I want you to put your hands together.
That's it. You got it. Yeah. Yeah. Can you feel that? I don't know what to say for this.
We've been a lot of times searching for love
And I remember no worse coming from And as soon as we get it, some fun We seem to think that I worked on And I found the same thing I took to get that alone All the things I took after two to keep it
You gotta let them do it, you gotta be the only one who takes one out. You gotta let them do it, you gotta let them do it, you gotta let them do it, you gotta let them do it, you gotta let them do it, you gotta let them do it, you gotta let them do it, you gotta let them do it, you gotta let them do it, you gotta let them do it, you gotta let them do it, you#
You gotta be a lawyer, you gotta be a lawyer
♪ Bring me a little, little thing, that's me for the name ♪ ♪ Who is out, gonna love this new ♪ ♪ Love is from the day ♪
music thank you thank you thank you very much thank you for all right welcome everyone to
little campfire here on the last day of May. We got hit spring but we're we're here at the campsite and we just got a little fire right in in the center there and it's our Twitter space is a volume for today. I want to say welcome everyone and it's great to have
you here and to our usual rock star participants it's always a pleasure to see your smiling PFPs from Twitter. So first of all before we go far, big shout out to Nakatur. Yeah, Nakatur, Big Bird. Thank you very much Nakatur for all your
you've done for bringing TestNet back. We will not forget your feathers and your beak will always be known as Peckish. I also want to say welcome Vera is joining me today for our volume Twitter spaces. Hello Vera. How are you doing today?
I'm pumped up the volume. Of course, welcome to the rest of the Paloma community. You crazy birds, Mahavsi, Kankur, Katoon, Rock and Roll. Good to see you guys. You're going to want to definitely hear what we have to say today. This is great stuff.
We've just been going so fast on a lot of the work that we're doing that we wanted to cache folks up on one of the most important things, which is security. So this topic today, we're going to talk about what's essentially what's happening with volume and how we're taking advantage of validator set security and its use cases.
If you understand what volume does, you'll know that volume is a firm that is a software company. We're based here in the US and our goal is private key security and private key management. We're really passionate about the whole idea of making and using private keys in new ways. One of the first presentations I made
back in 2014. If you go to my YouTube you'll see I made a first presentation on multi signatures. I made that presentation at 2014 September or was it 2015 where I talked about Bitcoin multi signatures and how you can create multi-sigs with Bitcoin. Essentially sharing keys or
using multiple keys to sign a transaction. That has been my life. I am always passionate about multi-six. I was there for my belchee when he founded Bitgo. I was one of the first users. That's the first multi-six security business. I got funded now there in major custodian.
So, all the way to today, now we have something called MPC, multi-party computing, which is essentially, you know, secret shares that are used in a sophisticated manner. I'm sure we are a secret shares. So, our goal is private key security. And I don't know it that well, even though I spent so much time in it because I'm not a cryptographer, but I'm very curious about
And I'm curious about how you can get use of private keys across multiple blockchains. Right. And the goal of this at volume is to be able to you and everyone else to do more with your private keys. Right. If you can do more and extend and leverage your private keys in many different places, you can
Possibly finally get your own chat GPT AI to spend your money for you. So this is a chat GPT presentation. So we're going to say a lot of things about AI is nobody laughing. That's a joke people come on. You know, so we're some smiles. All right. So we're in the, we're
We're going to not to go talk about chat GPT. We're going to talk about machine security. So the first thing we're going to say is we're going to talk about message-related security on Paloma. How does that work and how volume views that security model. Okay. So if you are familiar with
you know, the volume's activity and work supporting the Paloma community, you know that volume has written its own sort of security client for Paloma called Compass. And Compass, we call it currently Compass EVM because it's focused on all EVM is a light client that
validators on polymer will deploy to target change and that like client is essentially the core for message relay activities on the polymer blockchain. The compacy VM was written in BIPER because we regarded BIPER and by the way BIPER is now 0.39 so congratulations to the BIPER
team, we are upgrading. And Viper is a python language that controls or communicates with the Etheorem EVA. Sorry, it's an alternative to solidity. It's an alternative language to solidity. It is python and it controls the instructions
set in the EVM. And so what we want is to be able to control the instruction set on an EVM chain using the validator set on the Pulumma network that is using the instruction set from the Pulumma blockchain. My god, does it all for all
So how did this model come across? This particular approach was first we first discovered it in gravity so I was part of the gravity project way back in 2021. It's days like decades ago and the gravity project was a cosmos
project to essentially communicate across the chain. It's a light client-based project and you will see many criticisms for light client-based security models. They are. It is not the, you know, we're not going to say it's the most perfect. But we think it allows the most community engagement. I don't know. I'll talk about that a little bit, but really we think the light client
where you deploy a client that is secured by many different players or actors on another chain allows community participation in essentially the relaying of messages. And that's what you see with the Paloma validator set. So the Paloma validator set uses the Cosmos gravity model. It has a compass
the EVM like client and the validators in Paloma mainnet currently in Paloma testnet when they see that like client code come up as a ABI plus hex payload they send it to the target chain for example on Paloma mainnet is currently ethereum very expensive and
and on testnet is being being polygon-matic. Every validator in the Pulum and Network gets a chance to create a signing key that essentially controls that compass contract. That is essentially how do they decide and how are they ranked and how are they viewed in the model.
