Hacker News new | past | comments | ask | show | jobs | submit login
On Web3 Infrastructure (mirror.xyz)
134 points by cdata 11 days ago | hide | past | favorite | 166 comments





Most of this article is about the same solutions that are always proposed (wake me up when people actually use them and they actually solve the problem at hand.)

To me the most damning part of the article is:

> These critiques are usually unmoored to anything actually happening in the blockchain space, and unaware of the technological development and cultural vision. This bifurcation is extremely harmful for the health of the emerging technologies: these technologies are not going to go away, so if your only answer is dismissal and anger, you’re actually just ceding the power to decide what these technologies will look like in our world. This pattern of discourse creates a negative-sum feedback loop that does a disservice to all.

Quite frankly, if web3 really was all its cracked up to be, enthusiasists wouldn't be so offended anytime someone "didn't get it". After all, if it really was gold, they would be too busy making cool things and the results would speak for themselves.

As the author says, those who ignore something ceede power to those who show up. But why would the people who show up be so offended that people are giving them power? If it was actually valuable wouldn't they want it for themselves?

Every time someone criticizes cryptocurrency, its always the same refrain: people are wrong to be negative. All the bad vibes will turn your heart black, etc. That's what cults say, not what people with viable tech say.


> Every time someone criticizes cryptocurrency, its always the same refrain: people are wrong to be negative. All the bad vibes will turn your heart black, etc. That's what cults say, not what people with viable tech say.

True. In reality the "bad vibes" are just folks trying to find a consensus on where this technology belongs- if you can't communicate the benefits of the tech in a convincing way, it's not everyone else's fault.


"If something is too early to criticize it's also too early to evangelize"

Kelsey Hightower @kelseyhightower, Jan 2, 2022


Spot on. Build Web3 and if it is great as you say it is I will use it.

What else is there to discuss?


Because even if web3 is a technological advancement and fulfills its stated purpose flawlessly, there are still negative externalities like the environmental cost. It's similar to building more data centers to house YouTube's "unlimited" storage for user-created videos. YouTube is one of the most successful platforms on the web with unprecedented societal impact, but will there ever be a time when we stop building more data centers, along with incrementing the total energy and environmental costs of running them all?

And once a critical mass of people have adopted said technology, it becomes too easy for those in control to shift the blame onto the millions of functionally satisfied adopters when looking for solutions to the negative externalities that don't directly affect those adopters.


The only major blockchains using proof of work and having considerable environmental impact at this point are Bitcoin and Ethereum.

Bitcoin has stalled in development so I don’t think it will ever change, Ethereum has been talking about moving to extremely low energy Proof of Stake for years (hopefully will happen soon).

Almost all the other major blockchains available - Polkadot, algorand, Tezos, NEAR, Solana, Cardano - are proof of stake, or similar extremely low energy consumption blockchains.

The environmental criticism of blockchain is therefore going the way of the dodo. There are many valid criticisms of blockchain but the energy consumption criticism is about to be technologically outdated. It will age like milk.

The only significant project using it is really Ethereum, and like I said, they have long promised to move on but have apparently gotten into a lot of technical trouble doing it, but they are still dead set on doing it.


> It will age like milk.

Maybe. But right now PoW block chains have most of the marketshare. The environment concern is not a new one, maybe it will become spoiled milk one day, but so far it seems like the milk has had an incredibly long shelf life.


What market share? Market cap? Bitcoin is a failed experiment. It will go away eventually.

I'm dismissively cynical with respect to the future of "web3", but for the most part I can appreciate the tone taken by this article; no defensiveness, no condescending suggestions that the critics "just don't get it", but most importantly, acknowledgement that these are real problems and a willingness to engage with the specifics of the criticisms outlined, without hedging. I remain unconvinced, but I think the discussion around blockchains would be a lot less heated if the rhetoric from the enthusiasts was typically this measured. Yes, I recognize I'm putting the onus on the enthusiasts and letting the cynics off the hook, but the enthusiasts are the ones claiming to herald the next iteration of the web, that's a haughty claim for an already controversial technology.

The builders talk this measured way. Hang out with more of them, while they’re building and where they build.

Join discussions where draft standards are being ratified or tabled.

There isn't really a world where any of this goes away, so the voyeuristic and quizzical approach doesn't work, there is a world where updates push it in a more relatable direction. That might be the biggest pill for cynics to swallow, that there is no convincing them thats going to happen and they’ll wind up contributing to its resiliency anyway.


> The builders talk this measured way. Hang out with more of them, while they’re building and where they build.

There's no reason for me to hang out with them, they can come to me if they want my attention. I don't come to HN for blockchain evangelism, but this is a tech forum and blockchain is tech so if an article comes up I will engage with what I am presented with.

> There isn't really a world where any of this goes away, so the voyeuristic and quizzical approach doesn't work

I don't think it goes away, but I don't see it really going anywhere else than where it already is. Cryptocurrency is synonymous with "speculation" in terms of what is actually happening in the real world. I have no doubt we might see bitcoin and alts continue to rise in price as the ecosystem continues to do everything it can to amplify the hype, but at the end of the day, blockchain "web3" will never take off because the masses have no interest in using cryptocurrency, they just enjoy trading it on coinbase and robinhood like it's a stock - web3 has nothing to offer those people.


> There isn't really a world where any of this goes away

Why not? Technologies rise and fall in unpredictable ways. I'll admit that there is a lot of energy to web3 - its not a minor passing fad. However that's still a long way from being inevitable.

Honestly, whole thing reminds me of how communism is going to "bury us".


I’m not familiar with how your last line applies.

The main answer is that these concepts dont go away and will continue even in a world without ubiquitous internet as making a couple computers communicate doesnt go away.


For background on the quote, see https://en.m.wikipedia.org/wiki/We_will_bury_you but basically, it meant, the ideas of communism are inevitable, it doesn't matter what you do, the concepts aren't going away and eventually it will prevail, so we're happy to just wait it out (didn't quite work out that way)

I see the same kind of, history is on our side so we can't fail, attitude here.

And you're right, the "idea" of a blockchain isn't going to be forgotten anymore then the idea of the internet would be. However that doesn't mean web3 is going to succede in its rather undefined vision. It would be like saying the internet won't be forgotten and extrapolating facebook's future stock price.

Or to use a digital cash analogy. The idea of digicash was not forgotten, but yet it still went under.


Okay that’s good context, now objectively what do you think about it on this topic and does it matter? What do you think it having the possibility of failing has to do with whether you spend time on it or being quizzical about the people that do?

This isnt as simple as the LA Mayor’s response as mentioned in the above article, where he basically said “we’ll live our lives not bothering each other instead”, as we are all capitalists here there is alot of alpha. The alpha is built in seamlessly to your contributions, if you build. If you build you exercise a sentiment towards a world you want to exist, even if the technology stack does not allow it to succeed. And yet you make enough money. So you make enough money working on something you believe in. If the possibility of the technology being the limitation is your issue with it, then just call it entertainment. The entertainment industry, and that has unambiguous value too.


The group of people you label “the enthusiasts” are too heterogeneous to be meaningful.

For example many developers are enthusiastic about a specific blockchain technology and unenthusiastic about the others.

Consider also the difference between someone who researches the formal specification and verification of smart contracts, vs someone who tweets dank memes of babydoge to Elon Musk. They’re completely different people with unaligned interests.

If you choose to lump them together and react only to people peddling hype, then what you’ve really done is fooled yourself into aligning with the hype peddler and unaligning yourself with the researcher, by choosing the reverse vector of the peddler.


> if your only answer is dismissal and anger, you’re actually just ceding the power to decide what these technologies will look like in our world

I mean, if I'm dismissing it, it means that I don't believe that anything meaningful could come out of it, doesn't it? At that point, why "power to decide what these technologies will look like in our world" should have any role in my decision process?

> these technologies are not going to go away

There are a lot of harmful, useless, irrelevant, etc. technologies which won't go away. So this wouldn't be surprising. But if someone is trying to articulate that these technologies will create a revolution of some sorts, most people will need better convincing.

Show me the value, where's the ??? value!


