Introduction:
The blockchain technology of the past four to five years has been a disruptive force in society, business, economics, law, privacy, and human rights. Most of the work in blockchain has been conducted by individuals, and universities are still catching up with this innovation.

Blockchain Seminar Series at Fields Institute of Mathematics:
Aim: To bridge the gap between academia and industry in blockchain research. Focus: Research challenges as the technology matures and expands. Method: Presentations and networking to bring academics and industrial partners together. Goal: An exciting and rewarding series supporting interdisciplinary research.

Vitalik Buterin:
Creator, founder, and patriarch of Ethereum. Dropped out of Waterloo University at 20 to focus on Ethereum development. Coined Forty Other Forty by Fortune magazine.

Ethereum:
Second largest crypto economy with a market capitalization approaching $30 billion. Provides a Turing-complete platform for building applications. Major commercial corporations, tier-one banks, and independent projects exist based on Ethereum, aiming to make a decentralized democratic future a reality.

Vitalik Buterin’s Focus for Today’s Seminar:
The interplay between Ethereum and blockchain technologies in general and privacy.

Key Points:
General Purpose Blockchain: Ethereum is a general purpose blockchain that executes transactions and keeps track of information like Bitcoin and Namecoin. Built-in Programming Language: Ethereum has a built-in general purpose quasi-turing complete programming language that enables execution of any type of code on the blockchain. Smart Contracts: Ethereum uses smart contracts, inspired by Nik Sabo’s concept, to represent various kinds of application states. Account Structure: Each account on Ethereum has code (immutable program), storage (mutable information), and technical information. Autonomous Agents: Ethereum simulates a collection of autonomous agents, where each agent represents application rules with transparent code and execution. Interaction and Use Cases: Smart contracts allow applications to interact with each other, enabling a wide range of use cases. Native Cryptocurrency (Ether): Ethereum has a native cryptocurrency called Ether, which can be controlled and transferred by smart contracts. Platform for Experimentation: Ethereum’s quasi-Turing completeness makes it suitable for experimenting with new forms of cryptography.

Blockchain Characteristics:
Ensuring Application State Validity: Blockchains ensure the validity of the application state by verifying that the current state is the result of signed transactions. Transparency of Process: Blockchains provide transparency by showing not only the current application state but also how it was reached. Irreversibility: Transactions on blockchains are irreversible once committed, preventing reversals or removal of finalized transactions.

Blockchain Security:
Blockchains achieve high security due to a large number of nodes verifying every transaction. There are approximately 25,000 nodes scattered worldwide, including mining and non-mining full nodes. Users can run their own nodes to verify all activity on the blockchain.

Blockchain Limitations:
Scalability and privacy are two key limitations of blockchains. Blockchains are less efficient at handling large volumes of transactions. Blockchains are fully public ledgers, meaning all transactions and their effects are visible to everyone.

Transparency Benefits:
Transparency helps guarantee integrity and ensures that outcomes are accurate. It is valuable in applications like voting systems, where individuals can verify their vote’s counting and the validity of election results. Transparency can also be beneficial for charitable organizations and government organizations to demonstrate accountability.

Transparency Drawbacks:
Address de-anonymization is a concern, as knowing someone’s address can lead to identifying other addresses they interact with. De-anonymization becomes easier as more addresses are de-anonymized. Sophisticated mathematical analyses, graph isomorphism analyses, statistical checks, and machine learning can be employed to de-anonymize addresses. De-anonymization is problematic for financial and non-financial applications using blockchains. In the context of blockchain-based elections, transparency can compromise voter privacy.

Privacy Challenges in Voting:
Transparent voting systems can lead to privacy concerns and potential exploitation. Selective transparency is needed to verify votes without compromising individual privacy. Cryptography offers solutions to enhance privacy in voting systems.

Low-Tech Privacy Solutions:
Mixers: Centralized solutions that break the link between input and output addresses. Strong privacy if the mixer is trusted, but vulnerable to security breaches or incompetence. Ongoing use required to maintain privacy.

