Anna Rose (00:00:00):
Welcome to Zero Knowledge. I'm your host, Anna Rose. In this podcast, we'll be exploring the latest in zero knowledge research and the decentralized web, as well as new paradigms that promise to change the way we interact - and transact - online.

(00:00:27):
This week, Guillermo and I chat with David Wong, author of the Real World Cryptography book, and a co-founder of zksecurity.xyz, a ZK auditing firm. We chat about his background in maths and what got him interested in cryptography. We then chat about his early work as a security consultant, his time at Facebook, and then at o(1) Labs where he contributed to the Mina protocol. We cover how zksecurity.xyz came to be and what they aim to do, and then dive into the topic of security in the ZK space, covering auditing techniques hot takes about where the space might be going, and what threads of research are getting David excited. Now, before we kick off, I want to remind you to check out the ZK Jobs Board this month with the zkSummit around the corner, happening on September 20th in London, many of our sponsors have put their jobs up on the zkJobs board. So if you're looking for a new opportunity or job in the field, be sure to check it out. And I hope to see you at the zkSummit. If you haven't already secured your ticket, be sure to do so. We'll be adding the links to the show notes. Now, Tanya will share a little bit about this week's sponsor.

Tanya (00:01:31):
Aleo is a new layer one blockchain that achieves the programmability of Ethereum, the privacy of Zcash, and the scalability of a rollup. If you're interested in building private applications, then check out Aleo's programming language called Leo. Leo enables non cryptographers to harness the power of zkps to deploy decentralized exchanges, hidden information games, regulated stable coins, identity products, and more. Aleo's incentivized testnet is now live. Participate as a developer. Apply for a grant or go for a bug bounty. Check out aleo.org/blog for more info. That's aleo.org/blog. You can also find the link in our show notes. So thanks again, Aleo. And now here's our episode.

Anna Rose (00:02:14):
So today, Guillermo and I are here with David Wong. Welcome David to the show.

David Wong (00:02:19):
Thanks for for having me.

Anna Rose (00:02:21):
Hey, Guillermo.

David Wong (00:02:22):
What's up?

Anna Rose (00:02:24):
So, yeah, David, I reached out to you to come on the show. I think, I mean, I started to think about having you on as a guest after I had seen this blog post that you made on zksecurity.xyz, all about the Nova vulnerability. And even though there had been like a larger paper published about it, I just found it's like such a great resource to all, like, not only understand the vulnerability, but also just understand Nova. So yeah, I just saw you doing this and I thought it would be really great to catch up with you. But I also know that you, I mean, we've interacted when you've had other hats, like when you were working at Mina and like all these other times. So yeah, I'm really excited to, to find out a little bit about the work you've been doing and yeah, just generally your journey here.

David Wong (00:03:06):
Cool. And, and I'm super excited because I listen to like, maybe not all your episodes, but like most of your episodes and it's amazing that we have this podcast in the field.

Guillermo (00:03:16):
I will feel bad a little bit about crashing this party. because I don't think I was actually invited to this recording until I talked to David and David was like, oh yeah, I'm going to be on the podcast. And I'm like, wow, Anna just rugged me. So I was like it's cool

Anna Rose (00:03:32):
You were like can I join this one? I'm happy to have you here Guillermo? I think this is great.

Guillermo (00:03:37):
That's what she says now, but I know she's like, ah, crap. Like, dammit, I really didn't want him on this one, but it's fine.

Anna Rose (00:03:42):
Hardly, hardly actually. I heard that you had been discussing deep maths and then I sounded like to me, Guillermo, I think you're the perfect cohost for this one.

David Wong (00:03:52):
That that's a compliment.

Anna Rose (00:03:53):
There's a compliment. Alright, David, let's kick off with a little intro to you. I think I've been tracking what you've been doing since you worked at Mina and I knew about like real world crypto, the book, but maybe give us a little backstory, kind of where's your starting point on this journey to ZK security? Like all the way to this kind of moment?

David Wong (00:04:13):
I guess I started my career doing like con consulting work for like a crypto like shop at a consultancy firm called NCC Group.

Anna Rose (00:04:22):
Was it cryptography or was it cryptocurrency stuff?

David Wong (00:04:26):
Cryptography services. And so cryptocurrencies worth thing, but I don't think there was that much money at the time. So, so we're not really looking at cryptocurrency stuff.

Guillermo (00:04:36):
What year was this?

David Wong (00:04:37):
And 2015 I guess.

Anna Rose (00:04:40):
Yeah. Makes sense.

David Wong (00:04:40):
2015, 2016. And I guess at some point it was even a debate on like, is crypto cryptography and not cryptocurrency. And if you go on the sub Reddit of our crypto on Reddit

Anna Rose (00:04:52):
They refuse to

David Wong (00:04:53):
The first post is like, crypto is not cryptocurrency. I know. And that's my post, by the way.

Anna Rose (00:04:59):
Oh, really? Oh my God.

David Wong (00:05:02):
It's actually a website called cryptoisnotcryptocurrency.com.

Anna Rose (00:05:04):
That's amazing. I tried to post once, like a very, like an episode we did, but it was a very cryptography focused episode and I tried to post it there and I think I got it removed

David Wong (00:05:16):
Because yeah, there's so much spam that, that it's kind of hard to, to like figure out what's good and what's, but yeah, so I used to be in that camp of like, yeah, what what's the point of cryptocurrency? And crypto stands for cryptography. And then I gave up, some people are still fighting that fight, you know, but I don't think it makes any sense. And I think maybe 4 years in, like we started, like, my group started getting more and more cryptocurrency audits. And so I think that's when cryptocurrency started booming. And I think I did a year of cryptocurrency audits. And then I was like, okay, this is the most interesting field. It's actually hard to get a job in cryptography. This used to be hard and maybe you would get a job like a boring job at a bank or something like that. And you would spend your life in meetings or I don't know what people did but it was really hard to get a good job. Right. And cryptocurrencies come and like, cryptography is cool all of a sudden. And so I guess at this point I jumped to the Libra Projects, which was still Stealthy at the time.

Anna Rose (00:06:19):
Did you join Meta then? Or you, were you an external?

David Wong (00:06:22):
Facebook at the time

Anna Rose (00:06:23):
Facebook at the time. Oh, wow.

David Wong (00:06:25):
Right. Yeah. I was never at Meta. So Facebook specifically the Novi team, which was called Calibra at the time. Like, it probably doesn't make sense for anyone who didn't follow that whole, like, Calibra and Libra and Novi and Diem and like I don't know how many name changes happen, but that was interesting. So I started doing more, like, more like security kind of things. I was the security lead at the project for 2 years.

Anna Rose (00:06:49):
Cool. Just a quick question there. Did you overlap with Bobbin or with Kostas?

David Wong (00:06:53):
Yeah, I was working with Kostas since the, I think he started after me, but I think not too long after me and Bobbin was there under a different name. And yeah, actually the first time, so at that time I didn't really know about zero knowledge proofs, but I think I was hearing about Plumo, the Celo projects. They were using zero knowledge proof to like fast track, like BFT, like changes in BFT.

Anna Rose (00:07:21):
Kobe was the lead on that. And actually why I worked with him on the trusted setup, that was the first time Kobe and I worked together, I think.

David Wong (00:07:27):
Oh, okay.

Guillermo (00:07:27):
Oh

David Wong (00:07:28):
Cool. So, so actually I try to get us to do that at Libra and DMM. And I, I think basically every cryptocurrency should have like this kind of verified like clients it's like most interesting application, I think for zk for cryptocurrencies. So Bobbin was there working on STARKs. I had no idea what STARKs were. And he actually explained to me what STARKs were. And at that time I remember understanding everything. Like it was a super nice explanation. And then I forgot everything. And then I asked him to do it again. And of course he doesn't have time but it was like this amazing explanation.

Anna Rose (00:08:03):
Wow. So you were at Facebook before they changed their name and then you made a leap out of it, I guess. What pushed you out of it?

