We held a multi-channel “Ask Me Anything” or AMA session with our collaborators KardiaChain and CertiK on June 7th, 2019. CertiK is developing formal verification technology for smart contracts and blockchain ecosystems, while KardiaChain is working to bring a scalable and interoperable blockchain platform for decentralized applications. KardiaChain Chairman Hung Nguyen and CertiK COO Daryl Hok answer questions from the communities! This transcript has been lightly edited for clarity.
1 – Hi everyone, thank you for joining us. KardiaChain and CertiK, could you please give a short introduction on your background and your project?
Mr. Eric Hung Nguyen: Hi, my name is Eric, I am the co-founder/chairman of KardiaChain. KardiaChain is an interoperability blockchain platform project, focusing on cross-chain connection. My background is in Finance — I spent 12 years in London, working for 5 years at Nomura London at the credit trading desk, and later moved to the Elliot Advisor hedge fund. I am a CFA charter holder.
Mr. Daryl Hok: Hi everybody, thanks for having me for this AMA. I am the COO of CertiK. I graduated from Yale University with a dual major in Economics and Psychology. Before joining CertiK, I worked at a machine learning, legal tech company called FiscalNote, where I spearheaded the Corporate Development team. CertiK is a leading blockchain security company founded by computer science professors at Yale and Columbia University. Our core technology performs Formal Verification, which uses mathematical proofs to prove that the source code is secure and performs as intended. Formal Verification is also used on aerospace (e.g. NASA’s Mars Rover) and airplane software, where security and correctness are absolutely critical. CertiK has worked with top projects in blockchain, including BNB, TUSD, NEO, and KardiaChain, and looks forward to continuing to secure the blockchain world.
2 – We see that both projects have their own unique features, not only the technology but also business development wise. Why are the two projects a good fit for collaboration?
Mr. Eric Hung Nguyen: CertiK is the industry leader in blockchain cybersecurity, with many years of experience in formal verification. We believe they possess the highest levels of understanding in the fields of cybersecurity, smart contracts, and the blockchain network as a whole. With this partnership, we will strengthen the security of our blockchain and Dapps running on our ecosystem.
Mr. Daryl Hok: As a specialist in the security area of blockchain, CertiK has the advantage of being connected to various projects, across all use cases. We have been connected to KardiaChain because we heard about the promising project and understood that it would make sense to leverage our technology to help secure the ecosystem. Both CertiK and KardiaChain are working on being at the frontier of our respective areas, and we share many top investors and connections. Several of them suggested we collaborate, so here we are!
3 – How long has CertiK been in development? How did you start the project?
Mr. Daryl Hok: CertiK’s work originated from the research labs at Yale, led by Professor Shao. Professor Gu had gotten his Ph.D. under Professor Shao, and the novel technologies of Formal Verification were developed during that time. In 2016, they created the world’s first fully verified, concurrent OS kernel, CertiKOS, which proved that the novel Formal Verification technology can be used to create fully secure, complex programs. CertiK uses the same Formal Verification techniques on blockchains and smart contracts. Whereas historically, Formal Verification had been traditionally used on mission-critical hardware applications (like the previously mentioned airplanes), blockchains and smart contracts have become examples of mission-critical software applications because they are open-sourced, permanent, and self-executing. When people use blockchains for currency, there is no customer service department, so the best way to be safe is to know that it’s mathematically impossible for certain vulnerabilities to occur.
Mr. Daryl Hok: Part of the problem in smart contract development is that, even with multiple people checking code, it is not humanly possible to check every scenario. Once the smart contract goes live, the open-source nature allows anyone to dive into the code (whether for good or malicious reasons), meaning that if there’s a vulnerability, it may just be a matter of time until it’s exploited. CertiK solves those problems by using math to compute every scenario to check them before anything bad can happen. Although the process of Formal Verification requires deep expertise, the concept is pretty simple. A mathematical model is made about what each area of the source code is intended to do (e.g. your account balance, let’s call it “x,” should never be negative, so x >= 0). Then, a different mathematical model is made from what each corresponding area actually does, based on how it was coded (e.g. is there ever an instance in which the account balance, “x,” is negative, or x < 0?). If both models hold to be true and consistent, then “x” can never be negative, and your program performs exactly as you wanted.