I think the idea is that there are entities like facebook/ meta who believe that the metaverse is going to be a big thing, so if a "metaverse" is going to exist and see adoption, most people would much rather have it not be under the sole control of a corporation like facebook like most of the services on the web right now. Similarly, digital currencies are going to eventually become mainstream, and there are similar concerns about how central banks will implement them. In cases like these, having an second option that isn't controlled by some powerful institution could help democratize how they get implemented and used. If you dismiss it, then you are just leaving it to these large institutions to make the rules like they previously have, they have the power and resources to out compete, buy or snuff out any traditional competition.

Yeah, but remember when Facebook decided to inflate engagement stats for video, and sent everyone on a wild goose chase trying to create videos for everything? That made journalism much more expensive to do, made the web worse (auto playing videos now everywhere) and was a complete and utter waste of everyone’s time, effort and money. That’s almost certainly happening again with the metaverse. You don’t have to play the game. You’re arguing that we should follow the advice of large institutions to invest in their crap, simply because if we don’t, they’ll have the crap all to themselves. I say let them keep it.

No that isn't what I am saying, I am simply saying that there appears to be trends in the way technology is going to be developed and used. Facebook wasn't the first to think of a metaverse, but they are a big player in how it will develop based entirely on how big they are. Money has already increasingly become digitized and will continue to trend that way long before any central bank digital currency gets developed.

The point is that nobody knows what the future tools of the internet will be, they can only see trends and act on those. Most are probably stupid and most will probably be useless, but innovation will inevitably happen. Its fine if you think places like facebook can have the metaverse to themselves, just like it is fine for people to think they shouldn't.


If Facebook were the only player in the metaverse, it would have no value whatsoever. They need other people to invest, because it is too big to build themselves, and it is therefore necessary for others to participate for there to be a market at all. Simply doing it because it’s a trend is incredibly vapid. If you don’t think it’s a good idea, don’t give them your investment. Your choices matter; your thoughts on whether a trend is worthwhile matter, because your participation determines its success. Take some responsibility.

I think there is a misunderstanding here, I'm not involved in any web3 stuff I am just discussing it. I think whether or not you or I think it is a good idea or not is irrelevant because the reality is that there are people that are working on things because they think they are good ideas, and there are people investing in those things similarly, even things you would consider ethically questionable. It happens and will continue to happen.

Facebook doesn't need to build it all themselves, they just have to make the platform that everyone else will want to build on, just like what all of the current tech giants have done for the past 20 years. The idea isn't about chasing trends (or even something specific like a "metaverse"), it is seeing where innovation in happening and hopefully avoiding further concentration of power in the future of the internet.


> could help democratize how they get implemented

Was there any democratic process when "Solidity" was designed? Unfortunately, it does not appear to me that the right experts have been involved and that there was peer review. It looks like it was thrown over a wall, much like JavaScript was.


cue xkcd “14 competing standards” comic.

one reason there are so many blockchains is because they are all taking different development approaches and tradeoffs.


> In cases like these, having an second option that isn't controlled by some powerful institution could help democratize how they get implemented and used. If you dismiss it, then you are just leaving it to these large institutions to make the rules like they previously have, they have the power and resources to out compete, buy or snuff out any traditional competition.

I thought the whole idea was it is "distributed" and non centralized. If big evil company takes over, can't you just fork? If it really was decentralized, why would i care about the direction the central commitee takes?


The big company isn't taking over, the big company is making the thing so they own it. The point was that having a similar distributed solution takes power away from the big company because it provides an option for users to choose if the big companies implementation becomes too onerous.

The points made are relevant. However, they are much more political/social points rather than technological. Technology could help to facilitate such social or political change but it is the smaller part.

Somehow the web3/crypto etc discussions tend to vastly overestimate the role of technology vs the role of societal choices.


Technological changes are often precursor to societal change. But its not necessarily easy to predict what that societal change will be. Very often it isn't what the techno-enthuiasts think it will be.

A few web3 projects I think provide value.

1. Handshake

This is decentralized root naming system. This is one of the most practical use of a blockchain where all records need to be public and verifiable. No need to depend on icann and registry owners for having a tld which you own.

2. Unlock

This is membership protocol powered by nft. People can buy a nft and then for authorization, service provider can check whether the wallet has the nft and is valid. This way, nobody controls your membership and you can move them around the web as you like.

They are all connected to a wallet you control.

3. Arweave

Permanent storage using incentives and built on the idea of storage getting cheaper. Of course, this may not scale but I like the potential.


> 1. Handshake

This is what Namecoin[1] tried to do using the Bitcoin blockchain ten years ago without success. This gets reinvented about every year on top of every new blockchain, and none of these implementations have proven useful yet.

The main problem is that speculators become domain squatters, and buy all the popular domain names with the hope that they go up in price.

[1] https://www.namecoin.org/dot-bit/


If only they also reinvented ICANN UDRP too...

almost as if the existing structures, as flawed as they are, were created for a reason.


> The main problem is that speculators become domain squatters, and buy all the popular domain names with the hope that they go up in price.

This is the worst part about any web3 project.

Though, there are some differences between namecoin, ens, and handshake.

Handshake lets you register the TLD while ens, namecoin, etc are limited to domain on a single TLD. The potential number of combination of domain + tld is enormous comparatively.

Secondly, handshake doesn't release all TLD at once. They are released slowly to stop speculators from gobbling up the initial supply.

I do agree speculation is a huge problem which happens in normal ICANN world as well. So nothing to miss except I can own the TLD for which I don't need to pay over 200k USD with chance of getting rejected from ICANN and ongoing cost.


> main problem is that speculators become domain squatters, and buy all the popular domain name

I like the geo-libertarian approach to this. Said squatters should need to keep paying the market value of the resource in rent to remain in control of it. Thus removing the benefit of just squatting and require you to provide additional value on top of being the current owner to not lose money.


How do you determine the market value of a domain? Just let the highest bidder win?

Should we let a bunch of black hats purchase google.com if they can extract more value from it than Google can (and are therefore willing to pay more for it than Google)?


I want to have a few different line if thoughts to that concern.

a) On black hats, and presumably the risk of being tricked. Perhaps this is an orthogonal problem to who controls the name. Then again it might not.

b) On who the name is valuable for. You hint at there being a public interest in who controls the name. The free market response would be that in theory if the black hats can extract more value its because the invisible hand provides that value to the public in unforeseen ways. Or it may be that we just exchange one rent extractor for another, in which case perhaps the public should be more directly involved in the value assignment. A democratically governed central authority is one approach, another might be a more direct decentralised trust/value assessment towards a particular assignment

c) On bidding. I can see different approaches but to avoid a takeover situation a bid would probably have to binding over some significant time making it implausible for a takeover to be profitable unless the calculated return can be sustained.


What keeps the name squatters from becoming landlords? Rent the name to those who want to use it at an inflated price to subsidize their other squats.

Im imagining that the renters could simply bid on controlling the name directly instead of going through the squatter

> This is membership protocol powered by nft. People can buy a nft and then for authorization, service provider can check whether the wallet has the nft and is valid. This way, nobody controls your membership and you can move them around the web as you like.

Who is the boogey-man trying to control your site memberships? The site operator? I highly doubt this system is robust against site operators trying to "moderate" you, but supppse it was, why would they sign up for it?

For an ecosystem originally built on keen insights on how to mix tech with incentive structures, web3 seems to have thrown that all out the window and replaced it with wishful thinking.


> Who is the boogey-man trying to control your site memberships? The site operator? I highly doubt this system is robust against site operators trying to "moderate" you, but supppse it was, why would they sign up for it.

People use centralized platforms like patreon for memberships. They can kick you off and you will lose all your subscribers. Your patrons will lose access as well. That is what unlock tries to solve.

The membership data is stored on the blockchain publicly which everyone has equal access to. You can prove you own a particular nft stored on the blockchain by signing using your private key. So even if all data is public, authorization is secure and reliable.


So its a really fancy way to make an immutable public back up?

I mean i guess, but you could also just back up your subscribers list.


Here's the thing though.

Let's say, I want to provide special benefit to people who own membership on hackernews.

In the model where this data is public, I can query the wallet of people to check for HN nft and provide special discount or perks.

If this membership data was privately backed up, I cannot do that.