David Wong (00:08:12):
So I guess, I don't know if people are going to like that, but like, the writing was on the wall. Like things, you know, interesting things were be being pushed over. Every month we were going to sheep. And I think at that time was sort of clear that regulations were like going to kill the project. Well, not super clear, but I made, I made a leap of faith. I'm like, okay, I don't think this is going to work out. And I'm still sad about it. I know people hate Facebook and everything, but I don't think it was necessarily like a bad project. And yeah, we made a lot of actually used to be like a very, a much more idealistic project. But because of regulators, we had to like, kind of kill a lot of the heart of the projects which was kind of sad and I don't think many people know that like these kind of like a lot of people are very passionate about that project and the regulator and all these discussions kind of made it more of a corporate thing and, and less of a cool thing at the time.

Anna Rose (00:09:06):
It almost sounds like it just got safer and safer and safer. And like those edgy, interesting parts were getting cut off because I heard such as, I mean, from Kostas and from Bobbin, I also heard, just like they speak very highly of their time there and the team that was there. The team that had been assembled was like kind of incredible. And actually you can see that like those folks have gone off to create really amazing things, but at one point they were all together working on the same thing.

David Wong (00:09:32):
Yeah. It's actually kind of sad that we all split in different directions. And I think different people tried to recreate, so like Aptos and Mysten Labs were trying to like, recreate the groups, but like I was already at Mina and happy there, and people wanted to create Mysten Labs on one side and it was kind of a, it was too bad that we couldn't like, decide altogether to leave and like, it was a pretty good time.

Guillermo (00:09:53):
It's kind of interesting, right? Because a lot of the kind of standard libraries that people use nowadays, some of the best libraries that we have were actually made for Libra/DMM. Right? So one example being Jellyfish is a really fast key value store KV store.

David Wong (00:10:10):
Yeah. It's used in Penumbra, I believe.

Guillermo (00:10:12):
Yes.

David Wong (00:10:12):
At the very least. I don't know who else uses it.

Guillermo (00:10:14):
Cool. Okay. Now let's talk a bit about your time at Mina. You made the leap. What year was that?

David Wong (00:10:21):
So, okay. I can't tell you that because everything's a blur because of COVID every time.

Anna Rose (00:10:26):
Sometime during COVID. Okay.

David Wong (00:10:28):
I just remember I did 2 years at Novi and that's all I remember. And I don't know what year it was, but yeah. And what's interesting is that actually I think I discovered Zero Knowledge Proof or this kind of Advanced Zero Knowledge proofs through Coda Protocol, which was the name of Mina at the time but they changed the name because Kostas company sued them. This whole story because it was too close to Coda

Anna Rose (00:10:53):
Okay.

David Wong (00:10:55):
Our three products. And so when I was at NCC Group, a coworker of mine that's now at Penumbra Ava told me to like, go to this like meetup which was like, not the launch party of Coda, but they were like, I think they were Stealthy before or something like that.

(00:11:10):
And they came up and was like, or they opened source the code or something like that. And so I went to that meetup while I was still a consultant doing security audits and stuff like that. And I remember being like, mind blown that they could like do recursive zero knowledge proofs. And at the time they had like a browser like demo where like your browser could verify like a blockchain. It was like so insane to me that I remember being mind blown. And so when I wanted to leave the DMM project at the time, basically I looked around and I was like, holy shit, this is what, this is where I want to work.

Anna Rose (00:11:44):
Cool.

David Wong (00:11:45):
And so yeah, basically I reached out to them, they made me an offer. I was like, yes, on the spot. Wow and I think that was the time I said yes, like as fast as I could. And yeah, I guess I just spent 2 years there because I left like a few months ago to create zksecurity.

Anna Rose (00:12:03):
And when you were at Mina, you created a number of libraries that I think are still in use, like Kimchi.

David Wong (00:12:09):
I work in Kimchi. I'm not going to take credits for it. It was a group effort.

Anna Rose (00:12:14):
I just know you presented Kimchi with someone else at zkSummit7, right?

David Wong (00:12:18):
With Joseph

Anna Rose (00:12:19):
With Joseph. Yeah.

David Wong (00:12:20):
Yeah. I guess I was an architect there and a lot of my work was to try and understand like where we were going and sort of like what was our strategy vis-a-vis our code base. And this zkApp functionality that still hasn't launched but is is due to launch very soon. I can't say much about that

Guillermo (00:12:40):
Soon tm.

David Wong (00:12:41):
But it should be very soon. So yeah, I worked on Kimchi. I did to be honest, I did a lot of OCaml. Way too much

Anna Rose (00:12:51):
Oh.

David Wong (00:12:52):
...for my taste. It's sort of a functional language, functional programming shop and so they're very, very good people there because people who like these kind of things are insane.

Guillermo (00:13:05):
So why OCaml? I thought OCaml was like just Jane Street or something,

Anna Rose (00:13:09):
Right? I think Isaac originally really loved it, right?

David Wong (00:13:12):
Yeah. Team efforts. You guys got it. Isaak was at Jane Street, of course.

Anna Rose (00:13:18):
I didn't actually know that. Oh, wow.

David Wong (00:13:20):
That's the only reason why anything is in OCaml, right?

Guillermo (00:13:23):
Yeah.

David Wong (00:13:24):
Someone worked at Jane Street at some point.

Anna Rose (00:13:26):
Right. No way. But also tell me if I'm wrong, but I did hear that like, there are places in the world where OCaml is like kind of championed and I heard France has like this epic OCaml community. Is this true?

David Wong (00:13:39):
Well, OCaml is French, right? Like, I think it was invented at INRIA, and it's like

Anna Rose (00:13:43):
Ah, okay, okay. Maybe that's interesting.

David Wong (00:13:45):
There's people working on that full-time and I don't know if there are like serious companies using OCaml in France specifically, but it definitely like impacted a bunch of people who love this kind of, you know, the language theory and this kind of things. And it's I mean, Rust was written in OCaml, right? I don't know if you, you guys really heard about that? Fun Facts.

Anna Rose (00:14:09):
Really? Rust was originally written in OCaml I did not know this

David Wong (00:14:12):
The first part, Rust was in OCaml like

Guillermo (00:14:14):
I didn't know that. Actually, for some reason I knew it was like a functional program, but I assumed it was Haskell, which is like, you know, like normal functional, terminally functional programming people use. Right.

David Wong (00:14:25):
I think one, so something important at Facebook. So my first PR at Facebook was an OCaml PR

Guillermo (00:14:31):
Oh my God.

David Wong (00:14:31):
I don't know why I chose that. And it was on some, I think the flow compiler.

Guillermo (00:14:39):
Oh, okay.

David Wong (00:14:39):
Or maybe like the Hack type-checker was like written in, you know, OCaml. But I think they're moving to Rust and maybe have successfully moved to Rust.

Guillermo (00:14:49):
So for quick context, Hack is like a home brewed version of ... I think it's PHP right? If I recall correctly.

David Wong (00:14:56):
Yeah, yeah, yeah. But I'm not sure exactly what it is now. I think they forked PHP and it's like different

Guillermo (00:15:02):
I hope so but it's Facebook's like, home brewed language that they use for like, a bunch of internal, like webpage building and stuff like that

David Wong (00:15:11):
For Facebook itself, right. Like, Facebook is built in.

Guillermo (00:15:14):
I know. because I remember I had to write some Hack at some point for some horrible thing. And I'm sure there's a PR of me in some in that. Anyways. It's a whole thing, but whatever

David Wong (00:15:22):
I like it. But, you know, I like weird things, so, you know. I understand

Guillermo (00:15:26):
To each their own

Anna Rose (00:15:27):
David, I am now curious though, what language do you prefer now to work in? Like, what is your... so you would've been working in OCaml at Mina, but would you still prefer that? Is that still kind of where you'd go? Or are you Rust-based now?

David Wong (00:15:43):
I think I was always, so it's an interesting question. because when you're a consultant, like basically every - so actually now everything is in Rust or Circom or like these kind of things. But back then, like, I used to audit, like every pen test would be a different language.

