 Our first speaker today is one of our panelists, Christian. So thank you, Karla, for a very thorough introduction of him. He is from the University of Bern and he will be discussing protocols with asymmetric trust, Christian. Okay, this is about protocols with asymmetric trust. And of course we think about consensus protocols here, like the whole workshop through the two days. And so before we can talk about asymmetric trust, let's talk about this symmetric trust. This is probably what everybody here thinks about trust is. Or what we are using today, which is that we have a number of nodes and the nodes are just defined by the numbers. They're not uniquely distinguishable. They are indistinguishable. They have the same features with respect to failing in a protocol. So we trust only that a certain subset of them of a given size of node more than a given size is failing. And in the BFT, how we call this Byzantine consensus world, we need n-degree and 3F, but the most important case is actually the canonical case would be a strict majority n-degree and 2F. And what I'm gonna mostly talk about the Byzantine case here is also the way how we develop this. How large this threshold is, it can be n-degree and 3F, n-degree and 5F or something like this depends on various efforts, but we know a lot of protocols like this. Just to give you a little background here, I mean, it might be people have never seen this here. If you read and write to the storage location, this is like a heart of all those problems we are talking about here. There is this thing called a register that also occurs in consensus protocols implicitly where participants can write or like a single participant can write, but if the value is stored in a distributed, the value is stored on all n-nodes in the system and there's just one note or process here you can write and just one who can read, but there has to be certain consistency and lifeness conditions satisfied, namely that if something has been written, only that is read later. And so the typical protocol that you also know from Byzantine, with the Byzantine emulation of such a abstraction is that you add signatures, you let the processes sign what they are writing and there's only one writer, you keep logical timestamps because otherwise a faulty storage node can answer to you with an outdated value and the writer increments this timestamp continuously. So, and then there is this crucial property here that we need the Byzantine quorum of replicas to acknowledge this. Write operation, we also need the Byzantine quorum of replicas or nodes to acknowledge a read operation and then we are safe. And so we have here an algorithm, I only want to look at this part here, it will come up later and I only want to have you look at this part here because you've seen this in the textbooks. And so there are tons of protocols in this model and we call them consistent reliable broadcast and state machine replication blockchain protocols as well as long as they are permissioned in any form or even any related form. The important thing about this model here about what I call the threshold BFT model here is that all nodes are trusted equally and all nodes trust equally. So all nodes share the same trust assumption that their subjective, their thing, their trust, how they believe the others behave is not subjective and in reverse because trust is only by the number, this first assumption here holds, this first conclusion holds that the trust placed on them is equal. We can generalize this, this has been done a long time ago, namely that they take the view that every node is special. Yeah, why should one node here fail as often as the other node? Why should we trust this node more than the other node? And this is indeed the picture that I show you here on the right, where we could say of these six nodes, remember before there were seven, of these six nodes, there are two groups, the XYZ group and the PQR group on the lower half. This is the important systems here is what formalizes this idea, namely that we specify a so-called fail-prone system, Mark can write a bit that in 98 and from this we can enumerate here all the sets of nodes that may fail together and we as a complement get out the sets that we can use as quarrels. And then we trust those for decisions in the protocols. And formally we can define this mathematically in quorum system has then these properties, namely that is a consistency property and an availability property where every two quorums must overlap in at least one correct process because we now have this system or this collection of fail-prone sets and the intersection of any two so-called quorums must contain at least a subset that contains at least more than strictly more than something that could fail and availability and everything must find a quorum around. And I say that not much research has gone into this and we're already at the next step but this is also an interesting thing that an interesting concept that we've just started to look at also in our research on special crypto, this generalized BFT model where not all nodes are trusted the same but the nodes trust equally. Everybody shares the same trust system. So what are asymmetric quorums then? How do we define asymmetric trust? So let's proceed to this. This goes back to saying why should I believe that this node is more trustworthy than another node and that is basically giving the participants a very human feature, a very human or also something that people like to do and they need to trust in a way that they like. Because how can you debate about taste? Yeah, you can't. So yeah, do you like it or you don't like it? Some people like this and some people like others. But there are definitely factors that influence how people trust and that should also be used in a protocol settings where it's not people, but in order to build systems with trust, we need to express something of that in protocols as well. So let's give each participant in the network the ability to express its own trust assumption. Here's a subjective trust assumption. This node down here, P, it trust itself that it never fails. There are neighbors that it trusts more, namely the Q and R node. Oops, I jumped because they are close to it. And then there are the remote nodes up here X, Y and Z and it trusts them less. So it trusts them only in the form that any out two after out of these three might fail because they are far away and those that are far away usually don't trust them so well. And so we have another, this is actually a fail-prone system, default assumption of this node P and the idea behind the asymmetric trust is now that every node can express its own trust assumption like this. And if they all are compatible with each other in a certain way, then they have a Byzantine quantum system that is asymmetric. So every node would trust differently and nodes are trusted differently especially. This is not a new idea in blockchain systems because Ripple and Stellar have pioneered these ideas. Ripple certainly with their UNL idea with their unique node list where it's just a list of nodes that I happen to know and trust. It's definitely the case that Ripple intended to achieve some kind of PFD consensus. It's also become understood meanwhile that it doesn't in a certain ways. We've also looked into this just recently with some of my team here in Durham and Stellar is also a slightly different formalization of some related ideas, but it doesn't answer the challenge of how to take quantum systems into the asymmetric world. So here's an example of how this could look like in all of the worlds we've just shown. You'd have a specification that says there are at the top level like five nodes that have equal weight, but two of them, the ones more to the right here, they would be composed through different ways. And this is a very specific hierarchical decomposition. That's the one that's actually used in Stellar blockchain from their config file. But in general, we would be like, so we would like to be even more general in this side. We were coming now to the formalization of Byzantine quantum systems that we put out some two years ago, which is a fail-prone system for each participant. And then by an array of such fail-prone systems here, we can define a array of quantum systems. So each participant has its own specific quantum system. PI has its quantum system, PQI. And the consistency and availability conditions here I'm not gonna read them for you, but you should read them in the paper or at least here later. Say that whenever two of them interact and make the decisions, there is at least one correct guy behind the columns there. And with these, we can also generalize the corresponding existence conditions for the Byzantine columns. These are the so-called Q3 properties to the B3 property for which they'll tell us when such a quantum system exists. And then the example before if every participant has its own subjective trust assumption like this will actually give you a estimated quorum system if we just rotate this view circularly around the circle. But I wanna talk about the change, the protocols that this implies, namely the stuff colored in blue here is what we have in the normal protocol will simply turn into reformulations that you don't count messages, but you count whether you have enough of your friends telling you what is okay. For the register implication. Last but not least, so we can implement many different protocols with this method. We can implement consensus also randomized consensus. We have also a recent paper out. And last but not least, what I wanted to mention here is how do we compose such trust assumptions? This is a new field we've started to look into also suppose that we have two quorum systems, two groups with specific trust assumptions. How would they be able to merge or compose the trust assumptions automatically such that another quorum system results from this? And in a way, through an algorithm, we can do this for traditional generic and symmetric quorum systems and also for asymmetric presenting quorum systems. The references again here on the slide and also on our website because I think my time is almost up. So I wanted to give you the summary of the asymmetric trust model, which is now all nodes are trusted differently. And this is because all nodes trust differently. The underlying reason is that you cannot argue about taste. That's the translation of this ancient saying here because it trusts taste is inherently subjective and so is not trust. So thank you for the attention and I'm looking forward to the questions in the discussion section.