 So, hello everyone, I'm from Apple Village, as you can see, we do see someone who else with quality of business too, like this one. So, today's topic, how do we make web as secure as blockchain? So, before I go into the revolution, let's remind you a little bit how we end up here, having this secure web and blockchain connectivity. So, web is pretty much started as if you're a blockchain leader, smart contract, you need to use interface for that, so what do you technology for that? So, we scan my javascripts on top of the desktop for two seconds, and then okay, but where do we put them? So, website, websites. We scan my javascript on the website, so let's put them on the website. Then, if we put them on the website, how do we control what data can access to the blockchain? If we put them on the web, how do we access the data of the user's data? Well, let's ask user every time. And then, continue from there, we have confusing processions. So, what do we do? We write ERCs. If you follow the ERC, the transaction is kind of comprehensible. And then, we have a lot of variations of this smart contract, so what do we do? We write more ERCs. Then, we have tokens that are more complicated than traditional ERC. We have cryptocity that actually has a color, the visual, the eye style, eye selection, okay, so what do we do? We hard-code them into the browser. So, this is how we end up here. So, this is what I call this process of hitting a problem and solving it immediately with the most ready solution. I call it calling the design space. So, it's like this. We just go from somewhere and if people want to find a nearest exit, and then go from somewhere else. Now, there is a better way to solve a problem. There is a better way, which is to find out what problem you are trying to solve. So, the problem, what do people want from the problem? I have made these four points summarized. But if you look at other points, today I'm going to talk about this tool. First, people want to, because Web3 is decentralized, blockchain connected, and web, people want to see the truth. People want to see which bit of information on the web is true and how true it is. They have to trust the web. The other thing is interoperability. It's quite important because traditionally, a web system is a giant. And then we have decentralized components. But users' expectation is still that by one server, the level of service that can be provided by Facebook. So, how do you let this decentralized component work together? And then we have the privacy that users are always expecting. Expecting that Web3 is a more private web. Something that a user is able to get where they want, without giving away their browser and private data. And then finally, you have security, which means the user knows what they're doing. They have to be the only custodian of their asset because they know what they're doing with their asset. If they sign a transaction, they're signing a transaction. If they are signing a transaction to get a kitty, they're not accidentally giving away a kitty. Now, given this, this important that Web3 is going to solve, I will start with very simple. Analyze how well it's properly solved. This is a Hallow word example. I imagined it. This is called a kitty in the garden. What it does is it draws a picture of a kitty if you have a picture of a kitty in front. Then it looks through a garden background. That's all. Think about it as a tokenized version of Hallow word. You need to see the word token in some place. Now, traditionally, if the metallic and the thermon manage the solution, this is how it works. Use the request data, and Web3 will use a bunch of JavaScript and TMR. And these JavaScript and TMR direct users browser to access a terminal, get information on the token like accessing smart contract functions, getting the color of the kitty, getting this data and drawing it or using the text. Now, let's look at trust in the opportunity privacy and security. So speaking of trust, how does the user know that the crypto kitty is actually rendered using the data of his own kitty? Or whether or not the Web service giving them JavaScript to inquire kitty information and not the balance of the die contract? How do we know that? And then interoperability. So if, in this case, it has this new kitty or kitty that is sitting there, the new one will sometimes have flies flying around around a lot of different things. So suppose crypto kitty adding new functions like this, new kitties, that they made a function of this kitty face, and you can get them. Then how do you know this moving part of decentralized components? How do you know if the website has updated their code to use these functions? That's interoperability. And then we have privacy. So apparently in-chart, the website gets data from the blockchain rendered on the Web. But what if there is another arrow coming from this website which feeds back data to the website? So the user doesn't know how much the website can learn from your token. And then we have the final security issue, which is if you assign a transaction, a transaction is assembled by a code that we don't know, wrote by the logic trust. So in fact, the trust is so open that this model is more popular. This model, the user requests data from the web server. What's up with this user, just type it up, JavaScript, which requests the user some clear address. The user then gives the theme address to the server, and the server can go look at the kitten data themselves. There's no need for the user to have access to the theorem blockchain. If the user doesn't have access to the theorem blockchain, how does the user know any information is true? In fact, you can produce this thing with just a picture, a