# Polkadot crypto, consensus, and security research directions
Academia vs industry research: Advising and support of Parity teams like parachains, staking, etc. and W3F teams like spec and grants.
## In progress..
#### Redesigns of staking & slashing
(Kian)
#### Time disputes
- Avoid tragedies of the commons by adjusting slashish
- Add billing for time overruns, untangling delays from security
(Robert K)
#### Parachain features
Idea: Issues largely economic. No fast auctions!
- Parathreads
- Short-term leases
- Multi-core parablocks
(Rob)
#### XCMP
Idea: Pass hashes via relay chain, but pass message data off-chain
- On-chain auth locking (ordered vs unordered)
- Off-chain delivery via approval checkers
(?)
#### Arkworks integration
(Achim)
#### Light client proofs
Idea: Prove 2/3rds of validators signed a block.
- Sampling a Merkle tree of signatures
- Bespoke MIPP SNARK on BW6 for adding BLS12-377 public keys
#### Sassafras
Idea: Block production by cards against humanity
- Reduces fork dramatically
- Improves randomness collection and quality (somewhat)
- Anonymizes half of block producers (vs $p < 0.293$ adversary)
- Encrypt to upcoming block producers
- Avoid memepool, saving CPU and bandwidth
(With Davide at Parity)
#### Ring VRFs for Sassafras
Prove an anonymous validator/collator's evaluation of a VRF.
- Bespoke MIPP SNARK for zk choosing JubJub public key
- "Bootleproof" IPP variant (RFP)
- Improved formalization of pseudo-randomness for use in VRFs
#### Ring VRFs for people
Anonymity for identity, blacklisting, and rate limiting
- Zero-knowledge continuations. Woot!
- Optimize ring membership proof
- Optimize revocation
- IRMA style linking?
#### Mixnet incentives & theory
Goal: Reward mix nodes from a distributed system.
And fix some security proofs eventually.
(With Julian Loss and Dimitris Papachristoudis at CISPA)
#### Mixnet implementaiton
(Arkady, David Emmit, ...)
## Not yet in progress
#### Smaller Merkle proofs in Storage
- Radix 16 makes PoVs 4 times larger in dense parts of the tree
- Radix 2 plus optimizations makes sparse parts smaller too
#### zkStorage
How should we present alterative storage schemes in substrate?
- zkSNARK friendly hashes like Poseidon
- Optimization zoo for KZG commitments
#### System parathreads
Almost orthogonal feature sets:
- Validator elections / NPoS PJR tests
- Staking
(?)
#### Slashing resistant certificates
Avoid slashing for many innocent validator mistakes
- Add validator key aka meta-session key?
- Register on-chain before
#### Machine elves
Security proof via Gambler's ruin for the "roll up" that is Polkadot.
#### Elf flipping aka multiple relay chains
- Analyize what happens with weaker randomness.
- Design messaging?
#### State channels
#### Understand optimized gossip
Do we ensure our gossip assumptions in our gossip topologies and protocols, ideally including with politness.
#### Authenticate transport layer
- How should TLS-like certificates treat the chain as the root of trust?
- Are there advantages of TLS?
- Do we need Noise? Should we do nQUIC anyways?
- Is libp2p as bad as Pierre says? Is QUIC slow? WebRTC story? etc.
#### Post-quantum session keys
- Crystals-Kyber (hybrid curve25519)
- Falcon is a blockchain friendly lattice signature selected by NIST (hybrid ed25519).
- Stateful 1 layer XMSS is a VRF, but demands key rotation, no key backups or high-availability.
- Tor friendly ring VRF for sassafras
#### zkDEX
Zero-knowledge continuation applications!
(Some parachain team?)