Broadly Speaking of rogue smart contract is a smart contract written for one of two purposes, either to advertise criminal services or to solicit criminal services. So how does the contract check that? This is correspondence between news reports and this text description of the calling card. For that purpose, you would want to use some form of natural language processing. You'd use an LLM like ChatGPT. How does a smart contract gain access to ChatGPT? Who would naturally do that
through an Oracle system? Hello. And welcome to AP Center, the show which talks about the technologies, projects and people driving decentralization and the blockchain revolution. I'm Brian Crane and I'm today here with RE Jules, who is a professor at Cornell. He is a Co director of the Initiative for Cryptocurrencies and contracts. He's also chief scientist at Chain link and and he's written a book recently called The Oracle, which I've read a few months ago.
So it's kind of a sci-fi novel that deals with smart contracts and and oracles. And he was a previous guest here actually long time ago. We're just noting it's almost eight years that he was a guest. So really excited to speak with him. But you know, just before we get into that, I want to share a few words about our sponsors this week. If you're looking to stake your crypto with confidence, look no further than Course one.
More than 150,000 delegators, including institutions like Bit Go, Pantera Capital and Zedger Trust Course One with the assets. They support over 50 block chains and are leaders in governance on networks like Cosmos, ensuring your stake is responsibly managed.
Thanks to the advanced MEV research, you can also enjoy the highest staking rewards you can stake directly from your preferred wallet, set up a white label note, restake your assets on Eigenia or Symbiotic, or use the SDK for multi chain staking in your app. Learn more at Chorus .1 and start staking today. This episode is proudly brought to you by Gnosis, a collective dedicated to advancing a
decentralized future. Nosys leads innovation with Circles, Nosys Pay and Metri, reshaping open banking and money. With Hashi and Nosys VPN, they're building a more resilient, privacy focused Internet. If you're looking for an L1 to launch your project, Nosys Chain offers the same development environment as Aetherium with lower transaction fees. It's supported by over 200,000 validators, making Nosys Chain a reliable and credibly neutral foundation for your
applications. Gnosis Dow drives Gnosis governance, where every voice matters. Join the Gnosis community in the Gnosis Dow forum today. Deploy on the EVM compatible Gnosis Chain or secure the network with just one GNO and affordable hardware. Start your decentralization journey today at gnosis dot IO.
OK. Well, thanks so much for coming on again, Ari. So I don't know how many of our listeners remember you are aware of you, but I mean, I think you've been in crypto for a long time and have had like, you know, a big impact in many ways. You do a little work around smart contracts, trusted execution environments, dolls. You were one of the co-authors of the flash boys paper, which kind of kicked off the whole MEV field and then then more recently an allist. So thanks so much for coming on
again. I'm delighted to be here. Thank you for having me. So I actually looked at our old, the summary of our episode we did in January 2017 and even criminal smart contracts was was mentioned there already. And the criminal smart contract is also kind of a theme of the novel you wrote. And we can share a bit like what, what motivated you to write this novel And can you share a bit without maybe giving too much away or no spoilers, but a little bit the the theme of the novel.
Yeah, there were really 2 seeds for the novel, if you will. One of them is the paper that you and I discussed on the shows, as you said, since seven years ago, criminal smart contracts. In the book I called on rogue smart contracts. Those have a new found relevance as we can discuss given the advent of powerful LLMS like ChatGPT. Not that paper at the time that was written was somewhat speculative, but it has become more real and that became a motivation for writing the book.
The second impetus for writing the book, the sort of literary impetus if you will, was a bridge, Sky bridge in lower Manhattan, the Cornell Tech campus based at Cornell Tech, which is Cornell University and Technion Applied Sciences campus in New York City. The campus used to be in what is now the flagship Google building, lower Manhattan.
I used to commute there every day on the Highline, this whole elevated railway, and I passed this beautiful sky bridge, windows on both sides, and I thought this would be the perfect office. And I just sort of started to visualize the hero of the novel sitting there. And that became, as I said, a kind of second motivation to write in the book. So for for those who either haven't heard or don't remember right, the criminal smart contract episode, what are rogue smart contracts?
How do you envision that? Yeah. So broadly speaking, rogue smart contract is a smart contract written for one of two purposes, either to advertise criminal services or to solicit criminal services. And if the you construed the definition broadly enough, rogue smart contracts have already cropped up in practice, mainly in the form of pyramid schemes like the famous or SAJ scheme. But in the context of the novel and the paper, what was of
interest was real world crime. So I can give AI guess a simple example to illustrate if that would be helpful, how these things work, maybe. Yeah. So let's take for example, I like to use this example. This is a relatively benign 1. Let's take for example, the the Kohinoor diamond. That's this famous diamond with
a very controversial history. It is part of the crown jewels that belong to the British royal family, sits in the Tower of London. As I said, as a controversial history, there are people who believe it should be repatriated to India. There are a number of people who believe that it's cursed, right? So you can imagine somebody would want this thing to be stolen just to have it disappear, not to own it because as I said, it's cursed. So how would you create a smart contract for this purpose,
right? You've got 2 challenges in creating such a contract. The 1st is how's the contract going to know if the diamond is stolen, right? And the second is even if the diamond is stolen, how's it going to know whom to reward for the theft of the diamond? Let's suppose that the smart contract is paying a bounty of, you know, $100,000 in cryptocurrency to this purpose. So how's it going to know where to send the money? The observation we made in the paper is that you can do the
following. You can have a would be criminal, right? Somebody who's signing up to steal the Co ignore diamond send to the contract in advance of the theft a brief description of some detail about the crime that only the criminal could know. And these details are sometimes referred to as calling cards. In the criminal world, a calling card is often it's a physical object that's left at the scene of the crime to indicate who who committed the crime.
