 Hi everyone, my name is Valera Nikolayenko from Calibra Facebook And I decided to give you glimpse into what kind of research problems we are looking at because that's quite a nice Crypto group is forming up there. So I decided to Very briefly describe you one of the projects you're working on It's the project called winco. It protects blockchains from forks of history and this is joint work with a PhD candidate Sarah Zovey She's also an internet Calibra and George Danezes Sorry So we are mainly concerned with proof of stake blockchains And this is the chain of blocks that originates from tangences block And if we zoom into one of the blocks, we can see that there is a parent hash that chains the block with the previous one There's an ordered list of transactions and there is a signature by validators that Validates this block that makes this block valid So the validators are the ones who run consensus protocol between each other And they're trying to consent to the next block and if they agree on the next block They supply joint signature on the block and this makes the block valid and usually in place There are some incentive mechanisms to keep validators honest during the consensus protocol So in particular sometimes they lock the money to become validators And if they behave honestly they get their money back plus some reward if they misbehave or deviate from the protocol They don't get their money back So they have strong incentives to stay honest during the execution But the problem is once they got their money back, they have no more incentives to keep their old keys secure And so in this project we're asking ourselves the questions. What if I just lose their old keys? What can happen what basically this is also known as nothing at stake attack in the blockchain community and The devastating thing will happen basically the adversary who got old keys of the validators will be able to create a fork of the of the history of the blockchain and proof of Steak blockchains are particularly susceptible to this kind of attacks as they don't deploy some proof of work or some delay functions Basically for King comes for free Because you can very quickly produce as many signatures as you want on the adversarial chain and create a very long fork And also the poor user has now we have no way of differentiating between a true chain and the adversarial chain so what do we do and Basically what the adversary can do with his fork he can censor the network He can replay transactions that he like and he can drop transactions that he doesn't like so the solution comes from kind of a Bird eye view of the problem. So all blockchain users. They're typically a very large set They're like a lot of a million or a billion a lot of them But the very later set is very small of the order of a hundred or a thousand and reason for that is because consensus is Very expensive. They need in particular like pairwise channels between each other. So when you start growing divided a set Over a thousand this becomes challenging consensus becomes slow New blocks appear infrequently. So you don't want that you want the set to be small But the problem now is for the attacker It makes it easier for him to attack some substantial set of validators versus some substantial set of users Which makes this blockchain kind of vulnerable? And so here's an idea why don't we put power in the hands of the users and why don't we allow the users to also vote on the chain? So we propose augmenting transactions with basically the block So the transaction will be the sender receive a mount at the block because typically users have some Idea of what the tip of the blockchain is or they have some trusted party that would that they trust that will tell Them what's the tip of the chain? So we keep track of this votes and once we collect a third of votes waited by the amounts under their accounts We consider the block checkpointed and then Basically, we are proving a theorem that an adversary cannot checkpoint in you block in the fork And that gives a way for the to differentiate between the true chain and the serial chain because the true chain will have more recent checkpoints now what makes this theorem challenging is that the state Changes hands and so the voting power kind of shifts around So basically what we are doing is we are writing to proof of stake Proposing of running to proof of stake algorithms on top of each other proof of stake by users on top of proof of stake by validators Interesting point also about the kind of assumptions here. So Typically Byzantine for torrent Protocols there is a gap between the number of people who need to vote in the number of Byzantine notes that we can tolerate this one-third gap But here basically we're kind of an asynchronous setting because we can wait forever For the users to checkpoint your blocks So these assumptions can be relaxed and so if there is a type or it can be bring to like one half and one half plus Epsilon if we believe only epsilon Fraction of users can be eclipsed from the network. So this High-level idea can benefit not just blockchains that I described but potentially other blockchain projects as well It's also independent of the type of consensus algorithm that you run Both circular consensus guarantees liveness and it guarantees short-term security while this kind of protocol empowers users to Participate in the government long term governing of the blockchain. Thank you