the Solid project

All things Solid!

Solid creates interoperable ecosystems of applications and data. Data stored in Solid Pods can power ecosystems of interoperable applications where individuals are free to use their data seamlessly across different applications and services.

Solid

Solid is a specification that lets people store their data securely in decentralized data stores called Pods. Pods are like secure personal web servers for your data.

  • Any kind of information can be stored in a Solid Pod.
  • You control access to the data in your Pod. You decide what data to share and with whom (be it individuals, organizations, and/or applications). Furthermore, you can revoke access at any time.
  • To store and access data in your Pod, applications use standard, open, and interoperable data formats and protocols.

Solid Servers and Pods

A Solid Server hosts one or more Solid Pods. Pods are where you store your data:

  • Each Pod is fully controlled by the Pod owner (i.e., you).
  • Each Pod’s data and access rules are fully distinct from those of other Pods.

You can get a Pod from a Pod Provider, or you may choose to self-host your Pod.

You can even have multiple Pods. They can be hosted by the same Pod Provider or by different Providers or be self-hosted or any combination thereof. The number of Pods you have as well as which Solid Server or Servers you use is effectively transparent to the applications and services that you use. This is because, in the Solid ecosystem, data is linked through your Identity and not through the specifics of your Pod. This is true for your own data as well as for data that others have shared with you.

Data

You can store any kind of data in a Solid Pod.

What makes Solid special is the ability to store data in a way that promotes interoperability. Specifically, Solid supports storing Linked Data. Structuring data as Linked Data means that different applications can work with the same data.

Access

With Solid’s Authentication and Authorization systems, you determine which people and applications can access your data. You grant or revoke access to any slice of your data as needed. Consequently, you can do more with your data, because the applications you decide to use can be granted access to a wider and more diverse set of information.

And just as you can share your data with others, they can also share their data with you. This creates rich and collaborative experiences across a combination of both personal and shared data.

Solid Applications

Solid applications store and access data in Pods using the Solid Protocol.

Within the interoperable Solid ecosystem, different applications can access the same data instead of requiring separate data silos specifically for the applications. For example, instead of inputting your email with your bank statement notification service, with your phone’s billing service, etc., you can instead store this information in your Pod and grant access to read your email information to these disparate services/applications.

For developer resources, see Developer Resources. For a listing of some Solid applications, see Solid Applications.

4 tips on surviving Black Swan events in crypto market

4 tips on surviving Black Swan events in crypto market

Hey everyone! 👋

Considering the events from the last few days, we thought it would be a good time to re-visit some of the best things you can do, as a trader and as a human being, to insulate yourself from Black Swan events. While a massive crypto exchange going insolvent is only the most recent example of a Black Swan, Black Swans can exist across all different realms – personal, political, environmental, and more. Because of that, we’re going to walk you through some tips discussing how you can insure your future against unexpected calamity.

1.) Don’t keep all your eggs in the same basket. 🪺

This one is glaringly self-evident following FTX’s recent troubles, but spreading your assets out among custody providers is an excellent hedge in case any of them have solvency issues. That way, you’re always protected against single-provider risk. Various global governments have tried to take steps to mitigate this (FDIC insurance , financial regulation), but nobody looks out for your interests like you do. Make sure you’re in a good spot.

Never keeping your assets in one place also applies to asset class and geography. Own a lot of property in a single region? You’re suddenly exposed to natural disasters that could hit the area, drastic political changes, and more. Only own a single asset class? Maybe the macro situation just changed against you quickly and it’s all worth a lot less than you thought.

Diversity is the name of the game, not only from a position perspective, but from a total risk perspective. Where are you vulnerable?

FTT / USD (FTX:FTTUSD)
FTT / USD (FTX:FTTUSD)

2.) Keep some cash on hand 💵

This one is also self-evident for those who are currently unable to access their funds as a result of the recent turmoil, but keeping cash on hand in order to cover short term expenses is a life saver should you ever need it. To some, getting laid off is a great example of a personal black swan event, and something that could set someone back years in their personal finances. Make sure you’re in a position that you’re not financially stressed if something abnormal happens to your regular, everyday life.

3.) Carry no liabilities 🏦

While some purchases in our lives often necessitate the use of debt, the strongest-positioned people during a crisis are those who are not beholden to others financially. Considering that most Black Swans often cause all sorts of financial damage to their victims, having liabilities can cause undue additional stress that removes options from people who would otherwise be able to take advantage of the conditions. Also, those with a strong financial position are often those best able to improve their own standing when bad situations strike, buying up assets at prices that would normally never be available. Debt can prevent this level of flexibility, and therefore in order to reduce risk, you shouldn’t carry any.

4.) Keep some assets on hand, in person. 🪙

This tip is for broader, more macro-scale black swan events like extended power outages, communications network failures, meteor strikes, war, and other things that would typically fall into that category.

But, in a broader regional or global societal collapse, having assets on hand is the best thing you do for yourself. In a situation where you’re unable to access the broader societal infrastructure to which we all buy in, having a backup on hand where you live is really the ultimate insurance blanket. Whether this is cash, gold , seeds or food, don’t get caught without a plan.

We realize this isn’t the most fun topic to talk about, but if you follow these tips, it’s likely you’re much better insulated against all of the disasters and misfortunes the world can throw at you.

Stay safe out there!

Avoid and report phishing emails

Avoid and report phishing emails

What phishing is?

Phishing is an attempt to steal personal information or break in to online accounts using deceptive emails, messages, ads, or sites that look similar to sites you already use. For example, a phishing email might look like it’s from your bank and request private information about your bank account.

Phishing messages or content may:

  • Ask for your personal or financial information.
  • Ask you to click links or download software.
  • Impersonate a reputable organization, like your bank, a social media site you use, or your workplace.
  • Impersonate someone you know, like a family member, friend, or coworker.
  • Look exactly like a message from an organization or person you trust.