Beyond Centralized Trust:
Interactive security technologies: Conduct transactions off-chain in second-layer systems. Blockchain acts as a court of last resort to ensure fairness in case of cheating. Efficient system with strong security against cheating attempts. Examples include payment channels, state channels, lightning network, write-in, and plasma.

Vitalik Buterin’s Insights on Privacy Technologies in Blockchain:
Vitalik Buterin highlights the significance of second-layer technologies like state channels and mixers in enhancing privacy by keeping most transaction information private until a dispute arises. The complexity of these systems lies in optimizing their construction and composition to achieve the best outcomes in terms of scalability and privacy.

Ring Signatures and Their Applications:
Ring signatures provide a method for individuals to create a cryptographic signature that proves their membership in a group without revealing their specific identity. Linkable ring signatures offer an additional layer of privacy by leaking a cryptographic trace that allows detection of multiple signatures generated using the same key, preventing double voting. Voting systems can benefit from linkable ring signatures by ensuring voter eligibility, verifiable inclusion of votes, anonymity, and prevention of multiple voting.

Cryptographic Magic in Mixers and Identity Oracles:
Cryptographic magic in mixers replaces the central party with a smart contract, eliminating the risk of theft and ensuring proper privacy preservation. Identity oracles utilize ring signatures and blockchains to allow individuals to prove their identity and other attributes to entities, which can then be verified by third-party blockchain applications and smart contracts.

Sybil Resistance and Civil Resistance:
Blockchain systems may offer regulated financial services that require restricted access to specific countries. Mechanisms like quadratic voting require one person to have only one account to prevent loopholes. Identity oracles can help address these issues, but they often lack privacy.

Benefits of Identity Oracles:
Regulatory compliance: Identity oracles can help ensure compliance with regulations, such as excluding individuals from specific countries. Limiting the amount per person: Identity oracles can be used to limit the amount of tokens or votes that a person can receive. Sybil resistance: Identity oracles can help prevent Sybil attacks, where a single entity creates multiple accounts to gain undue influence.

Privacy Concerns with Identity Oracles:
Identity oracles do not offer strong privacy protections. Identity oracles allow Bob to see everything that a user does with their identity.

Reducing the Power of Identity Oracles:
Rank signature mixers can be used to reduce the power of identity oracles by anonymizing the user’s identity.

Introduction:
Vitalik Buterin introduces a novel approach to achieving privacy-preserving Sybil resistance using linkable rank signatures. This technique allows for the creation of whitelists where members can prove their membership without revealing their specific identities.

Process Overview:
Person P proves their identity to Entity X, who then adds P to an on-chain whitelist W. P publishes a linkable rank signature on the blockchain, proving membership in W without revealing their specific identity. A smart contract verifies the signature and administers a new whitelist W’, which has the same members as W, but the link between the two is broken.

Benefits:
This approach combines the benefits of identity verification with privacy preservation. It enables fully privacy-preserving Sybil resistance and proof of membership.

Cryptographic Technologies:
The privacy-preserving features are made possible by cryptographic technologies such as linkable rank signatures. The blockchain plays a crucial role in storing cryptographic traces and ensuring the one-to-one correspondence between members of W and W’.

Code Availability:
Code for implementing this approach already exists, with Ethereum’s Byzantium hard fork adding support for the necessary cryptographic operations.

Conclusion:
Vitalik Buterin highlights the significance of this technique, which introduces new possibilities for privacy-focused blockchain applications and provides a comprehensive solution for privacy-preserving Sybil resistance.

ZK-Starks Overview:
ZK-Starks are a type of cryptographic proof that allow individuals to prove knowledge of a number x, satisfying the equation f(x) = y, without revealing any information about x or the computation of f(x). The size of a ZK-Stark proof is constant (288 bytes) and can be verified quickly, regardless of the complexity of f(x).

