SBC 22: Subject Notes From Science of Blockchain 2022


Subject notes is a collection the place we report on the bottom at vital trade, analysis, and different occasions. On this version, a number of the a16z crypto crew members in attendance rounded up a set of attention-grabbing talks, papers, slides and extra from the DeFi Safety Summit 2022 (Aug. 27-28), the Science of Blockchain Convention 2022 aka SBC 22 (Aug. 29-31), and numerous affiliated workshops (Aug. 28-Sept. 2), all of which passed off at Stanford College final month.

1. Science of Blockchain Convention 2022

The Science of Blockchain Convention focuses on technical improvements within the blockchain ecosystem, and brings collectively researchers and practitioners working within the house throughout cryptography, safe computing, distributed methods, decentralized protocol growth, formal strategies, empirical evaluation, crypto-economics, financial threat evaluation, and extra. The occasion is co-chaired by Stanford professor (and a16z crypto senior analysis advisor) Dan Boneh; a16z crypto head of analysis Tim Roughgarden was additionally on this system committee and gave an invited speak on the paper we shared with readers in our final e-newsletter.

Right here’s a fast mixture of a few of our crew’s discipline notes, hyperlinks, and themes from SBC 22 in addition to a few affiliated workshops – together with the “science and engineering of consensus” workshop (Aug. 28) and one other on most extractable worth, or MEV (Sept. 1) – in no specific order:

  • Peiyao Sheng on an evaluation of various blockchain protocols, determining which have higher forensic assist that helps detect a validator’s misbehavior with proof (paper)
  • Pratyush Mishra’s speak on arkworks, a Rust ecosystem for zkSNARKs that’s used extensively in lots of crypto challenge implementations (GitHub)
  • Srivatsan Sridhar on altering the obtain rule in longest chain consensus in an effort to mitigate bandwidth congestion throughout spamming assaults on the community (paper)
  • Ari Juels and Mahimna Kelkar’s talks on defending in opposition to adversarial tampering of transaction ordering, and a scheme for imposing honest transaction ordering (workshop summary, paper)
  • Ethereum cofounder Vitalik Buterin on responding to — and surviving — 51% assaults (attendee tweet with slides)
  • David Tse on reusing Bitcoin hash energy to boost the safety of PoS chains (paper)
  • John Adler’s speak on accountability — on this case, the power to determine and punish attackers — in PoS methods (workshop summary)
  • Phil Daian on the evolution of the MEV “darkish forest,” protecting every little thing from the frontrunning downside’s theoretical define, to its preliminary identification in his Flash Boys 2.0 paper, to the emergence of the MEV analysis group Flashbots, to present-day concerns referring to transaction censorship resistance and creating a sturdy builder and proposer marketplace for transaction bundles post-Merge (workshop summary / slides)
  • A theme: “uneven and subjective belief assumptions (not all nodes are equally trusted, not all nodes belief equally) and view-based protocols (nodes interpret their view of the state domestically, and finally a view-merge determines canonical DAG aka directed acyclic graphs, fork alternative, and so forth.)” [a related paper]

watch the displays: day 1, day 2, day 3

2. Utilized ZK Workshop (a part of SBC 22)

After the Science of Blockchain Convention wrapped, the Utilized ZK Workshop (Sept. 2) introduced collectively researchers and builders for another day of studying and dialogue on the most recent developments within the zero information (ZK) ecosystem. Audio system lined every little thing from new circuit primitives and digital machine (VM) architectures to making sure safety by means of verification and auditing.

Formal strategies for ZK methods have been an necessary merchandise on the workshop’s agenda, centered on fixing a widely known challenge: when a ZK system malfunctions after deployment, it’s tough to search out and repair the basis trigger. It’s crucial to confirm the correctness of ZK methods at compile-time, and formal verification is usually a nice assist. A variety of formal strategies researchers are presently engaged on this downside, and some mentioned their work:

  • Junrui Liu introduced ongoing work on formally verifying the useful correctness of the circom circuit library utilizing a proof assistant Coq, and Yu Feng launched Picus, a static evaluation instrument that robotically verifies sure crucial properties (e.g., circuit uniqueness) for a given R1CS circuit
  • Eric McCarthy mentioned his crew’s “verifying” compiler for Leo, a compiler that robotically produces a proper proof of correctness, guaranteeing that the compiled R1CS circuit is equal to the supply Leo program

And extra highlights from the occasion:

