4. Cryptoeconomics
A formal discipline that studies protocols that govern
production distribution and consumption of goods and
services in decentralised digital economy.
Vlad Zamfir
General consensus is its derived from Cryptography and
Economics
5. Economics
Economics is "a social science concerned chiefly with
description and analysis of the production, distribution,
and consumption of goods and services". Economics
focuses on the behaviour and interactions of economic
agents and how economies work
Wikipedia
6. Cryptography
A Cryptography (from Greek κρυπτός kryptós, "hidden,
secret"; and γράφειν graphein, "writing", or -λογία -logia,
"study", respectively) is the practice and study of
techniques for secure communication in the presence of
third parties called adversaries
Wikipedia
7. Security Engineering
Security engineering is a specialized field of engineering
that focuses on the security aspects in the design of
systems that need to be able to deal robustly with
possible sources of disruption, ranging from natural
disasters to malicious acts. It is similar to other systems
engineering activities in that its primary motivation is to
support the delivery of engineering solutions that satisfy
pre-defined functional and user requirements, but it has
the added dimension of preventing misuse and malicious
behavior. Those constraints and restrictions are often
asserted as a security policy.
Wikipedia
8. Cryptographic Engineering
Cryptographic Engineering is the discipline of using
cryptography to solve human problems. Cryptography is
typically applied when trying to ensure data
confidentiality, to authenticate people or devices, or to
verify data integrity in risky environments.
Wikipedia
9. Provable Security
Provable security refers to any type or level of security
that can be proved.Uses mathematical proofs, which are
common in cryptography.
The capabilities of the attacker are defined by an
adversarial model.The aim of the proof is to show that the
attacker must solve the underlying hard problem in order
to break the security of the modelled system.
Wikipedia
10. Provable Security - Contentions
Koblitz and Menezes have claimed that provable security results
for important cryptographic protocols frequently have fallacies in
the proofs; are often interpreted in a misleading manner, giving
false assurances; typically rely upon strong assumptions that may
turn out to be false; are based on unrealistic models of security;
and serve to distract researchers' attention from the need for
"old-fashioned" (non-mathematical) testing and analysis.
11. Complexity Classes
In computational complexity theory, a complexity class is
a set of problems of related resource-based complexity. A
typical complexity class has a definition of the form: the
set of problems that can be solved by an abstract machine
M using O(f(n)) of resource R, where n is the size of the
input.
Wikipedia
12. Adversary
An adversary (rarely opponent, enemy) is a malicious
entity whose aim is to prevent the users of the
cryptosystem from achieving their goal (primarily privacy,
integrity, and availability of data).
Wikipedia
14. Tokens - Economic view
• Exonumia, items of currency other than coins and paper
money
• Token money, money that is of limited legal tender
• Token coin, a small, flat, round piece of metal or
plastic that can sometimes be used instead of money
• Voucher or gift card, redeemable for items of value
Wikipedia
15. Tokens - Computer Science view
Token, an object (in software or in hardware) which represents
the right to perform some operation:
• Tokenization (data security), the process of substituting a
sensitive data element
• Token, an object used in Petri net theory
• Access token, a system object representing the subject of
access control operations
• Session token, a unique identifier of an interaction session
• Security token or hardware token, authentication token or
cryptographic token, a physical device for computer
authentication
Wikipedia
18. Hash functions
A hash function is any function that can be used to map
data of arbitrary size to data of a fixed size. The values
returned by a hash function are called hash values, hash
codes, digests, or simply hashes.
Wikipedia
19. Hash functions testing - Diehard
The diehard tests are a battery of statistical tests for
measuring the quality of a random number generator.
They were developed by George Marsaglia over several
years and first published in 1995 on a CD-ROM of random
numbers
Wikipedia
20. MD5 - Attacks
• 1991 - Rivest Created MD5 as MD4 was broken
• 1993 - Den Boer and Bosselaers limited Pseudo collisions
• 1996 - Dobbertin a collision of the compression function of MD5
• 2004 - MD5CRK - launched in March
• 2004 - August - Xiaoyun Wang, Dengguo Feng, Xuejia Lai, and
Hongbo Yu announce full break
21. DES - Cautionary Tale
• 1975 - DES published
• 1991 - Biham and Shamir rediscover differential cryptanalysis
• 1992 - Biham and Shamir full rounds - differential cryptanalysis
faster than brute force 2^47
• 1994 - Matsui - Linear Cryptanalysis
• 1998 - EFF's DES cracker (Deep Crack) breaks a DES key in 56
hours.
22. Tools At Our Disposal
• Proof of Work
• Staking
• Curation & Prediction Markets
• Curve Bonding
• Radical Markets
• Non Fungible Tokens
• Dispute Resolution
23. Bonding Curves
• Bonding curves - a
mechanism that allows
the continual liquidity of
a token, with the price
changing depending on
how much ‘activity’ is
conducted.
24. Multi dimensional bonding surfaces
• Can tokens have multi dimensional existence ?
• Possibility of dimensional arbitrage
25. Thoughts
• Don’t reinvent the wheel when you don’t have to
• Hierarchy of strength of proofs exist
• Simulation is not Verification
• Verification has a broad spectrum
• Formal Verifications might be useful tool
• Acknowledge Existence of Side Channels
28. u Identity - General approach has been to support pseudonyms
u Privacy – Blockchain as a paradigm expects all data to be available
u Trust – Question of trust in a decentralised system
u Cryptography – choice of algorithms and parameters not necessarily considered
traditional. Also the question of QC resistance brought up by some vendors
key security challenges
29. Post Quantum Cryptography
u Shor’s algorithm
u Grover’s algorithm
u Current crop of QC resistant algorithms
u Challenges to Public key crypto and symmetric primitives
30. Post Quantum Cryptography (contd)
u Some attacks have been found on lattice based crypto systems, e.g. NTRU
u Newer variants have entered the fray, e.g. LWE
33. Homomorphic Encryption
u Homomorphic Encryption – the challenge of processing without knowing what
is being asked
Function
f
x
search
query Google search
Search results
x
f(x)
34. Homomorphic Encryption
u Homomorphic Encryption – Oct 2008 Craig Gentry came up with solution
Function
f
x
Enc(x)
Enc(f(x))
search
query Search results
Google search
36. Zero Knowledge Protocols - properties
Completeness
-If prover is telling the truth, then they will eventually convince the verifier.
Soundness
-Prover can only convince verifier if they're actually telling the truth.
Zero-knowledgeness
-Verifier doesn't learn anything else about prover's solution
According to Goldwasser,
Micali and Rackoff
37. Zero Knowledge and SNARK
SNARK – Succinct Non-interactive Argument of Knowledge
39. Privacy – Half Life of Data and permissions
As the volume of data grows exponentially,
organizations need to change their view of data
from a data centric model, to a user centric model.
Data is a moving object and at every point in time
there is new data being created and collected. That
data has a higher initial value that decreases over
time.