5 – What is the difference between dual node and cross-chain?
Mr. Hung Nguyen: Cross-chain is a concept referring to the transfer of data and/or assets from one chain to another. Dual-node is KardiaChain’s pending patent solution for cross-chain connection.
6 – How will you use both technologies to build the KardiaChain ecosystem with major blockchains, such as Cardano, Bitcoin, and Ethereum?
Mr. Hung Nguyen: Dual node provides what we call non-invasive connections to other blockchains, meaning that it requires *no* change for a blockchain to connect to the ecosystem. This helps us to initially build a big enough network with major blockchains, such as Ethereum, Neo and Tron. We will standardize the dual node framework as we move along, so that new chains will be able to connect to the ecosystem easily.
Mr. Daryl Hok: Verification is important for any industry that has “mission-critical” software. Oftentimes, this would be anything that deals with vehicles (you don’t want something to reboot while you’re driving it), anything that deals with large amounts of money, and anything that deals with health (again, you don’t want there to be bugs in something used to save lives).
7 – I see in the market right now, there are several competitors with CertiK, who are working on the security issue. What features do you think CertiK has that will help it stand out from the others?
Mr. Daryl Hok: That’s right that there are many others working on tackling the problem of security, and we applaud that. We continue to see the industry plagued with security hacks, so it will take joint efforts to protect this global ecosystem. Security is such a big issue that it cannot be solved by just one company. At CertiK, we believe in our core technology to differentiate among similar services for smart contract auditing and penetration testing. Formal Verification, as mentioned before, is the most robust way of proving that source code only performs as it is intended to perform, and nothing more. Because Formal Verification relies on math, the work is transparent and anybody can check it themselves. We believe that, especially in a global industry, this is much more comprehensive than just trusting that a person or group of people have properly read through the code to look for bugs.
8 – Blockchain has practical applications for a number of industries, such as KardiaChain’s applications for data storage, but the technology is often explained in difficult terms. How do you encourage people and businesses to adopt blockchain when many don’t understand what it really is?
Mr. Hung Nguyen: I would say exactly like the internet, not many people understand the complex infrastructure underneath that drives the data transmission, but people can still derive great benefits from it, and the end result is a fast and smooth experience and the ease of use benefits consumers and businesses alike. We hold the same view of blockchain. People don’t need to understand on a deep level how blockchain infrastructure works, but can still derive benefits from the application layers and the excellent quality infrastructure it provides.
9 – A lot of people are waiting for the token sale and mainnet. It’s gonna be an important milestone. You have tentatively set the date for a token sale in Q2 this year. After the sale is successfully concluded, what will the focus of your team be?
Mr. Hung Nguyen: The actual implementations of our contracts with partners to bring Vietnam’s population of 100 million on blockchain, introducing the concept of digital tokens to them. We already have a number of ongoing collaborations with different parties.
For example, we have cooperated with the Vietnam Football Federation (VFF) and VietFootball to build a Dapp for football fans and football players. In this app, we introduced a Football point/coin to incentivize the community. Coins can be used to rate, review, buy merchandise, donate to players, etc.
On the technical side, Mainnet 1.0 will be launched in Q3 of 2019, and that’s why we are gathering more resources and expanding the team.
10 – What are your strategies for building a trustworthy blockchain ecosystem? How will CertiK contribute to a safer ecosystem?
Mr. Daryl Hok: Our first approach to contributing to a safer environment is continuing to audit top projects with our high level of intensity. We’ve worked with projects across all major protocols and will continue to offer our services to secure the ecosystem.
Secondly, the CertiK team is actively working on building our native CertiK Chain, and we will be releasing our testnet to the public soon. This chain will prioritize security, and, similar to how CertiKOS developed a groundbreaking OS kernel that provides utmost security, we’re building CertiK Chain from the ground up. Verified smart contracts on CertiK Chain will have certificates of proof, so anyone can validate to make sure that a smart contract is secure. There are many more details to come, so you’ll have to follow us on Twitter, Telegram, and Medium to learn more!