Avoid phishing messages & content

To help you avoid deceptive messages and requests, follow these tips.

1. Pay attention to warnings from Google

Google uses advanced security to warn you about dangerous messages, unsafe content, or deceptive websites. If you receive a warning, avoid clicking links, downloading attachments, or entering personal information. Even if you don’t receive a warning, don’t click links, download files, or enter personal info in emails, messages, webpages, or pop-ups from untrustworthy or unknown providers.

2. Never respond to requests for private info

Don’t respond to requests for your private info over email, text message, or phone call.

Always protect your personal and financial info, including your:

  • Usernames and passwords, including password changes
  • Social Security or government identification numbers
  • Bank account numbers
  • PINs (Personal Identification Numbers)
  • Credit card numbers
  • Birthday
  • Other private information, like your mother’s maiden name

Tip: Only give out contact info like your email address or phone number to a website if you’ve confirmed it’s reputable. Don’t post your contact info on public forums.

3. Don’t enter your password after clicking a link in a message

If you’re signed in to an account, emails from Google won’t ask you to enter the password for that account.

If you click a link and are asked to enter the password for your Gmail, your Google Account, or another service, don’t enter your information, go directly to the website you want to use.

If you think a security email that looks like it’s from Google might be fake, go directly to myaccount.google.com/notifications. On that page, you can check your Google Account’s recent security activity.

4. Beware of messages that sound urgent or too good to be true

Scammers use emotion to try to get you to act without thinking.

Beware of urgent-sounding messages

For example, beware of urgent-sounding messages that appear to come from:

  • People you trust, like a friend, family member, or person from work. Scammers often use social media and publicly available information to make their messages more realistic and convincing. To find out if the message is authentic, contact your friend, family member, or colleague directly. Use the contact info you normally use to communicate with them.
  • Authority figures, like tax collectors, banks, law enforcement, or health officials. Scammers often pose as authority figures to request payment or sensitive personal information. To find out if the message is authentic, contact the relevant authority directly.

Tip: Beware of scams related to COVID-19, which are increasingly common. Learn more about tips to avoid COVID-19 scams.

Beware of messages that seem too good to be true

Beware of messages or requests that seem too good to be true. For example, don’t be scammed by:

  • Get rich quick scams. Never send money or personal information to strangers.
  • Romance scams. Never send money or personal info to someone you met online.
  • Prize winner scams. Never send money or personal info to someone who claims you won a prize or sweepstakes.

5. Stop & think before you click

Scammers often try to deliver unwanted software in links through email, social media posts or messages, and text messages. Never clicks links from strangers or untrustworthy sources.

 Use tools to help protect against phishing

1. Use Gmail to help you identify phishing emails

Gmail is designed to help protect your account by automatically identifying phishing emails. Look out for warnings about potentially harmful emails and attachments.

Note: Gmail won’t ever ask you for personal information, like your password, over email.

When you get an email that looks suspicious, here are a few things to check for:

2. Use Safe Browsing in Chrome

To get alerts about malware, risky extensions, phishing or sites on Google’s list of potentially unsafe sites, use Safe Browsing in Chrome.

In your Safe Browsing settings, choose Enhanced Protection for additional protections and to help improve Safe Browsing and overall web security.

You can download Chrome at no charge.

3. Check for unsafe saved passwords

4. Help protect your Google Account password

To get notified if you enter your Google Account password on a non-Google site, turn on Password Alert for Chrome. That way, you’ll know if a site is impersonating Google, and you can change your password if it gets stolen.

5. Learn about 2-Step Verification

With 2-Step Verification, you add an extra layer of security to your account in case your password is stolen. Learn how you can protect your account with 2-Step Verification.

Report phishing emails

When we identify that an email may be phishing or suspicious, we might show a warning or move the email to Spam. If an email wasn’t marked correctly, follow the steps below to mark or unmark it as phishing.

Important: When you manually move an email into your Spam folder, Google receives a copy of the email and any attachments. Google may analyze these emails and attachments to help protect our users from spam and abuse.

Report an email as phishing

  1. On a computer, go to Gmail.
  2. Open the message.
  3. Next to Reply Reply, click More More.
  4. Click Report phishing.

Report an email incorrectly marked as phishing

  1. On a computer, go to Gmail.
  2. Open the message.
  3. Next to Reply Reply, click More More.
  4. Click Report not phishing.
dex 1

CEX or DEX? This is the question

Look at the chart of the native token for nearly every Decentralized Exchange (DEX), and you’ll see a familiar pattern: pump followed by, wait for it, dump.

The household name DEXs like Uniswap, Sushi, and even TraderJoe are alive and well despite the lackluster price action of their tokens, but many other DEXs have faded into oblivion. Exchanges you’ve probably never heard of like Smoothy Finance and LuaSwap managed to attract short-lived liquidity, but as their generous incentives for liquidity providers dried up, mercenary LPs dumped the native tokens they got for free and, critically, they proceeded to move their liquidity back to where the volume is (ie. the household names). This was a double blow for the DEXs they sucked dry; when both Total Value Locked (TVL) and token price tank, the result is a death spiral.

Observe the TVL and price action for the above-mentioned Smoothy Finance (SMTY) and LuaSwap (LUA):

Smoothy Finance TVL
Smoothy Finance TVL
Smoothy Finance Price
Smoothy Finance Price
LuaSwap TVL
LuaSwap TVL
LuaSwap Price
LuaSwap Price

 

The DEX game, it seems, is winner take most:

Market share of DEXes by volume
Market share of DEXes by volume
Market share of DEXes by volume (https://dune.com/queries/4319/8411)

The DEX space is dominated by a few giants like Uniswap and Curve, but littered with the remains of many short-lived contenders like Smoothy Finance and LuaSwap. Note that Uniswap (pink) and Curve (green) account for over 75% of DEX volume.

