Most of this article is about the same solutions that are always proposed (wake me up when people actually use them and they actually solve the problem at hand.)
To me the most damning part of the article is:
> These critiques are usually unmoored to anything actually happening in the blockchain space, and unaware of the technological development and cultural vision. This bifurcation is extremely harmful for the health of the emerging technologies: these technologies are not going to go away, so if your only answer is dismissal and anger, you’re actually just ceding the power to decide what these technologies will look like in our world. This pattern of discourse creates a negative-sum feedback loop that does a disservice to all.
Quite frankly, if web3 really was all its cracked up to be, enthusiasists wouldn't be so offended anytime someone "didn't get it". After all, if it really was gold, they would be too busy making cool things and the results would speak for themselves.
As the author says, those who ignore something ceede power to those who show up. But why would the people who show up be so offended that people are giving them power? If it was actually valuable wouldn't they want it for themselves?
Every time someone criticizes cryptocurrency, its always the same refrain: people are wrong to be negative. All the bad vibes will turn your heart black, etc. That's what cults say, not what people with viable tech say.
> Every time someone criticizes cryptocurrency, its always the same refrain: people are wrong to be negative. All the bad vibes will turn your heart black, etc. That's what cults say, not what people with viable tech say.
True. In reality the "bad vibes" are just folks trying to find a consensus on where this technology belongs- if you can't communicate the benefits of the tech in a convincing way, it's not everyone else's fault.
Because even if web3 is a technological advancement and fulfills its stated purpose flawlessly, there are still negative externalities like the environmental cost. It's similar to building more data centers to house YouTube's "unlimited" storage for user-created videos. YouTube is one of the most successful platforms on the web with unprecedented societal impact, but will there ever be a time when we stop building more data centers, along with incrementing the total energy and environmental costs of running them all?
And once a critical mass of people have adopted said technology, it becomes too easy for those in control to shift the blame onto the millions of functionally satisfied adopters when looking for solutions to the negative externalities that don't directly affect those adopters.
The only major blockchains using proof of work and having considerable environmental impact at this point are Bitcoin and Ethereum.
Bitcoin has stalled in development so I don’t think it will ever change, Ethereum has been talking about moving to extremely low energy Proof of Stake for years (hopefully will happen soon).
Almost all the other major blockchains available - Polkadot, algorand, Tezos, NEAR, Solana, Cardano - are proof of stake, or similar extremely low energy consumption blockchains.
The environmental criticism of blockchain is therefore going the way of the dodo. There are many valid criticisms of blockchain but the energy consumption criticism is about to be technologically outdated. It will age like milk.
The only significant project using it is really Ethereum, and like I said, they have long promised to move on but have apparently gotten into a lot of technical trouble doing it, but they are still dead set on doing it.
Maybe. But right now PoW block chains have most of the marketshare. The environment concern is not a new one, maybe it will become spoiled milk one day, but so far it seems like the milk has had an incredibly long shelf life.
I'm dismissively cynical with respect to the future of "web3", but for the most part I can appreciate the tone taken by this article; no defensiveness, no condescending suggestions that the critics "just don't get it", but most importantly, acknowledgement that these are real problems and a willingness to engage with the specifics of the criticisms outlined, without hedging. I remain unconvinced, but I think the discussion around blockchains would be a lot less heated if the rhetoric from the enthusiasts was typically this measured. Yes, I recognize I'm putting the onus on the enthusiasts and letting the cynics off the hook, but the enthusiasts are the ones claiming to herald the next iteration of the web, that's a haughty claim for an already controversial technology.
The builders talk this measured way. Hang out with more of them, while they’re building and where they build.
Join discussions where draft standards are being ratified or tabled.
There isn't really a world where any of this goes away, so the voyeuristic and quizzical approach doesn't work, there is a world where updates push it in a more relatable direction. That might be the biggest pill for cynics to swallow, that there is no convincing them thats going to happen and they’ll wind up contributing to its resiliency anyway.
> The builders talk this measured way. Hang out with more of them, while they’re building and where they build.
There's no reason for me to hang out with them, they can come to me if they want my attention. I don't come to HN for blockchain evangelism, but this is a tech forum and blockchain is tech so if an article comes up I will engage with what I am presented with.
> There isn't really a world where any of this goes away, so the voyeuristic and quizzical approach doesn't work
I don't think it goes away, but I don't see it really going anywhere else than where it already is. Cryptocurrency is synonymous with "speculation" in terms of what is actually happening in the real world. I have no doubt we might see bitcoin and alts continue to rise in price as the ecosystem continues to do everything it can to amplify the hype, but at the end of the day, blockchain "web3" will never take off because the masses have no interest in using cryptocurrency, they just enjoy trading it on coinbase and robinhood like it's a stock - web3 has nothing to offer those people.
> There isn't really a world where any of this goes away
Why not? Technologies rise and fall in unpredictable ways. I'll admit that there is a lot of energy to web3 - its not a minor passing fad. However that's still a long way from being inevitable.
Honestly, whole thing reminds me of how communism is going to "bury us".
The main answer is that these concepts dont go away and will continue even in a world without ubiquitous internet as making a couple computers communicate doesnt go away.
For background on the quote, see https://en.m.wikipedia.org/wiki/We_will_bury_you but basically, it meant, the ideas of communism are inevitable, it doesn't matter what you do, the concepts aren't going away and eventually it will prevail, so we're happy to just wait it out (didn't quite work out that way)
I see the same kind of, history is on our side so we can't fail, attitude here.
And you're right, the "idea" of a blockchain isn't going to be forgotten anymore then the idea of the internet would be. However that doesn't mean web3 is going to succede in its rather undefined vision. It would be like saying the internet won't be forgotten and extrapolating facebook's future stock price.
Or to use a digital cash analogy. The idea of digicash was not forgotten, but yet it still went under.
Okay that’s good context, now objectively what do you think about it on this topic and does it matter? What do you think it having the possibility of failing has to do with whether you spend time on it or being quizzical about the people that do?
This isnt as simple as the LA Mayor’s response as mentioned in the above article, where he basically said “we’ll live our lives not bothering each other instead”, as we are all capitalists here there is alot of alpha. The alpha is built in seamlessly to your contributions, if you build. If you build you exercise a sentiment towards a world you want to exist, even if the technology stack does not allow it to succeed. And yet you make enough money. So you make enough money working on something you believe in. If the possibility of the technology being the limitation is your issue with it, then just call it entertainment. The entertainment industry, and that has unambiguous value too.
The group of people you label “the enthusiasts” are too heterogeneous to be meaningful.
For example many developers are enthusiastic about a specific blockchain technology and unenthusiastic about the others.
Consider also the difference between someone who researches the formal specification and verification of smart contracts, vs someone who tweets dank memes of babydoge to Elon Musk. They’re completely different people with unaligned interests.
If you choose to lump them together and react only to people peddling hype, then what you’ve really done is fooled yourself into aligning with the hype peddler and unaligning yourself with the researcher, by choosing the reverse vector of the peddler.
> if your only answer is dismissal and anger, you’re actually just ceding the power to decide what these technologies will look like in our world
I mean, if I'm dismissing it, it means that I don't believe that anything meaningful could come out of it, doesn't it? At that point, why "power to decide what these technologies will look like in our world" should have any role in my decision process?
> these technologies are not going to go away
There are a lot of harmful, useless, irrelevant, etc. technologies which won't go away. So this wouldn't be surprising. But if someone is trying to articulate that these technologies will create a revolution of some sorts, most people will need better convincing.
I think the idea is that there are entities like facebook/ meta who believe that the metaverse is going to be a big thing, so if a "metaverse" is going to exist and see adoption, most people would much rather have it not be under the sole control of a corporation like facebook like most of the services on the web right now. Similarly, digital currencies are going to eventually become mainstream, and there are similar concerns about how central banks will implement them. In cases like these, having an second option that isn't controlled by some powerful institution could help democratize how they get implemented and used. If you dismiss it, then you are just leaving it to these large institutions to make the rules like they previously have, they have the power and resources to out compete, buy or snuff out any traditional competition.