is something we call validator powers. And so what I'm going to do is ask Virat to walk us through how the Pelloma network uses the validator powers to essentially secure the compass if you have Pelloma.
Yeah, totally. So yeah, basically, Paloma has something called snapshots. So every 50 blocks starting with the first, you know, the
the first block being one and then 50, 100 and so on. Paloma essentially checks the current validators set and their respective powers. Right, so let's say we start the network with 100 validators. It'll basically record each of their stake on
the Pulumon Network, so how many greens each of those validators has, and we'll store that. After the first snapshot is stored, it'll then check for each subsequent 50 block interval, whether or not the newest snapshot is quote unquote worthy. Worthy, you know, you can
about it just as like is there basically a are they significantly different or different enough the two you know the two validator sets that it is worth to store the snapshot and there are some more intricate rules which I'll go through quickly but basically right if they
there's a different number of validators in the set. Yes, it's worthy. If even though the number is the same, but some validators actually changed, so we still have 100, but two of those are new while two left. Yes, it's also worthy. If the rank or the relative powers of them change, so you know, validator was on the
the last snapshot was number one and now is number three that is also a reason for plumber to store that snapshot. Or in the last one is a little bit more complex. The relative powers are still the same, so you know the rank of the validers still remains the same, but each of the validers individual powers change
by more than 1% then we also considered worthy. If snapshot from block one and block 50 if they're not still filling any of these conditions then Columbus says you know what it's not worthy. No need to change and see there's already like a question
question in here if that interval is too tight of 50 every 50 blocks, I think we'll go into that kind of perfect segue into one of our next points. But yeah, we started with a 50 interval block. It's definitely up for debate whether or not that's frequent enough or not frequent enough, I think in the beginning we're
That's a good one. Yeah. You maha for bringing that up. In the beginning, we aired off the side of caution because we want to make sure that we always have a pretty up to date. A pretty up to date validator said stored on chains so that we never get into
Zero. I think we lost zero.
Okay, I'm not hearing zero, but I will say that to my house question as well, we're asking a lot of these questions now, particularly now that we are deployed to Ethereum mainnet. So one of the magic things that happened with Ethereum mainnet is that those refusals
you saw us going off on are very expensive. And so, you know, even, you know, you could say that 50 block interval is very tight because now we are
Yeah, we can hear you now. You want to I was just talking over you, but yeah, you're good Yeah, so we are looking at those those parameters. So great question me, huh? We are Looking at those parameters because now we need to confirm and determine if they are really
really too tight or too wide. Currently because Paloma does not have any messaging volume, beyond the Keep Alive messages, beyond delegating of stake and restaking and collection of rewards, the message-related activity is low. Our goal is to drive
I have much more application usage of Paloma with volume apps that will increase that rate. So I think we could say right now it is too tight. If you were to just sit back and be like, yeah, that's a bit aggressive. And I think we're going to be looking at ways of losing it up so that
we can maintain validator happiness as we continue to wrap up. But the goal is that we want to get a lively network of message-related activity going on. So great points there. All right. Vera, yes, you were seeing anything else on parameters, et cetera.
Yeah, I'm not entirely sure where I got caught off, but I was just saying that, you know, it was a perfect segue actually on that. Yeah, spoke spoke to that. Yep. I think
I think we've been here. Let's jump ahead. This is great. Thank you, Vera. You see the evidence of what Mahafasad and you see the evidence of various explanations in the current snapshots, in the current Valsed updates on the deployed B&B and Ethereum chain.
