Taking ZK IRL with Cursive
Released Wednesday, 12th February 2025
Taking ZK IRL with Cursive
Taking ZK IRL with Cursive
Wednesday, 12th February 2025
Episode Transcript
Transcripts are displayed as originally observed. Some content, including advertisements may have changed.
Use Ctrl + F to search
0:01
Welcome to Zero Knowledge,
0:04
I'm your host Anna
0:06
Rose. In this podcast
0:09
we will be exploring
0:11
the latest in Zero
0:14
Knowledge Research and the
0:16
decentralized web, as well
0:19
as new paradigms that
0:21
promise to change the
0:24
way we interact and
0:27
transact online. Nico and
0:29
I chat with Andrew and Vivic from
0:31
Cursive. We catch up with them about
0:33
what led them to start working
0:35
on a series of activations and
0:38
experiments using programmable cryptography.
0:40
We map out the timeline of these
0:42
activations. Often they were part of in-person
0:44
events, including events like ZK Summit 11
0:46
and ZK Summit 12 last year. They
0:49
walk us through some of the challenges
0:51
and also insights they had. as they
0:53
speed ran the deployment of
0:55
experimental applications using experimental libraries
0:58
with real users. cursive is one
1:00
of the teams I feel are on the
1:02
edge of the application development front in ZK
1:04
and in the adjacent fields like MPC and
1:07
FHE and they've been working on some
1:09
concepts that I think could be quite powerful
1:11
in the future. Concepts like passively sharing digital
1:13
signals from private user devices or what they
1:15
call digital pheromones as well as the idea
1:18
of narrow casting. Nico and I have actually
1:20
mentioned these concepts before on the show, so
1:22
it's great to get a chance to catch
1:25
up with the team who invented them.
1:27
Now before we kick off this episode, I
1:29
want to share a few things from our
1:31
ecosystem. First, if you haven't seen it yet,
1:33
ZK Summit 13 is happening in Toronto on
1:36
May 12th. Applications to attend just opened. Space
1:38
is more limited than usual this time around,
1:40
as our venue caps out at around 400,
1:42
so we are encouraging people who really want
1:44
to join to get their spots secured early.
1:47
It is invite only and we do prioritize
1:49
previous attendees and long-term members of the ZK
1:51
community. So if you're newer and you really
1:53
want to join, just aim to apply early
1:55
for a better chance of getting a spot.
1:58
The application to speak can be found. the
2:00
same form. The deadline to apply to
2:02
speak is March 15th. Next up on
2:04
the ZK Hack front, if you don't
2:06
know ZK Hack as a hub for
2:08
learning about ZK, if you're just getting
2:11
into the space, this would be a
2:13
really good place to check out. One
2:15
of our projects there, the ZK Whiteboard
2:17
sessions, just wrapped up. We released our
2:19
final two modules in the past month.
2:21
These were hosted by Dan Bonet. They
2:23
were focused on Fry and Proximity Proximity.
2:25
We also completed our first study group
2:27
that went through these videos kind of
2:30
in detail, but we are looking to
2:32
launch a new one in the coming
2:34
months focused just on these Frye modules.
2:36
So if that's interesting for you, be
2:38
sure to head over to the ZKHAC
2:40
Discord. I'll add the link to that
2:42
and show notes. That's where we organized
2:44
the study groups. I also just want
2:46
to mention that ZKHAC Soul has been
2:49
unfortunately postponed. We weren't able to secure
2:51
the venue that we needed, and so
2:53
we've decided not to do the event
2:55
this year. In the meantime, though, we
2:57
are hosting ZKHAC meetups in Sophia around
2:59
the ZK Proof's event and in Denver,
3:01
right around the East Denver event. We
3:03
are also developing our next hackathon. It
3:05
will probably be in Berlin in June,
3:08
around the Protocolburg and DAPCon events. We'll
3:10
be sharing more over on the ZKHAC
3:12
channels in the lead up to that.
3:14
So I think that wraps up all
3:16
the upcoming events. Hope to see you
3:18
at some of these. Now, here's our
3:20
episode with Andrew and Vivic from cursive.
3:25
Today, Nico and I are here with
3:27
Vivic and Andrew from Cursive. Welcome both
3:29
of you to the show. Excited to
3:32
be here. A longtime ZK podcast fan
3:34
boy. Oh, I'm so glad. Nico, thanks
3:36
for joining. Hello. Hello. This episode is
3:39
a long time coming. We have actually
3:41
been trying to schedule it for the
3:43
last two months or so. Niko, you
3:45
and I, we did an episode back
3:48
in October where we talked a little
3:50
bit about some of the cursive activations
3:52
and experiments. And then in our end
3:55
of year episode, we also mentioned what
3:57
you guys had been up to. So
3:59
yeah, it's so good to have you
4:02
on so we can act. dig into
4:04
all of these events that you've been
4:06
present at and what you're thinking in
4:08
terms of using programable cryptography in the
4:11
real world. So let's kick off with
4:13
a little backstory on the two of
4:15
you. Where did you get your start?
4:18
What got you excited about this? And
4:20
maybe at what point did your path
4:22
start to merge? Vivic, let's start with
4:25
you. Yeah, so back in 2016 was
4:27
the first time I started doing cryptography
4:29
work. I was part of this like
4:32
a research program at MIT where I
4:34
was paired with some grad students to
4:36
work on computer science projects and they
4:38
just like randomly slotted me into cryptography.
4:41
And yeah, I like started out doing
4:43
some stuff with consensus alternatives like proof
4:45
of space, so very crypto economic, but
4:48
involved cryptography, mercal trees. And then I
4:50
did some authenticated dictionary work with Olean
4:52
Tamasku, who I think has actually been
4:55
a guest on the show as well.
4:57
Oh yeah. Yep. So we worked together
4:59
for two, three years using KZG commitments
5:01
for like authenticated dictionaries and then kind
5:04
of just dropped off cryptography for a
5:06
while because I kind of thought, I
5:08
don't want to be an academic and
5:11
everything in industry seems like it's weird
5:13
crypto scams or something. Like it was
5:15
like during like an FT craze. And
5:18
I like briefly interned at like a
5:20
crypto trading firm and I was like,
5:22
this is degeneracy, I don't want to
5:25
do this. Crypto is scary and weird.
5:27
That is true. Absolutely. And that has
5:29
like the exact same process when I...
5:31
Yeah, studied cryptography and then it was
5:34
like, I can't get into all this
5:36
crypto scam nonsense. Yeah. Like I have
5:38
to work somewhere else. No, exactly. And
5:41
then I did like machine learning research
5:43
for a few years at MIT and
5:45
then near the end of graduation. One
5:48
of my best friends at Yish who's
5:50
also been a guest on the show,
5:52
he's like good friends with Brian Gu,
5:54
the founder of Xerox Park. I think
5:57
they go back to like high school.
5:59
Okay. And he told me they were
6:01
spinning up this new. They're doing this
6:04
weird ZK thing and I was like,
6:06
what is this? Like, you know, it's
6:08
probably another crypto scam. And then I
6:11
started reading the Vitalic blog posts and
6:13
I was like, oh my God, this
6:15
is like KZG commitments. Like, this is
6:18
the same stuff I was doing. It's
6:20
just like applied in a different way.
6:22
And so yeah, I basically started with
6:24
them in like late 2021, early 2022
6:27
doing some initial experiments around anonymous speech.
6:29
Nice. So that was Xerox park. What
6:31
were you, I mean, were you helping
6:34
out? as an employee or were you
6:36
just kind of learning along, were you
6:38
kind of a resident? I actually don't
6:41
know how it was structured back then.
6:43
Early on I think it was structured
6:45
very similar to PSC in that it
6:47
was essentially like giving out a bunch
6:50
of grants. A lot of them were
6:52
like Bryan's ideas for various projects he
6:54
wanted to see, including the stuff that
6:57
I was working on, like anonymous speech
6:59
was something that he was championing for
7:01
a while. Okay. So I was just
7:04
a grantee there for. About a year,
7:06
and then I was briefly a full-time
7:08
employee working on SU pass. Were you
7:11
there during like the Dark Forest era
7:13
or did you join after that? No,
7:15
I was not. I like knew it
7:17
was happening. I'd like known Brian from
7:20
some other programs and I knew they
7:22
were working on it, but I was
7:24
not involved with Dark Forest. Okay. And
7:27
what about you Andrew? How did you
7:29
get your start? I guess I had
7:31
a less involved past with cryptography with
7:34
cryptography. I never studied cryptographyography. in college,
7:36
but one of my friends from doing
7:38
math together kind of reminded me that
7:40
programmable cryptography existed. He's basically like, oh,
7:43
this ZK thing is really cool. You
7:45
should go check it out. And I
7:47
was completely fascinated. This was maybe in
7:50
2023. Okay. In the springtime. Yeah. So
7:52
quite recent, actually. And I got into
7:54
it purely from the math side. I
7:57
was like, this is completely magical. the
7:59
idea that you can prove things with
8:01
revealing any extra information is completely absurd
8:04
and it makes no sense and the
8:06
fact that it's just built on algebraic
8:08
objects and numbers is incredible so that's
8:10
kind of what drew me in at
8:13
the beginning and after a little while
8:15
I was like okay this is really
8:17
cool I want to work on this
8:20
for a little while let me go
8:22
meet some people in the space
8:24
first I joined a PSE project for
8:26
a few months. It's working on
8:29
identity wallets for a bit, based on
8:31
zero knowledge proofs. And then afterwards,
8:33
I went to meet a bunch of
8:35
people who were working in ZK. I met
8:37
Lockshman from Persone. I don't know
8:40
if he's been on the show,
8:42
but Lockshman and I had a
8:44
conversation where we were talking about
8:46
how... ZK enables people to express themselves
8:48
differently, how it can be connected
8:50
to identity in the physical world.
8:53
One cool concept we toyed around
8:55
with was the idea of being
8:57
able to change an outfit or
8:59
wear different pieces of clothing and
9:01
basically become a different person, have
9:03
different identity personas. And from
9:05
that, Lachshman was like... Okay, I
9:08
know someone else who has similar
9:10
thoughts or is thinking in similar
9:12
directions and that's when he introduced
9:14
me to Vivik and we've been
9:16
working together since then. Oh, cool.