So I like to reference as an example of a calling card, the glove monogrammed with AP left by the Phantom, the jewel thief in the Pink Panther movies, right? That would be an example of a calling card. Well, let's say you know it's the first time a particular calling card was being used. Let's suppose that the the the phantom is the one who's going to steal this the Cohen or
diamond. What the Phantom does is send to the smart contract a brief text descriptor of the calling card, monogrammed P GLOG in advance to the crime in hidden form. You know, cryptographically committed, encrypted, I don't want to think about it, but concealed. Then the crime gets committed, right? Diamond disappears, and there's a famous diamond, as I mentioned. So, you know, the theft is splashed across headlines on news sites.
And now the criminal comes back and decrypts, reveals this description of the calling card monogram peak a lot. And the smart contract now checks that news stories correspond to the calling card. You can imagine that the news stories reporting the theft to the diamond would also report the fact that a monogram peak glove had been left to the scene
of the crime. This is the the criminal of course leaves this this calling card in a place that would be visible, prominent, so the the smart contract can check that the the calling card was reported in news stories and presumably it's only as I said, the thief knows in advance what the calling card is. The calling card would be selected for that purpose. So whoever revealed the correct description of the calling card here would be paid the money be
paid the $100,000 or what. This is an example of how these contracts like being constructed. And so the basically for the smart contract to be able to know, OK, this was mentioned in a new story, then you'd have to have some kind of, I mean, I guess I can imagine different ways this could work, right? You could have something like, I mean, right, you're environment chain link, right?
So there could be a bunch of servers, right, that are parties that, that maybe write such a data on there. Or maybe could it be that like, I don't know, like in a in a trusted execution environment, a search is executed or some commands are followed to then like verify such condition or like how? How would you imagine that? That part to work. Yeah, you put your finger on the nub of the problem here. This is the really interesting part. So how does the contract check
that? This is correspondence between news reports and this text description calling card. But that purpose you would want to use some form of natural language processing. You'd use an LLM like ChatGPT. How does a smart contract gain access to ChatGPT? Would naturally do that through an Oracle system, right? You wouldn't be able to run an LLM efficiently on chain. We'd run it off chain and an Oracle system would be the
natural place for this. So the whole scenario in fact depends upon a convergence of blockchain technology and AI LLMS in particular with this example we're considering. And the advent of SHAFT, GPT and and powerful LLMS is what makes this scenario particularly relevant over the past couple of years. At the time that we originally wrote our paper, this was hypothetical, but now it's at least technically feasible. And then this convergence of blockchains and LLMS. How?
How would this work? Like technically. So technically it could be conceptually at least, relatively simple. You would run an LLM ideally in a trusted execution environment to ensure integrity and to give you confidentiality where appropriate. And you might have a single node do this if you trust TV sufficiently. Or you would use a decentralized Oracle network for this purpose and it would ingest news stories as pointed to by the smart contract, or I should say news
sites, stories from news sites. And this calling card, the text descriptor of the object left at the scene of the crime. And this more contract would ask the LLN, does this calling card match these new stories? Right. And as I said, this is technically very feasible. Happily, you can't go just go and build one of these things today, right? It's technically feasible, but not realizable with the constant infrastructure.
So in some sense, the paper and the novel are warnings to the community that this kind of danger is a real technical possibility. We're not careful about how we engineer these systems, how oracles make AI functionality available to smart contracts. Good. Because like the way it would work is like, let's say you'd have the smart contract and you say like I specify some program that should be run in this tee as an example.
And then maybe anyone could go and download this program and, you know, get access to Intel SGX server, which you know, presumably is easy to do. And then they would run this program in there and then they would write the result together with the proof that that's what they did on chain and and get some kind of economic reward. Yeah, there there.
There are a few ways to do this. So one would be, you know, to download the latest Lava model model or whatever and stand it up in a TE as you're suggesting, and that it would be executed by nodes in the Oracle network. Or if you're happy just sending it off to a particular web service, you could actually query chat GET itself. One of the benefits of standing up a model in a TE is that you can provide what's known as an
attestation. Certain forms of tea provide what's known as an attestation, which tells you exactly what application you're running, exactly what model, and exactly what the environment looks like. If you go and query a service like ChatGPT, it's changing under the covers frequently, so you don't know precisely what you're interacting with.
And in the case of smart contracts, you really do want to have in general, a precise notion of how the smart contract is going to behave, and therefore how the Oracle depends upon is going to behave. So you mentioned we have to be careful in how, you know, Oracle's LLMS are engineered so that something like that doesn't happen or these rogue smart contracts. I mean, it seems, is that possible or, or is this just something that would be like a fundamental capability of these systems?
