Epicenter - Learn about Crypto, Blockchain, Ethereum, Bitcoin and Distributed Technologies - Devcon Panel – Censorship Resistance and Credible Neutrality
Episode Date: October 14, 2022Bonus Episode: At a side event at Devcon in Bogota Colombia, Friederike moderated a panel discussion on censorship resistance and credible neutrality with Phil from Flashbots, Patrick from Infura, Seb...astian from HOPR, Martin from Gnosis, and Sreeram from EigenLayer. We dove deep into what credible neutrality constitutes, whether it needs defending, and if so how we should go about it.Topics covered in this episode:Introduction to the panelWhat is censorship resistance and credible neutrality?When has Ethereum been or not been crediably neutral, and where is it todayRecent cencorship instances in the spaceThe roadmaps for more credible neutralityEpisode links: DevconThis episode is hosted by Friederike Ernst. Show notes and listening options: epicenter.tv/B007
Transcript
Discussion (0)
Welcome to Epicenter, the show which talks about the technologies, projects, and people driving decentralization in the blockchain revolution.
I'm Friedricha Ernst, and I'm coming to you from Bogota, where DevCon is happening this week with a special bonus episode.
I moderated a panel on credible neutrality, and you will be listening to the audio track for that.
We didn't plan on this, but the discussion was so good, and in this case, that means so controversial, that I decided to release this as a bonus episode to you.
On the panel we had Sebastian Bergel from Hopper, who was on a regular episode two weeks ago.
Phil Diane from Flashbots, who has been on before as well, and Martin Koppelman from Noses,
who has been on before as well.
Patrick McCorry joined for Infura and Three Ram Cannon joined from Eugenlayer.
Martin had given a lightning talk previously, so I skipped him in the intro round on the panel,
but you will hear him in due time.
I give you some background to the heart of the discussion, though.
A couple of weeks ago, a number of smart contracts related to the tornado cash were put on the sanctions list by OFAC.
We did an episode on that at the time with Peter Van Valkenberg from Coin Center.
The move itself is debatable because in principle, technology should not be able to be on a sanctions list.
But in response to this, a large number of ecosystem players stopped to interact with any address that had tornado touchpoints in the past.
Uniswap, Aver, D-YDX balancer, the list goes on.
Infura stopped serving requests for tornado addresses.
FlashBots, MEV boost that currently builds half of all Ethereum blocks,
stopped including tornado touching transactions into any block they're building,
effectively censoring tornado transactions from every other block,
and this number is going up like crazy.
So all of this is highly problematic.
And this is why we talked about credible neutrality on this panel.
Please enjoy it.
Thank you guys so much for joining us for this panel.
It is a discussion on credibly neutral systems.
And before we actually dive into it, let's get very brief introductions.
And I mean like elevator brief.
Maybe we can skip Martin.
But let's start with Sri Ram.
Hi, everybody. I'm Sri Ram. I'm founder of this project, EigenLayer, which lets you build new innovations on top of the Ethereum Trust Network by using this mechanism called restaking.
Yeah, my name is Patrick McCory. Historically speaking, I'm a researcher, but now I'm an intern at Infura.
Hi, I'm Phil. I'm a CS PhD student at Cornell and a steward of FlashB, and I am addicted to M.EV.
Hi, I'm Sebastian, founder of Hopper and Sanivized MixNeds for private data transport.
And recently we're working towards private RPC providers, call it RPC over Hopper.
Fantastic.
So before we dive in, I expect there will be some contentious topics here today.
So if you feel you want to say something to one of the other panelists, just jump in, okay?
Don't let me, you know, don't make me call your name.
So, fantastic.
So when we talk about credible neutrality, in a nutshell, what would you say that means to you?
So what's credible neutrality to you, Sebastian?
So credibly neutrality to me is the inability of third parties to influence the system in any way,
directly or indirectly, and I think that's important.
I actually don't know what it is, to be totally honest.
I don't necessarily fully believe in the meme, so maybe I'm going to add some spice to this panel.
I think it's a nice idea, and it implies a lot of nice things that people want, and that I agree are
good.
Like, you know, I think censorship resistance is great.
By the way, disclaimer, these are all my personal views, not the views of Cornell or flashbots.
But I think all these implications are great, but the devil here is in the details, and like,
can you really build a system where like third parties can't, you know, do things in kind of ways,
that they might and do even want to, because sometimes you want third parties to be able to
make choices or express preferences.
Those are open questions I have, so I'll be pressing on those more soon, I guess.
There are many words that, to me, mean the same thing.
Censorship resistance, permissionless innovation, credible neutrality.
But yeah, I think it all boils down to what you said, that if you build an application on top,
of such a credible neutral system, you can be assured that the rules of that system don't suddenly change against you.
Awesome. Just to clarify, my opinions are my own and not infurious as well.
So, that's not out there.
So in terms of being incredibly neutral, I mean, Google had this old slogan, you know, we won't be evil.
You know, we will do our best to ensure that everyone has equal access to the system and we won't abuse the data.
