Encryption Geek Discussion and Web3 Winter Guide Sharing

Author: YBB Capital Researcher Ac-Core

We are very honored to invite many heavyweight guests to this seminar—senior technical experts and founders who are committed to solving the immediate needs of the industry, and had a face-to-face communication with us. The guests discussed how to ensure the safety of funds and prevent hacker attacks; where can developers obtain cloud-based API services; how to find efficient and reliable RPC services that meet their own needs; and scalable cross-chain interaction based on MPC, ZKP and TEE A series of issues such as what is the operating agreement were shared.

Preface

On July 5th, there was a tepid crypto market hidden in the drizzle. After the rain, the YBB ChainXplore: Geek Symposium 01 event came to a successful conclusion. We are very honored to invite many heavyweight guests to this seminar—senior technical experts and founders who are committed to solving the immediate needs of the industry, and had a face-to-face communication with us.

At the event, the guests discussed how to ensure the security of funds and prevent hacker attacks; where can developers obtain cloud-based API services; how to find efficient and reliable RPC services that meet their own needs; and scalable A series of issues such as what is the cross-chain interoperability protocol were shared. Next, let us experience the sparks that geeks from different research directions have collided with.

Different perspectives on crypto winter

2022 is a bear market that has been silent for a long time. With the end of the epidemic in 2023, we thought that the market environment would improve, but the US dollar has not stopped raising interest rates, and recently the SEC has shown a stricter regulatory attitude towards encrypted transactions. A year full of expectations has become uncertain again. As veterans in the industry, we have experienced several bulls and bears in the industry, so what do you think of the future development of the industry? And each of us stands in our own field, how should we survive this “cold winter”? At the beginning of the event, the host, YBB Capital co-founder John, invited the guests to share how they survived the winter. The following are the key points of the guests.

YBB Capital Lianchuang Hugh: In the last bull market cycle from the end of 2020 to the end of 22, we can see that there is a positive correlation between market capital and technological development, and the intervention of capital drives new The development of the narrative, such as the entry of large funds such as Grayscale in the last round, brought more room for growth in the bull market. Later, with the tightening of macro policies, the market was withdrawn from part of the liquidity. Changes, like gears, have certain periodicity in them. More about Crypto still needs to pay attention to the development and breakthrough of technology, so as to drive the entry of large funds. Judging from the last EDCON meeting in Montenegro, everyone paid more attention to the breakthrough of ZK technology and the combination of AI and blockchain. On the topic of AI, everyone is generally a capitulator, thinking that AI will rule the world and maintain A pessimistic attitude, but the overall feeling is still very interesting, and various ideas collide with each other. In general, we are also looking for a new round of narratives, which will drive the development of a new round of bull market.

Joshua, investment manager of Kernel Ventures: After Hong Kong released the compliance policy in April this year, because of the liquidity factor, more needs to move closer to compliance. Liquidity is also a very optimistic factor in the management level of exchanges. , generally speaking, the liquidity and popularity of the project itself are quite important. From the perspective of VC-level investment, although we do not sell frequently now, we are also looking for projects that we can cooperate with, including providing product suggestions for project parties, liquidity of product-level assets, and key resource docking, which can provide support for projects. Providing some value support is also what we can do for the industry at present.

Chainbase Data Engineer Liquid: Personally speaking, how to survive this bear market? My suggestion is not to use leverage. When raising funds, the project party must first think about how to cross the bull and bear markets and prepare for the bear market . It is necessary to improve the operational capabilities in terms of cost control and customer acquisition, and try to ensure that the project can last long enough in the bear market. Regarding the big market situation, looking back at the previous bull-bear cycles, it is not difficult to find that they are all driven by mainstream currencies, but the current volume of Bitcoin and Ethereum is not small, and the next round of bull market must have several contracts. Regulatory factors, such as BlackRock’s ETH application and the US dollar’s interest rate hike expectations, clearly have a turning point before funds will turn to the currency circle.

Rooch Network Lianchuang Haichao Zhu: At present, the primary market is still in a cooling-off period. It can be felt that the current market tends to be impetuous, and a strange phenomenon has also appeared. A project may not have its outstanding innovation points, but as long as ZK, Layer2, EVM, GameFi and other attributes are added, and the user volume of at least 10W or more, it is easy to win the favor of VC. But we will insist on building infrastructure for the industry and contribute to the industry in the way we are good at.