Because that's like, or like how, how do you think the blockchain AI intersection should be approached to, you know, maybe prevent malicious use cases and allow us to leverage the most positive use cases? That's a great question. Of course, it it extends beyond the intersection of blockchains and AI. How do we prevent smart contracts or any kind of blockchain functionality that's doing harm from continuing to
run in an autonomous way? And people have proposed various approaches, right, like security councils in the case of Dows, which could be instantiated elsewhere. One could imagine the techniques that are being developed for AI safety deployed within an Oracle system. So happily the problem is broad enough so that people are thinking about it in other contexts.
And I think also we can kind of turn this question on its head and rather than just thinking about Oracle systems as a way of enabling this intersection potentially in ways that are Oracle, think about them as gatekeepers and contemplate ways that they can help enforce AI safety. And this is one of the things I've started to think about
recently. So for example, I mentioned that it's very helpful for smart contracts to know exactly how an Oracle system is operating because that gives you the determinism, the precise notion you want about how a smart contract in turn is going to behave. And So what we really want to have, or what I would refer to as pinned models, models whose specifications are made fully transparent to users and can sort of be pinned down, locked
in place. And this, I think, can be very useful in ensuring that models don't behave in unexpected ways, that we can at least have a good understanding of which model we're dealing with and potentially test it to determine how vulnerable it is to, say, to adversarial examples or how likely it is to produce hallucinations. So that's one example of a way that we can build systems that
have with AI safety in mind. So AI in crypto is an area where, you know, there's seems to be a lot of or there's a lot of interest in it at the moment. At the same time, it's still a bit unclear, you know, what are what was actually going to work, what's actually going to be valuable. Do you have a view on the kinds of use cases and applications that this AI plus crypto AI, crypto intersection will be most
suited for? Yeah. I mean, broadly speaking, one of the strengths of smart contracts is the fact that they're written in code and therefore they provide rigid specifications of an agreement, a system that users interact with. One of their weaknesses is the fact that they are written in code and therefore are rigid, right to do this very specific interface that lacks flexibility. Flexibility can be harmful and that allows for adversarial behavior, but it can also be
beneficial. And in fact, the lack of precision in contracts written in natural language, ordinary legal contracts, is actually regarded by the legal community as a feature. It enables you to deal with unanticipated circumstances. And this is something that smart contracts as their engineer today can't do right. You can't bake into solidity very easily. Condition. It says this contract will be cancelled in the case of an act of God, broadly defined, right?
You have. You can only give a precise specification of when the contract is going to be cancelled, and you can't always anticipate all the reasonable circumstances under which you might want to cancel it. But if you combine smart contracts with machine learning models, with LLMS, for instance, you can endow them with some of that flexibility we benefit from in the real world. And that I think opens up a whole range of new use cases.
And furthermore, if you combine this with some of the privacy enhancing technologies that have been developed specifically for blockchains, or I should say have been catalyzed by blockchain use cases, then I think the proposition becomes very powerful. So for example, today the rigidity of smart contracts when it comes to loans constrains us to for the most part to using to over collateralized lending, right? Things like my finger down.
But you can imagine a system in which users are, thanks to use of a privacy preserving Oracle system, able to import financial documents from trusted financial institutions trusted by a lending smart contract. Those documents get interpreted by an LLM to assess the creditworthiness of the user and the user gets up to take out a loan on that basis. In other words, you can imagine a smart contract now looking more like a real world lending facility or institution.
That's just a rough example. The type of thing you can do when you combine these two technologies. Now, there are lots of challenges involved, like the ones that I alluded to earlier, adversarial examples. In other words, malicious manipulation of machine learning models and hallucination machine learning models of making stuff up. But I think this broad idea of endowing smart contracts with useful flexibility is what makes the combination of the two technologies so potentially
transformative. So one thing that I mean, you've done a ton of work on, and it's probably, I mean, it's, it was when I got into crypto, you know, it was from when I got in crypto, you know, 11 years ago or more, it was already like the most, one of the most the ideas that excited people the most was the idea of dolls. So the idea that you could have these organizations, they're like on chain and you know, people use tokens in some way to coordinate.
And they could be kind of, you know, replacement or successors to corporations or cooperatives or nation states or like all kinds of, you know, existing legal institutions that, you know, humans use to to do things together. Now, I think if you look at today, the state, I mean, probably most people, right, if you from back then would be disappointed in the, the state of Daos today, right?
To the extent to which they are used and do extent which attract the attraction like the the places where we see traction today, you know, like stable coins defy stuff. They're they're generally different types of use cases. So what, what do you what do you see us as like the state of Daos today? And what are your faults on the role that Daos can play in the future? Yeah, I, I find them really intriguing.
And we're doing this kind of grand experiment in governments across the blockchain community thanks to DOWS. That experiment is taking stumbling steps at the moment. And I think there are, there are a few different reasons for that. One of the challenges that my group has been looking at recently in particular, I think one of the stumbling blocks is not knowing how to measure whether or not a DAO is successful. We don't have objective measurements whether DAO is
functioning correctly. Then we don't know how to conduct the experiment, if you will. So in particular, we've been asking what is the, what is the D in DAO really mean? What is the what is the decentralized part? You can say the fact that a DAO is running a smart contract means it's decentralized, but typically people are more interested in intuitive ideas like making sure that a diverse set of opinions are heard or credible Neutrality is that things one often hears.