Layman’s Explanation of ZK-Starks:
Imagine a blockchain where account balances and transaction values are fully encrypted. ZK-Starks can be used to verify the validity of encrypted transactions without revealing any details about the specific numbers involved. ZK-Starks can also be used to replicate the functionality of ring signatures, allowing for anonymous transactions while still verifying their authenticity.

Generality and Trade-offs of ZK-Starks:
ZK-Starks offer extreme generality, enabling a wide range of applications. However, this generality comes at a cost, as ZK-Stark proofs are slower to generate and verify compared to other cryptographic techniques.

Use Cases for ZK-Starks:
ZK-Starks can be used for various applications, including: Proving the integrity of processes by verifying that a current application state is reached through valid operations, while keeping specific operation details hidden. Creating transparent states with encrypted transactions or encrypted states with encrypted transactions. Allowing for partially encrypted states and transactions, providing flexibility in what information to hide and what to make transparent.

Limitations of ZK-Starks:
ZK-Starks do not hide the fact that a transaction was sent, when it was sent, or the IP address it was sent from. ZK-Starks proofs take a long time to verify, which can be a limiting factor for certain applications.

ZK-Starks as a Partner Technology to Blockchains:
ZK-Starks complement blockchains well, providing enhanced privacy and verifiability. While ZK-Starks have limitations, they remain a powerful technology with a range of potential applications.

Blockchain’s Open Platform:
Blockchains provide an open platform that enables users to experiment and innovate with various privacy technologies.

Low-Tech Privacy Enhancements:
Simple measures like using separate accounts for different applications can improve privacy. Exploring concepts like state channels, plasma, and interactive security can further enhance privacy.

Ring Signatures:
Ring signatures allow users to sign transactions anonymously within a group. This concept can be implemented on the blockchain to create ring signature mixers.

ZKSNARK and Zero-Knowledge Proofs:
Advanced cryptographic techniques like ZKSNARKs and zero-knowledge proofs enable complex privacy-preserving applications. Tools and resources for implementing these techniques are becoming readily available.

Building Blocks for Cryptographic Protocols:
The recent Byzantium hard fork introduced essential mathematical functions and operations to the blockchain platform. These functions include big number arithmetic, elliptic curve operations, and hashing algorithms. This toolbox empowers developers to create diverse cryptographic protocols.

Blockchain’s Transparency Limitation:
While blockchains offer transparency, they cannot keep secrets or perform computations on private data. Encrypted data, hashes, and encrypted data can be stored on the blockchain, but computations must be done off-chain.

Opportunities for Innovation:
Despite the transparency limitation, blockchains still offer a wide range of possibilities for privacy-enhancing applications. Developers are encouraged to explore and experiment with these technologies to unlock new use cases and enhance privacy in the blockchain ecosystem.

Privacy:
Flooding the blockchain with encrypted transactions can increase privacy by hiding meaningful information. Mixing pools can be used to share the cost of privacy-enhancing techniques.

Computational Cost:
Ring signature transactions are more computationally expensive than regular transactions. ZK-SNARK verification is the most computationally expensive privacy-enhancing technique. zk-SNARKs are more efficient than homomorphic encryption.

Randomness:
Synchronous randomness is provably impossible on a blockchain. Asynchronous randomness involves a mechanism generating a random number and a callback providing the result after a delay.

Blockchain Security:
Blockchain security can be paid for by transaction fees or inflation. Off-chain systems reduce transaction fees but may affect the shape of the supply-demand curve.

State Channels and Transaction Fees:
State channels and interactive systems can significantly reduce the average transaction fee, potentially by a factor of 100. The supply-demand equilibrium may shift right due to the reduced fees, potentially increasing the volume and compensating for the loss of revenue per user. However, the exact impact on volume and revenue is uncertain and varies depending on the circumstances.

Minimum User Ether Requirement:
The proof-of-stake mechanism used in Ethereum requires validators to send votes every 20 minutes. A lower minimum Ether requirement would increase the number of validators, imposing a high overhead on the blockchain. The minimum user Ether requirement is set to minimize this overhead.