But when a nation state knocks on your door and says, oh, well, you know, if you don't start centering this transaction, then we're going to do bad things to you.
And so to be credibly neutral, you have to have this response to say that I can't, you know, follow the instruction that I was given by this nation state or this all-powerful adversary.
So you won't be evil.
You can't be evil.
It's just impossible to be evil because otherwise you'll get slashed.
you'll be removed from the system.
So credible neutrality is really,
you just can't follow the instruction without self-harm,
and it becomes like an M-A-D, you know.
I'll express my views on censorship resistance.
So if you look at what a blockchain is doing,
it's actually freezing something temporal into something eternal.
You have transaction flow, which is temporal,
and the core aspect of the blockchain is to harden
and this transaction flow into something that is frozen and perpetual
so that a future can then come and see what happened at that time.
So the way I look at a blockchain is essentially as barring testimony,
as bearing eyewitness to the happenings at that moment.
And censorship resistance is the ability to provide this service
without discrimination to what was actually happening.
You just stand there as a neutral observer and see what happened there.
and record it. That is censorship resistance. And there are some very powerful properties
downstream of this censorship resistance, which is, for example, what I call meta-sensorship
resistance. What is this meta-sensorship resistance? We talk about censorship resistance
for transactions, but there is also censorship resistance for the ability to deploy new functionality
on top, which leads to permissionless composability. So if you build a system which has
which does not have the meta-sensorship resistance,
which is the ability to deploy new features on top,
that is again a degradation of censorship resistance.
Why do we want this?
In our view, why you want this is the entrenched parties in the system.
So we want to build a world where there is open competition on almost everything.
But the entrenched parties in the system need to be credibly neutral
in order to make sure that there is open competition on everything else.
So on a base layer of censorship resistance,
you can build competitive systems on top.
But if the entrenched layer itself is behaving in self-interest,
they can ransick the heck out of the whole system.
So everything we are building here crumbles
if you don't have censorship resistance.
So, you've used censorship resistance as synonymous with credible neutrality.
would you guys agree or do you see a difference?
I have a question which is how are the rest of the panelists defining censorship resistance?
Because when I think about this, I think of like old school academic definitions
where it's like if a user has sufficient incentive to include transaction X in a block,
there's some censorship resistance parameter delta where like within delta blocks the transaction will be included.
Is this like our operating definition or are there disagreements about it?
I can give like two breakdowns to it.
I think there's two different forms of censorship.
one is the clear case.
The block proposer wants to stop the inclusion of this transaction at all cost.
No matter what, if that transaction gets included, the block gets dropped.
And if you're a majority block proposal, you can single-happily do this.
The other one is just delaying the inclusion of it.
So maybe you don't have a majority of the hash rate or the validators.
You only have one-third or less.
But you will do your best to delay is inclusion.
I think even delaying it for 10 blocks, 20 blocks, 30 blocks,
That is still a form of censorship, but this is not as harmful as full censorship.
So very similar.
I would say that it is probably better to use the term incredible neutral,
or at least that's what is, in my view, important.
That is not just the censorship resistance,
but to go a step further and to say transactions are treated equally.
So it's not enough to say, well, if you are well, if you are well,
willing to pay sufficiently, then you will eventually get included.
But I would say to be credible neutral, and then it's maybe better to specifically use that
term and not the term, censorship resistant.
I would say to make the claim, the system is credible neutral, it would need to have the
property that, yeah, kind of if there are two transactions and they pay the same fee,
they should be treated equally.
And that's currently not the case on Ethereum, unfortunately.
Cool.
are not cool
but
I mean maybe a way
to phrase it is that maybe credible neutral
is the goal that you want to achieve
but to do that you need a censorship resistant mechanism
in order to allow it to be
credibly neutral
or maybe to say
kind of censorship resistance
is the
maybe credible neutrality would then
be even a step above censorship
resistance and you can say
but you certainly need to be
you certainly need to be
censorship resistant to be credible neutral, but yeah, kind of again, a step further.
Just to clarify why I use the word censorship resistance, I think there is many different
layers in which you can be credibly neutral. And we are talking specifically about transaction
inclusion, and I would agree that the standard that we really want is that
irrespective of the content of the transaction, when I said that you're bearing testimony
to what is actually happening, irrespect of the content of the transaction, you are actually
treating all transactions equally. So that would, I would agree with that as the definition.
But I view credible neutrality as a principle which transcends transaction inclusion. It is a more
basic principle. And as an example, we are talking about transaction inclusion. I would agree.
And I also think that if you talk about credible neutrality, it kind of reframes the entire issue,
right? So basically, if you talk about censorship resistance, it's always kind of the, you know,
you have this image of, you know, like spies or whatever,
and, you know, people who do evil things,
and basically credible neutrality is just creating a base layer
that belongs to no one and hence belongs to everyone, right?
So basically that's kind of, as an opinionate.
I mean, for me, it gives me, like, Switzerland during World War II vibes,
and, like, I don't know if that's good.
