# Polkadot crypto, consensus, and security research directions Academia vs industry research: Advising and support of Parity teams like parachains, staking, etc. and W3F teams like spec and grants. ## In progress.. #### Redesigns of staking & slashing (Kian) #### Time disputes - Avoid tragedies of the commons by adjusting slashish - Add billing for time overruns, untangling delays from security (Robert K) #### Parachain features Idea: Issues largely economic. No fast auctions! - Parathreads - Short-term leases - Multi-core parablocks (Rob) #### XCMP Idea: Pass hashes via relay chain, but pass message data off-chain - On-chain auth locking (ordered vs unordered) - Off-chain delivery via approval checkers (?) #### Arkworks integration (Achim) #### Light client proofs Idea: Prove 2/3rds of validators signed a block. - Sampling a Merkle tree of signatures - Bespoke MIPP SNARK on BW6 for adding BLS12-377 public keys #### Sassafras Idea: Block production by cards against humanity - Reduces fork dramatically - Improves randomness collection and quality (somewhat) - Anonymizes half of block producers (vs $p < 0.293$ adversary) - Encrypt to upcoming block producers - Avoid memepool, saving CPU and bandwidth (With Davide at Parity) #### Ring VRFs for Sassafras Prove an anonymous validator/collator's evaluation of a VRF. - Bespoke MIPP SNARK for zk choosing JubJub public key - "Bootleproof" IPP variant (RFP) - Improved formalization of pseudo-randomness for use in VRFs #### Ring VRFs for people Anonymity for identity, blacklisting, and rate limiting - Zero-knowledge continuations. Woot! - Optimize ring membership proof - Optimize revocation - IRMA style linking? #### Mixnet incentives & theory Goal: Reward mix nodes from a distributed system. And fix some security proofs eventually. (With Julian Loss and Dimitris Papachristoudis at CISPA) #### Mixnet implementaiton (Arkady, David Emmit, ...) ## Not yet in progress #### Smaller Merkle proofs in Storage - Radix 16 makes PoVs 4 times larger in dense parts of the tree - Radix 2 plus optimizations makes sparse parts smaller too #### zkStorage How should we present alterative storage schemes in substrate? - zkSNARK friendly hashes like Poseidon - Optimization zoo for KZG commitments #### System parathreads Almost orthogonal feature sets: - Validator elections / NPoS PJR tests - Staking (?) #### Slashing resistant certificates Avoid slashing for many innocent validator mistakes - Add validator key aka meta-session key? - Register on-chain before #### Machine elves Security proof via Gambler's ruin for the "roll up" that is Polkadot. #### Elf flipping aka multiple relay chains - Analyize what happens with weaker randomness. - Design messaging? #### State channels #### Understand optimized gossip Do we ensure our gossip assumptions in our gossip topologies and protocols, ideally including with politness. #### Authenticate transport layer - How should TLS-like certificates treat the chain as the root of trust? - Are there advantages of TLS? - Do we need Noise? Should we do nQUIC anyways? - Is libp2p as bad as Pierre says? Is QUIC slow? WebRTC story? etc. #### Post-quantum session keys - Crystals-Kyber (hybrid curve25519) - Falcon is a blockchain friendly lattice signature selected by NIST (hybrid ed25519). - Stateful 1 layer XMSS is a VRF, but demands key rotation, no key backups or high-availability. - Tor friendly ring VRF for sassafras #### zkDEX Zero-knowledge continuation applications! (Some parachain team?)