It fits nicely into the blockchain model, imo.

Subscriber owns the membership and can prove to the service provider.

Service provider has access to the membership and can check the validity.


> "In the model where this data is public, I can query the wallet of people to check for HN nft and provide special discount or perks."

How will you provide your "perks" if either you or your members have been kicked off the platform where those perks made sense in the first place?

With this use-case you're describing - all you have is a list of wallets that were at some point relevant to you in some way. This is the equivalent of maintaining a mailing list. Why does any of this require a distributed ledger? What problem does this solve exactly?

> "Subscriber owns the membership and can prove to the service provider. Service provider has access to the membership and can check the validity."

How is this any different than signing up with an email-address as a username?


I think you are misunderstanding something above.

I'm not the one providing HN membership. That would be YC but I as a third party can verify whether someone has a valid HN membership and provide them perks based on their membership. That is the problem a distributed ledger solves. The data is public and usable by any service provider.

To verify you have a HN account (membership) today, a service provider need to build something like keybase. That is complicated and will be different for each service.

That is the problem unlock-protocol "solves". It defines the protocol for managing these memberships. To create, verify, deploy, etc.

You need some way to pay for membership without a middleman. This is solved by cryptocurrency part of the blockchain these nfts are stored on.

Memberships are also more complicated than a list of email addresses. They can be transferred, expired, and change depending on the action of the user. For example, some provider want their memberships to be reduced to half when transferred.

This is the part smart contracts solve.


> To verify you have a HN account (membership) today, a service provider need to build something like keybase. That is complicated and will be different for each service.

What's wrong with plain old digital signatures in this contrived scenario. If for some reason this was desired, hn signs an assertion that so and so is a member. Person presents this assertion as neccesary. No blockchain required.

Memorizing hn's public key is no more hard than memorizing what their nft is.

I suppose you'll say transfering memberships. If hn is onboard with the transfer they could just issue a new signed assertion. So the only use case is if you want to transfer ownership against the service provider's will. But how does blockchain solve that? Unless i missed some great advance in zkp, all transfers are public on the blockchain, and service providers can trace the transfers and not recognize transfers they don't like.

> They can be transferred, expired, and change depending on the action of the user. For example, some provider want their memberships to be reduced to half when transferred.

What's a real world example of someone wanting something like this? I can't think of any.


> What's wrong with plain old digital signatures in this contrived scenario. If for some reason this was desired, hn signs an assertion that so and so is a member. Person presents this assertion as neccesary. No blockchain required.

Blockchain isn't required for this part and I answered why not certificates in this thread elsewhere. The simple reason is, wallet based authentication & authorization is more mainstream than pgp today. You also need to pay for memberships and that can be done through the same wallet. Arguably better UX.

> If hn is onboard with the transfer they could just issue a new signed assertion. So the only use case is if you want to transfer ownership against the service provider's will. But how does blockchain solve that?

Indeed. That's the point of storing membership data on blockchain. The user and community can go against the service provider. Think of freenode transfer a while ago, if the identity, moderation, ownership of channels, etc data was stored on the blockchain and controlled by the user. The community could migrate to another IRC service which fetched data from the blockchain and each user could get the same account they had on freenode by verifying they owned that data.

Check out other commenter on the same thread too. https://news.ycombinator.com/item?id=29862347


> more mainstream than pgp

This is the one of the most "damning with faint praise" comments I have seen this year.


> The simple reason is, wallet based authentication & authorization is more mainstream than pgp today.

So what, the killer feature is its UI isn't as shit as the program world famous for having a shit UI

Besides if that is your metric, JWTs are definitely more mainstream than blockchain stuff.

>Think of freenode transfer a while ago, if the identity, moderation, ownership of channels, etc data was stored on the blockchain and controlled by the user. The community could migrate to another IRC service which fetched data from the blockchain and each user could get the same account they had on freenode by verifying they owned that data.

Kind of hard to have a secret cabal channel if membership is public. Does this mean to ban someone from a channel you need to pay a transaction fee? That sounds fun from a channel op perspective.


> "To verify you have a HN account (membership) today, a service provider need to build something like keybase. That is complicated and will be different for each service."

No, they need at-best a small subset of what OAuth offers. OAuth is already distributed in that sense. It's a standard protocol which accounts for this exact scenario. This is a solved problem today.

It's not different than "login with Google"/"login with Apple".

> "You need some way to pay for membership without a middleman. This is solved by cryptocurrency part of the blockchain these nfts are stored on."

What does this sentence even mean? Your membership costs are on a per-service basis, and they are tied to each service you want to pay for. Different services have different costs.

This could make some sense if services wanted to get paid with Bitcoin, but ironically enough - the Bitcoin must be converted to USD at some point down the chain?

> "Memberships are also more complicated than a list of email addresses. They can be transferred, expired, and change depending on the action of the user."

Sure, but wtf does the blockchain have anything to do with this? You're free to have an account with any service and manage it as you wish on an individual per-service basis.


> I as a third party can verify whether someone has a valid HN membership and provide them perks based on their membership. That is the problem a distributed ledger solves.

It's the problem delegated auth (OAuth, etc.) already solved.

> You need some way to pay for membership without a middleman. This is solved by cryptocurrency part of the blockchain these nfts are stored on.

But... it's not, because a system that relies on a distributed network of middlemen isn't “without a middleman”.

> Memberships are also more complicated than a list of email addresses. They can be transferred, expired, and change depending on the action of the user. For example, some provider want their memberships to be reduced to half when transferred.

Smart contracts just add complication; this is trivially solved internally in centralized membership systems.


Well, you don't need to sign up for yet another service for one. People don't want to have yet another email and password to remember. That's what OAuth and all that machinery was invented to solve.

AuthN is one of the few use cases where having a public shared database/blockchain and users authenticate using their private keys works out better in some respects because the alternative is to depend on a centralized user database owned by a private company (eg Facebook). What happens on all of the sites you used Facebook login on, if your Facebook account gets suspended?


So we sacrifice member privacy for the sake of spam? Who would want this other than the spammer?

What is forcing Patreon or any other company to allow you to export your subscriber list? And do you have a right to export even if your account has (wrongly?) been banned. Unless there's some kind of regulation involved, this is the kind of thing that easily could cease to work as expected once a company has enough market share.

> 2. Unlock

> This is membership protocol powered by nft. […]

How is this preferable to just having the client generate a local private key and authenticating using public key cryptography?


You still need to store that data on somewhere to verify if someone owns a membership and whether it is valid though (memberships can expire).

That data is stored on blockchain vs having a centralized database. Refer to an earlier comment for why having it public is useful.

As for why people didn't use certificates till now, I don't know. I know they use wallet connect more which operates on the same principle but with existing adoption.


...why do you have to have a peer-to-peer network managing a blockchain just to verify membership data? It would be simpler to just have whoever controls memberships sign a user's public key to indicate membership (and then you add some metadata for expirations/membership levels/etc.). A user seeking to assert membership presents that certificate and proves knowledge of the private key.

Really though, I am not sure what problem is being solved here. Why do we need this in the first place? What is the attack scenario we are trying to address?


> 3. Arweave

> Permanent storage using incentives and built on the idea of storage getting cheaper. […]

How does this compare to existing implementations of the same idea such as STORJ?


> This is membership protocol powered by nft. People can buy a nft and then for authorization, service provider can check whether the wallet has the nft and is valid. This way, nobody controls your membership and you can move them around the web as you like.

The service provider sure does. They can just decide to not let you use the service.


Thx for highlighting this. If Handshake becomes a viable system it will def. serve as an important milestone for making web3 viable. Problem is this is not the type of project that is getting significant attention or funding.

ENS is an example of a project that is extant, working, and has a decent amount of funding (controlled democratically through a delegated token voting system). Here's my ENS record:

https://app.ens.domains/name/suzuha.eth/details

also, my post is on arweave, one of the cryptoeconomic data availability layers mentioned on the post:

https://3m44zon3blpnpjs3neglffbhqaibvuaeofkln2rd645dvky7cblq...


What I like about handshake is that you can own the TLD. I own searchableguy/ top level domain. This is gated by ICANN right now and they charge huge fees for nothing.

> The claim site is now open: claim.ens.domains.