Like, I don't know.
I just, so I guess question, like, in y'all's views,
like, when has Eith been or not been incredibly new?
neutral and where has it been in the past on that spectrum and where is it today basically?
Would be curious.
I would say it used to, I would say probably two, three years ago that statement that I made
was true that if your transaction, if there would be two transactions and they would pay the
same fee, they would be treated equally.
Would the Dow Hacker agree?
Yeah.
I don't think that's true.
I disagree.
I hear you.
I mean, no, of course, of course.
It was the Dow event.
And in that case, Ethereum was clearly not credible neutral.
I mean, there's no question about it.
But since then, yeah, I mean, back then I was certainly also in favor of doing what was done.
And probably, yeah, if today there would be an issue, let's say, was something where,
15% of all the ESA would be affected.
Let's say, I don't know, the wrapped ESA contract would be, had an issue.
I would probably also be in favor of kind of hard-falking
if it would be possible in such a clean way as it was back of the day.
But yeah, but now I think we lost that.
And of course there are reasons why that happened.
and maybe I guess you would claim they are, it's inevitable that that happened.
I would say there could have been and maybe should have been several,
or there are, in my view, many options that are not explored or not done
that could try to come closer to this goal of, or at least, maybe you should start to say
kind of to each in the round,
is it a worthwhile goal to
kind of have this credible neutrality?
And it seems like you're saying it's not.
That's not what I'm saying. I'm saying the meme
is not clear to me. And I think if you use it
to make choices, it will lead you to suboptimal
outcomes because there are clearly cases
where the community wants to make a choice,
right? And like people also have the right
to make choices. So to me, like,
there's also a subtlety here. Maybe I want to get into
with the panel, which is the definitions you all gave
were kind of technical. Like you have TX1,
TX2, if they pay the same fee, their
credibly neutral. What I was understanding from, like, you know,
the Talix kind of writing on this in the general, like, diaspora is it means more that,
like, people believe that the system will, like, treat them fairly. Like, that's the
credible part. And that's not necessarily the same as, like, these two transactions that have
the same fee get mined at the same time. For example, the people who invested in the Dow
may not think that that's the fair model. So I'm kind of trying to, like, challenge low,
I'm not trying to troll you too hard. Yeah, yeah, yeah. No, I feel like, I can just jump in quickly.
There is two aspects to this.
There's the day-to-day operation of how the transaction system works,
and there's the backstop and the social consensus
to socially recover bad situations.
So let's say there was a mass-slash-an event
because it's a zero-day exploit in a consensus client.
Will that be reverted or not?
I believe it will be, but a lot of people say it won't be.
That's sort of the backdrop of the neutrality.
No, I just wanted to get back to what Martin said
that a few years back, you know,
maybe Ethereum was credibly neutral.
I would say I don't necessarily agree because, you know,
the system was in some regards easier to capture than it is today.
So for me, censorship resistant is one necessity for getting to credible neutrality.
And in order to get there, you know, we need decentralization and privacy, actually.
And, you know, both parts were actually less advanced than they are now.
So, you know, I think since the launch of the beacon chain, you know, having more client diversity is a great achievement.
Of course, we're not fully there yet, but there are some points which, yeah, I wouldn't say it was necessarily better than.
Maybe let's bring this into the very concrete.
So recently we've seen instances where credible neutrality has clearly been breached.
So I'm thinking, for instance, of the tornado cash sanctions that kind of led to several defy projects no longer touching address.
that had previously interacted with tornado cash,
infura no longer serves tornado...
Two elephants in the room here.
Yeah, FlashBats sensors tornado cash transactions.
So is the community dealing with these issues in the correct way?
What do you say?
So maybe let me take this first.
In my view, it's not that FlashBots the project like is intended
or the goal of the project is to censor.
Ethereum or anything like that. I think we look at the game theory of how can we most effectively
achieve our strategic aims, which are basically ensuring MEV doesn't centralize ETH in like today's
model. So from that perspective, like, yes, we do censor certain transactions. No, we do not want
long term to like have the ability to impose censorship on ETH. That's like a very hard line for us.
Like we won't step into that position. And again, it's arguable about whether it's already
happening or not. My personal belief is it's it's not.
The other thing is, like, you have to look at this game theory, right?
You have companies that are providing services,
and they also have, like, choices to make and, like, certain rights.
So, like, if you're a validator in the U.S. and the government comes knocking
and says, like, look, you have to remove these transactions
or you have to shut down or you have to go to jail, right?
What ultimately ends up happening if we, like, throw up the middle finger immediately,
is that all of those validators will be shut down
and it will move elsewhere, the same thing that happened in China, basically.
And to me, this reduces the robustness of the effectiveness.
Ethereum network, it reduces the censorship resistance. Ultimately, what we need is geographic
diversity. And ultimately, if everyone in this geographically diverse system, you know, agrees to
like build blocks a certain way, like, it's above my pay grade to try to stop them to an extent.
