0 00:00:00,000 --> 00:00:30,000 Dear viewer, these subtitles were generated by a machine via the service Trint and therefore are (very) buggy. If you are capable, please help us to create good quality subtitles: https://c3subtitles.de/talk/944 Thanks! 1 00:00:16,630 --> 00:00:18,879 I guess many of you are using P-gp 2 00:00:18,880 --> 00:00:20,829 here. If you do raise your hand. 3 00:00:22,600 --> 00:00:24,159 Good hackers. 4 00:00:24,160 --> 00:00:26,499 So if you want an introduction 5 00:00:26,500 --> 00:00:28,839 to someone new that 6 00:00:28,840 --> 00:00:30,519 you know someone else has a key to. 7 00:00:30,520 --> 00:00:32,949 You usually have to do the little dance 8 00:00:32,950 --> 00:00:34,569 as quirky. Do you have a key to that in 9 00:00:34,570 --> 00:00:35,679 that person? 10 00:00:35,680 --> 00:00:37,629 Because that's well, let's admit it. 11 00:00:37,630 --> 00:00:39,339 Pulling keys off key servers is boring, 12 00:00:39,340 --> 00:00:40,630 but that's the way you usually do it. 13 00:00:41,830 --> 00:00:43,989 What if I told you there is a better 14 00:00:43,990 --> 00:00:45,039 way? 15 00:00:45,040 --> 00:00:47,169 What if your friends and friends 16 00:00:47,170 --> 00:00:49,179 of friends can attest that a certain key 17 00:00:49,180 --> 00:00:51,549 actually belongs to someone in 18 00:00:51,550 --> 00:00:53,679 a more nicer way than 19 00:00:53,680 --> 00:00:55,719 just attaching signatures to putative 20 00:00:55,720 --> 00:00:57,039 keys? 21 00:00:57,040 --> 00:00:59,439 Our next speaker will introduce you to 22 00:00:59,440 --> 00:01:01,839 claim chains a system aiming to solve 23 00:01:01,840 --> 00:01:02,979 this problem. 24 00:01:02,980 --> 00:01:05,439 Please give a warm round of applause to 25 00:01:05,440 --> 00:01:07,569 doctoral researcher Mario the 26 00:01:07,570 --> 00:01:08,570 chaos. 27 00:01:10,770 --> 00:01:11,770 Take it away. 28 00:01:14,050 --> 00:01:15,129 Hello. Hi, yes. 29 00:01:16,390 --> 00:01:18,729 So he's given a great 30 00:01:18,730 --> 00:01:20,079 description of what we would be talking 31 00:01:20,080 --> 00:01:22,329 about, it's called claim since it's 32 00:01:22,330 --> 00:01:25,059 a modern key distribution mechanism 33 00:01:25,060 --> 00:01:26,379 protocol in implementation 34 00:01:27,430 --> 00:01:29,619 that we've done in collaboration with 35 00:01:29,620 --> 00:01:31,989 both Alkalinity and Carmela Troncoso from 36 00:01:31,990 --> 00:01:34,179 EPFL and Jordan Aziz from 37 00:01:34,180 --> 00:01:35,299 University College London. 38 00:01:35,300 --> 00:01:37,449 I might ask you this again from 39 00:01:37,450 --> 00:01:38,560 University College London. 40 00:01:39,790 --> 00:01:41,919 So in a few words, Clinton is 41 00:01:41,920 --> 00:01:44,889 a decentralized public key infrastructure 42 00:01:44,890 --> 00:01:46,989 that supports privacy friendly 43 00:01:46,990 --> 00:01:48,140 social verification. 44 00:01:49,480 --> 00:01:51,789 And if you've read the description 45 00:01:51,790 --> 00:01:53,319 of our talk, you know that we will be 46 00:01:53,320 --> 00:01:56,529 mentioning a lot the word blockchain. 47 00:01:56,530 --> 00:01:58,659 And 48 00:01:58,660 --> 00:02:00,759 yeah, so 49 00:02:00,760 --> 00:02:02,679 it is a hype. Of course, blockchains have 50 00:02:02,680 --> 00:02:04,929 been used in many applications, 51 00:02:04,930 --> 00:02:06,909 but they actually they provide some very 52 00:02:06,910 --> 00:02:09,219 good properties 53 00:02:09,220 --> 00:02:10,839 that might be useful for public 54 00:02:10,840 --> 00:02:12,099 infrastructures. 55 00:02:12,100 --> 00:02:14,589 For example, they provide high integrity 56 00:02:14,590 --> 00:02:15,819 for the data that we store 57 00:02:18,190 --> 00:02:20,169 past data become tamper proof. 58 00:02:20,170 --> 00:02:21,639 It's very difficult to modify them 59 00:02:21,640 --> 00:02:23,739 without changing overwriting the 60 00:02:23,740 --> 00:02:24,819 history. 61 00:02:24,820 --> 00:02:26,109 And we can also be sure of the 62 00:02:26,110 --> 00:02:27,699 authenticity of the data because of all 63 00:02:27,700 --> 00:02:29,679 these cryptographic signing and harsin 64 00:02:29,680 --> 00:02:30,680 going on. 65 00:02:32,110 --> 00:02:34,299 And by definition, 66 00:02:34,300 --> 00:02:36,609 blockchains are decentralized 67 00:02:36,610 --> 00:02:38,680 so they can provide good availability. 68 00:02:39,940 --> 00:02:41,889 You can get you can go to any bitcoin 69 00:02:41,890 --> 00:02:43,959 full node, for example, and verify 70 00:02:43,960 --> 00:02:44,960 your transactions. 71 00:02:45,980 --> 00:02:47,499 There are censorship resistant if you 72 00:02:47,500 --> 00:02:49,569 want to break down to bring bitcoin 73 00:02:49,570 --> 00:02:51,639 down, you have to go and bring every 74 00:02:51,640 --> 00:02:53,709 full node down, 75 00:02:53,710 --> 00:02:55,569 and they've solved the problem of global 76 00:02:55,570 --> 00:02:57,039 consensus through this 77 00:02:58,330 --> 00:03:01,299 lottery mechanism of proof of work. 78 00:03:01,300 --> 00:03:02,979 The more resources you distribute, you 79 00:03:02,980 --> 00:03:03,999 contribute to the systems 80 00:03:05,110 --> 00:03:07,539 than the, the more 81 00:03:07,540 --> 00:03:09,879 balance you get in the lottery, 82 00:03:09,880 --> 00:03:10,880 more tickets you get. 83 00:03:13,620 --> 00:03:15,899 So the first generation of 84 00:03:15,900 --> 00:03:18,449 blockchain based public infrastructures 85 00:03:18,450 --> 00:03:20,519 are based on SATs proof of 86 00:03:20,520 --> 00:03:21,520 work 87 00:03:22,980 --> 00:03:25,109 blockchains, for example, named Coin 88 00:03:25,110 --> 00:03:26,110 and Blockstack. 89 00:03:26,880 --> 00:03:29,339 They have replaced 90 00:03:29,340 --> 00:03:32,159 the kind of use 91 00:03:32,160 --> 00:03:34,619 the Bitcoin toolkit, the cryptocurrency 92 00:03:34,620 --> 00:03:37,409 tokens for identities. 93 00:03:37,410 --> 00:03:38,999 Therefore, you can buy identities, you 94 00:03:39,000 --> 00:03:40,949 can sell, you can sell them to others, 95 00:03:40,950 --> 00:03:43,649 etc. and they belong to you. 96 00:03:43,650 --> 00:03:45,779 So this is a 97 00:03:45,780 --> 00:03:47,999 more powerful abstraction for identities 98 00:03:48,000 --> 00:03:50,129 compared to PDP keys as we 99 00:03:50,130 --> 00:03:52,499 use them today, and they also provide you 100 00:03:52,500 --> 00:03:54,299 with a global namespace. 