本集简介
双语字幕
仅展示文本字幕,不包含中文音频;想边听边看,请使用 Bayt 播客 App。
欢迎收听《零知识》播客,我们将在这里探讨零知识研究和去中心化网络的最新进展。
Welcome to Zero Knowledge, a podcast where we talk about the latest in zero knowledge research and the decentralized web.
本期节目由我安娜主持。
The show is hosted by me, Anna
还有我弗雷德里克。
And me, Frederic.
本周我们将与ZenGo钱包的Omar Schlomovitz进行对话交流。
This where week, Fredrik we and I talk chat about with Omar Schlomovitz from ZenGo Wallet.
我们将讨论多方计算、门限密码学及其在区块链领域的应用。
We talk about MPC, threshold cryptography, and how this work is being used in a blockchain context.
不过在开始之前,我要特别感谢本周的赞助商Least Authority。
But before we start in, I wanna say a big thank you to this week's sponsor, Least Authority.
Least Authority是一支由研究人员、密码学家、开源开发者和隐私倡导者组成的团队。
Least Authority is a team of researchers, cryptographers, open source developers, and privacy advocates.
他们是一家以致力于突破隐私保护解决方案极限而闻名的安全咨询公司。
They are a security consulting company known for their dedication to pushing the limits on how to build privacy respecting solutions.
他们专注于安全审计,包括ETH2规范、Protocol Labs的GossipSub协议、Atomic为Tezos基金会开发的库钱包和智能合约、Blockstack的投资者钱包、Centrifuge的Tinlake 3.0等项目。
They specialize in security audits like the ETH two specification, Protocol Labs' GossipSub protocol, Atomic's library wallet and smart contracts for the Tezos Foundation, Blockstack's investor wallet, centrifuge's Tinlake three point o, and more.
他们想让我告诉大家,目前正在编写一份名为《月球数学手册》的ZK SNARKS构建分步指南。
They wanted me to let you know that they are currently working on a step by step guide to building ZK SNARKS called the moon math manual.
你可以在Gitcoin Grants上找到并为该项目捐款。
You can find and donate to this project on Gitcoin grants.
第八轮匹配资金活动将于本周开始。
Matching round eight is starting this week.
说到这个,零知识播客在Gitcoin上也有一个资助项目。
Speaking of, the Zero Knowledge podcast also has a grant on Gitcoin.
所以当你访问网站时,请考虑同时为这两个项目捐款。
So when you head over to the site, do consider donating to both.
我已经在节目说明中添加了相关链接。
I've added the links in the show notes.
最后,Least Authority也在招聘人员。
Lastly, Least Authority is also hiring.
如果你有兴趣与Least Authority合作开展任何与零知识相关的工作,请前往他们的招聘页面了解更多关于他们正在招聘的安全审计师职位的信息。
So if you're interested in working with Lease Authority on anything Zero Knowledge related, head over to their career page to learn more about the security auditor position they have open.
你可以在leastauthority.com/careers找到相关信息。
You can find that at leastauthority.com/careers.
我也把这个链接添加到了节目说明中。
I've also added the link to this in the show notes.
再次感谢Least Authority。
So thank you again, least authority.
现在是我们与Omar的访谈环节。
Now here is our interview with Omar.
今天我们邀请到了ZenGo钱包的Omar Shlomovitz,我们将重新探讨一些关于MPC的话题,并主要讨论门限密码学的内容。
Today, we're sitting with Omar Shlomovitz from ZenGo Wallet, and we're gonna be revisiting a little bit the topic of MPCs and covering primarily the topic of threshold cryptography.
欢迎来到节目,Omar。
So welcome to the show, Omar.
你好。
Hi.
很高兴来到这里。
Great to be here.
谢谢邀请。
Thank you for having me.
我想我们通过你创建的研究小组ZenGo X已经对彼此有了一些了解。
I think we got to know each other a little bit through a research group that you've created called ZenGo X.
我觉得开始这次访谈最有意思的是先听听关于Zengo和Zengo X的介绍。
I think what would be interesting to kick off this interview is to hear a little bit about Zengo and Zengo X.
这两个实体是什么?你和它们有什么关系?
What's what are those two entities and how are you related to them?
是的。
Yeah.
Zengo是一家为消费者构建加密钱包的公司。
So Zengo is, is a company building wallets for consumers, crypto wallets.
这是我联合创立的公司,作为在公司职责的一部分,我领导了一个研究小组,我们将其命名为Zengo X——这不是最初的名字,但现在是这么叫的。
It's a company that I co founded and as part of my role in the company, I had research in a research group, which we named Zengo X, which was not the original name, but this is the name we have it now.
这个小组存在于GitHub上,仔细想想,它就像一个带有问题追踪和PR功能的社交网络,你可以发起项目、关注他人等等。我们感觉似乎缺少了些什么,对吧?
This group exists on GitHub, which if you think about it is kind of a social network with the issue tracker and the PR and where you can start stuff and you can follow and so And we felt the need to that something was missing, right?
因此我们编写了大量针对各种使用场景的加密库。
So we wrote a lot of cryptographic libraries that are very specific to require to all sorts of use cases.
我们发现,来到GitHub或我们GitHub组织的人有时会感到迷茫,如何将他们从访客转变为贡献者,正是我们想要改进的地方。
And we felt that people that are coming to GitHub or to our GitHub organization are sometimes lost and the conversion from taking them from being just a visitor to being a contributor is something that we want to improve.
最初我们只是添加了一个Telegram群组的链接,不再直接请求贡献,而是告诉他们:我们想认识你、与你交流、共同协作。
So what we've done in the beginning is that we've just added a link to a telegram group and instead of asking for contributions and so on, just told them, look, we want to know you, we want to meet you, we want to discuss, let's work together.
这个实验应该说是成功的,因为它自然而然地吸引了许多加密领域内外志趣相投的优秀人才。
And it was, I guess it's a successful experiment because it's organically kind of attracted very interesting people from the space and even a bit from outside the space, which have common interest to very specific use of cryptography.
于是这个小组逐渐壮大,现在Telegram上也活跃着这个社群。
So that group just grew and obviously it's now also exists on Telegram.
我们的运作方式是:主群组处于前沿阵地,同时还有许多侧室围绕各类研究主题展开热烈讨论。
And what we do is that, first of all, this is like the main group is kind of at the front, but there are many side rooms that have very vivid discussions around all sorts of topics that include research.
最初我们专注于阈值密码学时发现,其实还有更多与密码学相关的研究话题值得在这个领域探讨。
What happened is that when we started by being focused on something called threshold photography, we noticed that there is also room for other kinds of research related topics around cryptography to be discussed that are related to the space.
我是说,这个领域正在推动整个密码学的发展。
I mean, the space is pushing forward the entire field of cryptography.
因此根据需求,我们逐渐分享了越来越多的工作内容,这些工作也从最初的阈值密码学发展到了更多密码学应用,或者说那些在区块链领域中可以重度依赖密码学的应用。
So based on demand, we kind of shared more and more of what we are doing, which also evolved from just threshold cryptography to more cryptographic application or application that are heavily relying on cryptography that can be used in the blockchain space.
所以这就是研究小组的由来,可以说我们50%的工作聚焦在密码学代码和实现上,另外50%则专注于研究。
So yeah, that's kind of how Research Group came to be, which is, I would say like 50% more oriented to cryptographic code and implementation and 50% to research.
在这50%中,也有一部分是用于密码学的通用研究。
Out of this 50%, also some part of it is for general research and cryptography.
时不时地,我们尝试——我的意思是,吸引人们来交流讨论是一回事。
And from time to time, try to, I mean, it's one thing to bring people to come and talk and discuss.
另一件事是如何让他们保持参与感,并能够轻松地提出各种问题,比如参与讨论。
The other thing is to keep them engaged and feel comfortable to talk about all sorts of questions that they have, like engage with discussions.
因此我们围绕这个小组开展了各种活动,包括曾举办过由社区或生态系统成员主讲的密码学网络研讨会。
So we start to do all sorts of activities around this group, which includes, at some point we had webinars around cryptography from people from the community or ecosystem.
我们还启动了一些学习小组,其中一个关于类群的研究小组取得了巨大成功。
We also started some study groups, one about class groups, which was highly successful.
我是说,现在我们已经拥有了可能是最后一个针对特定用例的类群库。
I mean, think now we have one of the, maybe the only one for specific use cases is class groups in the last libraries.
而且这需要一定成本,获取类群知识的代价并不低廉。
And there's like a cost, it's not cheap to get the knowledge about class groups.
这确实很有帮助。
It really was helpful.
这类活动嘛,我可以一直说下去,但最终结果就是现在形成了一个生态系统,我们看到它日益壮大并获得高度参与。
And that kind of activities, yeah, I can go on and on, but the end result is that now it's an ecosystem and then we see it growing by the day and gets a lot of engagement.
最终我们还获得了大量贡献,这正是Zenbo X的核心所在。
And eventually we're also getting a lot of contributions and this is the core of Zenbo X.
贡献者们共同协作解决有趣的研究问题,并构建出色的密码学库。
It's contributors working together to solve interesting research problems and also to build cool libraries in cryptography.
从一个钱包项目中诞生这样的研究团队感觉相当独特,通常只有核心团队或像以太坊基金会这样的组织才会设立研究部门。
It feels pretty unique to have this sort of research group come out of a a wallet, essentially, where like, it's pretty commonplace that a sort of core team has a research group as well or something like the Ethereum Foundation has a research group.
但我确实从未听说过有钱包公司设立这样的研究团队。
But I've never really heard a a wallet company have that.
