 Okay, so online poker has been a huge trend in the internet since the 2000s with the advent of online casinos. An online casino helps bring people who want to play card games together so that they can gamble and make profits digitally without having to actually interact face to face. This has created a huge market over the last 15 or 20 years and which is a market that continues to grow. The problem with the approach of having online casinos is that the players have to trust this digital entity that is placed somewhere in the internet blindly. They don't know who that casino is, they don't know who's operating it, they don't know if they're trying to cheat on them or anything like that. The only guarantees they have are by regulatory agencies that can go and ask the casino for data and such things, but what we would like to achieve in an ideal world is online gambling in such a way that people don't have to trust each other or trust a third party like an online casino and such. How do you achieve that? That's been a topic of active research in the community of cryptography for the past 30 or 40 years and it started back in the 1980s with a line of work started by Shamir, Rivest and Adelman, the same inventors of the RSA public key encryption algorithm. This line of work has been expanded and improved on for the past years up to a point where we have protocols that allow you to play poker among untrusted players in such a way that the players are guaranteed that they can cheat each other and in the end of the protocol they are well guaranteed that somebody has won or lost and that their strategies have not leaked to other players. It still leaves open one very big question. Even if you can play poker securely without leaking any strategy and guaranteeing that people won as what I would call a proof of winning, how can you guarantee that people get paid? There's no guarantee in these classical protocols that the winner is actually going to receive its bounty. There's no way to show that to make somebody pay another person if the protocol outputs that the other person won. So you have to solve first of all this problem of ensuring that the winners get their rewards, that they get the money that they should get out of this bet. Now there's still another problem. In these old protocols at any point some of the users can just abort causing the whole protocol to get stuck in execution, meaning the protocol can never terminate, meaning that you never learn who actually won the game. So you have a very bad thing set face aborts. When an abort happens all you can do is basically restart the game even though you were winning. So what you can easily do is notice you have a bad hand, notice that you're not having a good winning strategy and just abort the whole protocol so that you don't lose money, which is very bad. So even if you can solve the problems of playing secure poker online and ending up with a proof that people actually won without leaking strategies and so on, you still have this really big problem of aborts and moreover the problem of rewards distribution. And this is the main problems that we wish to solve in a modern online poker protocol or as it's called in the literature a mental poker protocol where you don't have to actually interact in person with anyone. So what do we do in Kaleidoscope? First of all in all this line of work from the 1980s to the 2010s nobody has ever introduced a formal definition of what it means to have a secure poker protocol of what a secure poker protocol should do for you in terms of keeping your strategies private or keeping your cards private and all things that should be kept private apart from ensuring that the protocols run correctly. All these properties of such protocols have been loosely defined as in a very formal way of saying that the protocols should have these or that property but nobody ever came up with a full formal definition. So first of all for the Kaleidoscope protocol we come up with the first formal security definition for poker protocols. Departing from this formal security definition then we build a protocol that is provably secure meaning that our protocol does address all the concerns in the formal security definition. Now what is interesting about our protocol what do we have that hasn't been done before? Well we build on known research results on running cryptographic protocols in such a way that people get paid by the output of the cryptographic protocol. This is research that was started in 2014 by Andrei Choviks and others in a paper published in the IEEE Security and Privacy Conference and it's actually a very powerful tool that allows you to have a cryptographic protocol mandate how people are going to get paid from a pool of money that has been formed before the protocol is executed. So we have rewards that are guaranteed. Our winners are sure to receive the money they are bound to win. Moreover we have to deal with the problem of aborts. How do you make somebody keep running a protocol? Well you don't control these other players so you cannot be sure that they're going to keep running the protocol. So what they propose in this first paper by Andrei Choviks and others is that you should have a mechanism where people who try to cheat, who try to abort or to send invalid protocol messages get punished. So we get penalty enforcement meaning that anybody who aborts the execution or who tries to cheat in the protocol in some way will lose money that they deposited before the protocol starts running and on top of it all we actually get very good efficiency. Well instead of using a general multi-party computation protocol that would compute any circuit or any program we actually write a protocol that works specifically for poker and does achieve much higher efficiency than this more complex protocols that can be used for solving any other problem. Our protocols are tailor made for the game of poker together with some mechanisms that make it more efficient to provide the reward guarantees and the penalty enforcement along with of course provable security according to the formal security definition that we have introduced. So let's look a little bit into how we achieve each of these characteristics for kaleidoscope. So let's first have a look at the formal security definition. We have a full-blown simulation based definition which is the facto standard in providing meaningful security definitions for cryptographic protocols. So we have a simulation based definition that captures the whole game of poker instead of basically showing that individual card operations are secured by themselves. We capture the whole flow of a game of poker and we then prove that our protocol does fulfill the simulation based definition. Now how do we provide reward guarantees and penalty enforcement? In order to do that we rely on cryptocurrencies. So before the protocol actually starts running all the players are required to deposit some collateral some collateral coins that will be used to punish them if they do cheat. So this collateral is going to be locked inside an entity such as a smart contract and after the protocol is completed successfully will be delivered back to the users. So the collaterals are only used as a punishment in case of cheating. Remember that cheating can also be an abort. So we solve the privacy the penalty enforcement problems in that way. Now we also have to show that the rewards that a user gets from the poker game are paid. So we also deposit bad money in the form of a cryptocurrency. So we have some coins deposits that are going to be used to bet inside the game. So those bad deposits are going to be distributed among the users who actually win or lose in the game. Now in order to get efficiency we construct a tailor made protocol that is based on the popular ddh assumption in the so-called random oracle model. This allows us to achieve a protocol that has much more efficiency than protocols that compute any program while making it compatible with the mechanisms the cryptocurrency mechanisms that we use to guarantee collateral payments and bad payments. So our protocol will basically determine the output of the protocol will determine how the bad money that's deposited is distributed and also who is deemed a cheater and gets their collateral money withdrawn and distributed among the honest players. Well in this idea we would have each user first depositing some amount of money and then running the protocol in case anybody cheats they would post a complaint to the blockchain that is running the cryptocurrency to the smart contract saying that some problem has happened upon which the smart contract will request all the users to provide proofs that they have behaved well or that somebody has behaved badly and those proofs will determine who is the cheater who's going to get penalized. So a very important point a very important part of this protocol is having compact witnesses compact proofs that you behave well or bad and that's something we are able to provide through the careful design of this protocol based on this specific assumption. So we end up with a protocol that allows you to provide very short proofs that you have behaved well or bad and those proofs are used to redeem your bets to redeem all the money you have made in playing this game and also to show that somebody has tried to cheat on you in which case the cheater will be penalized losing his collateral money. So that's the basic general structure of the protocol and we fortunately are able to show that a protocol with this characteristics is actually secure according to our formal security definition. Being the first actual Taylor made poker protocol that provides reward guarantees penalty enforcements and provable security while keeping efficiency. That's the basic structure of the Kaleidoscope protocol. In the next version we'll actually present a protocol where you can build any other card game and not only poker games and we'll cover that in another talk. Thanks for watching.