9:18
Vivik, you were doing Zu Pass. You sort
9:21
of just mentioned that. This is Zuzalo Zu
9:23
Pass? Yep, same one. So I guess, did
9:25
you guys meet after that? Yeah, so I
9:27
was, yeah, working on the Zu
9:29
Pass team. And actually I think
9:31
we're cursive, like, like, like, properly
9:33
started Zuzalu Zuzulu. There I met
9:36
Rachel who's like currently like one
9:38
of the co-founders and like our
9:40
head of design. She had been
9:42
working at PSC for a few
9:44
years like helping with design for
9:46
a bunch of projects there and
9:48
I also met Althea who was like
9:50
a core member of our team during
9:52
the early stages like also kind
9:55
of a design and like Com's
9:57
background and so like it was near the
9:59
end of Zuzalu where we all kind
10:01
of met and built out kind of
10:03
an initial NFC experiment using like signatures
10:06
and NFC cards which we can get
10:08
more into in a bit and then
10:10
I think that was like May 2023
10:12
and I met Andrew like July 2023
10:14
over video call. I actually when I
10:17
first called Andrew I first called Andrew
10:19
I thought he like thought what we
10:21
were doing was really boring like I
10:23
was like oh I don't think I'm
10:26
ever got to talk to him again
10:28
that's unfortunate. Did you find it boring
10:30
Andrew? No, no, I thought it was
10:32
awesome. Otherwise I probably would not have
10:34
reached out again. That's hilarious. I didn't
10:37
know that. Cool. You also had long
10:39
hair. I never actually saw a long
10:41
hair Andrew in person. I just saw
10:43
it over that morning. I did have
10:46
really long hair and video. There's very
10:48
few people in the ZK space who
10:50
have seen that rare version. Before we
10:52
dive into cursive, because that's kind of
10:55
what I want to cover primarily in
10:57
this. episode cursive in the experiments you've
10:59
run. I don't know if we've ever
11:01
talked about zoo pass on the show
11:03
and it might be worth it to
11:06
talk a little bit about what that
11:08
was because yeah this is like at
11:10
Zuzalu that two-month pop-up city kind of
11:12
the first one that prompted I mean
11:15
since then there's been lots of variations
11:17
and and I think there's news Zuzalu's
11:19
in different places but yeah there was
11:21
this zoo pass so maybe tell us
11:23
a little bit about what that was.
11:26
Yeah, definitely. So I was one of
11:28
the first two devs on the team
11:30
and I was there for sort of
11:32
like roughly the founding of it. I
11:35
would not call myself a founder, but
11:37
like I was basically just like hanging
11:39
out with Brian around the time when
11:41
he was coming up with the concept
11:43
for Zupas and he was like, do
11:46
you want to work on this? And
11:48
I was like, yeah, let's do it.
11:50
And yeah, I mean, I would say
11:52
it's basically an identity wallet that I
11:55
think it's innovation as far as I
11:57
can understand is like. they targeted a
11:59
specific in-person event and also one that
12:01
was very friendly to trying out new
12:03
technologies. Yeah, we're able to sort of
12:06
like digitize a bunch. various like tickets
12:08
that were involved with events and like
12:10
other kind of like data for citizens
12:12
of Zuzalu or other sort of like
12:15
pop-up cities. Yeah and I think in
12:17
in the past year and a half
12:19
I haven't followed their work super closely
12:21
so I'm probably missing some details but
12:24
I think there's been a bunch of
12:26
innovations on like data format and like
12:28
ways of using Zupas more easily as
12:30
a developer so they're just continuing to
12:32
like I think. make it easier to
12:35
use ZK, kind of friendly data, and
12:37
develop with it. Yeah, I think I
12:39
had it. I mean, it was kind
12:41
of used as, I think you actually
12:44
needed to get it for your initial
12:46
ticket to like get in or something.
12:48
I think there's maybe ways around it,
12:50
but it was pretty integrated into the
12:52
experience. I also know that I like,
12:55
I lost it at some point. And
12:57
then for Dev Connect, you needed it
12:59
again. There was a way to do
13:01
that. So I was able to get
13:04
it back, which I, yeah, I don't
13:06
actually know how that worked under the
13:08
hood. But it's actually something that we
13:10
would love to talk about more, but
13:12
with a lot of this stuff that
13:15
you have like true ownership over, it's
13:17
actually like a very fragile system. In
13:19
the case of ZK data, it's less
13:21
of like a signature private key, but
13:24
more of like an encryption private key,
13:26
which is usually derived from a master
13:28
password. And if you forget that, you're
13:30
kind of just screwed. Like you just
13:33
like cannot recover your data. And so
13:35
yeah, it's pretty interesting, like these systems
13:37
can be a lot more fragile because
13:39
there isn't really easy data recovery. So
13:41
I guess, is this a good time
13:44
to ask what is cursive? Yeah. discover
13:46
and deepen their connections. So we want
13:48
to make experiences that align with user
13:50
empowerment. We believe that users should have
13:53
control of their experience. And we think
13:55
programmable cryptography is a really cool toolkit
13:57
for enabling this, giving users ownership of
13:59
their data. giving a lot more choice
14:01
over what types of front ends and
14:04
applications that they might actually be able
14:06
to use, enabling new ways for them
14:08
to express their identity, and ultimately this
14:10
is all in the aim of connecting
14:13
people and bringing them together. Is
14:15
cursive like a lab? Is it a
14:17
company? Do you have a product? I
14:19
feel like this is something you've actually
14:21
probably heard a couple people ask. I
14:23
think I might have asked you this
14:25
a couple times too, but yeah. What
14:27
is cursive exactly. I think we're
14:29
currently transitioning from closer to an
14:31
R&D lab to more of
14:33
just like a product team. I
14:36
think like we have a lot of good
14:38
lessons on the research front and
14:40
like what is kind of possible
14:43
and you know more difficult with
14:45
cryptography. So I think 2025 will
14:47
definitely be a very like product
14:50
driven year for us. We
14:52
were in a very interesting position
14:54
to begin with because I think
14:57
we had a lot of product-oriented
14:59
thinking in our team, but at the same
15:01
time a lot of the technologies
15:03
that we wanted to explore and
15:05
use simply we're not ready or
15:07
we're not packaged into user-facing form
15:10
and so we had to spend a lot
15:12
of time not only iterating on the
15:14
product side but also just fundamentally seeing
15:16
what is possible, what can be done
15:19
with these tools. So in a way
15:21
we were forced to do both, but
15:23
I think we took a lot of
15:25
really good learnings from that. Nice. I
15:27
want to ask, what's your approach
15:29
to designing these products? Right? I've seen
15:32
a lot of teams who fall in love with
15:34
the technology and say, like, this is
15:36
great, I want to use it. And I get
15:38
a sense that you guys do it the
15:40
other way around, right? I mean, I
15:42
think there's a healthy amount of that
15:44
as well. Like, I think Andrew and
15:46
I definitely get nerd sniped and like
15:48
just want to figure out new ways
15:50
of using stuff. We think a lot
15:52
about... constraints in our process and a
15:54
lot of this is spearheaded by like
15:56
our head of design ritual like just
15:58
creativity really I think easier to access
16:00
when you give yourself a box to
16:03
work with them instead of being like
16:05
you know the sky's the limit. I
16:07
think one of those constraints is like
16:09
around like human connection and data ownership
16:12
like what are sort of the existing
16:14
problems with with systems that we have
16:16
right now and in what ways does
16:18
cryptography help in what ways does it
16:21
make the UX bad? Like I think
16:23
we're also very honest as a team
16:25
and very pragmatic. I think we understand
16:27
that like it would be lovely to
16:29
have the purest system with like you
16:32
know like a trustless or something close
16:34
to that. I think often that just
16:36
needs to be balanced with like what
16:38
users care about and like how good
16:41
the experience can be. So yeah I
16:43
think that's been the kind of the
16:45
process in the past I think moving
16:47
forward we're looking to be a lot
16:49
more user-centric just like focusing on a
16:52
specific persona like kind of more traditional
16:54
startup stuff given all the knowledge we've
16:56
acquired on different cryptographic tech and progressed
16:58
that way but that's a little bit
17:01
more new. I think is going to
17:03
be like a 2025 focus. Yeah, I
17:05
think in the early stages of any
17:07
new technology, if you want to be
17:10
both on the cutting edge and also
17:12
for consumers, there is sort of this
17:14
dialectic between product and technology. Right, you
17:16
build some things, you give it to
17:18
users, you see how they feel, but
17:21
at the same time you have to
17:23
turn to the technology and say, oh,
17:25
can we build this? And also, what
17:27
else can we build? And this new
17:30
thing, like, do people want that? So
17:32
I think it's difficult in the early
17:34
stages to be too much in one
17:36
or the other, but slowly, that'll change.
17:39
Let's do a rundown of the experiments
17:41
that you did in the last year
17:43
and a half or so. And then,
17:45
yeah, because I'm really curious to see
17:47
kind of like what you learned maybe
17:50
with each one. Did you do something
17:52
after Zuzalu once cursive was founded before
17:54
Dev Connect or was Dev Connect sort
17:56
of the first time that you guys
17:59
went out as cursive? Actually, I think
18:01
a Dev Connect, we weren't even properly
18:03
called cursive, but it was the same
18:05
kind of team. I think cursive. itself
18:08
was launched at Denver. Okay. But there
18:10
was some experiments in between there. We'll
18:12
just quickly run through 2023 stuff. Yep.
18:14
And then pass off to Andrew for
18:16
2024. So at Zuzalu, basically we did
18:19
a really simple experiment with NFC cards
18:21
where there wasn't even an EasyK involved,
18:23
but you could basically collect like kind
18:25
of like a private Po-up where an
18:28
NFC card had its own private key.
18:30
and it would produce like unique signatures
18:32
upon every tap. And so you could
18:34
basically assign an FC card to a
18:36
specific event at Suzalu, like let's say
18:39
attending a town hall, and people who
18:41
tapped that would essentially get this unique
18:43
signature. It would be stored privately in
18:45
their zoo pass. And then theoretically they
18:48
could use it later, you know, to
18:50
prove they attended, either just with the
18:52
signature itself or using a ZK wrapper.
18:54
We didn't actually get around to doing
18:57
the ZK step, it was mostly just
18:59
like, kind of maybe more on the
19:01
side of like verifiable credentials than like
19:03
zero knowledge proofs, but yeah, I think
19:05
we just wanted to create more data
19:08
for people to make ZKPs with. That
19:10
was kind of the problem we identified
19:12
during different workshops with Rachel and Althea
19:14
of like, yeah, this tech is cool,
19:17
but like no one can use it
19:19
because like there was like ZK email
19:21
and TLS notary vaguely existed, but. it
19:23
was too hard to use those so
19:26
you couldn't make proofs about anything. I
19:28
guess it's also on your side laying
19:30
the groundworks for what's to come next
19:32
right? Like all the infrastructure that you
19:34
guys are gonna reuse? Absolutely yeah like
19:37
once people have a you know a
19:39
little supply of signatures you can start
19:41
to you know do a lot more
19:43
fun stuff with that. Yeah so that
19:46
was that and I think like the
19:48
next step was basically adding these signatures
19:50
and so this came around yeah like
19:52
late 2023 this also when Andrew joined
19:54
the team. which was an amazing level
19:57
up for us. Oh my God. We
19:59
were just suddenly able to do so
20:01
much more because Andrew is a force
20:03
of nature. Yeah, basically we experimented with
20:06
this concept called quests, which is basically
20:08
like a user-friendly wrapper of CK proofs.