Why then, would Bitcoin.com launch the Verse DEX? How can Bitcoin.com’s DEX succeed where so many others have failed, and how can it compete against already well-established DEXs?

To answer this question, we’ll first explain why Bitcoin.com’s Verse DEX will succeed. After that, we’ll go into the reasons for launching a DEX (ie. the advantages the Verse DEX brings to the Bitcoin.com ecosystem).

Why Verse DEX will succeed

Every other new-DEX-on-the-block must find ways to attract and retain both liquidity and users, but the Verse DEX does not have this problem.

By far the most common approach for attracting liquidity has been to give away tokens to liquidity providers. Once the liquidity is there, you have a useable product — but that’s just the first step.

Now you need users. Bots will naturally trade the pairs in your exchange, but what you really need for long-term sustainability is human users (humans are sticky). Assuming aggregators have you on their radar and your exchange is competitive in terms of fees/depth, a certain number of real users will have their orders routed through your exchange without you having to spend a dime on marketing. Of course, this only lasts as long as those sweet incentives keep flowing. Also, users who find you through aggregators may not even notice you since, in most cases, you’ll be hidden in the UX.

To make your exchange sustainable in the long run, you’ll need to find a way to keep both the liquidity and the users. The only way the liquidity will stay without the incentives is if the users are there (LPs earn a share of trading fees, which means volume must be high). So, you might try marketing; perhaps an airdrop to get your name out there? This worked for Uniswap and to a lesser extent Sushiswap, but good luck finding a spot in the sun now that those giants are already sprawled out on the beach. And by the way, the same scenario has already played out on every other L1.

It’s the users

This brings us to the single biggest advantage Bitcoin.com has: users. Millions of people self-custody their crypto using the Bitcoin.com Wallet. The vast majority of them are relative newcomers to the space, and they are itching to do something with their crypto. For example, many would like to swap between the marquee cryptos they own, adjusting their portfolio in line with the shifting trends in the crypto space. Others would like to invest in up-and-coming projects (see Verse Launchpad), pick up some NFTs, enjoy Play&Earn games, and so on. Via integrations to Bitcoin.com’s products, the Verse DEX will be at the fingertips of these people, providing essential infrastructure for their crypto/web3 journey.

Wallet owned liquidity

As for the other side of the equation, liquidity, the answer there is two fold and can be crystalized in a concept we like to call “wallet owned liquidity.”

  1. Bitcoin.com itself, as well as select strategic partners, will provide the initial liquidity to get the ball rolling. Bitcoin.com knows exactly what our users want to trade, which means we can focus liquidity on those pairs. Note that to provide liquidity to the Verse DEX, Bitcoin.com can use not only the VERSE tokens we receive along the Verse emissions schedule, but we can also dedicate resources from other parts of our ecosystem. This includes revenue generated from our buy and sell (with fiat) services, our news service, and our games sub brand. All of this is to say that we don’t need to offer unsustainable incentives in order to provide sufficient liquidity to the Verse DEX, neither at launch nor over the long term. Importantly, having diverse revenue sources also means the Verse DEX isn’t susceptible to the death spiral that occurs when TVL and token price fall at the same time.
  2. Our users will also contribute liquidity. Bitcoin.com is known for making user-friendly products. This of course extends to our Verse DEX LP dashboard which will soon be integrated into the Bitcoin.com Wallet, making it simple for even newcomers to allocate capital to the DEX and earn a share of generated fees for doing so. This also creates a nice synergy where, as users become owners of the products they use, they will not only continue to use those products, but also become advocates.

Why not just aggregate ala MetaMask?

Since MetaMask started offering swaps to its millions of users, it has managed to generate at least $200 million in revenue. This is an excellent business model, and it’s certainly something Bitcoin.com is actively exploring — but having a DEX and offering an aggregation service are not mutually exclusive. We can and will do both! Importantly, by building our own DEX, we’re able to pass on the savings to our users for the trading pairs we focus on, while routing transactions elsewhere where it makes sense to do so.

How the Verse DEX improves Bitcoin.com’s offerings

Verse is a gateway to DeFi for Bitcoin.com’s millions of users, and the Verse DEX is the foundation of that gateway. Integrating a DEX right into our mobile and desktop apps makes it easier for us to offer newcomers the opportunity to get into DeFi by putting up some collateral and earning a share of fees. As mentioned, the DEX will also be the jumping off point for everything else in DeFi including NFTs, games, and whatever else is just over the horizon in this fast-moving and innovative space. There are many ways our users can benefit from DeFi, and the Verse DEX will be critical in enabling them.

Finally, the DEX creates synergy. It does this in two ways:

First, revenue generated via the Verse DEX provides additional resources that Bitcoin.com can use to support and expand our ecosystem. It’s important to note here that fees paid on the Verse DEX do not accrue directly to Bitcoin.com. Instead, as explained in the Verse white paper, LPs will earn 0.25% of trading volume. Bitcoin.com, as a large holder of VERSE and significant liquidity provider to the Verse DEX, will simply earn its proportional share of fees as per the protocol — and those fees can be directed to supporting and expanding our ecosystem.

Second, having our own DEX means that, for projects that align with Bitcoin.com’s mission to create economic freedom in the world, we can offer a place to start trading of the associated token. Where there’s opportunity to bring additional value to our users, this will lead to partnerships and integrations with our other products.

In summary, while succeeding in the crowded DEX space is a challenge, it’s not an insurmountable one if you bring your own users to the game and have a range of liquidity sources at hand. For Bitcoin.com specifically, running our own DEX brings a range of benefits to our users while paving a wide avenue to expand our ecosystem further into the DeFi realm.

MPC Multi-Party Computation

What is MPC (Multi-Party Computation)?

“Not your keys, not your coins” has resulted in over $100 billion lost or stolen since the early 2010s, specifically because of private key mismanagement. Clinging to this ‘golden rule’ will fail to onboard the next 1 billion into a bankless, self-empowered Web3. Secure crypto technologies like MPC are the hybrid solution for an overwhelming majority of new and current users, offering optimal tradeoffs between security, self-custody, recoverability, and interoperability.

