@farbandish
Immigration sucks
IO: have you worked?
Me: Yes, but I didn't ever get the docs you're asking for
IO: YOU GET TO WORK IN THIS GREAT COUNTRY BUT YOU "DONT HAVE THE DOCS"?
... (Scolding continues)
IO: Wait, why didn't you say it was an internship?
Me: ...
> Among our most interesting findings is that only 27.2% of vulnerabilities in cryptographic libraries are cryptographic issues while 37.2% of vulnerabilities are memory safety issues
Please stop writing crypto in C/C++/assembly, people
Very happy to share that I’ll be joining Penn CIS in Fall ‘23 as an assistant professor! Looking forward to working with the excellent faculty and students there.
Huge thanks to my mentors, collaborators, friends, and family for their guidance and support :)
Hi everyone!
I’m once again recruiting PhD students to join my research group at UPenn! We work on applied crypto, with a focus on ZKPs and MPC, and an eye towards applications in security, systems, and PL.
If you’re interested, apply at
Hi all! I’m looking for students to join my research group at UPenn in Fall’23! My research is in applied crypto, with a focus on ZKPs and MPC. If you’re interested, please reach out, or apply at .
You can find more info at
I wrote a paper:
We construct the first folding scheme without using public-key cryptography. This yields efficient IVC with several benefits: plausible post-quantum security, support for arbitrary fields, etc. With
@bbuenz
,
@zkproofs
,
@mercysjest
Excited that our new paper on more efficient recursive proofs is out!
TL;DR: Incrementally verifiable computation from a very simple, *non-succinct* argument for R1CS
Joint work with
@benediktbuenz
, Alessandro Chiesa, William Lin, and
@_nickspoon
One aspect of the Apple CSAM fiasco that I haven’t seen discussed elsewhere: flagged images undergo human review. these reviewers are going to be exposed to a lot of nasty stuff; has there been any word on mental health protections for these workers?
If you had any doubt that backdoored encryption would be used only against "criminals" (whatever that word even means), let this thread disabuse you of that notion.
The state will indiscriminately target any and all critics; backdoored encryption is anathema to a free society.
TIL that that what we call in zkSNARK land the "vanishing polynomial of a subgroup" is what mathematicians call the "annihilator" polynomial of the subgroup.
In 2002, I served on the PhD committee of Aamod Khandekar, a student of Bob McEliece. Aamod's thesis described Irregular Repeat-Accumulate (IRA) codes, with improved encoding efficiency compared to previous LDPC codes. Apparently, this was a good idea.
Excited to introduce Marlin: a new preprocessing fully succinct pairing-based SNARK that has universal and updatable SRS! (Plus additional goodies including a provably-secure recipe for constructing new zkSNARKs!)
Code is available here:
Hi all!
We're gearing up for a 1.0 release of the `zexe` libraries, and we'd love to get help with refactors before then!
I'm happy to mentor interested folks, on both the
@rustlang
and ~advanced crypto implementation fronts =)
This is cool:
@signalapp
is using doubly-oblivious Path ORAM for contact discovery!
Small brag: they build upon some of our techniques from Oblix :)
cc
@ralucaadapopa
@Podcastinator
Yup, while the blockchain space has many problems, it has also injected a ton of energy and new ideas into modern cryptography, security, dist sys, formal verification, and PL research.
“Academic computer scientists everywhere say that blockchain technology is crap” is not a real reflection of the research literature or the state of the industry.
@EliBenSasson
@DCbuild3r
@SuccinctJT
This has never been the case for any other cryptographic primitive… no one says that EdDSA has less classical security than hash-based signatures, or that RO-based Merkle puzzles achieve better security than Diffie-Hellman key exchange.
@VitalikButerin
The constructions of iO that you mention rely on evaluating low-degree PRFs "in the exponent". For eg, degree-2 PRFs can be evaluated via bilinear maps, However deg-2 PRFs can't exist, and so we have to use degree-3 PRFs, and evaluating these requires trilinear maps.