20:10
So essentially, like, we create a quest,
20:12
which was, I think the best example
20:15
was like, oh, to attend this event,
20:17
you need to meet like three out
20:19
of five of the organizers. So the
20:21
idea here being like, instead of there
20:23
being like a fixed invite list, it
20:26
was just sort of proof of knowing
20:28
the people involved. And instead of calling
20:30
it a ZK proof, we wanted to
20:32
experiment with different terminology and wrap it
20:35
better, just so you didn't need to
20:37
be a ZK person to like get
20:39
it. And I think that was like
20:41
a really fun experiment. I think we
20:44
did a lot of interesting things like
20:46
event invites and scavenger hunts. And we
20:48
also iterated this at East Denver, just
20:50
a much larger version of this in
20:52
collaboration with IYK, like another NFC team.
20:55
Main takeaway from that though is that
20:57
CK felt like a little bit of
20:59
a limiting toolkit in order to build
21:01
like full user facing applications around in
21:04
that like a lot of what you
21:06
can do is roughly like privacy preserving
21:08
access control. You can basically prove you
21:10
meet some threshold and then get access
21:13
to something. And it turns out like
21:15
this often kind of just looks like
21:17
tickets or like gating some like online
21:19
content. And I think we felt a
21:21
little bit limited by having that be
21:24
our only kind of cryptographic tool which
21:26
led to like a lot of future-facing
21:28
experiments at like CK 11 and onwards.
21:30
Cool. At Dev Connect it was that
21:33
where you were actually doing those like
21:35
you must know three out of five
21:37
of the organizer type experiments? Yep. We
21:39
ran a few of them for different
21:41
like parties and events. I was not
21:44
aware and sadly didn't go to any
21:46
of these. I did not know three
21:48
out of five of these organizers clearly.
21:50
I guess so. Yeah, we had like
21:53
200 cards produced. It was actually quite
21:55
a fun sprint. Like we basically were
21:57
able to add baby job job curves
21:59
into these. cards like so basically their
22:02
Java cards you code them with like
22:04
kind of jank Java like not
22:06
full Java like Parfield Java and
22:08
we were able to get some
22:10
valid signatures going and so we were
22:12
able to build a full ZK experience around
22:15
it and yeah there are only 200 of
22:17
them so I think it was like kind
22:19
of hard to to get it to everybody.
22:21
It's okay. I forgive. It was
22:23
a big event. No worries. But it
22:26
sounds cool. I'm kind of sad.
22:28
I missed that part. Let's fast
22:30
forward then to East Denver, 2024. Because
22:33
I mean, I really got to
22:35
know what you guys were doing
22:37
at CK11, which was April. So
22:39
just like a month or two
22:41
after East Denver. What had you
22:43
actually done at East Denver? Yeah,
22:45
I think. Two different things, I
22:47
would say the main experience
22:49
that was available to every
22:52
attendee was related to completing
22:54
these ZK quests, proving that
22:56
you met certain people, that
22:58
you went to certain events
23:00
or had certain experiences, and
23:02
being able to claim prizes
23:04
as a result of that.
23:06
But at the same time,
23:09
we were also working on
23:11
new experiments specifically related
23:13
to private set
23:15
intersection. And this was using
23:17
a BFV library in collaboration
23:20
with John Ojaya, who's a
23:22
long-time collaborator of ours. And
23:24
I think what we've noticed
23:27
is from all these activations
23:29
and all these experiments, it
23:31
takes a while to take
23:33
a new technology in programmable
23:36
cryptography and actually be
23:38
able to productionize it
23:40
successfully. At Denver, we
23:42
first played around with
23:45
this BFV PSI toolkit
23:47
and Vivic spent multiple
23:49
all-nighters trying to get
23:52
it to work. While
23:54
we were building out
23:56
the main app experience
23:58
as well. And I think
24:01
we were able to make a
24:03
proof of concept, but there were
24:05
still some discontinuities in the experience.
24:07
And fast forward to ZK11. That's
24:09
when we actually were able to
24:11
deploy it successfully, and it basically
24:13
worked perfectly during the event. And
24:15
we've noticed like- Yeah, it really
24:17
did. the lessons we learned from
24:19
trying to get it to work
24:21
and it struggling to work those
24:23
carried over and eventually we did
24:25
actually like do it successfully but
24:27
at the same time at ZK11
24:30
we wanted to also experiment with
24:32
with folding, specifically regards to being
24:34
able to prove you met multiple
24:36
people, each one of those being
24:38
an individual proof, but being able
24:40
to fold that together into some
24:42
sort of Spotify wrapped like experience
24:44
for your whole ZK11 journey. These
24:46
were all the people I met,
24:48
these were all the speakers I
24:50
met, and kind of generate one
24:52
big folding proof related to that.
24:54
And we didn't. learn our lesson
24:56
at all. Deploying technology for the
24:58
first time still is a huge
25:01
trouble. Specifically with regards to folding,
25:03
we ran into issues with key
25:05
sizes, basically having to download very
25:07
large keys and you can imagine
25:09
like trying to get, I don't
25:11
know, what was it, like 300
25:13
attendees, 400? Maybe more. There's 550.
25:15
Okay. Right. Okay. 11. Yeah. 550
25:17
attendees to download like tens of
25:19
megabytes of like keys on conference.
25:21
Everyone on the same Wi-Fi. Yeah.
25:23
I don't know if everyone did
25:25
it in CK-11. I feel like
25:27
it was the first time we
25:30
worked together and we did announce
25:32
it at the beginning of the
25:34
event, but a lot of the
25:36
community weren't used to it. By
25:38
ZK-12, I think the percentage of
25:40
attendees using it was actually up.
25:42
Yeah. But yeah. But I do
25:44
want to touch more on the...
25:46
PSI or private set intersection experience
25:48
because I think this was something
25:50
that we learned that was actually
25:52
quite successful. So specifically what this
25:54
allowed you to do is you
25:56
have a list of all the
25:58
people that you've met at the
26:01
conference. These are represented by their
26:03
signatures, signatures from their public keys
26:05
rather. You have a list of
26:07
interests or things that you're interested
26:09
in and when you meet someone
26:11
you can basically privately figure out
26:13
what you have in common. And
26:15
at ZK11, we found that a
26:17
lot of people were really interested
26:19
in trying this out. It got
26:21
received pretty well at the event.
26:23
And people were like, oh my
26:25
God, like I could actually meet
26:27
someone new, connect with them instantly,
26:29
and all my data stays on
26:32
my device, and it's all private.
26:34
So I think that was a
26:36
really good learning from that event
26:38
that even something pretty small, like
26:40
PSI, it seems like a very
26:42
simple primitive. can be quite expressive
26:44
and contrast that with heavier things
26:46
like full-on FHE, like let's say
26:48
you want to do FHEML or
26:50
something. This is quite complicated to
26:52
run. This takes a lot of
26:54
computation and a lot of memory
26:56
and it's quite impractical for a
26:58
lot of day-to-day consumer experiences. In
27:01
contrast, something like PSI is already
27:03
practical today. It works, it works
27:05
on your mobile browser and it
27:07
can actually create new social dynamics.
27:09
So I think that was a
27:11
very important learning for us. I
27:13
think like one other meta point
27:15
here is like this is our
27:17
first time trying like multi-party stuff
27:19
where you took data from like
27:21
multiple people and did some computation.
27:23
ZK is inherently a very single
27:25
player endeavor. There's like a verifier
27:27
obviously so it's kind of a
27:29
multi-party computation. I think some people
27:32
would get angry at that. The
27:34
person with private data is only,
27:36
there's only one of them. The
27:38
Z811 experience opened a lot of
27:40
new doors in terms of like,
27:42
okay, cool, like, what are the
27:44
new social dynamics? we can explore
27:46
when multiple people have private data
27:48
involved. And it's a much less
27:50
explored design space than CK. So
27:52
that's one meta point. And just
27:54
building off the other thing that
27:56
Andrew said, like, yeah, I think
27:58
like a repeated lesson, or like
28:01
kind of a repeated pattern for
28:03
us is like, we very ambitiously
28:05
try to do some new technology
28:07
at event, like X. We like
28:09
completely fail. It like blows up.
28:11
Like Andrew did mention, like for
28:13
Denver, like we tried putting in
28:15
like the private center section, it
28:17
literally like broke the entire app.
28:19
Mind you, we have like 12,000
28:21
NFC cards that we're giving out,
28:23
like in five hours. Oh my
28:25
God. Yeah, the night before. There's
28:27
two a.m. We were doing some
28:29
last minute tests before we went
28:32
to bed. And then it just
28:34
totally broke everything. And so we
28:36
had to like revert the commit,
28:38
clean up a bunch of stuff,
28:40
test another few hours. for me
28:42
tonight. I love the term programmable
28:44
cryptography because it's it makes you
28:46
forget how hard it is to
28:48
program this stuff. That's yeah honestly
28:50
it's true it makes it seem
28:52
a little too easy but I
28:54
think now we have a good
28:56
awareness of like push to try
28:58
to get it for an event
29:01
but like don't be too sad
29:03
if it doesn't work out it'll
29:05
probably work out for the next
29:07
one and just a word of
29:09
advice that like this stuff always
29:11
takes longer than you think it
29:13
will, especially if you're the first
29:15
person, like actually getting into the
29:17
weeds of this stuff and trying
29:19
to put it on like a
29:21
mobile phone or a consumer device.
29:23
Yeah. It's great to see like
29:25
your cryptographic like palette sort of
29:27
expanding, but at the same time
29:29
you're helping everyone else, right? Because
29:32
now that you guys have tried
29:34
this, someone else can come in
29:36
and try like more PSI stuff.
29:38
Yeah, totally. That's definitely, I think
29:40
one of my favorite parts of
29:42
my favorite parts of the field
29:44
of the field is how open
29:46
source friendly it is, like how
29:48
much of a collaboration it all
29:50
feels like. Well, just kind of
29:52
like one big happy family, like,
29:54
you know, at least some corners.
29:56
Some siblings bigger, but it's a
29:58
big family. It's a big family,
30:01
like everyone's building off each other.
