▲▲▲

Paralelní Polis is a one-­of-­a-­kind nonprofit organization that brings together art, social sciences, and modern technologies. The ideas of liberty, independence, and innovative thinking and development of society are the main underlying foundations the whole project is built upon.

The project intends to remain state-free as it operates entirely without support from the government, and most of the funds come from voluntary contributions of our donors and partly from commercial activities such as running a unique co­working space and the world’s first bitcoin-­only cafe.

It was founded by members of a contemporary-­art group Ztohoven, and Slovak and Czech hacker­spaces. Its main goal is to promote economic, social, and digital freedom. We try to be a vocal voice of freedom in order to shape the public discourse, and ultimately work towards a freer future.

Marina von Steintusch, also known as BIA or Bite Girl.

And the doctor comes from a PhD in computational astrophysics from the University of New York.

In the next 15 minutes I'll be talking about the following.

First I'm gonna introduce myself so you have an idea of my background and why I'm interested in these problems and perhaps you are interested as well and you can join us or collaborate in some capacity.

Then I give you a summary about my research at the Privacy Skilling Solutions Group at Ethereum Foundation.

And after that, I wish you a great weekend.

I hope you have a lot of fun in Prague, the alchemist city.

I was born in Brazil and since early age, 6 or 7 years old, I started playing with computers.

My parents didn't have much money so I would

sneak out my uncle's computer when he was not home.

Later on, my mom was able to get me a painting too, and then the story began.

I started coding and playing with several Linux distributions during my teens, but I was also very keen on physics and math.

Even though I went to public schools my entire life

I was able to be accepted at this top program, the engineering program at the University of Sao Paulo, the best university in Brazil.

Right after that I got a full scholarship for a PhD in Stony Brook and in my last year of college in Brazil I also got a summer scholarship to spend a summer researching NASA, Golder Center in Washington, DC.

the hope of finding a better life than I had in Brazil and that was right after my dad was murdered

I could in theoretical physics, some math, grad courses and a lot of computer science courses.

group theory, quantum theory, and quantum information.

I researched and published papers in Los Alamos National

And I also wrote a book on Python algorithms and data structures.

I got really into code machine learning and hacking, So I decided to turn down an offer of postdoc at the Los Alamos Laboratory to get a job as a backend engineer at the security team at Yelp in San Francisco.

That was when my career as an engineer started.

And then after a year in Cupertino, I became a nomad working at the Secure and Crowd team at Axie.

I need to find some personal answers regarding the meaning of life or myself and my existence.

So I took a little gap time to travel the world as a nomad and I learned to surf.

I went to places, awesome places to snowboard.

I took a lot of pictures and I made some abstract droning videos of the places I visit.

Even though the concept of home was always diffused for me, being officially homeless was most liberating and changed me forever.

When it was back to my passion of being a scientist and an engineer, I knew I could only work with purpose.

I joined Shopify during the pandemic because I admire Tobii and the impact that they had in the world.

With Shopify, anyone could have their own business.

And if my dad had those resources in Brazil when I was growing up, our lives would probably be different.

At Shopify, I was 1 of the founders of the blockchain team and I became, informally, the head of blockchain engineer, helping to oversee NFT drops to some big partners and educating everyone regarding blockchains.

I saw the decentralization and self-sovereign movement

that we are creating, and I wanted to be part of it.

Even though, if that meant go back to square 0.

field house, I developed MEV searchers, I learn smart contract security at

I trained the Phi agents with reinforcement learning.

I support my own personal infrastructure for projects I care about.

And most recently, I joined the great community at the Terrier Foundation with the Privacy and Scaling Solutions Group.

1 is the validator privacy research, which I will be talking a little bit in the next minutes.

And the other is on private information retrieval, the research of a protocol with cryptographic primitives that allow a user to

retrieve information from database, from server, without revealing what

Even though it's fascinating, I won't be able to discuss PIR in this talk, but I invite you to follow my work and follow the PSE group for future outreach in the subject.

to actually talk about the research on validator privacy.

Hi, in this presentation I will give you the TLDR of our research on Validated Privacy at the Ethereum Foundation.

With the advent of the merge in September of last year, the Ethereum network moved away from its original Proof-of-Work consensus mechanism to the implementation of Proof-of-Stake.

Consequently, the chain was split into execution layer represented by the execution client and the beacon node, and the constants layer, represented by a constants client and a validator node.

However, even though both clients are logically separate, they can still be run on the same machine and network address.