Not Your Keys Not Your Crypto? Outdated.

The mantra of “not your keys not your crypto” is as powerful today as it was in 2017. But the result? Lost and stolen seed phrases, misplaced private keys, stress for new users, and a flight to CeFi exchanges and ‘crypto banks.’

An estimated $100 billion dollars of Bitcoin (just Bitcoin) has been lost forever, because of private key mismanagement.

As a community, crypto has been dogmatically clinging to a purported “private key gold standard,” more obsessed about the technology than providing what people actually need. MPC is a solution that already exists, recently championed by companies like Coinbase and ZenGo.

Simple and secure MPC technology is already being used at the institutional level – companies like Fireblocks are helping custody billions of dollars of cryptoassets with MPC cryptography. It’s time average users get the same bulletproof security as the big players, and developers understand the security benefits of MPC to onboard more crypto users.

The false dichotomy: Centralized Exchanges v. Non-Custodial Wallets

For years the status-quo perpetuated a dangerous misconception: There are only 2 ways to store crypto. This false dichotomy is why so many potential crypto-enthusiasts haven’t started to get involved in the ecosystem.

Option 1: Exchanges

Custody cryptoassets in a centralized exchange, giving up your freedom, control, and on-chain access in return for relative security, simplicity, and comfort knowing someone else will worry about secure crypto storage.

Option 2: Self-custody with Private Keys

Use an on-chain crypto wallet with private keys, rendering assets vulnerable to scammers, hacks, lost or misplaced keys – but knowing you have ultimate control over your crypto: to store, HODL, or lose…

There’s actually a better way: A hybrid solution in the form of a type of cryptography called MPC, or multi-party computation.

What is MPC and how does it work?

MPC stands for Multi-Party Computation. This is a type of cryptographic technology.

Leveraging MPC, wallets (and institutions) can securely design an on-chain asset management system that makes recovery easier, while simultaneously increasing secure self-custody by removing the single point of failure of a private key.

At a basic level, MPC (within the cryptographic world of threshold signatures) allows 2 (or more) parties to securely input information into a system and activate (or unlock) an outcome > without any party being able to see the inputs of the others.

This makes it possible to design a crypto wallet that uses multiple parties to backup or restore a user’s funds > while keeping the funds in the user’s custody at all times.

This design offers a number of advantages:

  • Easy to recover
  • No single point of failure for phishing
  • Entirely user controlled

Why MPC is a better user experience than a “seed phrase” wallet

This type of recovery is immediately more familiar and far less scary for the majority of people. Almost everyone who has created an account of any kind online knows how to recover their login using an email, trusted contact, cloud backup, or their biometric scan.

This is why these types of recoverability are crucial for bringing new people into crypto systems. Implementing familiar solutions for recovery will allow more people to feel comfortable using crypto.

Once in the ecosystem, some will want different types of security or options with a low centralization risk. There is nothing preventing anyone from using multiple wallets once they have started using crypto. In fact, it is encouraged to use more than 1 wallet when storing cryptoassets.

There is, however, a HUGE barrier to entry with the majority of wallets for the majority of people: Seed phrases.

Having a single phrase that can move the entire contents of an account in an instant can be scary. Some people are willing to rely fully on themselves to keep something this important safe. Most people are not.

Having a path to enter crypto for the first time, try applications, and hold assets where users DON’T have to worry about a seed phrase is CRITICAL for the next 1 Billion people to join the world of #Web3.

MPC Wallets do not use seed phrases

MPC wallets like ZenGo replace the traditional private key with two independently created mathematical “secret shares.” One share is stored on your mobile device and the other on the ZenGo server.

With no single point of failure, even if something happens to one of the shares, no one can access your crypto but you.

Learn more about MPC: Threshold Signature Scheme (TSS):

To understand the type of cryptography behind MPC it’s helpful to learn about TSS (Threshold Cryptography) which is a subfield of MPC.

In TSS cryptography, cryptographic operations are defined with a threshold assumption in mind – it is assumed that at least a threshold of the parties involved in the computation are acting honestly and not controlled by an attacker at the same time. It could be two parties, or more. Learn more about TSS here.

MPC Cryptography is gaining adoption

While ZenGo was the 1st crypto wallet to support MPC for consumers, companies like Fireblocks have been managing billions of dollars of assets for some of the world’s leading crypto institutions for years. Coinbase recently announced support for an MPC-powered Dapp browser inside of their custodial crypto wallet.

As MPC offers the optimal balance between on-chain self-custody, wallet security and crypto recoverability, it is only a matter of time until MPC becomes widely adopted.

FAQ: MPC Crypto Wallet

Q: How does MPC (Multi-Party Computation) work?
A: MPC works by splitting the traditional private keys into multiple pieces, distributing them in multiple places to ensure no one person has full access to the traditional private key. The major advantage here is that the private key is always used in a distributed manner.

When a transaction signature is required, the parties involved (in ZenGo there are two: the ZenGo server and the user’s phone) in order to separately run a computation to make whatever you wanted to happen on the blockchain, well, happen! The best part of this process is no single entity can ever get access to any private key: There is no single point of vulnerability. Even if an attacker tried to get access to one of the two shares, they can’t access all of the ‘secret shares’ simultaneously, making your digital assets much safer than in the traditional private key architecture.

Q: Who uses MPC?
A: A number of billion-dollar institutions are using by MPC technology, including Fireblocks, Coinbase, and ZenGo.

Q: Is MPC new technology?
A: MPC technology is actually dozens of years old – initial development began in the 1980s – but applied MPC technology to crypto wallets is a relatively recent technological innovation in the last decade.

