the consensus layer basically can detect any misbehavior from this paradigm committee and hence you get extremely high security actually for a much lower replication factor which means that to achieve the same security level in you know with the sharing approach you actually would require a higher replication factor than using our very final computing discrepancy detection approach and hence with our approach from the parallelization and scalability we can actually be much more efficient than sharding than parachain and so on with this new architecture that's actually very very interesting so it's a completely different architecture and design from what we've seen and the other proposed solutions as well so on this channel we talked a lot about sharding we talked about to the guys from Elron they talked about full-state sharding we also talked about Ethereum 2.0 which is going to implement sharding architecture so this is just filling in everything so Don is like this is better and it's also quite interesting because we also explore Polkadot a little bit and they're always talking about using parachains to scale the network so this is something that's completely different but at the same time it has scalability privacy in mind so that's what's interesting about Oasis so I'm just trying to put everything fitting everything into place so I think this is very cool I have a question though so you talked about from an architecture perspective right so if you think about Ethereum everything executes on the same time and this is why we're getting bottlenecks because there's just too many transactions we can't the processing power is always the same right so that's not good but on Oasis obviously you can split that off and have different you know kind of what was it called again sorry it was time paradigm that was the name I was looking for so paradigms that can do this but one of the issues here is that if you have a different paradigm you're talking about sinking this discrepancy what if this paradigm decides to be dishonest I mean the thing is there's a lot of motivation to do so right now we have financial contracts worth millions of dollars so there's a huge incentive for them to be or maybe attempt to be dishonest how does this discrepancy sinking system work how do you prevent value from being lost in there right right right exactly a very good question so so the idea here is that again we have this paradigm committee and the paradigm committee can be dynamically chosen from a pool of compute nodes and each node has to stake in order to join the network and then as they are selected to run this paradigm to do this transaction for the smart contract execution and so on then that's where essentially that's what I meant by the replication factor is that in this paradigm committee every node is doing the same work and then from the consensus layer will check is for each node with their compute results they will be going to the consensus layer the consensus layer will be checking or do something what we call discrepancy detection essentially it's very powerful computing so the consensus layer wants to make sure that the execution has been correct and one way to do it is what we call discrepancy detection so for example let's say you have 100 nodes in this paradigm committee and each node is supposed to be executing the same set of transactions and smart execution and then they will be submitting results to the consensus layer will be checking whether these results are the same so in this case as long as you have one honest node who has been doing the correct work then any node that's trying to behave that means it will introduce a discrepancy meaning the reported results will be there will be discrepancy among the reported states that different nodes and then the consularer will know that there's something wrong and then once this happens we have the process called dispute resolution so that means the consularer has discovered someone is behaving then you need to figure out who is behaving using the dispute resolution methods so that's a little more evolved process but in general for example a simple way you can have a bigger committee and you rerun and you see what the result is and so once you then you figure out who actually submitted the wrong results then you slash them you have incentives to behave correctly and also as long as you have one note that's behaving correctly then you can detect any mis-behaven and hence it actually has very high security and also because you can detect any misbehavior as long as one honest note so that's why it reduces our replication factor for the same security level so for the same security level we need a smaller number of nodes in the committee to actually achieve that security level that's actually very powerful so unlike Byzantine fault tolerance which requires 51% to be honest you only need one honest node within that committee to make sure to ensure that this calculation is done correctly so that's actually really powerful there so for other models usually you need 3F plus 1 or 2F plus 1 whereas in our case you only need F plus 1 nodes got it that's really powerful and that is why it's right it's more efficient than other methods got it so we went really deep into blockchain architecture design there I hope you guys got a little bit of insight but it's actually very different from everything else and I really appreciate Don's perspective here about everything that's going on I think it's good time to actually zoom out as well and just talk a little bit about the application side of things so we went deep into blockchain we understand a little bit more about the architecture but now that we know this how does it be applied how does this work where do you see this being applied in the future where's your vision for this going yeah that's great so for us essentially we say that what is the Oasis network it's the first privacy enabled blockchain platform for open finance and responsible data economy so what that means is given its unique architecture and the technological advancement with the enablement of both scalability and privacy protection it can really enable new use cases new paradigms so for example DeFi is really hard today people talk a lot about DeFi and so on but in DeFi we're seeing I think two challenges one is scalability