101 00:03:54,300 --> 00:03:56,969 If you have this identity in name coin, 102 00:03:56,970 --> 00:03:58,199 it is you. 103 00:03:58,200 --> 00:04:00,389 Everybody will 104 00:04:00,390 --> 00:04:01,859 recognize you as the owner of that 105 00:04:01,860 --> 00:04:02,860 identity. 106 00:04:03,630 --> 00:04:05,309 On the other side, they provide no 107 00:04:05,310 --> 00:04:06,989 mechanism for social validation. 108 00:04:08,580 --> 00:04:10,769 If somebody claims to be, for example, 109 00:04:10,770 --> 00:04:12,929 uh, at least in that system, 110 00:04:12,930 --> 00:04:14,789 how can we know out of all the people who 111 00:04:14,790 --> 00:04:16,229 claim to be allies that this person is 112 00:04:16,230 --> 00:04:17,669 actually there is no level of trust 113 00:04:17,670 --> 00:04:19,109 mechanism. 114 00:04:19,110 --> 00:04:20,759 All transactions are public and this has 115 00:04:20,760 --> 00:04:23,429 some privacy implications. 116 00:04:23,430 --> 00:04:25,409 For example, you might be able to through 117 00:04:25,410 --> 00:04:27,959 the transactions to infer 118 00:04:27,960 --> 00:04:31,259 that some identities are linked 119 00:04:31,260 --> 00:04:32,260 to each other. 120 00:04:33,700 --> 00:04:35,829 There are some inherent fees that 121 00:04:35,830 --> 00:04:36,970 users have to pay 122 00:04:38,620 --> 00:04:40,629 for buying coins and foreign transaction 123 00:04:40,630 --> 00:04:42,489 fees. And of course, it's very resource 124 00:04:42,490 --> 00:04:44,169 expensive with a proof of work. 125 00:04:44,170 --> 00:04:46,899 There is a 10 minute latency 126 00:04:46,900 --> 00:04:49,539 for every block to be a specific 127 00:04:49,540 --> 00:04:50,769 number of transactions that can be 128 00:04:50,770 --> 00:04:51,770 included. 129 00:04:53,350 --> 00:04:55,209 Yeah, and so on. 130 00:04:55,210 --> 00:04:56,949 Then came the next generation of public 131 00:04:56,950 --> 00:04:58,449 infrastructures and blockchains 132 00:04:59,560 --> 00:05:02,199 with key bays and the clinics 133 00:05:02,200 --> 00:05:04,689 that can that can be deployed 134 00:05:04,690 --> 00:05:06,869 by email providers, for example, hasn't 135 00:05:06,870 --> 00:05:07,870 email. 136 00:05:08,560 --> 00:05:10,899 So what they did, they have replaced 137 00:05:10,900 --> 00:05:12,969 the transactions block with 138 00:05:12,970 --> 00:05:14,529 a medical traffic stream. 139 00:05:14,530 --> 00:05:16,689 This could been a bit what this is 140 00:05:16,690 --> 00:05:19,240 and whether he achieves accountability 141 00:05:21,190 --> 00:05:23,349 for the providers with regards to 142 00:05:23,350 --> 00:05:26,259 the keys they publish about their users. 143 00:05:26,260 --> 00:05:28,209 So imagine, for example, that email is 144 00:05:28,210 --> 00:05:29,169 using Connex. 145 00:05:29,170 --> 00:05:31,389 You could go and retrieve 146 00:05:33,970 --> 00:05:36,099 the public key material for 147 00:05:36,100 --> 00:05:38,439 its email user from the iconic 148 00:05:38,440 --> 00:05:39,819 set of it. And you also get some proof 149 00:05:39,820 --> 00:05:41,679 that this is the same key that 150 00:05:41,680 --> 00:05:43,479 everybody's getting at that specific 151 00:05:43,480 --> 00:05:44,480 time. 152 00:05:44,950 --> 00:05:47,229 So you also have easy discovery because, 153 00:05:47,230 --> 00:05:49,029 you know, for example, that Alison's 154 00:05:49,030 --> 00:05:50,889 email belongs to the email provider and 155 00:05:50,890 --> 00:05:52,569 you go directly there and it's very 156 00:05:52,570 --> 00:05:54,909 efficient because it's only Google that 157 00:05:54,910 --> 00:05:57,879 maintains and constructs the structures, 158 00:05:57,880 --> 00:05:59,199 and they can provide you with very 159 00:05:59,200 --> 00:06:01,389 efficient proof in a few 160 00:06:01,390 --> 00:06:03,579 kilobytes that actually this is the right 161 00:06:03,580 --> 00:06:06,069 data that you get on the other side. 162 00:06:06,070 --> 00:06:08,139 They do not prevent the give. 163 00:06:08,140 --> 00:06:09,769 They just make it detectable at a later 164 00:06:09,770 --> 00:06:12,609 state, which might be already too late. 165 00:06:12,610 --> 00:06:15,219 And to an extent, 166 00:06:15,220 --> 00:06:17,319 they are centralizing 167 00:06:17,320 --> 00:06:19,389 the public infrastructure, which 168 00:06:19,390 --> 00:06:21,639 opens them to a 169 00:06:21,640 --> 00:06:22,929 tax, for example, because they are a 170 00:06:22,930 --> 00:06:24,369 single point of failure. 171 00:06:24,370 --> 00:06:26,979 If the email connectivity is down, 172 00:06:26,980 --> 00:06:29,109 then you won't be able to 173 00:06:29,110 --> 00:06:31,749 get the PDP key material 174 00:06:31,750 --> 00:06:33,819 for their email users 175 00:06:33,820 --> 00:06:35,439 and also puts 176 00:06:36,580 --> 00:06:38,679 the providers in this privileged 177 00:06:38,680 --> 00:06:40,569 position to perform surveillance with 178 00:06:40,570 --> 00:06:42,190 regard to who is getting 179 00:06:44,140 --> 00:06:45,279 who is going to communicate, 180 00:06:46,360 --> 00:06:48,159 revealing the social graph of the users 181 00:06:48,160 --> 00:06:49,809 would like to hide, etc.. 182 00:06:51,770 --> 00:06:53,749 So the metal binary prefix three that I 183 00:06:53,750 --> 00:06:56,269 mentioned before is this 184 00:06:56,270 --> 00:06:58,669 is a medical binary tree, 185 00:06:58,670 --> 00:06:59,689 as you see. 186 00:06:59,690 --> 00:07:01,969 But the difference is that in 187 00:07:01,970 --> 00:07:04,309 order to sort the live notes 188 00:07:04,310 --> 00:07:06,349 when we are inserting them, we are using 189 00:07:06,350 --> 00:07:08,449 a verified random function instead of a. 190 00:07:08,450 --> 00:07:10,849 We use this very fundamental random 191 00:07:10,850 --> 00:07:12,079 function. 192 00:07:12,080 --> 00:07:14,239 It is a function that produces a unique 193 00:07:14,240 --> 00:07:16,369 output, given a private 194 00:07:16,370 --> 00:07:17,370 key. 195 00:07:18,230 --> 00:07:20,300 So imagine that they have a private key 196 00:07:21,380 --> 00:07:23,299 four that is compatible with this 197 00:07:23,300 --> 00:07:24,439 verifiable random function. 198 00:07:24,440 --> 00:07:26,899 I can produce an output that looks random 199 00:07:26,900 --> 00:07:28,609 to everybody. You cannot guess it. 200 00:07:28,610 --> 00:07:30,589 But if I give you the public key, you can 201 00:07:30,590 --> 00:07:33,289 verify that this is the unique output. 202 00:07:33,290 --> 00:07:35,539 And this as 203 00:07:35,540 --> 00:07:37,819 a result will apply to Merkle 204 00:07:37,820 --> 00:07:39,229 trees. 