Anna Rose (00:15:57):
Oh wow.

David Wong (00:15:57):
So I went through a lot and I would say Rust is amazing. Russ is the most amazing language, I think today. And I don't think I'll ever write OCaml again, I'd say it like that. Yeah, it's

Guillermo (00:16:13):
I'm going to get you try Julia one of these days and then it'll be great.

David Wong (00:16:17):
I haven't tried it, so I don't know. Yeah. Yeah. I'm, I'm open to languages, but

Anna Rose (00:16:20):
I kind of want to ask you about that though. Like, so, because we didn't really talk about sort of your early work that much, but had you studied languages? Had you just been, did you pick up a lot of this in work?

David Wong (00:16:31):
Yeah, I guess that's like when you're a consultant, it's just, you're thrown into like, whatever projects and you, you have like a few days to like learn a new language usually.

Anna Rose (00:16:38):
Okay.

David Wong (00:16:40):
That's the dark side of the behind the scenes of being, being a consultant. And so, yeah, I just sometimes, yeah, learn the language just for like two weeks of pen testing and then never touch it again, Like that happened a lot

Guillermo (00:16:57):
On that question actually. I actually don't really know what your background is. I don't think we've ever chatted about it. So, prior to doing kind of security and cryptography consulting

David Wong (00:17:10):
I did tell you that maybe you forgot. I told you I used to do math, believe it or not because I'm bad at math

Guillermo (00:17:15):
That's right. You did tell me that yesterday. But, you know, I'm going to pretend for the sake of this episode that I've never heard of it before.

Anna Rose (00:17:23):
So you're coming more from math. You didn't study CS I guess

David Wong (00:17:26):
No, I didn't study so I did a Bachelor of Math in part in Canada, actually.

Anna Rose (00:17:31):
Oh, cool.

David Wong (00:17:32):
And I was deeply depressed.

Anna Rose (00:17:37):
Oh no

David Wong (00:17:37):
Pure Mathematics

Guillermo (00:17:38):
As all mathematicians are, right? Yeah.

David Wong (00:17:41):
And so I guess that like one summer I didn't know what to do with my life. I just figured I'm going to finish my bachelor and, you know, end up under a bridge or like, I had no idea what work meant or like, what people actually do that, you know, deserves to be paid money or...

Guillermo (00:17:58):
Did you do mathematics at a French institute?

David Wong (00:18:00):
Yeah, French, actually

Guillermo (00:18:03):
That would contribute to the depression

Anna Rose (00:18:05):
Why?

Guillermo (00:18:07):
Oh the French mathematicians and mathematics curriculum is a special one.

Anna Rose (00:18:12):
Whoa.

Guillermo (00:18:12):
It's a special one. Reserved for a specific circle of hell for people who are into that kind of thing. We can talk about it more later. But anyway, sorry, David, too.

David Wong (00:18:20):
Yeah, I wouldn't say the curriculum, but like, the way of teaching also in France is like, I have a lot of strong opinions on like, it's basically going to jail and it's horrible. And my time in Canada was so much better. Like, my teachers were so much like, anyway, I'm not going to say anything more because I don't want to make enemies. But okay. Where was I? Okay, so I did math and then I was deeply depressed. And one summer, because this is interesting, so I'll tell that story. I was working at McDonald's, making burgers in the kitchen. Right. That's how we did it. And I discovered, so Coursera was something new at the time. And one of the first course on Coursera was the Dan Boneh Cryptography 101 thing.

Anna Rose (00:19:01):
No way.

David Wong (00:19:03):
Yeah. So during my breaks or like days where I was off, I would go to the library and I would just follow the Cryptography 101 or Cryptography 1 course from that. And I went through that and I was like, okay, this is what I need to do. Like, I like computers. I had been like, you know, doing computer stuff wherever, and I liked math, but I just didn't like what I was doing. So I was like, this is my escape. I'm just going to do a master in math. So I finished that course, went into a master in the University of Bordeaux, and yeah. So everything falls from that, I got an internship at some, you know, NCC group, the consulting firm. And the rest is history. It's

Anna Rose (00:19:40):
What we've just talked about. This is awesome. Wow. I'm so glad we actually dug into that because that, I mean, what a crazy connection point to also what Dan does now. And like you work now in his world in a lot of ways. That's so cool.

David Wong (00:19:53):
Yeah. So Dan Boneh for me is, and I remember sending him an email like, "Hey, can I do a PhD with you?" And he actually responded and back in the days. And I, I can't remember what he said but it was not a "no"

Anna Rose (00:20:07):
Not a no. Okay, good.

Guillermo (00:20:09):
So wait, so I guess Coursera, yeah. This was like, what, 2010, 2011?

David Wong (00:20:15):
I think later than that, no, 2012 maybe.

Guillermo (00:20:18):
Maybe 2012. Yeah. It's interesting because funnily enough, that's the first course that I also saw at Coursera. But the first course I actually took at Coursera was from Ecole Polytechnique and it was their Functional Analysis course.

David Wong (00:20:31):
Oh. Which course?

Guillermo (00:20:32):
Their Functional Analysis course specifically.

David Wong (00:20:35):
Oh, okay. Alright.

Guillermo (00:20:38):
It's a terribly difficult course for some godforsaken reason. That was, it exposed me to the French mathematics system.

David Wong (00:20:46):
The people that survive this system are really good. Yeah. But it's hard to survive, basically.

Guillermo (00:20:53):
Yeah.

Anna Rose (00:20:53):
I want to ask you, David, at what point does writing a book, which became Real-World Crypto, the book that as I understand it's now published in multiple languages around the world. When did that idea pop into your mind? Like, and were you doing this on the side? And maybe talk a little bit about this book.

David Wong (00:21:14):
Yeah. So I guess, I don't know if this is interesting, but like, I've always liked writing. And I, so like, one of my first successful, maybe not first successful, but okay, the first time I ended up in the newspaper was during my Bachelor. And I heard that idea of like, if you write three pages a day, then you can like, check like a checkbox and then it motivates you to keep writing. Like, because you see like a chain, like a blockchain, you know, of like things you've written

Anna Rose (00:21:41):
Motivation chain.

David Wong (00:21:43):
Yeah, exactly. It's a thing, right? Like chains... and so there was a website to do that, but you had to pay. So I made my own own application and I started using it to write like every day, like three pages a day. And then I published it online because I was like, this is so useful for me, so I'm going to publish it. And people have, like a huge amount of people in France have been using it. People have written books just using the app. And so I've always like, loved writing. I've always wanted to like, write books. I actually wrote one book before that's a novel and that's unpublished but I was already in this kind of mindsets.

Anna Rose (00:22:20):
Oh my gosh.

David Wong (00:22:21):
It's a

Anna Rose (00:22:22):
When will you ... wait? Is it just sitting in your like it's a transcript on a bookshelf.

David Wong (00:22:27):
It's on a computer somewhere.

Anna Rose (00:22:29):
Sorry. You're not in the 19th century. I got it.

David Wong (00:22:33):
Yeah. I wanted to buy this kind of a, how do you call that?

Anna Rose (00:22:36):
Typewriter.

David Wong (00:22:37):
Typewriter. Never did. And so, yeah, I've always liked writing. I've always had a blog. I've went through many blogs and I guess the most recent blog that usually people are more familiar with is the Cryptologie.com blog. Cryptologie with a French spelling, and which I started during my Master. So I've been blogging for, I don't know, for almost 10 years. I guess. Why did I write a book from that? So I always wanted to write a book on cryptography because I, I just like teaching what I learn, and I think we can all agree that reading papers is hard and it's always like, very painful. And so if you find like some resource for that someone wrote, it's like nice because you can, you can understand things better.

(00:23:22):
And so learning cryptography, I run into a lot of things I couldn't understand myself. And so I, by learning them, I wanted to like teach them after. And so that's sort of when I had the idea of writing a book. I actually, the real click also came when I was teaching a course at, so I used to teach a crypto course, cryptography course at Black Hat.

