Encryption Geeks Seminar and Web3 Winter Survival Guide Sharing
Encryption Geeks Seminar and Web3 Winter Survival Guide Share
Author: YBB Capital Researcher Ac-Core
Words: Over 7000 Reading Time: 18 minutes
Preface
On July 5th, in the drizzly weather, the YBB ChainXplore: Geek Symposium 01 event ended successfully with a lukewarm crypto market. With the clear sky after the rain, we were honored to invite many heavyweight guests- senior technical experts and founders who are committed to solving current industry pain points, to have a face-to-face exchange with us at this seminar.
At the event site, the guests shared their insights on series of issues such as how to ensure fund security and prevent hacker attacks; where developers can obtain cloud-based API services; how to find efficient and reliable RPC services that meet their own needs; and what is a scalable cross-chain interoperability protocol based on MPC, ZKP, and TEE. Now, let’s feel the sparks from geeks of different research directions together.
Different Perspectives on the Crypto Winter
2022 is a long silent bear market. In 2023, we thought that the market environment would get better when the pandemic ended, but the US dollar keeps raising interest rates, and recently, the SEC has shown a more stringent regulatory attitude towards crypto trading. As an industry veteran, we have experienced several bull and bear cycles in the industry. How do we view the future development of the industry? And how can we survive this “winter” in our own field? At the beginning of the event, the host John, co-founder of YBB Capital, invited the guests to share how they survived the winter. Below are the core viewpoints of the guests.
- Flashbots: Introduction to MEVM, SUAVE Centaur, and other developments
- Understanding Arbitrum Stylus: How to bring more potential use case...
- Korean Crypto’s “Kimchi Culture”: Not Interested ...
YBB Capital Co-founder Hugh: In the last bull market cycle from the end of 2020 to the end of 2022, we can see that the market funds and technological development are positively correlated. The intervention of capital drives the development of new narratives, such as the entry of large funds like Grayscale in the last cycle, which brought more upward growth space to the bull market. Later, with the tightening of macro policies, the market was separated from some liquidity. The changes of each bull and bear cycle are like gears with certain periodicity. Regarding Crypto, we still need to focus more on the development and breakthroughs of technology, which will drive the entry of large funds. From the on-site meeting of the Black Mountain EDCON, it can be seen that people are more concerned about the breakthrough of ZK technology and the combination of AI and blockchain. Regarding AI, people are generally pessimistic, thinking that AI will dominate the world, but overall, it is still very interesting, with various different thoughts colliding with each other. Overall, we are also looking for a new narrative to drive the development of a new bull market.
Joshua, Investment Manager of Kernel Ventures: After Hong Kong released its compliance policy in April this year, due to considerations of liquidity, more compliance is needed. Liquidity is also a factor that the exchange category management is very optimistic about. Overall, the liquidity and popularity of the project itself are still relatively important. From the perspective of a VC-level investment, although our current rate of investment is not high, we are also looking for projects that we can work with, including providing product suggestions to the project party, product-level asset liquidity, and key resource docking, being able to provide some value support for the project, is also something we can do for the industry at present.
Liquid, Engineer of Chainbase Data: How can individuals survive this bear market? My advice is not to use leverage. When a project is financing, it must first consider how to get through the bull and bear markets and prepare for the bear market. It is necessary to improve the operational capabilities in cost control and customer acquisition, and try to ensure that the project can persist for a long enough time in the bear market. Regarding the major market trend, looking back at the previous bull and bear cycles, it is not difficult to find that they were driven by mainstream coins, but the volume of Bitcoin and Ethereum is already considerable. The next bull market must have several compliance factors, such as BlackRock’s ETH application and the clear turning point of the expectation of USD interest rate increase. After that, funds will turn to the coin circle.
Haichao Zhu, Co-Founder of Rooch Network: Currently, the primary market is still in a calm period. What can be felt is that the current market tends to be impetuous, and there is also a strange phenomenon. A project may not have its outstanding innovation point, but as long as it has attributes such as ZK, Layer2, EVM, GameFi, and at least 100,000 users, it is easy to win the favor of VCs. But we will insist on doing a good job of infrastructure construction for the industry, and making contributions to the industry in our own way.