So our philosophy is to provide paths and try to decentralize and build as much competitive,
globally competitive infrastructure as we can. That's why we're open sourcing a lot of our stuff.
That's why we kind of de-vertically integrated our client after the merge with that boost. And we're
going to keep kind of aggressively pushing towards that direction. But at the end of the day, like,
you have to be realistic as well. Yeah. And just the throw in here for the flashback angle off
at a flash spot angle. You know, centers of censorship resistance, you need to have like a good
granular definition of it as still the same before. So if you're a block proposer, there's two
ways you could prevent the inclusion of a transaction. Either I just don't include it in my block
and that's what's happening in a flashbots today. You know, I propose a block. It's missing the
transaction because the relay just didn't give it to me. But if there's another block,
so one, I don't include it in my block. Two, I have to pick a block to extend. There has to be
apparent block that I extend. If that includes the centered transaction, but I extend it anyway,
then you're not censoring the network. You're just censoring it from your own block. So that's
more like a delay. You're delaying its inclusion, but you're not censoring it. Because as long as there's
one honest party, it will get included eventually. But where do you stop? So can you attest to a block
that has a tornado cash transaction in it?
Plus what happens with T-WAPs that might have, you know,
catastrophic failure modes if certain transactions do not get included.
So I think it is not fair to say that, you know, delaying things,
it's just delaying things that's not censorship.
It might have catastrophic failure modes in some, you know, apps.
I actually disagree with that.
I think if you're not building around like short-term censorship,
you're completely insecure even in like a completely honest network.
because if someone, a single block producer has a few blocks or like one person with substantial
hash power decides to attack you. Like you need to build your parameters such that you're
including enough of a set of miners that it gives you the guarantees you want. And like once you've
done that, you won't have that. So what is enough? What? What is enough? I mean, that's like up
to the parameterization. MakerDAO auctions are a good example of that because they were 10 minute
auctions and it blew up and now it's like six hours. Exactly. But of course, like what is enough
very much depends on the question of in, well, if you say previously, like, let's say 10 blocks were enough,
but then let's say you move to a situation where suddenly 80% of the, or let's say just 50% of the validators
kind of don't include your transaction, then suddenly it means, well, now 20 blocks are enough,
but the issue is you don't know kind of whether it's 50% or, I mean, I feel like having,
having that, yeah, I kind of having this additional uncertainty about, yeah, again, whether the,
whether the network will, how it will treat your transaction will make it kind of impossible
to determine this parameter, what is enough.
It's a hard problem and it's something you have to continuously adjust, but that's the case
anyway, even when we've seen congested fee markets where your application might just be censored
by not being able to pay the fees for a while.
Yeah, and that's always something you need to kind of react to, right?
have important concepts like the base fee and kind of where that is an important piece
why it's, yeah, you can at least measure that. So you can measure congestions somewhat objectively
those extra or those other forms of not including transactions that's much harder to reason
or measure, I would say. I don't think so. I think it's very easy to reason about what percentage
of blocks today don't have tornado cash.
There's a dashboard on it online.
Also, if you think about the ultimate security trust assumption,
if you're just delaying inclusion,
you rely on one honest validator.
You know, that's a good trust assumption to have.
If there's a full outright censorship
and they're not extending blocks with central transactions,
then you rely on the honest majority.
So there are two different cases that should be considered separately.
I also think an interesting point is like if you do have validators that are choosing,
because ultimately this is a validator choice,
how they build their blocks,
to not include certain transactions, that increases the revenue for anyone who's like willing to adopt the opposite policy.
So essentially it's a subsidy for the network, a self-healing subsidy, away from censorship,
especially if the systems are designed appropriately.
I would say that the argument, like the example that we started with, you know,
kind of doesn't support your point because like tornado is an application that didn't have a shit lot of transactions, right?
So the subsidy that you get from it, like the MEV potential and so on is minimal.
So you're basically censoring like a large, you know, very interesting set of use cases.
And, you know, you do not actually provide significant upsides for anybody to take up these very few, very little value transactions.
I feel like I'm trolling everyone here, but this is a misconception.
Like MEP is not proportional to the number of transactions.
It's proportional to how much those people are willing to pay to not be censored.
And if there's like an active censorship going on, that number will increase.
So you have to.
So you think it's an okay idea that, you know, 90% of people kind of censor it.
and therefore, like, my cost of a tornado inclusion goes up by 10x?
I think if that's the validator choice, it's, like, not unethical for them to do that personally.
And I think, like, you know, there are degrees, right?
Like, it's a question of, like, what is the X?
It's like a utilitarian calculation.
To me, it's, like, a fallacy to think that, like, every validator will ultimately
choose to include everything, especially when today one of our largest validation pools
is a regulated U.S. exchange.
And I expect that will, like, continue in proof of stake.
So I don't see an alternative, really.
Oh, I mean, there are plenty of alternatives.
So, I mean, just to mention one is, of course, this idea that you can commit to transaction inclusion
while transactions are still encrypted.
Well, this is a bad user experience.
No, I mean, then you can just ask people to, like, K.YC or endpoint and still censor it, right?
