Anonymity

these differences could circulateand overwrite each other repeatedly

A certificate authority or web-of-trust canhelp establish verifiable identities.

Cassandra’sdesigners note that gossip only works when operations are commutative or ordering is not needed.

Gossipsacrifices consistency for availability

If yougenuinely need linearizability or total order, Gossis isn’t the right tool

Gossip will deliver updates out of order

the compu-tation cost of KV caches is quadratic to the input sequence length

Findings suggest that as long as all documentsfit within the extended context length, traditional RAG systemscan be replaced by these long-context models

based only on the provided passage

This is differentfrom our findings, possibly due to consideration ofstronger LLMs and longer contexts in our work

long-context prompting isstill expensive due to the quadratic computationcost of transformers regarding to the input tokennumbers

A protocol stack (or protocol suite or protocol architecture) is a collection or group of subprotocols that work together to achieve complete communication between two or more computers connected in a network

discovery process locates the desired file then leaves thepheromone to help subsequent search requests

ndeed, we consideredthe mobility of the relay peers to ensure the link stabilitybetween the query initiator and the peers that have therelevant documents

to avoid, among otherproblems, the ‘dead sailors problem

σ-supermajority includes a majority of the correct agents

UDP

the blocklace is a Universal Conflict-free Replicated Data Type

The only way to know it has heard everything is to coordinate withall the other machines to establish that fact.

10,000 TPS

The use of a DAG-like structure to solve consensus has been introduced in previous works,especially in asynchronous networks. Hashgraph [ 4 ] builds an unstructured DAG, with eachblock containing two references to previous blocks, and on top of the DAG, the miners runan inefficient binary agreement protocol. This leads to expected exponential time complexity

procedure depth(b):23: return max {k : ∃b′ ∈ blocklace with a path from b to b′ of length k}.

Figure 4:

Upon receiving 𝑛 − 𝑓 1-votes for 𝑏

the use ofleaders is to be avoided if possible, since leaders who are offline/faulty may cause significantincreases in latency

We can generalize the IID to an interaction context header, which may contain the IID plus any other information beneficial to gluing together the messages in an interaction.

Furthermore, note that A does not need to know the B side of B's relationship with C, and B does not need to know the A side of A's relationship with C.

letter of introduction for a new relationship

This makes the database zero-trust because it is signed at rest

Fortunately, a Diffie-Hellman computa-tion is fairly cheap — it involves only two modular exponen-tiations.

non-repudiation

Re-randomized TreeKEM

Briar [ 10] or Bridgefy [1 ]

Group membership changes andkey updates (for PCS) require effort proportional to the group size.

a consensus protocol could be used

Vector clocks

The downside of using hashes as IDs is that they requiremore space than other schemes. To avoid the storage cost ofexplicitly materialising all of the hashes, it would be possibleto design a compression scheme that recomputes hasheswhen necessary, and store only the information necessaryto perform this recomputation.

ting and proposing the same act— stating the most-preferred pointin the metric space. This provides a unified approach to making participantsequal as both voters and proposers

and,then, they are considered known by pk (Line 16).

Once the OK messagefrom a process in Pi is received, it can be considered againas a candidate to which to send a SPREAD message (movingit to Si)

When a SPREAD action must be executed, one processpj ∈ Ni is randomly chosen (Line 12), and the set of rumorsknown by process pi but not assumed to be known by pj issent to this process pj in Line 14.

SAIDs MUST be encoded as a CESR [CESR] Primitive. As defined above, a CESR Primitive includes a pre-pended derivation code that encodes the cryptographic suite or algorithm used to generate the digest.

It can, therefore, serve as a universal store, isomor-phic to the PO-Log of pure operation-based CRDTs, allow-ing different CRDTs to be implemented

Anarchy is the total absence of governance, where no governmentnor laws exists. In this scenario individuals can interact peer-to-peer, butsince no coordination exists, it is impossible to scale up communication andproductivity.

This means that thecontroller might have to take measures, like revoking ij and kl.

Here the payout is not triggered by the loss itself but by a measurable index, such as rainfall at a nearby weather station

Secure causal broadcast extendsatomic broadcast by encryption to guarantee a causal order among thedelivered messages

Due to lithium-ion batteries generating their own oxygen during thermal runaway, it is worth noting that lithium-ion battery fires or a burning lithium ion battery can be very difficult to control

lithium salts in the battery are self-oxidizing, which means that they can't be "starved out" like a traditional fire

verifiable LEI (vLEI) - the only universally standardized digital legal entity identifier

Who is who? Who owns whom? And who owns what?