30:03
And I really like that, like it comes
30:05
in contrast to like ML, for example, which
30:07
is like a lot of close source work
30:09
happening. And then you see like Deep's Heek
30:11
come out and everyone's like, this is
30:13
such a gift to mankind. And it's
30:16
like, well, yeah, we've just been doing
30:18
that in cryptography land. Yeah, I think
30:20
in program book cryptography, a lot of
30:22
people understand that siblings might fight,
30:24
but we're all fighting a much bigger
30:26
battle. the grand scheme of things like
30:28
people are either going to adopt this
30:31
stuff or they're not and it's going
30:33
to take a lot of effort to
30:35
make it happen. There's a lot of
30:37
inertia and so I think it really
30:39
is important for teams to collaborate and
30:41
understand that either everyone wins or no
30:44
one wins. There is one thing I
30:46
wanted to bring back about the way
30:48
you did PSI. So PSI has sort
30:50
of a history and literature of being
30:52
a pure like two-party thing like you
30:55
have two parties. finding an intersection.
30:57
And I think in your case you
30:59
guys did something quite interesting where you
31:01
had like a server helping users
31:03
compute their PSI. Could you tell us a bit
31:05
more about how that worked? Yeah, for sure.
31:08
Essentially what we did was probably a
31:10
little bit too overpowered of a technique,
31:12
but it like works pretty nicely for
31:14
our use case, which is a multi-party
31:16
FHE or like threshold FHE. So what
31:18
goes on here is like, in this case
31:20
it's two parties. So let's say like
31:22
me and Andrew doing a private set
31:24
intersection. We essentially, like, together, perform
31:27
an initial NPC where we create,
31:29
like, a shared public key. So,
31:31
between us, we can see the public
31:33
key, but neither of us knows
31:35
the corresponding private key. It's kind
31:37
of like a split between us.
31:39
And so with this public key,
31:41
what we can do is we
31:43
can encrypt our data fully homomorphically
31:45
to the shared public key. So now
31:47
me and Andrew have like encrypted
31:50
versions of our two sets of
31:52
contacts, interests, interests, whatever. And
31:54
so now what we can do
31:56
is we can run a comparison
31:58
in FHE and... Like usually this
32:01
is actually a very costly operation,
32:03
so the nice thing here is
32:05
you can like offload it to
32:07
a server in a way that
32:09
doesn't actually leak any privacy. The
32:11
server is essentially just doing a
32:13
bunch of like FFTs for you
32:15
and then gives you back the
32:17
encrypted result. And then at the
32:19
end, me and Andrew come together
32:22
and we do a decryption MPC,
32:24
where essentially we decrypt the result
32:26
of this computation. without ever actually
32:28
surfacing the kind of shared private
32:30
key. We just just decrypt it
32:32
and thus only get the result
32:34
to the computation. And this technique
32:36
works for stuff past private center
32:38
sections. You can like do any
32:41
computation with this method. But you
32:43
relieved the user devices from the
32:45
heavy workload. Exactly. Yeah. And that's
32:47
what I found super interesting. Yeah,
32:49
like essentially the user is just
32:51
responsible for encrypting and creating the
32:53
shared public key. which tend to
32:55
be very light operations in general.
32:57
And so, yeah, you basically do
32:59
the setup and then a server
33:02
just handles all the heavy lifting.
33:04
And also when we started exploring
33:06
PSI, we didn't have a good
33:08
sense of whether or not PSI
33:10
was going to be the main
33:12
thing that provided a lot of
33:14
application facing value. So I believe
33:16
that a lot of the... Taylormade
33:18
PSI schemes are specifically useful for
33:20
private set intersection, but using multi-party
33:23
FHE gave us the flexibility to
33:25
say, oh, maybe we can play
33:27
around with different types of primitives
33:29
here as well, maybe we can
33:31
expand this to different things if
33:33
they prove to be valuable. Yeah,
33:35
I think another shout out here
33:37
to John Magaya, again, like without
33:39
him, like none of this would
33:42
be possible. Specifically, he has a
33:44
really great toolkit called Phantom Zone.
33:46
It's like an MIT licensed FHG
33:48
VM, a different licensing to other
33:50
sort of FHG tooling, and it
33:52
basically is focused. on this multi-party
33:54
FHE techniques. So I would highly
33:56
recommend in Devs to check that
33:58
out. Really cool library can definitely
34:00
build some fun stuff with it.
34:03
I remember when you first approached
34:05
me for ZK11, I want to
34:07
say, like, I was really excited
34:09
about the ZK, the fact that
34:11
there'd be kind of like a
34:13
tool on site, but I was
34:15
also a little bit wary because
34:17
in my, like, in the past,
34:19
long before I met you. had
34:21
sort of seen a lot of
34:24
these experiments go very, very wrong
34:26
at events. And when you're running
34:28
an event, obviously you're under a
34:30
lot of pressure in general, you
34:32
want to make sure that anything
34:34
that you're bringing will add to
34:36
the experience of the participants. So
34:38
I already knew you, Vivic, and
34:40
I guess that maybe is why
34:43
I took that chance, but I
34:45
remember after the event being so
34:47
happy that we had. But it
34:49
really was unlike, you know, I
34:51
really didn't know what to expect
34:53
going into it. And so obviously
34:55
when we started speaking again about
34:57
CK 12, I was like very,
34:59
very excited to work together again.
35:01
I know that between CK11 and
35:04
CK12, there was another experiment that
35:06
you ran though. So let's talk
35:08
a little bit about that frontiers.
35:10
Yeah, I'll step in real quick
35:12
and not assuage any of your
35:14
fears. Maybe you didn't know this,
35:16
but so. Quick shout out, we
35:18
also worked with Jack and Ian
35:20
from Mock 34. They work on
35:22
a bunch of CK programmable cryptography
35:25
tools as well. They helped us
35:27
integrate folding into the ZK 11
35:29
experience. And at the end of
35:31
the day, like folding worked intend.
35:33
It just was like very poorly
35:35
performing due to key sizes during
35:37
the actual event. We got it
35:39
working. in production 20 minutes before
35:41
the event started. That totally does
35:44
terrifying. You never told me that.
35:46
I probably should not have told
35:48
you that, but now you know.
35:50
Amazing. Things come down to the
35:52
wire. Wow. One last ZK-11 anecdote
35:54
for me is how one hour
35:56
before the end Anna realizes that
35:58
not only is there like all
36:00
this cool ZK and PSI functionality,
36:02
there's a leaderboard. Yeah, that's true.
36:05
So it's only a nice like,
36:07
I cannot lose my own event.
36:09
So she's running around tapping everyone's
36:11
cards. Right. And I think you
36:13
won, right? I did win in
36:15
Z-K-11. I wasn't just that I
36:17
cannot lose my own event. I
36:19
think it was just that I,
36:21
yeah, I realized that. No one
36:23
was ranking, no one was competing,
36:26
and so I started to get
36:28
into it. For ZK12, we did
36:30
fix that by actually offering incentives
36:32
and bringing back the concept of
36:34
prizes, which you had had at
36:36
East Denver and we didn't think
36:38
of for ZK11. But I know,
36:40
yeah, let's talk about that in-between
36:42
experiment with frontiers and this hiring
36:45
experiment, because I thought of that
36:47
as, like, when we started talking
36:49
about ZK12, you were telling me
36:51
about this, it was so... of
36:53
exactly these tools that you're working
36:55
with. So let's talk about that.
36:57
Yeah, there's actually a really nice
36:59
tie in here with CK11, which
37:01
is that. Frontiers is like a
37:03
paradigm-sponsored event. It's like focused on
37:06
open-source rust and Ethereum applications, and
37:08
Georgeos is like the main curator
37:10
of that event, and he actually
37:12
first saw our technology at CK11.
37:14
And that's why he reached out.
37:16
He reached out in our public
37:18
channel. He was like, let's do
37:20
something. And then we were like,
37:22
sure, not really expecting it to
37:24
go anywhere. But yeah, it ended
37:27
up being a really good collaboration.
37:29
And so also appreciate UNICO, like
37:31
digging a bit deeper into multi-party
37:33
FHE, because that comes into a
37:35
play, actually a lot more in
37:37
this activation. So specifically we wanted
37:39
to take that toolkit we were
37:41
using for just private set intersection
37:43
and we wanted to expand it
37:46
to like a more general purpose
37:48
function. And this is right around
37:50
the time where John Magaya opened
37:52
up Phantom Zone as like a
37:54
full, I guess not a full
37:56
VM, it's closer to a circuit
37:58
builder, where you could just write
38:00
more. general purpose multi-party FHE code.
38:02
And so we basically were looking
38:04
into matching as like a core
38:07
verb or core action of like
38:09
how can we match people together
38:11
based on private information in a
38:13
way that like is more efficient
38:15
or gets to use kind of
38:17
like more data about people. And
38:19
in the context of like a
38:21
professional event like frontiers we kind
38:23
of stumbled into hiring as
38:26
an interesting example. I think
38:28
there's two main... interesting
38:30
private information like pieces here. The first
38:32
is like salary. So as a recruiter
38:34
there's some like usually like upper bound
38:36
of salary or like ideally want to
38:38
pay somebody and as an employee there's
38:40
some lower bound that you're like willing
38:43
to work for and you'd be excited
38:45
to work for. And so like discovering
38:47
overlap there without having to give
38:49
up that information we thought could
38:51
be really interesting. So instead of
38:53
there being like a lengthy negotiation
38:55
and potentially even just figuring out
38:57
later in the process that. this
38:59
isn't going to pay the... Yeah, it just
39:02
like is not enough basically. You can
39:04
sort of like front load that without
39:06
actually giving up the information. And the
39:08
second bit of privacy that I think
39:11
is useful is like, as a job
39:13
candidate, if you are already employed somewhere, but
39:15
maybe like, you know, are trying to
39:17
figure out what else is out there,
39:19
or maybe are unhappy with your job
39:21
and like want to, you know, start
39:23
applying other places, you can just post
39:25
on LinkedIn. Like, I hate my
39:27
job, get me out of here.
39:29
And so we were thinking, yeah,
39:31
like it could be interesting to
39:33
basically like privately attest to the
39:35
fact that you're looking for new
39:37
jobs, but you only get notified
39:40
of jobs that kind of match
39:42
your ideal circumstances. So you can
39:44
kind of like, it's almost like
39:46
manifesting in a way, you're like
39:48
kind of like manifesting your ideal
39:50
job, like the salary you want,
39:52
the people you want to work
39:54
with, and you're just putting it out
39:56
to end. using the same exact scheme
39:58
where the sort of like heavy lifting
40:00
of this computation is done on a
40:02
server, the users are just responsible for
40:05
encrypting their data. And yeah, it was,
40:07
it was like successful. I think like,
40:09
I got a few, like, okay, I
40:12
put in a fake application, because, you
40:14
know, I'm happy, bad cursive, but I
40:16
wanted to test out the feature, so...
40:19
Like the job market catfish. I think...
