Science of Blockchain Conference ‘24: Field notes

Editor’s note: Field notes is a series where we report on the ground at significant industry, research, and other events. In this edition, Joseph Bonneau, Pranav Garimidi and Joachim Neu, from a16z crypto’s research team, share their highlights from the Science of Blockchain Conference and affiliated workshops, which were held in New York City around August 7-9, 2024. SBC is a premier conference bringing together researchers and builders from the web3 community. You can see the complete program of the main conference here with recordings of talks freely available online.

The Science of Blockchain Conference has come a long way since it was first held in 2017. The name itself has evolved — from the Stanford Bitcoin Conference to the Stanford Blockchain Conference to today’s Science of Blockchain Conference. The name update was particularly relevant this year, as it was the first edition held outside of Stanford (this year at Lerner Hall, Columbia University, in New York City). The community has grown in size and scope, with now hundreds of attendees (registration was free but “sold out” early at ~1500 registrations) and over 50 associated side events and workshops.

Fortunately, all of the talks at the main conference were recorded and are available online. While the content at SBC is strictly technical and focused on research, and draws a large proportion of its attendees from academia, unlike traditional academic conferences there are no associated proceedings. That is, authors do not need to publish a paper to present, and they can present work that was already submitted to a separate conference or journal. As a result, the conference functions as a “greatest hits” from the web3 community, with less than one in ten submissions making it into the program.

a16z was active throughout the conference and affiliated workshops with several talks:

• General Partner Chris Dixon was interviewed by Dan Boneh in a special segment, offering his broad perspective on the space and describing his experience writing Read Write Own.
• Head of Research Tim Roughgarden presented work on Security of Restaking Networks at the affiliated Consensus workshop.
• Research Associate Joachim Neu presented his work on Optimal Flexible Consensus and Nakamoto Consensus under Bounded Processing Capacity.
• Former research intern Ertem Nusret Tas presented Fair Data Exchange, a product of the a16z research group.
• Former research intern Mahimna Kelkar presented his work on Proofs of Complete Knowledge and current intern Sourav Das presented on Asynchronous Consensus.
• Investment Partner Guy Wuollet spoke on the need for verification at the DePIN Summit.

In the rest of this post we’ll highlight several other talks that the a16z research team found particularly interesting.

Invited industry talks

The conference featured many talks from industry, showcasing the variety of practical research being done. In a positive trend, all of these talks featured in-depth white paper sharing technical details.

• Ed Felten, Arbitrum: Permissionless Validation Using the BoLD Protocol
• Eli Ben-Sasson, Starkware: Stwo
• Yehuda Lindell, Coinbase: MPC for custody at Coinbase
• Ellie Davidson, Espresso: The Espresso Sequencing Network: HotShot Consensus, Tiramisu Data-Availability, and Builder-Exchange
• Deepak Maram, Mysten: zkLogin

Talks on practical security

Stefanos Chaliasos presented a survey: SoK: What Don’t We Know? Understanding Security Vulnerabilities in SNARKs (co-authored by a16z research intern Jens Ernstberger). This work is the result of analyzing over 100 publicly disclosed security vulnerabilities in SNARK systems over the past 6 years, providing a first look at how these systems tend to fail in practice. A key takeaway is that practical SNARK deployments are complex in software (on top of the complicated math), leading to many ways for things to go wrong. The majority of vulnerabilities were circuit specification bugs, which is a very complex task forcing developers to use a low-level language to specify a problem. There is a strong bias towards under-constrained circuits (leading to soundness bugs) rather than over-constrained circuits (leading to completeness bugs). The reason for this bias is intuitive: completeness bugs mean a system doesn’t work for some intended uses, which is usually detected by functionality testing. Soundness bugs are typically invisible until detected or exploited.

Mahimna Kelkar presented a paper Complete Knowledge: Preventing Encumbrance of Cryptographic Secrets, which poses a thought-provoking question: How can we be sure somebody really knows a cryptographic secret, like an ECDSA signing key? In a world of trusted hardware, it isn’t enough to simply have them sign a challenge message with it or produce a zero-knowledge proof-of-knowledge. They might have an encumbered version of the key, say, a TEE (hardware enclave) which has the key and will sign some messages or compute a proof but not allow certain banned messages to be signed. This talk (and the associated paper) discuss some protocols which aim to prove complete (or unencumbered) knowledge of the secret.

Talks on Transaction Fee Mechanisms

Max Resnick presented new work on Dynamic Transaction Fee Mechanisms. The work has two main contributions: it first shows that moving from stochastic block times (as in PoW) to deterministic block times (as in PoS) leads to decreased congestion as stable demand is matched more closely with stable supply. This in turn benefits users submitting transactions in being more certain of how much they need to bid to get included in a block. (This is especially true if the fee mechanism is a first price auction but can also be relevant under EIP-1559.) Their second result is that the EIP-1559 update rule under current parameters can lead to long delays for users when a large disparity exists between low and high value users. The concern is that the current update rule causes the base fee to increase too quickly even when the underlying demand isn’t shifting, pricing out lower value users even when there is available blockspace. They also justify the current mechanism increasing base fees too quickly with empirical results showing that users can frequently get substantial savings in how much they are paying for gas if they are willing to wait even just five blocks. The main takeaway from this work is theoretical and empirical evidence supporting decreasing how fast the base fee increases to improve UX for users. 