Hugh, Co-Founder of YBB Capital: We can also feel that there is a polarization in the current market, and it is difficult for good projects to be invested by VCs. For projects that are grounded but have weak technological barriers, even if the valuation is low, VCs dare not invest. Most investments are currently driven by market sentiment, but from the investment results of large institutions such as A16z, most projects have broken. But we still need to look at the current market with optimism and continue to search for new technological breakthrough points with passion.
Chainbase Development Relationship Supervisor Zhengxue Dai : My perspective may be a little different from everyone else’s. I believe that the winter is not here yet. We are currently facing a global recession and a structural decline in the domestic population, so many people have reduced their investment in primary markets because the market lacks consumption momentum and the money in the primary market is not enough. It can also be seen that the number of developers is still increasing, and jokingly speaking, maybe the real winter of the industry will only come when I want to leave this industry myself. We will pay attention to the number of developers on the entire chain and the number of contract deployments. From the current number, it has decreased significantly compared to last year. Most public chains now want to hoard a group of developers. Although Layer2 has a very large TVL at present, the vast majority of them are wool-fleeced users who have not contributed to the ecology, so I want to ask you, where do you think the current developers are?
BlockSec Co-Founder YaJin Zhou : Where are the Web3 developers? We have been thinking about this issue because our service object is mainly project parties. This is actually a chicken-and-egg problem. The projects developed by developers are essentially used by users. There are users before there is demand, there is demand before there are projects, and there are projects before there are developers. Before there is a particularly good Web3 application scenario landing, it is unrealistic to have a large number of users flooding into Web3. So the problem returns to how to bring more users in. We need to think about what needs of users Web3 actually solves and what kind of applications can bring users in under the background of the bear market today. For this issue, I am still relatively optimistic. With the help of the current market situation, some bad projects have been eliminated. For example, in the case of continuous explosions on centralized exchanges, more funds have flowed into decentralized exchanges. This process has put us all in a stage of accumulation and development. Only after precipitation can better products come out.
Image source: live shooting
Dark Forest and Light Knights
According to the latest statistics from Hacked.slowmist, from January 2012 to July 14, 2023, the total amount of losses caused by hacker attacks in the blockchain field has exceeded 30 billion US dollars, with a total of 1,108 hacker attack incidents! No matter what role we play in Web3, we are all bound by the rules of the dark forest law. Compared with Web2, the decentralized Web3 network has lost some security to a certain extent. Similar to the scalability logic provided by Ethereum Layer2, Web3 also needs light knights to expand the security of the network.
Data source: Slowmist official website
User and project security guards
The biggest pain point in the current industry is security. Among the many types of assets that are stolen, user wallets, project parties, and cross-chain bridges are the three types that are most easily attacked by hackers. In order to reduce the occurrence of attacks, YBB Capital invited contract security audit project-BlockSec and decentralized signature cross-chain bridge solution-Bool Network to share their solutions in the security field with guests at the event.
Image source: BlockSec official website
BlockSec is a blockchain security service team. As a security solution for blockchain developers, BlockSec can provide project lifecycle security services from before contract deployment (e.g. code auditing) to after contract deployment (e.g. monitoring and blocking). BlockSec’s security monitoring and attack blocking technology has been widely recognized by the community, and has cooperated with many mainstream project parties, including the recently cooperation with Compound to develop an attack monitoring system for Compound V3 contract development. BlockSec has been committed to providing security infrastructure for the community, and has launched a series of security products and tools, including the Phalcon blockchain development testing and monitoring suite developed for project parties, the MetaDock security toolbox for Web3 users, and the cross-chain fund flow tracking platform MetaSleuth.
Enhancing Security Beyond Code Audit
A development, testing, and monitoring suite for project owners: Phalcon (Phalcon.xyz)
Phalcon is a security development, testing, and monitoring suite designed for Crypto project owners by BlockSec. BlockSec believes that web3 security issues cannot be resolved solely through code audit. On the one hand, high-quality audit services are scarce and cannot meet the needs of so many project owners. On the other hand, new risks may arise after the project goes online as attack methods continue to evolve. Therefore, after a series of practical exercises and product exploration, Phalcon was born to bring a new security paradigm to web3.