Yeah, but remember when Facebook decided to inflate engagement stats for video, and sent everyone on a wild goose chase trying to create videos for everything? That made journalism much more expensive to do, made the web worse (auto playing videos now everywhere) and was a complete and utter waste of everyone’s time, effort and money. That’s almost certainly happening again with the metaverse. You don’t have to play the game. You’re arguing that we should follow the advice of large institutions to invest in their crap, simply because if we don’t, they’ll have the crap all to themselves. I say let them keep it.
No that isn't what I am saying, I am simply saying that there appears to be trends in the way technology is going to be developed and used. Facebook wasn't the first to think of a metaverse, but they are a big player in how it will develop based entirely on how big they are. Money has already increasingly become digitized and will continue to trend that way long before any central bank digital currency gets developed.
The point is that nobody knows what the future tools of the internet will be, they can only see trends and act on those. Most are probably stupid and most will probably be useless, but innovation will inevitably happen. Its fine if you think places like facebook can have the metaverse to themselves, just like it is fine for people to think they shouldn't.
If Facebook were the only player in the metaverse, it would have no value whatsoever. They need other people to invest, because it is too big to build themselves, and it is therefore necessary for others to participate for there to be a market at all. Simply doing it because it’s a trend is incredibly vapid. If you don’t think it’s a good idea, don’t give them your investment. Your choices matter; your thoughts on whether a trend is worthwhile matter, because your participation determines its success. Take some responsibility.
I think there is a misunderstanding here, I'm not involved in any web3 stuff I am just discussing it. I think whether or not you or I think it is a good idea or not is irrelevant because the reality is that there are people that are working on things because they think they are good ideas, and there are people investing in those things similarly, even things you would consider ethically questionable. It happens and will continue to happen.
Facebook doesn't need to build it all themselves, they just have to make the platform that everyone else will want to build on, just like what all of the current tech giants have done for the past 20 years. The idea isn't about chasing trends (or even something specific like a "metaverse"), it is seeing where innovation in happening and hopefully avoiding further concentration of power in the future of the internet.
Was there any democratic process when "Solidity" was designed? Unfortunately, it does not appear to me that the right experts have been involved and that there was peer review. It looks like it was thrown over a wall, much like JavaScript was.
> In cases like these, having an second option that isn't controlled by some powerful institution could help democratize how they get implemented and used. If you dismiss it, then you are just leaving it to these large institutions to make the rules like they previously have, they have the power and resources to out compete, buy or snuff out any traditional competition.
I thought the whole idea was it is "distributed" and non centralized. If big evil company takes over, can't you just fork? If it really was decentralized, why would i care about the direction the central commitee takes?
The big company isn't taking over, the big company is making the thing so they own it. The point was that having a similar distributed solution takes power away from the big company because it provides an option for users to choose if the big companies implementation becomes too onerous.
The points made are relevant. However, they are much more political/social points rather than technological. Technology could help to facilitate such social or political change but it is the smaller part.
Somehow the web3/crypto etc discussions tend to vastly overestimate the role of technology vs the role of societal choices.
Technological changes are often precursor to societal change. But its not necessarily easy to predict what that societal change will be. Very often it isn't what the techno-enthuiasts think it will be.
This is decentralized root naming system. This is one of the most practical use of a blockchain where all records need to be public and verifiable. No need to depend on icann and registry owners for having a tld which you own.
2. Unlock
This is membership protocol powered by nft. People can buy a nft and then for authorization, service provider can check whether the wallet has the nft and is valid. This way, nobody controls your membership and you can move them around the web as you like.
They are all connected to a wallet you control.
3. Arweave
Permanent storage using incentives and built on the idea of storage getting cheaper. Of course, this may not scale but I like the potential.
This is what Namecoin[1] tried to do using the Bitcoin blockchain ten years ago without success. This gets reinvented about every year on top of every new blockchain, and none of these implementations have proven useful yet.
The main problem is that speculators become domain squatters, and buy all the popular domain names with the hope that they go up in price.
> The main problem is that speculators become domain squatters, and buy all the popular domain names with the hope that they go up in price.
This is the worst part about any web3 project.
Though, there are some differences between namecoin, ens, and handshake.
Handshake lets you register the TLD while ens, namecoin, etc are limited to domain on a single TLD. The potential number of combination of domain + tld is enormous comparatively.
Secondly, handshake doesn't release all TLD at once. They are released slowly to stop speculators from gobbling up the initial supply.
I do agree speculation is a huge problem which happens in normal ICANN world as well. So nothing to miss except I can own the TLD for which I don't need to pay over 200k USD with chance of getting rejected from ICANN and ongoing cost.
> main problem is that speculators become domain squatters, and buy all the popular domain name
I like the geo-libertarian approach to this. Said squatters should need to keep paying the market value of the resource in rent to remain in control of it. Thus removing the benefit of just squatting and require you to provide additional value on top of being the current owner to not lose money.
How do you determine the market value of a domain? Just let the highest bidder win?
Should we let a bunch of black hats purchase google.com if they can extract more value from it than Google can (and are therefore willing to pay more for it than Google)?
I want to have a few different line if thoughts to that concern.
a) On black hats, and presumably the risk of being tricked. Perhaps this is an orthogonal problem to who controls the name. Then again it might not.
b) On who the name is valuable for. You hint at there being a public interest in who controls the name. The free market response would be that in theory if the black hats can extract more value its because the invisible hand provides that value to the public in unforeseen ways. Or it may be that we just exchange one rent extractor for another, in which case perhaps the public should be more directly involved in the value assignment. A democratically governed central authority is one approach, another might be a more direct decentralised trust/value assessment towards a particular assignment
c) On bidding. I can see different approaches but to avoid a takeover situation a bid would probably have to binding over some significant time making it implausible for a takeover to be profitable unless the calculated return can be sustained.
> This is membership protocol powered by nft. People can buy a nft and then for authorization, service provider can check whether the wallet has the nft and is valid. This way, nobody controls your membership and you can move them around the web as you like.
Who is the boogey-man trying to control your site memberships? The site operator? I highly doubt this system is robust against site operators trying to "moderate" you, but supppse it was, why would they sign up for it?
For an ecosystem originally built on keen insights on how to mix tech with incentive structures, web3 seems to have thrown that all out the window and replaced it with wishful thinking.
> Who is the boogey-man trying to control your site memberships? The site operator? I highly doubt this system is robust against site operators trying to "moderate" you, but supppse it was, why would they sign up for it.
People use centralized platforms like patreon for memberships. They can kick you off and you will lose all your subscribers. Your patrons will lose access as well. That is what unlock tries to solve.
The membership data is stored on the blockchain publicly which everyone has equal access to. You can prove you own a particular nft stored on the blockchain by signing using your private key. So even if all data is public, authorization is secure and reliable.
> "In the model where this data is public, I can query the wallet of people to check for HN nft and provide special discount or perks."
How will you provide your "perks" if either you or your members have been kicked off the platform where those perks made sense in the first place?
With this use-case you're describing - all you have is a list of wallets that were at some point relevant to you in some way. This is the equivalent of maintaining a mailing list. Why does any of this require a distributed ledger? What problem does this solve exactly?
> "Subscriber owns the membership and can prove to the service provider. Service provider has access to the membership and can check the validity."
How is this any different than signing up with an email-address as a username?
I'm not the one providing HN membership. That would be YC but I as a third party can verify whether someone has a valid HN membership and provide them perks based on their membership. That is the problem a distributed ledger solves. The data is public and usable by any service provider.
To verify you have a HN account (membership) today, a service provider need to build something like keybase. That is complicated and will be different for each service.
That is the problem unlock-protocol "solves". It defines the protocol for managing these memberships. To create, verify, deploy, etc.
You need some way to pay for membership without a middleman. This is solved by cryptocurrency part of the blockchain these nfts are stored on.
Memberships are also more complicated than a list of email addresses. They can be transferred, expired, and change depending on the action of the user. For example, some provider want their memberships to be reduced to half when transferred.
> To verify you have a HN account (membership) today, a service provider need to build something like keybase. That is complicated and will be different for each service.
What's wrong with plain old digital signatures in this contrived scenario. If for some reason this was desired, hn signs an assertion that so and so is a member. Person presents this assertion as neccesary. No blockchain required.