Yes, we are looking to reduce the number of VAL sets updates because they are very costly in Ethereum. Now that we're mainnet, mainnet, and we're no longer test nets, we need to make sure that the system, we want to make sure that the system is actually not expensive of validators. We want to reduce the cost of validators.
and we want to reduce and increase the income opportunity. So we're going to be looking at the adjust the most parameters to make sure that costs can come down and there will be some trade off. But let's talk now about developer authentication. Like what do developers get with, you know, Compos EVM today working? One of the features we just shipped in the one
One dot O. That is why we're doing the test night so we can upgrade is that we want to give Target chain developers the ability to authenticate and verify that messages coming in from the validator set via compass EVM are from senders that they trust. So we have a very
basic functionality for security, which is developers and developers can choose users or not. But developers now have essentially authentication or message authentication feature in v1.1.0 in which Paloma will relay the signing pub key and this
sending Cosmossum contract with the message sender. So you can imagine a developer writing a Python program and then using the LCD or using an endpoint to Paloma to then say, hey, I wrote this Python program. Paloma send a
schedule message to say purchase an NFT when it drops. So if an NFT was supposed to be dropping, you can say, hey, Paloma, an NFT dropping at midnight, 12 a.m. midnight, I want you to keep checking for me and then essentially buy that NFT once it drops, so I don't get
I don't lose out on it. So that developer can write that contract by Tythoncode, send it via Paloma, and then he has a Cosmossum contract, which is sort of like buy-in NFT, and he's just running out that Cosmossum contract on Paloma then essentially sends his Echirium message to execute the purchase. Now,
He's essentially the problem with it is how does he know or how does his wallet on the Ethereum side know that the command to spend coming from Paloma is trusted. And then right now in v1.0.00, anyone can send a message to any contract from any Cosmose contract by duping
the cause of a lot of contract and sending that message. So it's not really secure. But it's functional. So with now with 1.1.0, what we're going to do is be sending the pub key of the signer and we're sending the cause of a lot of contract. So every, you know, solidity developer who is developing, you know,
So, DAPS on any EVM can now say, "Hey, Paloma messages can come and we will accept them only if they come from this specific key and only if they come from this specific Cosmose Modress." So, this extra security layer is just basic security. It's not really sophisticated. It's just meant for developers to say,
"Hey, I'm only going to take messages that come from Mayhoff's contracts and Mayhoff's keys because I'm going to trust him." So we are looking to build out. We have more work to build up, more sophisticated, really authentication. But what we want to make is that anybody who writes validity can essentially say,
because of the loss in contract that they approve can then communicate with their solidity code. That means that you can have as a VM's solidity developer you can say, "Hey, I created one cause of loss in contract on Paloma and for all my solidity contracts I allow all those
So this is really cool. And the reason why we want to do this is we're looking for apps. We want to build apps. We don't want to just be like, hey, this is a dead chain or this is another chain that you know,
has a lot of cool cryptography but not a lot of cool usefulness. So, you know, I said today we want to make sure that Paloma validators are making money. That's the goal. Paloma validators need to make money in excess of token price because the more valuable the chain, the less validators are going to steal your money.
the more we make it such that validators are incentivized to secure the chain because they get revenue in excess of their subsidy or inflation, they will be like, "Hey, I want to keep building this business." We want to make it such that the problem is a business for validators. What does that mean?
With this particular feature that we're having coming up in 1-1, you can do things like cross-chain access control. What I just described with a solidity developer writing a contract that is only usable by a polymocosmoticimedress is an example of cross-chain access control.
So now you can say, "Hey, anybody in the world can write a Python program. Use my Cosmossum contract and essentially they can access any of our solidity programs." Now what I can do is I can essentially sell access by saying, "Hey, my Cosmossum contract
You can do cool things because I have developers who write Python. You permit us or only allow this key or the sender to interact with your Solidity program and you'll have a good time. Now, any Paloma dev can essentially sell their Cosmos and contract as an effective, really, or messaging transfer.
support layer to solidity contracts. So access control is great. What's a good use of access control? Well, hey, you're a portfolio manager or you're a hedge fund on chain and you say, hey, for spending money on our Ethereum account full
I only want these particular users to have access. So you can authenticate by saying, hey, since all these users use this particular Cosmossum contract to execute their traits, only that Cosmossum contract will essentially be able to send commands. And of course, now you could authenticate and make sure that that Cosmossum contract will
only accept essentially transactions from certain pub keys in the polymer world. Again, go bubble up on your abstract all the way up to looking at how Jack expressed that as, "Hey, when he Python developers in our company Office A, we're writing contracts that run in polymer will actually be able to convert or execute
trades on a particular account. So cross-chain access control. You don't hear a lot of people talking about it because again, where we are in crypto, we don't think of access control. But whereas access control is important, it's important for institutions. It's important for folks who currently use Bitgo, who currently use
We're seeing that the volume of the blockchain is the same as the current one.
service. So today, do validators get paid for providing aspects central? They don't. They're just told, listen, you're a data center, you're not useful to us. Just sit there and run a machine. But here we're saying, no, no, no, you're actually now being invited to run a business.