Year-end Objective Prior to 2022

GLEIF is a supra-national not-for-profit organization headquartered in Basel, Switzerland

Established by the Financial Stability Board in June 2014

On June 26, 2024, Alexandre Kech took over from Stephan Wolf as CEO of GLEIF.

* Russian authorities have agreed not to participate in FSB meetings at present.

The FSF was first convened in April 1999 in Washington.

On 28 January 2013, the FSB established itself as a not-for-profit association under Swiss law with its seat in Basel, Switzerland.

In November 2008, G20 Leaders called for the FSF to enlarge its membership

established in April 2009 as the successor to the Financial Stability Forum (FSF)

28

It is often the case that Atoms need to wrap the functionality of existing python libraries, or that Atoms that represent abstract syntax trees need to be compiled down to bytecode.

Link Node "edge label" Link Node "from vertex" Node "to vertex"

However, if an atom is added to B that does not exist in A, then it will be in atomspace B only. If later it is added to A, then two independent copies shall exist: one in B and one in A. Its not quite clear if this is the 'right' thing to do; but defacto, this is what happens

When an AtomSpace inherits from multiple contributors, the contents of that AtomSpace is the set-union of the contributing spaces.

The unique ID of a Node is it's string name

One of the keys might hold the truthiness of this statement. Another key might hold its probability.

( Joe , 3 . 5 ) , # T h i s i s n o t v a l i d JSON !

this becomes a column-store

This start-over style of key rotation may well be one of the main reasons that PGP's web-of-trust failed [WOT]. Without a universally verifiable revocation mechanism, then any rotation (revocation and replacement) assertions either explicit or implicit are mutually independent of each other. This lack of universal cryptographic verifiability of a rotation fosters ambiguity at any point in time as to the actual valid mapping between the identifier and its controlling keypair(s). In other words, for a given identifier, any or all assertions made by some set of CAs may be potentially valid

copy, or reference

This enables an extremely beneficial property of TELs; that is, the verifiability of transaction events in the TEL persists in spite of changes to Key States in the sealing KEL. In other words, the verifiability of transaction events persists in spite of changes in the Key State

An Authentication Service (AS) that enables group members to authenticate the credentials presented by other group members.

If a member finds that another member's credential has expired, they may issue a Remove that removes that member.

The Delivery Service cannot guarantee that application messages won't be dropped within the same epoch. To address this, applications can configure the maximum_forward_distance parameter of the SenderRatchetConfiguration. The configuration can be set as the sender_ratchet_configuration parameter of the MlsGroupCreateConfig

The Delivery Service cannot guarantee that application messages will arrive in order within the same epoch. To address this, applications can configure the out_of_order_tolerance parameter of the SenderRatchetConfiguration. The configuration can be set as the sender_ratchet_configuration parameter of the MlsGroupCreateConfig

The Delivery Service cannot guarantee that application messages from one epoch are sent before the beginning of the next epoch. To address this, applications can configure their groups to keep the necessary key material around for past epochs by setting the max_past_epochs field in the MlsGroupCreateConfig to the desired number of epochs

Capabilities per server: Is a given server participating in the room allowed to...

When a client sends a message, the message is delivered to its provider's server using some provider-internal mechanism. If the provider is not the hub, then the server forwards the message to the hub for delivery.

http://example.com/didcomm

Mobile Agents Communicating via UDP

We recommend listening to the Zoom recording of the DUG special meeting

refinement to this approach, which reduces the amount ofinformation exchanged and the size of the tables, is to have the DBMPsexchange only the oldest of the entries in the first table (oftimestamps of last modifications received from other DBMPs).

(T1,D1)>(T2,D2) <=> (T1>T2) or (T1=T2 and D1>D2)

In [2], Berners-Lee and Connolly proposed Delta, an ap-proach in which the RDF-Graphs differences are calculatedon their serialized forms

DAG-based consensus protocol are all the rage

A Grassroots Architecture for the Digital Realm.

virtual blockchains

Given a set of n agents, at most f of which arefaulty and the rest are correct, a fault-resilient supermajority, or supermajorityfor short, is any fraction of agents greater than n+f2 . For example, if f = 0 thena simple majority is a supermajority, and if f < 13 then 23 is a supermajority

The master key may also be used to sign other items such as the backup key

a master key (MSK) that serves as the user’s identity in cross-signing and signs their other cross-signing keys

In addition to connectivity, there are other Matrix-centric problems to be solved. In a world where each device is potentially running its own homeserver, we will need a new approach for handling user identities

Since federation within a Matrix room is effectively full-mesh, you need to be able to exchange data with all servers that are participating in a given room directly