There is no, privacy doesn't solve this issue, ultimately.
Like, the government's not going to say, like, oh, this is private, we're not touching it.
That's also a fantasy.
I feel like what Flazma should have included was the CR list.
in their implementation.
Yeah, so I can't, again, these are all my personal views
on this panel, not a flashbot.
But we did actually, you know,
we do extensive work on this with the key stakeholders
in the industry.
And like, again, like, I think more will come out
about this soon, basically.
I would have to push back here, so,
because in my understanding, it's absolutely not clear
that as a validator you even have,
that obligation to censor those transactions. I mean, in my understanding, it is even allowed
for U.S. persons, or there is a way for a U.S. person to get permission, essentially, to withdraw
from to NATO in specific situations. So if that is even allowed, then it needs to be allowed
also for validators to include this transaction.
I don't agree with your analysis and I think this is one of the things that like
kind of annoys me the most I mean I don't agree that like it's currently clear in like
the legal game theory that validators have no obligation to censor transaction let's
start with the first part so you agree it is or the law says you I don't want to
get into legal analyses that's like not the direction I want to go in but like I want to
make a meta point which is like a lot of people here are looking at other people's
actions and saying like here's my legal analysis of it and like I
you're not really in the position to make that call like their lawyers are, right? So like, it's easy
to look at a coinbase and say like, wow, you don't have to be doing this, you're going overboard,
but they don't want to over comply, right? They're talking to their lawyers and they're like getting
advice and like, you know, our legal understanding as a community doesn't supersede like their
risk calculation against going to jail or like having their company liquidated. So like we do
have to respect people's preferences as well in that in that regard, I think. Do you think validators
have a moral obligation to serve everyone? I mean, obviously you don't, but I mean, I don't. Like, what
if you have a validator that says this is a transaction that has like some really morally offensive
content to me? And if I don't mind this, the community is going to slash me, right? Like, is that a good
position to be in? Is that what we want for our validators? No, I, I see your point, but say, for instance,
what do you have said the same thing about kind of delivering mail or kind of connecting phone calls?
based on whether you like the person or not.
Delivering mail is not censorship resistant,
and neither are phone calls.
You can't ship crack in the mail, right?
I mean, if I were to say as a postal carrier,
look, I will generally deliver mail,
but not to African Americans, or not to, you know,
I think getting into the details of like
why things are not being delivered is a whole separate argument,
but the mail is not censorship resistant
and neither are phone calls.
Like you can be censored on those.
But should they be?
Can I jump in, sorry,
there's just some of us going on there,
there's a very fire pit.
So I think, like, theoretically speaking, it should be based on the fee,
but empirically speaking,
like censorship has always been an issue in cryptocurrency.
So if you consider Bitcoin,
Luke Jr. tried the ban Satashi Dice
because it was spamming the network back in 2013.
Many miners were notorious for making deals
with very large exchanges
to make sure their withdrawal transactions
would always get processed,
even if they couldn't pay the fee at the time.
Now, the difference is that because, I mean, one,
and there's way more validators now,
so it's very difficult to trust the five people
who are basically ordering transactions and proof of work.
And now this is why the flashboss issues come up
because it's a less trusted system,
you actually have to build a real trust-free,
maximizing the trust-free protocol
between the relay and the block builder.
So it's, yeah.
So basically, empirically, has always had this issue.
It's much more evident now.
I agree, and there's like many edge cases here.
Like he's selling block space futures
and then mining something lower fee later
because you've committed to it?
Is that censorship?
Or is it not credibly neutral?
Is if you're a mining pool,
putting your withdrawal transactions first
and having zero fees on them
because that's what they all do?
Is that not credibly neutral?
I mean, it's not, right?
So ultimately, to me,
we need to realize that people have preferences
and they need to be respected.
So you would say it's kind of expected
that, let's say, you are large decks,
or there are two competing decks,
and one will eventually say,
okay, let's do a deal with validators.
to say, kind of, we get generally preferential treatment.
That's just how it is, and that's how.
I mean, it's even worse now because, like, that's the theoretical model around the transaction fee
was that the miner, we pick up all the fees, and that was their main source of revenue.
We're actually, in the theory, we burn all the fees.
You get this cost and issuance, so you don't really care about the fee market as much
anymore, so it has a less of an impact for, you know, deciding which transactions I include,
because I'm just getting tips.
it's not a major short of my revenue anymore.
I have a question for the people pushing credible neutrality,
namely Sebastian Martin and three around here.
Do you guys think that credible neutrality
needs to be enshrined in the technology itself,
or can it also be a societal consensus
that people behave in a certain way
or validators behave in a certain way?
My view here is,
I think Patrick was alluding
earlier to the idea of don't be evil to can't be evil. And I think we need to make sure that
technologically it is impossible or difficult to break credible neutrality. I think societal ways
of enforcing it lead to only further conflict. I think it's not going to be easy to enforce
censorship resistance in a societal way. Ideas like, for example, you know, we, I like, I like
the way that you are described, credible neutrality as a better way of phrasing it, just like
net neutrality, right? Like, you just want to send, you're a common carrier just sending packets
through. And we need to get to that model to actually make sure that the core function of validators.