So what one would like to have these things in a DAO and I think we would in general regard these as marks of success if achieved. But again, we we really need some way to measure these things. The typically the way that people are measuring decentralization in Dow's today is just to look at token holdings across addresses, right? You say that if tokens are spread broadly and token holdings are more or less equal across a large number of addresses, then the Dow is decentralized.
But this is kind of a simplistic way of viewing decentralization and there are lots of things that can miss. A simple example would be one user holding multiplicity of addresses right. You could have a a whale under the surface of the water, as it were, right? And then this measure of decentralization would be completely wrong. And in general, alignment, sort of hidden alignment among different voters would
constitute a centralizing force. And that's something we really need to take into account if we're going to measure the decentralization in Dows effectively. So what my group has done recently, and this is work led by my PhD student Andres Abrega, is to formulate a new metric that we call voting bloc entropy. And basically the way it works is as follows. Entropy is essentially a measure of how evenly distributed tokens
are across addresses, right? So when I said people look at distribution of tokens across addresses to determine whether it does decentralize, but basically measuring entropy across addresses step measuring entropy across addresses, we measure entropy across aligned sets of voters that we call voting blocs. You can think of them as being like political pardons. And in this way, we can detect forms of alignment in the community. And that we think gives us a better handle on how
decentralization works. And in fact, this idea we have found is rooted in some of the principles and practices of machine learning, believe it or not, reinforcement learning in particular. Plus we, we think of a DAO as a big Organism that's trying to learn things. And it turns out that diversity or decentralization has been shown experimentally to be important in the learning process if you conceptualize Daos as a learning system.
And so we can take ideas from reinforcement learning, in particular multi agent reinforcement learning, map them up to the DAO space. And now we have this metric in hand, and we think that if you can measure decentralization effectively, then we can overcome some of the uncertainty and challenges that the Dow landscape is confronting today. But but you would take that from the voting behavior. It's just like some governance vote.
You'd be like how often people vote in the same way or like. Yeah, Yeah. Great question. So in theory you look at what we refer to as well, what are referred to as the utility functions of the voters. In other words, how much they tend to like particular proposals and how they value particular proposals personally regard to their their own interests. But of course, we don't know voters utility functions. Voters themselves often don't know their utility functions.
They don't know what their opinions are on questions you haven't asked them yet and sometimes even on questions you have asked them. But we can observe how people have voted, and a voting bloc in this view would be a collection of users that tend to vote, have tended to vote the same way historically. That's something we can observe
experimentally. Yeah. So you'd imagine that like those that have less of these voting blocks or people vote more in, in, you know, a variety of different ways, presumably making more of their own decisions as maybe like, I don't know, following some kind of, you know, maybe following some leader or following some particular group that tends to have a big influence. So, so you imagine those kind of dolls would be more performant or like actually function better over time?
That's what the theory suggests. So again, if you think of a Dow as learning to improve some objective function or to achieve some goal, say it's an investment Dow. And so it's learning how to make profitable investments. What the literature, relevant reinforcement learning literature suggests is that a diversity of viewpoints, taking into counter diversity of viewpoints is going to make for more effective learning and therefore will make for more
profitable Dow over time. And in fact, we've stood up a dashboard on this metric. It's called voting bloc entropy, as I said, or VDE or VIBE for short, some of that. So it's the term vibe. So I've got this vibe dashboard that shows the relative vibes of different Dows.
And we observed that some Dows that are known for having communities particularly concerned to achieve high levels of decentralization or to take differences of opinion into account, like some of the prominent L twos Arbitron Optimism, actually are exhibiting high vibe today. In other words, according to this metric have high levels of decentralization. So there seems to be, even within the Dow community, some confirmation that this metric is helpful. Yeah, great.
They are. And I just found that dashboard, so I'm going to include it in the in the show notes. OK, so then you're measuring basically the this this kind of entropy. And have you tried to correlate this with something like what are the the main metrics a higher voting bloc entropy correlates? With. Well, as I said, at least in principle it should correlate with a better functioning Dow. In other words, a Dow that was better able to achieve its objectives. At this point we don't.
The Dow community doesn't have a long enough history and we don't have a large enough set of Dow's to perform the type of experiment we would like to perform to see. For instance, if investment Dows with higher vibe have performed better over time, that ideally is an experiment we would like to do. And it may be that we find some form of natural experiment within the blockchain community or elsewhere that helps us confirm in this sense the value
of vibe. But as I said, the dashboard does seem to show that Dows that are known for having particularly vibrant communities with a multiplicity of opinion have high exhibit higher levels of odd today. Right, right. And now what are dark Dows?
