## Speakers __Adán Sanchéz de Pedro Crespo__: As Tech Lead at Witnet Foundation and CTO at Stampery, Adán encompasses R&D activities in the area of smart contracts and decentralized networks with talks at specialized conferences and lectures at European University of Madrid. He was one of the first hackers to reverse engineer the WhatsApp protocol and created the Loqui IM project. Microelectronics aficionado, cypherpunk, rustacean, skeptic and pragmatist. __Mario Cao__: Mario Cao leads the product development of the Witnet protocol while actively participating in the research, architecture and development activities. He holds a PhD in Telematic Systems Engineering from the Universidad Politecnica de Madrid. Acted as Tech Lead of an innovation hub within a top European bank. Acted as Security and Software Engineer in the aerospace sector. __Gorka Irazoqui__: Gorka leads research activities in the area of decentralized oracle networks at Witnet. He holds a PhD from Worcester Polytechnic Institute in microarchitectural side channel attacks. He succesfully attacked several platforms like AWS or VMware and worked at Intel helping sanitize several cryptographic libraries. ## Talks ### 1. Implementing Verifiable Random Functions (VRFs) in Rust and Solidity Verifiable Random Functions (VRFs) lie at the heart of next-generation consensus protocols. They provide a pseudo-random function along with a publicly verifiable proof of correctness. They could be better understood as a public-key version of a keyed cryptographic digest. In this talk we will describe how VRFs work and why they are a cornerstone in current cryptographic protocols and systems. Then, we will present a crypto system that uses VRFs in order to secretly and randomly select consensus committees. We will dive into the main challenges we had to face and the lessons learned while implementing VRF libraries in Rust and Solidity. ### 2. Avoiding eclipse attacks: lessons learned and challenges Eclipse attacks proved that the inherent openness of public blockchains brings several challenges related to their network design. The consequences of compromising the underlying network protocol may corrupt the chain state as seen by victim nodes, ultimately leading to potential severe attacks such as double-spending or selfish mining. In this talk, we will give an overview on how eclipse attacks work and how to mitigate them. Then, we will perform an in-depth analysis on how to fine-tune those countermeasures to the specific challenges that a non PoW/PoS chain poses. We will discover that synchronization and reaching an actual consensus without PoW or PoS requires a carefully designed P2P bucketing system. ### 3. How to bridge a non PoW/PoS sidechain with Ethereum? Some crypto projects require a sidechain design in order offload heavy computational operations from Ethereum. In this talk we will explain how to build a bridge that enables a trustless interaction betweeen a non-Pow/PoS sidechain and the Ethereum mainnet. With a divide and conquer approach we identified two main issues to be solved. First, the ability to verify sidechain transactions from a contract on the Ethereum chain. Second, the ability to trustlessly inject sidechain block headers into the main chain. This talk will explain how to achieve both goals with cryptographic sortition, on-chain voting, merkle path verification while preserving economic incentives. We finalize our talk showcasing this design through a real-world example. ### 4. Decentralized workload distribution with VRFs and reputation system Work distribution among a decentralized subset of peers can become a challenging task without proper selection mechanisms. Among these challenges we encounter the avoidance of oligarchy generation, targeted attacks or eligibility mining. In this talk we will explore existing solutions focusing on their main challenges and drawbacks to understand the ideal properties that decentralized workload distributions should feature. Once the ideal properties have been identified, we will explain how these could be achieved through the combination cryptographic sortition, Verifiable Random Functions (VRFs) and a reputation system. When VRFs are combined with a proper reputation system, the eligibility of each peer can be dependent on its previous actions; the better it behaves, the more chances it will have to become eligible (and thus, rewarded). We finalize our talk showcasing this design through a real-world example. ### 5. RADON: a domain-specific language for oracles Oracles are bound to bridge the gap—or abyss—between the realm of smart contracts and data coming from outside the blockchain. But, at the end of the day, achieving such ambitious goal boils down to removing the inherent indeterminism of real world events by aggregating, filtering and reducing multiple data points into a single one in a predictable way. This is no easy task—even more in the case of decentralized oracles. In this talk we will introduce RADON: a domain-specific language that provides a new ontology and semantics to enable smart contract developers to define how external data will be retrieved, aggregated, filtered, reduced and reported to their contracts. We will reflect on the challenges that we faced and the quirky, wicked and hidden incentives that can be accidentally introduced by poorly constructed queries. ### 6. Preventing Sybil Attacks without PoW/PoS… and how not to die trying! Permissionless decentralized networks are particularly prone to Sybil attacks. However, they are considered impractical in PoW and PoS chains due to the inherent hardware or economic barriers associated with it. Unfortunately these solutions impose a high barriers to entry in terms of hardware capabilities and stake. In this talk we will explain how to achieve Sybil resistance without having neither PoW nor PoS consensus mechanisms. We will see how a reputation system "on steroids" (no spoilers) in combination with Verifiable Random Functions (VRFs) can overcome most of the challenges posed by them while keeping its inherent decentralized nature. We will describe all the countermeasures that have been considered in order to achieve a secure, efficient and scalable solution.