Tian Gong

@digi_james @aniketpkate @PurdueCS Thanks James!

@aniketpkate @esnie17 @PurdueCS Congratulations @esnie17 !!

Congratulations to @esnie17 on the successful defense of her Ph.D. thesis titled "Relax the Reliance on Honesty in Distributed Cryptographic Protocols" at @PurdueCS This thesis is a culmination of her arduous efforts over the last five years combining ideas from game theory, cryptography, and distributed computing. These results are foundational to the different Web3/DeFi sub-systems. Check out her research at ttiangong.com

@akhilsai2712 @aniketpkate @PurdueCS Thanks Akhil!

@aniketpkate Thanks! I did not realize it actually took this much time. Arxiv has the simplified version. We should be uploading the current version in a month.

Our paper 'More is Merrier: Relax the Non-Collusion Assumption in Multi-Server PIR' (arxiv.org/abs/2201.07740) led by @esnie17 got accepted to IEEE S&P 2024 recently. (w/ Ryan Hnery, n Alex Psomas) The journey of this paper has been long and is indeed worth sharing. [1/n]

@cronokirby eprint.iacr.org/2022/035 treats a secure blockchain infrastructure as oracle and allows the simulator to peek into a very near future

This scheme is secure against adversaries with a quantum computer, but what about adversaries with a time machine?

@socrates1024 hawk? they seems to stabilize their heads unless vision changes

What's the animal mascot between bull and bear that best embodies the Efficient Market Hypothesis, aggressively sideways, proclaiming "today will be the exactly the same, unlike yesterday or any of the pior days either"

@sanket1729 @paddypisa @dankrad @evan_van_ness @adam3us so the wrestle is now between users (whether to renew the transactions they have created after undercutting happened) and the undercutter (whether to not even start undercutting)

@paddypisa @esnie17 @dankrad @evan_van_ness @adam3us Namely re-org replayabilty.

@sanket1729 @paddypisa @dankrad @evan_van_ness @adam3us i see. thanks for pointing this out. The two mitigations both have an embedded assumption that new transactions are "necessary" or "game-changing-ly important". To undercut is to forsake at least some new transactions appearing during a certain time window

@sanket1729 @dankrad @evan_van_ness @adam3us @paddypisa please correct me if i'm understanding it wrong. so one possible scenario is that at time t0, we have 10B pending transactions with block size limit being B. A potential undercutter does not need to use new transactions as enough ingredients are in the pool

@esnie17 @dankrad @evan_van_ness @adam3us @paddypisa This means that the fees from the newer transactions cannot be undercut by a previous block. And extending the longer chain has the availability to a larger set of mempool transactions. Of course, concrete analysis needs to be done. But this is seen a potential mitigation

@dankrad @sanket1729 @aniketpkate @evan_van_ness @adam3us @paddypisa yes. The miners joining are also considered in probability calculation. Just for example, by the end of page6 for D=1 case, the x proportion of flexible rational miners are boosting the fork's winning probability

@sanket1729 @aniketpkate @evan_van_ness @adam3us @paddypisa If I produce a block on either chain, that chain is ahead, increasing the probability that it wins massively, right?

@dankrad @sanket1729 @evan_van_ness @adam3us @paddypisa I'm really thankful for your feedback back then. you may as well check the abstract, early introduction and related work if still interested, to have a high level idea of the new model

@sanket1729 @evan_van_ness @adam3us @paddypisa I had an extensive discussion about this with the authors back when the initial paper came out. I honestly think their model was wrong back then, and they never came back to me. Just saw the updated version, to be fair I haven't read it in detail yet.

@dankrad @sanket1729 @evan_van_ness @adam3us @paddypisa That's why the undercutter can always undercut. Because there are few fees remaining, which makes extending the undercutter's chain more promising. We also allowed the undercutter to attack all the time in the previous model. But we applied conditions in the new model.

@sanket1729 @evan_van_ness @adam3us @paddypisa Unfortunately, that paper comes way short of the original paper. As a simple example, in their model, a rational miner, when faced with two chains of the same length, follows the earlier one, rather than the one with more fees left over (and where their block can thus earn more).