We've updated the full version of our paper on recursive *NARKs* (no succinctness necessary!). Key takeaways:
* a very simple NARK and acc scheme for it
* recursion from any curve cycle , including secp-secq
* optimizations to our impl (online soon)
@benediktbuenz
@_nickspoon
@Ego9Alter
@shahmiruk
Because these laws were in place for 87 years before independence. That's like 2-3 generations of leaders shaped by these laws. That it took only 71 years to undo 87 years of damage speaks to the strength of Indian culture, and renders your point moot :)
From a crypto perspective, all this hoopla in other fields about putting papers on preprint servers is quaint and funny.
The point of research is to increase the sum of human knowledge, and not to hide your discovery until a committee approves it
@Savio_Sou_
@AnnaRRose
This is wrong, ZKP is a subset of MPC. MPC is strictly more powerful than ZKP. Also, we don't know how to do "computation over private data" with ZKP: the prover knows the witness in the clear always.
The silence of cryptocurrency twitter on the protests speak volumes. Y’all want to “overthrow unfair economic systems”?
Well then support the people on the streets that are doing that right now. Go out and join the protests. Use your platform to amplify oppressed voices.
Is it just me, or has there been an uptick in bad-faith discussion recently about blockchain stuff from traditional-tech ppl?
Eg: complaining about environmental impact without even checking to see if the underlying chain uses PoW
Cool idea for recursive SNARK chains like Mina and PolygonZero: augment the existing recursive circuits to additionally implement a VDF, thus obtaining an arrow-of-time and reducing subjectivity issues, basically for free
Just heard about a customer service exploit where the person called up multiple times and corrected a single character "misspelling" until the entire account was in his name.
Kind of hilarious that Goldreich's Foundations of Cryptography lists Zero-Knowledge under "Basic Tools", but Encryption Schemes under "Applications" lol
One of the original PCD papers, [BCCT13], is a masterpiece, and a highly recommended read for anyone working on folding. Really anticipates (and often *solves*) problems that people are working on today.
I don’t intend to be mean, but why do so many Dfinity-related tweets look like word soup output by GPT2 trained on replies to Elon Musk tweets?
Like, I’m sure there’s interesting tech underneath this, but it’s difficult to find beneath the hyperbole
@shlevy
@jayjayHales
Lmao hell yeah, all the research I do should be available for free to the public. Like why would I do so much work to have it be locked in the hands of some stupid middlemen who contributed precisely nothing?
Fun project idea for a bored student trying to get into zk: implement a parallel MSM that leverages tokio instead of rayon for parallelism.
(use this as a starting point: )
It’s always hilarious seeing HN comments on posts about theoretical crypto (and math in general). Rivers of text that are devoid of any intellectual curiosity, all confidently declaring the research to be useless ivory-tower circlejerks that industry already knows how to do
Thanks to
@kobigurk
for an awesome new implementation of the Groth16 zkSNARK in ZEXE:
The ZEXE ecosystem now has three state-of-the-art SNARKs: Groth16, GM17, and Marlin; each provides different trade-offs =)
Trump: "looting starts, shooting starts"
Twitter: oh you naughty boy, here's a light rap on the knuckles
People: "lmao Trump has covid-19, what a fitting end that would be"
Twitter: you're suspended
@bcantrill
There are many faults of the blockchain space, but lack of technical depth is not one of them. Blockchain researchers (in industry and academia) have made significant contributions to cryptography, dist sys, and mechanism design research, incl top-tier peer-reviewed pubs.
Free suggestion for super fast proving with succinct proofs: pick your favorite Generalized Mersenne prime p close to 256 bits. Generate FRI-based proofs over p. Use Cocks-Pinch to generate a pairing-friendly curve with scalar field = p, and recursively verify your FRI proof
We've updated the Marlin paper and implementation with some nice optimizations that greatly improve prover time, verifier time, and proof size. Check out the improvements!