40:21
Exactly. Which actually raises an interesting point
40:23
around verifiability that we can get into,
40:26
but... For now I basically put myself
40:28
as like the like ideal candidate like
40:30
willing to work for like 10,000 a
40:32
year like willing to work like 60
40:35
hours a week you know like just
40:37
the most ridiculous ends of each of
40:39
these spectrum so I could ensure some
40:42
matches. Yeah I got some job offers
40:44
you know or like not offers but
40:46
like some things that matched and so
40:49
yeah that was a really fun experiment
40:51
I think exploring yeah what you could
40:53
do with a bit more than jest
40:56
like. This like you're really replacing the
40:58
recruiter here too. Like usually you have
41:00
a quote unquote trusted third party who
41:03
has all of this information that recruiter
41:05
will know that you're looking but your
41:07
employer doesn't know they'll know often your
41:09
salary bounds but like the potential hiring
41:12
company won't really know exactly what your
41:14
your your range is and this is
41:16
sort of like directly bringing the two
41:19
parties together in that private way where
41:21
they can find each other. That's so
41:23
cool. Yeah, absolutely. Like I think this
41:26
comes up a lot in our explorations
41:28
as like a lot of this stuff
41:30
just tends to be much more direct
41:33
with the consumer and you can cut
41:35
out the middleman. And it's interesting, like
41:37
there's attention here where we talk to
41:39
some of the recruiters at the event
41:42
about like what they thought about it.
41:44
And in some ways it's like, in
41:46
some ways, it's like kind of, yeah,
41:49
not synergistic, but I think one positive
41:51
framing that one of the recruiters found
41:53
is like... Actually, it's nice because someone
41:56
like Georgeos can just put out a
41:58
private job description and he himself can
42:00
match with really good people. instead of
42:03
their needing to be kind of like
42:05
a middleman. And I think you can
42:07
actually create an experience that's like a
42:09
little bit less kind of extractive or
42:12
kind of, I don't know, like clearly
42:14
there's a bunch of recruiter sharks coming
42:16
around trying to hire people. It's less
42:19
of head hunting and more just like
42:21
peer-to-peer discovery of good overlap. And it
42:23
can just be done directly between engineers.
42:26
Yeah, it's interesting. There's like positive and
42:28
like negative framings for recruiters. In this
42:30
experience, was there also like a communication
42:33
feature or people could actually send something
42:35
through this? Or was it just to
42:37
the matching and then they had to
42:39
kind of find each other elsewhere? I
42:42
think we just like, once you match
42:44
you just got their telegram or their
42:46
email, like you could just choose how
42:49
you wanted to be contacted and then
42:51
you could just reach out on those
42:53
platforms. Okay. But is this still like
42:56
you're going up to somebody and like
42:58
tapping a card? Are you connecting? Are
43:00
you standing in front of the person
43:03
when you realize it's a match? Or
43:05
is it like there's a pool of
43:07
people and you're getting matched kind of
43:09
willy-nilly? Yeah, in this experiment, you actually
43:12
had to go up and tap people
43:14
and build your own social graph. And
43:16
I think the idea there was that
43:19
if you met. people in person you
43:21
would be able to talk with them
43:23
have sort of a deeper relationship and
43:26
it would be more of a warm
43:28
referral. I think this relates to the
43:30
question of data import which is a
43:33
big question we spend a lot of
43:35
time thinking about in our work because
43:37
a lot of these matching experiments work
43:40
well when there's really rich data available
43:42
about the people who are getting matched.
43:44
And so in this case, the data
43:46
here is the social graph, as well
43:49
as the form inputs for your hiring
43:51
preferences. And you could imagine that in
43:53
an experiment outside of a conference, you
43:56
could get the social graph through other
43:58
means, be it maybe like ZK email
44:00
from your calendar invites, ZKTLS from maybe
44:03
your LinkedIn connections. could find other ways
44:05
to import this data. And you could
44:07
also perhaps do that with job searches.
44:10
You could import data about where you
44:12
worked in the past, for example, and
44:14
have that be filled in automatically. And
44:16
so I think being able to easily
44:19
import data is a question that's very
44:21
relevant to making this experience richer for
44:23
matching. And it's something that we have
44:26
to spend a lot of time getting
44:28
the UX right because people filling out
44:30
forms and having to manually meet people
44:33
in person to build that social graph
44:35
that's not going to be the long-term
44:37
solution and so still an open question.
44:40
And it kind of addresses the catfishing
44:42
concerns right like if you have verifiable
44:44
sources of data? Yeah definitely. I was
44:46
this whole experiment still built on PSI
44:49
only or did you need other primitives
44:51
in there? Yeah so we actually basically
44:53
just wrote a full Boolean circuit. Specifically
44:56
under the hood, it's using few F-H-E-W,
44:58
which kind of takes like Boolean circuits
45:00
as input. The main kind of new
45:03
functionality we needed was a comparator, like
45:05
a greater than, because we wanted to
45:07
compare the recruiter salary upper bound with
45:10
like the candidate's lower bound. And everything
45:12
else ended up just being like a
45:14
bunch of aunts and oars and stuff.
45:16
Like, you know, is there overlap on
45:19
an experience level? Like, I only want
45:21
to hire people with like a bachelor's
45:23
or higher. and just making sure that
45:26
that like take the end of that
45:28
bit vector and the candidate's bit vector
45:30
is there like overlap basically. Cool. So
45:33
I just remember when we were planning,
45:35
when we were talking about the ZK12
45:37
activation, we had actually thought a bit
45:40
about this hiring experiment as maybe also
45:42
something we could run there. We decided
45:44
against it. I remember us kind of
45:46
going over a few iterations of what
45:49
Like what could we get out of
45:51
this moment with these people? What can
45:53
they get out of that as well?
45:56
Like where would they get a kick
45:58
out of this? I think what we
46:00
ended... up landing on was having sort
46:03
of preferences again because in ZK11
46:05
I just remember it being like
46:07
number of talks and number of
46:09
contacts. at CK 12 we actually
46:11
had something more like what are
46:14
you into what are you like
46:16
what are you not like or
46:18
I think the question was which
46:20
of these are overrated but people
46:22
got confused on the scale was
46:25
like was three overrated or was
46:27
one overrated yes I got a
46:29
little bit confused how to vote
46:31
for it which led to some
46:33
great conversations I thought That's on
46:35
me. But yeah, but maybe you
46:37
share a little bit about how
46:40
this differed. What were you using
46:42
for this? I think ZK-12 for us
46:44
was more of an ideological
46:46
progression. I think during
46:48
the actual app experience, we
46:50
did do more of these
46:53
hot takes finding more rich
46:55
ways for people to actually
46:57
connect with each other based on
46:59
more meaningful data. I think what
47:01
we realize is the questions you
47:03
ask people and what they're responding
47:05
to really matters. You want two
47:07
people to be able to meet
47:09
each other and when they learn
47:11
each other's preferences, actually be like,
47:13
oh, that's cool. This is a
47:15
conversation now, or I'm really excited.
47:17
Why do you think this? So
47:20
I think we learn a lot
47:22
in that direction. But more specifically,
47:24
we... kind of had two new
47:27
concepts that we were playing
47:29
around with, which were just
47:31
framings of things we had already
47:33
done, specifically digital pheromones
47:36
and narrow casting, and narrow casting
47:38
also being relevant to Trinity, which
47:41
was a new MP scheme that
47:43
we were looking into at the
47:45
time. Maybe I can talk a
47:48
little bit about digital pheromones and
47:50
Vivic you can take narrowcasting with
47:52
Trinity. For us we were thinking
47:55
about, okay, like what is actually
47:57
going on here? We have this
48:00
to match multiple people on private
48:02
information, sort of build more meaningful
48:04
connection through these interactions, how can
48:06
we describe what is happening here?
48:08
And I think what we ended
48:10
up on is this idea called
48:12
digital pheromones, specifically pheromones being these
48:14
discrete. chemical signals that you're constantly
48:17
sending out in search of human
48:19
compatibility or a mate or whatever
48:21
it might be and digital pheromones
48:23
are the digital equivalent. So they
48:25
can be applied to many different
48:27
settings. It could be online dating,
48:29
could be private hiring, but crucially
48:32
what ties this all together is
48:34
the idea that they are private
48:36
and safe. So when I have
48:38
like my physical pheromones, like this
48:40
is not something that I'm just
48:42
yelling out or screaming into public
48:44
space, these are much more discreet
48:46
and these are things where, okay,
48:49
when you actually interact with me,
48:51
then they get surfaced in passive
48:53
ways. And I think digital pheromones
48:55
is kind of a similar concept
48:57
where These are all private signals.
48:59
They're all based on potentially sensitive
49:01
data that remains private to you.
49:04
But the only time you actually
49:06
realize something is going on is
49:08
if you are connected with someone
49:10
or if you do meet someone
49:12
that matches your signals. And so
49:14
I think we thought this was
49:16
really cool because now there's this
49:19
way. for people to just be
49:21
walking around going about their daily
49:23
life, potentially walking around a conference
49:25
or event, just doing what they
49:27
are normally planning on doing, but
49:29
behind the scenes, all this matching
49:31
is going on and all this
49:33
compatibility and connection is being found,
49:36
but none of it is being
49:38
done. on a big server that
49:40
sees everything, for example. Yeah, this
49:42
reminds me of contact tracing. Yeah.
49:44
When so the pandemic broke out,
49:46
you know, there was sort of
49:48
two worlds. There was this dystopian
49:51
world where one government would put
49:53
out an app that tracks everyone
49:55
and knows all the interactions of
49:57
every people. And there was sort
49:59
of the utopian version of that
50:01
a lot of economics were pushing
50:03
for. And it's something like this,
50:05
where you would disperse your scent.
50:08
If you were positive, you could
50:10
send out a signal and those
50:12
who picked up your scent would
50:14
be alerted, but privately, only they
50:16
would know. So I'm curious to
50:18
see where this goes, like what
50:20
other sort of use cases we
50:23
can find for this. Yeah, I
50:25
think probably was the first kind
50:27
of wide scale deployment of something
50:29
like this. And then the hiring
50:31
thing we just talked about is
50:33
very much kind of like also
50:35
a proto version of the pheromone
50:38
here literally just being like, like,
50:40
I want this job. a private
50:42
manifestation kind of. It's like you
50:44
kind of put out what you
50:46
want for yourself or like who
50:48
you are and where you want
50:50
to be and you can sort
50:52
of just discover matches and overlap.
50:55
You know, if this is to
50:57
be something that is like fully
50:59
akin to like natural pheromones, like
51:01
chemical pheromones, I do think cryptography
51:03
is the right substrate for it
51:05
in that it is like very
51:07
neutral, it's very peer-to-peer, there's no
51:10
dependence on a centralized server. Like
51:12
I think this is like one
51:14
of the rare things where a
51:16
TEE does not kind of fully
51:18
subsume it because it I think
51:20
does fundamentally change the nature of
51:22
something like this where it's you
51:24
do have to go through some
51:27
service that is like providing this
51:29
matching versus it being like yeah
51:31
literally my phone is letting out
51:33
signals to the people around me
51:35
or like on an online platform
51:37
and they can just parse it.