Q: Does MPC support many blockchains?
A: A major advantage of MPC, in addition to its security and recoverability benefits, includes the fact that it is chain-agnostic. Unlike multi-signature (MultiSigs) approaches which do not support every blockchain, MPC can be applied to many. ZenGo actively contributes to open-source MPC material on GitHub, learn more here.

More info for professionals:

If you’re in the institutional digital asset space, you’ve probably heard about MPC (multi-party computation). While MPC theory has been around since the early ’80s, it first entered the digital asset space just a few years ago; since then, MPC has become one of the primary technologies wallet providers and custodians are utilizing to secure crypto assets.

But what exactly is MPC? How does it work, and what benefits does it have? We’ll walk you through everything you need to know about the technology and its role in digital asset security today.

Let’s start with an introduction to cryptography in general to get a better understanding of MPC’s origins.

A (Very) Brief Introduction to Cryptography

The field of cryptography provides its users with a method for:

  • sending messages that only the intended receiver of the message will understand
  • preventing unauthorized third parties from reading them in case of interception
  • verifying the authenticity and integrity of digital messages from a known sender

Though cryptography stretches as far back as the ancient Egyptians, one of the most famous modern examples is the Enigma machine – a device used by the Germans to send encrypted messages during WWII which was finally cracked by the British mathematician, Alan Turing.

Whereas cryptography was once primarily the concern of government and military agencies, in the internet era cryptography plays an increasingly central role in the way we all transfer information.

While the idea behind cryptography can appear simple, the field does include some extremely complex math. In essence, messages are scrambled, or “encrypted,” by a secret recipe (or algorithm) that hides the information contained within it. This way, should the encrypted message be stolen or intercepted by a malicious or non-trusted third party, they will be unable to understand, see or alter the information the message holds. Instead, the only one who can read that message correctly is the one who knows how the message was encrypted and thus holds the key to unscramble, or “decrypt,” it.

Encrypted Message: HZZO HZ VO OCZ KJNO JAADXZ

Secret Algorithm: *use the letter which is five letters preceding the ‘real message’ letter*

ABCDEFGHIJKLMNOPQRSTUVWXYZ

Decrypted Message: MEET ME AT THE POST OFFICE

This ‘Caesar cipher’ utilizes very simple math to demonstrate the concept of encryption. However, it is known to be broken. To securely encrypt information, more advanced math is required.

In the world of blockchain, the “message” being transferred is a digital asset, and the “key” to that digital asset is essentially the decryption tool used to receive that digital asset.

That key itself – known as the “private key,” as access to a digital asset requires both a publicly known cryptographic key and a related private one – must be kept safe, as anyone who knows the private key can move the asset to their own wallet. This is where MPC comes in: it’s one of the most powerful tools for protecting private keys.

How does MPC (multi-party computation) work?

In a general sense, MPC enables multiple parties – each holding their own private data – to evaluate a computation without ever revealing any of the private data held by each party (or any otherwise related secret information).

The two basic properties that a multi-party computation protocol must ensure are:

  • Privacy: The private information held by the parties cannot be inferred from the execution of the protocol.
  • Accuracy: If a number of parties within the group decide to share information or deviate from the instructions during the protocol execution, the MPC will not allow them to force the honest parties to output an incorrect result or leak an honest party’s secret information.

In an MPC, a given number of participants each possess a piece of private data (d1, d2, …, dN). Together, the participants can compute the value of a public function on that private data: F(d1, d2, …, dN) while keeping their own piece of data secret.

For example, let’s imagine three people, John, Rob, and Sam, want to find out who has the highest salary without revealing to each other how much each of them makes – this is actually a classic example of MPC, known as The Millionaire’s Problem. Using simply their own salaries (d1, d2, and d3), they want to find out which salary is the highest and not share any actual numbers with each other. Mathematically, this translates to them computing:

F(d1,d2,d3) = max(d1,d2,d3)

If there were some trusted third party (i.e. a mutual friend who they knew could keep a secret), they could each tell their salary to that friend and find out which of them makes the most, AKA F(d1,d2,d3), without ever learning the private info. The goal of MPC is to design a protocol, where, by exchanging messages only with each other, John, Rob, and Sam can still learn F(d1,d2,d3) without revealing who makes what and without having to rely on an external third party. They should learn no more by engaging in the MPC than they would have by interacting with their trustworthy mutual friend.

History and Applications of MPC

MPC’s (multi-party computation) initial development began in the ’80s – a fairly recent breakthrough within the world of cryptography.

Up until that point, the majority of cryptography had been about concealing content; this new type of computation focused instead on concealing partial information while computing with data from multiple sources.

  • 1982 – Secure two-party computation is formally introduced as a method of solving The Millionaire’s Problem
  • 1986 – Andrew Yao adapts two-party computation to any feasible computation
  • 1987 – Goldreich, Micali, and Wigderson adapt the two-party case to multi-party
  • 1990s – Study of MPC leads to breakthroughs in areas including universal composability (pioneered by Fireblocks cryptography advisor Ran Canetti) and mobile security
  • 2008 – The first large-scale, practical application of multi-party computation – demonstrated in an auction – takes place in Denmark
  • Late 2010s – MPC is first utilized by digital asset custodians and wallets for digital asset security
  • 2019 – Debut of MPC-CMP, the first 1-round, automatic key-refreshing MPC algorithm

Today, MPC is utilized for a number of practical applications, such as electronic voting, digital auctions, and privacy-centric data mining. One of the top applications for MPC is for securing digital assets – and recently, MPC has become the standard for institutions looking to secure their assets while retaining fast and easy access to them.

Why is MPC becoming the standard for digital asset security?

To utilize your digital assets, you need a public key and a private key; your ability to safely hold and transfer the asset itself is only guaranteed as long as the private key is safe. Once that key is in someone else’s hands, they can transfer the assets to their own wallet. Therefore, preventing the theft of private keys is crucial to maintaining digital asset security.

Historically, there have been a few primary options for securely storing private keys. These options tend to fall into either hot, cold, or hardware based storage.

