SBC 22: Field Notes From Science of Blockchain 2022

Elena BurgerBryan ChiangValeria NikolaenkoDaejun ParkCarra WuGuy Wuollet

9.12.22

Field notes is a series where we report on the ground at significant industry, research, and other events. In this edition, some of the a16z crypto team members in attendance rounded up a collection of interesting talks, papers, slides and more from the DeFi Security Summit 2022 (Aug. 27-28), the Science of Blockchain Conference 2022 aka SBC 22 (Aug. 29-31), and various affiliated workshops (Aug. 28-Sept. 2), all of which took place at Stanford University last month.

1. Science of Blockchain Conference 2022

The Science of Blockchain Conference focuses on technical innovations in the blockchain ecosystem, and brings together researchers and practitioners working in the space across cryptography, secure computing, distributed systems, decentralized protocol development, formal methods, empirical analysis, crypto-economics, economic risk analysis, and more. The event is co-chaired by Stanford professor (and a16z crypto senior research advisor) Dan Boneh; a16z crypto head of research Tim Roughgarden was also on the program committee and gave an invited talk on the paper we shared with readers in our last newsletter.

Here’s a quick mix of some of our team’s field notes, links, and themes from SBC 22 as well as a couple of affiliated workshops – including the “science and engineering of consensus” workshop (Aug. 28) and another on maximum extractable value, or MEV (Sept. 1) – in no particular order:

  • Peiyao Sheng on an analysis of different blockchain protocols, figuring out which have better forensic support that helps detect a validator’s misbehavior with evidence (paper)
  • Pratyush Mishra’s talk on arkworks, a Rust ecosystem for zkSNARKs that’s used widely in many crypto project implementations (GitHub)
  • Srivatsan Sridhar on changing the download rule in longest chain consensus in order to mitigate bandwidth congestion during spamming attacks on the network (paper)
  • Ari Juels and Mahimna Kelkar’s talks on protecting against adversarial tampering of transaction ordering, and a scheme for enforcing fair transaction ordering (workshop abstract, paper)
  • Ethereum cofounder Vitalik Buterin on responding to — and surviving — 51% attacks (attendee tweet with slides)
  • David Tse on reusing Bitcoin hash power to enhance the security of PoS chains (paper)
  • John Adler’s talk on accountability — in this case, the ability to identify and punish attackers — in PoS systems (workshop abstract)
  • Phil Daian on the evolution of the MEV “dark forest,” covering everything from the frontrunning problem’s theoretical outline, to its initial identification in his Flash Boys 2.0 paper, to the emergence of the MEV research organization Flashbots, to present-day considerations relating to transaction censorship resistance and creating a robust builder and proposer market for transaction bundles post-Merge (workshop abstract / slides)
  • A theme: “asymmetric and subjective trust assumptions (not all nodes are equally trusted, not all nodes trust equally) and view-based protocols (nodes interpret their view of the state locally, and eventually a view-merge determines canonical DAG aka directed acyclic graphs, fork choice, etc.)” [a related paper]

watch the presentations: day 1, day 2, day 3

2. Applied ZK Workshop (part of SBC 22)

After the Science of Blockchain Conference wrapped, the Applied ZK Workshop (Sept. 2) brought together researchers and developers for one more day of learning and discussion on the latest developments in the zero knowledge (ZK) ecosystem. Speakers covered everything from new circuit primitives and virtual machine (VM) architectures to ensuring security through verification and auditing.

Formal methods for ZK systems were an important item on the workshop’s agenda, focused on solving a well-known issue: when a ZK system malfunctions after deployment, it’s difficult to find and fix the root cause. It’s critical to verify the correctness of ZK systems at compile-time, and formal verification can be a great help. A number of formal methods researchers are currently working on this problem, and a few discussed their work:

  • Junrui Liu presented ongoing work on formally verifying the functional correctness of the circom circuit library using a proof assistant Coq, and Yu Feng introduced Picus, a static analysis tool that automatically verifies certain critical properties (e.g., circuit uniqueness) for a given R1CS circuit
  • Eric McCarthy discussed his team’s “verifying” compiler for Leo, a compiler that automatically produces a formal proof of correctness, guaranteeing that the compiled R1CS circuit is equivalent to the source Leo program

And more highlights from the event:

  • Yi Sun and Jonathan Wang presented their halo2 implementation of key elliptic curve operations including multi-scalar multiplication and Elliptic Curve Digital Signature Algorithm (ECDSA) signature verification (as a followup to their work on elliptic curve pairings in circom); especially cool: the configurable prover-verifier time tradeoff achieved by modifying the shape of the PlonKish circuit matrix (a wider [taller] table leads to lower [higher] prover costs but higher [lower] verifier costs)
  • Bobbin Threadbare took us on an insider tour of Polygon Miden’s zero-knowledge STARK-based VM; unlike other ZK VMs, programs are fed in as Merkelized abstract syntax trees (MAST) of the instructions, improving both efficiency and safety (slides)
  • Nalin Bhardarj discussed implementing recursive SNARKs in circom, a powerful technique finding its way into other ZK applications, including rollups; pairings in circom enable verification of Groth16 SNARKs within the circuit itself, which, in turn, enables more scalable aggregation (one by one vs. all at once) and allows a prover to show knowledge of a fact without knowing the exact fact themselves (the prover is on both sides of the zero-knowledge property now)!
  • Aayush Gupta presented a new scheme for deterministic nullifiers that allow ZK applications to limit users to a single action, like claiming an airdrop (slides)
  • Uma Roy and John Guibas presented their work on putting light clients on-chain by verifying consensus through zk-SNARKs; the result is Tesseract, a prototype ZK bridge between ETH2 and Gnosis that has improved security and censorship resistance

