The document discusses the intersection of information security, blockchain technology, and artificial intelligence (AI) in the context of web3, highlighting key principles such as confidentiality, integrity, and availability. It emphasizes the importance of decentralized systems in ensuring the security of digital assets and addresses challenges like the blockchain trilemma of decentralization, security, and scalability. Additionally, the document explores the role of zero-knowledge proofs (ZKP) in enhancing privacy within AI and machine learning models, while also noting potential risks associated with web3 technologies.

1. Security in the AI & Web3 era
LAN NGUYEN
CO-FOUNDER
VERAMINE INC.

2. Outline
Info Security: ISO CIA. TLS. SOC. In-Memory
Web3: Digital Assets. Blockchain. Crypto tech
AI&ML: Attention Model. Transformer. GenAI
Big Data: Storage. Computation. Management
Final Notes: First principles. Turing Awards

3. Information Security (IS)
The General Principles of Information Security are the C-I-A triad
- Confidentiality: information service available only to authorized users
- Integrity: information service is accurate and complete
- Availability: authorized users can always access information service
From International Standards Organization (ISO) 27001 for IS
Across all areas. Very general, broken into detailed criteria to implement
Needs a balance between security, performance and useability

4. TLS
C: Data Encryption across Internet
I: Data Signing. Server Authenticity
A: User Authentication
They are the simplest Crypto ZKP, securing the
whole Internet and Digital World

5. SOC
• I and A of IT Systems. Even C of Data and Services
• Logs, Rules, Alerts, Actions are materials for Monitoring Activities: Collection,
Detection, and Response.
• Suite of SIEM, EDR, IPS, FW, PAM, DB Sec, User Sec Management, Services
• Need good tools and full coverage. E.g. Memory-Based
• Attacks: Webshell. Memory shell. Fileless. Powershell. Code injection. Process open
• Defenses: Yara memory search. Log memory events. Query memory logs & dumps

6. TEE
• A trusted execution environment (TEE) helps code and data loaded inside it
be protected with respect to C and I
• From Negativity in Web1-2: Computing Vendors control Users
• To Positivity in Web3: More Trust to Computation and Storage
• C for AI models and Crypto secrets
• I for Important and Sensitive services

7. Web3
• Web 1 (Read) is about connectivity and management of Digital Information
Web 2 (Write) is about connectivity and management of Digital Services
Web 3 (Own) is about connectivity and management of Digital Assets
• Blockchain is the fundamental Decentralized platform to secure the Digital Assets
E.g. Integrity: Prevent bank staff to steal customers’ money. Outdate several attacks
• Traditional Blockchains have been providing Integrity and Availability to Digital Assets
Modern Blockchain tech also provides Confidentiality, such as by ZKP and MPC

8. Blockchain and Bitcoin of Decentralization
Satoshi Nakamoto introduced the Bitcoin Whitepaper
Transactions (Tx) are validated and broadcasted. Many Txs form a Block. Many Blocks form a Chain
Blocks go through Consensus & Verify to select the next Block to add to the Chain
Validation and Consensus are competed or executed by peer computer nodes, called Miners
(Proof of Work - PoW) or Validators (Proof of Stake - PoS). The first Block is Genesis #0
Cryptography:
Hash
Merkle Tree
Signatures

9. Properties of Blockchain
Decentralization: No trusted party for Activities (Txs). Instead, use Distributed peer-to-peer
network of computing nodes
Scalability: Challenging, as a tradeoff to Decentralization and Security. Expensive Consensus
leads to high fee and delay for Activities (Txs) and limiting adoption
Security - Integrity: Against Double-Spending, Forging, Altering… of Data (Financial Ledger).
Achieved by Consensus Mechanism (PoW, PoS) against Sybil and Majority attacks
Security - Availability:
Censorship Resistance: Freedom to transact. Txs Immutability. No Confiscation
Permissionless (vs. Permissioned): Anyone can participate in the Consensus Mechanism

10. Ethereum
• Ethereum is a public blockchain-based distributed ledger
• Smart contracts execute in Ethereum Virtual Machine (EVM)
• EVM is a decentralized Turing-complete virtual machine
• ‘Gas’, by Ether, pays for smart contracts’ computation costs
• Currencies Ether, Gwei, Wei, awarded to miners and transferable between
accounts
• Ethereum was proposed by Vitalik Buterin and went live on 30 July 2015

11. Ethereum, more…
• Two types of accounts: User (controlled by private key), Contract (controlled by code)
• State: Mapping of Addresses to Account Objects (Balances, Contracts…)
• Account Balance vs UTXO. History: Transactions, Receipts
• All nodes run all contracts and store State. Some nodes store History
• Address is 40 hexa-digits rightmost of the Keccak-256 hash account’s ECDSA public
key
• Proof of Stake: Consensus by a combination of stakes (e.g. wealth, age…), and Punish
misbehavior

12. Blockchain Trilemma and Rollups
A high-performing blockchain platform must have three properties:
Decentralization, Security, and Scalability
The Blockchain Trilemma refers to the belief that blockchain platforms can
only achieve two of these three goals effectively.
First coined by Vitalik Buterin
https://www.bitstamp.net/learn/blockchain/what-is-the-blockchain-trilemma/
Mitigating Solution: Off-chain processing using Rollup (Layer2)
=> Wider Blockchain adoption bring Web 2 services into Web 3