205 00:07:39,230 --> 00:07:41,659 He assures us that everybody 206 00:07:41,660 --> 00:07:42,660 who will search 207 00:07:43,760 --> 00:07:44,760 for the 208 00:07:46,100 --> 00:07:48,349 specific label will end up 209 00:07:48,350 --> 00:07:51,229 to the same leaf node 210 00:07:51,230 --> 00:07:52,230 in the Merkle tree. 211 00:07:53,000 --> 00:07:54,919 Therefore, therefore achieving canonical 212 00:07:54,920 --> 00:07:56,179 vacation. I cannot. 213 00:07:56,180 --> 00:07:58,699 If if two people come 214 00:07:58,700 --> 00:08:00,649 to call the email provided that it ask 215 00:08:00,650 --> 00:08:01,699 for Alison's email 216 00:08:03,140 --> 00:08:05,299 because of these properties, 217 00:08:05,300 --> 00:08:06,860 they both get the same live node. 218 00:08:08,450 --> 00:08:11,269 Now claim, since how are we using 219 00:08:11,270 --> 00:08:13,219 the metal binary prefix trees and what 220 00:08:13,220 --> 00:08:15,139 are we doing different compared to here 221 00:08:15,140 --> 00:08:16,790 based on a context, for example? 222 00:08:18,380 --> 00:08:20,179 But we do different things. 223 00:08:20,180 --> 00:08:22,819 We push for decentralization 224 00:08:22,820 --> 00:08:25,129 by having the 225 00:08:25,130 --> 00:08:26,509 users host 226 00:08:28,340 --> 00:08:31,069 the claimed chain by themselves. 227 00:08:31,070 --> 00:08:33,288 So we have a claim chain for its user 228 00:08:33,289 --> 00:08:35,359 or for each of their devices or for 229 00:08:35,360 --> 00:08:36,859 each of their identities that they want 230 00:08:36,860 --> 00:08:38,689 don't want to connect. 231 00:08:38,690 --> 00:08:39,949 For example, you have Alice. 232 00:08:39,950 --> 00:08:41,869 Here's what I'm saying Bob his own saying 233 00:08:41,870 --> 00:08:44,048 and Guy Fawkes would be anyone 234 00:08:44,049 --> 00:08:45,229 in it, even Alice. 235 00:08:45,230 --> 00:08:46,309 Here's a different scene. 236 00:08:47,930 --> 00:08:49,669 There is no consensus, and it's not 237 00:08:49,670 --> 00:08:51,409 global. Consensus blocks are updated as 238 00:08:51,410 --> 00:08:54,019 needed. You just generate the structure. 239 00:08:54,020 --> 00:08:56,299 Sign it with the signing key. 240 00:08:56,300 --> 00:08:57,649 And that's it. 241 00:08:57,650 --> 00:08:59,149 Everybody can verify that there is 242 00:09:00,170 --> 00:09:01,309 a sequence. 243 00:09:01,310 --> 00:09:02,899 This sequence is valid. 244 00:09:04,610 --> 00:09:06,859 Imagine now that at 245 00:09:06,860 --> 00:09:09,349 some point there is a fork in a chain 246 00:09:09,350 --> 00:09:11,899 because two valid blocks originate 247 00:09:11,900 --> 00:09:14,209 from a given 248 00:09:14,210 --> 00:09:16,339 block. Then then this can 249 00:09:16,340 --> 00:09:18,499 be interpreted as a compromise 250 00:09:18,500 --> 00:09:20,899 because somebody has got my 251 00:09:20,900 --> 00:09:22,549 signing key and publish something 252 00:09:22,550 --> 00:09:24,289 different. Or it could be that I've tried 253 00:09:24,290 --> 00:09:26,539 to equivocate to one of the readers. 254 00:09:28,280 --> 00:09:30,140 And finally, we've also added 255 00:09:31,220 --> 00:09:34,009 a fine grained access control mechanism 256 00:09:34,010 --> 00:09:35,210 based on capabilities 257 00:09:37,250 --> 00:09:40,069 that allows the claim, saying owners 258 00:09:40,070 --> 00:09:43,069 to select who can read the specific claim 259 00:09:43,070 --> 00:09:45,379 and for and that 260 00:09:45,380 --> 00:09:46,819 through the non evocation of the medical 261 00:09:46,820 --> 00:09:48,799 prefix trees, we are sure that all 262 00:09:48,800 --> 00:09:49,970 readers get the same content. 263 00:09:52,980 --> 00:09:55,079 Yet we need a way to propagate 264 00:09:55,080 --> 00:09:57,269 this information, because, yeah, how 265 00:09:57,270 --> 00:09:59,369 do we know of updates of our 266 00:09:59,370 --> 00:10:01,569 friends? How do we find out that 267 00:10:01,570 --> 00:10:03,989 the big how does a key distribution 268 00:10:03,990 --> 00:10:05,209 works? 269 00:10:05,210 --> 00:10:07,679 We've we've introduced this mechanism 270 00:10:07,680 --> 00:10:09,959 of cross crossing where we 271 00:10:09,960 --> 00:10:12,959 include a voucher, a stamp 272 00:10:12,960 --> 00:10:15,029 of the later state of 273 00:10:16,740 --> 00:10:18,899 the blow, reclaim claim chains of our 274 00:10:18,900 --> 00:10:20,609 friends. So you see here, for example, 275 00:10:20,610 --> 00:10:23,429 that Alice includes an assessment 276 00:10:23,430 --> 00:10:25,979 for Bob's latest block and Guy Fawkes 277 00:10:25,980 --> 00:10:27,239 latest block. 278 00:10:27,240 --> 00:10:29,819 And Bob 279 00:10:29,820 --> 00:10:31,949 also includes a statement, but 280 00:10:31,950 --> 00:10:34,049 at a previous point that he 281 00:10:34,050 --> 00:10:34,979 was aware of. 282 00:10:34,980 --> 00:10:37,589 It might be stale a bit, but that's 283 00:10:37,590 --> 00:10:40,439 how consensus and 284 00:10:40,440 --> 00:10:41,969 propagation works in these systems. 285 00:10:43,290 --> 00:10:45,359 So we have propagation of key updates 286 00:10:45,360 --> 00:10:47,459 in cliques of users and groups 287 00:10:47,460 --> 00:10:50,009 of users. This is how gossiping 288 00:10:50,010 --> 00:10:52,109 works in the real world and between the 289 00:10:52,110 --> 00:10:53,250 real humans anyway. 290 00:10:54,480 --> 00:10:56,549 We don't vouch for we don't 291 00:10:56,550 --> 00:10:59,249 just append cryptographic signs 292 00:10:59,250 --> 00:11:01,409 on keys of other users, 293 00:11:01,410 --> 00:11:04,199 but we also 294 00:11:04,200 --> 00:11:06,599 vouch for the later state of their 295 00:11:06,600 --> 00:11:07,600 view of the world. 296 00:11:09,060 --> 00:11:10,319 And we can use this cross-cutting 297 00:11:10,320 --> 00:11:12,929 mechanism for introducing friends 298 00:11:12,930 --> 00:11:15,179 for social validation, a web of trust, 299 00:11:15,180 --> 00:11:17,339 while at the same time preserving the 300 00:11:17,340 --> 00:11:19,769 social privacy of the social graph of the 301 00:11:19,770 --> 00:11:20,789 claim. Team owners 302 00:11:22,320 --> 00:11:23,669 and overview of the claim saying 303 00:11:23,670 --> 00:11:25,769 properties so claim things 304 00:11:25,770 --> 00:11:26,970 are high integrity 305 00:11:28,470 --> 00:11:31,109 authenticated data stores high integrity 306 00:11:31,110 --> 00:11:33,299 because of the blockchains 307 00:11:33,300 --> 00:11:34,499 and the medical prefix three 308 00:11:34,500 --> 00:11:36,119 authenticated because of all the signing 309 00:11:36,120 --> 00:11:38,339 going on that can support 310 00:11:38,340 --> 00:11:39,340 generic claims. 