> The ENS token contract is token.ensdao.eth: 0xC18360217D8F7Ab5e7c516566761Ea12Ce7F9D72

> Double check the website URL and contract address to avoid scams.

> Users have until May 4th, 2022 to claim their tokens, after which any remaining tokens will be sent to the DAO treasury.

Yeah of course.

> https://3m44zon3blpnpjs3neglffbhqaibvuaeofkln2rd645dvky7cblq...

Is it me or this links to some JSON?


yeah, it links to a standard JSON format for my article. mirror's data is portable. the json also contains my signature which authenticates the post to my self-sovereign identity (the keypair associated with my ENS name).

I just to a quick look it seams pretty centralized in practice no? https://docs.ens.domains/permanent-registrar-faq

all of that functionality is mediated by on-chain evm bytecode

And if there is a logical error, what's the correction mechanism?

The ENS DAO is responsible for changes to the protocol. There's a constitution, delegates, and proposals as tools for corrections.

More info on the ENS Governance page: https://docs.ens.domains/v/governance/process


If a web3 project can't get funded now in the current craze, im pretty sure it never will.

I think the tone of the author is that distributed ledger/blockchain/crypto/web3/monke ponzi- however any individual chooses to interpret this “cultural and monetary shift”- is in reality the future. And those who respond with indifference and denial of that reality, much like a person in your position, will have no say or power within the new system. That’s the voice of the author I believe. Not mine. As to the value, well I’d say you can only change when you’re ready to change. This applies to vision of value as well.

>And those who respond with indifference and denial of that reality, much like a person in your position, will have no say or power within the new system.

that wasn't my point. my point is that this technology shows no sign of slowing down, so by just angrily and reflexively dismissing it critics are throwing away an opportunity to make real, constructive criticism like Moxie did here at a time when it could make the most impact.


Save your words for people who want to hear it!

The people like me who really need your communications are starving for it. People who are already bought in and want quality content aren't getting much. This is a risk to the long term adoption of crypto.

My sources are few. I get a few crumbs on /ethfinance, and some nice nuggets from this thread, but there's just so much crap and snark to wade through it's almost not worth it.


> Show me the value, where's the ??? value!

What are the killer apps that are built on top of the web3 stack? Most I saw are not very killer... Or decentralized. I would expect, if this all is great as they say, that people tell me 'oh, you are using platform X?? Did you know that's fully web3?'. I tried things and they all are... not good... expensive or obvious money grabs. And when I ask around, even though 'entire twitter' seems to be building web3 apps, people only send the same ones; how can that be? Maybe it's my echo chamber; I don't follow many blockchain things.


But I think this article missed the major concern Moxie raised about "blockchain API platforms". They will out innovate their base protocols and deliver a better UX.

Light clients are a great example. They are only efficient compared to running a full node yourself. The computation and time is still far below relying on a platform to do it for you.


people said the same thing about TLS

No, they didn't.

I'm pretty sure that you can pop down to the search bar and type "TLS too inefficient" and see that, in fact, they did. there was a large period of time where TLS was not widely deployed and where it was viewed as not likely to be deployed, due to marginal performance reasons

True, the overhead of TLS is relatively much lower than it was. It turned out we all really need the greater security. So we got hardware AES acceleration for example.

But this example misses the more general point that protocols always evolve more slowly than platforms.

It's not really a good example. Platforms aren't in competition with layer 3 network protocols. The examples Moxie gave were layer 7 application protocols.


Much more thoughtful than yesterday's blog post addressing Moxie's concerns.

I wonder if the quality of conversations around this subject were improved if similarly to conflicts of interest declared by scientific paper authors, each public critic or supporter of web3 would disclose whether they are currently financially invested in 'crypto'. For outsiders it's harder to tell apart hacker/geek types from speculators and lurkers (not that there couldn't be an overlap). The fact that this article mentions there exist much fewer Ethereum nodes than "Ethereum nerds" may suggest that the non-technical group controls the public discourse and expectations.


It depends on who you’re reading: people building actual products and protocols will usually provide measured responses and be able to engage properly with good-faith criticism. See also Vitalik’s Reddit post responding to Moxie’s article.

On the other hand, if you encounter primarily spammers, speculators, and scammers, you’ll just get garbage (similar to anti-blockchain grifters that repeat the same “blockchain is a ponzi pyramid earth-burning scam” garbage repeatedly)


An inverse relationship here. The builders are busy building stuff and don't spend much time on communications. Whereas speculators, all they have is communications, and there are many more speculators than builders, so the incentives look like 99% crap, 1% useful communications.

Props to builders like the OP, Moxie, and Vitalik for building and sharing. And to podcasts like Bankless for creating venues for communication from builders. I'd love to find a "Builders" cryptocurrency podcast.


Look at the ZeroKnowledge podcast; it’s fantastic and has no scammy bullshit

https://zeroknowledge.fm/

This is excellent, listening to the Flashbots interview now: https://zeroknowledge.fm/168-2/ (urls dont have podcast title)


Thank you!

I just wanted to say that I really enjoyed reading this since I read the post that it's responding to earlier this week. Found it really refreshing to see this discussion develop that way, and in plain english. I was indeed left wondering if there was a solution to the lazy user aspect for widespread adoption of crypto/web3, since it did seem to be a complete blocker for widespread practical adoption. Neat to learn about light clients and zk-SNARKs!

agreed the author has a great way of making complex topics more approachable. I wonder if there's a good/simple explanation of zkSnarks out there, I don't have any idea what they are despite seeing the term often.


A list of resources, what a gift, thank you!

The "Zero-Knowledge Proofs Starter Pack" section is most up my alley. I read "Zero Knowledge Proofs: An illustrated primer by Matthew Green" about a year ago so am starting by re-reading this. https://blog.cryptographyengineering.com/2014/11/27/zero-kno...


https://medium.com/@imolfar/why-and-how-zk-snark-works-1-int... this resource helped me a lot, it is somewhat technical but should be accessible to someone reading HN

Thank you! The introduction section got me super excited in the application of zk-snarks.

Any other articles more like the intro section? The rest of the article lost me quickly, not beyond my ability but would take me 10x reading through and multiple days.

Re-posting the part I loved here in case others want to read:

Zero-knowledge proofs are advantageous in a myriad of application, including:

1) Proving statement on private data: Person A has more than X in his bank account In the last year, a bank did not transact with an entity Y Matching DNA without revealing full DNA One has a credit score higher than Z

2) Anonymous authorization: Proving that requester R has right to access web-site’s restricted area without revealing its identity (e.g., login, password) Prove that one is from the list of allowed countries/states without revealing from which one exactly Prove that one owns a monthly pass to a subway/metro without revealing card’s id

3) Anonymous payments: Payment with full detachment from any kind of identity [Ben+14] Paying taxes without revealing one’s earnings

4) Outsourcing computation: Outsource an expensive computation and validate that the result is correct without redoing the execution; it opens up a category of trustless computing Changing a blockchain model from everyone computes the same to one party computes and everyone verifies


Let‘s hope web4 is around the corner with some real and useful innovation, so we can all stop taking about Ponzi schemes.

I thought web3 was about to be about AI running the world, 5G mind control and IoT everywhere, now I hear it‘s about blockchain.

Blockchain supporters stole a word once (crypto), now they’re trying to steal web3. I am disappointed.


You're doing the thing I wrote about in the first few paragraphs of the article.

By the way, the largest academic cryptography group, IACR, was founded by people who were working on cryptocurrency before they founded it.


"IACR, was founded by people who were working on cryptocurrency"

This is extremely misleading. IACR was proposed by David Chaum in 1982, a year before his first paper on ecash, and its first board members in 1983 included Whitfield Diffie (who had not done any work on payments) among others. Chaum's ecash ideas look nothing like "cryptocurrency" as it exists today, nor do any of the ideas presented in subsequent research on the topic.