Memorizing hn's public key is no more hard than memorizing what their nft is.
I suppose you'll say transfering memberships. If hn is onboard with the transfer they could just issue a new signed assertion. So the only use case is if you want to transfer ownership against the service provider's will. But how does blockchain solve that? Unless i missed some great advance in zkp, all transfers are public on the blockchain, and service providers can trace the transfers and not recognize transfers they don't like.
> They can be transferred, expired, and change depending on the action of the user. For example, some provider want their memberships to be reduced to half when transferred.
What's a real world example of someone wanting something like this? I can't think of any.
> What's wrong with plain old digital signatures in this contrived scenario. If for some reason this was desired, hn signs an assertion that so and so is a member. Person presents this assertion as neccesary. No blockchain required.
Blockchain isn't required for this part and I answered why not certificates in this thread elsewhere. The simple reason is, wallet based authentication & authorization is more mainstream than pgp today. You also need to pay for memberships and that can be done through the same wallet. Arguably better UX.
> If hn is onboard with the transfer they could just issue a new signed assertion. So the only use case is if you want to transfer ownership against the service provider's will. But how does blockchain solve that?
Indeed. That's the point of storing membership data on blockchain. The user and community can go against the service provider. Think of freenode transfer a while ago, if the identity, moderation, ownership of channels, etc data was stored on the blockchain and controlled by the user. The community could migrate to another IRC service which fetched data from the blockchain and each user could get the same account they had on freenode by verifying they owned that data.
> The simple reason is, wallet based authentication & authorization is more mainstream than pgp today.
So what, the killer feature is its UI isn't as shit as the program world famous for having a shit UI
Besides if that is your metric, JWTs are definitely more mainstream than blockchain stuff.
>Think of freenode transfer a while ago, if the identity, moderation, ownership of channels, etc data was stored on the blockchain and controlled by the user. The community could migrate to another IRC service which fetched data from the blockchain and each user could get the same account they had on freenode by verifying they owned that data.
Kind of hard to have a secret cabal channel if membership is public. Does this mean to ban someone from a channel you need to pay a transaction fee? That sounds fun from a channel op perspective.
> "To verify you have a HN account (membership) today, a service provider need to build something like keybase. That is complicated and will be different for each service."
No, they need at-best a small subset of what OAuth offers. OAuth is already distributed in that sense. It's a standard protocol which accounts for this exact scenario. This is a solved problem today.
It's not different than "login with Google"/"login with Apple".
> "You need some way to pay for membership without a middleman. This is solved by cryptocurrency part of the blockchain these nfts are stored on."
What does this sentence even mean? Your membership costs are on a per-service basis, and they are tied to each service you want to pay for. Different services have different costs.
This could make some sense if services wanted to get paid with Bitcoin, but ironically enough - the Bitcoin must be converted to USD at some point down the chain?
> "Memberships are also more complicated than a list of email addresses. They can be transferred, expired, and change depending on the action of the user."
Sure, but wtf does the blockchain have anything to do with this? You're free to have an account with any service and manage it as you wish on an individual per-service basis.
> I as a third party can verify whether someone has a valid HN membership and provide them perks based on their membership. That is the problem a distributed ledger solves.
It's the problem delegated auth (OAuth, etc.) already solved.
> You need some way to pay for membership without a middleman. This is solved by cryptocurrency part of the blockchain these nfts are stored on.
But... it's not, because a system that relies on a distributed network of middlemen isn't “without a middleman”.
> Memberships are also more complicated than a list of email addresses. They can be transferred, expired, and change depending on the action of the user. For example, some provider want their memberships to be reduced to half when transferred.
Smart contracts just add complication; this is trivially solved internally in centralized membership systems.
Well, you don't need to sign up for yet another service for one. People don't want to have yet another email and password to remember. That's what OAuth and all that machinery was invented to solve.
AuthN is one of the few use cases where having a public shared database/blockchain and users authenticate using their private keys works out better in some respects because the alternative is to depend on a centralized user database owned by a private company (eg Facebook). What happens on all of the sites you used Facebook login on, if your Facebook account gets suspended?
What is forcing Patreon or any other company to allow you to export your subscriber list? And do you have a right to export even if your account has (wrongly?) been banned. Unless there's some kind of regulation involved, this is the kind of thing that easily could cease to work as expected once a company has enough market share.
You still need to store that data on somewhere to verify if someone owns a membership and whether it is valid though (memberships can expire).
That data is stored on blockchain vs having a centralized database. Refer to an earlier comment for why having it public is useful.
As for why people didn't use certificates till now, I don't know. I know they use wallet connect more which operates on the same principle but with existing adoption.
...why do you have to have a peer-to-peer network managing a blockchain just to verify membership data? It would be simpler to just have whoever controls memberships sign a user's public key to indicate membership (and then you add some metadata for expirations/membership levels/etc.). A user seeking to assert membership presents that certificate and proves knowledge of the private key.
Really though, I am not sure what problem is being solved here. Why do we need this in the first place? What is the attack scenario we are trying to address?
> This is membership protocol powered by nft. People can buy a nft and then for authorization, service provider can check whether the wallet has the nft and is valid. This way, nobody controls your membership and you can move them around the web as you like.
The service provider sure does. They can just decide to not let you use the service.
Thx for highlighting this. If Handshake becomes a viable system it will def. serve as an important milestone for making web3 viable. Problem is this is not the type of project that is getting significant attention or funding.
ENS is an example of a project that is extant, working, and has a decent amount of funding (controlled democratically through a delegated token voting system). Here's my ENS record:
What I like about handshake is that you can own the TLD. I own searchableguy/ top level domain. This is gated by ICANN right now and they charge huge fees for nothing.
yeah, it links to a standard JSON format for my article. mirror's data is portable. the json also contains my signature which authenticates the post to my self-sovereign identity (the keypair associated with my ENS name).
I think the tone of the author is that distributed ledger/blockchain/crypto/web3/monke ponzi- however any individual chooses to interpret this “cultural and monetary shift”- is in reality the future. And those who respond with indifference and denial of that reality, much like a person in your position, will have no say or power within the new system. That’s the voice of the author I believe. Not mine. As to the value, well I’d say you can only change when you’re ready to change. This applies to vision of value as well.
>And those who respond with indifference and denial of that reality, much like a person in your position, will have no say or power within the new system.
that wasn't my point. my point is that this technology shows no sign of slowing down, so by just angrily and reflexively dismissing it critics are throwing away an opportunity to make real, constructive criticism like Moxie did here at a time when it could make the most impact.
The people like me who really need your communications are starving for it. People who are already bought in and want quality content aren't getting much. This is a risk to the long term adoption of crypto.
My sources are few. I get a few crumbs on /ethfinance, and some nice nuggets from this thread, but there's just so much crap and snark to wade through it's almost not worth it.
What are the killer apps that are built on top of the web3 stack? Most I saw are not very killer... Or decentralized. I would expect, if this all is great as they say, that people tell me 'oh, you are using platform X?? Did you know that's fully web3?'. I tried things and they all are... not good... expensive or obvious money grabs. And when I ask around, even though 'entire twitter' seems to be building web3 apps, people only send the same ones; how can that be? Maybe it's my echo chamber; I don't follow many blockchain things.
But I think this article missed the major concern Moxie raised about "blockchain API platforms". They will out innovate their base protocols and deliver a better UX.
Light clients are a great example. They are only efficient compared to running a full node yourself. The computation and time is still far below relying on a platform to do it for you.
I'm pretty sure that you can pop down to the search bar and type "TLS too inefficient" and see that, in fact, they did. there was a large period of time where TLS was not widely deployed and where it was viewed as not likely to be deployed, due to marginal performance reasons
True, the overhead of TLS is relatively much lower than it was. It turned out we all really need the greater security. So we got hardware AES acceleration for example.
But this example misses the more general point that protocols always evolve more slowly than platforms.
It's not really a good example. Platforms aren't in competition with layer 3 network protocols. The examples Moxie gave were layer 7 application protocols.
Much more thoughtful than yesterday's blog post addressing Moxie's concerns.