I think I don't even like the word validators. I think it's a very bad word. You should call it
consensus nodes. Because, or even better witness nodes, they're only bearing witness to a certain flow
of information. This should be their official duty. They're not validating any transaction. They're just
sitting there and observing a certain transaction flow and recording it for perpetuity. And their liability
and duties end there. They're purely trading in information. They're not trading in value.
The attribution of value to that information should be separated from the construction of an information.
flow. And the blockchain is purely a construction of information flow that has been recorded
for perpetuity. And things like transaction encryption actually make it technologically more
feasible to actually get to a system like this. So I think credible neutrality should be more enshrined
by technology. And the core function of the blockchain should shift or the consensus nodes
should shift from validation or execution or other things
to just barring testimony to information flow.
And in which case, you're protected very strongly.
It's just you're trading in information.
And that's really the main thing which cannot be objective.
The only subjective aspect,
and the only reason we need a blockchain to begin with,
is to freeze this subjectivity.
If there is no subjectivity, everything is just execution.
I'll just do zero knowledge proofs on my server,
and then send you proofs.
The only reason we need a blockchain
is to resolve this liquid,
temporal, fluctuating thing
into something solid for the future.
And we should build blockchains
whose consensus nodes' main feature
is to bear witness to this flow.
Yeah, I would certainly say
I'm not willing to give up on the idea
of having a credible, neutral platform.
I think it can be done
for Ethereum, but we will certainly try to push as hard as possible on Nosuchstein in that direction.
And I would say the list of potential ideas of how to do that is long.
So we are starting with, from the very beginning, putting a lot of effort in making this diverse, geographically diverse validator set with many kind of
validate from home
people
there is this option of this
shutterized beacon chain kind of the idea
of
privacy or
encrypted transactions
there are ways
to on chain objectively
measure
censorship and you could
have rules to
yeah kind of to then do
automatic slashing based on that
objective measurement and
Furthermore, there are several potential ways to reduce the freedom of a validator of a builder to build a block.
I mean, super simple one would be to say you need to sort transactions by fee,
but there are also ways to kind of sort them pseudo-randomly.
But anything that reduces the,
anything that reduces the freedom of the builder
or of the validator to produce blocks will reduce MEP to some extent.
And yeah, with those, yeah, a bunch of different categories,
we will push as hard as possible to achieve,
or to come as close as possible to this credible neutral base layer.
Yeah, I don't think it can be directly kind of enshrined in technical solutions,
this credible neutrality, because to me, credible neutrality is a goal.
And this goal has some paths to get there, and, you know,
those are, some of them are technical, like Shutterized Beacon Chain is one of them.
But the other one to me is kind of on the social side,
On the social side, now I get to troll, fill a bit back, it's like, let's stop being naive, right?
It's stop, like, thinking in our tiny little comfortable box where we get to think about, you know, game theory.
And it's, you know, maybe not, like, Yolo Incorporate Delaware LLC just because it's the most convenient thing to do.
It's not host domains that end on something.com, just because it's the most convenient thing to do and make ourselves capturable, right?
And making ourselves captrable is something that is just we see now, you know, well, you make yourself captrable because you stayed in your little convenient box.
And, you know, now we, you know, find out, right, as people say.
So I would say this is something we really have to tackle.
We have to be serious about it.
And maybe a positive shout out in the end is, you know, there's people who are working on that.
And that is, yeah, actually removing these single points of failure.
Liquity is, in my eyes, one great example, to remove these central choke points as, for example, the front end and decentralized properly.
So if we take this seriously and if we actually strive for that, I think we will end up with systems that overall are much more credible neutral than what we have today, where there are some like violent regulator, which happens to be called Uncle Sam, that, you know, comes after us and we say, oh, we are very surprised about that.
Do I get to respond or is it a censorship situation here?
Three people captured.
I'll make it quick.
I promise. I myself, I'm not in the habit of censoring people.
Okay, great.
So Sri Ram, two things on your points.
Number one, I disagree that we have net neutrality,
especially when it comes to OFAC.
So I think that meme is great, and I love the comparison,
and I totally agree with it.
But Gmail censors OFAC.
You know, Google censors, oh.
So do many, many.
Any Web2 company is under this regulation, right?
So like we as a society, yes, we want this, but we've also accepted the trade-off.
So like let's be realistic about where we are.
And like that this will be another instance of like the same pad blockchains because like
we are not above the law, right?
That would be fantasy land.
The other thing I wanted to just troll you a little bit on and probably only you will get
this is like I don't agree that you can separate the like information transfer from
the value flow.
I think in these systems that they're one and the same and this like relates to this crystallization
of like state process you talked about.
