A quick problem that came up yesterday... ## Proof of unique validator **Motivation: we want a sybil-resistant P2P network.** This is about to become more important due to data availability sampling. We particarly want to ensure that validators get assured access to DAS to prevent attackers from compromising liveness. So, one family of solutions involves validator nodes giving each other priority at the P2P. Many specific solutions--S/Kademlia, maybe special GossipSub groups for validators, or just reserving at least `m` out of `n` slots in the routing table for validators. In each case, we get the following problem: **Problem: let a node prove they are a unique validator, without revealing which one.** It's important that nodes not reveal *which* validator they are to avoid denial-of-service attacks. Under the current consensus algorithm, the next proposer is public. So if Alice has the next slot and Bob has the one after that (in the event she misses her slot), then Bob can see that and send her a flood of packets right when it's her time to propose a block. Alice misses her slot, and Bob gets slots' worth of MEV! ## Open problem: can we do better than SNARK? George, Mary Maller, Andrija Novakovic, and Pop proposed [a nice solution this problem](https://ethresear.ch/t/proof-of-validator-a-simple-anonymous-credential-scheme-for-ethereums-dht/16454) recently. It relies on SNARKs plus either a Poseidon (=SNARK-friendly hash function) Merkle tree or KZG + Caulk. **Q: could we use semaphore?** Here, instead of the protocol giving us a derived P2P address/public key, we can commit to one + prove we're a unique validator all in one SNARK. The SNARK outputs a nullifier hash to ensure uniqueness, similar to [Tornado, Z]cash. ```mermaid graph LR sec[Semaphore secret] -->|private| Box[SNARK] path[Merkle path] -->|private| Box root[Merkle root = validators group] --> Box extNull[External Nullfier, eg epoch] --> Box sig[Signal, eg P2P address / ENR pubkey] --> Box Box --> valid[Valid] Box --> null[Nullifier Hash] ``` **Q: can you prove you're a unique validator without snarks and without trusted setup?** Open question. Might be possible with a group signature scheme that outputs a nullifier, like a specialized Semaphore. ### Other questions **Do we still need this if we have SSLE?** Single secret leader election means that you don't know who's going to propose the next block. In that case, do we still need to hide which validators are using which peer addresses?
Last changed by  
DC Posch
67

Read more

Silver Portal and Bitcoin Mirror

One of my goals this year was to understand blockchains in depth. In this guest post, I'll take you with me on part of that journey. We'll explore two related prototypes for interoperability between Bitcoin and Ethereum. The first is a cross-chain light client, while the second is a cross-chain decentralized exchange. Bitcoin Mirror Bitcoin Mirror is a bitcoin light client that runs on the EVM. Here's the testnet BtcMirror contract. The mechanism is straightforward: anyone can submit a list of Bitcoin block headers. The contract checks header validity, keeping only the heaviest chain it has seen. (In other words, each time you submit, you can either extend the current chain or reorg--but either way, you must set a new high score for the chain with the most work, replacing what was there before.) As long as one honest actor is running a submitter script, and as long as the majority of bitcoin hashpower remains honest, the contract tracks the canonical chain. This lets users prove Bitcoin payments on Ethereum, opening some interesting possibilities. For example,

10/12/2022
Read more from DC Posch
Published on HackMD