I wonder if the quality of conversations around this subject were improved if similarly to conflicts of interest declared by scientific paper authors, each public critic or supporter of web3 would disclose whether they are currently financially invested in 'crypto'. For outsiders it's harder to tell apart hacker/geek types from speculators and lurkers (not that there couldn't be an overlap). The fact that this article mentions there exist much fewer Ethereum nodes than "Ethereum nerds" may suggest that the non-technical group controls the public discourse and expectations.
It depends on who you’re reading: people building actual products and protocols will usually provide measured responses and be able to engage properly with good-faith criticism. See also Vitalik’s Reddit post responding to Moxie’s article.
On the other hand, if you encounter primarily spammers, speculators, and scammers, you’ll just get garbage (similar to anti-blockchain grifters that repeat the same “blockchain is a ponzi pyramid earth-burning scam” garbage repeatedly)
An inverse relationship here. The builders are busy building stuff and don't spend much time on communications. Whereas speculators, all they have is communications, and there are many more speculators than builders, so the incentives look like 99% crap, 1% useful communications.
Props to builders like the OP, Moxie, and Vitalik for building and sharing. And to podcasts like Bankless for creating venues for communication from builders. I'd love to find a "Builders" cryptocurrency podcast.
I just wanted to say that I really enjoyed reading this since I read the post that it's responding to earlier this week. Found it really refreshing to see this discussion develop that way, and in plain english. I was indeed left wondering if there was a solution to the lazy user aspect for widespread adoption of crypto/web3, since it did seem to be a complete blocker for widespread practical adoption. Neat to learn about light clients and zk-SNARKs!
agreed the author has a great way of making complex topics more approachable. I wonder if there's a good/simple explanation of zkSnarks out there, I don't have any idea what they are despite seeing the term often.
The "Zero-Knowledge Proofs Starter Pack" section is most up my alley. I read "Zero Knowledge Proofs: An illustrated primer by Matthew Green" about a year ago so am starting by re-reading this. https://blog.cryptographyengineering.com/2014/11/27/zero-kno...
Thank you! The introduction section got me super excited in the application of zk-snarks.
Any other articles more like the intro section? The rest of the article lost me quickly, not beyond my ability but would take me 10x reading through and multiple days.
Re-posting the part I loved here in case others want to read:
Zero-knowledge proofs are advantageous in a myriad of application, including:
1) Proving statement on private data:
Person A has more than X in his bank account
In the last year, a bank did not transact with an entity Y
Matching DNA without revealing full DNA
One has a credit score higher than Z
2) Anonymous authorization:
Proving that requester R has right to access web-site’s restricted area without revealing its identity (e.g., login, password)
Prove that one is from the list of allowed countries/states without revealing from which one exactly
Prove that one owns a monthly pass to a subway/metro without revealing card’s id
3) Anonymous payments:
Payment with full detachment from any kind of identity [Ben+14]
Paying taxes without revealing one’s earnings
4) Outsourcing computation:
Outsource an expensive computation and validate that the result is correct without redoing the execution; it opens up a category of trustless computing
Changing a blockchain model from everyone computes the same to one party computes and everyone verifies
"IACR, was founded by people who were working on cryptocurrency"
This is extremely misleading. IACR was proposed by David Chaum in 1982, a year before his first paper on ecash, and its first board members in 1983 included Whitfield Diffie (who had not done any work on payments) among others. Chaum's ecash ideas look nothing like "cryptocurrency" as it exists today, nor do any of the ideas presented in subsequent research on the topic.
The person you replied to correctly pointed out that "crypto" was coopted by the blockchain space and is now being used to mean any number of distributed systems technologies. I have seen people wearing t-shirts saying things like "crypto means cryptography" and making jokes about reclaiming "blockchain" to refer to block chaining modes at various cryptography conferences (many organized by IACR) over the past decade. Moxie was right when he quipped that the "crypto" spaec involves very limited use of actual cryptography.
crypto was not co-opted. FAANGies just got stuck on a WebPKI side quest.
leading research in the field is being done by blockchain companies. you don't have to believe me, try reading ePrint. cryptocurrency people lead the research in zk proof systems and more. the idea that the crypto space doesn't use cryptography is absolutely laughable
Some interesting research is being done by some cryptocurrency companies like ZCash and Algorand. Their work on ZKPs and SNARKs has been interesting, but it is worth pointing out that they are not the only people working on this. Moreover, the serious cryptographers working on anything related to blockchains have more or less stopped talking about the permissionless setting (where Bitcoin, Ethereum, and basically all of the popular blockchains in use are) because security is too hard to define in a meaningful way. In the "permissioned" setting where parties have well-known identities there has been a bit of interesting research on maintaining a shared cryptographic data structure.
Meanwhile, academic and (non-blockchain) industry researchers have been pushing the state of the art in every subfield within cryptography, ZKPs included. Big companies have been deploying MPC as a means of addressing privacy concerns and regulation, and the cryptographers working on that (full disclosure: I am one of them) have been pretty active in publishing their work. Academic researchers have further advanced the results and addressed the problems raised by industry researchers, sometimes breathing new life into almost-forgotten lines of research (like set intersection protocols).
So sure, I can grant you that there has been some interesting work on cryptography within the blockchain space, but it is not nearly as exciting and significant as you suggest. I actually have a lot of respect for the ZCash team, whose work really is top-notch and who I see (or saw pre-COVID) at high-quality conferences like CRYPTO and RWC. On the other hand they are a small and very unique team within both the blockchain ecosystem and the cryptography research community, and their research work is only nominally related to blockchains (it is inspired by an application that did not even require a blockchain in the first place). Beyond the ZCash and a few other groups with serious cryptographers the blockchain space is a desert in terms of interesting cryptography.
> Moreover, the serious cryptographers working on anything related to blockchains have more or less stopped talking about the permissionless setting (where Bitcoin, Ethereum, and basically all of the popular blockchains in use are) because security is too hard to define in a meaningful way.
This is untrue, I see far more work on the permissionless setting (including formalizing definitions) than on the permissioned setting on ePrint. This includes respected cryptographers Like Elaine Shi, Rafael Pass, Silvio Micali, Andrew Miller, Aggelos Kiayas, and more.
> Meanwhile, academic and (non-blockchain) industry researchers have been pushing the state of the art in every subfield within cryptography, ZKPs included. Big companies have been deploying MPC as a means of addressing privacy concerns and regulation, and the cryptographers working on that (full disclosure: I am one of them) have been pretty active in publishing their work
While cryptography is certainly a much bigger than zkps, it is also absolutely true that, for the metric of “deployable protocols”, the pace of zkp innovation has far outstripped the pace of MPC innovation over the past few years. I say this as a cryptographer with a bunch of non-zkSNARK papers; my general-purpose zkSNARK work has been deployed, adopted, and obsoleted in the span of ~2yrs, all while my MPC work in the same span hasn’t inched towards deployment (despite being sufficiently practical for deployment), and follow up work has provided only marginal improvements.
> Beyond the ZCash and a few other groups with serious cryptographers the blockchain space is a desert in terms of interesting cryptography.
That’s incorrect. Beyond ZKPs, there’s been blockchain-inspired-and-funded work on Verifiable Delay Functions, threshold signatures, signature aggregation, anonymous gossip networks, fuzzy variants of PIR, functional commitment schemes, set accumulators, coding theory, and more.
That is an impressive list of cryptographers working on blockchains, but at major cryptography conferences there is less and less blockchain work being presented, to the point where CRYPTO'21 didn't have any blockchain sessions at all, while EUROCRYPT'21 had a single session where blockchain work was combined with work on privacy and law enforcement. To be fair, three sessions at CCS'21 were dedicated to blockchain research, but CCS is structured to allow more topics, it is not a conference specific to cryptography, and they had two sessions dedicated to MPC and a third on federated learning which touched on MPC. It is a small sample but representative of a larger trend of cryptographers becoming less interested in blockchain research.
I have not seen ZKP innovation outstrip MPC innovations at all. In the past decade I have seen a rapid expansion of research in MPC following both a strong push by DARPA and growing interest among large tech companies and banks. There has been a revival of interest in set-intersection protocols and related functionalities, a lot of impressive work in garbled circuits and other generic protocols that have greatly reduced their resource requirements, machine learning applications, and various other ongoing lines of work. At worst I would say that ZKP and MPC research have been roughly equal in terms of the pace of innovation, which should surprise no one as the two topics have strong connections.