But we can go deeper on that.
later because I don't want to take up all the time. The other thing is like, so I think making tradeoffs,
for example, in Nosis chain that like increased credible neutrality, that sounds great. And like,
I'm not opposed to any of those things. I would love to experiment with all those things, like,
amazing. On the other hand, they imply tradeoff preferences. And this is why I was kind of drilling
into this definition, because it might be the case that, like, if you achieve this technical definition
of credible neutrality to many other people that makes the mechanism not credibly neutral,
right? Like, it's not just because you have this technical notion that true transactions pay the fee
that get in, that like some random person sampled from the population will say, like, yes, this is
credible to me that this is neutral. That's like a separate social property that we need to be
careful about conflating. Anyway, trying to go rapid fire. And yes, I agree with you completely in your
trolling. I think Flashbots is not trying long term to build centralized infrastructure. We are
trying to build decentralized infrastructure. I want to be super clear about it. I think the criticism of the
path, it's valid and like the success the path has had. I think the counter argument would be like,
this is a rock and a hard place situation of like there are doors to knock on. And is it going to be
flashbots or is it going to be the validator? It's basically the choice when we incorporated
Delaware LLC that we were facing. And I do stand by the choice we've made. I don't expect the
community to love it. I expect that the community will keep trolling us and pushing back on our actions
and like our actions will need to like be above this kind of, you know, be kind of respond to this as well.
like we are going to do that. So no trolling, love it. Amazing.
So Phil, tell us about the roadmap for, you know,
venturing towards, you know, a more credibly neutral place.
Sure. Decentralization, global competition,
and by decentralization, I mean of economic power in the market,
and of technology as well, global competition, and also like engaging with everybody in the community,
everyone in this room, everyone on this panel. Yes, also the regulators,
yes, also the validation community, everyone who's a stakeholder in this industry.
Because I do believe, like, the pie is bigger when, like, people can cooperate.
That's ultimately what we're trying to build here.
That's what the Internet is trying to build as well.
And I think, like, really, the entire community is the line behind it.
So that's the roadmap.
If, you know, if you want more specific information, all I'm going to do now is pump my talk
on Friday.
So we will drop some alpha on you there.
Yeah.
We'll come to your talk with more questions.
Sebastian, tell us about Hopper and how you're trying to get to credible neutrality.
Yeah, so as I said, to me, censorship resistant is one requirement for neutrality.
And censorship resistant needs decentralization, which everybody talks about, which we all love.
But a decentralized world needs privacy much more than a centralized world.
And that's something that many people don't realize.
And we only start to realize that now.
So, you know, the trust assumption of the web two, they are kind of okay, right?
I like to bring this example of Facebook and us uploading random stuff to Facebook.
That's okay, right?
Like you don't find, like, really embarrassing pictures of yourself on the billboard across from your home, right?
But that trust assumption doesn't work on the Web 3, which is not protected by any laws and regulations.
So the only thing that actually protects us in the Web 3 world that is fully decentralized
is strong privacy tech.
And that's what we built on Hopper, at Hopper in the most fundamental layer, not all this fancy on-chain stuff, that's all great.
But even the most private chain does need transport privacy.
And yeah, that's what we built at Hopper with this mix net.
And, you know, one point that I like to also point out, because we talk a lot about validators, it's like, you know, if we don't have validator privacy, it's going to be a whole lot of weird stuff that will happen.
So even if we have a single secret leader election, you know, maybe I can't, like, you know, knock out in a targeted fashion, Phil's validator.
But in a targeted fashion, but I can still just troll him, you know, because, you know, and Phil likes to get trolled.
And, you know, I find it funny to just dedos him all the time.
So even with SSLE, we do need some fundamental error of privacy.
It's a hard problem, especially when we talk about the tradeoffs, for example, of latency versus privacy.
So lots of work ahead there, but I think it's an absolute necessity to get us in a direction where we, I think, all want to go.
Patrick, tell us about infura and...
In Fuera?
Yeah, I heard your interning there.
Well, Enfure is no longer the master note, so I'll start with that.
No, as a joke.
So obviously, infur is a way up to your company, and it is following the OIFAC sanctions,
and obviously now allowing people to send transactions to...
to tornado cash. So infura is working on the new goal for decentralized
infura, but the goal of that isn't necessarily censorship resistance, but I think
there'll be a side, you know, a side effect off it because if you have a
federated network of I don't know 10, 20, 30 different known providers,
they'll be reasonably, you know, reasonably, you know,
geographically be distributed and you'll hopefully get that for free. But infura is
mostly just running out and you're focusing on redundancy and reliability. You know,
I'm sure you've all seen the metamask out each of them.
that we don't like to talk about.
But that's sort of inspired decentralized and fear,
because we want to make sure even if we go down,
metamastow works.
So that's sort of what I'm Furious focusing on right now.
Thank you.
Shrearam, what about you and EigenLayer?
EugenLayer is an add-on layer to Ethereum,
so it cannot increase Ethereum censorship resistance
in a basic way.
But we do think a lot about how we can contribute
to potentially increasing the censorship resistance.
Before I talk about I earlier, I just want to address Phil's point on between value.
