0xKitetsu.eth |zkVM arc| For Hire

I've been working on a post-quantum cryptography registry/wiki and it's now live. If you're an engineer trying to evaluate PQC algorithms side by side, you have to piece together information from FIPS documents, ePrint papers, mailing list threads, and scattered READMEs. There are some existing resources out there for parameter sets but I wanted something that goes much further and includes everything; algorithm descriptions, use case and feature filtering, benchmarks, implementation references, and wiki-style prose all in one place with a consistent schema. So that's what this is. It covers nine algorithms today; the NIST standards (ML-KEM, ML-DSA, SLH-DSA), the NIST pipeline (FN-DSA, HQC), blockchain-specific schemes (SHRINCS, SHRIMPS, leanSig), and XMSS. There are a lot more I want to add and the registry is open source so contributions are welcome.

One other thing worth noting: this doesn't affect just EC signatures, many ZKP systems are affected just as much. Broadly speaking, modern ZKP systems use one of three types of cryptography under the hood: 1. Elliptic curves (whether paring-based or not) - these are used by most SNARKs. 2. Collision-resistant hashes - these are used in STARKs and Ligero, among others. 3. Lattices - these are relatively novel but up-and-coming systems. Quantum computers, like the ones mentioned in Google's paper, will straight up break anything that uses elliptic curves (e.g., it will be possible to create proofs for computations that never happened). Hash-based and Lattice based systems are not vulnerable - but out of these, only hash-based systems are probably secure (given the underlying hash function is secure). Another aspect of this is that data encrypted with EC-based cryptography and stored on-chain may be vulnerable even now. This is because of "harvest now, decrypt later" attacks. This is especially relevant for blockchains where data (even if encrypted) once stored on-chain is accessible forever. This is one of the reasons we chose STARKs for Miden from the start. Our proof system is hash-based (and thus resistant to Quantum computers), and we use state commitments rather than encrypted state. That sidesteps the harvest-now-decrypt-later problem entirely.

Quick announcement: After long and heavy suffering :) the S-two white paper is finally out: https://t.co/8WyVwoPE6h Although nothing new in regard to the basic principles (a circle STARK, etc.) the white paper yet contains several details of broader interest: - A formal description of the flat AIR circuit model (used by several contemporary zkVMs) - A thorough soundness analysis of multi-table proofs: If one does not use "lifted" FRI, taming the soundness error turns out to be more sophisticated as expected. We introduce the notion of "cross-domain correlated agreement", and show that multi-table FRI satisfies this property. - A discussion of adjusted conjectures, which takes into account the recent boost of proximity gaps counter examples. We believe that it is plausible to hope for acceptable list- and line-decodability properties up to the information-theoretic barrier, the Elias bound. Thanks for all the help from the StarkWare team, and in particular to Dmitry Krachun for the many helpful discussions around his counter example.