Anna Rose (00:23:44):
Okay.

David Wong (00:23:45):
The conference. And someone came to me one day and they were like, oh, can you give me like a recommendation for like a course or whatever? And I told them to check the Dan Boneh course, and they told me it's too theoretical. Like, that's not for me

Anna Rose (00:23:58):
Oh, okay.

Guillermo (00:23:59):
Interesting.

David Wong (00:23:59):
And so that's when I understood that I could do something that would be very useful for a lot of people.

Anna Rose (00:24:03):
Interesting.

Guillermo (00:24:05):
Wow. So the book was essentially an outgrowth of kind of your blog and like its associated writings. I actually haven't read the book. It's on my, like, Amazon cart

David Wong (00:24:14):
Shame on you

Guillermo (00:24:16):
I know, I know

Anna Rose (00:24:16):
I have it.

Guillermo (00:24:16):
I'm sorry. Oh, you do?

Anna Rose (00:24:18):
I've started that actually but

Guillermo (00:24:21):
Is it essentially, does it take your blog and kind of formalize it and like, make it an narrative? Like what does it actually do? Also I have another question about the blog itself, but we can get to that afterwards.

David Wong (00:24:32):
Oh, yeah. So, so the book is basically two parts. The first part is the ingredients, and the second part is the recipes. That's what I call the thing in the book.

Guillermo (00:24:40):
Okay.

David Wong (00:24:41):
And ingredients is just basically, I reuse a lot of my blog posts, but most of it is novel because I realized that it actually didn't know a lot of the things I was supposed to write on. So I had to spend the time to like, learn it, and so I could really teach it.

Guillermo (00:24:54):
That's awesome. Okay.

David Wong (00:24:55):
And so, yeah, first part is like, you know, basic ingredients that are pretty common in cryptography. So like hash functions, authentication tags, max encryption, authenticated encryption, key exchanges, signatures, all these things. And the second part is what do you do with that? So it's like SSL and TLS. So session encryption sacred messaging with signal. So, so yeah. End-to-end encryption. What else do I talk about? So I talk about zk-SNARKs and MPC and FHE.

Anna Rose (00:25:28):
Wow.

David Wong (00:25:28):
I talk about post quantum cryptography so all sorts of like more advanced topics and yeah. What else do I? I should have the thing in front of me, but

Anna Rose (00:25:41):
What else did I talk about?

David Wong (00:25:42):
But stuff like that.

Anna Rose (00:25:44):
Nice. I mean, it's interesting. Like, I've seen a lot of people actually tweeting as they're going through it. Like, I think this it's become quite the textbook that people will potentially go to first. But this is not really for ZK only folks. This is really for just general kind of blockchain topics. Right. If you want to know the technology, the cryptography that underlines a lot of that stuff, this would potentially be a good starting point.

David Wong (00:26:09):
Yeah. And actually, my slogan at the time was for our blockchain world was, this is the first cryptography book with a chapter on cryptocurrencies.

Guillermo (00:26:19):
Oh, neat

David Wong (00:26:19):
So it's actually, if you're into cryptocurrency, it's actually a good book to read if you want to get more into the cryptography of it, because it actually talks about the BFT consensus protocols and these kind of things.

Anna Rose (00:26:31):
Nice.

Guillermo (00:26:32):
I also have a, here's the second set of questions about this is, you know, even if you want to write, right? Like whatever, you have your little blockchain of you know, achieved days that you've written three pages, like why write about cryptography? Why write about this specific thing? Like, why not write, you know, you were interested in, you wrote a novel earlier, like, why not do short stories, you know, or something like, why was this the idea?

David Wong (00:26:58):
Like, yeah, I guess I just like teaching and it's easier to write about what you do, I guess. So I did, you know, crypto stuff, cryptography stuff. And so I was like, I'm writing this blog and I'm explaining a lot of the concepts and people really like them. I'm making these videos. People seem to like them, and I seem to like, add value to people's lives. So I want to do more of that. You know, if I think if I write a book, it's going to be a book that doesn't really exist. And so it sounds like a good idea.

Anna Rose (00:27:28):
You saw the need when that's when that person had come up to you. So like, someone did sort of say like, the things that are out there are not satisfying what we're looking for.

David Wong (00:27:37):
Right. So, yeah, I think I really saw the need. And I, even to this day, I think there's no other book like that that is like in between the theoretical and the very practical.

Anna Rose (00:27:49):
That's very cool. I have one slight side question that you sort of talk about. You built your own version of this three pages a day. Is it just like an open source app or something? What is it?

David Wong (00:28:00):
It's not open source, but I guess you can use it, but it's in French

Anna Rose (00:28:04):
Oh, well I speak French, so I could maybe use it.

David Wong (00:28:08):
Oh yeah. And I mean, as long as you can register you can use it. Right.

Anna Rose (00:28:13):
Okay. Cool. Cool. What's it called?

David Wong (00:28:15):
It's called 3pages.fr. I wish I could like, encrypt what people write. That's sort of like the primary feature that people request. It's like, oh, whatever I write is like, goes in a database and you know it's not really private. So it would be cool if I could do that, but I honestly, I haven't had the time to, to do this.

Anna Rose (00:28:36):
That's, you could make it private with a zero knowledge proof maybe

David Wong (00:28:41):
Maybe there's something to there.

Anna Rose (00:28:42):
Maybe there's something else that would be better suited actually

Guillermo (00:28:46):
You'd probably just make it private by having it on your laptop or something. I feel like people have made crude versions of this elsewhere.

David Wong (00:28:52):
Yeah. It'd be good to use cryptography in that project because I did that one before I was really into cryptography and yeah.

Guillermo (00:28:57):
Oh, that's so neat.

David Wong (00:28:57):
But yeah, lack of time. Yeah.

Guillermo (00:29:00):
So, but getting quickly back to the blog post and I assume the book as well, but I unfortunately haven't, sorry, read it again. So one thing I actually really appreciate about your blog post, and it's very impressive that you could just write three pages every day and have them come out this good on average, I guess it happens after all of writing, is that it's actually very clear. So, you know, you say, oh, it's only for people who aren't like, too theoretical. And I would see myself as like terminally theory oriented. Right? Like, there's kind of no escape for me at this point. Right.

(00:29:32):
But I actually still really appreciate your blog. It's very good. It's very well written. It's very clear in ways that I will say almost know if any paper actually is

David Wong (00:29:45):
Thanks.

Guillermo (00:29:45):
And you're very good at kind of this conversion, this idea of like taking, you know, 60 pages of something that could definitely be shrunken down to about five. Right. And have all the same content and then explaining it even more cleanly than those 5 pages. I was like, okay, like how do you, what do you do that? Like, what is the process? Do you go take a 60 page paper and like a bottle of wine and sit in a corner of a room until you,

David Wong (00:30:10):
That's what I used to do.

Guillermo (00:30:11):
Oh, that's what you used to do. Okay, good. I'm glad we're all in agreement, at least on that one.

David Wong (00:30:15):
Drinking is always a good, like, influence on the writing. I think a lot of writers are, you know, do these kind of things to but for technical writing, it's a different different process, I would say. Yeah. I would say the deepest secret, you know, like double code secret is that good writing is just a writing that has been rewritten a number of times. And I would say the same for like good code. I think good code is code that has been refactored many times. Nobody writes well the first time. Like, that's what I do. I just write my drafts and it's shitty. Nobody should see that. You know? I would be very ashamed if anybody sees that. And I sleep on it and the next day I look at it, I cry a bit and I rewrite it and rinse and repeat, you know.

Anna Rose (00:30:59):
How long did it take you to write the book?

David Wong (00:31:02):
It took me a bit more than two years to write that book. And I was slow, I guess

Anna Rose (00:31:07):
And when did it get published? Actually? When did it come out?

David Wong (00:31:10):
I don't know. because it was COVID

Anna Rose (00:31:12):
Durign COVID. I think it's 2021 something. Maybe.