51:39
So yeah I think this was
51:42
a really fun kind of framing
51:44
and wrapping for a lot of
51:46
our technology that made it easier
51:48
to explain and think about. And
51:50
we actually picked it up at
51:52
D-Web, a decentralized web camp in
51:54
California, just from some conversations. with
51:57
kind of things that just need
51:59
to be happening in the background.
52:01
Oh, another concept that you've been
52:03
very excited about is this idea
52:05
of local first hardware. So I
52:07
think this is a great fit
52:09
for digital pheromones because these are
52:11
kind of things that just need
52:14
to be happening in the background.
52:16
And you could run it on
52:18
your phone, but the problem is
52:20
Apple is very restrictive. about the
52:22
things you can do on a
52:24
phone. That is just their philosophy.
52:26
I think everyone who has developed
52:29
on iPhone knows this and they
52:31
are one of the most fun
52:33
products to use as a user
52:35
and one of the worst companies
52:37
to deal with as a developer,
52:39
as many people know. Yep, exactly.
52:41
So there's limits to what you
52:43
can do with an iPhone with
52:46
existing devices, but I think a
52:48
really cool concept is having open
52:50
hardware. that like somehow is connected
52:52
to your sensitive data but keeps
52:54
it securely on that hardware and
52:56
you can actually walk around maybe
52:58
wearing a pendant or something that's
53:01
just constantly sending out these signals
53:03
to other people and finding compatibility
53:05
that way just in your normal
53:07
day-to-day life. And so I think
53:09
that's a very like interesting area
53:11
of exploration. If anyone is very
53:13
knowledgeable about hardware and wants to
53:16
work on this stuff, please let
53:18
us know. So I think another
53:20
concept that we introduced at CK
53:22
12 was narrowcasting, which essentially is
53:24
like the opposite of broadcasting. You
53:26
can basically pick like specific criteria
53:28
that you want your message to
53:30
be received by and kind of
53:33
the cryptographic version of this is
53:35
that like literally it could only
53:37
be decrypted by people that fit
53:39
this criteria. So like witness encryption
53:41
is kind of like the purest
53:43
version of this, but you can
53:45
build something with similar affordances using
53:48
a mix of like ZK and
53:50
MPC. Another related result to this
53:52
that we published for the first
53:54
time at CK-12 was a new
53:56
scheme called Trinity, which was developed
53:58
in-house, basically mixing like garbled circuits,
54:00
plunk, and then a very recent
54:03
result using KZG witness encryption, really
54:05
beautiful paper, would recommend people to
54:07
check it out. And yeah, like
54:09
one really nice affordance is that
54:11
you can build something like narrowcasting
54:13
really easily because it has... Really
54:15
low rounds of interaction between in
54:17
this case the two parties? This
54:20
is like a general flaw of
54:22
MPC if you want to build
54:24
apps with it There's like usually
54:26
a lot of back and forth
54:28
and it's pretty annoying for an
54:30
app developer to deal with if
54:32
you're trying to make a consumer
54:35
app Just for the reason that
54:37
people put their phones away like
54:39
literally just like once the phone
54:41
goes away just like no longer
54:43
can respond to requests as easily
54:45
like Apple exposes some things was
54:47
this part of the motivation for
54:49
your server-aited MPC model? Yes, absolutely.
54:52
Like that's another place where multi-party
54:54
FHG shines is you can delegate
54:56
a bunch of stuff to the
54:58
server and so you don't need
55:00
to be online for those phases.
55:02
But ultimately it still has like
55:04
about four rounds of back and
55:07
forth interaction because now I need
55:09
to send something to the server,
55:11
server needs to get back to
55:13
you, you need to then do
55:15
this decryption. Whereas Trinity is basically
55:17
just one round of interaction. Like
55:19
I basically just send like an
55:22
encrypted email to somebody. and they
55:24
can decrypt it if they match
55:26
some criteria. And the other nice
55:28
thing that Trinity adds in is
55:30
actually verifiability of input. So this
55:32
relates to Nico, what you're talking
55:34
about with catfishing. Like, this is
55:36
kind of a general problem with
55:39
MPC is like, you know, if
55:41
the inputs aren't like verified or
55:43
signed in some way, then you
55:45
can basically say whatever you want,
55:47
right? You can sort of like,
55:49
discover the other person's private information's
55:51
private information by just like repeatedly
55:54
querying them. And so... Trinity also
55:56
basically adds a really like clean
55:58
tie between like zero knowledge proofs
56:00
which can prove various properties of
56:02
your input data, and like a
56:04
multi-party computation, which in this case
56:06
is done with garbled circuits. Cool.
56:09
Moving on to your next events, Andrew,
56:11
you and I jumped on a call
56:13
after ZK-12 and you were at Edge
56:15
City. Were you running something similar to
56:17
like Zoo Pass in Edge City? What
56:19
was, what were you working on there?
56:21
I think, first off, shout out
56:24
to Janine and to Moore
56:26
and the rest of the
56:28
Edge City team for... letting
56:30
us do something throughout the
56:32
whole month at their event.
56:34
I think they were very
56:36
gracious and kind in supporting
56:38
all of the hitches along
56:40
the way as we were
56:42
developing this. At Edge City
56:44
Lana we built an app
56:46
called Accursive Connections and the
56:48
idea was to better connect
56:50
people within this specific sphere
56:52
of Edge City Lana. And
56:54
so some things were similar
56:56
related to people being able
56:58
to form their own social
57:01
graphs from NFC tapping where
57:03
everyone had a wristband, but
57:05
some things were also different
57:07
in that we had matching
57:09
that was more specific to
57:11
the Edge City community. So
57:13
one big thing at Edge
57:16
City was the Tensions game,
57:18
I think timber ran that,
57:20
and the Tensions game was
57:22
hot takes where you could
57:24
fill out your opinion on these
57:26
hot takes and when you
57:28
actually met someone you would
57:30
figure out whether or not
57:33
you agreed on some of
57:35
them but more importantly which
57:37
ones you disagreed on and
57:39
within the Edge City community
57:41
this was a big topic
57:43
of conversation and another interesting
57:45
experiment we tried out at
57:47
Edge City was we wanted
57:49
to see if we could
57:51
match people within a specific
57:53
event. So we chose the Halloween
57:55
party that they were throwing and
57:58
we wanted people to be able
58:00
to walk into a room, kind
58:02
of upload their their preferences here,
58:04
and within the event to basically
58:06
find who else who is there
58:08
that they might be compatible with
58:10
or might want to spend more
58:13
time with after the party. Like
58:15
a dating app? We framed it
58:17
more as a friendship finding, but
58:19
I think this could easily be.
58:21
But really, it was dating. Dating
58:23
up in certain contexts. Yeah. We're
58:25
just surfacing the connection, however far
58:27
that takes you. Cool. And I
58:29
think there are a few interesting
58:32
takeaways here. Number one is just
58:34
a very practical lesson of... people
58:36
don't want to take out their
58:38
phones at events. Oh, yeah. And
58:40
I think this is actually what
58:42
inspired some of the hardware directions
58:44
as well. The idea that you
58:46
can just have hardware that's just
58:48
like passively there that maybe lights
58:51
up when you find connection, that
58:53
would make much more sense at
58:55
this kind of event as opposed
58:57
to people needing to check out
58:59
their phones. And another. related learning,
59:01
which I guess we'll talk about
59:03
more, is specifically we wanted a
59:05
lot of the computation to be
59:08
non-interactive. So we wanted to be
59:10
able to surface the matches directly
59:12
within the event without people having
59:14
to check their phones. And so
59:16
this naturally surfaced the idea of
59:18
using T's. because the problem with
59:20
multi-party FHE is you do have
59:22
this interactive decryption step. So we
59:24
thought of this example as one
59:27
where you could enter room and
59:29
you understand that the data you
59:31
share within that room or within
59:33
that ephemeral context will go to
59:35
secure hardware because it needs to
59:37
match you non-interactively. cryptographic, purely like
59:39
software, mathematics. We have these hardware
59:41
tools, some trust them, some don't.
59:43
They kind of fulfill a lot
59:46
of the functionality we want to
59:48
use cryptography for. And so my
59:50
question is, as a design team,
59:52
where do you draw the line
59:54
between staying in pure cryptography or
59:56
reaching out for the T's? Yeah,
59:58
it's actually a question that we've
1:00:00
grappled with a lot this past
1:00:02
year, and there's a lot of
1:00:05
different angles to look at it
1:00:07
from. One angle is like funding,
1:00:09
so we... So far I've been
1:00:11
funded by privacy and scaling expirations
1:00:13
at the Ethereum Foundation with grants
1:00:15
and so like they support programal
1:00:17
cryptography research so a lot of
1:00:19
our focus has been in that
1:00:21
direction because that's the community and
1:00:24
ecosystem we've been a part of
1:00:26
and it's been very synergistic in
1:00:28
that way in that we're able
1:00:30
to take technology that's developed in-house
1:00:32
and then find you know like
1:00:34
product facing uses of it. And
1:00:36
I think yeah as long as
1:00:38
we're funded that way it will
1:00:41
always be a priority to explore
1:00:43
the stuff. Another angle here is
1:00:45
like user first and I think
1:00:47
like something that we have yet
1:00:49
to identify internally and as far
1:00:51
as I can tell also externally
1:00:53
is like when people care about
1:00:55
using the full cryptographic version of
1:00:57
something versus something like secure hardware
1:01:00
ultimately it doesn't really matter what
1:01:02
like purest cryptographers think is correct
1:01:04
if you're trying to build stuff
1:01:06
for people it just matters what
1:01:08
they think. At least if you
1:01:10
want people to use your stuff,
1:01:12
if you don't care, then I
1:01:14
guess, you know, make your perfect
1:01:16
utopia, I guess. And I think
1:01:19
like, ultimately there's tradeoffs to using
1:01:21
this stuff. And I think, I
1:01:23
think there's like a common phrase
1:01:25
that comes up in cryptography. So
1:01:27
girls like, oh, it's just dependent
1:01:29
on math. And like, for some
1:01:31
reason in this world, that's cool
1:01:33
and makes sense. But I think
1:01:35
for a lot of people, this
1:01:38
is just intuition, like, like, like,
1:01:40
like, that can't see your things.