The person you replied to correctly pointed out that "crypto" was coopted by the blockchain space and is now being used to mean any number of distributed systems technologies. I have seen people wearing t-shirts saying things like "crypto means cryptography" and making jokes about reclaiming "blockchain" to refer to block chaining modes at various cryptography conferences (many organized by IACR) over the past decade. Moxie was right when he quipped that the "crypto" spaec involves very limited use of actual cryptography.


crypto was not co-opted. FAANGies just got stuck on a WebPKI side quest.

leading research in the field is being done by blockchain companies. you don't have to believe me, try reading ePrint. cryptocurrency people lead the research in zk proof systems and more. the idea that the crypto space doesn't use cryptography is absolutely laughable


Some interesting research is being done by some cryptocurrency companies like ZCash and Algorand. Their work on ZKPs and SNARKs has been interesting, but it is worth pointing out that they are not the only people working on this. Moreover, the serious cryptographers working on anything related to blockchains have more or less stopped talking about the permissionless setting (where Bitcoin, Ethereum, and basically all of the popular blockchains in use are) because security is too hard to define in a meaningful way. In the "permissioned" setting where parties have well-known identities there has been a bit of interesting research on maintaining a shared cryptographic data structure.

Meanwhile, academic and (non-blockchain) industry researchers have been pushing the state of the art in every subfield within cryptography, ZKPs included. Big companies have been deploying MPC as a means of addressing privacy concerns and regulation, and the cryptographers working on that (full disclosure: I am one of them) have been pretty active in publishing their work. Academic researchers have further advanced the results and addressed the problems raised by industry researchers, sometimes breathing new life into almost-forgotten lines of research (like set intersection protocols).

So sure, I can grant you that there has been some interesting work on cryptography within the blockchain space, but it is not nearly as exciting and significant as you suggest. I actually have a lot of respect for the ZCash team, whose work really is top-notch and who I see (or saw pre-COVID) at high-quality conferences like CRYPTO and RWC. On the other hand they are a small and very unique team within both the blockchain ecosystem and the cryptography research community, and their research work is only nominally related to blockchains (it is inspired by an application that did not even require a blockchain in the first place). Beyond the ZCash and a few other groups with serious cryptographers the blockchain space is a desert in terms of interesting cryptography.


> Moreover, the serious cryptographers working on anything related to blockchains have more or less stopped talking about the permissionless setting (where Bitcoin, Ethereum, and basically all of the popular blockchains in use are) because security is too hard to define in a meaningful way.

This is untrue, I see far more work on the permissionless setting (including formalizing definitions) than on the permissioned setting on ePrint. This includes respected cryptographers Like Elaine Shi, Rafael Pass, Silvio Micali, Andrew Miller, Aggelos Kiayas, and more.

> Meanwhile, academic and (non-blockchain) industry researchers have been pushing the state of the art in every subfield within cryptography, ZKPs included. Big companies have been deploying MPC as a means of addressing privacy concerns and regulation, and the cryptographers working on that (full disclosure: I am one of them) have been pretty active in publishing their work

While cryptography is certainly a much bigger than zkps, it is also absolutely true that, for the metric of “deployable protocols”, the pace of zkp innovation has far outstripped the pace of MPC innovation over the past few years. I say this as a cryptographer with a bunch of non-zkSNARK papers; my general-purpose zkSNARK work has been deployed, adopted, and obsoleted in the span of ~2yrs, all while my MPC work in the same span hasn’t inched towards deployment (despite being sufficiently practical for deployment), and follow up work has provided only marginal improvements.

> Beyond the ZCash and a few other groups with serious cryptographers the blockchain space is a desert in terms of interesting cryptography.

That’s incorrect. Beyond ZKPs, there’s been blockchain-inspired-and-funded work on Verifiable Delay Functions, threshold signatures, signature aggregation, anonymous gossip networks, fuzzy variants of PIR, functional commitment schemes, set accumulators, coding theory, and more.


That is an impressive list of cryptographers working on blockchains, but at major cryptography conferences there is less and less blockchain work being presented, to the point where CRYPTO'21 didn't have any blockchain sessions at all, while EUROCRYPT'21 had a single session where blockchain work was combined with work on privacy and law enforcement. To be fair, three sessions at CCS'21 were dedicated to blockchain research, but CCS is structured to allow more topics, it is not a conference specific to cryptography, and they had two sessions dedicated to MPC and a third on federated learning which touched on MPC. It is a small sample but representative of a larger trend of cryptographers becoming less interested in blockchain research.

I have not seen ZKP innovation outstrip MPC innovations at all. In the past decade I have seen a rapid expansion of research in MPC following both a strong push by DARPA and growing interest among large tech companies and banks. There has been a revival of interest in set-intersection protocols and related functionalities, a lot of impressive work in garbled circuits and other generic protocols that have greatly reduced their resource requirements, machine learning applications, and various other ongoing lines of work. At worst I would say that ZKP and MPC research have been roughly equal in terms of the pace of innovation, which should surprise no one as the two topics have strong connections.

Moreover, while there is certainly a lot of ZK research being published year after year, most of it has nothing to do with blockchains and is not coming from anything related to blockchains. There are plenty of academic researchers publishing ZK work, and I still see lots of industry ZK research that has nothing to do with blockchain. The same is true of all the other topics you mentioned -- some blockchain-inspired work here and there, but a lot more research from elsewhere.

Sorry to hear that your MPC work has not made it into production, but maybe that is because it is not as practical as you claim. Personally I like to say that the only test of "practicality" that matters is whether or not it is useful in a real-world application. Obviously your SNARK work cleared that bar, which is great but does not really say much about the pace of innovation. I can say that most of my published research at this point has been put into production -- an equally meaningless statement since I have been working for a big tech company for a long time, and the research I have published in that time has all been the result of work I did to address various privacy and security problems that company faces. My judgement of where the innovation is happening is based on the research I am seeing people present at various conferences. Maybe I am looking in the wrong places, and there is actually a whole world of cryptography conferences where people are excited about blockchain work?


And if modern web3 had even half the level of innovation as the 80's digicash stuff, people would probably object to it a lot less.

When people say stuff like this, I wonder what they think the state of the art in web3 innovation is. Do people just see the monkey JPGs and write off the whole technology?

What do you see? I've just had a 2 hour conversation with someone trying to get me into this "business" without being able to articulate a single use case where NFTs actually make my day better in a way that is not currently possible with other tech so, yeah...what do you see?

I see a whole new wave of fouls about to lose their money to ponzi schemes and over-hyped "investments", much like it happened with the bitcoin/crypto train.

Just write NFT or crypto in Youtube and you immediately see all the sharks promising you millions in their videos, trying to manipulate you into investing - don't read the comments though, it's even worse. I see a lot of red flags and trouble for nothing. I hold crypto assets so I'm not talking out of my but here - I must confess; I've had no real benefits yet from this new tech. The crypto I hold is because one of my products has crypto as a payment method so I decided to just hold a piece of it and try to make use of "new tech".


In the crypto space I'm most excited about the ability to have open projects where anyone who contributes can have a stake in the financial rewards of the project, and there are no barriers to becoming a contributor. A lot of the time the financial benefits of open-source contributors are fully captured by a "host" corporation, and open collaboration platforms for non-software projects like textbooks and IRL shared spaces are almost nonexistent.

Proof-of-personhood a la BrightID is something that governments could theoretically provide, but most don't, and even if they did, there are serious privacy and interoperability concerns. SaaS companies trying to provide a free trial can prevent abuse by verifying unique personhood using web3 tech without needing to ask for any more information about the user. I'm sure you can think of other applications for that tech. Even if every government in the world provided this service, everyone who wants to use it either has to implement 195 different APIs or fork over money to a cottage industry whose sole job it is to unify those APIs.

Finance and commerce on blockchains has a lot of real-world benefits that traditional finance can't or refuses to provide. You can't easily set up a 3-of-5 multisig for your photography club in traditional finance. A lot of normal people have their payments blocked or funds frozen in TradFi for arbitrary reasons. Sex workers get kicked off of platforms all the time, and a friend recently had their PayPal frozen while raising funds for a school reunion party.

I'm not super into NFTs personally, but I can see them having a use case as a more consumer-friendly business model for gacha games and games with similar mechanics. There are probably other promising applications that I just don't know about because I don't follow that space very closely.