Phalcon has three core modules:
1) Phalcon Explorer: a powerful blockchain transaction explorer that provides transaction analysis, simulated execution, debugging, and other functions;
2) Phalcon Fork: a secure testing platform that can be deployed in a private environment and is consistent with the main network state. It is embedded with a security tool suite to help project owners conduct initial security screening, and supports team collaboration and public testing of projects;
3) Phalcon Block: an active threat defense system that provides exclusive capabilities for monitoring, alerting, and blocking (pausing or preempting) hacker attacks. Reportedly, BlockSec has successfully intercepted attacks and recovered funds exceeding $14 million, making it the only security company with a successful practical case in the field of active defense.
Picture source: Phalcon official website
MetaDock – Security Toolbox for Web3 Users (blocksec.com/metadock)
MetaDock is a completely free, open-source, and ad-free browser plugin that provides extension functionality for blockchain browsers such as Etherscan. Through innovative product design, it seamlessly integrates more than ten functional shortcuts for practical products and becomes an efficient tool for every security researcher, data analyst, and crypto user. The product can help users quickly understand the transaction content through the built-in GPT function, view the flow of funds in the address with one click, understand the risks of NFT collections, and provide clearer labels and ratings for contract addresses. It has received five-star ratings and featured recommendations from Google and Firefox browsers.
Image source: MetaDock official website
MetaSleuth: A Cross-Chain Asset Tracking Platform (metasleuth.io)
MetaSleuth is a visual analysis platform for cross-chain encrypted assets. By entering the wallet address to be queried, the dynamic transfer of chain-related assets can be visualized. It is also a tool that “on-chain detectives” use very frequently and can monitor the direction of chain assets in all aspects. Currently, it has integrated ten chains.
Image source: MetaSleuth official
A New Solution for Another Heavy Disaster Area of Hacker Attacks – Cross-Chain
Bool Network is a decentralized signature network that is permissionless, completely trustless and highly scalable based on multi-party computing (MPC), zero-knowledge proof (ZKP) and trusted execution environment (TEE). The network can serve the entire chain interoperability protocol. It proposes a decentralized signature scheme to facilitate the transmission of arbitrary messages and the transfer of digital assets across heterogeneous networks.
Technical Architecture
Image source: Bool Network official
The most critical part of cross-chain is the relay, but currently secure and decentralized relays have not been implemented yet, so most of the hacker attacks in the current network are focused on cross-chain bridge attacks. Because most cross-chain relays are controlled in a centralized manner, the root cause is incorrect management and leakage of private keys. For example, traditional solutions such as multi-signature or MPC are still controlled by partially centralized entities and cannot fundamentally solve security problems. Bool Network uses a scheme to maintain a decentralized signature network to ensure that private key management is not controlled by any third party, thus solving such problems.
Bool Network introduced the important concept of “Dynamic Hidden Committee” to manage private keys on specific blockchains for any form of cross-chain transaction and information transfer. It also proposed its original Ring VRF election algorithm to ensure the privacy of committee members’ identities. It is worth noting that the programs of all committees run in TEE to ensure the confidentiality and integrity of relevant components.
Image Source: Bool Network Official
-
MPC: Allows data holders to achieve collaborative computation and result output in an untrusted environment. Unlike multisignature, MPC (multiparty computation) has higher privacy, stronger security, better flexibility, and wide applicability.
-
ZKP: It provides a uniquely secure verification method that hides the real public key of VRF in a ring structure based on the Ring VRF, allowing its verifier to show ownership of a private key corresponding to a certain public key to a verifier without revealing sensitive information through non-interactive ZKP technology.
-
TEE: It is an area that guarantees the privacy and security of computing in the CPU of a mobile device. In the Bool Network, TEE is an isolated environment. TEE not only stores sensitive data but also provides verifiability. Verifiers can verify that the core code and business logic running in TEE have not been modified to ensure security.
