The Mathematical Breakthrough ‘Nillion’: Panel Hosted By Hidden Forces Podcast and UPenn - TLDR transcription
You can watch full video here:
https://www.youtube.com/watch?v=JdxjbJ3gDmA
Demetri: What is Nillion and how is it different from blockchain?
From the beginning Nillion was conceived as a compute layer not just storage. The other difference is that Nillion is a secure compute layer and that means that the nodes can have information from the different dealers but that information is not available to them. They cannot see what they're holding and they cannot see what they're processing but still they can process that information and compute the outcome ofcomputations such as authentication.
Nillion actually means 'a whole lot of nothing' and so what's stored on the network is literally a whole lot of nothing. We are literally on The Cutting Edge of creating a fast, secure decentralized computation Network.
Demetri: What is secure multi-party computation (MPC)? And why is Nillion so transformational?
Dr. Miguel de Vega:
One example would be signatures: I have a private key that allows me to sign a transaction and instead of having the private key in my device I split it into pieces using SMPC. Then send one piece to each one of these nodes in such a way that the nodes cannot get back to the private key from the piece they have. That's a mathematical property called information theoretic security (ITS). So I'm able to get them to sign messages for me and now I take transaction, break it again into pieces I send it to the nodes. Now each node has a piece of that transaction and of the private key and now the signing process comes.
Another example would be solving the Millionaire's problem.
But the thing is that in traditional SMPC algorithms require the nodes to exchange messages. Nodes have to send messages to each one of the other nodes in the network and has to receive a message from each one of the other nodes in the network. A lot of time gets lost in the communication and that's the major problem with SMPC. because it means that for very simple computations it's already taking a lot of time and communication is very expensive. That's why the only real applications of SMPC so far have have been niche applications where the algorithm was very simple.
Demetri: How does it work that you're able to hide data without encrypting it?
Encryption is a form of information hiding that comes from part of cryptography that is based on Computational Theory. It's based on the fact that there are some problems which are very hard to solve and you put the problem between the attacker and the the information that you want to protect. The only way for them to get to the data is to hack or to solve this problem which is very hard.
But it's not the only way, you can create cryptographic Primitives from a different corner of maths that is called Information Theory. The trick here is not to play with the difficulty of a mathematical problem but rather to not to expose information to the attacker. Alter the information to delete traces of data so that the attacker with an infinite computational power and quantum computers cannot do anything with that encrypted message because there is no information there to exploit.
Demetri: What are some examples of areas where SMPCis currently used in the real world?
It's been used for anti-money laundering. Different banks know something different about their customers but there's regulations preventing those banks to talk to each other. So they create an algorithm that is able to assess the risk of money laundering based on the information that is available at both ends.
Another example would be cross referencing data in Estonia. They found out that the students were failing a lot and they were thinking is that because they're stupid or is it because something else. Then they cross-reference that information with the tax records to check if they were working. In the end they confirmed that was the reason why students were failing indeed was that there were working while studying.
What's interesting is that in the 80s when Computing was developing immediate thought was how to create trust between people with computers? Immediately they came up with this theorem called secure multi-party computation. It could compute data, even without us knowing what the data was, and get a result where if a certain percentage of all came up with the correct answer then the the resulting computation would be correct.
That is what we call Byzantine fault. It actually underpins blockchain and decentralized computing in general. Then from another stem of thinking originated blockchain which then crystallized at 2008. There are big businesses like Fireblocks that have been offering some use cases but SMPC has been in the background . Now we're reaching a convergence because blockchain created transactions and that was the tip of the spear into the the public consciousness of decentralized and distributed trust in computing. But to calculate computations in transactions per sections doesn't make sense.
Nil message is a way to compute where you don't have the restrictions of having to send many messages to each of the nodes. In a decentralized permissionless network we would never have to talk to each other to agree to a computation as long as two thirds were honest and that'sthe Byzantine Rule.
From the blockchain chain side we borrow permissionlessness, decentralized trust and tokens. So it's the merger of the two creating something that the world has never seen before.
What's interesting is that SMPC has been recognized as a very valuable piece. Scalability and computation issues has always been holding that technology back and not allowed it to grow in the same way that blockchain has. It hasn't been able to be the tip of the spear because you couldn't scale. You couldn't use it in a way that was effective because of all the messaging that would take place. Nil Message Compute (NMC) takes the asynchronous computation part from blockchain, where not all the nodes have to be doing the same thing at the same time to complete a calculation. That's one of the the improvements that NMC has added. It's taking something that people recognize as secure way to compare pieces of information and freeing it from that scalability issues.