Yeah. So this is, well, as the name suggests, the dark side of Dows. These are something that my group has been thinking about for many years now and we start to revisit in our research because we've realized that the platforms that realize Dark Dows are useful for other purposes and actually could have a pretty sweeping effect on the crypto ecosystem the Dark DAO has originally conceived. And it was my then PhD student, Phil Diane, who was leading work
on on Dark Dows at the time. We're first considering it as we were defining it then dark Dows are were dows whose purpose was to disrupt or influence the operation of victim dows, if you will, and to do that through bribery, voting bribery.
They were dark in two senses. Dark in the sense that they had this kind of malevolent or at least adversarial goal swing votes on proposals in the Dow. Dark also in the sense that we showed that they could be constructed confidential, confidential and we were considering at the time the use of trusted execution environments for this purpose.
But so in principle, you can set up a Dow in a trust execution environment whose operations and behavior are not visible on chain that orchestrates bribery, allows voters in a particular Dow to go claim rewards if they commit to voting a particular way. That was that was the idea in
the nutshell. As I said, this has more sweeping ramifications because it turns out that the ways that you would enforce compliance with a bribery regime in the dark Dow can be used to manipulate other systems as well. We can talk about some of the potential other impacts of dark Dow, like approaches to control.
So like an example here would be there is a, you know, some community pool has some money in it and I make a proposal, pay it to me and I put up some bounty that anyone who votes in this direction can then, for example, get a bunch of maybe I'll put like half of this payout in in that fool. And then people who vote that way can basically sort of get the money and plunder it. Something like that would be like an example. Or. Yeah. So that's so that's basically
the the idea. And in fact such bribery markets exist today or certain D5 protocols that was basically a quarter billion dollar market in on chain bribery protocols. But the particular danger that a dark doubt poses is the fact that you can do this confidentially and that means it's hard to orchestrate defenses against it. The basic technique involved here is something we call key encumbrance. Basically the idea is that you hand over your private key to an application running in a trusted
execution environment. Think of it as a private smart contract, right? So your key is now sitting in this private smart contract. It's like a like a wallet contract. And you can use this contract to commit to doing things like voting a particular way in the Dow. But you can also have this wallet contract, if you will. Private wallet contract can have you commit to doing other things or constrain uses of your keys in other ways so that you can take your control.
Take the control you have over particular assets, either governance tokens or something else, and do a whole range of interesting things, lending them, selling them, renting them. And that, as I said, can have pretty sweeping implications for the crypto ecosystem as a whole.
So to give an example here, let's say I'd have, you know, a token like Lido. I would then basically like, let's say some kind of wallet would be created that presumably I, that would be like maybe the code would be open source so I could inspect it and then it would run on some tee and I would put my, my coins on there. And then for example, let's say they would be locked there for a month.
I couldn't transfer them out and someone else could, could, could just vote them but not do anything else. So use them in governance and they compensate me for that. And then after a month I can sort of like take them out again, something like that. Exactly. So you need to generate your key inside this wallet because if you generate it elsewhere then you have control, individual control over it as opposed to having the wallet controlled
exclusively, right. But yes, so you'd set up a wallet and indeed you can lend to assets that way and you can do lots of other things. So for instance, you know, this is notion of soul bound tokens, which are credentials that a user is not supposed to lend to others. As the term soul bound suggests, it's supposed to be associated with a single individual or an entire lifetime.
Well, if you had a soul bound token in this environment, in this key encumbered environment, confidential wallet environment, you could, you could lend it out to someone else and the fact that you're lending it out would not be visible on shape. And so you would basically be breaking the fundamental property of the soul bound token would no longer be soul bound.
That's another example. Yet another example would be pre selling air drops or taking tokens that are supposed to be subject to a locking period and unlocking them prematurely by transferring ownership in this kind of hidden wallet off chain. There's a couple of the other things you could do with this type of environment. How, how would such a wallet be hosted? Because like somebody it is now in some server, let's say it runs Intel SGX.
And I mean, presumably someone could just unplug that server and maybe they can't like steal the money, but also they could sort of interrupt it from functioning or, or would this have to, would this have to be its own decentralized network? So there there are a couple of options here. 1 is to use a centralized system like a cloud provider. They have pretty good uptime and pretty strong guarantees around the availability of resources to end users.
But of course they're not decentralized systems. They don't give you the guarantees for accustomed to web 3. An alternative is to use a TE based blockchain like Oasis. I don't know a secret network or something right Which are designed essentially for applications of this type. Obviously not the malicious variety, but applications that run the equivalent of smart contracts in trusted execution environments.
But like, let's say if in the first example, if it's like on AWS or something, then well, some party still has, you know, is the owner of that AWS account and they could go in that admin dashboard and be like, oh, stop this server from running. Yeah. So that that indeed would be that would be a potential risk, right.