challenges and the other one is the privacy challenge that we discussed at the beginning including attacks like front running and so on so right so what Oasis network Oasis platform can provide is what we call scalable and private DeFi so we can provide better greater scalability for DeFi again given that Ethereum is compatible with EVM and so it's actually really easy to migrate the solid smart contracts and also we are in the process of building the bridge hopefully it will be done in the near future so what does this bridge do so you can pop tokens over via the bridge right so basically so for example on Ethereum you have various assets and there's 20 tokens or whatever you have you have various assets and then this bridge would enable you to for example for example creating wrapped assets here like so you lock the assets over there in Ethereum and you bring the assets here you create these wrapped assets and then essentially you can basically bring assets over and then you can run these yield farming or these DeFi applications on the platform but with much lower costs right it's now you don't have to pay like 50 60 dollars for doing right a transaction or something and so you can do it in a much more efficient and fast scalable and cheaper way so just to summarize so you can actually so that's actually quite a powerful proposition so you can bridge assets over which is great so that means you can start trading or having your own version of a decentralized exchange on OASIS but also because OASIS is compatible with Ethereum virtual machines so it's compatible with EVM you can start just direct developers just start directly porting over to OASIS and also that's something that's quite interesting is because OASIS supports different languages like Rust and you can actually have other bridging links to other Rust based blockchains right is that easier as well for them and to also have applications that can port over from say like LRUN I think LRUN is Rust based so that means that developers can port over code from both sides right yes yes yes and then yes so the first is one thing and then also with the privacy protection we can enable what we call private DeFi so for example as I mentioned we've developed the private Uniswap and the private compounds so a lot of these applications essentially you can have the private version the privacy receiving version that can address many of the challenges and that we're seeing in DeFi today like the running and so on and also like I think for institutional institutions again these type of privacy is more important for them and I think in the current form it's difficult for them to to participate with privacy protection and it can you say expands the expense the user base and we can actually bring even more the mainstream users into the space that's actually very interesting I think like you know we've been through stuff like voting issues where you know voting what people want to do voting on a blockchain but then everything became transparent and I'm like why would you ever want to do voting on a blockchain but now with privacy it's much less of an issue so I think this is actually very interesting going forward so I think that that's where I feel like I think this conversation was great because we talked a lot about not just the architecture but also about the future vision of this so in terms of OASIS what kind of developments do you have in mind right now who's committed to develop on OASIS and what are they doing right yeah that's a great question so in DeFi we actually have a number of partnerships we also just announced a partnership with Chainlink recently and they will be bringing Oracle services to our platform and we have a number of other DeFi partnerships while building and providing those core DeFi components on the platform to help build up the DeFi ecosystem and also the skill of and private DeFi is actually just one type of use cases the OASIS platform can enable and actually there's even bigger use case that we call a responsible data economy it's essentially through data tokenization because we enable privacy we combine blockchain the ledger capability and secure computing together so we enable this truly new thing that we call data tokenization as so far we many talk about financial assets and these tokens representing financial assets but we also know data people say data is the new oil so data is actually the key driver for modern economy and it's also of course most of the data is actually very sensitive but it's also hugely valuable and so we all know that there has been actually a lot of tension between how to protect users privacy better and also I think for companies how to actually enable this data to be utilized and so on so essentially we want to have a responsible way of utilizing the data and extract value out of the data and the more important I think especially users data what you want is that you want to be able to protect your rights to the data and also at the same time to be able to use the data in a privacy preserving way so that users can benefit so what the Oasis platform can enable is for the first time it can enable the creation of this new type of assets that we call data assets so essentially users can for users own data the user can the platform allows the user to tokenize the data so the blockchain can essentially provide a immutable log of users rights to data and also how the user wants the data to be utilized and then with the combination of the secure computing then we can allow third party to utilize the data while protecting users privacy and we actually have seen a number of really exciting applications on this so one application that we'll be launching soon in partnership with the genomic company is in the space of helping users to become owners of their genomic data as well the data is really sensitive and also it's the data that you cannot change you cannot change your genes yes so right so you may have heard about some like companies they actually have cited the slowdown in their consumer adoption due to consumers concerns for privacy how their genomic data may be handled so with the OSIS platform actually users have control of their genomic data users can decide how they want their data to be utilized data will be stored in but users can specify who and how the data can be