screenshot of a kitty sitting on the, in front of the garden, and the user will have no way to know if this is his kitty or not. So the solution would be, in this very simple example, is to build a non-clay. Non-clay is an area, a secure area in the token space. That is used on the web, but independent on the web. So visually, an unclay probably looks like this. So normally it just looks like kitty in front of the garden, and I'll try to hold it on the hand. So if the user moves mouse over this unclay, which shows that there's one unclay on the web, then this kitty gets highlighted. So the user knows this part of the mission is an unclay. It's sourced from blockchain shoes. So with this unclay, construct, the protocol will look like this. The website requests to do about a kitty. This time the website does not provide direct instructions on how to get this information. It's embedded in code running the secure unclay. And the secure unclay runs clean, signed code, provided by a crypto kitty or trust resources that users can use to have a kitty. Privacy is protected here because users have asked for one kitty. So I probably asked you the truth which kitty but you don't need to know. Now you have a kitty. And what is the color? The website may ask. Because I need to draw the background. And the kitty, the clean, signed code running the secure unclay provides information, provides interface, access information. You get a great color and you can draw the background now. This is how it will be done with the secure unclay. So let's look at this for a new text again. Trust. So the user runs clean code signed in the secure unclay which accesses your node directly. It doesn't take input from the website, for example. So user knows in secure unclay they can ascribe truth there. So they do that trust. And then they need to offer a bit. If the crypto kitty is also given a sleepy kitty look in midday, then they can update their code to run the secure unclay on the website that we created because the website only cares about building a garden. That is the website that opens the garden. It's called Kitty in Garden. And then you have privacy. As I demonstrated, like you ask for a kitty, I don't even give you the name of the kitty or the idea of the kitty. Just tell you, okay, I have a kitty. Security unclay has the same interface for checking the files. And then you get securities that if any transaction has to be signed, it is started from the web, asking certain things to be done. And that action is performed in unclay. Transaction is assembled in unclay following the rule that was previously written. So this will separate the unclay from any security problem on the web. Now, if you run this technology, you need a way to deliver signed code to the security unclay. And that's the technology we have been working on. It's called token script. And you can use it as an executable package implement. What it does is it has token information, like the name, the transitions, the names, what you are seeing that they come from. And then you get attributes like how to get colors, eye color out of the kitty. And then you get transactions, like what transactions are possible with the kitty. Maybe the kitty can make it. Maybe the kitty can sell them out. So you can, I don't know. And security is only like, what kind of information is acceptable from any security unclay from which website. Whether or not test stations you will have on their mobile can be forward to the website. Security moment. And then we have components. So we have cards. Cards are the visual renderable part. So we can have a kitty card which will show the kitty card. And then we have actions. Actions is other things that the transactions users can compile for this token. And ultimately these actions might not entirely provided by kitty. For example, if someone has an idea that's collateralized kitty and you write a collateralization contract that's collateralized kitty, then you as a collateralizing contract author can provide an action that is applyable to kitty. So that's the action there. And finally you have the signatures. The reason I put multiple signatures here is because there might need to there might be multiple sorts of trust. So just as I explained the kitty is joined with code signed by crypto kitty. But collateralization of the kitty as an action that can be done by kitty might be signed by someone else. So this will be basically the file structure of token script. So here we have a great understanding of how token script will solve the hello world problem. I'd like to move forward to show you a real world and how tokens will be applied. That's going to be more complicated but still based on the same thing. So imagine with me that you have a token that represents your car on chip. You get the token you buy the car. And imagine that you have an insured car which is another token you get when you pay the insurance together with the car. And here on this interface there are multiple tokens and the highlighted one is the insurance. The account is messed up but it reads issuer of the money and the little played member. This is the car token. The highlighted one is the chip. Now let's imagine with this new insurance token what you can do with it. Imagine the business called car next door. There actually is a business based in Melbourne. That allows you to let your car be rented by strangers and you just get a $100 day when you come into your pocket automatically. The car is made for you. That's that idea. And in order to use this service you need to have a fully insured car. So the insurance token would be the naveler of this new share economy style. And when you use the insurance token for this new share economy you