311 00:11:40,560 --> 00:11:42,149 So we've decided to use this for the 312 00:11:42,150 --> 00:11:43,469 public infrastructure. 313 00:11:43,470 --> 00:11:45,629 You can use the claims in structure for 314 00:11:45,630 --> 00:11:47,789 building access control, 315 00:11:47,790 --> 00:11:50,159 delegation or command and control 316 00:11:50,160 --> 00:11:51,929 for your botnet or whatever you might 317 00:11:51,930 --> 00:11:52,930 come up with. 318 00:11:53,720 --> 00:11:56,159 At the same time, we ask for privacy 319 00:11:56,160 --> 00:11:57,569 of the claims that are published, even 320 00:11:57,570 --> 00:11:59,609 though this even though everything goes 321 00:11:59,610 --> 00:12:01,529 public. If we do not reveal any 322 00:12:01,530 --> 00:12:03,419 information about the content 323 00:12:04,860 --> 00:12:07,349 of all 324 00:12:07,350 --> 00:12:09,509 of the claims or who is 325 00:12:09,510 --> 00:12:11,940 up or about the readers of the claims, 326 00:12:13,110 --> 00:12:15,600 and we do that via capability mechanism 327 00:12:16,830 --> 00:12:18,119 that we I'm going to describe in a bit. 328 00:12:19,620 --> 00:12:21,209 Privacy sometimes can mean case 329 00:12:21,210 --> 00:12:22,229 equivocation I could present. 330 00:12:22,230 --> 00:12:24,209 I could then keep two different things to 331 00:12:24,210 --> 00:12:25,319 different readers. 332 00:12:25,320 --> 00:12:28,259 We put we again prevent that 333 00:12:28,260 --> 00:12:30,330 all readers get the same view. 334 00:12:32,250 --> 00:12:33,929 The cross-cutting mechanism enables the 335 00:12:33,930 --> 00:12:36,079 propagation and voting of the later 336 00:12:36,080 --> 00:12:38,849 state of linked claims, since 337 00:12:38,850 --> 00:12:40,169 I've mentioned that they give location 338 00:12:40,170 --> 00:12:42,569 attempts and compromises produce 339 00:12:42,570 --> 00:12:44,339 nonrenewable cryptographic evidence, the 340 00:12:44,340 --> 00:12:46,379 claims in forks and nonrenewable 341 00:12:46,380 --> 00:12:47,999 cryptographic evidence, it means that we 342 00:12:48,000 --> 00:12:48,929 can take them. 343 00:12:48,930 --> 00:12:49,950 They are self-sustained 344 00:12:51,090 --> 00:12:53,129 evidence that we can share with a world 345 00:12:53,130 --> 00:12:56,099 that we've observed two blocks 346 00:12:56,100 --> 00:12:58,289 originating from a 347 00:12:58,290 --> 00:13:00,299 specific block in time, and therefore 348 00:13:00,300 --> 00:13:01,619 something is wrong with that, Clinton. 349 00:13:02,910 --> 00:13:04,589 Now, with regard to deployment and we 350 00:13:04,590 --> 00:13:06,779 spent a lot of we've done lots 351 00:13:06,780 --> 00:13:10,049 of work in evaluating how 352 00:13:10,050 --> 00:13:12,089 Clemson can scale and how effective it is 353 00:13:12,090 --> 00:13:13,829 with regards to key propagation, etc. 354 00:13:13,830 --> 00:13:15,089 and how what are the bandwidth 355 00:13:15,090 --> 00:13:16,090 requirements? 356 00:13:16,820 --> 00:13:19,169 What how long does it take to 357 00:13:19,170 --> 00:13:21,359 compute the structure, etc.? 358 00:13:21,360 --> 00:13:22,739 You can find all this information. 359 00:13:22,740 --> 00:13:25,079 The claim saints GitHub, the database 360 00:13:25,080 --> 00:13:27,239 where we have our paper, a 361 00:13:27,240 --> 00:13:29,039 claim status is very flexible in terms of 362 00:13:29,040 --> 00:13:31,049 deployment. It can work in the federated 363 00:13:31,050 --> 00:13:33,119 scenario like in so it can 364 00:13:33,120 --> 00:13:35,249 work with high availability, 365 00:13:35,250 --> 00:13:37,469 online data stores when we just go 366 00:13:37,470 --> 00:13:39,569 on and upload or for all of our blogs, 367 00:13:39,570 --> 00:13:41,879 or it can even work in a gossiping, 368 00:13:41,880 --> 00:13:44,039 ad hoc scenario when we just append. 369 00:13:46,740 --> 00:13:48,269 Do you want to? 370 00:13:48,270 --> 00:13:49,829 How do you say this word? 371 00:13:49,830 --> 00:13:51,929 So anyway, when you just include 372 00:13:51,930 --> 00:13:54,549 the proofs in the email is that you want 373 00:13:54,550 --> 00:13:56,759 it when you attach that 374 00:13:56,760 --> 00:13:59,009 to the evidence you want in 375 00:13:59,010 --> 00:14:00,359 the emails you send with your friends 376 00:14:00,360 --> 00:14:01,360 with. 377 00:14:01,830 --> 00:14:03,629 And we can do it that we can do that in a 378 00:14:03,630 --> 00:14:05,789 very efficient way by including all 379 00:14:05,790 --> 00:14:07,859 the claims that we want to include for 380 00:14:07,860 --> 00:14:10,259 that reader, plus 381 00:14:10,260 --> 00:14:12,659 some evidence that these claims 382 00:14:12,660 --> 00:14:14,130 are actually part of 383 00:14:15,150 --> 00:14:18,119 the claim chain and all 384 00:14:18,120 --> 00:14:19,379 the proof of inclusion 385 00:14:20,820 --> 00:14:22,639 in the METTL3, etc.. 386 00:14:22,640 --> 00:14:24,089 Now the internals of claim changed. 387 00:14:25,140 --> 00:14:27,209 We still have some time for that. 388 00:14:27,210 --> 00:14:29,369 A The blog structure has 389 00:14:29,370 --> 00:14:31,559 some claim chain protocol information 390 00:14:31,560 --> 00:14:33,779 like the version, of course a time 391 00:14:33,780 --> 00:14:37,019 stub, the block sequence index. 392 00:14:37,020 --> 00:14:39,149 Some nodes that we use for achieving and 393 00:14:39,150 --> 00:14:40,320 likability between 394 00:14:41,880 --> 00:14:43,799 the claims and the capabilities across 395 00:14:43,800 --> 00:14:45,869 different blocks claim 396 00:14:45,870 --> 00:14:48,359 metadata or the connected identities 397 00:14:48,360 --> 00:14:50,189 may be the claim saying. 398 00:14:50,190 --> 00:14:53,309 Saw a Twitter handle or an email 399 00:14:53,310 --> 00:14:55,349 that the user wants to connect into the 400 00:14:55,350 --> 00:14:56,350 Scream team. 401 00:14:57,150 --> 00:14:59,439 And some public 402 00:14:59,440 --> 00:15:00,479 keys that they are needed for the 403 00:15:00,480 --> 00:15:02,339 operation of Clinton. 404 00:15:02,340 --> 00:15:04,689 We need the public key for signing 405 00:15:04,690 --> 00:15:06,989 can you blocks the public key for 406 00:15:06,990 --> 00:15:08,639 the verifiable function that we use for 407 00:15:08,640 --> 00:15:10,159 the military prefix three and the 408 00:15:10,160 --> 00:15:12,269 difficult monkey that we use for 409 00:15:12,270 --> 00:15:15,039 the capabilities technique? 