  • Hot Storage – Private key is held online
  • Cold Storage – Private key is held offline
  • Hardware Wallet – Private key is held offline on a physical device

While these tools were at one point the only options for digital asset storage, certain operational and security inefficiencies in each have led to the rise of new solutions, such as MPC. Importantly, MPC is strong for not only digital asset storage, but digital asset transfers, as well – and as the digital asset market has developed and grown, so has the need for a security tool that enables fast transfers and advanced business strategies.

Cold Storage

One way to reduce the exposure to digital asset loss is by storing funds in cold storage.

Cold storage enables a user to sign a transaction with their private keys in an offline environment. Any transaction initiated online is temporarily transferred to an offline wallet kept on a device such as an offline computer, where it is then digitally signed before it is transmitted to the online network. Because the private key does not come into contact with a server connected online during the signing process, even if an online hacker comes across the transaction, they would not be able to access the private key used for it.

However, there are several issues with cold storage:

  • For a contemporary digital asset business that’s actually trading assets with any frequency, it is too slow to trade from – often taking between 24 to 48 hours to make a transfer
  • It does not protect against deposit address spoofing or credential theft

Hardware Wallet

Another method of securely storing private keys is the hardware wallet. Hardware wallets are external devices where you store your private keys, such as a USB stick. Hardware wallets are resilient to malware, and if you happen to lose the wallet you’ll be able to recover the funds using a seed phrase. On the other hand, if you lose the seed phrase, there is no other way of recovering your bitcoin.

Like cold storage solutions, hardware wallet solutions lack the speed that today’s digital asset businesses require.

Hot Wallets

Alternatively, storing funds in a hot wallet is cumbersome due to error-prone copy-pasting of addresses, ever-changing whitelists, and constant 2FA rituals.

Some hot wallets utilize multisignature, or multisig, technology to divide private keys into multiple shares. Unfortunately, multi-sig is not protocol-agnostic (meaning it’s not compatible with all blockchains), and lacks the operational flexibility to support growing teams.

As a result, the best solution is one that offers both operational and institutional security requirements to store the private key safely while at the same time not hindering operational efficiency.

MPC for Private Key Security

With MPC, private keys (as well as other sensitive information, such as authentication credentials) no longer need to be stored in one single place. The risk involved with storing private keys in one single location is referred to as a “single point of compromise.” With MPC, the private key is broken up into shares, encrypted, and divided among multiple parties.

These parties will independently compute their part of the private key share they hold to produce a signature without revealing the encryption to the other parties. This means there is never a time when the private key is formed in one place; instead, it exists in a fully “liquid” form.

Ordinarily, when a single private key is stored in one place, a wallet’s owner would need to trust that the device or party that holds that private key is completely secure. Such a device could be an HSM or, less securely, a crypto exchange that essentially holds the customer’s private keys on their behalf.

However, these parties have proven themselves to be vulnerable. When an attacker only needs to succeed in hacking one point of compromise to steal a private key, it leaves the digital assets that key unlocks wide open to theft.

MPC does away with this problem, as the private key is now no longer held by any one party at any point in time. Instead, it is decentralized and held across multiple parties (i.e. devices), each blind to the other. Whenever the key is required, MPC is set in motion to confirm that all parties, or a predetermined number of parties out of the full set, approve of the request.

With MPC technology in play, a potential hacker now has a much harder task ahead of them. To gain control over a user’s wallet, they now need to attack multiple parties across different operating platforms at different locations simultaneously.

The MPC solution then solves the problem of secure key storage. As the key no longer resides in one single place, it also allows more personnel to access a wallet without the risk of any of them turning rogue and running off with the digital assets it contains.

In addition, with the private key completely secure, users can now hold their assets online and no longer need cumbersome cold-storage devices. This means that transferring digital assets is now more fluid and no compromise is required between security and operational efficiency.

Types of MPC Algorithms

Given its inherent properties MPC, in and of itself, is a powerful tool for securing digital assets. However, not all MPC algorithms are created equal. Today, many institutions that are using MPC employ algorithms such as Gennaro and Goldfeder’s algorithm (MPC-GG18); while protocols like this one are still considered the industry standard by many, it doesn’t reach as high of a level of efficiency, security, or operational flexibility as certain new MPC algorithms are able to achieve.

To effectively run a profitable digital asset business in today’s ever-changing market or execute high-volume withdrawal requests for a large retail customer base, financial institutions (such as exchanges, lending providers, and banks) require instant and secure access to funds.

However, due to a complex regulatory environment, many of these institutions are forced to operate with secure but slow cold storage solutions. So, the compatibility of an algorithm with cold storage is another important factor to consider when evaluating MPC algorithms.

The Gennaro and Goldfeder MPC Algorithm

Gennaro and Goldfeder’s algorithm is currently one of the top MPC algorithms available, and many institutions that protect their private data using MPC utilize this algorithm.

However, with Gennaro and Goldfeder’s algorithm, the communication latency between the MPC-shares (the devices that hold the key shares) doesn’t reach the highest level of efficiency – as it requires users to wait for transactions to undergo up to 9 signature rounds.

In addition, Gennaro and Goldfeder’s algorithm doesn’t offer any flexibility for institutions that need to use cold storage.

The Lindell et al. MPC Algorithm

Lindell et al. offers a slight decrease in the number of transactions that need to be signed from Gennaro and Goldfeder, at 8. However, this still doesn’t reach the level of operational efficiency necessary for today’s markets.

Like Gennaro and Goldfeder, Lindell et al. does not offer support for cold storage.

The Doerner et al. MPC Algorithm

Doerner et al.’s MPC algorithm accomplishes a threshold using just 6 signatures. Yet, again, the level of efficiency that’s possible with today’s technology is still higher than this.

And like the previous two algorithms, Doerner et al. can’t provide solutions for institutions that are looking to use cold storage in tandem with MPC.