  • Yi Solar and Jonathan Wang introduced their halo2 implementation of key elliptic curve operations together with multi-scalar multiplication and Elliptic Curve Digital Signature Algorithm (ECDSA) signature verification (as a followup to their work on elliptic curve pairings in circom); particularly cool: the configurable prover-verifier time tradeoff achieved by modifying the form of the PlonKish circuit matrix (a wider [taller] desk results in decrease [higher] prover prices however larger [lower] verifier prices)
  • Bobbin Threadbare took us on an insider tour of Polygon Miden’s zero-knowledge STARK-based VM; not like different ZK VMs, applications are fed in as Merkelized summary syntax bushes (MAST) of the directions, bettering each effectivity and security (slides)
  • Nalin Bhardarj mentioned implementing recursive SNARKs in circom, a robust method discovering its manner into different ZK functions, together with rollups; pairings in circom allow verification of Groth16 SNARKs inside the circuit itself, which, in flip, allows extra scalable aggregation (one after the other vs. suddenly) and permits a prover to point out information of a reality with out understanding the precise reality themselves (the prover is on either side of the zero-knowledge property now)!
  • Aayush Gupta introduced a brand new scheme for deterministic nullifiers that enable ZK functions to restrict customers to a single motion, like claiming an airdrop (slides)
  • Uma Roy and John Guibas introduced their work on placing gentle shoppers on-chain by verifying consensus by means of zk-SNARKs; the result’s Tesseract, a prototype ZK bridge between ETH2 and Gnosis that has improved safety and censorship resistance

view the total agenda

3. DeFi Safety Summit (preceded SBC 22)

Simply earlier than the Science of Blockchain Convention kicked off, quite a lot of safety researchers and practitioners gathered on the first annual DeFi Safety Summit to debate reflections on previous safety incidents and safe growth processes, to safeguards resembling bug bounties and insurance coverage.

Some fast notes on themes, with hyperlinks to talks:

  • Kurt Barry, Jared Flatow, and storming0x defined their safe good contract growth follow at MakerDAO, Compound, and Yearn, respectively; a typical theme was the Swiss cheese mannequin, which layers collectively numerous complementary safety measures
  • Christoph Michel mentioned the evolution of worth manipulation assaults (with an attention-grabbing CTF problem as a bonus!) and Yoav Weiss defined numerous bridge exploits
  • Mitchell Amador preached the significance of robust incentives for getting extra safety expertise to maintain this house secure
  • There have been panel discussions on numerous matters resembling time-weighted common worth (TWAP) oracle safety after the Merge in addition to on modularity and upgradability
  • One other theme was setting right expectations for auditing practices; ommon messages from auditors have been that as an alternative of “audits”, they need to actually be known as “time-boxed safety evaluation” in addition to the remark that auditing engagements “are extra alignment slightly than legal responsibility
  • Builders expressed issues about widespread auditing weaknesses resembling lengthy lead instances and inadequate incentives to safe codebases; Sherlock proposed an attention-grabbing method that might tackle these points by combining the effectiveness of audit contests and legacy audits to get the “better of each” worlds

view the total agenda (with hyperlinks to some talks)

watch the displays: day 1, day 2

Editors: Robert Hackett (@rhhackett) and Stephanie Zinn (@stephbzinn)


The views expressed listed below are these of the person AH Capital Administration, L.L.C. (“a16z”) personnel quoted and are usually not the views of a16z or its associates. Sure data contained in right here has been obtained from third-party sources, together with from portfolio firms of funds managed by a16z. Whereas taken from sources believed to be dependable, a16z has not independently verified such data and makes no representations in regards to the present or enduring accuracy of the data or its appropriateness for a given state of affairs. As well as, this content material could embrace third-party ads; a16z has not reviewed such ads and doesn’t endorse any promoting content material contained therein.

This content material is offered for informational functions solely, and shouldn’t be relied upon as authorized, enterprise, funding, or tax recommendation. It is best to seek the advice of your individual advisers as to these issues. References to any securities or digital property are for illustrative functions solely, and don’t represent an funding suggestion or provide to supply funding advisory providers. Moreover, this content material isn’t directed at nor supposed to be used by any traders or potential traders, and will not below any circumstances be relied upon when making a call to put money into any fund managed by a16z. (An providing to put money into an a16z fund will likely be made solely by the non-public placement memorandum, subscription settlement, and different related documentation of any such fund and needs to be learn of their entirety.) Any investments or portfolio firms talked about, referred to, or described are usually not consultant of all investments in automobiles managed by a16z, and there might be no assurance that the investments will likely be worthwhile or that different investments made sooner or later can have comparable traits or outcomes. A listing of investments made by funds managed by Andreessen Horowitz (excluding investments for which the issuer has not offered permission for a16z to reveal publicly in addition to unannounced investments in publicly traded digital property) is on the market at

Charts and graphs offered inside are for informational functions solely and shouldn’t be relied upon when making any funding determination. Previous efficiency isn’t indicative of future outcomes. The content material speaks solely as of the date indicated. Any projections, estimates, forecasts, targets, prospects, and/or opinions expressed in these supplies are topic to vary with out discover and will differ or be opposite to opinions expressed by others. Please see for extra necessary data.


Please enter your comment!
Please enter your name here