410 00:15:15,040 --> 00:15:17,159 Then the the main 411 00:15:17,160 --> 00:15:19,409 the core element of the 412 00:15:19,410 --> 00:15:21,659 block is the block mapping, where 413 00:15:21,660 --> 00:15:23,219 we store all the claims and the 414 00:15:23,220 --> 00:15:24,749 capabilities in the form of a metal 415 00:15:24,750 --> 00:15:26,849 prefix. Of course, pointers to previous 416 00:15:26,850 --> 00:15:28,559 blocks, that's how we achieve how we 417 00:15:30,450 --> 00:15:32,609 connect the blocks into the 418 00:15:32,610 --> 00:15:33,749 blockchain. 419 00:15:33,750 --> 00:15:35,519 Now, if we can see that all of the. 420 00:15:36,830 --> 00:15:39,139 A feeling on the left as the 421 00:15:39,140 --> 00:15:41,239 payload of the block, we 422 00:15:41,240 --> 00:15:43,549 sign it and we attach 423 00:15:43,550 --> 00:15:46,039 the signature, and this is a self-sustained 424 00:15:46,040 --> 00:15:48,319 piece of information that we can attach 425 00:15:48,320 --> 00:15:50,689 to different to any mail or we can 426 00:15:50,690 --> 00:15:51,690 stored in an 427 00:15:53,030 --> 00:15:56,119 online store that we do not trust 428 00:15:56,120 --> 00:15:58,249 and still and still be sure that no one 429 00:15:58,250 --> 00:15:59,389 can tamper that information. 430 00:16:00,530 --> 00:16:02,599 If we want to add a claim, 431 00:16:02,600 --> 00:16:06,019 for example, we are analysis a 432 00:16:06,020 --> 00:16:08,089 medical prefix three and we want to 433 00:16:08,090 --> 00:16:09,650 add a claim 434 00:16:10,940 --> 00:16:11,959 for Bob. 435 00:16:11,960 --> 00:16:13,549 First, we need to to define 436 00:16:14,600 --> 00:16:16,849 the label that we will be using for 437 00:16:16,850 --> 00:16:17,749 Bob. 438 00:16:17,750 --> 00:16:19,369 From now on, it's going to be bob rise of 439 00:16:19,370 --> 00:16:21,589 the net. And let's imagine that the claim 440 00:16:21,590 --> 00:16:23,899 is the latest head. 441 00:16:23,900 --> 00:16:25,819 So first, we're going to compute the 442 00:16:25,820 --> 00:16:27,739 claim key with a verifiable random 443 00:16:27,740 --> 00:16:30,409 function using aliases, private key. 444 00:16:30,410 --> 00:16:33,289 And then we we're going to put inside 445 00:16:33,290 --> 00:16:35,599 bob a tricep dot net 446 00:16:35,600 --> 00:16:37,699 plus the nonce so 447 00:16:37,700 --> 00:16:39,199 that we get active unlike abilities I've 448 00:16:39,200 --> 00:16:40,200 mentioned before. 449 00:16:40,910 --> 00:16:43,189 Then we can calculate the index 450 00:16:43,190 --> 00:16:44,190 of the live node, 451 00:16:45,410 --> 00:16:47,599 how we're going to store that lymph node 452 00:16:47,600 --> 00:16:49,489 in the tree simply 453 00:16:50,930 --> 00:16:53,599 by taking the claim key 454 00:16:53,600 --> 00:16:56,329 and hashing it with the string lookup. 455 00:16:56,330 --> 00:16:57,769 And we're going to generate a symmetric 456 00:16:57,770 --> 00:17:00,259 activation key again by taking 457 00:17:00,260 --> 00:17:02,449 the the the claim kick 458 00:17:02,450 --> 00:17:05,029 from step one and appending 459 00:17:05,030 --> 00:17:06,858 appending conclusion and then hashing it 460 00:17:06,859 --> 00:17:07,859 all together. 461 00:17:09,560 --> 00:17:11,838 So we 462 00:17:11,839 --> 00:17:14,118 increase the claim content with the 463 00:17:14,119 --> 00:17:15,649 symmetric encryption key that we got in 464 00:17:15,650 --> 00:17:17,809 step number three, and 465 00:17:17,810 --> 00:17:20,098 we also include the VLF 466 00:17:20,099 --> 00:17:22,279 proof that other people can go 467 00:17:22,280 --> 00:17:25,098 and get to be sure that the 468 00:17:25,099 --> 00:17:26,568 claim key that we verify that we've 469 00:17:26,569 --> 00:17:28,729 computed in step number one is actually 470 00:17:28,730 --> 00:17:30,319 the correct and the only one. 471 00:17:32,060 --> 00:17:34,429 So that's how we get 472 00:17:34,430 --> 00:17:35,430 the lymph node 473 00:17:37,250 --> 00:17:40,039 that corresponds to the cross 474 00:17:40,040 --> 00:17:41,880 for Bob's claim for Bob's Clinton 475 00:17:42,890 --> 00:17:44,869 story. We started out in the three nick 476 00:17:44,870 --> 00:17:45,949 scenario. 477 00:17:45,950 --> 00:17:47,869 We want to add the capability for Guy 478 00:17:47,870 --> 00:17:51,199 Fawkes to read a Bob's 479 00:17:51,200 --> 00:17:53,959 Cross Plus into Alice 480 00:17:53,960 --> 00:17:56,419 in Alice's Clinton 481 00:17:56,420 --> 00:17:58,909 first step. We use a difficult one 482 00:17:58,910 --> 00:18:01,039 to establish a third 483 00:18:01,040 --> 00:18:03,409 secret s between Alice 484 00:18:03,410 --> 00:18:04,410 and Guy Fawkes. 485 00:18:06,280 --> 00:18:08,709 So we used that third 486 00:18:08,710 --> 00:18:10,809 secret into a 487 00:18:10,810 --> 00:18:13,029 house again, along with nuns 488 00:18:13,030 --> 00:18:15,489 and with a look up to generate 489 00:18:15,490 --> 00:18:17,459 the the capability look up key. 490 00:18:18,900 --> 00:18:21,249 That will be the index of the 491 00:18:21,250 --> 00:18:23,469 look up key of the capability. 492 00:18:23,470 --> 00:18:25,569 Claim that we're going to study it 493 00:18:25,570 --> 00:18:27,939 in the three nuns is here 494 00:18:27,940 --> 00:18:29,380 in order to achieve applicability. 495 00:18:31,180 --> 00:18:32,889 And to hide the patterns of how 496 00:18:32,890 --> 00:18:35,049 capabilities are added and revoked, 497 00:18:37,300 --> 00:18:38,439 we're going to derive asymmetric 498 00:18:38,440 --> 00:18:39,940 encryption key as we did before, 499 00:18:41,140 --> 00:18:42,910 and we are going to encrypt 500 00:18:44,110 --> 00:18:45,279 the claim key 501 00:18:47,980 --> 00:18:50,139 from the blue cliff 502 00:18:50,140 --> 00:18:51,550 note that we've added before. 503 00:18:53,270 --> 00:18:55,489 Without without the symmetric encryption 504 00:18:55,490 --> 00:18:57,779 key from step three, so that 505 00:18:57,780 --> 00:18:59,479 the guy folks can decrypt is in the 506 00:18:59,480 --> 00:19:00,480 future. 507 00:19:01,100 --> 00:19:03,649 So we generated 508 00:19:03,650 --> 00:19:05,929 a live node and we started in the dream. 509 00:19:07,410 --> 00:19:09,559 Now if Guy Fawkes wants to 510 00:19:09,560 --> 00:19:11,510 retrieve a. 511 00:19:13,690 --> 00:19:15,819 That that it wants to 512 00:19:15,820 --> 00:19:18,129 find out the latest update for 513 00:19:18,130 --> 00:19:19,929 Bob in the story. 514 00:19:19,930 --> 00:19:21,429 He's going to do the reverse process. 