11 – What are zero-day vulnerability issues and why is so important to improve the reliability and security of system software?
Mr. Daryl Hok: Zero-day vulnerabilities are vulnerabilities that are unknown to, or unaddressed by, the group that is supposed to fix the flaw. Zero-day vulnerabilities are effectively sitting ducks, waiting for someone to either fix or exploit (if found). Because smart contract code is publicly viewable and because the actions of smart contracts are permanent, zero-day vulnerabilities in smart contracts are particularly dangerous. It is important to improve the reliability and overall security of system software through techniques like Formal Verification, because the risks are too high otherwise. If there are flaws in the base layers of blockchain, then everything built on top of them may also be in jeopardy. The industry has seen too many hacks, many of which would have been avoidable with Formal Verification, which computes all possible scenarios ahead of time to prevent them from actually occurring.
12 – I have noticed projects with a strong community, such as Cosmos/ICON. How are you going to ensure that KardiaChain also develops a strong community? A community that thinks along and cooperates in the further development of the project?
Mr. Hung Nguyen: Our aim is to bring Vietnam’s population of 100 million onto blockchain. The community, in our view, would be two-fold. The first is the inner circle of government and business leaders with far-reaching influence. This “community” will guide the direction/development of the blockchain industry. Hence, at each industry axis, we work with the industry leader as a partner in co-developing the business in that industry. The second is the general public simultaneously contributes and benefits from the expansion of blockchain adoption.
13 – CertiK has performed many audits of great blockchain projects. Where can we find the projects CertiK has audited? And could you explain to us the processes of the audit?
Mr. Daryl Hok: You can find many CertiK clients and partners shared on our Twitter, Telegram, and Medium, where we send updates about some newly audited projects and other important security topics! We don’t make announcements about all of the projects that we audit, but we do cover many interesting ones, including many projects that have asked us to audit them before their Initial Exchange Offering (IEO), such as Celer, Reserve, and MultiVAC.
The auditing process begins with our experts looking at your code, then providing a free quote. When the audit starts, we usually have a kickoff with project developers to learn any intricacies, and then we keep constant communication through the audit. Our experts meticulously label every function of the code before the Formal Verification engine begins its computation. After the mathematical proofs are completed, our experts do another thorough review to make sure everything looks good and all the math works. We show all our work in comprehensive and transparent audit reports, and we work with the project to make sure all critical vulnerabilities are fixed before the report is final. In the future, if there are minor changes to the code, we gladly offer the ability to audit the contracts again, at no extra cost.
14 – The traditional BFT consensus algorithm is unable to achieve scalability mainly due to its O(N^2) message complexity. So I am curious, why KardiaChain is going to use BFT DPoS?
Mr. Hung Nguyen: In this case, BFT is a property of a consensus algorithm rather than an algorithm itself. Due to the message complexity of a general BFT algorithm, the BFT consensus is not scalable in terms of the number of nodes. KardiaChain uses DPoS with BFT property, not BFT consensus. We can support high transaction throughput, including any number of transactions. As long as those transactions can get validated, then consensus is reached.
Thank you so much Mr. Hung Nguyen and Mr. Daryl Hok for answering our community’s questions. We cannot wait to see what the best and brightest innovators in the space can do when they work together on the KardiaChain and CertiK platforms for the betterment of the ecosystem. We would also like to thank our community members for all their interesting and insightful questions. Looking forward to the next AMA!
About Asia Blockchain Review
Asia Blockchain Review is the largest initiative for media and community building in Asia for blockchain technology. It aims to connect all blockchain enthusiasts on a regional scale and facilitate the technological foundation of blockchain through a range of group discussions, technical workshops, conferences, and consulting programs.
Our goal is to cultivate and encourage a collaborative community for our members to gather, share their experiences and endeavors in the blockchain space, and brainstorm the potential uses of blockchain technology.
Follow Asia Blockchain Review on:
We provide information about Asia Blockchain Review latest activities as well as global blockchain news and research. Subscribe to our Newsletter now or Contact us