David Wong (00:31:15):
It must have been a year maybe or two years

Anna Rose (00:31:18):
Yeah. And it's been translated. I noticed you were tweeting this. What is going on there?

David Wong (00:31:25):
Yeah. It's so weird. because I, I didn't know about that. And basically people send me these things and that's why I learned.

Guillermo (00:31:30):
That's awesome

David Wong (00:31:33):
But I think it's in German, in Polish, in Japanese, in Chinese. I'm so sad that it's not in French. But hopefully one day.

Anna Rose (00:31:42):
Yeah. But wait, how does that happen? Like, are people, do you have a publisher? Is the publisher doing it? Like, how is this?

David Wong (00:31:47):
I have no idea. Yeah. I have a publisher. It's Manning.

Anna Rose (00:31:51):
Okay.

David Wong (00:31:51):
And yeah, I don't know how to do it. It's just magical, you know?

Anna Rose (00:31:57):
Wow. That they're localizing it. This is really cool. I like that it's like happening sort of just like out there.

David Wong (00:32:03):
Actually I should say that. So I have a box of German Real-World Cryptography in a box of Korean Real-World Cryptography. And so I'll probably yeah warn people so that I can sort of give them out because I don't know what to do with them at SBC.

Guillermo (00:32:20):
Cool. So if I get a copy of the book and I get it signed

David Wong (00:32:24):
Can you speak German or Korean?

Guillermo (00:32:26):
Oh no I mean

David Wong (00:32:27):
You can speak Korean?

Guillermo (00:32:28):
Unfortunately

David Wong (00:32:29):
Oh, I have a US version. I can give you the, the English one

Guillermo (00:32:33):
No I'll buy it. Just to support the author, you know

David Wong (00:32:36):
Alright. Cool. Cool.

Anna Rose (00:32:38):
Is there anything you think folks who are starting that book or who want to use that book should know about how to like, use this textbook or how they should approach it?

David Wong (00:32:47):
No I would say just start it, you know, just start reading and you'll get it and just ask me questions. If you don't get it

Anna Rose (00:32:53):
On Twitter.

David Wong (00:32:55):
Yeah. Just ask me things on Twitter.

Anna Rose (00:32:56):
Do you need to have a math or CS background, do you think?

David Wong (00:33:01):
So I would say no. So that's sort of why I wrote the book. I try to like, use minimal amount of equations. Some chapters I didn't really have a choice. Especially like when I get in more into public key cryptography. But I try to stay away from, you know, writing equations and try to stay away from theory. I do talk about how the theory side see things, but it's more of like, like usually in small boxes that you can like ignore if this is not interesting to you.

Anna Rose (00:33:31):
Cool.

David Wong (00:33:32):
So no prep needed, I would say.

Anna Rose (00:33:35):
Nice. So let's move on then to your latest project, zksecurity.xyz. As mentioned, the way that I first saw it was through the blog that is attached to this project. But then as obviously I clicked in and then saw, oh wow, David's doing some sort of auditing firm or some, like, it's dealing now with ZK security. So yeah, share a little bit about what it is and how it came to be.

David Wong (00:34:00):
Oh, yeah. So I guess me, Brandon and Gregor from O(1). So working in Mina, so both of them are working on the higher level in the stack, of the Mina stack. And so they're talking to developers, they're seeing developers use zkApps or try to write zkApps. They're seeing a lot of bugs. And they're telling me, David, I think there's a market for that. Like people write bugs in smart contracts, like in Ethereum and whatever. And there's a whole market of auditing firms doing work there. We think there's going to be a need for smart contracts, but like ZK smart contracts. And so, so we sort of like took the bets and decided, you know to create this thing zksecurity.

(00:34:48):
I would say that indeed after doing a number of jobs, we've realized that very good people will write pretty bad bugs and basically nobody can write it. This new paradigm of like constraints is actually very hard to figure out. And I mean, even good people who know what they're doing will make pretty big mistakes there. So it's been quite interesting to see people writing circuits. You know, today, if we look at the, the different platforms for writing zkApps that exist, most of them are not launched. And so I think what we do today is going to be very different from a year from now when Mina has launched, Aleo has launched, Aztec has launched, Starknet is is more of a thing and so on.

Anna Rose (00:35:38):
Interesting. Yeah. When you said that you were sort of talking about the ZK apps, it comes originally from this idea of seeing people building zkApps, I guess in the testnet phase, but that's not the deep cryptography part, right? Like I guess when you're doing ZK security auditing today, you're usually dealing with like the protocol builders who are actually using the zk in creating these platforms where you can use zkApps, right? All those teams you listed. Would you see yourself as a potential auditor of their code base? Or are you sort of waiting to like be more for the things that are built on top?

David Wong (00:36:11):
Yeah, so our bet was that smart contract security is a big thing. ZK smart contract security is going to be a big thing. Or ZK security is going to be a big thing but since a lot of these projects haven't really come out we've actually been auditing a lot of things lower down the stacks.

Anna Rose (00:36:26):
Got it.

David Wong (00:36:27):
So like proof systems or very low level, like, you know, manual R1CS writings or these kind of things but I think tomorrow, or you know, someday in the future, I think this is, you know, the proof systems are going to ossify, solidify and we're going to see more user apps and more bugs or more work for us on this layer

Anna Rose (00:36:52):
As an auditor of those systems though, like, is it hard for an auditor to learn all of those different languages to be able to audit all of those things? Or do you think there needs to be like, some sort of specialization?

David Wong (00:37:03):
I would say finding bugs is always finding bugs. And so in the higher level or higher layers, I think it's not going to be, you're not going to have to have like a deep proof system background to do that work. That's what I think hopefully that's going to work because I have to train a generation of consultants for that but for writing like low level constraints and custom gates or very low level constraint things, I think it helps to understand things at a lower level. I think without that understanding, it's going to be hard to audit or to write these kind of things. And so, yeah, I think today we're in a good spot. because I don't think many people like us are interested in doing audits. So we're very few people with this kind of background with this kind of cryptographyor, you know, my co-founders like worked on like SnarkyJS and these kind of compilers for and languages for writing zkApps. So people who do that usually are spending their time building these kind of things. And so there's not many people who have this kind of expertise to audit things.

Anna Rose (00:38:15):
There are a few firms coming out, like I did an episode with the folks from Veridise, John and like they're coming more from smart contract auditing now doing ZK auditing, not so much from like the deep cryptography to now being an auditor. Which it sounds like your path is more like that. They were talking about fuzzers and formal verification, other like tools where you just kind of like, there's like types of bugs that happen enough times and there's like specific things that they're looking for. Do you have stuff like that too? Or are you doing much more of like a kind of, I'm just sort of picturing like, you know, very careful through each line kind of audit.

David Wong (00:38:54):
So, okay. That's a very good question actually, because I have strong opinions on that.

Anna Rose (00:38:58):
Okay.

David Wong (00:38:58):
So I guess formal verification, fuzzing, all of these things are, all of these tools are like things that are known by consultants. It's nothing new, you know? And we're just like translating or transporting these tools to like this new paradigm and like these, these new frameworks from my experience. And I think a lot of consultants would agree with me, although, you know, I don't want to speak for everyone, but manual work is still very needed.

Anna Rose (00:39:26):
Wow.

David Wong (00:39:26):
Very much needed. maybe there's a future where we can throw code at an AI and, and they'll, you know, find bugs for us. And actually I believe in that, you know, so I'm happy if, if there's a future like that.

(00:39:38):
But for now, I think manual work is very important. That's how most bugs are found. And fuzzers.... Okay. Let's talk about fuzzes and formal verification. So formal verification usually is more like a static analysis. Like you don't really run the code and fuzzers are like dynamic analysis. So you run the code and you're trying to find bug just by running the code, fuzzers I think are relatively recent in a sense where like did, we had the theory, but people didn't really come up with like, nice implementations. And I think AFL l was like the first big implementation. And at the time, C programs were big thing. So like in C you have a lot of memory corruption bugs. And so fuzzers become very useful because you can find all these these you know, you're trying to write to memory, but you shouldn't write to memory there.