So you would need to find some way to prevent that from happening, and not entirely clear how you do that, but you might may be able to lock yourself out of your own account demonstrably, or you can have group administered service or something else. The other example would be like, let's say the Oasis example you made that I guess sort of tie seems to tie in a little bit with this like chain abstraction topic, for example, right? Because let's say Oasis is on
blockchain. If I would want to control some let's say Lido token, right, which can vote on Ethereum or it's an Ethereum token, then I'd have to be able to generate like an Ethereum address in there, have an Ethereum contract and then it could generate emit this transcend transaction from Oasis that then somehow somebody would take and broadcast on Ethereum or. Yep, and that's exactly what we're doing in a research project we'll be releasing a
paper on imminently. This is led by my PhD student James Oustken. We have created a system we call Liquefaction that runs on Oasis but enables all these applications in Ethereum or on any blockchain of your choice, right. So the the key is encumbered or controlled in or sitting in a wallet in Oasis, but the key is for assets on some other blockchain, potentially like a Sherry. Cool, cool. I mean presumably also lots of non nefarious utilities for this
kind of application. Yeah. So 2 important things to point out. Number one, that there are lots of beneficial applications as well. So an example would be, for instance, a privacy preserving version of Constitution Dow. Do you remember Constitution Dow raised, you know, 10s of millions of dollars to buy a copy of the US Constitution at auction. But the project was completely transparent. So, you know, hedge fund manager was able to come along in but and easily outbid them.
You could create a confidential version of constitution Dow where investors get either no indication or only a very general indication of what funds have been raised up to a certain point and could do that. And and there are lots of other potential applications as well known as this. We're basically talking about turning assets liquid right and liquid staking. You might, depending on your perspective, view as a positive application and liquification if
you will. Liquefaction of other assets can be beneficial as well. Second important point to make is that if you don't want your system to be subject to liquefaction of this type as you want a system whose assets can't be liquefied, there is a countermeasure to key encumbrance to use of T ES as ones. And that's something called complete knowledge. And this is a system that or idea that my group developed in collaboration with Vitalik Bootre.
And the the idea essentially is that in order to use the system, you need to prove that the key you're using, private key you're using to interact with it is not sitting in a TE application of the type we've been described. It is not encumbered. How do you do that? Well, one simple way is to fight fire with fire. You generate your key in a TE application that spits out the key and then proves that it's
spitted out. In other words, it demonstrates that you, the user, know the key and therefore it can't be controlled exclusively by one of these confidential wallets. So it's a fairly practical countermeasure. Could you run the tee inside another tee or something to then prove that you discarded the spit out key? That yeah. So that would be a problem. If you had nested T ES that then we'd be in trouble or you would need nested proof of complete knowledge.
Go down that path and things get pretty tricky. But you make an important point that which is that we're we're we're assuming at least in the initial development of these things that that there are no nested Tees sitting around anywhere. Yeah. OK, OK, great. I guess we are starting to to, to see stuff like that. I mean, I, I feel like probably the most the one of the most obvious use cases, right for T ES, I do imagine is that kind of intersection right between.
I mean, we've kind of talked about it earlier a bit with the Oracle thing, right, where you have some smart contract and the smart contract wants to be able to use an LLM, right? And then have some kind of something, you know, LM is called off chain and the result is written back on chain.
And I mean, I think that could be interesting from the perspective of, you know, this AI crypto merger, but maybe also actually very powerful to get dials really to the place where they become more powerful and functional. I mean, I know, for example, the topic of, you know, prediction mark is also one thing that people were, you know, been very interested in since the beginning.
And they've kind of haven't gotten too much traction, maybe except some like very limited use cases like the elections. But I know for example, diagnosis people that were working a lot of that they they felt that like, well, if you can have like LLMS that are basically playing like bought that are betting in these prediction markets, maybe you can start having, you can start actually using them for like
fine grained decisions somehow. Yeah. So TS would be a good way to execute LLMS with strong trust assurances. I mean, we do TS are very powerful and as you know, they're making real inroads into the crypto community. But we, it is important to emphasize that historically they've had pretty serious security vulnerabilities. And so of course there are a lot of people are skeptical ultimately about what sort of
security we can afford. And additionally, as you were pointing out earlier, a TEE on its own doesn't give you any kind of liveness or censorship resistance guarantee, right? For that, you need to have a, a network of teens in place. You need to incorporate them into a blockchain or a decentralized Oracle system on something else.
But that said, I I think they're an incredibly powerful and promising technology, and I would expect them to have a huge impact on the crypto ecosystem if we can live with their potential vulnerabilities, right? In fact, they are able to do essentially all of the fancy cryptography that has received so much attention of like in the crypto community. 0 knowledge proves to be an example or
secure multi party computation. All these things essentially get consumed by TE if you trust the team. Yeah. And they become like much simpler and much more achievable in the short term and much cheaper and more scalable, right? Because I guess if you know things like ZK, right, very computationally extensive, slow, and a lot of challenges around that. Yeah, exactly. So TESI mean, we mentioned SGXA bunch of times.
I think that's as far as I am aware, I don't know, but was maybe like the first one or first one to get like traction, so created by Intel. But of course, always one of the contents just like, well, this is like, you know, one large company that controls these that could potentially, I think also like maybe I don't know if that's actually true, if they could like sort of attest or or declare things to be ATE that an Intel SGX server that actually is not.
There's a lot of. Innovation happening there. Do we see a lot of maybe open source T ES or alternatives where you're not as dependent on Intel? Yeah. So a few things to note here. Number one, the range of TE technologies available to the
community is is slowly growing. Recently NVIDIA for instance has started to support essentially extension to the Intel Trust domain in in its GP US. AMD has a kind of variant on the Intel TE, and in fact, ARM has begun to incorporate recently into its chipsets T ES that look like Intel T ES. T ES, to be clear, been around for a while. And if you have an iPhone, you've got ATE.