515 00:19:21,430 --> 00:19:23,259 He's going to establish a difficult, 516 00:19:23,260 --> 00:19:25,719 massive search secret as between 517 00:19:25,720 --> 00:19:28,599 Alison Guy Fawkes and 518 00:19:28,600 --> 00:19:30,549 get the capability lock up key in the 519 00:19:30,550 --> 00:19:32,689 symmetric key in the same way that 520 00:19:32,690 --> 00:19:33,690 Alice computed it. 521 00:19:36,050 --> 00:19:38,569 And he's going to go to 522 00:19:38,570 --> 00:19:40,969 Alex's claim through 523 00:19:40,970 --> 00:19:43,549 a mental mental study and retrieve 524 00:19:43,550 --> 00:19:45,859 the corresponding leaf note. 525 00:19:45,860 --> 00:19:48,109 He's going to decrypt it with 526 00:19:48,110 --> 00:19:50,389 the symmetric key from step 527 00:19:50,390 --> 00:19:51,649 number three. 528 00:19:51,650 --> 00:19:53,359 And he will be able to get 529 00:19:55,160 --> 00:19:57,349 the claim key for Bob's claim. 530 00:19:59,200 --> 00:20:00,200 So far, 531 00:20:01,330 --> 00:20:03,399 uh, if you if you 532 00:20:03,400 --> 00:20:05,469 remember, the claim for 533 00:20:05,470 --> 00:20:07,539 Bob's claim includes 534 00:20:07,540 --> 00:20:09,609 the v rf, the heart of a v r 535 00:20:09,610 --> 00:20:10,610 f. 536 00:20:11,410 --> 00:20:13,929 So he's going to retrieve 537 00:20:13,930 --> 00:20:14,930 a. 538 00:20:16,170 --> 00:20:18,719 Bob's claim from Alice's 539 00:20:18,720 --> 00:20:21,599 medical prefix three and decrypted 540 00:20:21,600 --> 00:20:22,600 a. 541 00:20:26,890 --> 00:20:29,229 Using yeah, again, he can compute 542 00:20:29,230 --> 00:20:31,509 the VLF key because 543 00:20:31,510 --> 00:20:32,529 of step number four. 544 00:20:33,580 --> 00:20:35,709 And are we 545 00:20:35,710 --> 00:20:36,710 done? Not really. 546 00:20:39,850 --> 00:20:42,039 He needs to use the v 547 00:20:42,040 --> 00:20:44,259 r f proof that is embedded into 548 00:20:44,260 --> 00:20:45,730 the decrypted claim 549 00:20:47,050 --> 00:20:48,429 in order to verify that actually the 550 00:20:48,430 --> 00:20:50,679 verify prove that he gets is the 551 00:20:50,680 --> 00:20:53,229 only one that could have produced a 552 00:20:53,230 --> 00:20:54,280 very private key. 553 00:20:57,550 --> 00:20:58,719 I know it, yeah. 554 00:20:58,720 --> 00:21:01,329 We went through that very fast. 555 00:21:01,330 --> 00:21:02,330 But again, 556 00:21:03,430 --> 00:21:05,139 all this information see in the paper. 557 00:21:06,970 --> 00:21:09,579 And you can take a look at it, or please 558 00:21:09,580 --> 00:21:11,379 come find me after we're done, I have 559 00:21:11,380 --> 00:21:12,879 more slides that explain how proof of 560 00:21:12,880 --> 00:21:14,469 inclusion work, how proof of absence 561 00:21:14,470 --> 00:21:15,609 work, etc.. 562 00:21:15,610 --> 00:21:16,659 Yeah, well, I think I should have 563 00:21:16,660 --> 00:21:18,999 mentioned these that in step number four, 564 00:21:19,000 --> 00:21:20,000 if Guy Fawkes 565 00:21:21,550 --> 00:21:23,679 tries to retrieve a capability block 566 00:21:23,680 --> 00:21:26,229 and cannot find it, it means that 567 00:21:26,230 --> 00:21:28,449 Alice has not given to Guy Fawkes 568 00:21:28,450 --> 00:21:30,639 the capability to read 569 00:21:30,640 --> 00:21:31,640 a. 570 00:21:33,320 --> 00:21:34,989 And the claim about Bob 571 00:21:36,160 --> 00:21:38,319 or week end at that point, 572 00:21:38,320 --> 00:21:40,089 Guy Fawkes cannot know whether a 573 00:21:40,090 --> 00:21:42,369 capability for for four bob exists 574 00:21:42,370 --> 00:21:43,370 at all. 575 00:21:45,840 --> 00:21:47,279 Now we've submitted to 576 00:21:48,540 --> 00:21:50,759 this talk for the city's resilience 577 00:21:50,760 --> 00:21:53,039 track, and we understand 578 00:21:53,040 --> 00:21:55,469 that this is academic work to an extent, 579 00:21:55,470 --> 00:21:57,479 but we do care about resilience and we 580 00:21:57,480 --> 00:21:59,130 would like to share some of. 581 00:22:02,170 --> 00:22:03,609 Yes. 582 00:22:03,610 --> 00:22:05,829 What what way we decide 583 00:22:05,830 --> 00:22:06,879 to do that. 584 00:22:06,880 --> 00:22:08,979 First of all, we started with 585 00:22:08,980 --> 00:22:11,229 a field research to understand user 586 00:22:11,230 --> 00:22:12,230 needs. 587 00:22:12,610 --> 00:22:14,919 This was done by some 588 00:22:14,920 --> 00:22:16,329 researchers in Paris. 589 00:22:19,060 --> 00:22:21,279 Later on, we we 590 00:22:21,280 --> 00:22:23,499 pick projects that care about resilience, 591 00:22:23,500 --> 00:22:26,079 need to be open to collaborations 592 00:22:26,080 --> 00:22:27,609 with communities that they are already 593 00:22:27,610 --> 00:22:29,409 working on these problems. 594 00:22:30,940 --> 00:22:33,399 And we've done that, for example, with 595 00:22:33,400 --> 00:22:35,949 some with another organization 596 00:22:35,950 --> 00:22:37,869 in Germany and 597 00:22:38,920 --> 00:22:40,239 we in close collaboration, we felt 598 00:22:40,240 --> 00:22:41,799 equipped with that a. 599 00:22:43,740 --> 00:22:45,030 And we've used. 600 00:22:46,240 --> 00:22:49,419 Techniques from that, they are actually, 601 00:22:49,420 --> 00:22:50,680 again, very, very, 602 00:22:52,390 --> 00:22:54,609 very well used. 603 00:22:54,610 --> 00:22:55,610 Um. 604 00:23:02,120 --> 00:23:04,309 OK, so, so in 605 00:23:04,310 --> 00:23:06,349 academia, that is in these techniques 606 00:23:06,350 --> 00:23:07,350 going on now 607 00:23:09,500 --> 00:23:10,580 in applied research 608 00:23:11,780 --> 00:23:14,299 that he's pushing for 609 00:23:16,160 --> 00:23:18,409 formally verifying the properties 610 00:23:18,410 --> 00:23:20,389 and the code that you're producing and 611 00:23:20,390 --> 00:23:22,579 for claim S. Specific, 612 00:23:22,580 --> 00:23:25,099 we have we have formally defined 613 00:23:25,100 --> 00:23:26,299 all of the security and privacy 614 00:23:26,300 --> 00:23:28,789 properties using cryptographic games. 615 00:23:28,790 --> 00:23:30,769 So we know, for example, that we provide 616 00:23:30,770 --> 00:23:33,079 non-native location under what terms 617 00:23:33,080 --> 00:23:35,359 and that we can provide and likability 618 00:23:35,360 --> 00:23:37,519 across blocks again because of this 619 00:23:37,520 --> 00:23:39,799 and this and these cryptography game 620 00:23:39,800 --> 00:23:41,809 that we can combine together. 621 00:23:41,810 --> 00:23:44,149 And we also have a formal, 622 00:23:44,150 --> 00:23:46,129 very formal, formally verifying 623 00:23:46,130 --> 00:23:48,409 implementation of our cryptographic 624 00:23:48,410 --> 00:23:50,929 components in F Star. 625 00:23:50,930 --> 00:23:52,699 So you can go in and find the American 626 00:23:52,700 --> 00:23:54,920 prefix three and the V r f function 627 00:23:56,180 --> 00:23:57,530 in our GitHub repositories. 