Is Canton a privacy solution; a different way to encrypt what goes on chain ? Or is it the equivalent to proposing to secure the web by, instead of encrypting it with https, just mandating the phone company runs it all and never lets anyone else see what's going on.

This is a subtle question. The current SEC is interested in putting real-world assets on a blockchain. But everything is public. One way to get privacy is to make the chain non-public. But the risk is you take something like the early Internet and hand it to the phone company.

A question watching the SEC privacy panel with @jillgun @zooko @pumpernikhil et al. Is Canton an open platform where anyone can build a product using someone else's asset (e.g., a bank's stablecoin)? Skimming the docs, its ambiguous. Sure, its federated, but so is a set of banks

At the SEC roundtable on privacy. Surprising to hear the SEC Chairman acknowledge that blockchains expose too much data and we can't create a digital panopticon. Even more surprised to hear Commissioner @HesterPeirce mention @matthew_d_green and I's work on privacy and zk proofs.

Citadel pays for retail flow to avoid "toxic" orders. If Buffett is selling, he knows something you don't, and you'll be left holding the bag. On-chain, you can filter for suckers without paying for flow. Total transparency means counterparty discrimination is "democraticized."

This seems like something some combination of static analysis and transaction simulators can test for. Your wallet could opt in to being restricted to this. Day trade from your phone safely, but to actually transfer you need your hardware wallet and a 7 day delay.

Cryptocurrency theft is a major problem. Brokerage theft isn't. Can you build the DeFi equivalent of a brokerage: you can permissionlessly take positions in a crypto market, swap one token for another, etc. But transferring funds to someone else is heavily locked down.

8/ Our paper is, of course, a prototype. Like microchips, proofs get faster. Folks will take the ideas, change out the proof system, and build even better things. Let’s move beyond simple proofs about passports and mobile driver’s licenses, and build more complex schemes.

7/ Making it secure and private, however, is tricky. Zk proofs are now a commodity, but architecting protocols around them is tricky. There are a whole bunch of subtleties around, e.g., supporting 3rd party measurements, anonymously, in client-side logs. See the paper for more.

6/ Conceptually, our approach is straightforward. From Zcash and Zexe, we have shielded state protocols where an untrusted client is forced to run some stateful programmed rules. So we can make clients log events, run fraud detection logic, and know they didn't omit anything.

5/ Now our new paper: How do you secure a zk-cred? On the web today, continuous authentication lets servers track non-private credentials and see suspicious logins. It’s effective, but not private. We move this logging client-side using programable identity techniques.

4/ Paper: https://t.co/O1sTYYz18Q Talk: https://t.co/0cw4BPvYJb A bunch of folks have built faster proofs over more IDs, but many miss the bigger idea: Proofs of passports are a simple input; identity is programmable, composable, and needs more than what’s in your passport.

3/First, zk-proofs of passports are an old idea. In 2022, we built the 1st passport proof as a starting point. To address issues 1 & 2, we added composable and programmable identity with multiple identity signals—we called them "zk supporting documentation"—and auditable issuers.

2/ We've seen an explosion of zk-proofs of identity: take a passport/driver's license, prove you're over 18 or not on a naughty list. There are at least 3 issues: 1) What if your identity isn't just a passport? 2) How do you audit issuers? 3) How do you detect stolen credentials?

1/ Concerns for AI-generated content, age verification, and money laundering are driving online ID requirements. Zk proofs about your ID are not enough to do this privately or securely. Some new ( and less new) work from my lab addresses this.

Nice to see more work on anon creds from legacy identity. The next big question is what comes after support for legacy documents. What does composability and trustlessness look like? We took that as the starting point in 2022 with our zk-creds paper

NEW @gwartygwart pod w/ @secparam: Zcash resurgence, Privacy, & Quantum "Privacy is not just about payments. It's accountability, ways to express yourself safely, show qualifications without completely doxing yourself." Brought to you by @ellipsis_labs

And in case you think this is some idealist "privacy" thing, it’s not. Privacy means neutrality and censorship resistance, as @valkenburgh points out in his talk. A blockchain trash compactor does not get you that. https://t.co/Epebja9lw4

I'm not subtweeting you, I'm subtweeting half your industry: Privacy isn't everyone sending you their data for proving. Privacy isn't 'at least it's not on-chain.' Privacy isn't saying your proofs are zero-knowledge when they aren't, "yet." That's a blockchain trash compactor.

Note, as @badcryptobitch points out tempo may have privacy plans, so in case you get all your technical info from a joke, it may just be a joke.