那么你们的目标是将研究成果回馈给钱包产品,还是说目前已经与之脱节,真正专注于基础研究,甚至将研究成果贡献给协议层?
So what is your goal to, like, contribute that back to the wallet, or is it so, like, disconnected from that at this point that is really about fundamental research or even contributing research back to the to the protocols?
是的。
Yeah.
这是个很好的问题。
So it it's a great question.
我们需要了解Zenbo的起源。
Now we need to understand how Zenggo started.
创始之初,我的角度是来自学术界的。
And when it started so my angle, I came from academia.
我遇到了我的联合创始人Oiel,他是位经验丰富的创业者。
I met my co founder, Oiel, who is a seasoned entrepreneur.
他提出了这个钱包的问题,而我最初并不在意。
And he came up with this issue of a wallet, which never bothered me.
但在深思熟虑后,我意识到这确实是个痛点。
But after sleeping on it, I realized that this is a true pain.
我带着MPC(多方计算)的背景加入,经过一些基础研究后,我们才确定这就是我们想做的事。
Now I came with some background in MPC and it took us some basic research until we figured out that this is what we wanted to do.
我们需要构建密钥管理系统——这是构建钱包的核心之一,围绕多方计算、阈值密码学或阈值签名展开。
Like we need to build key management, which is one of the cores of building a wallet in the space around multiparty computation or threshold cryptography or threshold signatures.
从那时起,我几乎全天候投入MPC的实现工作,当时这项技术还处于萌芽阶段。
From that point, I spent pretty much twenty fourseven implementing MPC, which was in its infancy.
看到当时的发展状况确实非常令人惊讶。
Was very surprising to see what it was at that time.
正如你所说,早期开发产品时需要进行大量研发,而这些研究与我们构建的内容密切相关。
Now, as you said, when you build a product at the early stage, there was a lot of R and D and the research was very much related.
这直接指向我们在钱包中构建的功能。
This point to what we built in the wallet.
比如,我认为我们真正做的第一项研究是关于密钥恢复的。
For example, I think the first real research we've done was around recovery.
你需要设计一种恢复方案,使其与主要密钥处理方式具有同等安全性,对吧?
You need to build a recovery scheme that would be equivalent to your primary way of handling the keys, right?
否则攻击者会直接针对你的备用恢复方式,从而通过这种方式获取密钥。
Because otherwise the attacker would just go to your secondary way of how you do recovery and would get the key out of this way.
所以我们尝试解决恢复问题,由于我们使用MPC技术,就尽量保持相同的假设条件等等。
So we try to solve recovery and because we are using MPC, try to stay with the same assumptions and so on.
最终我想我们是在斯坦福区块链大会上展示了这个方案。
Eventually I think we presented it at this Stanford Blockchain Conference.
后来发生的事情,我认为部分原因是运气使然,就是与区块链领域相关的阈值密码学这个特定方向,同时吸引了许多学术界人士的关注。
And what happened is that, I guess some part of it is due to luck, is that this area, specifically threshold cryptography relevant to blockchain space, attracted a lot of folks from academia at the same time.
因此这个领域出现了大量研究热潮,这对我们来说非常有利——由于我们是最早尝试运用这些基础算法和协议的先驱之一,我们遇到的各种问题对学术界人士很有研究价值。
So there's been a huge surge of research that is focused on this area, which meant that for us, was very easy to first, since we're kind of one of the first to actually try to work with those primitives and protocols, we encountered all sorts of problems that has some value to academic people.
所以与他们展开合作就变得很顺利。
So it was easy to start collaborating with them.
这就是早期的重点方向。
So this was the focus of the early days.
但从那时起,在我们建立研究社群并解答这些问题的过程中,又引出了更广泛的问题领域。
But from that point, while we started to establish the research community and like answering those questions, it opened up to broader questions.
例如,当参与方众多时,如何进行多方计算?
For example, so how do you do MPC when you have a lot of parties?
不仅仅是两三个参与方这种常见情况。
Not just two or three, which was the common case.
当你有1000个参与方时会怎样?
What happened when you have 1,000 parties?
这引导我们思考一个根本性问题:最终,比如在这个问题上,我们想要解答如何为多方计算构建正确的通信层?
So it kind of led us to this fundamental question that eventually, for example, in this question we wanted to answer on how do you build the communication layer in the right way for MPC?
例如,基于某些状态机应用和BFT共识,这就是我们的切入点。
For example, based on some state machine application, BFT, this was like our angle.
是的,从那时起研究方向就不断扩展延伸。
So yeah, it diverged and diverged in that point.
现在的状况是,我们的研究可能已经领先于产品。而且顺便说,产品上线后密码学方案更难更改,但研究仍在支撑着我们在产品密码学层面和安全储备方面的大部分工作。
Now, what we have now is that our research is probably ahead of the product And it's also, by the way, after you launch it, it's harder to change cryptography, but the research is still supporting most of what we do in the cryptographic level in the product and in security stock.
同时这些研究也支持其他使用我们代码的公司产品。
And it also supports other products for other companies that are using the code.
所有内容都是开源的。
Everything is open source.
因此存在这样一个生态系统,并且围绕它有许多问题。
So there is this ecosystem and there are questions around it.
我们也始终允许自己寻求替代方案以尝试改进,在解决安全问题后,你会想要提高效率。
And we also allow us all the time to seek alternatives to try and improve, After you solve something about security, you want to improve the efficiency.
这就像是另一条研究路线。
So this is like another line of research.
所以我认为我们的起源与现在的工作之间存在很多联系,但还有一大块研究短期内不会直接影响产品。
So I would say that there is a lot of connection between our origin and what we are doing now, but there is yet another big chunk of research that is not directly affecting the product in the near future.
你描述的社区建设听起来很像零知识播客电报群和ZK学习俱乐部。
What you describe as this community building sounds a lot like the Zero Knowledge Podcast Telegram group and then the ZK Study Club.
以及我们一直在构建的一些项目。
And some of the projects that we've been building.
显然,更侧重于零知识特定领域,但我发现与你们团队有大量重叠之处。
Obviously, a bit more focused on the Zero Knowledge specific space, but there's so much overlap I find with your group.
当我最初加入并看到里面的情况时,就觉得我们迟早会有这样的对话,希望能分享这些信息。
And I I know when I when I first joined it and got to see what was happening in there, it just seemed like it would be inevitable that eventually we'd have a conversation hopefully get to share some of that info.
是啊。
Yeah.
现在这些学习俱乐部非常成功。
Now the study clubs are really successful.
虽然他们采取了不同的方式,但我想这启发了我创办我们的学习小组。
I think probably what inspired me to do our study groups, although they kind of picked up a different approach, but I think it was the inspiration.
没错,我们从零知识生态系统中获得了很多灵感。
Yeah, we get a lot of inspiration from the Zero Knowledge ecosystem.
哦,真不错。
Oh, cool.
我们已经听过了公司创立之后的故事,但能讲讲之前是什么把你带到这里的吗?
So we've heard the story from the founding of the company onwards, but can you tell us a little bit about what happened before that led you here?
这个故事其实挺简单的。
The story is kind of simple.
大约在以太坊推出的时候,我想这就是我接触到的东西。
I I around the the launch of Ethereum, I think this is what I picked up.
我接触到了它。
I picked it up.
智能合约让我大开眼界。
Smart contracts kind of blew my mind.
所以我早在阅读比特币白皮书之前,就先读了以太坊黄皮书。
So I read the yellow paper much before I read the Bitcoin paper, the white paper.
我的第一次尝试是寻找锂工作量证明(Lithium Proof of Work)中ETHash算法的问题。
My first attempt was to find an issue with a Lithium Proof of Work, the ETHash.
这实际上是一个现有的算法,但Vitalik(V神)进行了一些调整。
It it actually an existing algorithm that Vitalik kind of tweaked.
而我的目标是,我知道Vitalik所做的调整并没有安全证明。
And my goal was that I knew that there was no security proof to the tweak that Vitalik done.
我当时还注意到,同时有很多其他研究在进行,这些研究涉及各种所谓的空间和内存消耗以及计算的中等核心函数。
I saw then at the same time, there was a lot of other research going on about all sorts of, it's called moderate heart functions in relation to space and also memory consumption and computation.
所以我认为我有一些相当不错的观察和展示,但并没有真正做出实质性的贡献。
So I had a quite nice, I think, few observations and presentation, but nothing that I could actually make substantial contribution out of it.
我想从那时起,我决定不再与Vitalik对赌。
And I guess that from that point, I decided to not bet against Vitalik.
后来我遇到了Will。
And then I eventually I met Will.
这就是我之前提到的内容。
So this is what I what I mentioned before.
我们有来自Unbound Tech的Nigel Smart在某所大学。
So we had Nigel Smart from Unbound Tech in some university.
Levin。
Levin.
Levin
Levin
Levin。
Levin.
是的。
Yeah.
K u Levin。
K u Levin.
嗯。
Mhmm.
应该是个不错的地方。
Supposed to be a cool place.
我们曾邀请他在另一期节目中讨论NPC和部分阈值密码学,但我知道你也听过那期节目,Omar,我认为我们可以进一步充实对阈值密码学的理解。
We had him on a different episode to talk about NPCs and a bit of threshold cryptography, but I know you listened to that episode as well, Omar, and I think we can flesh out our knowledge of of threshold crypto a little bit more.
但我不确定我们是否掌握了基础知识。
But I'm not sure that we have sort of the basics.
我想我们已经掌握了MPC的基础,比如如何从多项式到各参与方持有不同组件的过程,我们解释过这类内容。
I think we have the basics of MPC, of how, you know, you can go from a polynomial to where where different parties have the the different components, and we explain those kinds of things.