(00:40:35):
Or you're trying to read from memory, but you shouldn't and C is like a horrible language. So it allows you to do that. But now that we have Rust, fuzzing is not that useful anymore. I still write fuzzers, but I would say that usually I will find crashes at best. but you never find anything really interesting. And maybe for constraints you might be able to find more like completeness issues where sometimes you have some constraints that are supposed to like, you know, anchor some program and the fuzzer will find some inputs that don't work. You cannot prove them, you know, you cannot create a proof. And so you have some completeness issue, but usually you don't need to write a fuzzer to find them. That's what I've seen in practice. So I believe in them, you can find low hanging fruits very quickly with them but depending on how much time you have, sometimes it's not worth the effort because it's not always a good way to find good bugs you know

Guillermo (00:41:40):
I also, the kind of bug that feels like it'll start coming up more and more, which is it's a bit harder conceptually with kind of transparent contracts. Like Solidity is like under constraining things. Normally when you do things, you build an object, right? And then like that object is constructed and therefore has like some set of properties that are interesting. Here it's kind of the opposite, right? Like, ZK requires me, in order to build such an object, I actually have to say what things are both like reasonable and not reasonable. By constraining it in a variety of ways, by adding certain constraints. And I feel like this is the kind of bug that is, you know, it's easy to say because it's obviously you can construct objects that are like not reasonable in like a lot of ways, but I feel like it's going to be way more common in ZK, right? Where it's like, oh crap, I accidentally forgot a constraint to check that like something is, I mean, it does happen still, but you know, something is like non-negative in my specific way, I'm identifying a number. Right. And I feel like fuzzers would probably be pretty useful for that, but I don't know. I mean, it seems like you don't have that opinion, so I'm curious like

David Wong (00:42:47):
Yeah, I would say I don't think fuzzers are going to be very useful for soundness issues. So like, so when I think of soundness issues, it's like finding inputs that should not work, but are working and so finding these inputs usually is hard because you have to construct them manually not necessarily all the time, but in very interesting cases and for very interesting bugs, you need to like, you know, compute the inverse of like another number or like something like that and then that will work, but it's not supposed to work. And so the fuzzer is like kind of a dumb program that will just throw like random numbers at the program and it's not going to do these kind of these more clever things. And so I think, yeah, I think we're going to be limited with fuzzers

Guillermo (00:43:34):
Interesting.

Anna Rose (00:43:35):
In that episode I did with John from Veridise, we talked also about this middle ground between fuzzer and formal verification, which was like static analyzer. I think that's what it was called. Is would you also put that in the same category as fuzzer or do you think it's more useful?

David Wong (00:43:50):
So, okay, so this is interesting because that's where my strong opinion is but I will, okay. I'm going to shock everyone, but I'll say that like in security, like "formal verification" is more of a buzzword and it's usually a good way to like hire researchers or get grants or, you know, attract people or have interesting things to work on because these are interesting problems, but usually they're not that useful. They're usually pretty noisy or they don't really find anything useful. I've actually never found anything useful using static analysis. I'll always run them. And I think most consultants will like look at what tool, like what static analysis tool have whenever they look at a project. So like linters is a form of static analysis. It's easy to run a linter or you have more advanced ones.

(00:44:41):
And the more advanced ones that can find interesting things are usually way more involved. And so if you want to use them, you're going to spend way too much time and this is not time you have usually. That being said, I've seen people on projects that are paid to just write formal specifications. And so these, I believe, are interesting exercises because it gives you another insight on the protocol that you're writing or creating because it forces you to like write it in a different way. And so by doing that, sometimes you might find bugs or you might find issues and these kind of things, but it's mostly the exercise of writing that, you know, in a different language or something like that, that I think is interesting. Not necessarily the running the tool to find bugs. That being said, I have a blog post coming where I do use tag analysis, which is a form of static analysis to find these kind of bugs that I call boomerang bugs in under constrained programs. So there is some hope somewhere, but it's today there's so much friction to use these tools.

Anna Rose (00:45:52):
David, you used formal verification and static analysis sort of together in that last bit. So which one are you critical of more? Just the way you said that I was sort of, I have thought of them as like distinct, but are they kind of connected?

David Wong (00:46:07):
Yeah. So static analysis is just tools that don't run the code. So they will just either get information from the compiler or like just, you know, just look at the code and do like very nice things. Does this code contain the function eval?

Anna Rose (00:46:22):
Okay.

David Wong (00:46:22):
And we know that eval is a bad function, so, you know, just like griping, like naively in the code. So you can do a lot of things like that. Formal verification for me is just like one, like subfield of static analysis.

Anna Rose (00:46:36):
Got it. Okay.

David Wong (00:46:37):
So like, for example, linters are static analysis tools, and to me they're amazing. Like everybody should use linters. If you use Rust, you should run Clippy on your projects, for example. If you don't, you're crazy. What are you doing? Specificall my strong opinion is on formal verification and

Anna Rose (00:46:57):
I see

David Wong (00:46:57):
and how it's far from being usable in practice

Anna Rose (00:47:01):
And yet spec-ing it out or do creating the formally verified spec is useful?

David Wong (00:47:07):
Right. In the sense way that writing a specification is useful. Like an English, you know, purely English specification because it forces you to put ideas that you have in your head on paper. And by doing that you might realize that something is kind of wrong.

Anna Rose (00:47:25):
So it's not like using a formal verification tool on existing code, but rather the writing of it, like almost the first part of it is the useful part, just like trying to put it in the format that you would need in order to run formal verification. Is the part where you actually catch a lot of stuff?

Guillermo (00:47:45):
It's also most of the work, to be fair, right? Like most of the work, a formal verification is specifying the problem that you're attempting to solve.

Anna Rose (00:47:52):
Interesting.

Guillermo (00:47:53):
Right? And this, you know, it's kind of funny, this brings us a little bit back to writing. It's like, what's the best way of clarifying your own thoughts is writing them down in a formal way and then like having a thing that says, okay here from point A to point B, like, here is everything that I want to, you know, have this thing satisfy or not satisfy. And indeed that's like 99% of the work of writing is actually making it clean and reasonable. Much more than it is like the high level idea.

David Wong (00:48:23):
Yeah. So it is kind of like if you might think you don't need to write a proof, but by writing a proof, you might actually realize that whatever you were, your theorum is like not correct or

Guillermo (00:48:33):
That's right.

David Wong (00:48:34):
Or your protocol is broken.

Anna Rose (00:48:35):
So kind of revisiting the fact that you're currently not auditing ZK smart contracts on top of these platforms, but actually the underlying stuff we already mentioned one class of bugs or problems, which is a circuit being "under-constrained". Are there other types of bugs that you're looking for in sort of that low level auditing? Or is it just that one?

David Wong (00:48:57):
I would say the two bugs are basically this, it's like Completeness Bugs. It's like you want to try to do something, but you cannot because you badly constrain something. Or Soundness Bug: You can do something, but you should really not be able to do this thing.

Anna Rose (00:49:13):
What does that mean? Like, it's happening, but it's not happening because of the logic.

David Wong (00:49:18):
Yeah. So I guess maybe the easiest example is like, let's say you want to like add 2 values together in a circuit. And what you can do is that you can create a constraint that adds the 2 values together and that would work, right, because the third value, the results, the prover can try to put anything there, but it's not going to work. Because there is a constraint that's preventing you from doing that. You're not going to be able to create a proof. But if you under-constrain your circuits, you might forget to create that constraints that says A plus B must be equal to C. So A plus B minus C equals 0. Right. Same thing. If you forget to write that, then the prover can put any value they want in into the C buckets. And so then you don't know what's going to happen in the rest of the circuits because they can do whatever they want. And, and you have to think about that all the time. Like whatever values are in the circuits can be anything the prover wants them to be, unless you have constraints. Right. So if you don't constrain something, then it can be anything. The prover can choose whatever they want

Anna Rose (00:50:21):
In both cases here: so like a Soundness Bug would be because there's a constraint missing and a Completeness Bug would also be because a different kind of constraint is missing.

