Started writing a collection of informal definitions for common ZK jargon. Hoping this can help newcomers and experts alike nmohnblatt.github.io/zk-jargon-deco…

.Jim Miller found an insecure Fiat-Shamir transformation in Incognito Chain’s aggregate bulletproofs that could have allowed attackers to forge range proofs, mint arbitrarily large tokens, and drain millions of dollars in user funds without detection. blog.trailofbits.com/2023/08/02/a-m…

Crypto runs on the open source ethos. When projects don’t follow it, the ecosystem suffers. We were disappointed to see that ZKsync copied our code without attribution and made misleading claims about the original work, so we wrote this post. mirror.xyz/0x70DF15b0208e…

Introducing Lasso and Jolt, two new works that I hope will change how SNARKs are designed and built. You can read about them here: a16zcrypto.com/posts/article/… (1/6)

An incomplete guide to Folding: Nova, Sangria, SuperNova, HyperNova, Protostar. In this article, we figure out how folding works and what are its key applications. Check the article here: taiko.mirror.xyz/tk8LoE-rC2w0MJ… Highlights below 🧵 👇 1/

ChatGPT should be the first author in these papers lol

Kobi Gurkan Fede’s intern 🥊 oskarth Here’s Nova’s folding performance for sha256 reproduced by others: hackmd.io/u3qM9s_YR1emHZ…. Summary: folding is as fast as starky and 100x faster than plonky2. This is one benchmark (we need more!) and Nova needs parallel proving (a la ParaNova). HN will make folding even faster!

⚡️

I made a visual explainer for the memory-checking procedure used by Spark, Spartan's sparse polynomial commitment scheme (used in Lasso)

I enjoyed getting into the weeds of Lasso+Jolt in this Study Club Session and fielding tons of thoughtful questions! It should be a useful resource for anyone looking to learn more about these tools.

This paper is finally out eprint.iacr.org/2023/1271! A new ZKP protocol based on Plonk that can be fully distributed with only O(1) communication per machine! It was accepted by S&P 2024, and here's a post explaining the ideas and properties. rdi.berkeley.edu/zkp/Pianist/pi…

if you enjoyed this NTT 101 (honestly, great read), you should definitely check out Yuval Domb NTT 201 book github.com/ingonyama-zk/p…

Using Nova over secp/secq, proving time for 300 aggregated secp256k1 sigs is clocking at 8.44s on my mac. I ported it to wasm, you can try it from your browser - tested on desktop chrome. Writeup: hackmd.io/mArMuUx5TC2LEc… App: …browser-ecdsa-web-dmpierre.vercel.app Repo: github.com/dmpierre/nova-…

Excited and honored to join the contributors list to the incredible gnark library by gnark gnark is a zk-SNARK Go library that boasts exceptional speed and unmatched performance - truly amazing.🚀 🚀 🚀 github.com/Consensys/gnar…

Paul Gafni @tracecrypto1 RISC Zero I'm a bit confused with respect to "You need to send them a witness that's potentially tens of gigabytes". In the picture, the prover's input is 50MB (which I'm assuming is the witness size?). How did we go from 50MB (current scheme) to "tens of GB" (under folding schemes)? 1/2

We wrote a short note introducing BabySpartan, a SNARK for (non-uniform) Plonkish arithmetization where the prover only commits to “small” values (when the witness contains small field elements). The note is here: eprint.iacr.org/2023/1799.pdf.

New folding paper with my Ph.D. student Jessica Chen: We break through the "witness barrier" and go beyond the "lookup singularity". We show how to do reads AND writes to memory by committing to just 4 small elements. We also show how to avoid committing to intermediate witnesses

Looking to make sense of the mechanics for permutation arguments, lookup arguments, and range checks? Sharing a spreadsheet with concrete examples that will hopefully save you a few hours/days of headache. bit.ly/plookup-by-hand

For the First Time in History, a ZK Proof has been Verified on Bitcoin Signet! Yesterday, we announced the successful launch of our Stwo Verifier on Bitcoin Signet. Now, it's time to decrypt all the details 🤓 👇🧵

SENDING PROOF OF ALIGNMENT. I just got eligibly aligned with 136425 ALIGNED 🟩 Aligned Foundation. If you are an engineer or a researcher check if you are aligned at: genesis.alignedfoundation.org