但深入更多实际应用的密码学领域,如ECDSA等,我认为我们尚未真正掌握其基础原理。
But going into more, like, real world cryptography, ECDSA and the like, I don't think we really have the fundamentals there.
也许你可以帮我们快速了解一下这方面内容,同时也谈谈你在这方面的研究工作。
So maybe you can help us get up to speed a little bit on that and and talk about some of your own work there as well.
当然。
Sure.
首先,MPC代表多方计算。
Starting with MPC stands for multiparty computation.
简单来说,它的含义和我们今天所知的是:我们可以采用任何函数,并通过MPC技术进行计算,这意味着你拥有不想分享的私有输入,但希望获得某些输出结果。
Basically what it means and what we know today is that we can take any function and we can compute it with MPC techniques, meaning that you have private inputs that you don't want to share, but you want to learn some output.
正如Nigel提到的百万富翁问题——比如你想知道的输入可能是某些秘密薪资,而你想了解哪一方是最富有的。
So Nigel mentioned the millionaire's problem, like you want to learn, for example, so the inputs would be some secret salaries and you want to learn who is the richest party.
现在,阈值密码学可以说是MPC内部的一个分支,专注于密码学相关函数,对吧?
Now, threshold cryptography, you could say that this is kind of a branch inside MPC that focuses on functions that are cryptographic, right?
我们所知的所有密码学函数,如密钥生成、数字签名和加密,它们都有对应的阈值版本。
So all of the cryptographic functions we know, key generation and signing digital signatures and encryption, they all have a threshold equivalent.
之所以称之为'阈值',是因为你需要做出这个由T和N两个参数定义的阈值假设。
And you call it threshold because you need to make this threshold assumption that is parameterized by those two parameters, let's call them T and N.
这是对它们的常见命名惯例。
This is a common naming for them, convention.
也就是说,你希望表达有N方参与计算,并且在这N方中,你假设不超过T方是恶意的,这意味着它们试图破坏协议并了解其他方的输入信息。
So what you want to say that you have N parties joining the computation and out of the N parties, you assume that no more than T are malicious, meaning that they try to sabotage the protocol and learn something about the other party's input.
好的,那么为什么这很有趣呢?
Okay, so why is this interesting?
举个例子,签名是区块链领域最大的应用场景,我们在传播区块链时一直在做这件事,对吧?
So for example, signatures, which is the biggest use case in the blockchain space, This is something we do all the time when we propagate a blockchain, right?
当你签署一笔交易时,实际上是在交易上进行数字签名,以表明这是你的身份,对吧?
When you sign a transaction, you actually do a digital signature over the transaction to sort of say that this is your identity, right?
这个签名相当于表明我拥有这个经过密码学验证的身份,并将其附加到交易上。
The signature is equivalent to say that I have this cryptographically proven identity that I'm attaching to the transaction.
从密码学的角度来看,为什么这很有趣?
Why is this interesting in terms of cryptography?
让我们以数字签名为例来说明。
So let's take for example, digital signatures.
在区块链中,我们为每笔交易附加签名,这基本上就是在说:我有密码学证明表明这笔交易来自我。
So in blockchain, this is what we do for every transaction we attach signature, which is basically like saying I have a cryptographic proof that this transaction came for me.
就像在声明,这是我的身份且无人能伪造,对吧?
Like I'm saying, this is my identity and no one can forge it, right?
签名的基础安全特性就是其不可伪造性。
The basic security property of signature is that it can be unforgeable.
然而,这在某种程度上也是一个单点故障。
However, it is some kind of a single point of failure for once.
因此使用阈值签名方案的一个动机,就是将信任分散给多方。
So one motivation for using a threshold photographer, threshold signature would be to kind of distribute the trust among parties.
这其实与多重签名非常相似——有些区块链原生支持,而在以太坊等链上则需要编写智能合约功能来实现。
So this is actually very similar to MultiSig that is either existing natively in some blockchains or in others like Ethereum, you need to write some smart contracts, some functionality to achieve it.
但这就是你们想要实现的效果。
But this is what you try to get.
实际上你可以在多重签名和阈值签名中编码任何你想要的访问结构。
So you can actually encode any access structure that you want, both in multisig and also in threshold signatures.
然而,使用阈值签名可以隐藏访问结构。
However, using threshold signatures, you can hide the access structure.
因此输出时,阈值签名的要求之一是验证过程保持不变,对吧?
So the output, one of the requirements of the threshold signature is that the verification would be the same, right?
当你验证多重签名时,基本上需要逐个验证每个签名。
So when you verify a multisig, you basically need to verify each signature separately.
这会影响交易的大小,以及你需要支付的费用,因为它占用更多空间。
So it has some implications around the size of the transaction and also about the fees that you need to pay for it because it takes more space.
但还存在一个隐私问题,即你实际上可能暴露访问结构。
But also there is this privacy issue that you can actually expose the access structure.
在多方计算中,要求验证协议保持不变。
In MPC, you require that the verification protocol would stay the same.
因此对于区块链的外部观察者(验证者、矿工等)来说,签名看起来应该是一样的。
So for an outside observer looking at the blockchain, a verifier, a miner, whatever, the signature should look the same.
所以无论访问结构如何,可能是500个通过某种与门、或门等逻辑门连接的签署者,想象成一个电路。
So no matter the access structure, it can be 500 signers that are somehow connected with some, let's say, end gates, or gates, and all sorts of like, imagine a circuit.
最终你会得到一个与单一签名者签名大小相同的单一签名。
Eventually you'd get a single signature, which is the same size as a single signer signature.
关键问题在于存在某种可追溯性因素。
That's the point of failure is that there is sort of a traceability aspect.
我认为这取决于具体使用场景。
I would say it depends on the use case.
对于某些情况,如果你有一个非常大的访问结构,手续费可能会超出承受范围。
For some, if you have a really big access structure, so the fees might be something you cannot handle.
所以你会希望只支付单笔交易的手续费。
So you'd want to have fees of a single transaction.
但确实,交易体积可能是个因素,隐私性也是。
But yes, might also, the size might be a factor, but then also the privacy.
所以这真的要看具体情况。
So it really depends.
现在我想稍微联系一下研究界和学术界的发展动态。
Now I want to connect it a bit to the research community and what was going on in academia.
当时很少有人预见到Stephen Goldfeder和Zargonero提出的方案——他们发现门限密码学可以应用于钱包系统,但由于比特币使用的是ECDSA协议(椭圆曲线数字签名算法)
So few people envisioned Stephen Goldfeder, Zargonero, they saw a way that threshold cryptography can be used in wallets, but the protocols of doing it since in Bitcoin we use a protocol named ECDSA, which stands for Elliptical Digital Signature Algorithm.
因此实现门限ECDSA的方式效率并不高
So the way of doing threshold ECDSA was not very efficient.
所以这个想法虽然被提出,但从未真正付诸实践
So it was imagined, but never done in practice.
而在我创办公司期间,恰好有一大批研究人员在努力推进这个方向
And what happened is that during the same time that I started my company, there was a large body of researchers that tried to push this point.
基于比特币的应用场景,他们找到了非常巧妙的技巧来大幅提升门限ECDSA的效率
Because of the Bitcoin use case, found very clever ways and tricks on how to make this threshold DCBSA super efficient.
不过目前其效率仍远低于单签名的方案
Now it's still very far from the efficiency you get from a single sign.
首先必须进行通信交互
First of all, you to have communication.
就像所有门限密码学方案一样——虽然现在有些前沿技术试图最小化通信量,但通常多方计算都需要信息交换
Like with all threshold cryptography, I mean, there's some state of the art now they try to minimize the communication, but usually with MPC you need to exchange information.
所以这里存在通信和计算两方面的问题。
So there's the communication aspect here and also the computation.
因此确实需要进行一些复杂的计算。
So you do need to involve some complex computation.
从安全角度来看,还存在一些区块链原生不具备的安全假设,需要整合常规的椭圆曲线公钥假设。
Also from security wise, there are some security assumptions that are not native in the blockchain, which is just the regular public elliptical assumptions that you need to incorporate.
尽管如此,这些协议在过去三年不断改进,直到现在我们拥有了真正高效的阈值ECBSA实现方案。
Still, those protocols kept improving over the past, three years until we have, now really, really efficient ways of doing this threshold, ECBSA.
我想回到刚才的话题,因为我需要重新确认一下,你刚才区分了多重签名、多方计算和作为多方计算子集的阈值密码学。
I wanna go back for a moment because I just wanna redefine you you sort of made the distinction between the multisig and the MPC and the threshold cryptography being a subset of MPC.
基本上,你刚才说的是在阈值密码学中,所有输入的大小相同或在某种程度上是相同的。
Basically, you were saying that they're, with threshold cryptography, all inputs are the same size or are identical in a way.
你能具体说明一下你的意思吗?
Can you just clarify what you mean by that?
我可以这样解释:如果我们只看签名部分,一个签名实际上包含三种不同的算法。
I can clarify it by explaining about if we just look at signatures, so a signature is actually three different algorithms.
一个是密钥生成,一个是签名,还有一个是验证。
One is a key generation, one is signing, and one is verification.
当你转向其阈值变体时,就需要找到一种方法来进行分布式密钥生成(DKG)。
So when you go to the threshold variant of it, so you have to find a way to do a distributed key generation or a DKG.
签名也是分布式的,所以我们称之为分布式签名或阈值签名。
The signing is also distributed, so we call it distributed signing or threshold signing.
验证必须与单签名者情况相同。
Verification must be the same as in the single signer case.