YBB Capital Lianchuang Hugh: We can now also feel that there is a polarized situation in the current market. It is difficult to invest in good projects if VCs are overwhelmed. No matter how low the VC is, I dare not vote. At present, most of the investments are taken away by market sentiment, but judging from the investment results of large institutions such as A16z, most projects are broken. But we still need to look at the current market more optimistically, and continue to look for new technological breakthroughs with passion.

Zhengxue Dai, Director of Chainbase Development Relations: My perspective may be a little different from yours. I think the cold winter has not yet come, and now we are facing a global recession and a structural decrease in the domestic population. Investment in the secondary market, because the market lacks consumption motivation, and there is not enough money in the primary market. In addition, we can also see that the number of developers is still increasing. I joked that I might want to leave this industry one day, and maybe the cold winter of the industry is really coming to an end. We will pay attention to the number of developers on the entire chain and the number of contract deployments. Judging from the existing number, it has been greatly reduced compared with last year. Now most public chains want to accumulate a group of developers. Although Layer 2 currently has a very large TVL, most of them are users who have not contributed to the ecology, so I would like to ask everyone where do you think the current developers are.

BlockSec Lianchuang YaJin Zhou: Where are the developers of Web3? We have also been thinking about this issue, because our service targets are mainly project parties. This is actually a chicken-and-egg problem. The projects made by developers are essentially for users. Only users have needs, and there are needs for projects, and projects have developers. It is unrealistic for a large number of users to flood into Web3 until there are no particularly good Web3 application scenarios. So the question comes back to how to let more users in. It is necessary to think about which needs of users are solved by Web3, and what kind of applications can bring users in under the background of the bear market. I am quite optimistic about this issue. With the help of the current market situation, some bad projects will be eliminated. Let us all be in a stage of accumulation and development, and only after precipitation can we have better products.

Source: live shooting

Dark Forest and Light Knight

According to the latest statistics from Hacked.slowmist, from January 2012 to July 14, 2023, the total amount of losses caused by hacking in the blockchain field has exceeded 30 billion US dollars, and the total number of hacking incidents is 1108 !

No matter what kind of status we are in Web3, it is difficult for us to escape the constraints of the law of the dark jungle. Compared with Web2, the decentralized Web3 network loses part of its security to a certain extent. Similar to the scalability logic provided by Ethereum Layer 2, Web3 also needs Bright Knights to expand the security of the network.

Data source: SlowMist official website

Security guards for users and project parties

The current industry has the biggest pain point - security. Among the many types of asset theft, user wallets, project parties, and cross-chain bridges are the three types most vulnerable to hacker attacks. In order to reduce the occurrence of attacks, YBB Capital invited the contract security audit project - BlockSec and the decentralized signature cross-chain bridge solution - Bool Network to share their solutions in the security field with the guests at the event site.

Source: BlockSec Official

BlockSec is a blockchain security service team. As a security solution for blockchain developers, BlockSec can provide project life cycle security from pre-contract deployment (eg code audit) to post-contract deployment (eg monitoring blocking) Serve. BlockSec’s security monitoring and attack blocking technology has been widely recognized by the community, and has reached cooperation with many mainstream project parties, including the cooperation with Compound not long ago to develop an attack monitoring system for the Compound V3 contract. BlockSec has been committed to providing security infrastructure for the community, and has successively launched a series of security products and tools, including Phalcon, a blockchain development testing and monitoring blocking suite developed for project parties, MetaDock, a security toolbox for Web3 users, and cross-chain Money flow tracking platform MetaSleuth.

Additions to improve security other than code auditing

Development testing and monitoring blocking suite for project parties: Phalcon (Phalcon.xyz)

Phalcon is a security development, testing and monitoring blocking suite developed by BlockSec for Crypto project parties. BlockSec believes that code auditing alone cannot solve Web3 security issues. On the one hand, high-quality auditing services are scarce and cannot meet the needs of so many project parties. face new risks. Therefore, after a series of practical exercises and product exploration, Phalcon was born, aiming to bring a new security paradigm to Web3.

Phalcon consists of three core modules:

1. Phalcon Explorer: It is a powerful blockchain transaction browser that provides transaction analysis, simulation execution, Debug and other functions;

2. Phalcon Fork: It is a security testing platform that can be deployed in a private environment that is consistent with the state of the main network. It has a built-in security tool suite to help project parties conduct security screening, and supports team collaboration and project public testing;

3. Phalcon Block: It is an active threat defense system that provides the exclusive ability to monitor, alert, and block (pause or run away) hacker attacks. It is reported that BlockSec has successfully intercepted attacks and recovered more than 14 million US dollars of funds. It is the industry’s leading The only security company with successful actual combat cases in the field of active defense.