view the full agenda

3. DeFi Security Summit (preceded SBC 22)

Just before the Science of Blockchain Conference kicked off, a number of security researchers and practitioners gathered at the first annual DeFi Security Summit to discuss reflections on past security incidents and secure development processes, to safeguards such as bug bounties and insurance.Some quick notes on themes, with links to talks:

  • Kurt Barry, Jared Flatow, and storming0x explained their secure smart contract development practice at MakerDAO, Compound, and Yearn, respectively; a common theme was the Swiss cheese model, which layers together various complementary security measures
  • Christoph Michel discussed the evolution of price manipulation attacks (with an interesting CTF challenge as a bonus!) and Yoav Weiss explained various bridge exploits
  • Mitchell Amador preached the importance of strong incentives for getting more security talent to keep this space safe
  • There were panel discussions on various topics such as time-weighted average price (TWAP) oracle security after the Merge as well as on modularity and upgradability
  • Another theme was setting correct expectations for auditing practices; common messages from auditors were that instead of “audits”, they should really be called “time-boxed security assessment” as well as the observation that auditing engagements “are more alignment rather than liability
  • Developers expressed concerns about common auditing weaknesses such as long lead times and insufficient incentives to secure codebases; Sherlock proposed an interesting approach that could address these issues by combining the effectiveness of audit contests and legacy audits to get the “best of both” worlds

view the full agenda(with links to some talks)

watch the presentations: day 1, day 2

Editors: Robert Hackett (@rhhackett) and Stephanie Zinn (@stephbzinn)

***

The views expressed here are those of the individual AH Capital Management, L.L.C. (“a16z”) personnel quoted and are not the views of a16z or its affiliates. Certain information contained in here has been obtained from third-party sources, including from portfolio companies of funds managed by a16z. While taken from sources believed to be reliable, a16z has not independently verified such information and makes no representations about the current or enduring accuracy of the information or its appropriateness for a given situation. In addition, this content may include third-party advertisements; a16z has not reviewed such advertisements and does not endorse any advertising content contained therein.

This content is provided for informational purposes only, and should not be relied upon as legal, business, investment, or tax advice. You should consult your own advisers as to those matters. References to any securities or digital assets are for illustrative purposes only, and do not constitute an investment recommendation or offer to provide investment advisory services. Furthermore, this content is not directed at nor intended for use by any investors or prospective investors, and may not under any circumstances be relied upon when making a decision to invest in any fund managed by a16z. (An offering to invest in an a16z fund will be made only by the private placement memorandum, subscription agreement, and other relevant documentation of any such fund and should be read in their entirety.) Any investments or portfolio companies mentioned, referred to, or described are not representative of all investments in vehicles managed by a16z, and there can be no assurance that the investments will be profitable or that other investments made in the future will have similar characteristics or results. A list of investments made by funds managed by Andreessen Horowitz (excluding investments for which the issuer has not provided permission for a16z to disclose publicly as well as unannounced investments in publicly traded digital assets) is available at https://a16z.com/investments/.

Charts and graphs provided within are for informational purposes solely and should not be relied upon when making any investment decision. Past performance is not indicative of future results. The content speaks only as of the date indicated. Any projections, estimates, forecasts, targets, prospects, and/or opinions expressed in these materials are subject to change without notice and may differ or be contrary to opinions expressed by others. Please see https://a16z.com/disclosures for additional important information.

podcast: web3 with a16z

A show about building the next internet, from a16z crypto

Any investments or portfolio companies mentioned, referred to, or described on this page are not representative of all investments in vehicles managed by a16z and there can be no assurance that the investments will be profitable or that other investments made in the future will have similar characteristics or results. Exits include current and former a16z portfolio companies which have been acquired as well as companies which have undergone an initial public offering or direct public offering of shares. Certain publicly traded companies on this list may still be held in Andreessen Horowitz funds. A list of investments made by funds managed by a16z is available here: https://a16z.com/investments/. Excluded from this list are investments for which the issuer has not provided permission for a16z to disclose publicly as well as unannounced investments in publicly traded digital assets. Further, the list of investments is updated monthly and as such may not reflect most recent a16z investments. Past results of Andreessen Horowitz’s investments, pooled investment vehicles, or investment strategies are not necessarily indicative of future results.

© 2024 Andreessen Horowitz WTUVKUCXZLYAD
GGCMUGJX