这就要求签名算法的输出看起来应该与单签名者情况下的相同。
So what it requires you is that the output of the signing, the signature algorithm should look the same as in the single signer case.
这意味着你需要从所有这些信息中(可能是任意大小的访问结构)提取数据,并将其压缩成单一签名。
So it means that you take all the information from all of those, this might be, I don't know what size, access structure, and you need to compress it into a single signature.
你在数字签名内部完成了所有这些机制,但输出看起来或应该与常规数字签名算法的大小相同。
So you do all these kind of mechanics inside the digital signature, but the output should look or should be of the same size as in a regular digital signature algorithm.
明白了。
Got it.
不过在多重签名中,你基本上是把不同的签名串联起来。
However, in multi sig, you basically concatenate different signatures.
所以它会随着签名者数量线性增长。
So it's go it goes linearly with the number of signers.
明白了。
I see.
所以你最终是要把它们相加吗?
So you end up with a you add do you actually add them?
你是这个意思吗?
Is that kinda what you mean by that?
你就像是一个接一个地排列,形成这种主签名?
You're kind of like putting one after another to make this like master Yeah.
对。
Yeah.
懂了。
Got it.
酷。
Cool.
这个区分实际上很有帮助。
That's been a helpful distinction, actually.
是啊。
Yeah.
我一直有点好奇为什么多重签名不被视为NPC,反之亦然,但这很酷。
I've always been a little bit curious as to why multisigs weren't considered NPCs or vice versa, but it was cool.
关于这种新型的阈值密码学,你已经提到了一些优点或好处,但它是否也带来了一些问题?
With this new kind of threshold cryptography, you know, you've mentioned some of the, like, the pros or the benefits of it, but, like, has it also opened up any problems?
是的。
Yes.
正如我提到的,确实需要根据协议做出一些安全假设。
So behind what I mentioned that you do need to assume some security assumptions depends on the protocol.
所以可能需要在系统中引入一些新的假设条件,这并不是理想的情况。
So it might be that you need to introduce some new assumptions into your system, which is not preferable.
你还引入了计算上的开销。
You also introduce overhead in computation.
你还要求进行通信。
You also require communication.
除此之外,协议本身的编写极其复杂。
So on top of it, the protocols themselves are extremely complex to write.
我现在可以百分百肯定地说,无论谁尝试实现阈值BCDS协议,他们都失败了,包括我们自己。
I can say now with 100% confidence that it doesn't matter who tried to implement threshold BCDSA, they failed, including ourselves.
你必然会失败。
Like you have to fail.
这就是为什么我们如此高兴能有这样的生态系统围绕它,因为它必须变得更好。
This is one of the reasons why we are so happy to have this kind of ecosystem around it because it got to be better.
这是获得信任的唯一途径。
This is the only way to gain trust.
你必须反复进行实战测试。
You have to battle test it over and over.
你需要获取新的文件集来审视它。
You have to get new sets of file to look at it.
你必须持续改进它。
You have to improve it constantly.
否则就会失败。
Otherwise you fail.
这就是原因之一,例如币安实现了一个阈值签名库,而我们发现了一些问题,这些问题涉及算法本身以及他们实现加密的方式,可能非常严重。
This is one of the reasons, for example, Binance implemented a threshold signature library, and we found several issues that are the algorithm itself, the way they implemented cryptography that can be severe.
现在情况变得有趣,因为它开启了各种新的攻击途径,我的意思是,我们可以具体举例说明实际维护或运行阈值签名是什么样子。
Now, it's interesting because it opens up all kinds of new attack vectors because, I mean, we can go into specific examples of what it looks like to actually maintain this kind of, or to run threshold signatures.
但最终结果是,例如我们现在也在维护币安的库,因为我们看到了尝试标准化它的价值,试图让它尽可能简单,试图让他们的Go库和我们的Rust库能够共存。
But the end result is that, for example, now we are also maintaining Binance library because we kind of see value in trying to standardize it, try to make it as simple as possible, try to make it so their library is Go library, our library is Rust library.
我们希望使它们能够互操作,希望它们具有相似的API。
We want to make them interoperable, want to make them with similar API.
我们看到围绕它存在很多困惑。
We see a lot of confusion around it.
因此,即便是与这些库进行交互也相当困难,需要一定的密码学经验或知识基础,才能与我们沟通或使用这些库的API。
So it's really hard also just to interact with those libraries requires some level of experience or knowledge of cryptography just to talk with us, to use the API of those libraries.
举例来说,在我们的Xengo库中,我们在其基础上构建了一个堆栈。
So for example, in our case, in the Xengo libraries, build a stack on top of it.
所以我们还有另一个库专门用来封装阈值签名库,使其更人性化,从而避免在通信轮次等方面出错。
So we have another library just to wrap the threshold signature library to make it more human friendly, such that you'd avoid mistakes around this, like, you know, round of communications and so on.
然后我们在此基础上又开发了另一个更面向具体应用的库。
And then we have another library on top of it, which is more application specific.
如果你想要实现阈值验证方案或创建阈值钱包,那就需要再增加一个层级。
Now if you want it to have threshold validation scheme or if you want to have a threshold wallet, So you need to have another layer.
甚至在这之上,我们还额外添加了一个封装层,使API设计达到完全防错的程度。
Even on top of it, we had one more layer just to wrap it so to make the API completely, completely foolproof.
因为这就是它的代价。
Because this is the cost of it.
整个过程极其复杂。
It's like extremely complex.
但你提到的那个币安漏洞,问题是否在于他们在某些功能尚未经过实战检验前就过早实施了?
But that Binance bug that you mentioned, was the problem that they had implemented too early before something was battle tested?
币安做得非常出色。
Binance did a fantastic job.
他们创建了最先进的库。
They created state of the art library.
他们咨询了合适的人选。
They used the right people to consult them.
他们对库和代码进行了审计。
They audited the library, the code.
我们发现的漏洞不止一个,是多个漏洞。
The bugs that we found and it's in plural, it's bugs.
而且我们也在其他许多地方发现了漏洞,包括我们自己。
And also again, we found bugs in many other places, including ourselves.
顺便说一句,我们的库也经过审计了。
And by the way, our library is also audited.
要知道,审计人员对这种新技术也并非完全熟悉。
Even, you know, the auditors are not familiar all the way with this new technology.
所以这有时是个问题,但即便做了所有这些出色的工作,你仍然会发现这些难以捕捉的漏洞。
So it's sometimes an issue, but even doing all this great work, you still can find all these cracks that are really hard to catch.
比如真的很难扩展,主要原因之一是你需要找到兼具软件工程师、网络工程师和密码学家技能的人才。
Like it's really hard, for example, to expand, maybe, I mean, one of the main reasons is that you need to find like someone that is fusion between a software engineer, a network engineer, and the cryptographer.
而通常这些人不会同时具备这些技能。
And usually those guys do not meet.
所以这是个
So it's a
当他们确实具备时,我想这种情况很罕见。
When they do it's rare, I guess.
是的。
Yes.
是的。
Yes.
所以很难完全消除漏洞。
So it's it's hard to to to completely eliminate bugs.
唯一的方法就是像其他软件一样通过迭代改进。
The only way to do it is iteratively by any other thing, like any other software.
你必须不断进行更好的测试,并让专家审查和贡献代码。
You have to keep better testing it and and, like, have experts look at it and contribute it.
这是唯一的途径。
It's the only way.
是的。
Yeah.
我认为值得强调的是,唯一能改善它的就是时间。
I think it's worth highlighting that the only thing that that improves it is is time.
对吧?
Right?
我是说,即使是存在了二十年的OpenSSL,也曾被发现过严重漏洞。
I mean, even in OpenSSL that had been around for twenty years, there were severe bugs that were found.
所以某种程度上,你永远不能期待任何事物是完美的。
And so you it's sort of you can't ever expect anything to be perfect.
我认为这正是拥有一个社区、团队和众多眼睛的好处,他们从不同角度审视它,在不同生产环境中使用它,这是发现问题的唯一途径。
And I think that's why it's great to have a community and a group and and, like, a number of eyes who are actually looking at it from different vantage points using it in production in different settings, and that's the only way you actually find stuff.
是的。
Yep.
不过你能详细说说实际的漏洞吗?
Can you give a bit more detail about the actual bugs, though?
也许这也能帮助我们理解,比如,阈值密码学中的漏洞在现实世界中意味着什么?
Maybe that helps us also to understand, like, what does a bug in threshold cryptography mean in the real world?
为什么这会是个问题?
Like, why would that be bad?
好的。
K.
没问题。
Sure.
让我来解释一下我们发现的最简单的漏洞。
So let me explain about the simplest bug that we found.
为此,我需要介绍另一个阈值协议,即秘密重新共享。
So for this, I need to introduce another threshold protocol, which is secret resharing.
这个协议的目标极其重要。
So the goal of this protocol is it's extremely important.
在实际生产中应用阈值加密时,这几乎是必备的功能。
It's mostly when you do threshold cryptography in production, it's almost a must have.
你需要做的是让攻击者,假设你现在对你的方案进行阈值化处理——这是我使用的术语,对你的密码学方案进行阈值化处理。
So what you need to do is that an attacker, let's say that you now you thresholdize, this is the name that I use, you thresholdize your scheme, your cryptography.
现在你不再是一个单一参与方,而是有n个参与方。
Now instead of one party, you have n parties.
每个节点都持有部分秘密,你需要避免攻击者获取超过t+1个这样的秘密。
Each one holds some secret, and you want to avoid a situation where an attacker gets hold of t plus one such secrets.
但聪明的攻击者会逐个击破。
But a clever attacker would go and attack one by one.