Source: Phalcon official website

Security Toolbox MetaDock for Web3 Users (blocksec.com/metadock)

MetaDock is a completely free, open-source, and unlimited browser plug-in that provides extended functions for blockchain browsers such as Etherscan. Through innovative product design, it seamlessly integrates the function shortcuts of more than 10 practical products, and becomes an important feature for every user. A productivity tool for security researchers, data analysts and Crypto users. This product can help users quickly understand the connotation of transactions through the built-in GPT function, view the flow of funds in addresses with one click, understand the risks of NFT collectibles, and provide clearer labels and ratings for contract addresses, etc. At present, it has received five-star praise and featured recommendations from Google Chrome and Firefox.

Source: MetaDock official website

Cross-chain fund flow tracking platform: MetaSleuth (metasleuth.io)

MetaSleuth is a visual analysis platform for cross-chain encrypted assets. Enter the wallet address to be queried and you can visually query the asset transfer status on the chain related to the address. It is also a very frequent use by “on-chain detectives” at present. A tool that can monitor the direction of funds on the chain in an all-round way. Currently, ten chains have been integrated.

Source: MetaSleuth official

A new solution to deal with another hard-hit area of hacking attacks - cross-chain

Bool Network is a permissionless, completely trustless and highly scalable decentralized signature network based on multi-party computation (MPC), zero-knowledge proof (ZKP) and trusted execution environment (TEE). The network can serve the whole chain interoperability protocol. It proposes a decentralized signature scheme to facilitate arbitrary message transmission and digital asset transfer across heterogeneous networks.

Technology Architecture

Source: Bool Network Official

The core part of the cross-chain is the relayer, but currently a safe and decentralized relayer has not been realized, so most of the hacking incidents in the current network are cross-chain bridge attacks. Because most cross-chain relayers are controlled in a centralized mode, the root cause is the incorrect management and disclosure of private keys. For example, we are familiar with the traditional solutions of multi-signature or MPC. Unfortunately, they are still controlled by some centralized entities and cannot fundamentally solve security problems. The Bool Network adopts a solution to maintain a decentralized signature network to ensure that the private key management is not controlled by any third party, so as to solve such problems.

For this reason, Bool Network gave birth to the important concept of “dynamic hidden committee”. Each committee actually manages the private key on a specific blockchain to complete any form of cross-chain transactions and information transfer. And proposed its original Ring Verifiable Random Function (Ring VRF) election algorithm to ensure the privacy of committee members. It is worth noting that all committee procedures are run in the TEE to guarantee the confidentiality and integrity of the relevant components.

Source: Bool Network Official

• MPC: Allows data holders to realize data collaborative calculation and result output without mutual trust. Different from multi-signature, MPC (multi-party computing) has higher privacy, stronger security, better flexibility and wide applicability.
• ZKP: It provides a unique and secure verification method based on the ring verifiable random function (Ring VRF) to hide the real public key of the VRF in a ring structure, so that the certifier can use non-interactive ZKP technology in different places. On the premise of disclosing private information, the ownership of a public key corresponding to the private key is shown to the verifier.
• TEE: An area in the CPU of a mobile device that guarantees computational privacy and security. Existing as an isolated environment in the Bool Network network, TEE can not only store sensitive data, but also provide verifiability. , the verifier can verify that the core code and business logic running in the TEE must not have been modified to ensure security.

Source: Bool Network Official

In the initialization phase of the “committee”, we assume that 21 nodes are randomly selected from 10,000 TEE nodes. First of all, the private key controlled by the “committee” is divided into 21 parts through the DKG algorithm, and then the private key fragments are encrypted and stored by trusted hardware, so that even malicious nodes cannot obtain the real private key fragments, killing evil from the root idea. In this process, the Ring VRF protocol is used to hide the true identities of these committee members, preventing internal collusion and increasing the cost of external attacks. Because external hackers need to find 21 selected hidden committee members from a total of 10,000 nodes.

Source: Bool Network Official

Finally, through secure multi-party computing technology, data signature requirements are realized based on private key fragments. Secure multi-party computing has obvious characteristics, even if some nodes are abnormally offline, the signature can be completed. In addition, Bool also defines a fixed period of time, called “epoch”. For a set of selected nodes, they can only mutually control a committee within an epoch. After an epoch, their management of a committee is handed over to a new group of nodes. And this process is still facilitated by the Ring VRF algorithm to increase the security of private keys managed by the committee.