Moreover, while there is certainly a lot of ZK research being published year after year, most of it has nothing to do with blockchains and is not coming from anything related to blockchains. There are plenty of academic researchers publishing ZK work, and I still see lots of industry ZK research that has nothing to do with blockchain. The same is true of all the other topics you mentioned -- some blockchain-inspired work here and there, but a lot more research from elsewhere.
Sorry to hear that your MPC work has not made it into production, but maybe that is because it is not as practical as you claim. Personally I like to say that the only test of "practicality" that matters is whether or not it is useful in a real-world application. Obviously your SNARK work cleared that bar, which is great but does not really say much about the pace of innovation. I can say that most of my published research at this point has been put into production -- an equally meaningless statement since I have been working for a big tech company for a long time, and the research I have published in that time has all been the result of work I did to address various privacy and security problems that company faces. My judgement of where the innovation is happening is based on the research I am seeing people present at various conferences. Maybe I am looking in the wrong places, and there is actually a whole world of cryptography conferences where people are excited about blockchain work?
When people say stuff like this, I wonder what they think the state of the art in web3 innovation is. Do people just see the monkey JPGs and write off the whole technology?
What do you see? I've just had a 2 hour conversation with someone trying to get me into this "business" without being able to articulate a single use case where NFTs actually make my day better in a way that is not currently possible with other tech so, yeah...what do you see?
I see a whole new wave of fouls about to lose their money to ponzi schemes and over-hyped "investments", much like it happened with the bitcoin/crypto train.
Just write NFT or crypto in Youtube and you immediately see all the sharks promising you millions in their videos, trying to manipulate you into investing - don't read the comments though, it's even worse. I see a lot of red flags and trouble for nothing. I hold crypto assets so I'm not talking out of my but here - I must confess; I've had no real benefits yet from this new tech. The crypto I hold is because one of my products has crypto as a payment method so I decided to just hold a piece of it and try to make use of "new tech".
In the crypto space I'm most excited about the ability to have open projects where anyone who contributes can have a stake in the financial rewards of the project, and there are no barriers to becoming a contributor. A lot of the time the financial benefits of open-source contributors are fully captured by a "host" corporation, and open collaboration platforms for non-software projects like textbooks and IRL shared spaces are almost nonexistent.
Proof-of-personhood a la BrightID is something that governments could theoretically provide, but most don't, and even if they did, there are serious privacy and interoperability concerns. SaaS companies trying to provide a free trial can prevent abuse by verifying unique personhood using web3 tech without needing to ask for any more information about the user. I'm sure you can think of other applications for that tech. Even if every government in the world provided this service, everyone who wants to use it either has to implement 195 different APIs or fork over money to a cottage industry whose sole job it is to unify those APIs.
Finance and commerce on blockchains has a lot of real-world benefits that traditional finance can't or refuses to provide. You can't easily set up a 3-of-5 multisig for your photography club in traditional finance. A lot of normal people have their payments blocked or funds frozen in TradFi for arbitrary reasons. Sex workers get kicked off of platforms all the time, and a friend recently had their PayPal frozen while raising funds for a school reunion party.
I'm not super into NFTs personally, but I can see them having a use case as a more consumer-friendly business model for gacha games and games with similar mechanics. There are probably other promising applications that I just don't know about because I don't follow that space very closely.
> SaaS companies trying to provide a free trial can prevent abuse by verifying unique personhood using web3 tech without needing to ask for any more information about the user
A trial is usually backed by a financial instrument. Usually that financial instrument is a credit card. A credit card can be uniquely identified, and so if you really are concerned about trial reuse, you can check reuse of the credit card, and that gets you pretty far. Folks can use prepaid cards, but you can also block those, which isn't totally unreasonable when you are talking about a subscription-- and a lot of subscription services do block them. Is it indefeatable? No. Is it good enough? Yeah actually. So why do I need to replace the concept of a credit card with an entirely new type of financial instrument that most users (especially non-technical users) don't have or understand?
SaaS just seemed relevant to the audience here, but there are a lot of applications which want to limit one account per natural person, not just SaaS. For example, social networks want to prevent astroturfing, and video games want to prevent cheaters from ban-evasion. Anyway, a lot of people don't want to provide their credit card info for a service they are not sure if they want to use yet (purpose of a trial), and a lot of services want to allow credit card-free trials without opening themselves up to abuse.
I think the vast majority of reflexive dismissals of crypto tech have two themes in common: "if the technology doesn't satisfy this use case, or the UX is not perfect yet, then surely there is no way to fix that and we should discard the whole idea;" and "why use this decentralized solution when we can use this centralized one which, in many cases, doesn't work as well?"
I've reached my weekly budget on the amount of time I want to spend explaining this tech online, but maybe consider if problems you see are truly insurmountable, or if you are simply uncomfortable with the idea of an economic layer that is actually open to build on.
> I've reached my weekly budget on the amount of time I want to spend explaining this tech online
Granted, take care of yourself! I hope you feel no obligation or attack in my line of questioning, and perhaps others can fill in here if they are active over the weekend.
> SaaS just seemed relevant to the audience here, but there are a lot of applications which want to limit one account per natural person, not just SaaS. For example, social networks want to prevent astroturfing, and video games want to prevent cheaters from ban-evasion
That's true, so then I wonder what stops someone from farming these identities and selling them?
> I think the vast majority of reflexive dismissals of crypto tech have two themes in common: "if the technology doesn't satisfy this use case, or the UX is not perfect yet, then surely there is no way to fix that and we should discard the whole idea;"
The main issue for me is that quite often existing well-known problems are tackled with this new hammer that ostensibly offers no real benefit on top of solutions we already have. This is not true of all applications of blockchain technology, but it's clear that there is not a strong case that it is as generally applicable as a movement like "web3" would suggest.
> and "why use this decentralized solution when we can use this centralized one which, in many cases, doesn't work as well?"
The traditional financial system is basically not available for an individual to build on without the blessing of VCs. If you do manage that, you have to come head-to-head with money transmitter licensing, collecting personal info from your customers and keeping it safe, implementing rules about who can send money to whom (that differ by country), and playing by Visa et al's rules about who isn't allowed to use your app and for what (which includes a lot of normal people doing normal things.)
It feels wrong to me that building financial apps for public good basically requires creating a capital class and handing over profits and control to them. Will VCs fund another Kickstarter or Open Collective?
I got into crypto because I realized the things I actually wanted to build I could basically only do so using crypto. (Also, watching myself earn interest every 15 seconds was just incredibly cool.) Granted, that was in 2018, and prices are a lot higher now, and so is the level of grifting and hype. A stronger layer of psychological self-defence is warranted both from people in the space and outside of it.
Anyway, the short answer to your question is that the time cost of Zoom verification will in many cases deter low-level and botting fraud, but Zoom verification overall is a stopgap to bootstrap the network, and over the long term applications will require users to be verified by a few of their IRL F&F (and Zoom parties can be used to connect their social network to the rest of the graph.)
> The traditional financial system is basically not available for an individual to build on without the blessing of VCs. ... implementing rules about who can send money to whom (that differ by country)
Building on the blockchain does not indemnify you from following the relevant laws. You mention also Visa's rules, which also mostly tend to be based on the relevant laws (though there are exceptions, like their restrictions on adult content).
> It feels wrong to me that building financial apps for public good basically requires creating a capital class and handing over profits and control to them
The amount of "financial apps for public good" being made are exceedingly few. Acting like the apps being made by "web3" companies just want to faciliate trade for underserved populations with no gain to themselves is perhaps disingenous. Yeah sure if you are one person it might be easier to build an app to allow folks to send money to each other when you build it on a cryptocurrency, but is it easier or have you ignored all the ways nefarious people will use your app to do things that are absolutely something that should be stopped? Is that better than gatekeeping these apps for those who can manage these sort of protections?
> I got into crypto because I realized the things I actually wanted to build I could basically only do so using crypto. (Also, watching myself earn interest every 15 seconds was just incredibly cool.)