MPC-CMP: The Newest Innovation in MPC

Building off of the groundwork laid by Gennaro and Goldfeder, the Fireblocks cryptography team (in collaboration with Professor Ran Canetti, the founder of the universal composability security model) recently developed and released a new algorithm, MPC-CMP. MPC-CMP enables digital asset transactions to be signed in just 1 round, meaning that it offers the fastest transaction signing speeds of any MPC algorithm by 800%. 

MPC-CMP also solves the challenges faced by businesses looking to use cold storage in tandem with MPC by allowing hot and cold key signing mechanisms – with at least one key share stored offline in an air-gapped device.

This introduces new configuration possibilities for institutions in regions with specific regulations around cold storage and strengthens the security of MPC-based wallets by adding a key refresh mechanism (minutes-long intervals). While traditional cold wallets require physical proximity and trust for certain employees to operate these wallets without making an error or acting maliciously, MPC-CMP operationalizes cold wallets – creating a solution for today’s high-paced crypto markets.

With the new algorithm, we’ve introduced a new security feature that ensures MPC key shares are automatically refreshed in minutes-long intervals. That means a malicious actor only has a few moments to steal all the key shards before the shares are refreshed and they have to start over – effectively adding a new layer of protection to our multi-layered security system.

MPC is open-source and peer-reviewed. We will not be applying for patents on MPC-CMP. That means all digital asset custodians and MPC vendors can access our new protocol and use it for free. In addition, the algorithm is universally composable, guaranteeing strong security properties for any implementation out-of-the-box. Universally composable cryptographic protocols are important to practical implications of new cryptography, as they remain secure even when arbitrarily composed with other protocols – and guarantee that even when multiple transactions are concurrently signed in parallel, security is not compromised.

Algorithm  Transaction Rounds Universally Composable Cold Storage Compatible Peer-Reviewed Open-Source
Gennaro and Goldfeder 9 No No Yes Yes
Lindell et al. 8 No No Yes No
Doerner et al. 6 No No Yes No
MPC-CMP 1 Yes Yes Yes Yes 

What’s next for MPC?

MPC has quickly become the standard for securing digital assets. Major financial institutions – including Celsius (biggest US crypto lending desk), and Revolut (Europe’s largest neobank) – have announced their transition to MPC. But in 2021, MPC is only one part of the equation for digital asset security.

As we’ve seen over the years, the best defense against cybercriminals is a multilayered one that can provide redundancy in the event that one of the security controls fails. That’s why today’s institutions require a security system that layers MPC alongside numerous other software and hardware defenses to make breaking in highly expensive and nearly impossible.

At Fireblocks, our “defense-in-depth” security system fulfills these requirements, utilizing Intel SGX chip-level hardware isolation, distribution of sensitive information across multiple tier-1 cloud providers, and a highly customizable policy engine in addition to MPC. Today, we’re using MPC-CMP – the fastest and most secure MPC algorithm currently available – adding a new degree of flexibility to the equation (including the ability to sign an MPC from a hardware storage device).

im-419950

What led to FTX collapse?

What. A. Week. The world’s third largest crypto exchange just went belly up, and the industry’s white knight got dragged down in the process. Grab a (Irish) coffee, and let’s figure out what the hell happened and what the implications are.

Sam Bankman-Fried (SBF) is the CEO of FTX, one of the world’s largest exchanges and also principal shareholder of Alameda Research, a separate trading firm he founded prior. There is also an entity called FTX.US. FTX.US is operated as a distinct U.S. operation, separate from FTX with SBF again acting as a principal though not overseeing day-to-day operations. FTX has received funding from big names like BlackRock, SoftBank, Temasek, Tiger Global, and the Ontario Teachers’ Pension Plan. FTX was also a large investor themselves through FTX Ventures, making over 60 individual investments.

FTX has an exchange token called FTT which can be used for benefits on FTX like lower fees and cheaper withdrawals. It is also considered pseudo-equity as a third of the revenue generated on the exchange is used to buyback and burn FTT, tying its price to the success of FTX.

The relationship between FTX and Alameda was always a bit unclear for outside parties, as SBF obviously played a pivotal role in the direction of the two distinct entities.

The trouble began when Coindesk reported on November 2 that Alameda’s assets (~$6 billion of the ~$15 billion) were in FTX’s FTT token. This amount of balance sheet concentration, the fact that it was largely illiquid (representing ~2x the circulating supply of FTT), and the link between the two entities caused immediate market concern. SBF made the link even more dubious by promoting the token on Twitter as recently as Halloween.

On November 6, Binance CEO Changpeng “CZ” Zhao announced that his exchange would liquidate $2.1 billion worth of FTT. Alameda offered to buy it at the market price of $22. CZ publicly seemed to decline…and so did FTT. Sharply.

With the price of FTT rapidly declining, concerns arose about FTX’s growing liquidity concerns and whether user funds were backed. About $6 billion was withdrawn in 72 hours before withdrawals were halted on the afternoon of November 8. Later that day Binance agreed, in principle, to acquire FTX and stem any liquidity concerns. However, after reviewing the FTX balance sheet, they have since walked away from the deal citing “the issues are beyond our control or ability to help.” They also explicitly cited “reports regarding mishandled customer funds and alleged U.S. agency investigations” as other reasons.

Just this morning (November 10) SBF released a statement blaming an internal error of tracking user margins for the liquidity crunch. He said FTX would spend the week trying to raise liquidity from investors and all funds will hopefully be returned to users. We’ll see.

Google-Becomes-a-Solana-Supporter-Enhances-its-Value-by-15

Google Cloud To Run Solana Validator

After Google Cloud announced that it would offer a product called the “Blockchain Node Engine” and further noted that Ethereum would be the first blockchain supported, the company revealed it was running a Solana validator on Nov. 5, 2022. Google said that the cloud division is currently working with Solana in order to bring the firm’s Blockchain Node Engine to the Solana chain.