Demetri: how you guys manage to eliminate the need for internode messaging?
We use two Primitives. Number one is linear secret sharing - it's the mechanism to share secrets with some nodes. We use that to hide randomness that we call blinding factors. Linear secret sharing takes care of operating in a in an environment where some actors are bad. The other primitive is one-time masking. It doesn't need to do to deal with that problem so it gets more degrees of freedom for efficient computing. We require both primitives to be ITS.
If I have a secret I'll take from the network the pieces to reconstruct the randomness using the linear secret sharing and then I'll use that randomness to mask the information. From my data I will get a particle and then as I'll send that particle back to the network. and now that particle represents my data but doesn't have any traces of it. You can operate with it as if you were operating with the with the secrets directly.
Thing about NMC is that we can run calculations against that information while it's in that secured form. When you think about encrypted information you have to decrypt that information then run an algorithm or calculation and then encrypt it again. In terms of computational capacity the requirements for it and the time that it takes to do that is nowhere near Nillion.
Question from the audience: How does Nillion scales?
There is messaging during two phases. The phase where you distribute your particles takes place in parallel. And then the phase when the computation has finished and there is a particle that represents the output of that computation held by each one of the nodes. They send those particles over to designated node, which gets to reconstruct the result in parallel. It doesn't affect computation because it takes place without any message exchange. The only thing that would be affected is the cost of storage because you would need more nodes. Essentially you can scale in number of nodes which gives you more security at no price.
Question from the audience: Do you see any kind of regulations in the U.S that could stop what you're trying to do?
Andrew Masanto: One of the cases that we're building initially is GDPR compliant decentralized KYC where you have right to be forgotten.
Question from the audience: What's the biggest adversary that you see in terms of security?
The problem that I have is at the client level, front door attacks. That kind of attack is very hard to address and there's no silver bullet.
Question from the audience: who are these nodes that you're talking? What is the incentive or the motivation for someone to be having a node on your system?
We are building a permissionless network so any anybody could be a node. In terms of the structure there's going to be two different types of nodes: light nodes and full nodes. Light nodes are the holders of particles and full nodes which are going to be governed by DOW support score and a node health factor. Anyone can be a light node and to be a full node it's going to be the really good actors that are known and that are supported by decentralized network.
We are going to use staking as a mechanism to align incentives.As a node you will have to stake tokens and you are putting those tokens at risk depending on the behaviors that you take.
On top of that there is an incentive structure for nodes that are on the network where they will receive compensation in order to run a node.
Question from the audience: Would you need to go through some sort of authentication to be a full node ?
I think we would maybe bootstrap it like that but over time it will be down to how much you're staking, what your availability is, how many uh times been flagged.
Question from the audience: How does the network resolve node failure?
The way to prepare the network against failures which is not malicious in nature is to add redundancy. To improve the high availability of the network the particles are replicated across multiple nodes. If one node goes down with a share that share will be available from another node that has the same copy.
Question from the audience: how are you thinking about the overall approach of getting people to understand how transformative Nillion is?
I genuinely think that eventually it's going to come down to utility and use and not to the technology. It will be a factor of education about that and a simpler narrative as to how to express the coolness of this technology and narratives to get people excited.
It is embedded in the DNA of our project that we are building an ecosystem around this so Nillion is an infrastructure layer that we're building out. We're also building an entire ecosystem of bringing in what we call Founding Entrepreneurs.
Question from the audience: Is the objective for you to make moneyout of this project or are you going to be public good?
Andrew Masanto: We are building the base layer and we are incentivizing people to build off the off the network. The entrepreneurs who build off the network keep all their equity for themselves. They can build for-profit or not-for-profit. I see it working more like the Ethereum Foundation.
Question from the audience: Where does the data travel after the computing is done?
you can think about Nillion as being an off chain layer because it's not a blockchain. Because Nillion has its own consensus mechanism which doesn't require messages to be exchanged you can just finish the computation deliver it to whomever wants to consume it and that's the end of it
Question from the audience: How the particles can be processed while separated without any node interaction?
In essence the idea is to add some blinding factors to the data so that the data is protected but those blending factors. They are going to disappear as you operate the data and what you end up with is the multiplication and addition of the secrets which is the actual result from the computation.
The next 24 months for Nillion
what I want is for one, but hopefully more, usecase to propagate the other usecases and then an ethereum-like effects happens. Hopefully within 24 months you start having these really interesting usecases pop up all over the network and then it becomes This Global Network of nothing.