628 00:24:00,500 --> 00:24:01,909 When it comes to resilience, we need to 629 00:24:01,910 --> 00:24:04,099 know of how our systems 630 00:24:04,100 --> 00:24:06,229 can scale and 631 00:24:06,230 --> 00:24:08,779 therefore we've used simulations 632 00:24:08,780 --> 00:24:10,909 with real world data from the 633 00:24:10,910 --> 00:24:12,019 dataset. 634 00:24:12,020 --> 00:24:14,359 This is a leaked 635 00:24:14,360 --> 00:24:15,829 email directly 636 00:24:16,850 --> 00:24:19,279 from a company called Aaron. 637 00:24:19,280 --> 00:24:21,589 So it's usually used in the academia 638 00:24:21,590 --> 00:24:22,590 for. 639 00:24:24,690 --> 00:24:27,119 When we need to simulate real world 640 00:24:27,120 --> 00:24:28,349 communication patterns 641 00:24:29,940 --> 00:24:31,649 and we've used these for calculating the 642 00:24:31,650 --> 00:24:33,900 efficiency of prop of 643 00:24:35,370 --> 00:24:37,439 the Cross Classic Protocol in propagating 644 00:24:37,440 --> 00:24:40,229 the latest state, um 645 00:24:40,230 --> 00:24:42,239 of other people's key material. 646 00:24:44,410 --> 00:24:45,939 When it comes to interoperability and 647 00:24:45,940 --> 00:24:48,009 plans for gradual deployment, 648 00:24:48,010 --> 00:24:49,660 as we've mentioned, claim change 649 00:24:51,460 --> 00:24:53,529 is very flexible on how you're going to 650 00:24:53,530 --> 00:24:54,530 deploy it. 651 00:24:55,210 --> 00:24:57,339 We've chosen to be and we know, 652 00:24:57,340 --> 00:24:58,659 for example, we haven't done much yet, 653 00:24:58,660 --> 00:25:00,429 but we know that when it comes to 654 00:25:02,230 --> 00:25:04,399 actually giving started to implement 655 00:25:04,400 --> 00:25:06,969 to give this to users, 656 00:25:06,970 --> 00:25:08,739 we need to be compatible with all 657 00:25:08,740 --> 00:25:11,289 existing email encryption applications. 658 00:25:11,290 --> 00:25:13,389 So, for example, we want to be compatible 659 00:25:13,390 --> 00:25:14,440 with the agent 660 00:25:15,520 --> 00:25:17,409 again, something that is very important. 661 00:25:17,410 --> 00:25:18,849 I don't think we've done great work here, 662 00:25:18,850 --> 00:25:21,069 but a 663 00:25:21,070 --> 00:25:23,259 usability of 664 00:25:23,260 --> 00:25:24,519 email encryption. 665 00:25:24,520 --> 00:25:26,799 How do you how do you 666 00:25:26,800 --> 00:25:29,409 perform key management 667 00:25:29,410 --> 00:25:30,949 in a way that the users can understand, 668 00:25:30,950 --> 00:25:32,019 not mistakes? 669 00:25:32,020 --> 00:25:34,179 What happens when we knew 670 00:25:34,180 --> 00:25:36,249 you need to revoke a key or 671 00:25:36,250 --> 00:25:37,299 there's a key compromise? 672 00:25:37,300 --> 00:25:39,399 How do you communicate with a user 673 00:25:39,400 --> 00:25:40,539 and how um 674 00:25:41,920 --> 00:25:42,920 and how 675 00:25:44,380 --> 00:25:45,429 we can act upon that? 676 00:25:48,580 --> 00:25:51,219 And yeah, this is 677 00:25:51,220 --> 00:25:53,379 this is a great debate that is going on 678 00:25:53,380 --> 00:25:55,569 on that. And unfortunately, we 679 00:25:55,570 --> 00:25:57,159 we don't we cannot say that we've solved 680 00:25:57,160 --> 00:25:58,209 this at all. 681 00:25:58,210 --> 00:25:59,210 We focused on, 682 00:26:01,090 --> 00:26:03,249 uh, coming up with the structures 683 00:26:03,250 --> 00:26:04,569 and the properties and the, 684 00:26:05,800 --> 00:26:08,049 uh, simulating 685 00:26:08,050 --> 00:26:10,539 how climate change can scale and work 686 00:26:10,540 --> 00:26:11,540 effectively. 687 00:26:12,670 --> 00:26:14,709 Hopefully, though, we've we've been able 688 00:26:14,710 --> 00:26:16,449 to do all of the above because we are a 689 00:26:16,450 --> 00:26:19,119 multi-disciplinary team in next leap. 690 00:26:19,120 --> 00:26:20,769 We've got sociologists, we've got 691 00:26:20,770 --> 00:26:23,380 philosophers, cryptographers 692 00:26:24,700 --> 00:26:26,799 and it's great to 693 00:26:26,800 --> 00:26:28,959 have European projects that are 694 00:26:28,960 --> 00:26:30,619 focused on privacy and secure 695 00:26:30,620 --> 00:26:31,869 communications. 696 00:26:31,870 --> 00:26:33,969 And um, they 697 00:26:33,970 --> 00:26:34,970 can actually 698 00:26:36,040 --> 00:26:37,540 use their knowledge of 699 00:26:38,770 --> 00:26:41,139 all parties for that. 700 00:26:41,140 --> 00:26:43,299 And I think we also 701 00:26:43,300 --> 00:26:46,059 this is also pushing for open innovation. 702 00:26:46,060 --> 00:26:48,249 All of our material 703 00:26:48,250 --> 00:26:50,349 reports and source code is open 704 00:26:50,350 --> 00:26:52,659 to the public and 705 00:26:52,660 --> 00:26:54,819 everybody can go and take the 706 00:26:54,820 --> 00:26:57,489 claim same structure and use it for other 707 00:26:57,490 --> 00:26:59,109 for other types of applications. 708 00:26:59,110 --> 00:27:01,239 So this is how we yeah, we we can 709 00:27:01,240 --> 00:27:04,179 extend a claim things 710 00:27:04,180 --> 00:27:05,979 now. So we have a bit of time for 711 00:27:05,980 --> 00:27:07,239 questions. 712 00:27:07,240 --> 00:27:08,169 Thank you, sir. Thank you very much for 713 00:27:08,170 --> 00:27:09,170 your time. 714 00:27:17,760 --> 00:27:19,889 OK. We have four microphones here 715 00:27:19,890 --> 00:27:21,989 in the hall, police line up next to them. 716 00:27:21,990 --> 00:27:23,849 Thank you again very much, Mario. 717 00:27:23,850 --> 00:27:25,769 We do have a question from the internet 718 00:27:25,770 --> 00:27:26,759 signal angel, please. 719 00:27:26,760 --> 00:27:27,629 Yes. 720 00:27:27,630 --> 00:27:29,699 As far as I understand, 721 00:27:29,700 --> 00:27:31,919 to use this system, you both 722 00:27:31,920 --> 00:27:34,259 have to do the signing dance just 723 00:27:34,260 --> 00:27:36,599 as with GPP, but also 724 00:27:36,600 --> 00:27:38,969 to ask your friends to give your read 725 00:27:38,970 --> 00:27:41,399 access to parts of their social 726 00:27:41,400 --> 00:27:42,689 graph. 727 00:27:42,690 --> 00:27:44,789 Isn't that even harder to 728 00:27:44,790 --> 00:27:47,459 use in scale than GPG? 729 00:27:48,600 --> 00:27:50,069 Your understanding is correct. 730 00:27:50,070 --> 00:27:52,199 We still need to do 731 00:27:52,200 --> 00:27:54,239 these crazy dancing 732 00:27:55,260 --> 00:27:57,359 and ceremonies and keep signing parties. 