Transaction Fees vs. Inflation:
The goal is to shift rewards from inflation to transaction fees. If natural transaction fees are sufficient for security, inflation is unnecessary. If not, there are two options: restrict supply to drive up fees or increase inflation. Economic analysis suggests that the optimal solution involves a combination of both. However, this model assumes that using the base cryptocurrency as a store of value is a primary use case.

Trade-Offs in Blockchains:
The optimal balance between transaction fees and inflation depends on the use case. For application-centric blockchains, a higher proportion of transaction fees and lower inflation may be preferable.

Proof-of-Stake Implementation:
The CASPer paper provides a detailed explanation of the hybrid proof-of-stake consensus mechanism being developed for Ethereum. The paper includes safety proofs and encourages comments from experts in distributed systems theory and fault tolerance.

Scalability Efforts:
Active prototypes for sharding are available on GitHub, demonstrating substantial progress in this area. The proof-of-stake protocol has been simplified, making it more accessible and easier to implement.

Current Status:
The proof-of-stake protocol is considered almost complete from an academic standpoint, but implementation and verification are still necessary. Scale sharding is still in progress but is moving forward rapidly.

Additional Questions:
The speaker expressed uncertainty about additional questions, indicating that further inquiries may not have been anticipated.

On-Chain Randomness:
Proof of stake-based randomness systems like Randao offer stronger security compared to block hashes and proof of work due to their resilience against manipulation by miners.

Economic Finality Curve:
Casper, Ethereum’s upcoming proof-of-stake protocol, aims to significantly reduce the time required to achieve full security, enhancing the economic finality of transactions.

Security and Value Balance:
Maintaining a balanced ratio between the value of Ether and the total value of assets traded on the Ethereum blockchain is crucial for ensuring robust security.

Improving Parallelizability:
Current Ethereum protocol and architecture can be improved to enhance parallelizability, allowing for greater scalability and transaction throughput.

Enterprise Privacy Technologies:
Enterprise users should explore privacy technologies such as two-party channels, Plasma, zero-knowledge proofs, and rank signatures to safeguard sensitive data.

Ethereum Enterprise Implementations:
Enterprise Ethereum implementations often occur outside the Ethereum Foundation, with popular options like Tendermint and Istanbul offering scalability and permissioned chains.

Hardware Optimization:
Optimizing hardware for Ethereum itself may not be as effective as developing application-specific integrated circuits (ASICs) or field-programmable gate arrays (FPGAs) for specific tasks like zero-knowledge proofs.

Secure Hardware and Private Keys:
Secure hardware, such as tamper-resistant hardware modules, is vital for storing private keys and ensuring the security of hardware wallets.

Value Ratio and Security:
The ratio between the total value transacted on Ethereum and the amount of Ether at stake in the proof-of-stake system should be monitored to prevent security risks.

Investing in Security Technologies:
Formal verification, improved programming languages, and better standards are key areas for investment to enhance the security of Ethereum and smart contracts.

Smart Contract Compiler Differences:
Regular programming languages like C are unsuitable for smart contracts due to their large size, lack of determinism, and design decisions that compromise security.

Problems with Existing Programming Languages for Smart Contracts:
Vitalik Buterin, an expert in blockchain technology, criticizes the suitability of existing programming languages like C++ for writing smart contracts. He points out that these languages allow for “really stupid stuff” like pointer arithmetic, overflows, macros, and other risky features. According to Buterin, these features make it easy to write misleading and insecure code, which is a major concern for smart contracts.

Advantages of a New Language for Smart Contracts:
Buterin proposes the creation of a new programming language specifically designed for smart contracts. This language would forbid the kinds of risky features found in existing languages, forcing developers to use safer patterns. By eliminating the possibility of certain errors and vulnerabilities, a new language could significantly enhance the security of smart contracts.