As we discussed in #matrix-spec, since "rooms" are so much more than "chat rooms," and are really a DAG of events

from the perspective of the homeserver which created the event

All API endpoints within the specification are versioned individually. This means that /v3/sync (for example) can get deprecated in favour of /v4/sync without affecting /v3/profile at all. A server supporting /v4/sync would keep serving /v3/profile as it always has

For example, if /test were to be introduced in v1.1 and deprecated in v1.2, then it can be removed in v1.3.

vX.Y

Users may publish arbitrary key/value data associated with their account

Usage of an IS is not required in order for a client application to be part of the Matrix ecosystem. However, without one clients will not be able to look up user IDs using 3PIDs

Each state event updates the value of a given key.

file transfers

Every event graph has a single root event with no parent

Events exchanged in the context of a room are stored in a directed acyclic graph (DAG) called an “event graph”.

type values MUST be uniquely globally namespaced following Java’s package naming conventions, e.g. com.example.myapp.event

In a mobile client, it might be acceptable to reuse the device if a login session expires, provided the user is the same

each device gets its own copy of the decryption keys

each of which would be its own device

signing the message in the context of the graph for integrity

Room data is replicated across all of the homeservers whose users are participating in a given room

and shares data with the wider Matrix ecosystem by synchronising communication history with other homeservers and their clients

Use of 3rd Party IDs (3PIDs) such as email addresses, phone numbers, Facebook accounts to authenticate, identify and discover users on Matrix

Managing user accounts (registration, login, logout)

Extensible user profile management (avatars, display names, etc)

Extensible user management (inviting, joining, leaving, kicking, banning) mediated by a power-level based user privilege system

REST

JSON

The user should know precisely where their data is stored

no single points of control over conversations or the network as a whole

Sending and receiving extensible messages

across a global open network of federated servers and services

Eventually-consistent cryptographically secure synchronisation of room state

causal order does not refer to the actual ‘real’ causality of the messages

Further, we conjecture that the only non-trivial Byzantine-tolerantCRDT design is a grow-only HashDAG as it is done in the Matrix Event Graph

Fig. 2

Equivocation and Omission remain as the only optionsfor an attack on CRDT layer

the MEG builds up a Hash-based DAG (HashDAG) data structure

So this

MERKLE-CLOCKS

ipfs-log24 is, to our knowledge, the first existinginstance of a Merkle-CRDT as described here

Chronofold and co-structures

Figure 9.13. Delegated Establishment Event.

Custodial Key Management

Using seals, the delega-tor’s and delegate’s event streams are cross linked together

applications may benefit from other delegative properties such as the ability to attenuatecontrol authority

A nested set of delegation levels may be used to form a dele-gation chain or a delegation tree

In some critical interactions, however, the trade-off between convenience and security madeby reusing signing keys for multiple interaction events may not be acceptable. In this case, amore secure approach is to combine an interaction event with a rotation event by adding a pay-load data structure to the rotation event.

To elaborate, a successful live exploit must compromise the unexposed next set of private keysfrom the public-keys declared in the latest rotation

Figure 11.5. KERL for a Recovery Rotation Event.

N ≥ 2F + 1

This case is prevented when the inter-section subset of any two agreement sets is large enough to include at least one honest witness

When sufficient agreement may occur on more than one version of an event then a valida-tor may not be able to determine which version is authoritative in order to either to hold the con-troller accountable or to reconcile that event with respect to other validators

but where the witnesses are not under its control such that the a validator or originalcontroller may nonetheless trust that there may be no more that F faulty witnesses

The controller is responsible to promulgate a mutually consistent set of receipts, i.e. a suffi-cient agreement of size M ≥ M C .

Without a threshold a validator may choose to hold a controller ac-countable upon any evidence of duplicity which may make the service fragile in the presence ofany degree of such faulty behavior

Suppose instead that N = 3F + 1 , then a correctagreement is guaranteed as before but the agreement will have 2F + 1 nodes (quorum size) anddespite some F of those 2F + 1nodes becoming unresponsive, the remaining F + 1 honest andresponsive nodes will be able to propagate that correct safe agreement to the next round

But there is no guarantee that the nodes in agreement (quorum) will knowthey came to agreement in a subsequent round because as many as F of the nodes in agreementin a given round may subsequently become unresponsive in the next round

This may be called a multi-controller or collec-

An escrow cache of unverified out-of-order event provides an opportunity for malicious at-tackers to send forged event that may fill up the cache as a type of denial of service attack. Forthis reason escrow caches are typically FIFO (first-in-first-out) where older events are flushed tomake room for newer events.