1:01:42
Like I feel like that just
1:01:44
clicks a bit better. Or like
1:01:46
at least I could see it
1:01:48
clicking better. And so yeah, like
1:01:50
one thing we definitely want to
1:01:52
clarify. more in 2025, both for
1:01:55
ourselves and for the external community,
1:01:57
is like, yeah, when do people
1:01:59
care? So running some experiments with
1:02:01
TE is running some stuff with
1:02:03
pure MPC, and just getting some
1:02:05
user data on like, how do
1:02:07
you respond to the copy around
1:02:09
this stuff? Because ultimately. You know,
1:02:11
an average person is not going
1:02:14
to verify a TE attestation or
1:02:16
like look at the verification key
1:02:18
for this proof. They're completely trusting
1:02:20
you and the sort of copy
1:02:22
and explanation that you give them
1:02:24
and like the sort of feeling
1:02:26
the app elicits. So basically, like
1:02:28
my answer is like to be
1:02:30
determined what balance we're going to
1:02:33
use for this and we want
1:02:35
it to just be very user-driven
1:02:37
versus like what we think is
1:02:39
right. And yeah, excited to share
1:02:41
with the community, the findings we
1:02:43
get there. Yeah, super curious to
1:02:45
see results. Like I think a
1:02:47
lot of people are either committing
1:02:49
to one because they believe in
1:02:52
it But I think I've seen
1:02:54
less of a kind of like
1:02:56
Let's try them both and see
1:02:58
what happens Yeah, one way I've
1:03:00
been thinking about this is in
1:03:02
terms of the hierarchy of trust
1:03:04
when it comes to data privacy
1:03:06
and ownership So you can think
1:03:09
about the lowest level of trust
1:03:11
a user has in an application
1:03:13
is one where the application just
1:03:15
like makes no claims to keep
1:03:17
your data private and just like
1:03:19
blatantly will sell your data and
1:03:21
everyone knows about it. The level
1:03:23
that comes above that is one
1:03:25
where the application is just like
1:03:28
trust me bro I know what
1:03:30
I'm doing I'm not gonna like
1:03:32
sell your data or anything. After
1:03:34
that comes regulatory trust. An example
1:03:36
here in a different topic is
1:03:38
like licenses. Like people trust licenses
1:03:40
because you can like eventually bring
1:03:42
someone to a court of law
1:03:44
if they violate the license. And
1:03:47
at the end of day you
1:03:49
like have trust in that system
1:03:51
because of the regulatory mechanism that
1:03:53
underlays it. And then one above
1:03:55
that I would put secure hardware
1:03:57
hardware. where you maybe don't have
1:03:59
to trust the application developer as
1:04:01
much. if they do remote attestation,
1:04:03
if they open source their code
1:04:06
and everything, but now you're trusting
1:04:08
Intel, you're trusting like state actors
1:04:10
to not break into this, maybe
1:04:12
you're trusting a $150,000 microscope or
1:04:14
whatever the cost is for that.
1:04:16
But then the top of that,
1:04:18
or rather the second from the
1:04:20
highest, is cryptography. This is like.
1:04:23
trust in math and the real
1:04:25
beauty of cryptography in the trust
1:04:27
hierarchy is that you can verify
1:04:30
it from first principles like Intel
1:04:32
is is closed source like or
1:04:34
SDX TDX like you know you
1:04:36
can't go into every single layer
1:04:39
of depth and check it yourself
1:04:41
but theoretically you could do the
1:04:43
same with MPC with Fache and
1:04:45
actually go in and make sure
1:04:48
everything checks out and that your
1:04:50
data is safe. But I do.
1:04:52
But yes, yes, yes. Yeah, the more
1:04:54
practical framing is that you trust a
1:04:56
bunch of smart people with a lot
1:04:58
of degrees to actually go in there
1:05:01
and verify this and tell you like,
1:05:03
hey, it's good. Which is also why
1:05:05
cryptography really just has to be paired
1:05:07
with open source if you can't go
1:05:09
in and verify it. It kind of
1:05:11
makes no sense to be going with.
1:05:13
But there is like a sneaky, like,
1:05:16
I don't know, it technically belongs in
1:05:18
the top of the hierarchy, but it's
1:05:20
like somewhat... restricted to a certain design
1:05:22
space, which is just local first. You
1:05:24
can think about this in terms of
1:05:26
LLLM's processing your data. If an LML
1:05:29
wants to process your data and it's
1:05:31
running entirely on your machine, that is
1:05:33
arguably like the highest level of trust.
1:05:36
You know, you can just turn your
1:05:38
computer offline and you can just run
1:05:40
everything locally and that's great. But that's
1:05:42
restricted to single player applications. Like once
1:05:45
you want to get into multi-party computation,
1:05:47
then you have to do either cryptographyography
1:05:49
or secure hardware. So I do think
1:05:51
like the big open question from
1:05:54
a user first perspective is
1:05:56
what applications are best fit
1:05:59
for which level of trust and
1:06:01
how do users actually perceive these things?
1:06:03
And I think to answer your question,
1:06:05
cryptography is really important for very sensitive
1:06:08
data. Anything that might involve like medical
1:06:10
data, anything that people really might not
1:06:12
want to share with the server, I
1:06:15
think that's where cryptography can really shine.
1:06:17
I want to talk about the last
1:06:19
event of the year, I think, for
1:06:22
you. I mean, if we just go
1:06:24
back, this is, I mean, 2024 sounds
1:06:26
like it was just a marathon of
1:06:28
events and activations for the two of
1:06:31
you or for the group. But let's
1:06:33
talk a little bit about DevCon and
1:06:35
what you did there. There's like an
1:06:38
art gallery. I remember you telling me
1:06:40
about this before you did it. How
1:06:42
did it go? Yeah. main new technical
1:06:45
thing we did was a collaboration with
1:06:47
yet another guest on this show, the
1:06:49
folks from Tetsaio, to essentially do a
1:06:51
co-snark experiment. It's actually kind of a
1:06:54
iteration of the ZK-Rapped kind of in
1:06:56
a way where essentially we wanted people
1:06:58
to be able to like prove to
1:07:01
us that they'd hit some number of
1:07:03
taps or connections at the event, again
1:07:05
using NFC cards and this sort of
1:07:08
thing to produce signatures. And we had
1:07:10
a little prize store again. It was
1:07:12
like NFC rings, we had like NFC
1:07:14
bucket hats, we had bracelets, we had
1:07:17
the whole like the whole lineup. NFC
1:07:19
bucket hats, I've never heard that. NFC
1:07:21
bucket hats, yeah, yeah, I think I
1:07:24
have one somewhere. I got one of
1:07:26
the last ones. It's just an NFC,
1:07:28
like a cloth, resistant NFC tag behind
1:07:31
a label. It's actually really nice. And
1:07:33
also setting up that clothing line was
1:07:35
super fun. That was a collaboration with
1:07:38
myself and... Tesla, who is a contractor
1:07:40
on our team. Anyway, we basically want
1:07:42
people to make proofs for us that
1:07:44
they hit some number of connections, and
1:07:47
we want to experiment with delegating that.
1:07:49
Again, actually in the same vein as
1:07:51
like multi-party FHE, where you would love
1:07:54
for, you know, less of the computation
1:07:56
to happen on your own device and
1:07:58
for more of it to be kind
1:08:01
of done somewhere else. And so, yeah,
1:08:03
what people would do is they would
1:08:05
take the signatures they collected, they would
1:08:07
seek or share it into three. three
1:08:10
parts and we did a fun thing
1:08:12
where three different teams hosted the co-snark
1:08:14
servers. PSC hosted one of them, the
1:08:17
PSC Infor team, shout out to them,
1:08:19
cursive hosted one of them. I am
1:08:21
terrible at AWS. I like messed up
1:08:24
the deployment once or twice so I
1:08:26
was the weakest link in the chain,
1:08:28
but we hosted one and then to
1:08:30
say I hosted one. And yeah, like
1:08:33
together, you know, there's some sort of
1:08:35
like... you know theoretically we could all
1:08:37
collude and see your signatures but there's
1:08:40
kind of a reputation level thing which
1:08:42
i think is really interesting of like
1:08:44
we're all privacy focused teams the chance
1:08:47
that we do this is low or
1:08:49
at least it would kind of hurt
1:08:51
our reputations if we did and so
1:08:54
yeah we basically did this whole delegated
1:08:56
proving experiment and it actually like was
1:08:58
like oversubscribed like i think we had
1:09:00
a few tens of thousands of proofs
1:09:03
overall and there's one point where I
1:09:05
think almost almost 20,000 yeah across the
1:09:07
whole event and yeah basically again like
1:09:10
this is my fault where we were
1:09:12
supposed to like replicate the nodes so
1:09:14
that there could be more servers making
1:09:17
proofs And then not only did I
1:09:19
not do this, but also like two
1:09:21
of our nodes broke. So there's only
1:09:23
one node on the cursive side and
1:09:26
then eight for PSC and Tatsayo. And
1:09:28
so we're completely bottlenecked by cursive and
1:09:30
then eventually we fixed it and it
1:09:33
was fine. It cleared out the cue
1:09:35
of proofs that was waiting. But yeah,
1:09:37
one of the coolest things about deploying
1:09:40
things in the real world is that
1:09:42
you get very direct feedback loops. And
1:09:44
the way we had set it up
1:09:46
was that you would make these proofs
1:09:49
to show how many people you've met
1:09:51
and you could get some of this
1:09:53
NFC merch by showing these proofs. And
1:09:56
so we realized that the infrastructure for
1:09:58
generating Coast Narks was not working when
1:10:00
there were tens, if not a hundred,
1:10:03
of angry people standing in front of
1:10:05
our booth asking us. why their number
1:10:07
wasn't going up. Oh no. That was
1:10:09
a fun day. I love that you
1:10:12
you put yourselves in this sort of
1:10:14
line of fire. But it's just so
1:10:16
it's I mean it's also you get
1:10:19
like the visceral feeling I feel like
1:10:21
after that you go back building and
1:10:23
you really you take it in you're
1:10:26
not ignoring that feedback. I feel like
1:10:28
it sticks with you. No I think
1:10:30
we're really motivated by that as a
1:10:33
team like collecting it and also acting
1:10:35
on it. I mean, we do a
1:10:37
lot of just like ivory tower stuff
1:10:39
as well. It's hard not to when
1:10:42
you're trying to figure out what to
1:10:44
do with this technology. But we try
1:10:46
to like be on the ground as
1:10:49
much as we can. Yeah. And we
1:10:51
really like every opportunity we get, we
1:10:53
try to like make the most of
1:10:56
it reflect on it heavily and just
1:10:58
like move forward. I mean, that's a
1:11:00
huge number of events just there that
1:11:02
we covered testified to what you're saying
1:11:05
now. Yeah, again, huge shout out to
1:11:07
Tato folks. Ash, Ash, Lucas. Lucas. The
1:11:09
other Lucas Daniel Roman a bunch of
1:11:12
bunch of amazing folks helped both with
1:11:14
the activation But also they just came
1:11:16
to the booth and like helped volunteer
1:11:19
and stuff. So such lovely folks. Yeah
1:11:21
I Guess that ties into the the
1:11:23
final part of our DevCon experience which
1:11:25
was the cryptographic connections museum that we
1:11:28
launched in collaboration with a bunch of
1:11:30
artists and collaborators And the idea behind
1:11:32
the museum was just to showcase all
1:11:35
the work that has gone into cryptography,
1:11:37
help educate a lot of attendees who
1:11:39
might not know much about cryptography and
1:11:42
its history, and also tell people what's
1:11:44
going on in the future and what
1:11:46
to get excited about. And we basically
1:11:48
got a bunch of artists and cryptographers
1:11:51
and everything in between to showcase different
1:11:53
pieces of work. And I think... the
1:11:55
most exciting part of the whole experience
1:11:58
for me was that But Ash had
1:12:00
set up a display about the history
1:12:02
of MPC. So she had all of
1:12:04
these different fundamental
1:12:06
papers. I remember like the
1:12:08
day before I had gone
1:12:10
to a print shop in
1:12:13
Thailand and gotten like literally
1:12:15
like five, six hundred pages
1:12:17
of papers printed of just
1:12:19
math. And they were so
1:12:21
confused. Like, what is going
1:12:23
on here? And the whole
1:12:25
display was just these papers
1:12:27
and this like history of
1:12:29
MPC and a bunch of
1:12:31
like golden frames Set up
1:12:33
like an academics desk like
1:12:35
a coffee mug pen paper
1:12:37
all that stuff And
1:12:39
throughout the event like
1:12:41
this was Super attractive
1:12:44
to a lot of the museum
1:12:46
I guess and two people and they
1:12:48
both had their own papers, Grott
1:12:51
16 and Beaver Triples, on the
1:12:53
table. And so that was so
1:12:55
exciting seeing them walk over and
1:12:57
get to pick up their own
1:12:59
paper and be like, oh my
1:13:01
God, this is so cool. That's
1:13:03
definitely the highlight of DevCon for
1:13:05
me. Amazing. Nico actually was
1:13:07
also a featured artist. Do
1:13:09
you want to talk about the
1:13:11
thing that you did together? Oh, yeah.
