From Dawn to Dusk

The long road that got us to launch, the many paths we have to go down.

Sep 05, 2023

It’s been a while since I’ve written a freeform blog post. In preparation for launch of Quilibrium, there have been many surprises and delays along the way, and all of those moments have kept me from taking a breather to summarize the events. Now that launch is underway, I can take a step back and review the major points in the journey – both the highs and the lows.

“No Man is an Island”

About five or six years ago, I was working on an alternative to Discord as part of an educational coding stream I was running, to teach fledgling coders how to build at the kind of scale required by extremely large software companies. Naturally, by the course of building it, I realized that it was something I could launch as an actual business. The problem I faced with this, was that I had certain morals I refused to bend on: I wanted this alternative to be fully permissive to freedom of speech, and ensure that users were able to have private conversations, encrypted fully end to end. I’ve spoken to great lengths about the innovations that came out of ensuring those ends, but the key inflection point, or pivot, for fans of SV lingo, was that in order to launch this, I had to make it a web application only, as freedom of speech is a difficult line to toe with App Store/Play Store products and wasn’t something I could do alone, but most critically, I had to find a way to make it work peer-to-peer, because even AWS would take pause, as history has since shown. This forced me to revisit it from first principles, and consider the lessons learned from crypto.

I’ll forego describing those first principles once again as I have written about them to great lengths in a series of prior posts, but ultimately, after sufficient research and development, I had early functioning prototypes of a generalized MPC platform as a service, capable of being the backend for a decentralized Discord alternative, as well as so many more web applications. Once I felt confident in the architecture, I took the leap: In December of 2022, I left Coinbase to pursue launching Quilibrium full time.

I had felt that moment seemed to be the right time in taking this leap, because while the whitepaper publication was still a few weeks away and there was a lot of work required to get the codebase more polished for public use, I had already been garnering significant interest from investors, and if I were to take those calls, I knew it would be a serious problem trying to fundraise while still employed, so the chasm had rapidly advanced to me, ready or not. In retrospect, I could not have seen the disastrous chain of events coming in both the industry and in the world with the bear market taking deeper dives and the collapse of SVB, but by consequence, the sudden spike in fears and pullbacks from investors in early stage companies meant to me that I had much more work to do, and that I’d have to do it alone before I had strong evidence to show what future Quilibrium held for investors. With no ability to hire, no significant capital to build out early infrastructure, I had to revisit the launch plan itself from first principles.

The reward token of Quilibrium is one that corresponds to proof of meaningful work, so how could I leverage this in a way that demonstrated proof of meaningful work before the network was fully connected? Initially, the token application was a post-launch component, in that the network would fully undergo the launch ceremony, perform an MPC-oriented version of the Powers of Tau, slightly amended due to security concerns around provenance of honest participation, then conclude and the network would become live, all rewards to be issued when applications were being executed. This has a motivation problem – how do you get enough people interested to help stand up the network to be sufficiently secure when the rewards only come after the hardest work of all is done, which was without reward? It dawned on me that since this too was an application, and that application was providing proof of meaningful work, I could bind rewards after the network was launched to the participants, and thus there would already be a healthy sum of tokens for those who put in the effort, scaled under the same principles of application rewards as the network would provide post-launch.

And so, I adopted an approach that would require two phases: an offline ceremony, and an online ceremony. The offline ceremony would set up an initial baseline of the ceremony transcript, and incentivize people to launch nodes for the online phase. This whole process, in keeping the theme of what Quilibrium intends to do, would be called The Declaration of Internet Independence.

“Long live the Internet”

I was still uncertain that this would garner significant interest – I’d seen many other networks try their hand at public participation in launch ceremonies, and most had minimal interest. At the time, even Ethereum’s KZG ceremony had only ~50,000 contributions, and they were by far the largest “general-purpose” network (limited capabilities aside). But I decided I would proceed to do it anyway and see how much interest people had, and because the tooling for Quilibrium made it very easy to embed applications in the browser, I would repurpose it to make it possible for this offline phase to be both an opportunity for anyone to easily contribute, and present some information about what Quilibrium is, how it works, and what people are helping make happen by performing this computation. And also, importantly, make it really nice and easy to share on social media to help increase virality of participation. With the new plan in progress, was there anything else I could do? As it turned out, NFT NYC was just around the corner, and ad space was available…

And so, sleep-deprived, frazzled, in a dimly lit hotel room, I proceeded to launch the offline ceremony site and application. To say it was a success was an understatement – the first five minutes of launch immediately hammered the sequencer into oblivion, so after a few rounds of hardening, toppling over, hardening, toppling over, it was live live, and gave me an opportunity to review how I could improve the performance and let more people participate, faster. After launching a CLI utility and expanding the overall contributor count per round, things started to hit a good point where I could step away and watch.

By about day four, I started mapping out where all the contributions to the ceremony were coming from, and slowly refined it. By the end of the week, we had reached about half the number of contributions Ethereum had seen in the months of their own ceremony at that point:

🅠 init week one has come to a close. At this rate, we should be good for phase two with the partial network launch in approximately 15.6 days. It has been truly mindblowing seeing how people all over the world have participated and are jumping on this so quickly.
https://i.imgur.com/bOrwXYJ.png — “Holy shit.”

It wasn’t just the fact that so many had participated, but just how spread out it all was had blown me away. After about two weeks, we had already outpaced the contributions to Ethereum’s ceremony – and on a curve twice the bit strength, with over double the number of powers being calculated. After about a month, the offline phase was over, with a final count that eclipsed the Ethereum ceremony, which has only recently concluded:

With the offline phase behind me, it was time to get the online phase in motion, but all the while, something was bothering me – I needed to be sure that things would be stable with the network, it wasn’t something that could simply topple over, apply a fix, and restart – so I spent about a month working through multitudes of scenarios, trying to find unique ways to break things, make the network partition, anything I could think of. That month of research also took me down a much more concerning route – how well can we keep trusting the old 256 bit curves? I had already taken the proactive stance that Quilibrium was to default to double the strength, but to support WebAuthN on the most devices, there would still need to be 256 bit curve support. So I took more time into the research I was putting into enhancing Pollard’s Rho attack. In doing so, I uncovered a new attack (publication coming soon, titled Rhoboat), which would allow for adversaries with significant compute power the ability to crack these lower bit strength keys in a short enough time to give me pause.

Back to the drawing board.

Over these months, I spent the time removing support for the 256 bit keys, redoing the same performance tests, refining, and simplifying. Through this effort, we can finally fast forward to today.

Dawn

Dawn, the codename for the first release of Quilibrium, is the first full phase of the network being brought online. As of now, key components are already live, highlighted in the pink color in the diagram above – the network has been up in this bootstrapping test for a little over a day so far, and thus far, as expected with the design around the master clock for coordination, has only increased in speed with the number of participants who have joined the mesh. In just one day, folks from all over have set up these bootstrap nodes – peers that will serve as the “first contact” that helps other nodes find the rest, amongst performing normal node functions.

In the coming days, the remainder of the functionality, highlighted in grey, will be brought online, given a few test runs of the ceremony’s transition into the online phase, and on September 18, Dawn will be released. This release will continue to accumulate proof of meaningful work rewards for participants, as the ceremony itself is a proper application on the network. After Dawn, the final phase of the network launch, Dusk, will begin.

Dusk

With Dusk, the network will conclude the ceremony, tally the rewards, and deploy the first hypergraph applications: the network’s reward token, account management, and simple file storage. The codename is also symbolic for the network’s nature itself: with Dusk, the network effectively goes dark, removing any relationship between IP-level connections and the actual traffic going on the network itself. Further, the secure private routing also makes it impossible for malicious nodes to analyze any of the traffic that passes through it, as the actual interactions with applications are of themselves MPC, and the traffic itself is routed through a privacy-preserving mixnet.

Once Dusk is live, Quilibrium can be effectively considered launched, but there are many things which we’ll need to focus on thereafter – creating new applications that make it easier for developers to onboard and leverage its unique strengths, improving node health monitoring and deployment, and of course the continued research in cryptographic primitives that can improve performance and strengthen security in the face of new threats. One unique advantage that Quilibrium has over other networks, as part of the lessons learned in these past months, is strong support for cryptographic agility, but we mean to continue advancing this front ourselves with research into new cryptosystems as well.

Beyond launch, there are also reach goals for network features: MPC TLS bridging so that nodes can interface with the clear web, a network-native DNS server, a custom browser for connecting to websites that live solely within Quilibrium, and so much more. Eventually, we hope to reach our most audacious goal: Quilibrium will serve as the fabric that connects all computers together on the Internet, so that users will never have to sacrifice security or privacy again.