This is an interesting and informed criticism of blockchain; much better than 99% of the garbage you see out there. I disagree with some of the points, but at least they make sense:
What absolute nonsense. Literally in every semester that
@ncweaver
has cotaught this class, or someone else has taught this class, the treatment of cryptocurrencies has been more levelheaded
This lecture from
@ncweaver
amazing. This is *actually* how people with computer science backgrounds talk amongst each other about the tech behind crypto and "web3". Because none of it makes any damn sense.
@Culture_Crit
@cryptodavidw
Isn’t this partially selection bias? I’m sure there was plenty of art from that time that wasn’t as impressive and did not survive
Math is really lovely in that you'll spend 5 pages doing labourious calculations to hand-verify special cases of something you're investigating, and then you'll find/prove a theorem with a half-page proof that generalizes all your calculations
@a16zcrypto
Fantastic compilation! I would add a couple more resources:
* Alessandro's course on proof systems:
*
@__zkhack__
puzzles (under the tutorials/demos section)
*
@arkworks_rs
libraries under tooling (shameless plug)
@VitalikButerin
By exceptions to the invertibility, you mean elements that have an inverse that is difficult to compute, or elements that don’t have an inverse?
The replies to this tweet indicate that many cryptographers find UC proofs at least a little bit incomprehensible. Yet I have seen few efforts to fix that. What can be done to change this?
The hubris here is astounding. Since when are systems employing relatively complex dist-sys, game-theory, and crypto techniques “stupid”?
Like, there are plenty of legit criticisms of cryptocurrencies, why pick a fake one that just makes you sound obnoxious?
The fact is if you get deep into the tech, cryptocurrency is *impressively* stupid, in the same way it would be difficult but stupid to make a working slot machine entirely out of raisins. And the fact that this slot machine pays out real money with every pull is unsettling.
Do folks have resources on non-trivial smart contract design (involving multiple input and output "coins") in the UTXO model? I'm looking for ways to make it as ergonomic as account-model design.
Meet Eswar and Aparna! This brother-sister team can always depend on each other. What do you think makes them a force to be reckoned with this season?
#AmazingRace
Excited that our paper on secure inference for convolutional neural networks is finally online!
TL;DR: our protocol produces predictions in just a few seconds, and uses techniques from ML to optimize the CNN for efficiency within 2PC
Code here:
No more waiting.
Today you can deploy a Leo application on the Aleo network. This is a first of its kind accomplishment for the ZK space and a major milestone on our path to mainnet launch.
5 years ago this was a theory on paper. Today it is a reality.
An updated version of our paper that improves the running time (under 1 minute), and describes how to constructs private decentralised applications (like private DEXes that prevent frontrunning)!
[Revised] Zexe: Enabling Decentralized Private Computation (Sean Bowe and Alessandro Chiesa and Matthew Green and Ian Miers and Pratyush Mishra and Howard Wu)
@thogge
@paulg
@danprimack
Lol as if “owning” stock is collective ownership. Hint: you don’t “own” any part of your company if you have a minuscule say in how it’s run
hot take: the real reason we should use additive notation for group ops is that in Rust it's natural to overload + via `Add` and * (for scalar muls) via `Mul`.
For multiplicative notation you need to overload `^`, but that's xor in Rust
(Rust is obvs best lang for crypto)
@AlexJFinley
@reclaimuc
Literally at Berkeley they call this “instructional resilience”
They deployed this when the state was burning down, and deployed it when the pandemic started
The code for the accumulation scheme part of our paper is available at !
99% of the implementation credit goes to Will Lin, an undergraduate(!) who has recently contributed to a number of arkworks libraries.
Excited that our new paper on more efficient recursive proofs is out!
TL;DR: Incrementally verifiable computation from a very simple, *non-succinct* argument for R1CS
Joint work with
@benediktbuenz
, Alessandro Chiesa, William Lin, and
@_nickspoon