1:13:14
You guys printed out the ZK
1:13:16
jargon decoder. It was supposed to just
1:13:18
be a museum piece and a
1:13:20
prize, but we actually had like
1:13:22
three or four robberies. That was
1:13:24
actually like... Oh, they all got
1:13:26
stolen. Okay, wonderful. Yeah. Pretty much
1:13:28
all of them. I think we
1:13:31
saved one for you, right? I
1:13:33
hope you have yours. Yes. Okay,
1:13:35
great. It's right here. Oh, cool.
1:13:37
Wonderful. Wonderful. The rest got stolen.
1:13:39
So, uh... If you're out there
1:13:41
listening to this, we will find
1:13:43
you. You weren't supposed to take
1:13:45
them. Wild. Okay, so that wrapped
1:13:47
up, I guess, 2024 for you.
1:13:49
When I spoke to you, end
1:13:51
of the year, you did sound.
1:13:53
You were like, I don't want
1:13:56
to travel anymore. Although I think
1:13:58
actually Andrew, you kept traveling. But
1:14:00
we're now, 2025, beginning of the year,
1:14:02
what's the plan? Are we going to
1:14:04
see you doing more activations at events?
1:14:07
Are you actually planning on doing something
1:14:09
else? You were talking about maybe a
1:14:11
shift more towards product. So yeah, tell
1:14:14
us what you're thinking. Yeah, I think
1:14:16
like, specifically technical directions are still being
1:14:18
figured out, but like, definitely, I think
1:14:20
just in terms of like process of
1:14:23
building, I think trying to shift more
1:14:25
to marathon mode, I think last year
1:14:27
was definitely a lot of sprints. of
1:14:29
like something comes up it aligns enough
1:14:32
with our directions and I think we
1:14:34
were just really in deep need of
1:14:36
like data like we just needed to
1:14:39
like try things with people who weren't
1:14:41
already billed sometimes like at a conference
1:14:43
like CK Summit it's actually good to
1:14:45
try it with people who are billed
1:14:48
just to educate more than like necessarily
1:14:50
get user data but something like DevCon
1:14:52
leans much more in the other direction.
1:14:55
And I think this year, probably still
1:14:57
we'll do some events and conferences just
1:14:59
because they're convenient and we have good
1:15:01
connections with them, but I think building
1:15:04
products for specific personas and just trying
1:15:06
to like grow within the cities that
1:15:08
we live in and like just try
1:15:10
to get like further and further away
1:15:13
from like ZK, Ethereum land. Because I
1:15:15
think the sort of confounding factor in
1:15:17
our space, which is both a blessing
1:15:20
and a curse, is that like... People
1:15:22
are down to try technology for technology
1:15:24
sake. Like they're like, oh, cool thing,
1:15:26
in the tech, let me try it.
1:15:29
Versus like, this does something good for
1:15:31
me. And most people operate entirely in
1:15:33
the latter camp of like, oh my
1:15:36
God, I don't want to have another
1:15:38
app on my phone. I just only
1:15:40
wanted if it's going to like add
1:15:42
to my life. So it's a little
1:15:45
bit like high level, but just I
1:15:47
think trying to get more feedback loops
1:15:49
from people, very outside of the space,
1:15:52
very hard. One example that comes to
1:15:54
mind is like professional apps entirely. So
1:15:56
at people, you know, who are like
1:15:58
LinkedIn power users or something, like how
1:16:01
can we make their kind of hiring
1:16:03
job search experience even better and just
1:16:05
trying to build a very like focused
1:16:07
application around that is like one example.
1:16:10
I don't know. and of doing that,
1:16:12
but. Cool. Are you looking for the
1:16:14
product, like the singular product that you
1:16:17
do end up building? Is that sort
1:16:19
of what a lot of this was
1:16:21
headed towards? Or do you actually see
1:16:23
yourself having a suite of different, just
1:16:26
more built-out products? We'll see. I'm excited
1:16:28
to check back in like six months
1:16:30
and let you know, but because we
1:16:33
are in more of a like consumer
1:16:35
and social area, like I think what
1:16:37
tends to be the right process in
1:16:39
this space is. like lots of shots
1:16:42
on goal and you see what sticks
1:16:44
and then go deeper with that. So
1:16:46
I have a sense that that's going
1:16:49
to be at least like the short-term
1:16:51
strategy is just building out lots of
1:16:53
stuff giving it an earnest experiment and
1:16:55
then trying to have a conclusive yes
1:16:58
or no and just continue and understanding
1:17:00
that most of them will be no's
1:17:02
and that is just kind of how
1:17:04
it is. Percursive actually I really liked
1:17:07
the approach like from the start and
1:17:09
Yeah, I want to see what next
1:17:11
year brings. Yeah, totally and on the
1:17:14
flip side We're also always looking to
1:17:16
collaborate with other teams on NBC FHE
1:17:18
research Any sort of technical research that
1:17:20
might align with these directions. We've had
1:17:23
many successful collaborations in the past with
1:17:25
different teams work in the space. So
1:17:27
if you are doing any technical explorations
1:17:30
and you want to maybe see it
1:17:32
integrated into applications, user-facing products, please do
1:17:34
reach out to us. Are you worried
1:17:36
at all about like some of the
1:17:39
patent stuff in the FAG world? Like
1:17:41
does that stress you out because you're
1:17:43
touching FAG a lot? And I'm just
1:17:46
wondering like, are any of the libraries
1:17:48
you're actually using potentially at risk because
1:17:50
of the more extreme patenting and less
1:17:52
open source nature of at least the
1:17:55
way FHA seems to be developing? I
1:17:57
think for the time being actually like.
1:17:59
Multi-party FHE is no longer a key
1:18:01
part of our toolkit. Just like right
1:18:04
now, there's a little bit of, there's
1:18:06
a few bottlenecks, like in particular, like
1:18:08
public key sizes are very large, it's
1:18:10
a little bit slow, it's like a
1:18:12
little bit hard to use, and I
1:18:14
don't foresee that changing in the near
1:18:16
future, or at least we have a lot
1:18:18
of other options that we have to
1:18:20
explore more fully before we come back
1:18:22
to it. So it isn't directly affecting
1:18:24
us. we were talking earlier about how
1:18:26
lovely it is that we're a big
1:18:28
family and this feels like a certain
1:18:30
like you know warring faction just like
1:18:32
decided to leave and make things harder.
1:18:34
And I hope they turn that around
1:18:36
like you know as Andrew said there's
1:18:38
an understanding that we're not fighting each
1:18:40
other we're fighting like the rapidly encroaching
1:18:42
like centralized zero privacy based world and
1:18:44
that's who we need to be focused
1:18:46
against and not against each other so it's
1:18:49
easy to say that in theory but I
1:18:51
understand if you're trying to run a business
1:18:53
it can be easier to be like zero
1:18:55
sum, I don't know. Yeah, I do think
1:18:57
this is a question of
1:18:59
long-term trajectory. If you want developers
1:19:02
to come to your ecosystem,
1:19:04
if you want people to
1:19:06
build upon the crypto systems
1:19:08
you are building, I think
1:19:10
open source is pretty imperative to
1:19:12
that. Now I don't claim to
1:19:14
know the specifics about the licenses
1:19:16
and the tradeoffs there and what
1:19:19
it means for business, but I
1:19:21
do think Generally speaking, the
1:19:23
more open, the better, at least
1:19:26
in this early stage of development.
1:19:28
Because the question is not which
1:19:30
FHE system is going to win.
1:19:33
It's whether FHE even stands a
1:19:35
chance in the first place. Yeah,
1:19:37
good call. Well, thank you both
1:19:39
for coming on the show,
1:19:42
sharing with us the journey
1:19:44
of cursive, all of the
1:19:46
activations and experiments, and the
1:19:48
direction you see yourselves going.
1:19:50
Thanks for being here. the two spotlights at
1:19:52
CK 11 and 12, like that's been so
1:19:54
great for us. And also just, you know,
1:19:57
to I think build awareness and education for
1:19:59
this type. has has been inspiring for
1:20:01
us us. It's really to see what
1:20:03
cryptographers think of this. think
1:20:05
of Thanks, Cool. for joining this one. for
1:20:07
Thanks for having me on. one. I
1:20:10
want to say a big thank
1:20:12
you to the podcast team, to say a big
1:20:14
thank you to the And to our listeners, thanks
1:20:16
for listening. and Tanya, and
1:20:19
to our listeners. Thanks for listening.
Unlock more with Podchaser Pro
- Audience Insights
- Contact Information
- Demographics
- Charts
- Sponsor History
- and More!
- Account
- Register
- Log In
- Find Friends
- Resources
- Help Center
- Blog
- API
Podchaser is the ultimate destination for podcast data, search, and discovery. Learn More
- © 2025 Podchaser, Inc.
- Privacy Policy
- Terms of Service
- Contact Us