UX matters because users matter
@NoshDelivery
piggybacks on existing networks to completely solve the bootstrap problem and get users actually using the product immediately
Learn from Nosh
I’m looking forward to asking Uniswap and Optimism founders questions for their thoughts on ecosystem and protocol design today. Thanks
@a16zcrypto
for setting this up.
New post w
@p3shoemaker
Crypto’s AirTag Moment: Unlocking Mass Adoption with Web Proofs
How zkTLS will revolutionize airdrops, incentives, and marketplaces
When I started Opacity I had a list of use cases I thought would be built.
Out of that list, I was only able to predict one use case.
Everything else was stuff I would’ve never seen, because they’re markets I don’t interact with.
New post w
@p3shoemaker
Crypto’s AirTag Moment: Unlocking Mass Adoption with Web Proofs
How zkTLS will revolutionize airdrops, incentives, and marketplaces
@0xSachinK
@reclaimprotocol
@zkp2p
I know I’ve been going back and forth with the reclaim guys on Twitter.
In private convos I’ve always said reclaim is the strongest team product wise in zkTLS. Which I respect more than technical chops, it’s what’s missing in most zk projects today imo.
🫡
@viv_boop
My story for how I got obsessed with zkTLS is I realized a lack of verifiable data is what limits zk/crypto use cases.
I didn’t start with zkTLS, I worked in the industry
@Obstropolos
helped start of verifiable credentials. Signed data.
@mike_perhats
started Nosh by getting restaurant owners in Boulder together and explaining how DoorDash was taking advantage of them in fees.
iirc the initial investment came from restaurants.
So yeah cnode, maybe we should get off of VSCode and talk to people 😉
zkTLS is popping off.
I came up with our proposal to solve for collusion because I met Sina and he wouldn’t stop going off on verifiable data structures.
That’s where the verifiable log originates
🫡
@Rahul__Ghangas
@sreeramkannan
@OpacityNetwork
Two pieces you need:
1. oracle in the certs & their validity windows, which can be done via linking signatures to the root cert
2. confidence in the existence of a signature in such a validity window, which can be done by leveraging something like
@WitnessCo_
for timestamping
An observation from seeing zkTLS get adoption.
The use cases that grow the fastest are ones where there is an existing market that’s intermediated.
Where it’s more efficient to go through the user than through some company.
Keep watch 👀
@degentellect
@KamesGeraghty
@eigenlayer
Because the best security you can get for zkTLS is economic security.
Impossible to do it purely cryptographically.
This is due to the nature of SSL/TLS
@_weidai
The main issue is how to solve for the collusion issue.
Besides ours I’ve yet to hear a proposal to bring these proofs onchain with a TEE assumption
Hey Dan,
@mike_perhats
and I have been trying to explain to
@CarlKVogel
that there’s been a fundamental change in technology that makes it so moats are now moot
New post w
@p3shoemaker
Crypto’s AirTag Moment: Unlocking Mass Adoption with Web Proofs
How zkTLS will revolutionize airdrops, incentives, and marketplaces
I’ve never met a founder so obsessed and thoughtful about depin protocol design, worth checking out how Nosh will disrupt intermediated food delivery markets
@fede_intern
@alignedlayer
We have someone in the
@OpacityNetwork
ecosystem building a consumer DeFi protocol using zkTLS.
There's an existing market for it today. Since on-chain txs are cheaper than web2 ones, using crypto actually lets you print free money in this market because the savings compound.
@viv_boop
@Obstropolos
There are many reasons for this. What’s enough is there is no incentive for APIs to sign data, in many cases it’s against their incentives.
Is zkTLS the technically perfect solution for verifiable data? No
Is it the best option given the constraints of the world we live in? Yes
@eddylazzarin
gave a good talk where he makes the analogy of crypto being a healthy rainforest vs monocropping based on optimizing a few variables.
Bad marketing take, but I think zkTLS will play the role of a fungus in the natural world.
Recycling organic matter back into the
@rsarrow
The hardest thing to see in life is the thing that isn’t there, but if it was there it would make life easier.
The missing piece for internet is the property of verifiability. If we endowed information with this property we could easily merge web2 and web3.
@badcryptobitch
@socrates1024
It’s not just a rebranding of those.
MPC-TLS by itself has a collusion issue so you can’t just bring those proofs on-chain.
We have other pieces in the protocol that resolve that issue. Too bring it all together in a clean package definitely requires zk
@teemupai
@cooper_kunz
I’ve been obsessed with this for years, and I was under the impression this problem was impossible to get around until a random insight while working on the farcaster identity contracts.
Full story here
@gmEthereum
@OpacityNetwork
So hands down, EigenLayer is the perfect solution for us to access a lot of security, and the simple design lets us ship more quickly.
For legal risk mitigation.
If an api signs responses, then it’s easier to prove in court they showed something.
So the non-repudiation of https is a useful feature for most companies.
There’s also no incentive for them to do it
@viv_boop
@Obstropolos
What I realized is signed data assumes cooperation from the people who have the data you want signed.
Your guide shows how to make software changes to get signed api responses.
This is not a new idea, and yet there’s little signed data in the world.
@sreeramkannan
@Rahul__Ghangas
@OpacityNetwork
So we don’t need to track individual server certs, as they inherit security from a longer lasting cert.
As you move up the tree there’s less keys and fewer rotations.
1/ thrilled to announce my O-1 visa approval at 16! 🇺🇸🎉
and this milestone coincides with my one-year anniversary at Eigen Labs ✌️
story time and appreciation post 🧵
@CatfishFishy
@cooper_kunz
Chainlink bought deco from a team at Cornell, but I commend the foresight to do so.