Bool Network is a secure underlying infrastructure for private key management

Bool Network is the infrastructure of the industry, and it is a service proposed to maintain the security of cross-chain communication, such as managing the private key of the terminal in the DeFi bridge application built on Bool Network. Additionally, Bool Network is scalable to provide off-chain committee consensus, such as oracle services operating in a more decentralized model.

Source: Bool Network Official

To sum up, the difference between Bool Network and other cross-chain protocols is that it uses Ring VRF to realize the dynamic privacy committee to manage private keys, and it is fully composable to realize arbitrary information transfer between heterogeneous blockchains. It is worth mentioning that the academic research of Bool Network has been accepted by IEEE Transactions on Information Forensics and Security (TIFS) journal. The team plans to support more blockchain networks in the future.

Now the product has been applied to Bitcoin, EVM, Solana, Sui, Filecoin and other networks. The team also plans to provide security solutions for wallets and asset management platforms. In the fourth quarter of 2023, it is expected that there will be more than 1,000 nodes running in the Bool Network. The more nodes supported, the stronger the security and decentralization of the network.

Accelerate the RPC service that improves developer efficiency

Technically speaking, a blockchain node is a high-performance computer or server, which is a computer connected to the other party’s decentralized network and is responsible for storing and updating blockchain data. In layman’s terms, the blockchain protocol is like Ethereum’s EVM and Bitcoin’s Bitcoin protocol. When you run the EVM on a computer, you are a node, but there are many types of nodes.

RPC (Remote Procedure Calls) refers to a protocol of Remote Procedure Call (RPC). The RPC service is to run the blockchain node client on the server, and provide http or websocket interface through DNS domain name resolution.

Source: BlockPI official website

Technology Architecture:

BlockPI Network is a blockchain infrastructure project. Its technical architecture is mainly composed of five parts, namely BlockPI Hub, HyperNode, Gateway, FisherMan, and Validator. The five relationships complement each other and together constitute a complete network of BlockPI Network.

1）BlockPI Hub

BlockPI Hub is a collection of user management system, node rating, authenticator system and account system. In addition, user registration information, account information and KYC information are all stored here. Not only that, but it has also been testing the nodes in the network, which are a reference data source for the BlockPI load balancer. The income and expenditure of the entire network, as well as the distribution of rewards to the characters in the system are all done in the Hub, which accounts for a relatively large part of the entire system.

2）Gateway

The Gateway is responsible for collecting and classifying user requests, and the BlockPI load balancer routes them to the appropriate HyperNode. The load balancer in the Gateway will evaluate the health status of the back-end HyperNode node in real time, and distribute the workload so that the entire network is in an optimal service state.

3）HyperNode

HyperNode is the terminal node that processes RPC requests and sends responses to users through Gateway. A HyperNode typically runs alongside a full node (RPC request target) of the target blockchain. During the testnet stage, the official opened up third-party operators to join HyperNode and run nodes, which verified the decentralized architecture. Twenty-four blockchain networks are now supported.

4）Validator

Validator is an independent blockchain node that acts as a “police” to monitor the entire network. Through a verifiable random algorithm, Validator verifies the workload data from HyperNode and Gateway and writes the result into the block. Through the consensus protocol, the data will also be verified and recorded by other Validators, which will play the role of mutual recording and verification.

5）FisherMan

FisherMan is another role responsible for network security, as well as a special role like Validtor. It pretends to be Gateway and User, sends RPC requests to HyperNodes and Gateways, compares the results, and reports the problematic comparison results.

Image source: BlockPI official

Winter and Outlook

Since its inception, the blockchain industry has been attracting every new member with its unique charm. So far, no matter how we participate in it, we will eventually continue to forge ahead with a state of faith. Although the industry is still in the early stage of development and there are many imperfect technical vacancies, we firmly believe that if the Internet changes the world again in the future, blockchain technology will surely emerge first.

Whether we are currently in the cold winter or midsummer, the development of the industry is inseparable from the construction and innovation of every developer. YBB Capital always adheres to the value investment logic with technology development as the core, and continues to provide financing assistance for excellent projects. We believe that the development of the blockchain needs to rely on the continuous breakthrough of its own technology to create a larger and more complete market environment. Finally, we are very honored to be able to “add bricks and tiles” to the blockchain business together with all outstanding developers and builders , Relying on technological innovation to solve market demand problems. Whether we are developers or investors, we are pioneers who are at the forefront of the times. Finally, I sincerely thank all the guests present.

Source: YBB Capital