> SaaS companies trying to provide a free trial can prevent abuse by verifying unique personhood using web3 tech without needing to ask for any more information about the user

A trial is usually backed by a financial instrument. Usually that financial instrument is a credit card. A credit card can be uniquely identified, and so if you really are concerned about trial reuse, you can check reuse of the credit card, and that gets you pretty far. Folks can use prepaid cards, but you can also block those, which isn't totally unreasonable when you are talking about a subscription-- and a lot of subscription services do block them. Is it indefeatable? No. Is it good enough? Yeah actually. So why do I need to replace the concept of a credit card with an entirely new type of financial instrument that most users (especially non-technical users) don't have or understand?


SaaS just seemed relevant to the audience here, but there are a lot of applications which want to limit one account per natural person, not just SaaS. For example, social networks want to prevent astroturfing, and video games want to prevent cheaters from ban-evasion. Anyway, a lot of people don't want to provide their credit card info for a service they are not sure if they want to use yet (purpose of a trial), and a lot of services want to allow credit card-free trials without opening themselves up to abuse.

I think the vast majority of reflexive dismissals of crypto tech have two themes in common: "if the technology doesn't satisfy this use case, or the UX is not perfect yet, then surely there is no way to fix that and we should discard the whole idea;" and "why use this decentralized solution when we can use this centralized one which, in many cases, doesn't work as well?"

I've reached my weekly budget on the amount of time I want to spend explaining this tech online, but maybe consider if problems you see are truly insurmountable, or if you are simply uncomfortable with the idea of an economic layer that is actually open to build on.


> I've reached my weekly budget on the amount of time I want to spend explaining this tech online

Granted, take care of yourself! I hope you feel no obligation or attack in my line of questioning, and perhaps others can fill in here if they are active over the weekend.

> SaaS just seemed relevant to the audience here, but there are a lot of applications which want to limit one account per natural person, not just SaaS. For example, social networks want to prevent astroturfing, and video games want to prevent cheaters from ban-evasion

That's true, so then I wonder what stops someone from farming these identities and selling them?

> I think the vast majority of reflexive dismissals of crypto tech have two themes in common: "if the technology doesn't satisfy this use case, or the UX is not perfect yet, then surely there is no way to fix that and we should discard the whole idea;"

The main issue for me is that quite often existing well-known problems are tackled with this new hammer that ostensibly offers no real benefit on top of solutions we already have. This is not true of all applications of blockchain technology, but it's clear that there is not a strong case that it is as generally applicable as a movement like "web3" would suggest.

> and "why use this decentralized solution when we can use this centralized one which, in many cases, doesn't work as well?"

It's just not clear that this is the case.


The traditional financial system is basically not available for an individual to build on without the blessing of VCs. If you do manage that, you have to come head-to-head with money transmitter licensing, collecting personal info from your customers and keeping it safe, implementing rules about who can send money to whom (that differ by country), and playing by Visa et al's rules about who isn't allowed to use your app and for what (which includes a lot of normal people doing normal things.)

It feels wrong to me that building financial apps for public good basically requires creating a capital class and handing over profits and control to them. Will VCs fund another Kickstarter or Open Collective?

I got into crypto because I realized the things I actually wanted to build I could basically only do so using crypto. (Also, watching myself earn interest every 15 seconds was just incredibly cool.) Granted, that was in 2018, and prices are a lot higher now, and so is the level of grifting and hype. A stronger layer of psychological self-defence is warranted both from people in the space and outside of it.

Anyway, the short answer to your question is that the time cost of Zoom verification will in many cases deter low-level and botting fraud, but Zoom verification overall is a stopgap to bootstrap the network, and over the long term applications will require users to be verified by a few of their IRL F&F (and Zoom parties can be used to connect their social network to the rest of the graph.)


> The traditional financial system is basically not available for an individual to build on without the blessing of VCs. ... implementing rules about who can send money to whom (that differ by country)

Building on the blockchain does not indemnify you from following the relevant laws. You mention also Visa's rules, which also mostly tend to be based on the relevant laws (though there are exceptions, like their restrictions on adult content).

> It feels wrong to me that building financial apps for public good basically requires creating a capital class and handing over profits and control to them

The amount of "financial apps for public good" being made are exceedingly few. Acting like the apps being made by "web3" companies just want to faciliate trade for underserved populations with no gain to themselves is perhaps disingenous. Yeah sure if you are one person it might be easier to build an app to allow folks to send money to each other when you build it on a cryptocurrency, but is it easier or have you ignored all the ways nefarious people will use your app to do things that are absolutely something that should be stopped? Is that better than gatekeeping these apps for those who can manage these sort of protections?

> I got into crypto because I realized the things I actually wanted to build I could basically only do so using crypto. (Also, watching myself earn interest every 15 seconds was just incredibly cool.)

Hey, if you want to build some financial apps, that's great. Go forth! But it is not "web3". I will say that I don't think of earning interest in real time as anywhere near as "cool" as literally any other aspect of technology/engineering I can think of. And I don't feel compelled to enable that feeling you had in everyone else either.

> prices are a lot higher now, and so is the level of grifting and hype

The prices are a lot higher because of the hype, not the other way around. In fact, the prices are above zero because of the hype. To be clear, that is not to say the hype isn't warranted, but I think it's important to have the ordering clear.

> Anyway, the short answer to your question is that the time cost of Zoom verification will in many cases deter low-level and botting fraud, but Zoom verification overall is a stopgap to bootstrap the network, and over the long term applications will require users to be verified by a few of their IRL F&F (and Zoom parties can be used to connect their social network to the rest of the graph.)

The time cost of Zoom verification will deter individuals from performing it, but not specialists who do it on individuals' behalf. I could imagine starting a business solely to participate in these Zoom calls, generate identities, and then pass the credentials for one or more of those identities to anyone who puts up the ETH. Since I have to assume it's not just the same people in every one of these Zoom calls, I have no doubt you could send the same "seemingly unique" person to many of them and get a new set of credentials for each one, and then sell those off like anything else. Given how things like Spotify botting and phone farming are actually happening, this will be compromised in no time, just like all the previous prevention techniques have been.

> but Zoom verification overall is a stopgap to bootstrap the network ... over the long term applications will require users to be verified by a few of their IRL F&F (and Zoom parties can be used to connect their social network to the rest of the graph.)

Even after the stopgap is stopped and the network is strapped and booted, is someone without a network of "acceptable" social contacts not worthy of being able to participate in this ecosystem? So folks who do not want to divulge their social contacts literally cannot participate? This seems like one of the core audiences of decentralized privacy-conscious technologies, and yet they could not participate without (publically?) divulging personal information.


> Building on the blockchain does not indemnify you from following the relevant laws.

You are right. The relevant laws apply to money service operators and blockchain software developers, in most cases, are not money service operators. Software developers, in most societies, cannot be deputized to enforce particular uses or non-uses of their software.

> have you ignored all the ways nefarious people will use your app to do things that are absolutely something that should be stopped?

I think freedom to transact is as valuable as freedom to access information (uncensored, using Tor) and freedom to communicate (securely, using E2E.) In fact, the latter two freedoms boil down to the former. If you disagree, you are correct to not like DeFi.

> And I don't feel compelled to enable that feeling you had in everyone else either.

I know you don't, but I wanted to share the first time using a blockchain tech was more pleasant than using its traditional counterpart for me. Trying to convince people that "blockchains are useful" is not very compelling either. It's not my job, but I can spend hours on it with no benefit to me.

> So folks who do not want to divulge their social contacts literally cannot participate?

You are right that Zoom verification is a low level of verification. On BrightID today, you can be verified by a friend without having to divulge the identity of yourself or your friend to any blockchain, any application, or any other person in your social network. Using zero-knowledge proofs, the entire anonymous network graph can be hidden as well.

In addition, the only apps they cannot use are those which require anti-Sybil guarantees. Is "has 3 friends who will vouch for you" too high of a bar compared to "qualifies for and has a credit card"? If it is, is it bad to have the former as an option for those who cannot reach the latter?

ETA: government/institutional ID verification is a valid BrightID graph node as well, for institutions/individuals/applications which choose to use it.


> You are right. The relevant laws apply to money service operators and blockchain software developers, in most cases, are not money service operators. Software developers, in most societies, cannot be deputized to enforce particular uses or non-uses of their software.

i think you're in for a rude awakening if you believe that, especially if you are financially benefitting or are advertising the software is useful for the prescribed purpose.