But some of them, like the one in your iPhone, lack what are known as attestation capabilities, the ability to prove things to the third parties. But all of the different variants I mentioned just a moment ago have attestation capabilities. So T ES with attestation capabilities that become more widely available. Those are still not open source.
There are attempts to create open source T ES with attestation capabilities, but that's a really challenging problem that encompasses both computer science and physics, and I don't have tremendous confidence that we'll see anything of that kind in the near future. Maybe one more topic that we can we can touch on.
So you know I mentioned earlier. You're working around Mev, you know you co-authored with Phil. Diane who went on to start Flash bought the paper Flash Boys 2.0, which was sort of the the inception certainly in the same in the, in the in the mind or in the awareness of MEV and you've done some work around proof of Fair transaction ordering. Can you explain what is, what does that mean and how does that work?
Yeah, so since the flash boys 2 dot O paper came out and since the rise of in some cases exploitive forms of MEV extraction. Not all forms of MEV are bad of course, but detrimental ones around. My group has been thinking about ways to mitigate the the impact of MEV, ideally to get rid of most forms of exploitive MEV. One of the approaches that we've been looking at is what we call fair ordering. In particular share temporal ordering, which is really just a fancy name for first come, first
serve ordering of transactions. And that seems like a simple thing at first, right? You know, you set up some machine and it just orders transactions according to the time that it sees them. Turns out to be actually quite tricky if you do it want to do it in a decentralized way.
And the reason is that you've if you've got a network of say 10 nodes receiving transactions, those nodes depending on where they're sitting and where the transactions originated are going to see different transactions at different times and in different orders and somehow they have to reconcile their disparate views of when transactions have been received. In addition, you know, maybe some of those work nodes go rogue and cheat and try to order transactions adversarially.
So we've developed some techniques that address this problem achieving forms of Fair ordering that are resilient to some number of malicious nodes and provide some nice properties even when nodes transactions at different times. And this is this is something we worked on for a few years. The problem with the approaches we developed was that they assumed that you've got, you know, a quorum significant majority of honest nodes. And the question is, how do you
enforce that, right? We've seen that there's a willingness, I mean, there's a monetary incentive to order transactions in ways that support arbitrage nodes that allow users, I mean, to put it bluntly, that allow users pockets to be picked. If there's money on the table, somebody's going to pick it up. So how do you ensure that nodes are actually ordering transactions parallel?
And we couldn't find a solution to this problem until recently when we developed a system that we call Prof, which stands for protected Order flow. The concept behind Prof is pretty simple. And again, it it leverages trust execution environments. As we were discussing that very powerful. It's a number of different things. So here's the idea.
Transactions get ordered. Let's just assume that some transactions get ordered fairly and are incorporated into a bundle on the TE and you can order them fairly however you like using the first come first serve approach I suggested. Or just have transactions enter the TE encrypted form that can also ensure some degree of fairness or both the number of different ways you can do this. But let's suppose you got this bundle of fairly ordered transactions sitting in the TE.
The question is now how do you get those transactions on chain in a way that is going to carry the right incentives? That's how do you incentivize validators not to muck with these transactions to accept the bundle in its fairly ordered form as a prop does this in a very simple way. It takes a block that was about to go to a validator and it basically adds to it internally this fairly ordered bundle and it makes this take it or leave it proposition to the validator.
And I'm simplifying things, of course, not considering all the nuts and bolts infrastructure that offers this kind of take it or leave a deal. The valid IT says, OK, you can take this block that has this extra bundle attached. And if you do that, we're going to give you a little extra reward, like an epsilon reward, say an extra penny. So you can do that, but you have to leave the bundle intact and the TS going to make sure that you leave the bundle intact.
Or you can just not take the bundle, you get the original block and then you give up the penny. Well, a rational validator, profit maximizing validator obviously is going to choose to allow this bundle that will pend it to the end of the block. That's better to have an extra penny than not. And so this simple mechanism we think makes barely ordered transactions monetarily appealing within existing infrastructure now within the the PBS infrastructure and the supply chain.
OK, actually I didn't totally understand why that would. Be the case. So. So you get a, you're a validator. I'm giving you a choice between two blocks. Give you block a which was constructed by a builder somewhere, right? So this is. Oh, so you you're assuming here the proposal builder separation, so this. Is you? Yeah. So we designed it to work with proposal builder separation. Although we can work, it's a, it operates on a pretty general principle.
So it, it could work outside existing PBS infrastructure. But the idea is, you know, you got the, you can take this block a, right, which is just constructed by a builder or constructed somehow doesn't really matter. And you get a certain reward, you know, reward RR dollars or you can take block B. What is block B? Block B is block A plus this extra little bundle with A with A1 penny additional incentive. So if you take block B, you get
R dollars plus a penny. And obviously you as a validator, you want to maximize your profits. You're going to take block B, we'll take the extra penny, and in so doing you will accept this barely ordered bundle that comes at the end of block B. That's the idea in a nutshell. Yeah. So I mean actually at at course one, so the the company I mainly run. So we have, we have done work on exactly that problem with the
DYDX chain. And basically the, the thing we did there, the the sort of solution or our research team design, which is the thing that ended up implementing was basically to say that like, you know, each validator would have their own local, I mean there's no proposed builder separation, right? All the transactions go to the validators directly, but in each validator would basically, you know, have a local order of transactions as they receive it.