1 of the most significant consequences of this update was highlighting the role of validator stakers.

active validators in the Ethereum network at the time of this writing, holding over 90 million stake-in rewards.

While stake-in rewards have significantly shifted to enterprise solutions such as validators of service, LSDs, staking pools, and centralized exchanges, solid-stakers contributions are essential to help preserve the sovereign and the decentralization ethos of the Ethereum project.

The Ethereum 2.0 Biacon Chain, a ledger of accounts that coordinates how new blocks are created and validated in the chain, provides the heartbeat to Ethereum's consensus and introduces the network's consensus logic and block gossip protocol.

While the validated client is responsible for credentials and consensus message, bringing the network to a consensus and a finalized state, the execution client is responsible for participating in the blockchain P2P network by subscribing and publishing message to gossipy sub topics and storing blockchain data.

In this new paradigm, every 12 seconds a validator is randomly chosen to propose a block through a new slot.

The total number of validators is split up into committees and 1 or more individual committees are responsible for attesting to each slot.

1 validator from the committee is chosen to be the aggregator while the other 127 validators are just attesting.

After each epoch defined by 32 slots or 6.4 minutes, the validators are mixed and merged in the new committees.

Since the POS validation scheme requires validator public keys on the back-end chain to be known to everyone ahead of time, the validator ordering for slots is known by the network within the APOC.

In other words, block proposals from APOC are revealed in that advance.

Why IP address revealing at the execution layer is inevitable?

Attestation in blocks from validator nodes can leak information that allows an attacker to associate a validator ID with an IP address unless operators are using sophisticated measures.

In addition, even though a validator can submit the consensus message to multiple background nodes, there is still risks of metadata analysis attacks, including the size of the message, frequency of broadcasting message, the timing of the message, joining or leaving subnet events, and packet or data size difference between attestation and other messages.

If the validator IDs or wallet addresses on the consensus layers can be linked to the back on IP address, the validator operator could be anonymized, permitting consequences such as destabilizing the network, denial of service of block producers through things such as validators, sniping and solid stigmas disenfranchisement due to government government sanctions, for example, of FAC, or even owing of having their device stolen.

A popular scenario discussed among researchers is of an attacker watching the Biacon chain network by running a node modified to gather the IP address of all connected peers when they broadcast at the stations.

The attacker can then create a database of IPs and public keys and with this information they could take the validator offline when it becomes a block proposal.

In a sophisticated way, The attacker controls the next validator proposer, taking all the MEV opportunities, for example.

In summary, no adversary should be able to link personally identifiable information to staking activities.

So we care about obfuscating the connection between a validator and its IP address.

For instance, stakers of a non-key-OSC wallet should have plausibility and ability in controlling a validator that proposes or attests to a particular block, for example, UFOFAQ restrictions.

How can the validator's sign-and-produce message be disassociated from the background node it originated?

Like everything in security, resolutions are found with many layers.

A comprehensive solution would include a mechanism of validator-proposer elections that protects the identity of the next proposer.

A network anonymity mechanism that doesn't mess with the current block proposing latency.

Zero-knowledge proof mechanisms like ZKSNARKs prove message credibility and spam protection, even to verify the legitimacy of a validator.

For instance, prove that they are unique and valid without revealing more information.

Ethereum Validator Privacy is an active area of research and discussion and the definitive answer still needs to be defined.

In addition, While some improvements might be shipped in protocol in the subsequent Ethereum updates, we are also considering implementing a consensus client opt-in obfuscation add-on.

in learning more, I invite you to look at this paper I will be publishing in the next days, where I'm summarizing the research on Ethereum Validator Privacy over the last years.

This document intends to be an overview of the many efforts from many talented researchers in these last years and some discussion of what could be next.

Finally, for updates Regarding this research and more, I invite you to follow me on my GitHub or Twitter.

For general scaling and privacy research IEF, mostly focused on ZKP applications, I suggest you to follow the PSC group on their GitHub, Twitter or Twitter.

Finally, if you're particularly interested in this research, feel free to leave any comment below in this case.

I'll take a look later on and I might respond accordingly.


Speaker 0: I'm Dr. Marina von Steintusch, also known as BIA or Bite Girl. And the doctor comes from a PhD in computational astrophysics from the University of New York. In the next 15 minutes I'll be talking about the following. First I'm gonna introduce myself so you have an idea of my background and why I'm interested in these problems and perhaps you are interested as well and you can join us or collaborate in some capacity.