假设你将秘密份额分散存储在不同站点,攻击者会逐个攻破这些站点,直到收集到足够多的秘密份额来重构完整秘密。
Let's So say you spread your secret shares to different sites, the attacker would just go to one site by the other until you get enough secret shares that they can reconstruct the secret.
为了避免这种情况,你需要引入随时间变化的机制。
To avoid it, you need to add this notion of change with time.
因此你需要设定一个时间参数,超过这个时间后就需要刷新密钥。
So you need to take some time parameter, after this time, you want to refresh the keys.
你需要保持同一个主密钥不被重构,但需要刷新秘密份额以覆盖旧的秘密。
So you want to keep the same secret key that is never reconstructed, but it should be the same, You do need to refresh the secret so that you overwrite your old secret.
这也是当你需要向群组引入新成员时的机制。
This is also the mechanism if you want to introduce new parties into your group.
如果某些成员停止响应,你可以通过这个机制引入新成员。
So if some parties stop responding, you want to introduce new ones, So this is a part of this mechanism.
这种机制类似于DRAM中生成随机信标的过程,在阈值签名中也存在类似机制。
It happens like, for example, in DRAM, where they produce this random beacon, do it and it also exists in threshold signatures.
你在这里使用的术语是'秘密份额'。
The name you're using here is secret share.
你用的术语是这个吗?
Is that what the term you're using?
是的。
Yeah.
我是说,每个参与方都持有一个秘密份额。
I say that for every, for each party, each party holds a secret share.
我的意思是,这并不一定总是如此,但在签名场景中通常是这样。
I mean, it doesn't necessarily means that this is it, but in the case of signatures, usually this is the case.
所以在币安代码中的情况是,你需要执行这个协议来重新分配。
So what happens in the Binance code is that, so you need to do this protocol to reshare.
重申一下,目标是保持相同的密钥。
So again, the goal is that you have the same secret.
这就像是系统的不变量需要保持,密钥的外壳需要重新加固。
This is like invariant in the system should be kept, secret shells of the secret should be resharpened.
要实现这一点,需要每个参与方与其他参与方进行通信。
Now to do it, you need each party to communicate with the other parties.
因此,每个参与方会将自己的秘密与其他N减1个参与方共享。
So each party would take his own secret and would share it with the rest of the N minus one parties.
现在的情况是,攻击者只需攻击一个参与方就足够了——实际上这对网络攻击者也适用,但我们假设攻击者只攻击一个参与方。
Now, what will happen is that it's enough for an attacker to attack, let's say one party, actually it can even work for a network attacker, but let's assume that an attacker attacks one party.
这个攻击者会向部分其他参与方发送正确的秘密份额,而向另一些参与方发送错误的秘密份额。
Now, this attacker would send the right shells to some of the other parties and an incorrect secret share to other parties.
现在,每个参与方都有相应的机制。
Now, is a mechanism for each party.
这是因为我们需要防范恶意对手的攻击。
This is because we need to protect against malicious adversaries.
因此,每个参与方都有机制来检查收到的每条消息,并验证其正确性。
So there are mechanisms for each party to check each message that it received and to verify that it received the right message.
这一切看似完善,但问题是攻击者会发送部分正确份额和部分错误份额。
So this is all good and fine, but what happens is that this attacker would send some good shares and some bad shares.
那些收到错误份额的参与方会检测到问题并中止协议,意味着他们将保留原有的秘密份额。
Now the ones that received the bad shares would detect it and would abort the protocol, meaning that they would keep their old secret share.
那些收到正确份额的参与者将继续执行协议,最终覆盖他们现有的秘密份额。
The ones that received the good shares would continue the protocol, eventually overwriting their existing secret shares.
因此最终会得到两组互不兼容的秘密份额,因为一组完成了不可逆的删除操作,而另一组没有进行删除,对吧?
So you end up with two groups of secret shares that are not compatible with one another, because one done a deletion, which is irreversible, the other one has not done a deletion, right?
这里有两个观察点:第一,这个问题其实很容易修复。
So two observations here is that one, it's really easy to fix.
我们需要增加一轮通信,而这显然是实现者原本想要避免的。
So we need to add another round of communication, which is obviously what the implementer wanted to avoid.
在这轮通信中,每个参与者都需要声明:我是否正确接收了所有信息,然后基于此达成共识决定后续操作。
And in this round of communication, you do need to kind of say, so each partner needs to say, so I got everything right, I got everything wrong, and based on it, they get a consensus of what they should do.
另一个问题是,聪明的攻击者如果一次得逞未被发现,就可以持续实施攻击,最终可能演变成涉及金钱的勒索局面。
Another thing is that a smart attacker that goes undetected doing it once can keep doing it, eventually getting to some kind of an extortion situation if it involves money.
这可能导致终端参与方群体中没有足够的秘密份额来重建完整密钥,除非使用攻击者知晓的某个秘密。
So it can get to a point where you don't have in your end parties group enough secret shells to reconstruct a full key, only if you use one of the secrets or a secret that the attacker knows.
这种攻击方式实际上将安全级别退化回了单签名者或类似的状态。
So it kind of deteriorates the attacks the attack back to a single signer or something like this.
然后攻击者可以说,好吧,你想要我的签名吗?
And then the attacker can say, okay, you want my signature?
除非你签署一个交易,把账户里锁定金额的一半给我之类的。
So only if you sign a transaction that gives me half of the amount locked in this account or something like this.
如果从广义上看,就像你说的,各种门限签名方案中,是否存在一类常见问题或攻击模式?
So if you look broadly at, you know, when you as you put it, threshold dice various schemes, is there a class of problem or a class of attack that seems to pop up?
还是说就像任何加密软件中都会出现的常规漏洞?
Or is it, you know, bugs as in any crypto software?
或者说实际上并不是。
Or is it actually, no.
这些都是我们需要警惕的。
These things we need to be aware of.
这些都是随之出现的新问题。
These things are new new things that pop up that that come as a result of that.
我认为在某个阶段,应该可以对这类攻击进行分类。
So I think that at some point, it would be possible to classify those type of attacks.
目前,所有这些系统都非常新,流程也非常手动化。
Right now, all those systems are very new and the processes are very manual.
你知道,当对一个方案进行阈值化时,实际上就是移除了密码学中的所有重型武器。
So you know that, I mean, what happens when you thresholdize a scheme is that you take out all the big guns in cryptography.
这意味着你立即需要转向某种分布式系统,同时引入了承诺、零知识证明、神经形态加密等等,就像你刚才看到的那样。而在这个过程中,可能会出现很多陷阱。
So immediately it means that you need to, again, move to some kind of distributed system, and also you introduce commitments and zero knowledge and neuromorphic encryption and whatever, like you just saw it all in, And out of this, there's a lot of pitfalls that might happen.
所以,我是说,有一些已知的问题你可以开始关注。
So, I mean, there are known like issues that you can start look for.
比如,我最近发表的一篇博客文章就是关于我在多个实现阈值签名的库中发现的一个问题,这与EDDSA在25519上的情况不同。
So one of, I mean, the recent blog post I published was about an issue I found in several libraries that are doing threshold signatures, but different than EDDSA at 25,519.
然后在椭圆曲线中还存在一些依赖关系,所以你需要在一个特定的椭圆曲线子群中操作。
And then you have some dependency in the elliptical, so you need to walk in a specific subgroup of the elliptical.
但有趣的是,当你把这两件事结合起来——一个是通信,另一个是在椭圆曲线的素数子群中操作——就会出现各种问题。
But what's interesting is that when you combine these two things, one is communication and second is walking in the prime or the subgroup of the elliptical, there's all sorts of issues.
比如你现在收到的每条消息,都需要额外检查接收到的椭圆曲线点的某些属性。
Like each message that you receive, you now need to also check something about the elliptical point that you receive, for example.
展开剩余字幕(还有 217 条)
而这些检查,我们有时会注意到它们被遗漏了。
And these checks, sometimes we notice goes like they are missing.
然后这会对你能做的事情产生各种影响。
And then there are all sorts of implications on what you can do.
显然这些检查也应该成为基本西格玛协议的一部分,比如作为多方计算中的零知识证明等等。
And apparently these checks also should be part of when you do some basic sigma, like zero knowledge protocol proofs as part of the MPC and so on.
所以我想应该有方法可以把这些归类处理。
So I guess there are ways that you can cluster those.
但目前从我的角度来看,这个过程非常手动化。
But right now, I mean, the process is from my point of view is very manual.
我想到的另一件事是,正如你在这里提到的,你动用了所有手段来实现某种阈值化方案。
Another thing that I thought about, as you put it here, you pull out all the guns to sort of, threshold dice or something.
但我想让我们先退一步思考,你之前提到比特币及其阈值签名,这可能导致多重签名或其他不需要比特币脚本等功能的应用。
But I wanted to take us a step back even before that, which is you talked earlier about Bitcoin and and having threshold signatures there, which, you know, could lead to multisigs or or whatever that that doesn't require Bitcoin script and and all sorts of things.
现在我们正在转向Schnorr签名,并且需要在这方面提高效率等等。
And now we're moving into Schnorr, and we need better efficiency there, etcetera.
但推动所有这些发展的动力是什么?
But what drives all of these things?
是什么驱动着这些变革?
What drives these changes?
为什么要采用阈值签名技术?
What drives having threshold signatures at all?
那么具体有哪些应用场景?或者说在什么层面上我们需要这些技术?
So, like, what are the use cases, or why why do we want these things at some level?
我想不同领域会有许多不同的答案。
I imagine there's there's many different answers for different fields.
但如果我们以比特币为例,最主要的推动因素是什么?
