Open synctext opened 1 year ago
This is a short draft of my idea: Are_Daos_A_Scam_draft.pdf Bassically, I want to give an overview of what DAOs are and the issues they have.
I've also read some papers, but most of the interesting things are found outside of papers on blogs or articles. Some of the stuff I found interesting:
This angle is difficult to bring in the science. DAO now reads as engineering and financial shenanigans. More scientific example are going into these type of algorithms to generate trust or another wild angle is technology is becoming political; see Susskind book. Or especially wild: "why we never produced a global brain". Example Your survey needs more scientific citations, besides blogs. Note the DAO survey with [46] papers cited. Do something more practical: like crawl a DAO (forum) and analyse. The exhaustive list of DAOs and their exact governance rules.
this is what I currently have lit_survey_current.pdf. I combined what I was doing previously with researching DAOs' governance procedures. I couldn't really find a scientific angle + my writing is still not that good ☹
Do we really need to use FROST? Depending on what improvements FROST made over its predecessors, it might be worth it to use older schemes as they already have mature implementations. I found a go library that allows creating threshold signatures for ECDSA and EdDSA. Then we could use go mobile to call it from android.
Solid idea! Somehow I failed to read more, after seeing FROST. I just wanted it after reading. :smile:
current version of survey I think it is a bit better now, but I think there is still a bit of work to be done. The angle I'm going with now is that It is hard to fully understand DAOs since there isn't any good documentation and you have to gather information from many different sources.
Master thesis thinking:
While quite late, I'd like to contribute FROST is far simpler than any threshold ECDSA protocol, relying on far fewer assumptions. It also has extensive security review in:
Threshold ECDSA also has review, yet provides a much larger surface taking several rounds to complete, and relying on far more assumptions to be proven. Part of this can be cited back to ECDSA being a convoluted attempt at avoiding a patent, leading itself to not have a security proof given the discrete log problem.
Practically, FROST is 2-rounds, only one requiring knowledge of the message. The lowest thresold ECDSA protocol is 4 rounds to sign, when the famed GG20 is 7. Binance's tss-lib has been forked to GG20 by THORChain, and their fork has since had several security issues with it, from Alpha-Rays to the ability to cause honest parties to be blamed to leaking key shares. Despite this, THORChain's library was prior audited (though the quality of this audit now must be called into question) and is likely the better choice than the tss-lib it comes from (as I assume it has had far more scrutiny, yet I may just be unaware of the review on Binance's lib. Their one published audit is years old, prior to Alpha-Rays).
As for Binance's EdDSA impl, they appear to use a 3-round threshold signature protocol (not FROST, yet not vulnerable to Drijver's application of Wagner's algorithm thanks to a hashed commitment round). I'm unsure what actual protocol it implements, yet I can note FROST achieves a 2-round protocol with the same raw bandwidth for their messages. It didn't include any horrendously expensive proof to achieve the reduced complexity.
I also believe, regarding performance, no threshold ECDSA is linear to amount of signers. GG20 is quadratic, which is why THORChain takes tens of seconds to sign for their 20 participants. FROST is linear, and I've benchmarked <0.7s per-signer for a 333-500 group.
I do believe this is months late, and y'all are using FROST (specifically my lib, currently under audit :D ), yet I still wanted to chime in as I can :) At least this should be helpful by providing plenty of references to refer to?
@kayabaNerve Thanks. This is great and It'll be helpful when writing my thesis.
The paper was put on hold by arxiv. I’m guessing it is since I’m new? 😞
I was able to cross-compile the rust code to native code for android. I'm using this tool https://github.com/rust-mobile/xbuild. All you need to do is plugin your phone and type a command do compile the code for the phone: x build --device adb:16ee50bc
. It does create an .apk or .aab, so you have to extract the native libraries yourself.
I got a basic app working that uses frost to join and sign. It also uses ipv8 for communication.
I thought a lot about how signing and joining a frost group would work.
I think I made it pretty testable, and I will write some tests next sprint
// interface for network
interface NetworkManager{
fun send(peer: Peer, msg: FrostMessage)
fun broadcast(msg: FrostMessage)
fun getMyPeer() : Peer
fun getPeerFromMid(mid: String) : Peer
}
// abstract over frost community with the network manager
FrostManager(frostCommunity.channel,
networkManager = object : NetworkManager {
override fun send(peer: Peer, msg: FrostMessage) {
Log.d("FROST","sending: $msg")
frostCommunity.sendForPublic(peer, msg)
}
override fun broadcast(msg: FrostMessage) {
Log.d("FROST","broadcasting: $msg")
frostCommunity.broadcast(msg)
}
override fun getMyPeer(): Peer = frostCommunity.myPeer
override fun getPeerFromMid(mid: String): Peer =
frostCommunity.getPeers().find { it.mid == mid } ?: error("Could not find peer")
}
)
Please document the possible final goals of your master thesis, brainstorm:
Collective Bitcoin ownership
100 devices
1 new initiator
joining the DAO
Not everybody is online
Having a selective re-try mechanism (IPv8 gossip community)
Native re-implemenation of the 1200 lines of Rust, for lab sanity and simplicity....
prepare the lab for next master student project: 1000 clusters with 1000 users each doing Multi-FROST
?
Golden testing scenario is that users are online once a day and will make their sign/reject decision
Performance analysis and scalability projection
Craft a user interface for 100-256 DAO users. Each user listed in status as: unresponsive, pending, online, rejected, and approved:
Is something forgotten for democratic control of wealth in general?