UTP

Event escrow isan optional implementation specific configurable capability of controllers and witnesses imple-mentations

Each time the controller connects to awitness to send new events and collect the new event receipts, it also sends the receipts it has re-ceived so far from other witnesses

When network bandwidth is less constrained then a gossip proto-col might provide full dissemination with lower latency than a round robin protocol

When a rotation amends the witnesses it includes the new tally, the setof pruned (removed) witnesses and the set of newly grafted (added) witnesses. This is shownbelow.

where K ≤ L

The specific details of this recovery are explained later (see Section 11.6). In gener-al, the witnessing policy is that the first seen version of an event always wins, that is, the firstverified version is witnessed (signed, stored, acknowledged and maybe disseminated) and allother versions are discarded

the message payload inside an IP packet includes aunique identifier provided by the identity system that is exclusive to the sender of the packet

Also more recently theTrusted Computing Group (TCG) uses the term “implicit identity” and “embedded certificateauthority” to describe the process whereby device identifiers are automatically generated by theassociated computing device [143]

Using a DID as an endpoint

An identity is also a topic to subscribe to (i.e. the ledger is based on subscription)

In contrast, a relay is an entity that passes along encrypted messages without understanding or decrypting them. It's focused on network routing only.

Two Dimensions

Therefore, there is no unified absolute ordering of all messages within a thread--but there is an ordering of all messages emitted by a each participant

Again, the discloser can retain the ‘Admit’ message as non-repudiable digital proof that the disclosee has admitted the disclosure of the ACDC

For a given AID, Duplicity refers to the existence of two or more versions of inconsistent instances of a KEL.

Events in the TEL are sealed (anchored) in a Key Event Log (KEL) using seals.

r can provide an API where transaction events or their seal references and their KEL seal references can be looked up by the SAID of the ACDC associated with the transaction event

NOT

When an Edge block does not include a SAID, d field, then the node, n field must appear as the first field in the block.

Notable is the fact that no top-level type fields exist in an ACDC. This is because the Schema, s, field itself is the type field for the ACDC and its parts

where each Edge block is a leaf of a branch

Without the entropy provided the UUID, u, field, an adversary may be able to reconstruct the block contents merely from the SAID of the block and the Schema of the block using a rainbow or dictionary attack on the set of field values allowed by the Schema

It’s just a chain of custody

a little bit about consensus algorithms

but I also have one: a verifiable data tree, not just a chain. So in my view, a verifiable data tree is the solution, not a shared blockchain

blockchains are too expensive, too complex, too hard to scale, and too slow-moving in their governance

Open identity systems should stay agnostic to all silos and blockchains

consensus network called KERI

Any selective disclosure is potentially ineffective unless per-formed within the confines of a contractually protected disclosure that imposes an incentive onthe disclosee (verifier) to protect that disclosure (counter-incentive against the exploitation ofthat discloser).

that a given DID is guarded by M-of-N signature policies, for example

This makes the DID functionally equivalent to a did:key value, and visually similar, except that a peer DID will have the numeric algorithm as a prefix, before the multibase encoded, multicodec-encoded public key

In order to do this, a form of network-wide election takes place, where the node with the numerically highest ed25519 public key will win

Even though the Pinecone address space is considered to be global in scope, it is important to note that there is no true “single” Pinecone network. It is possible for multiple disjoint and disconnected Pinecone network segments to exist

In some cases, source addresses could be sealed/encrypted, although this is not implemented today

implement a better federation routing algorithm than full-mesh routing

Power DAG

yggdrasil

but limiting the conference to 7 or 8 participants given all the duplication of the sent video required. In Element Call Beta 2, end-to-end encryption was enabled; easy, given it’s just a set of 1:1 calls.

instead it’s more of a QoSed incremental sync

So if the network roundtrip time to your server is even 100ms, and Sliding Sync is operating infinitely quickly, you’re still going to end up showing a placeholders for a few frames

Faster Joins (lazy-loading room state when your server joins a room)

The European Union’s Digital Markets Act (DMA) is a huge step in that direction - regulation that mandates that if the large centralised messaging providers are to operate in the EU, they must interoperate

111,873,374 matrix IDs on the public network, spanning 17,289,201 rooms, spread over 64,256 servers

However, certain algo-rithms executed on the MEG do not scale well with thenumber of parent events, i.e., they can become very re-source intensive, especially when old parts of the MEGare referenced as parents [8]. In practice, the maximumnumber of parent events therefore has to be restrictedto a finite value d.

The protocol flow is therefore modified as follows

푏 the first demonstration of 푞 being Byzantine

the blocklace stores notonly valid blocks but also blocks that constitute a proof thattheir creator is Byzantine

Thus only the valid subset of theblocks will be considered as state by the replicated abstrac-tion (the CRDT).

Thus the harm a Byzantine agent may cause is limited to afinite prefix of the computation