Image Source: Bool Network Official
In the initialization phase of the “committee,” we assume that 21 nodes are randomly selected from 10,000 TEE nodes. First, the private key controlled by the “committee” is divided into 21 fragments by the DKG algorithm, and then the private key fragments are encrypted and stored by trusted hardware. Even malicious nodes cannot obtain the real private key fragments, which fundamentally eliminates malicious intentions. In this process, the Ring VRF protocol is used to hide the real identities of these committee members, preventing internal collusion and increasing the cost of external attacks. Because external hackers need to find 21 hidden committee members selected from a total of 10,000 nodes.
Source: Bool Network official
Finally, through secure multi-party computing technology, data signature requirements are implemented based on private key fragments, and secure multi-party computing has a clear feature that even if some nodes are abnormally offline, the signature can be completed. In addition, Bool also defines a fixed time period called “epoch”. For a selected group of nodes, they can only control a committee with each other within an epoch. After an epoch, their management of a committee will be transferred to a new group of nodes. And this process is still facilitated by the Ring VRF algorithm to enhance the security of the private key for committee management.
Bool Network is a secure underlying infrastructure for private key management
Bool Network is the industry’s infrastructure, a service proposed to maintain cross-chain communication security, such as managing terminal private keys in DeFi bridging applications built on Bool Network. In addition, Bool Network is scalable to provide off-chain committee consensus, such as oracle services that operate in a more decentralized manner.
Source: Bool Network official
To sum up, the difference between Bool Network and other cross-chain protocols is that it uses Ring VRF to dynamically manage private keys for privacy committees, which is fully composable to achieve arbitrary information transmission between heterogeneous blockchains. It is worth mentioning that the academic research of Bool Network has been accepted by IEEE Transactions on Information Forensics and Security (TIFS) journal. The team plans to support more blockchain networks in the future.
Now the product is already available on networks such as Bitcoin, EVM, Solana, Sui, Filecoin, etc. The team also plans to provide secure solutions for wallets and asset management platforms. It is expected that by the fourth quarter of 2023, there will be more than 1,000 nodes running in Bool Network, and the more nodes are supported, the stronger the network’s security and decentralization will be.
RPC service that accelerates developer efficiency
Technically, a blockchain node is a high-performance computer or server that connects to a decentralized network of computers and is responsible for storing and updating blockchain data. In simple terms, the blockchain protocol is like Ethereum’s EVM or Bitcoin’s Bitcoin protocol. When you run the EVM on your computer, you become a node, but there are different types of nodes.
RPC (Remote Procedure Calls) is a protocol for remote procedure calls (RPC). The RPC service runs the blockchain node client on the server and provides an http or websocket interface through DNS domain name resolution.
Source: BlockPI official website
Technical architecture:
BlockPI Network is a blockchain infrastructure project, whose technical architecture is mainly composed of five parts: BlockPI Hub, HyperNode, Gateway, FisherMan, and Validator. The five complement each other and together constitute the complete network of BlockPI Network.
1) BlockPI Hub
BlockPI Hub is a collection of multiple sets of functions, including user management system, node rating, certifier system, and account system. In addition, user registration information, account information, and KYC information are all stored here. Moreover, it has been testing the nodes in the test network, which is a reference data source for the BlockPI load balancer. The income and expenses of the entire network, as well as the rewards to the roles in the system, are all completed in Hub, which accounts for a relatively heavy proportion in the entire system.
2) Gateway
Gateway is responsible for collecting and classifying user requests, and the BlockPI load balancer routes them to the appropriate HyperNode. The load balancer in Gateway evaluates the health status of the backend HyperNode nodes in real time, allocates workload to ensure that the entire network is in the best service state.
3) HyperNode
HyperNode is the terminal node that handles RPC requests and sends responses to users through Gateway. HyperNode usually runs with the full node of the target blockchain (RPC request target). In the test network phase, the official website opened up to third-party operators to join HyperNode and run nodes to verify the decentralized architecture. Now, it supports twenty-four blockchain networks.
Image source: YBB Capital
