13

Metadata:

Medium Article URL: https://medium.com/sciecon-ama/on-the-mechanics-of-blockchain-security-5375a7ea2c43

Interviewee: Prof. Fan Zhang

Interviewer: Prof. Luyao Zhang, Xinyu Tian, Zesen Zhuang

Advisor and Chief Editor: Prof. Luyao Zhang

Resources:

YouTube Documentary: [URL]

I.About Prof. Fan Zhang

Figure 1: Prof. Fan Zhang

Dr. Zhang is an Assistant Professor in the Department of Computer Science at Duke University. His recent research interests include the security, privacy, and scalability of decentralized systems, in particular those enabled by blockchains and trusted execution environments (TEEs). His works have been featured in Forbes, MIT Tech Review, IEEE Spectrum, CoinDesk, BitcoinMagazine, and numerous other blockchain news outlets. Several of his works have seen industry uptake. He received Ph.D. in Computer Science from Cornell University, advised by Prof. Ari Juels. He is a member of IC3 and a recipient of an IBM Ph.D. Fellowship for 2018–2020. He received B.Eng from Tsinghua University, China. In his separate capacity, he does research at Chainlink Labs.

II.Question 1

Xinyu Tian:

Professor Fan Zhang, we read your article about the DECO, a privacy-preserving oracle protocol, and CanDID, a platform for realizations of decentralized identities. We realize that communication security and internet identity security are currently hot topics in cryptography and distributed networks. Your research results will significantly impact the future direction of network security technologies. So, we appreciate your participation in your AMA interview session.

Zesen Zhuang:

We believe that your pioneering work will benefit the development of blockchain and fintech and inspire scholars researching this field. Let’s get into our interview. Here is the first question. In your conference article, DECO, a privacy-preserving oracle protocol, and CanDID, you mentioned that some financial applications based on smart contracts would be difficult to implement without DECO. So how do you think blockchain and fintech like DECO will reshape how scholars do finance research and collaborate with practitioners?

Prof. Fan Zhang:

DECO essentially gives the ability to let smart contracts consume private data. For example, at DeFi [1] applications and particularly DeFi-based loans, if you want to take out a $100 loan, you need to put down a $200 collateral. This over-collateralization is economically inefficient.

Figure 2: Crypto Loans

The inefficiency comes from the difficulties of accessing credit history while protecting privacy. DECO overcomes the challenges by providing a privacy-preserving way to utilize financial records for risk assessments. Chainlink has licensed DECO. Our team is working on further developing DECO integrated DeFi Applications. Our work will revolutionize how people transact in DeFi. In my understanding, one of the fascinating things about working in this space is that industry and academia collaborate a lot. Professors are working with pioneers in the industry, and practitioners also care about academic research, which is rare in other disciplines.

Prof. Luyao Zhang:

Sounds very interesting! In Economics, professors start to collaborate more with practitioners in the area of Fintech. I’m impressed to learn from you the exciting story: From the very start, computer scientists have a natural collaboration between academia and industry on the blockchain. That’s very special!

Prof. Fan Zhang:

I think it’s a scarce opportunity for researchers. I can name many startups founded by researchers and many firms that have licensed technology from universities. I feel particularly excited about how fast adoption can happen in the blockchain world. It’s amazing.

III.Question 2

Xinyu Tian:

Thank you so much for sharing your ideas behind the DECO protocol and its potential application in the blockchain. It is exhilarating to hear about the rapid development of blockchain technology and the interdisciplinary research it stimulates. Here comes our second question: in your conference paper CanDID: Can-Do Decentralized Identity with Legacy Compatibility, Sybil-Resistance, and Accountability, you introduced the idea of empowering end-users with the management of their credentials, and you described CanDID as a platform for decentralized identity. What do you think about the current situation in cybersecurity in blockchain and decentralized systems?

Prof. Fan Zhang:

Just to clarify, I didn’t invent those visions. Decentralized identity or self-sovereign identity [2] was an existing idea that kind of goes back to the early days of the Internet. Let’s relate to your question: why does it happen now?

Figure 3: Decentralized Identity

The revolution comes from the emergence of new security and privacy technologies. The key technology that enables CanDID is blockchain technology, which has improved in recent years and advances in cryptography, among those especially believed to be impractical, such as multiparty computation [3], zero-knowledge proofs [4]. Those are expensive and powerful cryptographic tools. Until very recently, if you ask people about examples of MPC (multiparty computation), they will tell you that two millionaires want to compare who is more wealthy and don’t want to reveal their net wealth to each other. People have been working on such abstract examples for years because large-scale deployment was not there yet.

However, we have seen many advancements in this field in recent years, and CanDID benefits from those. With the powerful tools becoming more practical, we can build advanced systems such as CanDID and many more. The Great advancement in recent years in security and privacy technology enables all of this.

IV.Question 3

Zesen Zhuang:

Thank you for sharing your ideas in the cybersecurity aspect, which is also the issue that Dfinity is facing in its Internet Identity service. The last question of this interview is about the internet computer itself. The Internet Computer is the first frictionless blockchain with web speed and internet-scale throughout the world. It extends the functionality of the public Internet so that it can host backend software, transforming it into a global computing platform. Do you think IC, or any other decentralized technology, can solve the Blockchain trilemma (decentralization, scalability, security)? How do you think the IC can empower the financial industry?

Prof. Fan Zhang:

I try not to discuss fluffy stuff like trilemmas because Blockchain solves the trilemma by making certain compromises. I don’t know Dfinity well enough to comment specifically, but I don’t think there’s fundamentally an exception. I think the discussion of this type has to be more precise and more concrete. It’s exciting to see new platforms like what Dfinity is launching and driving the development in that direction.