Hey, if you want to build some financial apps, that's great. Go forth! But it is not "web3". I will say that I don't think of earning interest in real time as anywhere near as "cool" as literally any other aspect of technology/engineering I can think of. And I don't feel compelled to enable that feeling you had in everyone else either.
> prices are a lot higher now, and so is the level of grifting and hype
The prices are a lot higher because of the hype, not the other way around. In fact, the prices are above zero because of the hype. To be clear, that is not to say the hype isn't warranted, but I think it's important to have the ordering clear.
> Anyway, the short answer to your question is that the time cost of Zoom verification will in many cases deter low-level and botting fraud, but Zoom verification overall is a stopgap to bootstrap the network, and over the long term applications will require users to be verified by a few of their IRL F&F (and Zoom parties can be used to connect their social network to the rest of the graph.)
The time cost of Zoom verification will deter individuals from performing it, but not specialists who do it on individuals' behalf. I could imagine starting a business solely to participate in these Zoom calls, generate identities, and then pass the credentials for one or more of those identities to anyone who puts up the ETH. Since I have to assume it's not just the same people in every one of these Zoom calls, I have no doubt you could send the same "seemingly unique" person to many of them and get a new set of credentials for each one, and then sell those off like anything else. Given how things like Spotify botting and phone farming are actually happening, this will be compromised in no time, just like all the previous prevention techniques have been.
> but Zoom verification overall is a stopgap to bootstrap the network ... over the long term applications will require users to be verified by a few of their IRL F&F (and Zoom parties can be used to connect their social network to the rest of the graph.)
Even after the stopgap is stopped and the network is strapped and booted, is someone without a network of "acceptable" social contacts not worthy of being able to participate in this ecosystem? So folks who do not want to divulge their social contacts literally cannot participate? This seems like one of the core audiences of decentralized privacy-conscious technologies, and yet they could not participate without (publically?) divulging personal information.
> Building on the blockchain does not indemnify you from following the relevant laws.
You are right. The relevant laws apply to money service operators and blockchain software developers, in most cases, are not money service operators. Software developers, in most societies, cannot be deputized to enforce particular uses or non-uses of their software.
> have you ignored all the ways nefarious people will use your app to do things that are absolutely something that should be stopped?
I think freedom to transact is as valuable as freedom to access information (uncensored, using Tor) and freedom to communicate (securely, using E2E.) In fact, the latter two freedoms boil down to the former. If you disagree, you are correct to not like DeFi.
> And I don't feel compelled to enable that feeling you had in everyone else either.
I know you don't, but I wanted to share the first time using a blockchain tech was more pleasant than using its traditional counterpart for me. Trying to convince people that "blockchains are useful" is not very compelling either. It's not my job, but I can spend hours on it with no benefit to me.
> So folks who do not want to divulge their social contacts literally cannot participate?
You are right that Zoom verification is a low level of verification. On BrightID today, you can be verified by a friend without having to divulge the identity of yourself or your friend to any blockchain, any application, or any other person in your social network. Using zero-knowledge proofs, the entire anonymous network graph can be hidden as well.
In addition, the only apps they cannot use are those which require anti-Sybil guarantees. Is "has 3 friends who will vouch for you" too high of a bar compared to "qualifies for and has a credit card"? If it is, is it bad to have the former as an option for those who cannot reach the latter?
ETA: government/institutional ID verification is a valid BrightID graph node as well, for institutions/individuals/applications which choose to use it.
> You are right. The relevant laws apply to money service operators and blockchain software developers, in most cases, are not money service operators. Software developers, in most societies, cannot be deputized to enforce particular uses or non-uses of their software.
i think you're in for a rude awakening if you believe that, especially if you are financially benefitting or are advertising the software is useful for the prescribed purpose.
For example, people who sell malware get arrested all the time. People who run naspster got sued off their ass.
Not super familiar with BrightID but I took a look at the website. So I guess the idea is that other humans verify a human and issue cryptographic proof that they are a human.
My question: What about BrightID stops you from verifying and creating multiple identities by simply joining these Zoom-based verification parties multiple times? If someone does that, what's to stop someone from then providing those multiple identities to other people?
While personally i think the original satoshi paper was interesting, and some of the proof of stake stuff. If i'm being generous, some zero knowledge proof stuff. Its not really cryptocurrency,but cryptocurrency has caused attention to be drawn to it.
Beyond that its all minor fixes and applications that are mildly interesting at best. So yeah, very little innovation, but please enlighten me if i missed something.
Pretty much actually. Most layman regard Web3 as a joke at best, and more often a scam. Most of those same people know little, if anything, about Web3 beyond a general association with crypto, regardless of whether that association is merited.
Er blockchains are the largest deployments of non-trivial zero knowledge proofs, which are more advanced cryptography than anything used in traditional WebPKI crypto. This deployment has required tons of novel peer-reviewed (academic and industrial) research as well as massive engineering efforts to bring the tech to production.
The result of these efforts is that ZKPs have gone from a academic curiosity to widely productionized tech. this stuff is beyond the wildest dreams of people like David Chaum.
Except that ZKPs had already seen real-world use before Satoshi's whitepaper was circulated; in fact, there was an already-defunct startup that was selling ZKP-driven authentication tech. Secure multiparty computation is even more advanced than ZKPs, was already deployed in several real-world applications prior to Bitcoin, and has probably driven more research on ZKPs (as a building block in MPC protocols) than anything in the blockchain space thus far. As for how widely productionized the technology is, while I am not sure how you define "non-trivial" ZKPs, U2F was almost certainly a more widely used ZKP application than any blockchain tech, and there are plenty more real-world ZKP applications having nothing to do with blockchains that we could list.
David Chaum dreamed about a world where electronic payments could be anonymous and secure, but the demand was not there and his startup never took off. "Blockchain" sucked most of the oxygen out of the room when it comes to further work on ecash, which is unfortunate given that even the most technically complex ecash proposals were overwhelmingly more efficient than any blockchain-based payment tech ever could be. For what it's worth, the most recent ecash proposals also advanced the research on NIZKs and ZKPs more generally (it is actually hard to avoid some kind of NIZK in a system that supports offline payments) and had ecash been deployed more widely we probably would have seen at least as much research and productionization activity as we see in the blockchain space.
On the other hand, blockchain research has struggled with a foundational question that does not present a problem for any of the technology I mentioned above: how to properly define security. Especially in the permissionless setting the effort on defining security has been unconvincing so far, requiring a very stretched approach to formalizing computational resources that is hard to actually map onto a real-world application. Satoshi did not start with a well-defined problem he was trying to solve with Bitcoin, and such an approach -- clearly identifying the problem you are actually trying to solve and verifying that the definition is logically consistent and realistic -- is exceedingly rare in the blockchain space, while in mainstream cryptography research it is a de facto requirement. So while blockchain tech has not experienced a spectacular failure due to some theoretical shortcomings, the theory itself is not well developed compared to the theory of cryptography in general (including ecash, which can be rigorously defined and proposed systems can be proved to satisfy the definition).
Zerocash is an crash system in the vein of Amon Ta-Shma’s variant from 99, and has rigorous security definitions and proofs. Follow-up work like Zexe strengthens these definitions to standard ones used in MPC, namely simulation-based security.
Furthermore, the MPC deployments you speak of are rather small-scale, there have been no deployments of general-purpose MPC beyond maybe the sugar beets auction.
MPC has been deployed at large scale by numerous companies, at least for the ads industry; I know because I actually work on exactly this full time and I have seen the numbers (but unfortunately I cannot share specifics). There is nothing special about general-purpose protocols that makes them more "legitimate" or whatever; we use specialized protocols in practice because it is almost always more efficient and thus less expensive to run (and MPC is usually right on the threshold of being too expensive).
As for zerocash, the last time I looked into it what I saw were a set of security definitions that assume a reliable ledger of some kind; whether or not that ledger is implemented using a blockchain at all is not addressed in the theoretical work. The practical deployment relied on Bitcoin, but since Bitcoin security is not well-defined (or at least not convincingly defined) that makes the rest of the security argument dubious. As far as I know Zexe has the same problem: yes, the security definition is much stronger, but they do not address the realization of the ledger functionality itself and thus any real-world deployment that relies on e.g. Bitcoin, or really any permissionless blockchain, has the same theoretical shortcomings. Ultimately the permissionless setting itself is the problem; zerocoin could be implemented using a ledger managed by a trusted party, and it would achieve its security goals without those theoretical problems.