used for example in this case the user can give consent to the genomic company and then the genomic company can provide the genomic data analysis and then with our platform the genomic company can run the genomic analysis in this secure computing environment and then so users data is being protected and at the same time the user can benefit from the analysis results so this is another example of how this platform can enable this new form of data assets and also we just announced our partnership with Binance to build up an alliance called CryptoSafe alliance to help bring different exchanges together to fight crypto fraud because there's a lot of fraud that the exchanges need to identify and prevent these crypto fraud so so with platforms like this they can help different entities even if they may be mutually distracted they can actually securely share information together to together do compute over the information where each entity wouldn't know information about others and together perform a computation and in this case for example fight these crypto fraud that's actually very interesting I think a lot of this stuff is forward thinking and I think it takes a bit of wrapping our head around right and I think this is the insight I really got from talking to you is you know thinking for the future I mean at the end of the day Facebook got a lot of you know this is very public you know Facebook they leaked sensitive information and in fact they built their entire business on being able to obtain sensitive information about our lives right that's kind of the crazy part of the Facebook business model is they monetize people's data that's how the company works and it's a billion dollar industry on top of that you were talking also about data collection when it comes to our genes and I've done 23 and me so I know I'm whatever I think it's 92% Chinese and 8% others and I was super interesting tracing where my genes are but kind of surprising was the last time I talked about this data privacy thing was that I started to realize that whilst I paid I think it was like $199 for the test the company doesn't monetize that right the company 23 and me most of their money is made by selling my data so I didn't realize that data could be worth like $1,000 or $5,000 to various companies doing research right so this is actually kind of crazy I completely did not realize it at a time but after talking with researchers in the space I started realizing oh crap if I'm part of a select group of people there are I just agreed to it I didn't know it was worth money and second of all why don't I get any of that money right so I think this is something that's kind of interesting for a lot of people who don't know the perspective of this is that all of a sudden our data is worth money companies are paying for it and really this is something that's forward thinking about how to protect people that provide data I provided my genomics data for free but at the same time how to give that control to people I'm sure there's going to be regulation in the future and how to make the compute happen but I think something that's kind of interesting just going back to the genomics idea so in that case would you store the entire genome or I guess 23and me they look at particular sections of our genome data so how would you store that information once it's obtained because that's so much data that can can always handle that entire or sections of someone's genome so this is also why our platform actually uniquely supports this so for example you will never be able to store the data on chain meaning like on the actual consensus layer in the ledger itself so that's why by separating execution from consensus it really helps it provides much more flexibility so the actual genomic data is now stored on the consensus layer the measure itself what you store there is essentially for example hashing of the data and the actual storage is actually quite flexible of course it will be stored in encrypted form but it can be stored in essentially it can users can host the storage themselves as well as they provide the availability when the data needs to be utilized and so on so actually really enables much better decentralization and distributes the system interesting interesting that's actually a very cool discussion I think we definitely want to explore this in the future as well because there's so many applications of this I'm glad that you're being using that data also to help fraud with Binance and if people want to know a little bit more about the project how would they go about learning more about OASIS okay yeah so people can visit the website it's OASIS protocol like for the OASIS foundation and also OASIS labs provides a lot of these privacy technologies as well and actually with the data thing one more thing maybe I can just add very quickly is people do yield farming these days so with yield farming you put down liquidity you can contribute liquidity so actually interesting similarly with this data tokenization and data economy you can do actually you can get data yield you can stake your data and then if others then you can create a pool and we call it a data trust and as others utilize the data and pay fees into data and data yield which is that's actually pretty cool I didn't think about it so I can stake my genomic data people can read it obviously but they can extract data from it that's kind of cool so now I can be paid I can stake my data everywhere that's actually a very interesting model I didn't think about that but that's super cool yeah a lot of really exciting usepaces and awesome so I think Don thank you so much for sharing your insights I think I'm actually quite inspired for the future for where this can all lead and I feel like putting everything into perspective when Bitcoin first started people were like oh this is just a slow database but now as the whole blockchain space has been improved and we're solving issues with both scalability and privacy and I think that's kind of really awesome to be in this space at this time so I I'm sure there's a better descriptive word out there other than awesome but right now that's kind of what I'm feeling so guys I thank you so much guys for watching this video and thank you Don so for coming here thank you that was a lot of fun thank you cheers yeah that's really