For example, people who sell malware get arrested all the time. People who run naspster got sued off their ass.


Not super familiar with BrightID but I took a look at the website. So I guess the idea is that other humans verify a human and issue cryptographic proof that they are a human.

My question: What about BrightID stops you from verifying and creating multiple identities by simply joining these Zoom-based verification parties multiple times? If someone does that, what's to stop someone from then providing those multiple identities to other people?


While personally i think the original satoshi paper was interesting, and some of the proof of stake stuff. If i'm being generous, some zero knowledge proof stuff. Its not really cryptocurrency,but cryptocurrency has caused attention to be drawn to it.

Beyond that its all minor fixes and applications that are mildly interesting at best. So yeah, very little innovation, but please enlighten me if i missed something.


When the advocates seem to focus on the monkey JPGs, it's not surprising. What do you think the state of the art in web3 innovation is?

Pretty much actually. Most layman regard Web3 as a joke at best, and more often a scam. Most of those same people know little, if anything, about Web3 beyond a general association with crypto, regardless of whether that association is merited.

Technology means nothing without a use case.

Er blockchains are the largest deployments of non-trivial zero knowledge proofs, which are more advanced cryptography than anything used in traditional WebPKI crypto. This deployment has required tons of novel peer-reviewed (academic and industrial) research as well as massive engineering efforts to bring the tech to production.

The result of these efforts is that ZKPs have gone from a academic curiosity to widely productionized tech. this stuff is beyond the wildest dreams of people like David Chaum.


Except that ZKPs had already seen real-world use before Satoshi's whitepaper was circulated; in fact, there was an already-defunct startup that was selling ZKP-driven authentication tech. Secure multiparty computation is even more advanced than ZKPs, was already deployed in several real-world applications prior to Bitcoin, and has probably driven more research on ZKPs (as a building block in MPC protocols) than anything in the blockchain space thus far. As for how widely productionized the technology is, while I am not sure how you define "non-trivial" ZKPs, U2F was almost certainly a more widely used ZKP application than any blockchain tech, and there are plenty more real-world ZKP applications having nothing to do with blockchains that we could list.

David Chaum dreamed about a world where electronic payments could be anonymous and secure, but the demand was not there and his startup never took off. "Blockchain" sucked most of the oxygen out of the room when it comes to further work on ecash, which is unfortunate given that even the most technically complex ecash proposals were overwhelmingly more efficient than any blockchain-based payment tech ever could be. For what it's worth, the most recent ecash proposals also advanced the research on NIZKs and ZKPs more generally (it is actually hard to avoid some kind of NIZK in a system that supports offline payments) and had ecash been deployed more widely we probably would have seen at least as much research and productionization activity as we see in the blockchain space.

On the other hand, blockchain research has struggled with a foundational question that does not present a problem for any of the technology I mentioned above: how to properly define security. Especially in the permissionless setting the effort on defining security has been unconvincing so far, requiring a very stretched approach to formalizing computational resources that is hard to actually map onto a real-world application. Satoshi did not start with a well-defined problem he was trying to solve with Bitcoin, and such an approach -- clearly identifying the problem you are actually trying to solve and verifying that the definition is logically consistent and realistic -- is exceedingly rare in the blockchain space, while in mainstream cryptography research it is a de facto requirement. So while blockchain tech has not experienced a spectacular failure due to some theoretical shortcomings, the theory itself is not well developed compared to the theory of cryptography in general (including ecash, which can be rigorously defined and proposed systems can be proved to satisfy the definition).


Zerocash is an crash system in the vein of Amon Ta-Shma’s variant from 99, and has rigorous security definitions and proofs. Follow-up work like Zexe strengthens these definitions to standard ones used in MPC, namely simulation-based security.

Furthermore, the MPC deployments you speak of are rather small-scale, there have been no deployments of general-purpose MPC beyond maybe the sugar beets auction.


MPC has been deployed at large scale by numerous companies, at least for the ads industry; I know because I actually work on exactly this full time and I have seen the numbers (but unfortunately I cannot share specifics). There is nothing special about general-purpose protocols that makes them more "legitimate" or whatever; we use specialized protocols in practice because it is almost always more efficient and thus less expensive to run (and MPC is usually right on the threshold of being too expensive).

As for zerocash, the last time I looked into it what I saw were a set of security definitions that assume a reliable ledger of some kind; whether or not that ledger is implemented using a blockchain at all is not addressed in the theoretical work. The practical deployment relied on Bitcoin, but since Bitcoin security is not well-defined (or at least not convincingly defined) that makes the rest of the security argument dubious. As far as I know Zexe has the same problem: yes, the security definition is much stronger, but they do not address the realization of the ledger functionality itself and thus any real-world deployment that relies on e.g. Bitcoin, or really any permissionless blockchain, has the same theoretical shortcomings. Ultimately the permissionless setting itself is the problem; zerocoin could be implemented using a ledger managed by a trusted party, and it would achieve its security goals without those theoretical problems.

I should also be clear that when I say ecash does not share this problem, it is because ecash has a well-defined security model and all functionalities needed to realize an ecash system also have well-defined security. We can instantiate ecash using any of the security assumptions we commonly use for digital signatures, and in theory ecash can be instantiated from MPC (by using a generic MPC protocol to implement a blind signature, then using the blind signature to implement ecash), which itself can be instantiated with standard cryptographic assumptions. So ecash has a security definition that is as well-defined as a cryptographic security definition can be.


Zerocash and Zexe and Zerocoin are all strict supersets of ecash. If you instantiate them underlying ledger with a single server, you recover ecash. If you instantiate with a permissioned distributed ledger (eg via PBFT), you get a distributed but permissioned ecash system. If you use a permissionless ledger, you get a permissionless system with no central authority. The entire point of the ledger abstraction in those works is to enable a composition-based security analysis. That’s literally the way 99% of cryptography proofs are structured. Saying that “Zerocash doesn’t specify details of the ledger” is like saying that “Schnorr signatures don’t specify details of the underlying DL-hard group”; the point is to abstract away those concerns.

Re: MPC deployments, the point about deploying general-purpose MPC is that it’s a much more complex task than specialized protocols. That’s why I specified general-purpose zkps; we already have ubiquitous deployments of specialized zkps (I.e. digital signatures). And maybe your project indeed has a large scale MPC deployment, that’s awesome. Doesn’t take away from the fact that cryptocurrencies are pushing zkp innovation at unprecedented rates.


My job would be much simpler if I could deploy generic MPC; all I would have to do is maintain a library and maybe a compiler, without having to design and implement an entirely new protocol every time someone came along with some new feature or use-case. The engineering effort of productionizing a generic protocol is a one-time cost and my coworkers and I could do that work relatively quickly. On the other hand, special-purpose protocols are typically difficult to modify, we are have to do our security proofs over and over whenever we roll out anything new, and we must go through the engineering effort over and over.

Engineering effort is not what holds back the deployment of generic MPC protocols. Those protocols are just too expensive to run in the majority of real-world MPC applications. Even special-purpose protocols are sometimes too resource-intensive to be deployed. I do not see that situation changing without a radically different approach to generic protocols. I also do not understand what is so uniquely exciting about deploying a generic ZKP or MPC protocol. If it works in a giving setting and no special-purpose construction could be used, great, but it is not some kind of badge of honor.

As for Zerocash, you had originally said that blockchains are where we can finding the largest deployments of non-trivial ZKPs, which is why I pointed out that Zerocash and its followup work do not really involve "blockchains" beyond a particular instantiation of a ledger. If the construction can be implemented without any blockchain at all -- which the authors of the original paper took the time to point out -- then I do not see how any of the research on ZKPs motivated by Zerocash and its followup work supports your claim at all. You are saying that Zerocash is actually ecash, which kind of makes my point for me: we are not actually talking about something in the "blockchain space."

(Also, I have a somewhat controversial view that NIZKs and signatures are not actually "zero knowledge," since the verifier obviously cannot compute a NIZK or signature without receiving a message from the prover/signer and thus gains knowledge when it does receive those strings. Not that it matters in any way for this conversation, since the value of innovation in NIZKs or ZKSNARKs is not in doubt, but I did want to mention that signatures are a poor example of real-world deployments of ZKPs.)


yeah because then it wouldn't actually be doing anything

I’m glad to see pushback on the “crypto means cryptography” meme, which is really just an indicator they aren’t interested in the leading cryptographic research.