But if we look at Bitcoin, for instance, what's the the prime motivating factor?
你之前提到钱包时说过,社交恢复方案显然是个重要因素,但感觉背后还有大量研究支撑。
You know, you earlier, you said for the wallets, like, having a social recovery scheme is obviously a big thing, but it feels like there's a lot of research that goes into this.
它肯定不仅仅是社交恢复方案那么简单。
It has to be more than a social recovery scheme.
是的。
Yes.
没错。
Yes.
这确实取决于——这是个很好的问题。
So I it really depends on it's a great question.
阈值密码学有着各种各样的应用场景。
And it does all sorts of applications for for threshold cryptography.
如果你想在阈值密码学和区块链之间建立联系,可以考虑几个杀手级应用。
And if you want to do the course between threshold cryptography and blockchain, you can think about several like killer applications.
其中一个正是这种新模式,它一方面是非托管的,同时又能避免单点故障。
So one is indeed this new model, which is on the one hand non custodial, but still gives you this kind of ways to avoid single point of failure.
比如这就是我们钱包采用的设计原则——避免单点故障。
So this is, for example, one thing that we use in our wallet, and this was like our design principle was avoid single point of failure.
一旦进入这个领域,你就不再拥有私钥,这意味着攻击者必须同时攻破两个位置才能完整重构出私钥。
And once you go into this realm of, so you don't have a private key anymore, so it means that the attacker must be at, let's say, two locations at the same time to get the full, to reconstruct the full private key.
但一旦进入密钥分布式存储且永不重构的领域,你就可以在此基础上构建各种功能。
But once you go into this realm of having the key distributed and never reconstructed, so you can think of all sorts of stuff to build on top of it.
基本上,你可以实现许多原本需要在区块链上完成的功能,无论是在智能合约中还是在比特币脚本中。
So you can basically do a lot of what you natively would have done in a blockchain, either in a smart contract or in some, in script in Bitcoin.
你可以在链下完成这些操作,从而在区块链上的足迹最小化。
You can do it off chain and then your footprint on the blockchain would be minimal.
一个例子是我们几年前做的原子交换工作,不是通过链上交易完成,而是通过在不同方之间交换秘密信息来实现。
So one example is a work we've done a couple of years ago about atomic swaps, but instead of doing it using transactions on chain, what I'm doing is that I'm switching secretures between different parties.
所以如果我能够分发一个秘密信息,又能分发另一个秘密信息,现在我就可以交易我的秘密信息了。
So if I can distribute one secret and I can distribute another secret, now I can trade in my secretures.
我们提出了这种渐进式释放方法,允许你逐步交换或替换,一点点交易,直到一方获得另一方的签名,而另一方也获得这方的签名。
And we came up with this gradual release method that allows you to, let's say, switch or replace, trade bit by bit until you get to a point where one party learns the signature of another party while the other party learns this party's signature.
最终你会达到一个点,其中一方完全控制某个密钥,而另一方则失去了对该密钥的控制权。
Eventually you get to a point where one party controls, they have a full control of some key that the other party now lost control of.
比如说你也可以进行重新共享。
Let's say you also do re sharing.
因此无需深入细节,当你拥有这种非单一密钥而是分布式单一密钥的生态系统时,就能围绕它构建各种应用。
So without going into much deals, you can build all sorts of applications around this when you have this ecosystem of not single key, but distributed single key.
该领域还有其他值得一提且正在获得关注的应用。
There are other applications in the field, ones that were worth mentioning that are getting traction.
其中之一是权益证明验证。
So one is the proof of stake validation.
假设你有一条区块链需要达成共识,可以用1000个验证节点运行,但攻击者不太可能控制其中大多数节点。
So let's say that you have a blockchain and like you want some consensus and you can run it with 1,000 validators, but it's not much like an attacker would control most of them.
这样你的网络就不会崩溃。
So your network will go down.
解决方案是将每个验证节点再分散给1000个签名者或联署人,要求他们必须协同合作。
So what you can do, you can distribute each validator into another 1,000 signers or co signers such that they need to cooperate together.
通过这种方式,安全性将获得指数级提升。
So you get this factor of increase in security when you do this.
现有库都已支持这种模式,比如Polychain Labs等机构已经在实践了。
There are all the existing libraries and then actually Polychain, for example, labs are doing it already.
所以它也越来越受到关注。
So it's also getting traction.
而且这种情况还在持续发展。
And it goes on and on.
例如,我们正在进行的一项工作是关于采用闪电网络的瞭望塔概念,并从密钥管理的角度展示,如何将其扩展为相互连接的终端瞭望塔网络,从而带来某些安全优势。
For example, one work that we are now doing is about taking the watchtower concept of lightning network and showing that when you look at it from a key management perspective, how you can extend it into end watchtowers that are connected between them in certain way that gives you some security benefits.
嗯。
Yeah.
我之前没听说过这个密钥交易的事情。
I hadn't heard about that, the key trading thing.
这确实也很吸引人。
That that's also fascinating.
我总体上很喜欢非托管方案,但提供托管级别的用户体验确实是个需要大量这类技术的有趣问题领域。
I do generally like the noncustodial, but giving custodial levels of user experience to be an interesting problem space that requires a lot of this.
这两者之间有什么关联吗?
Is there any connection?
这算是题外话,但阈值密码学和VDF有关联吗?
This is sort of a side thing, but is is threshold cryptography and VDFs related?
没有。
No.
并不相关。
Not really.
我是说,确实有一个关联点,就是我们与以太坊合作的一个项目。
I mean, there is one connection, which is a project we worked with with Ethereum.
它启动了信标链。
It started the Beacon Chain.
而为了让信标链的随机性无偏,你需要VDF。
And Beacon Chain, to make the randomness unbiased, you need VDF.
要构建基于RSA群的VDF,你需要生成一个无人知晓私钥的RSA群。
And to make a VDF based on RSA groups, you need to generate an RSA group that no one knows the secret key to.
所以为了实现这一点,你们就采用了阈值密码学。
So to do it, you use a threshold cryptography.
所以以太坊启动了一个很棒的项目,我们进行了评审,并将展示这个现实世界加密处理项目,它正在为RSA密钥进行大规模多方计算。
So Ethereum founded a very nice project that we reviewed and we're gonna present this processing real world crypto that is doing a massive MPC for RSA keys.
好的。
Okay.
然后你就能获得不含私钥的RSA公钥,接着可以将其用于可验证延迟函数中,再应用于VDF。
And then you can get the public RSA key without the secret key, and then you can use it in VDF, and then you can use it in the VDF.
所以这是流程中另一个不同的步骤。
So it's a lower it's a it's a at a different step in this process.
这与VDF的核心无关。
It's not deep in the VDF.
这更偏向。
It's rather before.
这是关于。
It's the prep for the VDF.
我完全认同
I mean, there are ways to do public threshold VDF, but I don't think it was researched so far.
好的。
Okay.
但这将是另一种可以进行阈值化的密码学原语。
But this would be another cryptographic primitive that you can thresholdize.
有意思。
Interesting.
回到弗雷德里克之前的问题,比如为什么需要这个,或者它如何成为某些场景的完美解决方案。
Going back to Frederic's earlier question of like why you need this or like how it actually is the perfect solution for certain things.
你还有其他类似的例子吗?
Do you have any other examples of that?
其实并不存在所谓的完美解决方案。
So, there probably isn't such thing as a perfect solution.
所有事物都是由各种权衡构成的。
Everything is, very composed of trade offs.
但我的意思是,我们知道它在交易所中非常受欢迎。
But I mean, we know that it's very popular with exchanges.
我是说,当今最大的加密货币交易所都在使用它。
Mean, the largest exchanges today, crypto exchanges are using it.
想象一下这种模式:交易所生成一个单一密钥,这就像是主密钥。
So think about this kind of model where you have like the exchange generate a single key and this is like the master key.
但现在交易所采用了一种两方方案,其中一方属于交易所的一组签名者,另一方可以是交易所的另一组成员,对吧?
But now the exchange is using some kind of a two party scheme where one party belongs to one group of signers from the exchange and the other signer can be one of another group from the exchange, right?
比如说,为了确认从交易所的冷钱包到热钱包的交易,你需要获得两个小组的同意,并且每组各需一人参与。
So let's say that in order to enable to confirm a transaction from some cold wallet to hot wallet in the exchange, you need to have the agreement or the consent of two groups and you need to have one out of each.
所以我认为这是交易所常见的场景。
So this is, I think, common case that you see in exchanges.
就像你看到的,对于某些金额,需要这个小组的一名成员和那个小组的一名操作员共同确认,类似这样的安排。
Like you see the, you need for, certain amount, need one exact from this group and one operator from this group, something like this.
然后你可以继续扩展这种访问结构。
Then you can go on and on with the access structure.
因此,定义这种层级和访问结构非常方便,它能让你对加密确认过程拥有更多控制权。
So it's really convenient to define this type of hierarchies and access structure that allows you to have more control over how you confirm cryptographically.
这不仅仅是简单的API确认与否
Like it's not gonna be just an API yes, no.
你实际上需要进行加密确认,这使得这类确认过程更加安全
You actually need to confirm cryptography, which makes it much more secure way to enable these kinds of confirmations.
我知道这种情况开始出现了,就像你刚才说的那样,交易所开始出现验证者的情况类似,验证者不想把所有东西都运行在一台机器上。
I know it's starting to pop up, like, on the same similar vein as exchanges starting to pop up with validators, as you said as well, where a validator doesn't want to run everything on one machine.
如果那台机器被攻破,密钥被盗,他们可能会遭遇双重签名之类的问题。
If that machine gets compromised and the the key gets stolen, they can get double signed or whatever.