Then I give you a summary about my research at the Privacy Skilling Solutions Group at Ethereum Foundation. And after that, I wish you a great weekend. I hope you have a lot of fun in Prague, the alchemist city. So let's begin. So this is the TLDR of my story.

Speaker 1: I was born in Brazil and since early age, 6 or 7 years old, I started playing with computers. My parents didn't have much money so I would

Speaker 0: sneak out my uncle's computer when he was not home. Later on, my mom was able to get me a painting too, and then the story began. I started coding and playing with several Linux distributions during my teens, but I was also very keen on physics and math. Even though I went to public schools my entire life

Speaker 1: in Brazil, I studied my ass off and

Speaker 0: I was able to be accepted at this top program, the engineering program at the University of Sao Paulo, the best university in Brazil. Right after that I got a full scholarship for a PhD in Stony Brook and in my last year of college in Brazil I also got a summer scholarship to spend a summer researching NASA, Golder Center in Washington, DC. When I moved to the

Speaker 1: US by myself, I bet in

Speaker 0: the hope of finding a better life than I had in Brazil and that was right after my dad was murdered

Speaker 1: in Brazil. In New York I took all the classes

Speaker 0: I could in theoretical physics, some math, grad courses and a lot of computer science courses.

Speaker 1: I wrote several papers. I wrote academic books on

Speaker 0: group theory, quantum theory, and quantum information. I researched and published papers in Los Alamos National

Speaker 1: Lab and the Brookhaven National Labs.

Speaker 0: And I also wrote a book on Python algorithms and data structures. I got really into code machine learning and hacking, So I decided to turn down an offer of postdoc at the Los Alamos Laboratory to get a job as a backend engineer at the security team at Yelp in San Francisco. That was when my career as an engineer started. Right after that, I worked at Apple

Speaker 1: in the

Speaker 0: CoreOS team. And then after a year in Cupertino, I became a nomad working at the Secure and Crowd team at Axie.

Speaker 1: At some point after that, I realized

Speaker 0: I need to find some personal answers regarding the meaning of life or myself and my existence. So I took a little gap time to travel the world as a nomad and I learned to surf. I went to places, awesome places to snowboard. I took a lot of pictures and I made some abstract droning videos of the places I visit. Even though the concept of home was always diffused for me, being officially homeless was most liberating and changed me forever.

When it was back to my passion of being a scientist and an engineer, I knew I could only work with purpose.

Speaker 1: I would choose where to work wisely.

Speaker 0: I joined Shopify during the pandemic because I admire Tobii and the impact that they had in the world. With Shopify, anyone could have their own business.

Speaker 1: And if my dad had those resources in Brazil when I was growing up, our lives would probably be different.

Speaker 0: At Shopify, I was 1 of the founders of the blockchain team and I became, informally, the head of blockchain engineer, helping to oversee NFT drops to some big partners and educating everyone regarding blockchains. Everyone regarding blockchains.

Speaker 1: I left that well-regarded position at

Speaker 0: the end of 2021 to go to the wild.

Speaker 1: I saw the decentralization and self-sovereign movement

Speaker 0: that we are creating, and I wanted to be part of it.

Speaker 1: Even though, if that meant go back to square 0. Since then, I worked at the

Speaker 0: field house, I developed MEV searchers, I learn smart contract security at

Speaker 1: the E-Money Phi. I trained the Phi agents with reinforcement learning.

Speaker 0: I support my own personal infrastructure for projects I care about. And most recently, I joined the great community at the Terrier Foundation with the Privacy and Scaling Solutions Group. Now at EF, I'm leading 2 projects. 1 is the validator privacy research, which I will be talking a little bit in the next minutes. And the other is on private information retrieval, the research of a protocol with cryptographic primitives that allow a user to

Speaker 1: retrieve information from database, from server, without revealing what

Speaker 0: they are trying to retrieve. Even though it's fascinating, I won't be able to discuss PIR in this talk, but I invite you to follow my work and follow the PSE group for future outreach in the subject. Now let's take the next minutes

Speaker 1: to actually talk about the research on validator privacy. Thank you

Speaker 0: and let's move on to my presentation.

Speaker 1: Hi, in this presentation I will give you the TLDR of our research on Validated Privacy at the Ethereum Foundation. With the advent of the merge in September of last year, the Ethereum network moved away from its original Proof-of-Work consensus mechanism to the implementation of Proof-of-Stake. Consequently, the chain was split into execution layer represented by the execution client and the beacon node, and the constants layer, represented by a constants client and a validator node. However, even though both clients are logically separate, they can still be run on the same machine and network address. 1 of the most significant consequences of this update was highlighting the role of validator stakers.