733 00:27:57,360 --> 00:28:00,119 If you, um, 734 00:28:00,120 --> 00:28:02,159 if you want to be sure about that, the 735 00:28:02,160 --> 00:28:04,409 other person that you 736 00:28:04,410 --> 00:28:05,789 have the right claim to for the other 737 00:28:05,790 --> 00:28:06,790 person. 738 00:28:08,300 --> 00:28:10,559 Uh, but 739 00:28:10,560 --> 00:28:12,449 we believe that through this mechanism 740 00:28:12,450 --> 00:28:15,239 of, uh, introductions. 741 00:28:17,570 --> 00:28:19,250 It might be it might actually 742 00:28:20,300 --> 00:28:21,890 know. Let's see how it works. 743 00:28:24,170 --> 00:28:26,929 So this is part of the simulations 744 00:28:26,930 --> 00:28:28,729 and the as you can see on that on the 745 00:28:28,730 --> 00:28:31,189 left, we simulate 746 00:28:31,190 --> 00:28:32,990 the complete decentralized scenario 747 00:28:34,790 --> 00:28:38,299 where we just attach 748 00:28:38,300 --> 00:28:40,399 introductions in emails 749 00:28:40,400 --> 00:28:42,800 and we see that it kind of works 750 00:28:44,120 --> 00:28:45,440 without having to. 751 00:28:47,820 --> 00:28:49,169 If you trust the person who is 752 00:28:49,170 --> 00:28:51,839 introducing you to the other 753 00:28:51,840 --> 00:28:53,099 participants in the conversation, then 754 00:28:53,100 --> 00:28:55,319 you can then we say that we can 755 00:28:55,320 --> 00:28:56,320 have. 756 00:28:57,450 --> 00:28:59,939 Egg, a good start to 757 00:28:59,940 --> 00:29:02,279 email. Emails going out 758 00:29:02,280 --> 00:29:04,260 encrypted with the right keys. 759 00:29:08,470 --> 00:29:09,819 Microphone number one, please. 760 00:29:10,990 --> 00:29:13,059 I'm interested in the expressiveness 761 00:29:13,060 --> 00:29:15,189 of your capability based 762 00:29:15,190 --> 00:29:17,439 access model did support 763 00:29:17,440 --> 00:29:18,609 things like groups. 764 00:29:18,610 --> 00:29:21,309 Do you support revocation of credentials? 765 00:29:22,660 --> 00:29:25,209 Do you support delegating 766 00:29:25,210 --> 00:29:27,969 race access, things like that? 767 00:29:27,970 --> 00:29:29,139 You can do all that. 768 00:29:29,140 --> 00:29:30,829 This is a very. Yeah. 769 00:29:30,830 --> 00:29:33,009 Um, you can. 770 00:29:33,010 --> 00:29:35,079 What we do, for example, we say that you 771 00:29:35,080 --> 00:29:36,080 can use a 772 00:29:37,270 --> 00:29:39,189 simple semantics and then you can do 773 00:29:39,190 --> 00:29:41,349 whatever you like, like threshold 774 00:29:41,350 --> 00:29:43,359 replications and or you can build based 775 00:29:43,360 --> 00:29:45,219 on top of our struct. 776 00:29:45,220 --> 00:29:46,209 But we haven't done it. 777 00:29:46,210 --> 00:29:47,210 Not. 778 00:29:47,640 --> 00:29:49,559 Microphone number two, please 779 00:29:49,560 --> 00:29:51,869 use SHA256 for both 780 00:29:51,870 --> 00:29:54,029 lock up and encryption key generation. 781 00:29:54,030 --> 00:29:55,679 How difficult would it be to change it, 782 00:29:55,680 --> 00:29:57,119 provided it's broken one day? 783 00:29:58,770 --> 00:29:59,770 Huh. 784 00:30:00,720 --> 00:30:01,829 Given that we have 785 00:30:02,850 --> 00:30:06,269 a Clinton protocol version somewhere 786 00:30:06,270 --> 00:30:08,549 at the top of the block structure, 787 00:30:10,410 --> 00:30:12,449 that's how that's how you would probably 788 00:30:12,450 --> 00:30:13,970 change it, but it's no it won't be. 789 00:30:16,550 --> 00:30:18,199 Thank you. Microphone number three, 790 00:30:18,200 --> 00:30:19,189 please. 791 00:30:19,190 --> 00:30:21,259 Hi, thank you. Great talk. 792 00:30:21,260 --> 00:30:23,549 I want to ask about a crypto beat 793 00:30:23,550 --> 00:30:25,669 and a 794 00:30:25,670 --> 00:30:27,769 key derivation process. 795 00:30:29,180 --> 00:30:31,819 Why are we using FHA 796 00:30:32,900 --> 00:30:34,489 hash function to derive keys? 797 00:30:34,490 --> 00:30:36,799 Not some key derivation 798 00:30:36,800 --> 00:30:39,459 function like it's codes for 799 00:30:39,460 --> 00:30:40,460 predictive 800 00:30:41,720 --> 00:30:42,900 um. 801 00:30:47,390 --> 00:30:49,579 I think it's for simplicity reasons, 802 00:30:49,580 --> 00:30:50,580 but. 803 00:30:51,800 --> 00:30:52,800 Yeah. 804 00:30:53,180 --> 00:30:54,649 I don't have an answer of that's probably 805 00:30:54,650 --> 00:30:56,089 what you were suggesting is better. 806 00:30:57,350 --> 00:30:59,719 And would you like to discuss about it 807 00:30:59,720 --> 00:31:01,490 later on? Chris, thank you very much. 808 00:31:03,360 --> 00:31:05,399 We have time for one more quick question 809 00:31:05,400 --> 00:31:07,769 from the internet before we have tacos. 810 00:31:07,770 --> 00:31:10,139 Yes. How is privacy 811 00:31:10,140 --> 00:31:12,269 of the social graph, the cross 812 00:31:12,270 --> 00:31:14,069 hashing insured again? 813 00:31:14,070 --> 00:31:16,319 I'm not sure I fully understand that. 814 00:31:17,920 --> 00:31:19,390 The primacy of the social graph. 815 00:31:22,260 --> 00:31:23,460 How do we protect that? 816 00:31:25,110 --> 00:31:28,499 The privacy of the social graph, 817 00:31:28,500 --> 00:31:31,039 the cross hashing, how is this insured? 818 00:31:33,630 --> 00:31:35,649 OK, so if you take a look at when we add 819 00:31:35,650 --> 00:31:36,650 the claim. 820 00:31:38,450 --> 00:31:40,579 The actual content 821 00:31:40,580 --> 00:31:42,140 of the claim that we put in our 822 00:31:43,850 --> 00:31:46,309 medical traffic studies is encrypted. 823 00:31:47,490 --> 00:31:49,319 And it does not like any information 824 00:31:49,320 --> 00:31:52,259 about the label or the content 825 00:31:52,260 --> 00:31:53,260 of that claim. 826 00:31:54,510 --> 00:31:55,510 So 827 00:31:57,600 --> 00:31:59,789 and because of the capability mechanism 828 00:31:59,790 --> 00:32:02,279 of allowing 829 00:32:02,280 --> 00:32:04,380 only a specific number of readers. 830 00:32:05,520 --> 00:32:08,399 To read the specific crosshairs, 831 00:32:08,400 --> 00:32:10,679 I think that's how we achieve 832 00:32:10,680 --> 00:32:11,849 the purpose of the social graph. 833 00:32:16,050 --> 00:32:17,699 Thank you to everyone. 834 00:32:17,700 --> 00:32:20,099 Sadly, we ran out of time, but Mario 835 00:32:20,100 --> 00:32:22,139 will be here for a little while longer so 836 00:32:22,140 --> 00:32:24,419 you can catch up with him over a drink 837 00:32:24,420 --> 00:32:25,739 or a beer. 838 00:32:25,740 --> 00:32:27,359 Well, thank you again, Mario. 839 00:32:47,560 --> 00:32:48,560 The.