你知道吗?
You know?
有各种方法可以利用这一点或攻击他人。
There there's various ways to exploit that or attack people.
所以他们开始将其分散到多台机器或多个人身上,这些人需要采取行动来破坏系统。
So they start spreading it out on multiple machines or multiple people that need to to do stuff to or take action to break the system.
是的。
Yeah.
你们在准备这期节目时与我们分享的一些工作内容是关于加密遗嘱的。
Some of the work that you basically shared with us in prep for this episode were was about crypto wills.
你能简单介绍一下这项工作吗?以及它如何与阈值密码学相关联,如果这是合适的解决方案的话?
Can you tell us a little bit about that work and how that actually relates to threshold cryptography, if that's the right solution for it?
是的。
Yes.
首先我会从更高层次的介绍开始,甚至不深入探讨如何制作加密遗嘱的问题。基本上,我认为这个问题不言自明——在加密货币领域,你确实需要指定某个亲属或人选,希望有人能在你遭遇不测时以非托管方式接管你的资产。
So I would first start with a higher level presentation without even like diving into the problem of how to do a crypto wheel, which basically means that like, I mean, the issue I think is self explanatory, but in crypto you do need to have some relative or someone, you want to have someone that would be able to take in a non custodial way, of course, your funds after something happens to you.
不过在讨论这个之前,我认为这属于——这也是与阈值密码学的关联——一个更广泛的问题范畴:应该在哪些应用场景使用,或者哪些问题应该通过阈值密码学来解决。
So, but before going into this, just I think it belongs to, and this is the connection to threshold photography, to a broader range of questions around whether I should use and at what application or what problems should be answered with or should be solved with threshold cryptography.
我们设想的许多协议都发生在两方之间。
So there are a lot of protocols that we want to imagine are happening between two sides.
这些协议最容易的解决方式是——比如说,我不想信任世界上任何单一实体,但可以允许自己信任某个中间节点,比如服务器,但这个服务器是通过阈值密码学实现分布式运作的。
And those protocols can be mostly easily solved if you say, so let's say, okay, I don't want to trust any one entity in the world, but let's say that I can allow myself to trust that I'm getting this something in the middle, let's say a server, but this server is distributed in the sense that everything doing is threshold crypto.
这意味着我可以确信:在这组服务器中,至少有p+1个服务器能协助我完成任何所需操作。
So it means that I can rely on the fact that out of this end servers, at least p plus one would be able to help me with any operation I want.
所以这是另一个类似问题的例子,比如隐形地址问题。
So this is another, like, another example of a problem like this is the stealth addresses.
这是Vitalik提出的问题,我们接手后在他的帮助下尝试解决。
This is a problem that raised by Vitalik that we picked up and tried to solve with his help.
现在,让我给你一个具体例子。
Well, now, I mean, let me give you the concrete example.
假设爱德华·斯诺登开设了一个以太坊账户,公布了他的地址并表示寻求捐款。
Let's say, Edward Snowden opens an account, an Ethereum account, and publishes his address and says, look, I'm looking for donations.
你想向斯诺登捐款,但不想让这件事追溯到你自己。
Now you want to donate to Adlok Snowden, but you don't want it to get back to you.
你不希望链上交易记录显示你确实给斯诺登转了钱。
You don't want a transaction with Chain showing that you actually send money to Snowden.
所以你需要找到一种方式转账,同时避免在链上留下你给他转账的痕迹。
So you need to find a way to send the money without having this on chain footprint, the job that you sent to his others.
这就是第一个其他问题。
So this is first other issue.
在加密领域,这有点类似,再次强调,我们不深入论文中引入的术语,但假设有一个发送者和接收者,发送者需要根据几个条件向接收者发送某些东西。
And with crypto, it a bit parallel that, again, there's, let's say, not going into the terminology that we introduced in the paper, but let's say you have a sender and a receiver and the sender should send something to the receiver conditioned on several conditions.
其中一个条件是某些事情应该只在未来发生。
One of them is something should happen only in the future.
另一个条件是数字足迹应该不存在,或者在资金真正被接收者收取之前需要满足某些条件。
Another thing is that the digital footprint should be non existent or something or some conditions on it before the funds can actually be collected by the receiver.
在这两个问题中,如果你引入这个阈值假设和结构,那么你可以相对容易地解决它们。
Now in both problems, if you introduce this threshold assumption and structure, then you can solve them relatively easy.
这些论文的一个目标是提出解决方案,并表明这是,可以说是基本事实。
One goal of these papers is to put a solution out there and say like, this is, let's say the ground truth.
我们知道我们能做到。
We know that we can do it.
让我们将其形式化,无论如何,这是可能的。
Let's formalize it, whatever, it's possible.
对于那些适用的人来说,这很棒。
For those that it works for them, it's great.
然而,当你开始移除中间这么多环节时,事情就变得有趣多了。
However, it gets much more interesting when you start to remove this many in the middle.
所以在CryptoWheel论文中,我们认为展示的一个有趣解决方案是:通过IT部门使用可信执行环境(如SGX,特别是英特尔SGX)来移除中间环节或这个多服务器的阈值假设。
So in the CryptoWheel paper, we I think one of the interesting solutions that we tried to show is that, let's say, I'm removing this many in the middle or this threshold assumption with multiple servers by IT, trusted execution environment like SGX, or even specifically Intel SGX.
当你把SGX放在中间时,我们不想依赖SGX知晓时间这个事实,也不愿依赖SGX具有保密性这个假设。
So when you put SGX in the middle, we didn't want to count on the fact that the SGX knows the time, and we didn't want to count on the fact that SGX is confidential.
这使得问题变得更有趣了。
So it makes the problem much more interesting.
在进入完全两方协议(即现在需要用非常昂贵方式解决的双边协议)之前,有一系列解决方案可以尝试推进问题。
So there's a spectrum of solutions that you can try to forward the problem before you go into the full case of completely just two parties, like it's a two party protocol that now needs to be solved, in a very expensive way.
我的意思是,加密遗嘱确实是个引人入胜的问题和话题。
I mean, it's a fascinating question and topic, the crypto wills.
最基础的情况是——当有人去世或无法操作时,他们想把自己的加密货币遗赠给别人。
What happens to people's I mean, in the most maybe basic way is, like, say someone passes away or doesn't have you know, they're or they're trying to bequeath their crypto to somebody else.
他们如何确保这个过程完成,并确保某些规则被遵守?
How do they ensure that that is done and that the certain kind of rules are followed?
比如说,他们可能不想在去世前透露里面有什么,或者不想透露还有谁会被遗赠之类的。
So for example, like, maybe they don't wanna reveal what's in there before they pass away, or they don't wanna reveal who else is being bequeathed or something like that.
我是说,这听起来像是个巨大的难题,但你说的是你们找到了一类可以用于解决这个问题的工具子集。
I mean, it's it's it sounds like such a huge problem, but what you're saying is you found kind of like a subset of tools that you could potentially use to solve for this.
是的。
Yes.
我的意思是,这项研究的结构如下。
I mean, the research, is structured as follows.
首先是最简单的解决方案,虽然效率低下或需要你信任某人。
So you have the trivial solution, which is inefficient or requires you to trust someone.
然后是更复杂的解决方案,需要你拥有这种服务器架构,但同时也需要满足某些假设条件。
You have the more complex solution that requires you to have this structure of servers, but then you also need to have this kind of assumptions.
最后我们发展到只需要两个相关方就能完成的程度。
And then we go all the way up to the point where you can do it just with the two parties that are involved.
没错,就像你说的,问题的条件是由你决定的。
And yes, like you said, the conditions of the problem are dictated to you.
比如说,你知道它应该具备隐私性。
Like, you know that it should have privacy.
就像你不能在真正去世前透露请求内容,只能在正确的时间向正确的人揭示。
Like you cannot reveal request before you actually die, you need to reveal it only to the right person at the right time.
所以当你掌握了所有这些条件后,就可以尝试寻找能在特定条件下帮你解决问题的工具集。
So you have this all the conditions and then you just try to find this toolset that can help you solve it under certain conditions.
最终我希望的是,人们能借鉴这篇论文,找到最适合自己的解决方案,并加以运用或在其基础上继续构建。
And eventually what I hope is that people will take this paper and would find the solution that fits them best and would use this or build on top of it.
因为还存在许多未来的问题。
Cause there are a lot of future questions.
正如你所说,这是个庞大的课题。
Because like you said, it's a huge topic.
是啊。
Yeah.
这是个融合了哲学与技术层面的有趣问题,最简单的解决方案就是信任你的律师然后继续推进。
It's it's an interesting, like, philosophical and technical problem, like, combined where the easiest solution is you just trust your lawyer and and get on with it.
但之后你可以越走越远。
But then you can go further and further.
但我的意思是,在最后一点上,当我仔细思考时,最后需要真实世界数据的问题是:如何检测某人何时死亡并触发这个机制?
But, I mean, at the the last point then, as I think it through last point of needing real world data is how do you detect when someone dies and, like, trigger the scheme?
是的。
Yeah.
所以这首先需要假设关于该实体存活状态的某些条件。
It's it's so this is you first need to assume something about the liveness of of the whatever entity it is.
因此我们决定通过这种数字足迹来定义它。
So the way that we decide to define it is by having this kind of digital footprint.
它可以通过多种方式定义,但最终你需要预先定义或与自己达成某种契约,明确你计划在哪些服务上保持活跃以及活跃频率。
So it can be defined in several ways, but eventually you need to predefine or to have some contract with yourself on what services are you planning to be active on and at what cadence.