There are over

Speaker 0: 6, 100

Speaker 1: active validators in the Ethereum network at the time of this writing, holding over 90 million stake-in rewards. While stake-in rewards have significantly shifted to enterprise solutions such as validators of service, LSDs, staking pools, and centralized exchanges, solid-stakers contributions are essential to help preserve the sovereign and the decentralization ethos of the Ethereum project. The Ethereum 2.0 Biacon Chain, a ledger of accounts that coordinates how new blocks are created and validated in the chain, provides the heartbeat to Ethereum's consensus and introduces the network's consensus logic and block gossip protocol. While the validated client is responsible for credentials and consensus message, bringing the network to a consensus and a finalized state, the execution client is responsible for participating in the blockchain P2P network by subscribing and publishing message to gossipy sub topics and storing blockchain data. In this new paradigm, every 12 seconds a validator is randomly chosen to propose a block through a new slot.

The total number of validators is split up into committees and 1 or more individual committees are responsible for attesting to each slot. 1 validator from the committee is chosen to be the aggregator while the other 127 validators are just attesting. After each epoch defined by 32 slots or 6.4 minutes, the validators are mixed and merged in the new committees. Since the POS validation scheme requires validator public keys on the back-end chain to be known to everyone ahead of time, the validator ordering for slots is known by the network within the APOC. In other words, block proposals from APOC are revealed in that advance.

Why IP address revealing at the execution layer is inevitable? Attestation in blocks from validator nodes can leak information that allows an attacker to associate a validator ID with an IP address unless operators are using sophisticated measures. In addition, even though a validator can submit the consensus message to multiple background nodes, there is still risks of metadata analysis attacks, including the size of the message, frequency of broadcasting message, the timing of the message, joining or leaving subnet events, and packet or data size difference between attestation and other messages. If the validator IDs or wallet addresses on the consensus layers can be linked to the back on IP address, the validator operator could be anonymized, permitting consequences such as destabilizing the network, denial of service of block producers through things such as validators, sniping and solid stigmas disenfranchisement due to government government sanctions, for example, of FAC, or even owing of having their device stolen. A popular scenario discussed among researchers is of an attacker watching the Biacon chain network by running a node modified to gather the IP address of all connected peers when they broadcast at the stations.

The attacker can then create a database of IPs and public keys and with this information they could take the validator offline when it becomes a block proposal. In a sophisticated way, The attacker controls the next validator proposer, taking all the MEV opportunities, for example. In summary, no adversary should be able to link personally identifiable information to staking activities. So we care about obfuscating the connection between a validator and its IP address. For instance, stakers of a non-key-OSC wallet should have plausibility and ability in controlling a validator that proposes or attests to a particular block, for example, UFOFAQ restrictions.

How can the validator's sign-and-produce message be disassociated from the background node it originated? Like everything in security, resolutions are found with many layers. A comprehensive solution would include a mechanism of validator-proposer elections that protects the identity of the next proposer. A network anonymity mechanism that doesn't mess with the current block proposing latency. Zero-knowledge proof mechanisms like ZKSNARKs prove message credibility and spam protection, even to verify the legitimacy of a validator.

For instance, prove that they are unique and valid without revealing more information. Ethereum Validator Privacy is an active area of research and discussion and the definitive answer still needs to be defined. In addition, While some improvements might be shipped in protocol in the subsequent Ethereum updates, we are also considering implementing a consensus client opt-in obfuscation add-on.

Speaker 0: If you are interested

Speaker 1: in learning more, I invite you to look at this paper I will be publishing in the next days, where I'm summarizing the research on Ethereum Validator Privacy over the last years. This document intends to be an overview of the many efforts from many talented researchers in these last years and some discussion of what could be next. Here's a sneak peek of the paper. Finally, for updates Regarding this research and more, I invite you to follow me on my GitHub or Twitter. For general scaling and privacy research IEF, mostly focused on ZKP applications, I suggest you to follow the PSC group on their GitHub, Twitter or Twitter.

Finally, if you're particularly interested in this research, feel free to leave any comment below in this case. I'll take a look later on and I might respond accordingly.

Speaker 0: Thank you.

See all Parallel Polis transcripts on Youtube

Towards Validator Privacy and Private Information Retrieval / Dr. Marina Steinkirch