13. Zero Knowledge Proofs (ZKP)
Vitalik ETH Founder "ZK SNARK is at least as important
technology as Blockchain"
ZKP builds Rollups, mitigating Blockchain Trilemma
ZKP builds Privacy (of Confidentiality) into Blockchain
ZK allows Confidentiality and Soundness allow Integrity
Recently, more focus on a particular ZKP: SNARK

14. More Cryptography
Cryptography is the Dual Art of Hiding (Confidentiality) and
Proving (Integrity) Information
- Encryption vs. Signature (of Data)
- Commitment Hiding vs. Commitment Binding
- Delay Encryption vs. Verifiable Delay Function VDF
- FHE vs. ZKP (of Circuits)
- ZK Privacy vs. ZK Soundness

15. Web 3 Security
Digital Assets and Processing in Web 3 are growing fast
Blockchain Security (Integrity) helps but more is needed. Risks:
- Loss of private keys
- Phishing, scams, and hacks that target a user’s crypto wallet or private keys (as Web3’s “passport”)
- Blockchain or crypto companies or exchanges with insufficient government oversight
- Failure and exploits of Web 3 coding, e.g. smart contract
https://brave.com/web3/intro-to-web3-security/
ZKP: Complexity => Bugs => Big $ Hacks. ZKP Security is A Major Challenge to Mass Adoption

16. AI&ML: LEARNING = REPRESENTATION +
EVALUATION + OPTIMIZATION
ML consists of just three components
- Representation. A classifier must be represented in some formal language
that the computer can handle, and how to represent the input
- Evaluation. An evaluation function is to distinguish good classifiers from
bad ones
- Optimization. A method to search among the classifiers in the language for
the highest-scoring one
Ref. Pedro Domingos

17. The 5 Tribes of Machine Learning
• Ref. Pedro Domingos

18. Attention Model
Ref.
Andrew Ng.

19. Transformer of GenAI
Ref. paper
“Attention Is All You Need”

20. Transformer
Previous sequential models have limited reference windows
Attention mechanism, given enough compute resources
- have an infinite ref window
- use the entire context to generate output
Transformers is an attention-based encoder-decoder architecture
- encoder maps input sequence into an abstract holding all learned info
- decoder takes that and previous output to generate output

21. Big Data Storage and Computation
NoSQL provides storage & retrieval in means other than RDB, to offer rapid
scalability to manage big data
Schema is as a blueprint of how the database is constructed (e.g. divided into
database tables).
View is based on queries that runs on db tables
Denormalization improves read perf at the expense of losing some write perf
A. Spark provides analytics engine for large-scale data processing with implicit
data parallelism and fault tolerance

22. Data Exchange
• Organizations and individuals can buy and sell data, including data sets, data streams, and data services.
• Data providers to monetize their data. Data consumers to access the data for businesses or research. to
use with data and analytics and machine learning services.
• E.g. Data matching service, Airline premium customers match Bank high credit customers, saving credit
checks. Privacy issues
• The global data marketplace market size was valued at USD 968 million in 2022. And the market is
predicted to expand at a compound annual growth rate (CAGR) of 25.0% from 2023 to 2030.
• Many important data entities provide data exchange marketplaces: big cloud vendors like AWS Data
Exchange, Azure Data Share. Or IBM, SAP. Or BCA
• CIA for Data Exchange. Enc, Sign, Authen => MPC, ZKP. TEE

23. Final Notes
AI and Web3 are highly invested and developed. That leads to new techs and
apps
E.g. Ecosystem of Blockchains, Layers 0-2, Data Availability (DA). GenAI, NVDA
First Principles: Use the new techs and apps to solve the existing problems
Rethink Cybersecurity, then certain cyber attacks may no longer work

24. First Principles - examples
Automate both attacks and defenses, such as generating rules from MITRE
Use DA to prevent Ransomware attacks
Turn PKI CA into Anonymous Credential
Chain of trust allows a root authority to certify credentials to leaf entities
For bidding system's user privacy, and bidding confidentiality and integrity

25. AI & Crypto
Duality of AI (Centralization) and Crypto (Decentralization)
AI finds meaning & patterns - Crypto secures, hides, proves meanings
Centralization vs Decentralization. 5 companies are controlling the Internet
The development of AI and Crypto in parallel will help balance their powers,
preventing them from being abused

26. ZKP for AI Machine Learning
ZKML Tech uses ZKP to protect Integrity and Privacy of AI
Machine Learning (like Chat GPT) models and data
Prove that an output was produced by applying an ML
model, as a ZK circuit representation, to a given input
About the inference step of the ML model, not about the ML
model training that is very computationally expensive for ZK

27. ZKML
Verify outputs really from expensive models like GPT4
Hide input data that can be sensitive (e.g., medical records)
https://worldcoin.org/blog/engineering/intro-to-zkml
Related: Security chips, e.g. TPM, TEE, Signing, in all devices

28. Turing Awards
Turing Award is highest-privileged annual prize for scientific contributions of technical
importance to computer science, often referred to as the "Nobel Prize of Computing"
How many people in AI or Crypto won Turing? Up to 2018, both AI and Crypto are equal
at 8. Then AI has 3 more
How many people in Cybersecurity won Turing? 7, all are cryptographers as in the
Crypto list above
Crypto ZKP is conceived by Turing Winners S. Goldwasser, S. Micali and C. Rackoff in
1985

29. Q & A
LAN at Veramine dot Com