# Contributions of three different papers ## HybridChain :::success **Research question**: Is a blockchain system that combines two types of puzzle robust? Is it live? under which assumptions and what novel attacks are introduced? ::: :::info Motivation: Permissionless systems that try to solve useful tasks rely on centralized entities whose role is to propose useful problems to be solved. At least temporarily, those entities become a single point of failure that might hinder the liveness of the system. So far no practical open and distributed system has been proposed that solves the problem of adjustability for generic useful tasks, while being robust to Byzantine participant. ::: We propose a framework that combines a permissionless blockchain with solutions of useful tasks. Useful tasks cannot be randomly generated, therefore introducing an entity, the supplier, that provides a problem to be solved to the network of peers. We list the requirements that the cryptopuzzle replacement should satisfy. Beside, we elaborate the challenges of combining proof of work systems with generic computation puzzle. Our contribution is the proposal of an adjustability framework that accomodates the solution of generic computational tasks. We analyze the incentives and produce a threat model showing how the system copes with such threats. We focus on liveness-related threats, acknowledging that specific security aspects are task dependant and outside the scope of our generic adjustability framework. We provide our definition of liveness and prove both analytically and with simulation that the system is live under a set of assumptions. Additionally, we introduce a novel difficulty modification algorithm. Brief list of contributions: - We propose a permissionless blockchain framework that provides adjustability for computationally intensive tasks whose time-to-solve can only be estimated. - We specify the API that a generic useful-work component shoud expose to Miners and Solvers - We elaborate a Threat model and show how the system copes with specific classes of liveness attacks (incentive analysis) for the different roles - On top of the proposed framework we introduce a novel difficulty adjustment algorithm that improves the ratio of useful blocks appended to the chain - Simulation of system evolution under different Supplier models to demonstrate the robustness of the system - Incentive analysis and economic model. resource consumption and the reward for the ### Evaluation Model the Supplier, [In the evaluation, show the liveness of the system] [In the evaluation, show the effect on the blockchain of different types of suppliers] ## NeuralWatermark Subtitles: - *Distributed neural network watermark validation* - *On the resistance of watermark keys* :::success Research questions: is it possible to have a computationally secure watermarking technique? Does a change in the NN invalidate the watermark? Does a change in the watermark invalidate the NN? Can validation be done independently in a distributed fashion? If the WM ket is disclosed, how easy is to remove it? ::: In this paper, we aim at relaxing some security assumption of classic watermark-related works for Neural Networks. Usually in watermark techniques the rightful owner validates on demand the ownership of the network, perhaps storing some private informations for that purpose. The authors, usually analyze attacks that are executed to the neural network side, while the embedded WM key is considered safe. We want to relax those assumptions and investigate how susceptible is the WM key to successfull attacks such as fine tuning. For example, what happens if even a single bit is flipped? Another departure from classic watermarking works is that all informations for ownership validation need to be made public since all the peers need to independently validate the ownership. The desirable result for that work is that embedding a WM key into a pre-trained model and one from scratch takes roughly the same time. :::spoiler --- Old text: Different watermark techniques have been proposed for neural networks. Such technqies can be categorized in eirher white or block box, based on the possibility to access and manipulate internal elements of the network. We introduce the same properties listed in Hybrid chain and analyze the coverage of every watermarking techniques. We propose our own watermarking techniqe. investigate the robustness and reliability of watermarking schemes for neural netowkrs. We review the types of attacks proposed in the literature and evaluate the level of impace for the proposed types of watermark. --- ::: Do properties as fidelity, reliability, etc hold for the WM key itself? What happens if we relax the assumptions about WM key secrecy? Can the network be used to validate the watermark instead of the other way around? Contribution: test the resistance of the watermark key, if it gets published can we use the same test for testing the robustness of the WM key? Brief list of contributions: - Analysis of the requirements for the WM keys. Key lenght and distribution - New threat model for watermarks that considers WM keys disclosure - Quantitative evaluation of fine tuning attacks on the WM key. What happends if one bit in the WM key is flipped? how does that affect the validation? - Time efficieny analysis to embed WM keys into the network ## BlockML2.0 :::success **Research question**: given a live hybrid computation chain with a safe ML watermarking technique solutions, what type of performance can the resulting blockchain sustain? What are the limitations and the storage requirements? ::: BlockML is a framework that builds upon the results of HybridChain, by combining open blockchain with useful Machine Learning problems. The goal of the paper is to show that ML tasks are suitable as replacement for the cryptopuzzle, with specific modifications. We illustrate the main challenges for ML tasks that replace cryptopuzzle. i.e. the non perfection of the solution and verification overhead. Additionally we model the storage requirements. provide the validation algorithm for solution validation The papers shows the impact of library attacks in which big ML repositories can solve the task in a very short time thanks to transfer learning. Analyze tradeoff between fairness (big ML repos always win) against efficiency Brief list of contributions: - System architecture and components for Miners and Trainers targeted for ML tasks - Algorithms for Task definition creation and validation - Evaluation of transaction throughput and solved tasks throughput. - Storage requirement evaluation