I should also be clear that when I say ecash does not share this problem, it is because ecash has a well-defined security model and all functionalities needed to realize an ecash system also have well-defined security. We can instantiate ecash using any of the security assumptions we commonly use for digital signatures, and in theory ecash can be instantiated from MPC (by using a generic MPC protocol to implement a blind signature, then using the blind signature to implement ecash), which itself can be instantiated with standard cryptographic assumptions. So ecash has a security definition that is as well-defined as a cryptographic security definition can be.
Zerocash and Zexe and Zerocoin are all strict supersets of ecash. If you instantiate them underlying ledger with a single server, you recover ecash. If you instantiate with a permissioned distributed ledger (eg via PBFT), you get a distributed but permissioned ecash system. If you use a permissionless ledger, you get a permissionless system with no central authority. The entire point of the ledger abstraction in those works is to enable a composition-based security analysis. That’s literally the way 99% of cryptography proofs are structured. Saying that “Zerocash doesn’t specify details of the ledger” is like saying that “Schnorr signatures don’t specify details of the underlying DL-hard group”; the point is to abstract away those concerns.
Re: MPC deployments, the point about deploying general-purpose MPC is that it’s a much more complex task than specialized protocols. That’s why I specified general-purpose zkps; we already have ubiquitous deployments of specialized zkps (I.e. digital signatures). And maybe your project indeed has a large scale MPC deployment, that’s awesome. Doesn’t take away from the fact that cryptocurrencies are pushing zkp innovation at unprecedented rates.
My job would be much simpler if I could deploy generic MPC; all I would have to do is maintain a library and maybe a compiler, without having to design and implement an entirely new protocol every time someone came along with some new feature or use-case. The engineering effort of productionizing a generic protocol is a one-time cost and my coworkers and I could do that work relatively quickly. On the other hand, special-purpose protocols are typically difficult to modify, we are have to do our security proofs over and over whenever we roll out anything new, and we must go through the engineering effort over and over.
Engineering effort is not what holds back the deployment of generic MPC protocols. Those protocols are just too expensive to run in the majority of real-world MPC applications. Even special-purpose protocols are sometimes too resource-intensive to be deployed. I do not see that situation changing without a radically different approach to generic protocols. I also do not understand what is so uniquely exciting about deploying a generic ZKP or MPC protocol. If it works in a giving setting and no special-purpose construction could be used, great, but it is not some kind of badge of honor.
As for Zerocash, you had originally said that blockchains are where we can finding the largest deployments of non-trivial ZKPs, which is why I pointed out that Zerocash and its followup work do not really involve "blockchains" beyond a particular instantiation of a ledger. If the construction can be implemented without any blockchain at all -- which the authors of the original paper took the time to point out -- then I do not see how any of the research on ZKPs motivated by Zerocash and its followup work supports your claim at all. You are saying that Zerocash is actually ecash, which kind of makes my point for me: we are not actually talking about something in the "blockchain space."
(Also, I have a somewhat controversial view that NIZKs and signatures are not actually "zero knowledge," since the verifier obviously cannot compute a NIZK or signature without receiving a message from the prover/signer and thus gains knowledge when it does receive those strings. Not that it matters in any way for this conversation, since the value of innovation in NIZKs or ZKSNARKs is not in doubt, but I did want to mention that signatures are a poor example of real-world deployments of ZKPs.)
I’m glad to see pushback on the “crypto means cryptography” meme, which is really just an indicator they aren’t interested in the leading cryptographic research.
Well, let's see, the technical program for this year's RealWorldCrypto conference includes...side channel attacks, symmetric cryptography, privacy, attacks on privacy, cryptography for the ads industry, messaging, post-quantum crypto, threshold crypto, and zero knowledge proofs. Funny how Blockchain did not make the cut for a popular conference on practical applications of advanced cryptography.
Looking through the CRYPTO'21 and EUROCRYPT'21 conferences, there is only one session between them involving "blockchain" and it is not even dedicated to the topic (it also includes papers related to law enforcement and privacy).
This may be hard for blockchain enthusiasts to hear, but it is not really a hot topic among cryptographers. There was a bit of interest a few years ago as people tried to figure out if any good security definitions can be developed, and the results were not very convincing. Beyond that almost all the academic interest in block chains has focused on the "permissioned" setting where security can be defined in a meaningful and useful way.
So, yes, "crypto means cryptography" and "blockchain" should refer to block cipher chaining modes.
Slightly OT, but - aside from a couple of outlier commenters - THANK YOU to both the OP for bringing the conversation around "web3" (not a fan of the term myself) back to a level where actual information is exchanged and proper discourse, for and against, seems to happen.
> These critiques are usually unmoored to anything actually happening in the blockchain space
Critics are unmoored? This technology is inevitable?
I don't believe that's true. It seems to me that it might find a niche in the corner of the Internet and eventually be forgotten by all but the most ardent followers.
Many countries are banning cryptocurrencies for many of the reasons critics have been rightfully skeptical. I can't imagine why that trend will stop.
> Infrastructure providers can lie to the user about blockchain state
Lying implies wilful deception.
Instead what ALL providers will eventually do is implement moderation. And they will do so because (a) they will be legally required to and (b) it makes users happy. And unless the spec can address this requirement Web3 isn't really going to scale.
And we've already seen such moderation with OpenSea so this isn't some contrived situation.
i have worked on both TLS and blockchain tech for years.
my point is that the purpose of the security architecture proposed in the article is to authenticate data from the chain. this is a protocol-level detail: like TLS secures transport between a client and a server, light clients authenticate data between a validator set and a user. whether a particular person or group decides to use such a protocol, or if they decide to censor data, is a separate concern.
Is it just me or is any and all "Web3" "blockchains" just regulatory arbitrage to fly under the radar of the local government to enable more innovation?
From a first principles perspective what they really do and do well is remove trust from the equation. Regulations are setup mainly in situations where a central party has wholly control over something and we cant trust to not fuck us over.
> These critiques are usually unmoored to anything actually happening in the blockchain space
Then call it just that: blockchain space.
Why web3?
I think because the 'web' part of web3 needs to be attached to this idea of blockchain and distributed ledger to give it a sense of fairness and legitimacy.
I'm not saying blockchain or distributed ledgers are bad, I know way too little about that to judge it accurately.
It's just that the name 'web3' irks me a lot. Maybe it has something to do with the 'web 2.0' that promised golden mountains, but eventually just F'd everybody in the A.
Just add another number to the name and all the sh1t is forgotten, it seems. Here's a blank screen for you all, please start painting the same pictures.
What's frustrating for me is that there is clearly a place for a new vision for the web beyond what the "Web 2.0" vision provided: client-first rich web applications that offered desktop-like capabilities. Along with that are the social/centralization/managed "pros/cons" that a lot of commenters decry. But this was the economic model, not the technical one.
"Web 3.0" should be indeed be about decentralization-- but more in the sense of building applications that take advantage of the enhanced client abilities and de-emphasize central control. The colloqiual term is the "Fediverse". The modern web has brought about offline support (ServiceWorker), multi-processing (Web Workers), local capabilities (Filesystem API, local/DB storage, peripheral APIs) interprocess communication (Broadcast Channels), peer to peer (via disinterested party HTTP/WebSockets coordination), verifiable privacy via encryption, backend server federation (see Mastodon, Matrix, diaspora, PeerTube, etc).
Web 3.0 already exists, we just hadn't named it yet, but there's so much more there to be built.
as the article mentioned, web3 was a term coined back in 2014. It was very much a reaction to "web2.0" silicon valley years which was probably felt a lot stronger back then.
the term flew under the radar for a while, but the past six months people suddenly got annoyed by it.
For what it's worth, sushiswap isn't using Infura or AlchemyAPI, rather its own api.sushirelay.com to serve mainnet RPC requests.