Google Is Operating a Block-Producing Solana Validator, Firm’s Cloud Division Aims to Add Solana to Blockchain Node Engine’s Supported Blockchains in 2023

Google is stepping toward other blockchains after revealing the Blockchain Node Engine at the end of October. According to a tweet from Google Cloud’s official Twitter account, the firm is already running a Solana validator. “Google Cloud is running a block-producing [Solana] validator to participate in and validate the network,” the company tweeted. The company added:

Google Cloud is working with [Solana] to bring Blockchain Node Engine to the Solana chain next year, so it will be easy for anyone to launch a dedicated Solana node in the cloud.

In addition to bringing Blockchain Node Engine support to Solana, Google Cloud will be indexing the Solana blockchain and bringing the data to “Big Query” next year. The goal is to “make it easier for the Solana developer ecosystem to access historical data.” Solana’s native token solana (SOL) jumped in value on the announcement and SOL is up 7.8% higher against the U.S. dollar this week.

However, not everyone was thrilled about Google’s mission to host Solana nodes in the cloud. “This … Is not a good thing. More and more centralization. This is like the opposite point of crypto,” one person criticized in the Google Cloud announcement thread on Twitter. Another individual agreed with the person’s critique and replied: “Crypto went full redacted in 2017. People now celebrate centralized and custodial services because it makes number go up.”

1 tdQfWLSlB-93xnBgma88eQ

Avoid War and Have the Best Times

Ray Dalio explained in his LinkedIn about the four big threats that should create worry and the one big force that should create optimism. The four big threats are the financial/economic threat, the internal conflict threat inside the US, the external conflict threat, and the acts of nature threats (drought, floods, pandemics, etc.) and the one big force that provides reasons for optimism is man’s capacity to adapt and invent ways of improving things.

While these threats exist, the world is in the best position in history judging by most measures of well-being such as life-expectancy, real incomes, and real wealth, so if we handle these big worries well, things should be better than ever. Of course, averages hide the differences which are enormous, but the capacity to deal with these extreme differences exists, so the potential to have the best times ever exists if we can deal with the four big threats well.

To have better times than ever we need to:

  1. Get our finances in order through a mix of a) being more productive by investing in those things that make us more productive and benefit most people (such as education), and b) engineering a “beautiful deleveraging” that spreads out and reduces the real debt liabilities and assets relative to real incomes. (If you want an explanation of how to engineer a beautiful deleveraging, see his book Principles for Navigating Big Debt Crises).
  2. Develop a strong and smart political middle that represents the majority of people and can defeat the extreme populist minority so that we can work and live well together. Because the policies that the majority of people want are both most acceptable and more sensible than the policies that the extremists are fighting for, it should not be all that difficult to put together a platform that represents what the majority in the middle wants.
    How would such bipartisanship work? For elections it can occur in a variety of ways. As for governing, it can occur in a number of ways if leaders want it, such as the next president of the US choosing to have a bipartisan Cabinet of smart people and to initiate a bipartisan “Manhattan Project” type initiative to make economic reforms that would both significantly improve productivity and benefit the majority of people.
  3. Have rival countries develop agreements and protocols that would minimize the chances of military wars. This could involve having each leader delegate teams to look at the existential threats posed by other nations and negotiate paths for minimizing the risk of fighting over them. If parties could work on minimizing the existential risks of the other parties, that would go a long way to avoiding wars.
  4. As for acts of nature, Ray Dalio will defer to others more knowledgeable than he is to suggest ways to cost-effectively deal with them.
  5. As for man’s ability to adapt and invent, he thinks that is naturally happening in the greatest way ever. That’s because of the development of technologies that help people think about how to make such improvements and because of the development of venture capital markets to finance entrepreneurs with good ideas in numbers and amounts that are unprecedented.

While we might think that the odds of doing these things are improbable, they are certainly possible and could even become probable if most people demanded that their leaders and political parties move in directions like these.

W3DA

Web3 Domain Alliance W3DA

The Web3 Domain Alliance is a member-led, member-driven organization dedicated to improving the technological and public policy environments for users of blockchain naming services.

W3DA Missoin

This alliance to promote the development of the blockchain naming ecosystem and the functioning of blockchain domain registries with and across blockchain-based and traditional web applications.

The Web3 Domain Alliance is dedicated to the technological advancement of blockchain domain registries, as well as consumer protection by ensuring the interoperability of blockchain domain registries.

The Web3 Domain Alliance believes that blockchain-based generic web3 Top Level Domains (“TLDs”) developed and marketed by a specific organization are intellectual property, and that industry participants should respect the intellectual property rights of all blockchain naming services for the benefit of consumers as well as applications that want to support blockchain domain functionality.

W3DA Pledge

As a member of the Web3 Domain Alliance, companies pledge the following:

  • To abide by the Web3 Domain Alliance’s principles of developing unique, interoperable blockchain domain namespaces, NFT domains, and advocating for the legal protection and market acceptance of blockchain namespace.
  • To protect users and endeavor toward the development of interoperable NFT domain naming systems by promoting voluntary avoidance of namespace collisions with existing Web3 naming systems in the Web3 domain industry.
  • To advocate for the policy position that NFT domain registry owner-operators create trademark rights in their web3 TLDs through first commercial use with market penetration.
  • To protect our intellectual property rights, including trademark rights, in our web3 TLDs.
  • To work with fellow Web3 Domain Alliance members to promote the advancement of the Web3 Domain Alliance’s policy positions.
  • To work with fellow Web3 Domain Alliance Members to advocate for recognition of NFT domains by a broad community of stakeholders, and the public.

W3DA Partners

[one_third]

[/one_third][one_third]

[/one_third][one_third_last]

[/one_third_last] [one_half]

[/one_half][one_half_last]

[/one_half_last] [one_half]

[/one_half][one_half_last]

[/one_half_last]