But:
1. The construction of garbled circuits is much slower than needs to be.
2. No solution for the main security issue of collusion, I’m guessing they wanted to keep it centralized.
…
@sreeramkannan
@KyleSamani
Having sovereignty over your data also means it can’t be copyrighted against you.
Which is important since copyrighted material is a caveat in the exemption of this law.
You should be able to get your tweets and take them somewhere else 😉
@teemupai
@cooper_kunz
Https by itself is a weak form of verifiability.
If you’re apart of the connection, then you know the response is legit. If you show it someone else, all bets are off.
The client knows the server write key, so they arbitrarily forge those proofs
@dwr
@wojtekwtf
Most users are onboarded through warp. The wallet is stored in WC. Unless they’re willing to copy the seed, if wc is down you can’t sign up for Supercast.
I’m pretty sure he’s using Neynar otherwise.
we desperately need a new onchain account primitive that aggregates multiple addresses, and can act as a global SIWE
for better reputation scores, data aggregation, better sign ins, etc...
we might try something, since bundles are among our most popular features - but there's
@_weidai
@0xFunk
has done a lot of thinking around this idea.
I've been wanting a make a prediction market on someone's Tinder performance, using an LLM over their convo history to determine how many dates.
@CatfishFishy
@cooper_kunz
You’re misunderstanding.
The collusion problem in MPC-TLS is when the 2 parties acting as the client can work together to forge proofs arbitrarily. Inherent in how SSL/TLS works.
If you don’t know how this stuff works, then it’s not worth arguing about it
Gn
If you think signed API responses is a better path than zkTLS, then CT is the wrong place to say that.
Go talk to these big tech companies and convince them, I’ll wait
@viv_boop
My story for how I got obsessed with zkTLS is I realized a lack of verifiable data is what limits zk/crypto use cases.
I didn’t start with zkTLS, I worked in the industry
@Obstropolos
helped start of verifiable credentials. Signed data.
Identity is a core primitive with a legitimate reason to be put onchain.
The reason it’s not common is because it’s important in consumer applications. Which there are not a lot of.
Opacity: A trust minimized bridge between web2 and web3.
Hear about zkTLS, and how it’s being utilized to build new markets for crypto✨
by
@Euler__Lagrange
of
@OpacityNetwork
@sreeramkannan
@Rahul__Ghangas
@OpacityNetwork
Base certs I think are monthly, but we don’t have to track those since that cert will be signed by a intermediate certificate (a few years), and ultimately rolls up to the root certificate which lasts for decades.
The collusion problem of MPC-TLS is something if you think deeply about you’ll come away thinking it’s impossible to get around.
The solution is really a subtle shift in perspective vs cryptographic wizardry.
@Euler__Lagrange
@alexhooketh
@noah_pravecek
Was not disappointed, good video.
I was at the same stage as you explained in the video, thinking collusion was not possible to solve.
Still I find zktls misleading, but your explanation of MPC-tls and the edge cases was solid.
@CatfishFishy
@cooper_kunz
If you do zkTLS proofs by committee, nodes that disagree with quorum get slashed, then you can slash honest nodes.
Committee is 10 nodes and I want to prove bank balance.
First 2: $100
debit card tx
Next 6: $95
debit card tx
Last 2: $90
First and last 2 get slashed
@Euler__Lagrange
@cooper_kunz
1. I don't know the performance of it, but I am sure they've made significant improvements to it over the years.
2. Are you referring to any specific collusion that's any different than general collusion risk of oracle networks? Because if not, see my
@_weidai
@Clique2046
@kvny2046
@reclaimprotocol
@madhavanmalolan
You can’t secure the proxy architecture.
For one, at scale you need to source residential proxies to avoid blocks.
The witness proxy has a http connection to the target server. So anyone in between the witness and target server can swap the traffic
You can fake proofs even if
@CatfishFishy
@cooper_kunz
The value add for zkTLS is you can source private user data and not just public price feeds.
To keep it privacy preserving, the client must be involved in making a request to hide auth tokens.
To do what you’re saying you’d run multiple MPC session simultaneously on consumer hw
@sandmanarc
@gmEthereum
@OpacityNetwork
I go over our protocol here.
One part of our solution to the collusion issue is random selection of node, and so liveness is important.
You have to commit to what you’re proving before the node is selected as well.
@cooper_kunz
@teemupai
Btw,
That gaming use case I didn’t think of, so it’s novel to me.
I’m moreso talking about the technical side of how to build it.
@gmEthereum
At
@OpacityNetwork
, I just want people to generate proofs on https APIs and bring them onchain.
I turns out zkTLS is impossible to do purely cryptographically.
The best you can do is economic security. Shared security is going to be cheaper than native.
@0xMasonH
1/ Where it gets even more interesting is with zkTLS we can do an app token without the cooperation of the company/api.
For example, Zyn has a rewards program where you scan a QR code to collect points you can use on their store.
One can convert that into an ERC20.
@DCbuild3r
@dabit3
@devloper_xyz
@kvny2046
I’ve been obsessed with this for years and didn’t start a company on this before because I thought it was impossible to solve.
I randomly found a solution right before the first Ethaly.
@fede_intern
People get stuck up on the cryptoeconomic tradeoff. I’m not a researcher, but I should’ve spelled out that you can have infrastructure that validates tables in zk instead of an MMR.
What’s interesting is validating the table can use recent Sum check and GKR techniques for speed
We hosted a fantastic X Space with
@VersatusLabs
and
@OpacityNetwork
about the stack for a decentralized future. 📢
The conversation was engaging, insightful, and definitely worth a listen!
2/
@lesgreys
@antoniogm
Would require integration with Spotify on the royalty side.
Spotify has an open api, so integrating zktls into a music fc client and proving listen history would be easy (until they think it’s adversarial, even then we have our ways).