He's been saying you're waiting for it.
Between value and information.
Because I think at the end of the day, Gmail may have the sensor,
but optic fiber companies may not have a sensor, what is going through.
And this is the right layering that blockchains be treated like optic fiber companies,
especially if it is not even feasible for them to look into what.
is going on inside. And I'm not saying, therefore, that we will get value censorship resistance.
There will be information, censorship resistance. It's different from value censorship resistance,
because value needs, what we need to do is to push more agency to agents, and the system
should not have any agency. And what is an agent, you know, a company which is trading on top
of this blockchain as an agent, a user who's receiving money from somebody else's
an agent. They are counterparties to somebody else. They should be able to express their rich
intersubjective preferences on who they want to deal with and they will take the liability.
So it's exactly like when it's a matter of layering and restricting the scope of what is
happening at different layers. Answering the question on what we can do to increase censorship
resistance. We had this proposal on how we can potentially let plot proposals.
subscribe to additional ordering constraints by restaking on eigenlayer.
So when the block proposers are restaked on eigenlayer, they could potentially participate
in different kinds of markets, which potentially, for example, including things like
distributed relays, distributed building, there are different things you can build on top of that.
I want to add one more point on a different way of achieving censorship resistance, which is
to give more agency to light nodes.
We talk a lot about light clients in the Ethereum community,
but only in the context of validating safety.
But I think the real, real value of light clients
is actually in their ability to add to censorship resistance.
Because, you know, they are the most widely distributed,
and if you're that in every single phone.
And if they can contribute back to censorship resistance in various ways,
that would be something which is quite preferable.
How would they contribute to censorship resistance?
So these are schemes we are working on internally, but the core idea is something like, for example, everybody who's holding ETH in their wallet can be, you know, for example, their light node will be randomly sartitioned into an ability to contribute to the next block.
And this is transmitted widely through the network, so everybody knows that this is like a censorship CR list initiated at light nodes by random.
So you're just running a very, very light thing in your wallet.
And as long as you hold heat, you're eligible to be randomly sorted in, and you propose a
transaction and float a mini block that then goes around through the network.
So there are many ideas for how one could do this with very light clients.
But the meta idea here is that we should look deeply to how we can tap the very edges of the network
to contribute to this censorship resistance.
rather than only a few validated notes who are at the center.
I think the other thing that is missed in all this discussion is,
you know, we are, you know, flashboards things a lot about, for example,
how to not let the network centralize,
because there is no natural drift to decentralization.
There's only a drift to centralization.
How can we enshrine the drift to decentralization
is something we should think about much more consciously,
rather than only making it at best neutral.
A central network is obviously as good as a decentralized network
in every objective metric and is better in some ways.
And this can't be the way, so we can't keep patching more and more and more.
So I think that's a bigger issue that we all have to deal with
is how to enshrine decentralization.
If we think it's a valid principle,
if we think that is sufficient for one node to run everything,
we don't need to worry about it.
So I actually agree with everything he said it wasn't very much trolling.
Maybe just not the legal analysis.
And again, I'm not a lawyer.
This is not legal.
I actually agree with the Phil's position on the legal thing in the fundamental way that we are all, you know, we are not living in a matterverse.
We are living in a physical universe in physical nation states.
And we're dual citizens at best between this nation and some other like Ethereum matterverse.
So we have to comply to the laws of where we are living.
And I think the best way to counter all these things is to actually build systems which move more agency to the edges.
Okay, so here's an interesting, interesting troll.
And again, I'm not a lawyer, so please, this is not legal advice for you all.
But like this is when I actually agree with everything you said,
and I think we're going to end up in the same place as the Internet, right?
Like, and ultimately the way that nation states look at this kind of stuff when it comes to government security are like,
what are the choke points, what can we hit, and what are the costs, right?
And they want to get the benefit they need, and they won't compromise on that, but also at as little cost as possible.
So if there was no ability to censor Google, if that didn't work, yes, they would be knocking on the fiber provider's door.
There's no doubt there in my mind.
But because that would be much more costly and detrimental to cooperation, they don't do that.
And I think that's exactly what we're going to see in blockchains.
Like they will look at it and be sane about this kind of stuff.
And that's basically the outcome we're going to see, again, not legal advice.
Yeah.
Yeah, so that's exactly in my thesis.
That means that they will be able to censor the value flow.
And people who subject themselves to say that, hey, I'm not part of this country.
I'm in some metaverse.
They are free to do value exchange with whoever they want through this network whose information
flow is unrestricted, but value flow will have choke points and get restricted.
So maybe we should have the validators all being run by Bontag, Maki, and, you know, Deegan's Barton.
more and on validators would always be fun again not the position of flashbots but my own personal
opinion okay i think this is this is a fantastic closing statement
thank you guys so much for participating in this panel it was super interesting and
illuminating and i wish you all a really good evening i hope none of you are super jet lagged still
So go home, sleep, and we'll see you tomorrow at DefCon.
I hope I didn't follow you too hard.