Working next week :tada: :1st_place_medal: .APK to test...
apk demo video in case apk doesn't work
Arxiv still has the survey on hold. 🤔
I think I will work on making these things work and then maybe add extra stuff:
Thesis paper brainstorm:
I didn't do much this time.
For the next weeks:
first message it sends is not sent again on failure.
Please fix that and document all fixes to EVA :+1: instead, I sent a message a few times to account for failure.
Offline for a week differs from dropped UDP messagesemulator since the emulator's networking is unreliable
Weirdness is not allowed, please figure out whats going on. Buffer overflow of 31Kb socket? No incoming connections? No bug in the emulator framework: code coverage.For the next weeks
Before choosing to do just acks for reliability I spend time looking into other ways. I think a future project could be adding quic to ipv8. I know you said its too heavy, but you could have quic for peers you interact with often and then have normal udp for other peers/ messages. There is a java quic lib aswell https://github.com/ptrd/kwik. I played around with it and it worked.
Disembodied Artificial intelligent systems such as stock market exchanging bots take decisions and adapt to new situations based on formal specifications provided by humans.
, https://doi.org/10.1007/s12369-020-00686-1if(msg.serialize().size < 1000){
The size of the message with 32 nodes would be around 1300 bytesFor comparison I ran FROST keygen with and without ipv8.
if FROST works
I'm thinking there is a race condition somewhere causing it.
its hard to debug
, feel free to spend significant thesis time on this and include numerous code coverage, unit testing, end-to-end system testing, mutation testing, and deployment results in your thesis. (e.g. 50%)Can we have next meeting in two weeks?
3 Background
not optimal solution to introduce this tutorial in your thesis (2 pages)
Can start setting up a date for the defense? thesis.pdf apk
I probably won't be able to show the app while I'm in Curacao so I made a recording. https://www.youtube.com/watch?v=CVgsn-JL4g0
I still need to add/fix a bunch of stuff, but its way nicer than before. I do the following in the video:
Harvard Kennedy School on DAO.
Hubbard, Sarah, Connor Spelliscy, Nathan Schneider and Samuel Vance-Law. “Toward Equitable Ownership and Governance in the Digital Public Sphere.” , June 8, 2023. This paper explores how newly developed DAO tooling could help co-ops compete in the online economy. Specifically, we outline how DAO tooling could provide co-ops with:
Is this enough to start the defense process? I got a job which starts in September, so I'd like to finish before then.
I spent this sprint writing: FROSTDAO__Collective_Ownership_of_wealth_using_FROST.pdf
The writing still isn't that good, but I think it is much better than before. The figures need to be tweaked and a bunch of them are placeholders. I'm also missing references.
What do you think of the plots? I used scatter plots because you can quickly see the variability and because the graphs have a lot of values on the x-axis, so box plots did not look nice.
You mentioned that the problem description sounds more like requirements than a problem. I tried to change it, but I'm not sure how good it is. This is the old problem description:
The internet has revolutionized the way individuals collaborate and work towards a common goal, even across borders.
However, despite this, there remains a significant challenge when it comes to the collective management of wealth.
Establishing a company or making joint investments can be complicated and cumbersome, particularly when the individuals involved are from different countries.
Existing financial services do not address this issue, highlighting the need for a novel solution.
We aim to solve this problem by creating a peer-2-peer leaderless decentralized system.
This system will allow groups of individuals to form decentralized autonomous organizations (DAOs)~\cite{DAO} that enable them to collectively and democratically manage their wealth.
The key principle guiding our approach is decentralization, ensuring that every aspect of the system operates without reliance on any central authority or intermediary.
To achieve this, we envision a fully open-source system and transparent system that allows participants to examine and verify every operation.
There is no central authority, therefore transparency is crucial to be able to identify potential bad actors. Building an open-source system allows anyone to contribute and ensures that the system can evolve based on the users.
Our system should be accessible to anyone, regardless of their background or technical expertise.
To ensure this, we aim to create the entire system using only mobile devices, therefore maximizing the number of potential users.
To support many users, our system should scale to millions without reducing security or performance.
By constructing this decentralized peer-to-peer leaderless system, we aim to address the existing limitations of traditional financial services and provide a robust and easy-to-use solution for decentralized collaborative wealth management.
FROSTDAO__Collective_Ownership_of_wealth_using_FROST.pdf
Aside from the abstract, I think the writing of the first chapters is decent.
I spent a bit of time looking into EVA. The main problem is that it does not support concurrent transfers to the same peer + there seems to be a 20 second duration before this is reset. Key gen only needs to use EVA once per peer, so I don't think this is a problem in practice. But in my experiments, I do key gen from 2 to 50 members sequentially.
This is from https://arxiv.org/abs/2203.00398:
I optimized the serialized of the message, so EVA is not needed so early, and I played around with the EVA code:
Delft literature survey, 20 DAO participants is the tipping point for sustainability.
FROSTDAO__Collective_Ownership_of_wealth_using_FROST.pdf
private val maxSimultaneousTransfers: Int = 10
Review of draft master thesis presentation:
Approach | properties |
---|---|
Multisig: Bitcoin scripting | requires all public keys and signature of entire group. Bad scalability |
FROST threshold signature | single shared wallet, cubic growth of complexity for key generation. |
Random lottery function | loosely binding of goodness and income. Only converges to equality with infinite runtime |