Theo Diamandis presented Multidimensional Blockchain Fees Are (Essentially) Optimal. This work uses a regret minimization framework to study the optimality of different base fee update rules. As a benchmark, the authors consider what optimal per-resource prices would be given that the mechanism designer was privy to the demand over a long period of time. They then provide a class of base fee update rules that given a sufficiently long enough amount of time are nearly as good as being able to perfectly set the prices upfront. In particular, the update rule that EIP-1559 uses falls into the class of update rules they show are optimal. To go along with their results, they prove that no other update rules can substantially beat the class of update rules they give. Overall, this talk shows how we can use tools from the convex optimization and regret minimization literature to have a concrete way to judge the optimality of the mechanisms we are using in practice versus the wide swath of update rules we could be using instead. 

Talks on consensus

The affiliated Consensus workshop was held on August 6, 2024 at Cornell Tech on Roosevelt Island. The recorded talks of this event are also available online.

a16z crypto’s Head of Research Tim Roughgarden presented a new work on the Robustness of Restaking Networks. An urgent question in restaking is to characterize under what circumstances a network remains secure when validators reuse stake as collateral to crypto-economically-secure multiple different services. Specifically, the concern is that if too little stake is used to back too many services, then the profits an attacker stands to gain from compromising the services may outweigh the cost it has to bear from the slashing of its stake following an attack, making attack a rational course of action. The authors of the paper give conditions on the network structure and the profits and costs of an attack under which a restaking network is guaranteed to be  secure.

Sandro Coretti-Drayton presented a network model for gossip networks where nodes have bounded processing capacity, and uses it to prove the security of the Leios protocol which provides High-Throughput Blockchain Consensus under Realistic Network Assumptions. For background, consensus protocols are usually proven secure using very simplistic models for the phenomena that could impact the communication among honest parties. For instance, a standard model assumes that a known upper-bound exists for the time it takes for a message sent by an honest party to be received by all other honest parties. Such a model neglects security-relevant aspects such as network topology (in reality, not every honest party has a direct connection to every other honest party) or congestion (in reality, messages may be delayed more or less depending how many other messages are propagating simultaneously). The talk and its associated paper continue a recent line of work that devises and employs models that capture these aspects.

***

Joseph Bonneau is a Research Partner at a16z Crypto. His research focuses on applied cryptography and blockchain security. He has taught cryptocurrency courses at the University of Melbourne, NYU, Stanford, and Princeton, and received a PhD in computer science from the University of Cambridge and BS/MS degrees from Stanford.

Pranav Garimidi is a Research Analyst at a16z Crypto. He does research on problems in mechanism design and algorithmic game theory as it relates to blockchain systems. He is especially focused on how incentives interact across the blockchain stack. Prior to a16z, Pranav was a student at Columbia University where he graduated with a degree in Computer Science.

Joachim Neu is a Research Associate at a16z Crypto. He is particularly interested in the theory and practice of distributed systems security. Recent research topics include Internet-scale consensus for heterogeneous user-bases, with applications to consensus security for the Ethereum blockchain.

***

The views expressed here are those of the individual AH Capital Management, L.L.C. (“a16z”) personnel quoted and are not the views of a16z or its affiliates. Certain information contained in here has been obtained from third-party sources, including from portfolio companies of funds managed by a16z. While taken from sources believed to be reliable, a16z has not independently verified such information and makes no representations about the enduring accuracy of the information or its appropriateness for a given situation. In addition, this content may include third-party advertisements; a16z has not reviewed such advertisements and does not endorse any advertising content contained therein.

This content is provided for informational purposes only, and should not be relied upon as legal, business, investment, or tax advice. You should consult your own advisers as to those matters. References to any securities or digital assets are for illustrative purposes only, and do not constitute an investment recommendation or offer to provide investment advisory services. Furthermore, this content is not directed at nor intended for use by any investors or prospective investors, and may not under any circumstances be relied upon when making a decision to invest in any fund managed by a16z. (An offering to invest in an a16z fund will be made only by the private placement memorandum, subscription agreement, and other relevant documentation of any such fund and should be read in their entirety.) Any investments or portfolio companies mentioned, referred to, or described are not representative of all investments in vehicles managed by a16z, and there can be no assurance that the investments will be profitable or that other investments made in the future will have similar characteristics or results. A list of investments made by funds managed by Andreessen Horowitz (excluding investments for which the issuer has not provided permission for a16z to disclose publicly as well as unannounced investments in publicly traded digital assets) is available at https://a16z.com/investments/.

Charts and graphs provided within are for informational purposes solely and should not be relied upon when making any investment decision. Past performance is not indicative of future results. The content speaks only as of the date indicated. Any projections, estimates, forecasts, targets, prospects, and/or opinions expressed in these materials are subject to change without notice and may differ or be contrary to opinions expressed by others. Please see https://a16z.com/disclosures for additional important information.