David Wong (00:50:31):
Or a completeness bug could be you, you have too many constraints and one of the constraint is actually preventing you from like, it's saying,

Anna Rose (00:50:39):
Oh, wow. Okay. Okay.

David Wong (00:50:40):
B should not be equal to 0 when actually you want B to be equal to 0, you know?

Anna Rose (00:50:44):
Oh, interesting.

David Wong (00:50:44):
It's a valid input.

Anna Rose (00:50:46):
And just to remind everyone, like maybe in the completeness part, why would a team create an under-constrained system or circuit? Like there's obviously some sort of trade off that they're going for, like they're getting more efficiency or something. Why would you have that happen? Why not just add a ton of constraints? Like why not just use all of them all the time?

David Wong (00:51:07):
Yeah. I'd say 2 things. So that you touched on the 1st one. It's like when you're looking to optimize things you can create bugs. The other thing is human error, right? Like, human error is the source of most bugs. And so in this case I mean it's hard, you know, like some of these constraints are hard to write. The one thing I can think of, which is like one of the trendy subjects, and actually I'm one of the architect for one of the ZPrize category this year.

Anna Rose (00:51:35):
Nice.

David Wong (00:51:35):
And one of them is is going to be on that. And so this Prime is called non-native arithmetic. And so sometimes you want to do stuff in a circuit and you know, a circuit is instantiated on the field but you want to do addition or multiplication or whatever in another field.

(00:51:53):
And so it's kind of hard to think about that, right? Like you're doing things module on number P, but you're trying to do operations module Q like a different number. And so almost everybody is going to be like brain fog at some point when they try to think about that and it's actually every, I think every project that has implemented these things have had bugs. Like Aztec had a spec and they say like, oh, "we had an under constraint here". Mina had a bug also at some point there. I'm sure everybody else must have had a bug.

Anna Rose (00:52:29):
Do you think, I don't know if you've thought about this, and this is a topic kind of a few months ago in our chat, we were talking a lot about disclosures and appropriate disclosures. How, like, if you are an auditor who's working with a client, obviously there's like a very clear way that these things are communicated. But as an auditor, are you also looking into systems that you're not working on? What happens if you find something, what do you do?

David Wong (00:52:54):
Okay. This is a great question. Like, I, at some point in my life as a consultant, I wanted to like do a talk just on that topic. It's such a weird, like, so security is such a weird field. It has like this kind of perverse like incentives sometimes where like if you have a client and they're paying you to find bugs and you tell them, here are the bugs, I think that's fine. Or if you're an academic, you know, like you don't have to be working for clients. You could just be doing like, pure research. Like, you're going to find bugs and it's like, what do you do with these bugs? And there's this whole like, you know, as an academic, or even if you're a consultant, you need to create a buzz.

(00:53:32):
You need to give a name to your attack. So it's going to be I don't know the attack of the day, everybody's going to be mentioning the, you know, heartbeat or like, like whatever. I don't know what's the latest, actually, there was one recently. But basically, you know, there's this game that people are playing and they're like sometimes I stop and think and I'm like, are we still the good guys and are we doing, like, is it actually good to break stuff? Well, it's specifically in these moments where you find a bug and you cannot warn everybody about that bug. You know, there's going to be like devices that are going to have that bug that are not going to be patching time. And so the other side of the argument is that, well, if we don't do that, the bad guys are going to do that, and the bad guys are going to exploit that. So we have to like, you know, disclose it to everybody. We need to let people know. And there is no perfect way to do it. You know, people will exploit that. The bad guys will have some time to exploit it, but this is the best outcome. Is it really a good thing? Is researching bugs and breaking systems? Is it actually a good thing? Because I think most bugs actually never go exploited. Like some bugs are dormant like forever basically. Yeah.

Anna Rose (00:54:50):
It's a bit of the kind of accelerationist philosophy that, I mean, at least I think that's what some folks who are into the hacking and breaking is the sense that like, well, it was going to break eventually. So we might as well break it now. And if we have a path to be ethical at somewhat, let's do it that way. Or there's others who are just like, it's going to break anyway. Someone's going to get the bounty on this and not even, I don't mean like official bounty, like they'll get the payload, they'll get the money that you can steal. So I might as well do it. Like that's definitely and it is, I wonder if the way that that's rationalized is, "well this is helping push everything forward anyway because it was going to break eventually."

David Wong (00:55:31):
It's like, who knows? I can understand both sides of the argument, but I think the side that says this is good, this is objectively good, you know, I think it's more fine-grained, like the reality is more

Anna Rose (00:55:42):
More nuanced.

Guillermo (00:55:43):
Yeah. The ethics of of security have always been, and I think we'll continue to be quite interesting. It's a funny arms race, moral quandaries, you know it's sometimes easy to point at a mirror and be like yeah. Are you sure you're getting up in the morning for the right thing? But so it goes. If there were a perfect answer, I don't think we'd be having this discussion in the first place.

Anna Rose (00:56:11):
I wonder like, how do you even think, David, that we could even get that conversation going? Like, who should be in that?

David Wong (00:56:15):
I think it's still early, right? Like ZK security is like a very, very early field. Most of those ZK applications are not born yet. And like, I think we'll get many examples of what we just talked about, but I don't think I've seen an example so far in ZK, or maybe I'm not thinking enough.

Anna Rose (00:56:36):
There was a big PLONK one, but they were able to disclose that, this is the one that Trail of Bits found. I think they found something. Yeah. That's a really interesting case study because it shows, like they did disclose it to the most valuable networks, I think, in advance. But there were so many teams that had been using it that they might not have even had known who all of them were. And it was really hard to connect with all of them. And that was sort of like that's, I think like a real world version of what we could imagine happening if someone's trying to do it ethically.

David Wong (00:57:10):
Yeah. That's a good example. That Frozenheart. It's hard to warn everybody. That's for sure. Like, you don't know who else is using that protocol in the wrong way.

Anna Rose (00:57:21):
Totally.

David Wong (00:57:21):
Yeah, we see a lot of, I guess I was dealing with that the other day, but like, there's a lot of threshold signature issues also. And there's many people reusing the same schemes or libraries and it's like a basically a hell to like contact everybody. And we have this 90 days disclosure because, I don't know, somebody thought it was a good idea to say, 90 days is the gold standard, right? Yeah and so everybody's running around every warrant, everybody, like, is there any other project that we should warrant? Has everybody fixed the bug?

Anna Rose (00:57:55):
Totally.

David Wong (00:57:56):
These kind of things.

Anna Rose (00:57:57):
I mean the most famous one I think still in our space was the Zcash one. In their case though, it was like, it was the only people who could figure it out they think were in the room, were the people who built this thing because there were so few people in the world who understood these systems. And it was Ariel Gabizon who found it, and they kept it even from the rest of the company. They kept it in a group of 3 people who knew what was happening. And they had to like, strategize all these things to make sure that they could do this upgrade without it being known because had they known

David Wong (00:58:30):
So they didn't disclose.

Anna Rose (00:58:31):
They didn't disclose it, but it was internal. But yeah, there was risk to the users I guess during that time.

David Wong (00:58:37):
There was risk. Right. They could have shut down the protocol

Anna Rose (00:58:39):
They could shut down.

David Wong (00:58:40):
But I'm not saying that they should have done it, like I'm not saying they should have, but, so this is interesting because at the time we were auditing Zcash at NCC group, str4d had told me, I'm very curious of the results and he made this face when he told me that and he was weird.

Anna Rose (00:58:57):
I don't think str4d knew. I don't think str4d was part of the inner circle.

David Wong (00:58:59):
Oh really?

Anna Rose (00:59:00):
I mean, he should speak on this, but yeah as far as I know.

David Wong (00:59:03):
Okay. Interesting because at the time, that's when I started thinking they did insert bugs just to see if we're doing our job correctly or something and then I started thinking if like clients can do that and these kind of things

Anna Rose (00:59:15):
Oh, that's funny.