And as a Paloma Validator, you say, "Yeah, yeah, you go to the bar and Friday night, you say, "Yeah, I run a Paloma Validator." And I provide cross chain access control. Let me tell you, people will want to talk to you, people will want to be your friend because it's a business, it's real, it's actually does some value. This can be done for the NFT world, right#
to control somebody has an NFT loan program, you can provide automated NFT loan liquidations and processing. So now, as a polymer wow later, you're providing these things without even having to change your work. All you have to do is just run the software. That volume is looking to build and continue to build on. So we talked about Crotch and Access
control? On-chain custody. Is on-chain custody a pipe dream? Is it a dumb idea? We're curious. Maybe you could actually say, "Hey, you know, Compass has full control over this wallet. And this wallet is owned by Compass, but it is owned by
compass but this wall is on Ethereum or on Binance but this wall will only accept commands spent from Paloma and it will only accept those commands to spend from this particular signing key. We think that's on chain custody. What is on chain custody?
Please store my money for me and make sure that nobody else can spend it so can Paloma, you know, actually rise to that We think that's a good way to test of course there's a security risk here, right Paloma can't custody value that is in greater value than the chain So there is a there is an upper limit. So, you know, there is no such thing as Paloma can custody
the entire value of the Ethereum network because Paloma would have to be worth more than the Ethereum network for that to be valuable. But again, do we live in a world in which the entirety of one token is being custodyed by one entity? No. We live in a world in which people custody, they have multiple tokens across multiple chains.
and are looking for multiple custody solutions that can be flexible. So this is another way we think about private keys going places and maybe you want a custody, you know, your funds on Cardano. You want a custody funds, but if you, you know, you want a custody of your funds on Cardano, but Bitcoin Coinbase doesn't support Cardano custody. I mean, this is a
the way that you can, you know, using the, the, the, the, the comp at CVM is the way you can do that. Um, and I think that's one of the things we're looking at. Lastly, we're going to talk about speed and MEP protection. Um, again, the validator set for, for Paloma is important in this way because currently the RPC endpoints are what is used to, you know, essentially#
are all in a clear, then they lack some of the advantages of having things such as MEV protection. They can be fast. But if validators in Pulumma are essentially using MEV-enabled, fast endpoints, what happens is they'll get more demand. People will start using them as the
default endpoint for their transactions and for this type of custody behavior. So again, composes as fast and composes as fast as the validator set selection of endpoints. And so of course, we can all force all validators to choose one endpoint provider with one centralized data
center that won't be really decentralized and that won't really be what I call life leave. It's not allow easy entry and exit but what we're hoping for is that again, Composivium performance improvements will force validators or encourage them to seek out more highly performance
RPC endpoint providers and more secure RPC endpoint for writers because that results in more revenue. So this is what CompossVM does for Paloma and these are some of the ways that we would like to use, we would like to use a CompossVM to build a business that rewards
This plum avalidators way more than the money and the inflate their get from inflation and way more than the transaction fees. We want to now essentially offer them new ways to participate in what we call message relay fee revenue. And I think that's a big opportunity and a cross chain access control for volume.
is one of the ways we're looking to do so. Vera, did I miss anything? No, I just would say like if there are any, you know, any other ideas of how composites used or, you know, what other things books would like to see. Obviously suggestions are always welcome.
like my hub, but a great suggestion in there. I'm good for thought. Keep it coming. Yeah. Yeah. We will. That's that's actually great. And the simplest suggestions often have the biggest impact. Right. So it doesn't have to be complex. Just simple, simple, simple stuff.
We'll force the thinking. So thank you to the marvelous Pulloma community. And again, thank you, Nakhoturk, for keeping our tests that are live. We're looking forward to put up a proposal. Let's get me in that upgraded.
and let's continue the "Saxcess Control" story. It's gonna be big. Have a great day guys and keep your feathers dry. See you guys in the Discord, see you in the chats. Ciao! Killed, let's get the music!
(singing in foreign language)