And then when the proposer creates a block, they would basically see like, oh, how much is the divergence of that from the other validators and sort of score that. And then you know, if if the other, I mean it, it basically accepts that there is like some divergent, right? Because the validators will receive it in like somewhat of a
different order. But that if it was like, you know, too much of A divergent, then basically, I mean, basically the block is scored in terms of how much it by each valid, how much it diverges from their own local view. And then you basically have this kind of statistical thing, right, where it could be like, OK, if they were to sort of mock with the transaction order, you know, you'd start to see this divergent and then they could be slashed.
That's kind of like the the approach that that was taken there. I see. How do you prevent the validators from colluding so that they're all ordering transactions the same way and during the signal? Yeah, you can. Like, you couldn't really prevent that if there's, but you would have to probably. Have like a lot of validators colluding right or? Or like, I mean, it would still be detectable, I think. Yeah, it depends, right? If you have everyone colluding, of course they could.
They could obviously cheat this mechanism. And if you have a majority colluding, then they could maybe make the ones who are actually honest look like the ones who are messing with the order, right.
But but I think given that, I mean, this is also a little bit of a different dynamic or what given that, you know, the validators are chosen by the DYDX token holders, you know, who have an interest in the health of the system that helps, you know, they, it's very unlikely that you're going to have, you know, a bunch of malicious parties that basically control all the stake on and then collude against the network that just, you know, doesn't really, it's not very incentive,
not extremely unlikely to happen, I think. Yeah, that that makes sense in the in the Ethereum setting, of course, you you can't assume that validators are not going to clue. That's what makes it especially challenging. But in the setting you're describing, it makes sense. Validators are chosen by the community. They're, well, I wouldn't be honest. It's essentially permission set.
Cool. So what's the, what are the, when you think of the next year or two years, what are the research questions currently that you know you find most exciting or challenging or important that you're focusing on? Well, one of them is thinking about how blockchain systems can be beneficial to AI in the way that we were discussing earlier, you know, rather than just thinking about what AI can do for blockchains and. People have formulated a lot of answers to this question.
Some of them don't make a lot of sense to me, you know, like being able to distinguish deep shakes meal conqurant, I'm not sure I buy. But I do think that the the tools that the community has developed for both integrity and confidentiality in the blockchain setting can be immensely useful in machine learning settings. So that's one of the things that I at least personally thinking a lot about. And my group I think will continue to explore Daos and figure out best practices for
governments. One of the things that we're trying to understand now is what the mechanics of voting should look like today, you know, typically happens in snapshot, tally, whatever. And there's some peculiar things about the way that those systems are built from the perspective at least to the academic literature, one of them being that ballot secrecy isn't preserved throughout the voting
process. It would seem beneficial to ensure ballot secrecy even through the through the tallying process, at least from the perspective of classical voting systems. In blockchain systems, there's a desire for some degree of transparency, though. So there's a real tension between what voting Dows want, DAO communities want, and these kind of foundational properties. And that's something we're trying to figure out.
And our hope is to design voting systems that preserve as much privacy as is compatible with transparency objectives in DAO communities. And that turns out to be quite tricky. That's another thing we're thinking about. And then this whole business of liquefying assets and complete knowledge and figuring out the balance between those two, that's something we're still wrestling with. And I think there's a lot of research to be done, more a lot of interesting and impact
holding research. Cool. Well, thank you so much, Ari. I think you continue making working on some really like interesting problems. And I, I think that definitely that whole teehee merging of AAI blockchain, I think that's going to end up being like a super vibrant area. Actually, I was just at dinner a few days ago where I don't know if you've heard of this thing called GOAT and something terminal.
It's basically some kind of like AI supposed AI that's, you know, that's kind of interacting with this meme coin. And but like one of the challenges is actually that you cannot really like, you know, I'm challenged, I'm like Bob, but is it really the AI that's like doing these things or is it like some the person who you know?
Because it's like off. Chain not verifiable, but I think it it kind of points to it points to the things that like, because I think very, very soon you will be able to have it that like, you know, you can have an AI starting to do stuff right and people interacting with the AI and I think this is going to give rise to some very fascinating and bizarre things. For sure. So yeah, thanks so much for coming on. I really enjoyed the
conversation. And of course, for, yeah, the people listening, I think you definitely go check. Out the the book the. Oracle. I really enjoyed reading it. I feel it sort of points to the yeah, like to some of the exciting, dangerous, scary things that that will become possible with AI in crypto in the future. So it was really well written too. So if people like science fiction, then go check out the Oracle. And yeah, thanks so much for coming on.
I'm excited to, you know, have you again on at some point in the future, maybe before 8 years have passed and we can talk about, you know, all the, all the new things happening in crypto. Thank you bro, it was a real pleasure. Thank you for having me on.