Well, let's see, the technical program for this year's RealWorldCrypto conference includes...side channel attacks, symmetric cryptography, privacy, attacks on privacy, cryptography for the ads industry, messaging, post-quantum crypto, threshold crypto, and zero knowledge proofs. Funny how Blockchain did not make the cut for a popular conference on practical applications of advanced cryptography.

Looking through the CRYPTO'21 and EUROCRYPT'21 conferences, there is only one session between them involving "blockchain" and it is not even dedicated to the topic (it also includes papers related to law enforcement and privacy).

This may be hard for blockchain enthusiasts to hear, but it is not really a hot topic among cryptographers. There was a bit of interest a few years ago as people tried to figure out if any good security definitions can be developed, and the results were not very convincing. Beyond that almost all the academic interest in block chains has focused on the "permissioned" setting where security can be defined in a meaningful and useful way.

So, yes, "crypto means cryptography" and "blockchain" should refer to block cipher chaining modes.


Web3 (or rather Web 3.0) used to mean Tim Berner-Lee's semantic web (RDF etc).

Did you just coin the term web4?

I take no credit for it.

Slightly OT, but - aside from a couple of outlier commenters - THANK YOU to both the OP for bringing the conversation around "web3" (not a fan of the term myself) back to a level where actual information is exchanged and proper discourse, for and against, seems to happen.

This is really refreshing.


> These critiques are usually unmoored to anything actually happening in the blockchain space

Critics are unmoored? This technology is inevitable?

I don't believe that's true. It seems to me that it might find a niche in the corner of the Internet and eventually be forgotten by all but the most ardent followers.

Many countries are banning cryptocurrencies for many of the reasons critics have been rightfully skeptical. I can't imagine why that trend will stop.


>Many countries are banning cryptocurrencies

How many times has china banned bitcoin now, 20?


Which countries are banning crypto?

China

Guess what else they banned: Google Twitter Facebook …


> Infrastructure providers can lie to the user about blockchain state

Lying implies wilful deception.

Instead what ALL providers will eventually do is implement moderation. And they will do so because (a) they will be legally required to and (b) it makes users happy. And unless the spec can address this requirement Web3 isn't really going to scale.

And we've already seen such moderation with OpenSea so this isn't some contrived situation.


The proposed light client stuff solves exactly this; they can’t lie about inclusion of a piece of data.

this is like saying that TLS won't work because of moderation

TLS is simply about securing the transport between two parties: a client and a server.

It isn't trying to force all servers to return an identical response like Web3 is.


i have worked on both TLS and blockchain tech for years.

my point is that the purpose of the security architecture proposed in the article is to authenticate data from the chain. this is a protocol-level detail: like TLS secures transport between a client and a server, light clients authenticate data between a validator set and a user. whether a particular person or group decides to use such a protocol, or if they decide to censor data, is a separate concern.


Is it just me or is any and all "Web3" "blockchains" just regulatory arbitrage to fly under the radar of the local government to enable more innovation?

From a first principles perspective what they really do and do well is remove trust from the equation. Regulations are setup mainly in situations where a central party has wholly control over something and we cant trust to not fuck us over.

But Web3 is very much centralized, and increasingly going into that direction.

How are you measuring that

> These critiques are usually unmoored to anything actually happening in the blockchain space

Then call it just that: blockchain space.

Why web3?

I think because the 'web' part of web3 needs to be attached to this idea of blockchain and distributed ledger to give it a sense of fairness and legitimacy.

I'm not saying blockchain or distributed ledgers are bad, I know way too little about that to judge it accurately.

It's just that the name 'web3' irks me a lot. Maybe it has something to do with the 'web 2.0' that promised golden mountains, but eventually just F'd everybody in the A.

Just add another number to the name and all the sh1t is forgotten, it seems. Here's a blank screen for you all, please start painting the same pictures.


What's frustrating for me is that there is clearly a place for a new vision for the web beyond what the "Web 2.0" vision provided: client-first rich web applications that offered desktop-like capabilities. Along with that are the social/centralization/managed "pros/cons" that a lot of commenters decry. But this was the economic model, not the technical one.

"Web 3.0" should be indeed be about decentralization-- but more in the sense of building applications that take advantage of the enhanced client abilities and de-emphasize central control. The colloqiual term is the "Fediverse". The modern web has brought about offline support (ServiceWorker), multi-processing (Web Workers), local capabilities (Filesystem API, local/DB storage, peripheral APIs) interprocess communication (Broadcast Channels), peer to peer (via disinterested party HTTP/WebSockets coordination), verifiable privacy via encryption, backend server federation (see Mastodon, Matrix, diaspora, PeerTube, etc).

Web 3.0 already exists, we just hadn't named it yet, but there's so much more there to be built.


Exactly. I feel like crypto guys are hijacking the term. For me web3 is about p2p, federations and new browser features you listed + wasm.

If we call all that stuff web 4, maybe people will lose interest in "web 3".

as the article mentioned, web3 was a term coined back in 2014. It was very much a reaction to "web2.0" silicon valley years which was probably felt a lot stronger back then. the term flew under the radar for a while, but the past six months people suddenly got annoyed by it.

For what it's worth, sushiswap isn't using Infura or AlchemyAPI, rather its own api.sushirelay.com to serve mainnet RPC requests.

Also, a large number of projects utilize TheGraph (GraphQL indexer for specific protocol/DApps). These are run by teams or out-sourced to the lowest cost service provider (staking pools, etc). re: https://thegraph.com/hosted-service/subgraph

If you are interested in using/rolling your own RPC infrastructure, here are the minimal JSON RPC methods required to support most DApps: https://github.com/sambacha/minimal-jsonrpc-dapp-methods

The real bottleneck is reliance on web browser extensions (namely Chrome's V2, which this January is depreciated and no longer accepting new submissions.) for providing safe key management.

Another example is having to poll for RPC updates.


"Light clients" is a term I've learned of recently. In the article, what are the specifics around "storage, bandwidth, and computation costs" for such a client? Is the idea we could all just have light clients running in the background on our phones with near zero impact?

> Is the idea we could all just have light clients running in the background on our phones with near zero impact?

That's the idea.

The reality however is that will never happen unless both Apple and Google are fully signed up to Web3 and incorporate the clients as part of the OS.

And I don't see a single reason why they would do that when it would compromise their billion dollar payment revenue streams.


there is no reason why apple or google would need to do this. Rainbow or similar apps just need to change their code in their already deployed wallet software on these platforms to do light client verification.

As an on-demand authentication mechanism manually implemented by every application, sure. Would just be curious what the benefit of a light client is versus connecting to an API in that case.

But this idea that it would be a persistently connected service running in the background on your phone. That's a completely different story.


This makes sense to me. Running a light client at the OS level isn't needed.

Is there some benefit to users from OS integration eventually? ie "Pay With Ethereum" in the same way Apple Pay / Google Pay / NFC works, does that benefit from running a light client?

Sure, maybe the incentives aren't there because Apple wants Apple Pay money but whoever does implement it will make their device more useful.


(and, many bitcoin wallets already do this)

'... incorporate the clients as part of the OS.'

No thank you, though your body and your choice.

Simpler to just change the metamask RPC provider to something I trust or even my home node. Is more difficult to change full-bodied web3 apps which rely on specific data graphs.


for proof of stake, the cost is roughly:

- download a hash-sized state root every block

- download the set of validator signatures over that hash and verify each signature against the hash. if using aggregation-friendly curve, download the aggregate signature and verify it against the root.

- for each state fragment, download the merkle uncles and compute the root hash and verify that it is the same as that signed off by the validator set.

so yes, easily within resource limits for having them running all the time with near zero impact. Find My has comparable impact.


That would be the full process but once you've done this once couldn't you just pickup where you left off and just update new entries?

fascinating thank you. The Find My analogy is thought provoking - a background service that creates a useful network. What does the light client world look like once complete, I wonder

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: