Trustless Clients in the Browser

The most popular way to interact with Web3 and crypto today is through the web browser. This comes with a fundamental limitation: the web browser inherently trusts the server to serve correct code. Even if a webpage includes cryptography, that cryptography itself is coming from a trusted server. David will be introducing and talking about the Skynet Kernel, a new browser extension that allows users across all Web3 ecosystems to interact with Web3 trustlessly within their own browser. The Skynet Kernel includes support for HNS webpages and HNS applications.


(00:01) [Music] [Applause] so [Music] [Applause] [Music] [Music] [Applause] [Music] all right guys welcome back and thank you to impervious again for sponsoring uh handycon uh right now we got uh david vork uh everyone i would hope uh most people in our community uh know his name ceo of skynet labs uh we are like buddy buddy uh handshake and skynet uh so you know we’re really glad and really happy that

(01:03) we could take some of his time so he could uh speak here at handycon uh mike you want to say anything else yeah sure david you can load your slides now if you want i mean it takes a second but but yeah i mean we’re all we’re all uh you know very appreciative it’s like uh yeah like you said brother sister uh you know between sia and uh handshake and you know i know you you’ve been going through a lot of all your twitter you know with the fighting the old internet you know web 2. i’ve seen you’re on mute now david so

(01:36) i don’t need to speak hey how yeah so we’ve been seeing your struggles uh you know with the you know so uh we support you here and if there’s things we can do you know more to help help you guys it’s great to see your you’re on the front line seriously it’s a it’s amazing well thank you and uh yeah it’s great to be part of the handshake community i love everything you guys are doing and i think you know web3 is challenging and you know not everyone who uses the web3 name is is committed to the values of

(02:08) the web 3 you know movement but i i think handshake is you know right there alongside skynet alongside it’s kind of in uh pursuing the best so um yeah i’m i’m super happy to be part of this community i’m glad handshake exists all right awesome well we won’t eat up any more your time you can go ahead and take away your present or take it away with your presentation awesome so thank you everyone for coming uh i wanted to talk today about the skynet kernel which is a new web browser extension we’ve been working

(02:43) on for web3 and so i’m just going to dive right in oh i guess yeah background uh i’m david borg founder of the sci blockchain and founder of skynet and skynet labs um so yeah you guys already know so web3 has a trust problem uh moxie marlin spike the founder of signal wrote a big article recently that that gained a lot of visibility about web 3 and how basically a lot of the just ways you interact with web3 are reminiscent of web2 it’s a very trusty ecosystem and it feels like a lot of smoke and mirrors

(03:24) and like a lot of the promises of web3 aren’t being delivered on and so i think he really you know keyed in on on two critical things which is that when a user joins web3 they load their crypto app through a centralized front end in the web browser and so even if you have a browser extension like metamask that protects the user’s seed it doesn’t protect the front end itself and then the second thing is that the front end queries a centralized api such as inpura and fully trusts all the responses so even

(03:58) even if your centralized front end ends up being honest usually that centralized front end is dependent on a centralized api like infuro that once again can be used to manipulate the user live to the user or drain their funds so we focused in on the skynet kernel on these two key issues we want to kind of solve the front-end problem and then just as important we also want to solve the api problem so um yeah i’m happy to present what we’ve come up with we we’ve built a browser extension that combines skynet which is

(04:37) a decentralized storage platform with a web browser api called on before request and basically what this allows us to do is it allows us to catch the web request to any defy or web 3 front end any any web app that’s supposed to be web3 we can catch that web request and we can get in the middle and we can verify that the code being served by the server is the code that the user is supposed to load um so we can take these centralized front-ends and we can turn them into decentralized user-controlled front-end

(05:16) so i believe the next slide is a diagram yeah so you can see when you install the skynet server the skynet kernel basically in instead of you know the user sending a request to a centralized server and then getting a centralized response pack the skynet kernel catches that request talks to skynet checks the user’s you know verified storage and then either verifies the request or can even inject you know a different a different response and make sure that the user is getting the code they want um so this kind of verified storage is

(05:49) for those unfamiliar with skynet it’s it’s a decentralized storage platform where all of the data that you are looking at as a user is signed by your own public key so when when your you know browser extension when the skynet kernel is checking your verified storage to make sure that the right application is being loaded it’s not trusting any skynet portal it’s actually doing you know signature verification and hash verification and and it’s making sure that you know the skynet apis it’s talking to

(06:20) are also being honest so uh when you add the browser extension you get this full end-to-end trustless experience that allows you to deliver decentralized applications straight to your web browser and you don’t need to you know install a separate application or run a background service you just have a web browser extension so that’s something that uh you know we’re very excited to have built out and and we’re excited that it works um so i kind of alluded to this briefly earlier but one thing that you can do

(06:55) as a user is you can configure your kernel to replace the front ends with different front ends so if you want a fork or if you want to go to a previous version you can configure your kernel to intercept say like and replace whatever you think the should be responded by the server on the browser extension has full control over it and of course the browser extension hands that control over to the user so you get this very clean uh user controlled experience and that’s you know really what web3 is about we

(07:27) want to make sure that the user gets to decide what their experience is like so that solves one half of the equation we have we have the front end solved and we can load that but we still have a front end that’s talking to these centralized apis and often using services like infira so we developed a system called kernel modules that allows you to take these centralized apis and turn them once again into client-side uh trustworthy code that’s that’s verified from the user um so essentially a kernel module is a

(08:04) piece of code generally javascript code but it can be uh webassembly or basically anything you can run in a browser web worker it loads it and then it serves the the module serves an api that web apps can use and that other other modules can use so a key thing about modules is that they can be swapped out just like the front ends um modules are apis not libraries and so if you have a web app that’s talking to say in hns module that serves an api that resolves domain names and the user you know decides they don’t want to be spv

(08:46) they want you know they want their module to be using a full node they can go in and swap that module out in their kernel and because it’s an api when they make that switch all of the applications that they use which talk to you know that handshake api now switch together over from spv to the full node and so again this is this is the reason we’ve broken everything into modules is to make sure that the user has maximum control over the behavior of their applications um and so yeah i think that this is a

(09:20) significant advantage over libraries because it allows the user to control all of their applications at once rather than having to update one application at a time to you know change out the apis that the application uses or the libraries that the application uses so one of the fun things that you can do with the kernel is just like we can intercept requests to app.unitswap.

(09:48) org these kernel modules can also intercept requests to centralized api services so if you are using an app that’s been hard-coded to use in fira you can program the kernel to actually intercept the api requests that are going to infira replace them with a call to you know an ethereum module or you know whatever whatever api that you want to replace them with and then have the kernel respond with trustless uh api responses so even if you’re using a application that is sent that is hard coded to use centralized endpoints uh the skynet

(10:30) kernel can get in the middle of that application and upgrade that application to being decentralized for the user so finally one more thing you can do with kernel modules is use them as first class programs they essentially run as background processes in your browser and so they are fully sandbox programs that have long lifetimes they have full access to each other’s apis so you can build like a kernel module that’s talking to the skynet apis talking to the handshake apis talking to you know ethereum apis

(11:13) and you can build something like a full node that runs as a kernel module so you can have blockchain full nodes in your browser that are fully trustless that serve apis that other applications can use and and something that we were very careful with is sandboxing when you when the user installs a kernel that kernel goes into its own private sandbox where it has its own storage and it has its own seed that’s derived from the user seed which means because it has a seed it can do basically any crypto operation it wants

(11:49) but it’s a unique seed that no other module knows you know obviously the user knows it but no other module knows and it’s got private memory and private storage so if the user accidentally installs a malicious module that actually doesn’t do any harm to the user the malicious modules in its own sandbox it can hurt itself only and doesn’t interfere with you know say your your blockchain module that that powers your hns wallet um so this is something yeah i’ve been very excited about over the past six months

(12:21) it’s it’s amazing to be able to finally talk about it and of course this is a handshake talk this is a handshake conference so we got to talk about where where handshake fits in one of the things that we figured out with the skynet kernel is that we can do custom tlds so you can go to say like uh the kernel itself gets hosted at skynet kernel.

(12:46) skynet so we kind of hard coded the skynet tld but you can introduce modules like say a handshake module that will allow the kernel to resolve any tld supported by handshake and so one of the things on our early roadmap for sure is to get full hns support in our browser through the skynet kernel and and for people who don’t know the skynet community are big fans of handshake most prominent skynet apps have a handshake url in some form and so yeah it’s high priority for us to get uh first class handshake support in into the skynet kernel

(13:29) cool so web3 has a trust problem but the issues are not fundamental and the issues are not unsolvable um we have built the skynet problem to basically tackle the core of everything moxie was concerned about and web3 can continue building the way it has been we we do have a trustless future you know on a roadmap and it’s it’s not like a throw on the brakes and turn around and we got to start over we can take all of the existing applications and we can take those centralized apis and we can inject trustless responses we can intercept

(14:03) them and we can we can build back to trustlessness without having to throw away all the work we’ve already done so yeah i hope you found found the talk interesting if you want to learn more you can join us at discord.g skynetlabs i believe i’ll go back one more slide we have a git github so the kernel code has been open sourced i think we released it about a week ago and yeah we would love to have you guys contribute but um that’s about all i had to say uh we can open the floor for questions all right awesome uh

(14:46) i saw matt zipkin uh getting really excited in the chat and i said you know when he’s getting excited you know it’s something good uh so definitely definitely cool to see and he did have one question here but it may have already been answered yeah so um the centralized servers do not need domain names we have basically so so as an example the kernel itself the browser believes that the kernel is hosted at kernel.

(15:24) skynet which of course is not a url that actually exists so we have basically a proxy system with failovers if you are you know releasing a website you don’t need any existing ties to the dns system to be able to host something through the skynet kernel and and have a url that users are going to be able to use to view your application all right cool uh so i’m seeing in the chat that uh there’s not like a ton of very super duper uh techy people so maybe they’re not the best people to be asking the right questions and me too i guess

(16:07) really um but uh maybe you wanted to talk about like uh home screen uh really quick oh wait here here’s another question in the chat really quick yeah so um right now the kernel is only working on firefox so if you’re a developer um you can come in you can help us support it to chrome uh another thing that would be just a huge help for the ecosystem is that we we don’t have very many modules at this point like the kernel was just released so if there are apis that you know how to decentralize um and

(16:46) whether you know whether it’s something as big as like ethereum apis are something as small as just like a single query to check the height of a blockchain um you know come come build a module come come start to build that ecosystem of apis that other developers can use to get trustless access to web3 and then of course just spread the word uh and and be a user all right awesome looking in the chat for any other questions yeah i see um i see a question by blake which is uh will the domain actually resolve and stay in the browser

(17:28) versus using a forward and the answer is yes it will resolve and stay in the browser so your uh url bar will say um you know whatever you know either whatever.h and s or if you’ve configured h s to have like the full suite of tlds it’ll you’ll just see the tld in your browser url bar and there’s one caveat there the browser will say that it’s http um and that’s because it doesn’t recognize the ssl certificates for domains that don’t exist understandably it’s hard to it’s hard to get those

(18:04) certificates so we have to say that it’s http but on the back end it is secure it is doing um you know encrypted communication to whatever portal it’s using and like it is doing client-side verification so even though it says http um it’s it’s a side effect of just how the browsers were built it is it is a secured connection um and you can you can rely on it and then it looks like he’s asking about uh collisions as well i don’t know i i i don’t know i if this is in regards to tlds like i can in the h s namespace uh

(18:46) colliding uh or or something different yeah i mean i can talk to that and that the answer is that if if there is a collision between icann and uh hns basically the the module will have to decide how to handle that um and so you could have like a very heavy-handed approach where the h s always wins and and that’s something you could configure in your kernel or you could install a module that like is the other way and i can always wins or you could have it like the user user set it on a per per domain basis and just like

(19:20) even even if it recognizes a certain sld it’ll switch which tld it goes to based on what it knows but the point is that that’s entirely up to the developer writing the module and the user can switch between modules if they decide they want things one way or another um so yeah we don’t we don’t have any like central control over uh how collisions are handled well that’s awesome because in the community that’s what we talk about all the time with name collisions we always leave it up to the resolver to kind of

(19:49) handle that so that’s that’s perfect awesome thank you and then here’s a question from uh johnny wu what is the main takeaway benefit of skynet kernel in relation to handshake yeah so um right now when you go to well so one benefit is that you’ll be able to go to handshake tlds in your browser and i know there are other extensions that do this but this is just another another way to do that but another benefit is that when you resolve those links i think most other extensions use some some sort of centralized

(20:27) resolver or they expect you to run a program locally on your machine so with the skynet kernel you can basically install the extension into your browser and then that’s the only step you have to take the kernel can then load trustless modules to get you um initially so in the in the beginning we’ll probably be doing spv modules to load or to resolve handshake names but with the help of utreexo it is completely technically feasible to run an entire hns full node from your browser and that that may require some

(21:06) a little bit of rewriting uh just to meet the the storage limitations of the browser but we do we do know that it’s possible to build a blockchain full node that runs as a kernel module and we are building our own blockchain the skynet blockchain as a kernel module well that’s i mean i think everybody’s really excited about that that that’s pretty awesome right there that’s really cool thank you uh and then uh another question from johnny woo what’s your largest roadblock right now um yeah so i mean

(21:51) really it’s just time and getting people to build more modules i think this you know kind of like the node ecosystem the node ecosystem is a lot more interesting when there are a lot more node packages uh this kind of kernel ecosystem is a lot more interesting when they’re a bunch of kernel modules and so you can build handshake modules you can build other blockchain modules you can build you know social graph modules you don’t the modules don’t have to be strictly talking to a blockchain you could you could have a module that just

(22:21) knows the list of who your favorite friends are and so building building that sort of stuff out is is going to help things um but yeah i you know we we hope to have uh significantly more ready in about a month um and then we had a comment from matthew zipkin about how it’s slow um so yes the the the main approach to doing full nodes in the browser is using wasm uh to validate blocks and then we use a technique called utreexo to eliminate the need for a database so you you basically have the state of the blockchain represented

(23:04) as a merkle tree and a transaction rather than being standalone includes a merkle proof for which state it’s touching and how that state gets updated and so it allows full nodes to skip out on having any sort of database and then to do all the hashing and signatures and the computational expensive stuff basically the whole block gets verified inside of wasm um and then something that completely blew our socks off when we were benchmarking we found that doing crypto operations in rust wasm had less than 10 overhead

(23:42) of doing crypto operations in rust bare metal um so if you’re using rust wasm it’s basically it’s essentially as fast as doing rust bare metal we were completely blown away this is not this was not the case in 2020 but there have been two years of developments and optimizations and i think a lot of people committed to making rust wasm fast and they have they have done a good job they have impressed us immensely so yeah we we highly recommend russ wasm if you need a module that goes fast all right cool definitely uh people

(24:21) getting really excited and then this goes back with um the http uh dopeman is just asking like uh going forward will you make it clear that the connection is actually secure so for the end user that’s that’s clear to them yeah so the best we can do right now is messaging um the the ideal scenario is that we can work out some deal with the browser itself uh like like we can talk to firefox in mozilla um and i don’t think we’d have much success with chrome but maybe with like brave or opera um so that they make an exception and

(24:58) they know that if it’s a kernel loaded url they just go ahead and display the secure lock anyway and let it be https but um i don’t know like how long the road to that conversation is is obviously a very political thing as opposed to a technical thing so we will um yeah the the goal or the way to fix that would be to get the actual browser vendors to sign off on presenting the secure lock for all of the all the kernel loaded web pages yeah browsers have been the main gatekeepers with uh all this stuff that

(25:35) has been a definitely a common thread uh here’s another question from amd yeah so is it possible that skynet makes a web3 browser application like the others um so skynet as in skynet labs uh we’ll probably not make something like to replace google search but kind of the the goal and what we’re trying to build is we’re trying to give everyone else the tools that they need to build their own uh applications and so if you personally feel like you know google search is something that needs to be replaced um

(26:14) yeah come come join our community we’d love to we’d love to spit ball with you and come up with ideas and figure out you know what it what it takes to to make the decentralized google search um so yeah the the goal here is is to replace web 2 with a decentralized web 3. all right cool awesome and then this will be probably our last question here yeah so minimal hardware requirements we don’t know yet um for for the bare bones skynet kernel um basically anything that can run chrome uh which itself is kind

(26:54) of kind of power hungry but if you can run chrome you can add the skynet kernel as well for the full nodes we think that we can get the ram requirements of the full node under 50 megabytes um so we we think that it can be pretty lightweight but we we’re not going to know until we finish writing the code so we we have ideas and we we will see if they work all right cool and actually maybe one more from stephen i have had i have not had a chance to look into h search so that will go to the top of my list and i’m yeah i’m

(27:35) excited to check it out alright cool he’s actually speaking uh later today as well so if you want to check him out he’s uh speaking in a couple of hours um all right so we’re almost at time here uh you got everybody very very excited you got me very excited um so we’re very much looking forward to to where this heads in the future i got us very inspired david so uh thank you again for for uh giving us your time uh any last words no it’s uh great to be here i’m glad everyone’s excited and uh yeah i’m glad

(28:12) that you guys are excited as i am i think i think it’s incredible and uh it’s good it’s it’s good to have company all right awesome all right we’re gonna end it here we’re gonna be talking next with alani from akash so i hope to see you guys there in just a little bit [Music] [Applause] [Music] got [Music] kinetic is a blockchain crypto investment firm based in hong kong and puerto rico

(29:17) [Music] founded in 2016 they were the first fund in hong kong and one of the earliest in asia with a portfolio of over 220 companies they received investors in such projects as ethereum parity and polka dot solana ftx and of course handshake in name base [Music] founder johann chu was an active investor and supporter of the handshake ecosystem over 100 000 domains co-founder of d-web foundation co-founder of handicon and sponsor of the handshake house at miami hack week 2022 [Music] [Applause] [Music] [Applause]

(30:23) [Music] [Applause] [Music] uh oh