David Wong (00:59:16):
So he did have a weird reaction. I remember that. I should ask him.

Anna Rose (00:59:20):
Yeah. Actually I shouldn't speak for them at all on that front, but as far as I remember it was Ariel, Sean Bowe, and Zooko who knew? And maybe there was like one other, maybe like the legal team or something, but it was like a very small group. I don't think the general engineering team knew.

Guillermo (00:59:36):
It's such a difficult problem. Right.

Anna Rose (00:59:38):
I know.

Guillermo (00:59:38):
It's just like, it's crazy to me. Right? Because like, even the mere knowledge that there exists a bug is like so useful in finding one, right? It makes it just so much easier, which is insane.

David Wong (00:59:52):
Oh yeah. Okay. I don't know if I should say that, but I know some people that ended up exploiting that bug on like, forks of Zcash because they didn't fix it fast enough.

Anna Rose (01:00:02):
Although that was communicated at that point. So I feel like

David Wong (01:00:05):
Yeah, I don't even know what these forks are, but

Anna Rose (01:00:08):
Yeah, that was, I mean, I think as a case study, actually, I think what we'll try for this episode, we'll dig up, I did an episode with Sean Bowe where he goes through that timeline in a lot of detail. So that might actually be something interesting for folks to listen to if they want to hear that story accurately. And my apologies, by the way, if I'm also misrepresenting it because it's, I think we did this, it was episode 76, so, and we're close to episode 300 now, so it's been a while anyway.

Guillermo (01:00:35):
Cool. Impressed on your memory though. Do you remember 76 or did you actually just look it up?

Anna Rose (01:00:38):
Well, it was, no, I know it because it was one of the most popular episodes ever.

Guillermo (01:00:42):
Holy crap. Okay.

Anna Rose (01:00:43):
So it pops up on our kind of "best-of" lists all the time. That's why I know that one. It was a really good one. It was actually, it was Sean I think it was the first time he had spoken about this issue after it had happened, but it was already like 9 months later or so. So he digested it. But it was very cool to get a chance to talk to him about it.

David Wong (01:01:03):
Yeah. I think that's the only place where he mentioned that it was Ariel that found it. Right. Like trying to understand the protocol, if I remember though.

Anna Rose (01:01:12):
So crazy. Anyway, so David, what are the new sort of research topics? I know like you're focused now on the auditing stuff, but I'm imagining just given what you've described of your background and the fact that you tend to be reading and writing, what are the research topics outside of security and auditing that you're interested in

David Wong (01:01:29):
Outside of security and auditing? Well, are we still talking about zero knowledge or?

Anna Rose (01:01:35):
Yes. Yeah. Yeah.

David Wong (01:01:38):
There's a question,

Anna Rose (01:01:38):
What kind of music are you into now?

David Wong (01:01:40):
No, Taylor Swift, of course.

Anna Rose (01:01:42):
Oh, of course.

David Wong (01:01:45):
Okay. Zero knowledge stuff. I'm fascinated with the folding work and this like, line of folding with Protostar and ProtoGalaxy. Is ProtoGalaxy the last one for now? because there's a new one every week, so it's, yeah,

Anna Rose (01:01:59):
Isn't there Lasso and something?

David Wong (01:02:01):
So Lasso and Jolt are not folding things, but they're like, so I guess there's like the folding, there's the folding branch and the Luca branch and Lasso and Jolt looks amazing also. So I'm digging the Lasso/Jolt branch also right now and looking at InSpark and Hyrax so this sounds like really interesting protocol and to me that maybe this is an interesting strong opinion also, but it sounds like I'm wondering is if this is the death of STARKs actually that we're witnessing. I know we've talked about that before Guillermo.

Anna Rose (01:02:37):
Wow. That's crazy. Yeah. I did not. Why? Because, is it because SNARKs become STARKs?

David Wong (01:02:43):
No, I think it's just that like STARKs are quite limited because of the way they use hash functions and these kind of things. And the advances that we're seeing in the other side are such important breakfast that I think we're going to get to that point if it's not happening. I don't know if we're going that direction, but I don't want to get anyone upset, but if it's happening, I'll be the first one to say it then

Anna Rose (01:03:10):
Wow. I have not

David Wong (01:03:11):
I'm sorry

Anna Rose (01:03:12):
Yeah. I've never heard that. That's wild though.

Guillermo (01:03:15):
That's a hot take. Yeah.

Anna Rose (01:03:16):
If that was the case in a weird way, I feel like it would be, I mean, there's just been so much mindshare around SNARKs. There's been so many groups who've championed it, so many teams who've used it and added to it. So it's not like completely out of mind that that could be the case, right. That like, just with that much brain power focused on this particular system that it would like somehow go past it. But yeah, I wonder if it's just like testament to open sourceness from the beginning. STARKs are now more open source, but they didn't really start that way.

David Wong (01:03:47):
Yeah. If I would've to guess it's most, I would say it's mostly that STARKs are limited due to using hash functions, and eventually this is a pretty big limiting factor.

Anna Rose (01:03:58):
You don't think that you could engineer around that and research breakthrough around that?

David Wong (01:04:02):
I

Guillermo (01:04:02):
I actually do.

David Wong (01:04:03):
You do? Okay. Hot take.

Guillermo (01:04:07):
The hot take is... Not around STARKs as we know them now tm, you know, using like standard hash functions. But I do think there's like very interesting work to be done in that area.

Anna Rose (01:04:19):
But it would need the mind share.

Guillermo (01:04:21):
Yeah. You, you could construct hash functions that are more structured than like SHA256, for example. And that's an interesting that fact. It's an interesting set of things. So anyways, I don't know, maybe some listeners will scoop us before....

David Wong (01:04:34):
I think people have been trying to solve that for a while, so

Guillermo (01:04:37):
Wow.

(01:04:37):
Yeah. Yeah. No, this is also true. It, it's, my suspicion is a, if it was easy and probably would've been done, right but I wouldn't trumpet the death of them yet, but I would trumpet the death of maybe as we currently see it, maybe.

Anna Rose (01:04:52):
Interesting. Wow.

David Wong (01:04:52):
And by the way, I don't want to say that like, you know, there's still many projects that use STARKs and that that doesn't mean that, you know, these projects are not good or anything. But, you know, breakthroughs are, I think are going to continue piling up on that side and I think we're going to see more and more interesting designs.

Anna Rose (01:05:10):
And actually, yeah, maybe a note there because I think what you're saying too is like, there's teams and systems that are built on STARKs or SNARKs, but usually built actually, if they're in the building phase and implementation, they're already built on like systems that were developed a few years ago and it's sort of ossified and like now that those are secure enough or if people feel comfortable enough that they're going to implement it, what you're talking about is like the cutting edge, like not tested yet, research style stuff.

David Wong (01:05:36):
Yeah. And you can't just like shut down your product and say, guys, we're just going to rewrite everything from scratch because this new cool thing. Yeah. Yeah. Like you're, you're always in a, whatever you do, you are always going to see new cool stuff coming up.It doesn't mean you need to like restart your project.

Anna Rose (01:05:51):
Of course. I often ask teams that are building sort of like, more like protocol level or even like application level, like "how did you make your choice?" At what point do you have to just say, I'm going to go with this because I feel safe with it. David, thank you so much for coming on the show, sharing with us sort of all of the work you've been doing around communication, education, auditing, security. This is so exciting and building, actually, I shouldn't forget that. You've also built a lot of systems that people are using. Really glad we got a chance to speak with you.

David Wong (01:06:22):
Yeah. And thanks again. Yeah. This was, I really wanted to come here, but I was waiting for the invitation.

Anna Rose (01:06:28):
Cool.

Guillermo (01:06:29):
Yeah, it's been an absolute pleasure having you. And thank you. You know, we covered a lot of ground, but it's always entertaining chatting.

Anna Rose (01:06:35):
Cool. So I want to say thank you to the podcast team, Henrik, Rachel, and Tanya, and to our listeners, thanks for listening.