get ready-to-car listing token which is the source of revenue that comes to you from time to time and represents that actually you have a source of revenue. If you want to to secure it it's not a story but we just imagine that this is possible to have a start-up for a car next door and new business. So the process will look like this. First this is serious business website we say do you actually own insurance? Now the website wants to learn something and the uncle has the policy that actually I can do this information. This is my policy test station. And the website goes to the back of the website and asks the theorem note is this policy correct? Does it cover unknown drivers which is condition? And it's not come to say yes or yes. This is one of the communication where the user behind security uncle and the website using their own know established trust to each other. So you know previously in the website doesn't even need to access the theorem blockchain if you lied about you having problem but this is not serious. And to this point we have established trust and the website will send a transaction to get your car and here take this token script. This token script is a new one. This token script is issued by car next door a share company and it contains the rules how to get a transaction to get your rental car this token. So what we have now is in the security uncle the environment security uncle will check token issuer signature is good it's issued from car next door.com and then it will require a theorem know that actually this token issuer from contract or network endorse this token script and the theorem know will come back and say this token script will generate and the user will get this which is a transaction which is in the sample says that what token are going to use by the transaction now what token are going to use in the transaction car insurance token as you can see and what kind of token are getting which is car rental rental car listing token and it's great color because it doesn't exist yet it's created on the moment successful transaction so this is what generated from the security unplayed not by the website what's has to say that you need such a transaction and once you have done tell me and a low word here we have a new token here in the security unplayed we have a insurance token from Virginia then we have the car next door token rental car token this is how it works so yeah when you say security unplayed on the physical device or is that software actually it's a software so where is that software running? it's in the users browser so that's that's why it's relevant because after wallet even wallet we are able to modify our wallet to have this thing but normally you would need a new kind of browser maybe that doesn't exist yeah so this is a working progress okay so all right so you created a browser that competes with Brave it's a new browser it's got a security unplayed running in software how do you trust the hardware so this is a different level of topic you will be great if the security unplayed actually runs in the rules in the hardware so you can't play but this is something that can progress okay so actually this is how token script would solve security unplayed on the web decentralized web 3 so we have ample time for questions and yeah we can't show questions so anyone please another question how do you notice the user how does the user know right yeah so so there are quite a few assumptions being applied here so for example most computers computer model was based on an idea that you don't have physically on the device and you actually personally store it what if you have one version of Windows actually so the assumption is the user has the capacity to secure a new device but even with the assumption that like this a relaxed assumption the old security model would still not help so we need new security like token script but still with the same assumption the user's device is secure yeah please is token script open source okay this is token script.org it's on GitHub it's Apache license and there's a technology that is being standardized by the determination and the process and the pump sorry submitting it to standard track Oasis Oasis is an organization which previously produced all the documents in format all the office so it's a movie thing I hope I can get standardized really soon we just have a question what's the current status or like can we already start using it or yeah so there are tutorials on token script.org however so token script works with a concept called context so let's say the token looks differently if it's not wanted or if it's on the web or if the token let's say current token looks differently if you are a follower or if you have a member different context the result token will be rendered differently applied in logic so currently it already works on alpha wallet the company and the alpha wallet is open source but it only works with one context which is called a wallet context so to make it really work on the security enclave in the browser the context is the concept of the script okay so we have one minute left quick question and okay assume that the public or private key pair is anywhere specific does that have to be like a JSON blob or it can be a hardware wallet or how does it interact with the keys or is it just metamask right okay so if you want to kind of find another layer behind token script let's say every time the transaction is going to be signed but in the in the in the air gap through the device that's something on a different layer different layer for protocol the token script doesn't take care of this layer it doesn't care about this layer doesn't care about this layer okay so yeah thank you very much