可以是区块链,也可以是比如登录Facebook或Twitter之类的平台。
So it can be a blockchain, can also be, I don't know, log into Facebook or to Twitter, whatever.
如果你在这些服务上长时间不活跃,那么你的遗愿就应该可以被访问。
And if you are inactive in those services for some time, then your wish is supposed to be accessible.
所以这就像是一个条件。
So this is like a condition.
但我们明确将其作为一个开放性问题,因为这很可能是个预言机问题。
But we definitely keep this as an open question because there's probably it's a Oracle issue.
这是个重大问题。
It's big issue.
嗯。
Mhmm.
而且,随着时间的推移变化太大了。
Also, changes so much over time.
比如,曾经我有个经常访问的Myspace账号,但现在我绝不会希望它成为我日常活动的参考——Facebook也一样。
Like, you know, once upon a time, I had a Myspace account that I actually visited a lot, but I would hate to have my daily activity of that be in any way reference or actually my Facebook for that matter.
但这就像是试图让你的数字生活等同于你的真实生活。
But that's a that's such a it's sort of like trying to make your digital life be your life.
就好比说,只要你在数字世界保持活跃,就代表你还活着。
Like, if you're active in some digital way, then you're alive.
是的。
Yep.
大概是最简单的方式了,不过,确实。
Probably the simplest way probably, but, yeah.
我是说,这篇论文提出了很多问题,而这是其中主要的一个。
I mean, the paper raises many questions, and this is one of the major ones.
具体是怎么操作的——我知道你之前解释过,但在你构思的那个架构中,或者其中某个架构里,阈值加密究竟位于哪个环节?
How exactly and I know you started to explain it before, but where exactly is the threshold cryptography in that construction that you kinda came up with or in one of the constructions?
比如,它具体存在于哪里?
Like, where does it live exactly?
这需要凭空实现,还会引发其他问题,比如如何部署阈值结构。
It's it's you need to have it out of the blue, and it raises other questions like how can you deploy threshold structure.
那么现实中要如何在生产环境中真正实现它,同时保持将n台服务器完全隔离的阈值假设?
So how can you actually do it in a way like in real world, in production in a way that would maintain this threshold assumption of separating completely the, I call them n servers.
所以我暂时假设这些服务器存在于云端,为了解决问题,就当是上帝赐予了你这n台服务器。
So I just assume that you are in the sky, for the sake of solving the problem, I just assume that you are in the sky, you are given from God n servers.
它们是完全分离的。
They are completely separated.
它们可能有恶意行为,但你假设它们无法全部串通,只有不超过某个阈值数量的服务器可以串通,你需要设计并证明一个安全协议,利用这种结构来解决问题。
They can act maliciously, but you assume that they cannot collude all of them, like up to a certain threshold they can collude, and you have a protocol that you need to design and prove secure that allows you to solve the problem using this structure.
但这在现实中确实是个难题,比如你实际上需要不同语言编写的独立软件,不能有一个管理员可以跨机器操作,因为这样的管理员会成为单点故障。
But it's really a hard problem in real life, like how can you actually, you need to have separate softwares in different languages, it should be, like, cannot have an admin that like goes from one machine to machine and put, because this admin is a single point of failure.
所以你基于这个假设开展工作。
So you you walk the assumption.
嗯。
Mhmm.
哦,你不能让CEO拥有访问所有内容的权限。
Oh, you cannot have your CEO have access to everything.
所以你必须找到实际可行的实现方法。
So you have to to find ways to actually do it.
有趣的是,我认为大多数行业实际上并没有解决这类部署问题。
And it's funny because I think most of the industry are are not actually solving this, like, deployment issues.
我们时间快到了,该开始总结了。
So we're almost out of time, and it's time to to start wrapping up.
但在结束之前,我想多了解一下MPC联盟,因为这是你和其他一些公司共同参与的,听起来是个很有意思的尝试,它到底是什么?
But before we leave you, I I would like to hear more about the MPC Alliance because this is something that you're involved with together with a bunch of other companies and sounds like an interesting endeavor, but what is it really?
好的。
K.
谢谢你提到这个。
So thank you for bringing this up.
MPC联盟是一家位于特拉华州的非营利组织,目标是通过市场教育推动MPC技术的普及。
MPC Alliance, it's a nonprofit organization based in Delaware that puts as a goal to push forward MPC adoption to market education.
在MPC联盟中,我们现在大约有40家成员企业,规模形态各异。
So in the MPC Alliance, we have, I think now around 40 members, 40 companies that are different size and shape.
既有竞争对手,也有大型机构比如阿里巴巴,还有像我这样的初创小公司。
So it might be competitors, it might be large organizations, Alibaba, for example, might be smaller ones, startups like my own.
我们都在共同努力,通过技术贡献和营销推广来推动MPC技术的成功。
And we are all working together and we have our own network, try to come up with both technical contributions and marketing contributions to the success of MPC technology.
例如在技术层面,可以说我们建立了维基百科。
So for example, in the technical aspect, can say that we have Wikipedia.
这是一个社区项目,MPC的维基百科,正逐渐受到关注。
So this is kind of a community project, Wikipedia for MPC, which is starting to gain traction.
人们开始添加文章等等,但这项工作已经持续了相当一段时间。
Like people start to add articles and so on, but it's ongoing for quite some time.
这是前所未有的尝试。
And this is something that was never done before.
我们也在MPC标准化方面投入了大量精力,同时从市场营销角度发力。
We also put a lot of effort into standardization aspects of MPC and from the marketing aspect.
我们主办网络研讨会,参与企业活动,很快还将推出播客、博客文章等等。
So we host webinars, we participate in webinars, events by companies, and we will start the podcast soon and blog posts and on and on and on.
是的,基本情况就是这样。
And yeah, that's it.
我是与另外两家公司共同创立的,一家是Nigel联合创办的Unbound Tech,另一位创始人是我的大学导师Yudelinda,还有一家总部位于丹麦加州的公司CPO。
I co founded it together with other two companies, Unbound Tech, which Nigel is the co founder of, and another co founder is Yudelinda, which is my supervisor at university, and also with CPO, which is a company based in Denmark, California.
我们三人共同创立了它,现在与Dan一起在CyberNetica共事。
And three of us founded it, and now we are together with Dan on CyberNetica.
我们担任董事会成员,不过确实如此。
We sit in the boards, but it's yeah.
这个项目才启动一年,所以还处于非常早期的阶段。
It just it started just a year ago, so just very early.
真不错。
It's cool.
很高兴听到你们将为人们提供越来越多的资源来参与MPC工作。
And it's great to hear that you're gonna be creating more and more resources for people to engage with MPC work.
其中会包含特定的阈值密码学内容吗?还是你们会将其合并处理?
Will there be sort of specific threshold cryptography within that, or would you just lump that together?
比如,你们觉得随着发展是否需要创建子小组?
Like, do you think you're gonna have to create subgroups as it evolves?
是在MPC联盟内部吗?
Within the MPC Alliance?
是的。
Yeah.
对。
Yes.
可以说,目前MPC有两大应用场景,都是非常重要的应用方向。
There are, I would say two large use cases for MPC, big use cases for MPC nowadays.
一个是围绕安全性的,主要关注门限密码学;另一个是围绕隐私保护的。
One is around security, which focuses on threshold cryptography, and one is around privacy.
比如机器学习中的隐私保护等等。
So privacy in machine learning and so on.
这是很多公司都在开展的重大应用方向。
This is like a huge use case run by many companies.
而且联盟内部的比例大概是五五开。
And it's divided, I mean, the Alliance is like fifty-fifty.
因为我跟所有成员企业都交流过,所以对整个行业格局很了解。
So I know because I talked with all of the companies, I have a good industry overview.
在区块链与非区块链公司中,我们大致保持五五开的比例,因为区块链推动了密码学的发展,而区块链的应用场景主要围绕密钥管理和安全性展开。
We have around fiftyfifty for most of blockchain and non blockchain companies, since blockchain drives cryptography, and the use cases in blockchain are usually around the key management and around security.
因此我们已设立多个专门委员会,分别专注于不同应用领域,并在各自行业推动相关发展。
So we already have this kind of subcommittees that are focused on the different applications and pushes them in their own domains and industries.
很棒。
Cool.
那么,奥马尔,非常感谢你参加节目并分享所有这些工作成果。
So, Omar, thank you so much for coming on the show and sharing all of this work.
我们会在节目注释中添加一些链接,供有兴趣的听众深入了解。
We're gonna add a number of links in the show notes for anyone who wants to follow along.
对了,大家可以通过哪些渠道联系到你或参与这些组织呢?
And, yeah, where can where can people find you or engage with these groups?
其实很容易找到我们。
It's really it's easy to find.
网址是zengo.com。
So zengo.com.
关于钱包的一切信息,你都能在那里找到。
It's, everything you need to know about the wallets.
有个关于Zengo X的页面,链接到GitHub和Telegram群组。
There's a page about Zengo X that connects to both the GitHub and the Telegram group.
从Telegram群组可以跳转到其他小聊天室,你也可以在Telegram或Twitter上联系我。
And from the Telegram group, can hop to any other one of the smaller rooms on Telegram, and you can ping me on Telegram as well, on Twitter.
好的,非常感谢你,Omar。
Well, thanks a lot, Omar, then.
谢谢。
Thank you.
非常感谢。
Thank you very much.
这是我的荣幸。
It's a pleasure.
也感谢各位听众的收听。
And to our listeners, thanks for listening.
感谢收听。
Thanks for listening.
关于 Bayt 播客
Bayt 提供中文+原文双语音频和字幕,帮助你打破语言障碍,轻松听懂全球优质播客。