Also, a large number of projects utilize TheGraph (GraphQL indexer for specific protocol/DApps). These are run by teams or out-sourced to the lowest cost service provider (staking pools, etc). re: https://thegraph.com/hosted-service/subgraph
The real bottleneck is reliance on web browser extensions (namely Chrome's V2, which this January is depreciated and no longer accepting new submissions.) for providing safe key management.
Another example is having to poll for RPC updates.
"Light clients" is a term I've learned of recently. In the article, what are the specifics around "storage, bandwidth, and computation costs" for such a client? Is the idea we could all just have light clients running in the background on our phones with near zero impact?
there is no reason why apple or google would need to do this. Rainbow or similar apps just need to change their code in their already deployed wallet software on these platforms to do light client verification.
As an on-demand authentication mechanism manually implemented by every application, sure. Would just be curious what the benefit of a light client is versus connecting to an API in that case.
But this idea that it would be a persistently connected service running in the background on your phone. That's a completely different story.
This makes sense to me. Running a light client at the OS level isn't needed.
Is there some benefit to users from OS integration eventually? ie "Pay With Ethereum" in the same way Apple Pay / Google Pay / NFC works, does that benefit from running a light client?
Sure, maybe the incentives aren't there because Apple wants Apple Pay money but whoever does implement it will make their device more useful.
Simpler to just change the metamask RPC provider to something I trust or even my home node. Is more difficult to change full-bodied web3 apps which rely on specific data graphs.
- download the set of validator signatures over that hash and verify each signature against the hash. if using aggregation-friendly curve, download the aggregate signature and verify it against the root.
- for each state fragment, download the merkle uncles and compute the root hash and verify that it is the same as that signed off by the validator set.
so yes, easily within resource limits for having them running all the time with near zero impact. Find My has comparable impact.
fascinating thank you. The Find My analogy is thought provoking - a background service that creates a useful network. What does the light client world look like once complete, I wonder
It's just money and the market, it's not about decentralisation as a good thing for people, it's about making money. That's why people will split hairs about the infrastructure and technology and miss the forest which is about selling stuff.
Can we just call this "Web3Candidate" & stop allowing few groups to hijack the term 'web3' before there is consensus and wide adoption. Because when this craze dies and a real replacement of web2 arrives we will have to skip to web4 and I'll have to explain to my future kids what a wasteful hustle web3 was.
By running own servers, do you mean the hardware, or would using something like a linode count? So I use linode to host a mattermost instance, and its been mostly a trouble free experience, and I enjoy tinkering around in linux anyway. But most people aren't like that, I admit. And I don't even own the hardware; that's a whole other level of responsibility that I don't particularly want. And the $7/mo I spend on my linode is basically two cups of Pike's.
Windows is a powerful operating system; but my experience has been that non tech-saavy people repeatedly run into obstacles using it, or end up with malware installed, etc. That's why the walled gardens of iOS and Android have been so successful. Relatively safe (yes, I know, but still), and largely intuitive. Grandpa can use it.
So, if we want wide adoption of people "running their own servers", then it needs to follow the UX and security-managed approach of mobile OSs. Walled garden server software; limited options, user-friendly UX for non-professionals. Well, in some ways, the SaaS cloud approach solves this, right? You just need user-friendly apps--probably mobile first--to interface them, and designed with the non-tech savvy consumer in mind.
Yeah that's what I am getting at. If it was user friendly without risk you might.
I could put a pi on my home connection, but don't want that as an attack vector to my network. That's a flaw. But much like web coding, there are vulnerabilities whatever you do and however much time you spend securing it.
Redhat had a cartridge deploy system. A good attempt at appyfying the server space. The one click installs.
Plesk has one click installs for a wealth of software, but I never use these, why?
Email is a good example. In our organisation we originally ran out own SMTP server. These days would I? And if not why not? I used to sit next to the mail server in the late 90s and read the logs.
For very personal email I could host my own, and that's very tempting. But the other half of the conversation might well be eavesdropped.
Then there is backup mitigation. And multi endpoint. I still haven't worked out the multi device thing for something like signal.
With email I can have multi clients access my server. But again backup mitigation issues and privacy.
And hassle. Strip out the hassle and I would like easy cloud deployables given secure trust. I don't want a host trading personal messaging.
Of course there is so much current friction, I just trade it all in for convenience.
> you’re actually just ceding the power to decide what these technologies will look like in our world
I ceded the power to decide what AMP would look like, as did a lot of others. Thankfully enough others joined me, and AMP is more or less irrelevant now, and I'm happy for it.
It’s so easy to fix. Clients can verify signed content delivered by servers. It will be implemented by any application where users care enough. From then on it will be standardized and become abundant. The criticism is justified but beside the point.
I think the biggest problem that is never addressed has little to do with tech.
There has being numerous pushes before to go decentralized and privacy focused but general public never cared.
I think the focus on specific technologies and buzzwords is the wrong approach to drive the web forward. Instead, we should focus on specific problems we want to solve for users of the current iteration.
A non-exhaustive list in no specific order:
- Users should be in control of the data they produce and consume. No single centralized entity should have this right over its users, and regulations like the GDPR and cookie consent forms shouldn't exist.
- Advertisements and adtech is hostile to the user experience. The web should have alternative monetization options that are easy to integrate for web developers, and establish a direct market between content consumers and content producers, with no middlemen.
- Web services should be versioned and users should have the choice of which version they want to use. Companies shouldn't be given the freedom to e.g. change feed algorithms on a whim based on some obscure A/B test. Users shouldn't be forced to use the latest version of applications, and it should be easy for web developers to support several active versions in production.
Opera made a step in the right direction by bundling a web server many years ago with Opera Unite, but that went nowhere and was quickly abandoned.
BitTorrent, WebTorrent and WebRTC sort of feel like building blocks towards empowering the user, but despite of the prevalence and stability of the technologies, no big user friendly app is built on top of them.
Brave Inc.'s Basic Attention Token is probably the best effort towards fixing the monetization aspect, but is tied to one specific browser, one specific currency, and built by a company that's done several missteps and has lost the trust of many users along the way.
Then, of course, is the blockchain, the distributed utopia, and hype around "crypto" everyone seems to be discussing. There are good ideas here as well, muddled by many issues specific to these technologies that should be addressed.
IMO, web3 should be some combination of all of these and new technologies that empower the user, and make the web friendlier for the current user base and welcoming to the other 40% of the world which is still not online.
Otherwise corporations will continue to rule the web while people who can improve it are stuck in perpetual analysis paralysis.
> Users should be in control of the data they produce and consume.
For me this is the most exciting promise of web3. But do blockchains really solve this? Where will user data be stored? Say, the comments we write here on HN, will they be stored on-chain? Or all things I publish on CryptoFacebook, are they all on-chain? Would be great to have that answered because I was not able to figure it out so far.
Then I don't see the privacy problematic solved. As everything is tied to my wallet, this means that all my data is public. So after I send a friend a bit of lunch money he can see my wallet address and thus can check my subscriptions on CryptoOnlyFans, can see which words I am learning on CryptoDuoLingo and at which times of the day I am learning etc etc. Obviously this is horrific from a privacy aspect so how do we keep data private while it still being public?
"Man, Mozilla Persona was cool, shame it got shut down. Wish someone would bring it back."
> cryptographic identity layer emerges with good UX and application support, and an optional economic layer and users aren't screwed when Mozilla inevitably drops support
To me the most damning part of the article is:
> These critiques are usually unmoored to anything actually happening in the blockchain space, and unaware of the technological development and cultural vision. This bifurcation is extremely harmful for the health of the emerging technologies: these technologies are not going to go away, so if your only answer is dismissal and anger, you’re actually just ceding the power to decide what these technologies will look like in our world. This pattern of discourse creates a negative-sum feedback loop that does a disservice to all.
Quite frankly, if web3 really was all its cracked up to be, enthusiasists wouldn't be so offended anytime someone "didn't get it". After all, if it really was gold, they would be too busy making cool things and the results would speak for themselves.
As the author says, those who ignore something ceede power to those who show up. But why would the people who show up be so offended that people are giving them power? If it was actually valuable wouldn't they want it for themselves?
Every time someone criticizes cryptocurrency, its always the same refrain: people are wrong to be negative. All the bad vibes will turn your heart black, etc. That's what cults say, not what people with viable tech say.