Olivia
Online
ClankPan ∞
@ClankPan
Rust🦀, contributor to KinicDAO, VectorDB, zkVM, 発言は個人の見解です。
面白かったゼロ知識証明の記事や出来事について取り上げていきます。
Joined June 2021
588 Following
806 Followers
1.6K Posts
Pinned Tweet
"Sum-check Is All You Need"
https://t.co/5XtYnsnhRF
Formal verification of software is having a moment. Thanks Vitalik🫡!
But most unfortunately, assume Lean is the only path. It's one of many approaches & each comes with very different trade-offs.
Let's look at the trade-offs in four axis:
1) Spec depth: how much of a program can be formally verified using the tool.
2) Security: all possible outputs proven safe.
3) LLM ease: how easily an LLM produces code that meets spec.
4) Succinct verification (probably nothing 🤷): verifying the whole chain — natural language → spec → formally verified code — end-to-end in <1s. *A superpower only cryptography (ZK proofs) can deliver.
Before: machine speed coding, human speed verification. Lots of bugs, lots of hacks.. lots of pain.
After: machine speed coding, machine speed verification. Provably correct, end-to-end, in under a second.
We have Vericoding working at ICME Labs.
DM to try it or collab!
How to Read a ZK Protocol? How to find High impact Vulnerability in zkp?
- When reading any ZK protocol, ask these questions:
- What is the statement?
- What is the witness?
- What is public?
- What is private?
- What does the prover control?
- What does the verifier check?
- Where does randomness come from?
- What is committed?
- What is challenged?
- What is revealed?
- What remains hidden?
- What assumptions are required?
- What happens if inputs are malformed?
- What edge cases exist?
- What exactly does verification guarantee?
These questions are simple. But they are powerful.
They turn you from a passive reader into an active reviewer.
That is how you begin thinking like a ZK engineer.
And eventually, like a ZK security researcher who find High impact bugs!!
I found a critical soundness bug from Jolt zkVM by @a16zcrypto , and successfully exploited it by proving 1333337 == 1333338, which is the highest impact for a zkVM.
Deatils and PoC at https://t.co/QWPNmOqq6v , please check it out!
It was resolved at https://t.co/2ZmI464xZP.
そこそこの規模の言語のコンパイラがClaude Codeを使ったら1週間くらいで書けてしまった。手ではもう書いてられないよなぁ。
僕がコンパイラに詳しいからできるというのは現時点では真実だろうけど、大局観のある人間とAIを組み合わせれば最強みたいな状態は将棋では数年で終わってしまったわけで。
Rustで &v[start..start+len] っていうのを、&v[start..][..len] って書けることに気づいたんだけど、これ有名なテクだったりするんすかね。startが式とかの時に一時変数に束縛しなくてもよくなったりするけど、初見だと、おや?って感じがしなくもない。
???「𝕏社会学の公理その一、承認は、ユーザの第一欲求である。その二、ユーザはたえ��成長し拡張するが、𝕏におけるインプレッションの総量はつねに一定である。
それと、もう一点。この二つの公理から𝕏社会学の基本的な青写真を描くためには、あと二つ、重要な概念がある。拡散連鎖と、炎上爆発」
There are things from web3 that are essential for any meaningful agentic commerce.
One overlooked one: succinctly verifiable agentic guardrails!
In Denver.. atm. If you are a VC and just want to chat about current Sota of any technical area in web3. I or anyone of my PhD team mates will give you time..
PhD meet MBA type mini sessions ;)
It’s amazing how much nonsense floats around, from things people thought two years ago..
Let’s update our brains to understand SoTa and then see where it is finding pmf.
If you are a non-technical VC let's chat about TEE in Denver.
It's in many specs for agentic web3 and is generally the easiest g2m.. but there are drawbacks & caveats.
TEE are not a silver bullet.
1. TEE proofs are generally not succinct. So to prove on ETH/SOL/other, or on constrained devices you need to wrap in zk (zkDCAP)
*You are going to have to pay more gas, use other chains, or have a zk overhead in any case. @_weidai
2. TEEs are expensive. To order a GPU-enabled TEE, it can cost upwards of $30,000 per GPU with lead times of 6 months or more .. or $2–8 per GPU-hour to rent in the cloud. Or you can use @PhalaNetwork.
3. zkML was super slow.. years ago. Modern ZKML is finding traction in real world use-case across various sectors and companies.
As shown with Layer_Zero and more generally 'mathed out' by @SuccinctJT .. sumcheck based lookup centric architectures are blazing fast.
1gpu realtime proving of 1cpu is likely happening this year.
*A noble endeavor with strong technical foundations 🦾
By extension our zkML variant of JOLT; Jolt-Atlas is benching at amazing speeds..speeds that even a year ago people would say it's IMPOSSIBLE.
4. Different security assumptions. You can look into this for whatever tech (ZK, TEE, FHE, whatev).. trust hardware providers, trust math.. trust slashing.. etc.
---
The golden grail 🥛 is use-case.
Users pick what they need and operators *should* pick the tech to match.
Do the users care about cost (price elastic)?
Can they afford TEE?
Do they trust NVIDIA?
Do users even want blockchain?
Do we need ZKML?
As some smart skeptical people have asked. @VitalikButerin
✅Yes for very specific use-case.
For our users.. we wrap a well known big cloud approach to agentic guardrails (AR); in a very web3 way (zkML).
Natural language -> to formal logic (special SLM) = protects up to 99%.
This is compared to human-in-the-loop, heuristics, and observability.. which at best get up to 88%..
12% of the time the airplane crashes.✈️🫣 windy day...
The issue with this approach is that AR is not succinctly verifiable. Its black boxed. The policy needs to be public.
But with the tech we have at @icme_labs / @NovaNet_zkp makes it succinctly verifiable with minimal trust assumptions 🥁
When we meet.. we can talk about some economics around agentic guardrails.
TL;DR.
The only way we will have secure machine speed agentic commerce — is with machine speed verifiability.
Humans (principals) will never be able to keep up with agents moving at machine speed.
Reputation, human tracing, stopping to check spooky looking transactions.. will not scale.
This economic fact REQUIRES succinctly verifiable proofs (ZK).. if you want e2e verifiability with private policies it REQUIRES zkML.
zkML is the standard, for guardrails.
https://t.co/iOvlM1T3Ru
SNARKで何かをしたいとき、
"計算するな検証しろ”
というのを常に考えたい
FoldingScheme を切り拓いた Srinath Setty さんが、Microsoft の週3勤務の職を三つ募集しているようです!
1. Nova/SDKの開発、GPU最適化など。
2. ZK検証のSolidityコントラクト開発など。
3. トップ国際会議での論文発表など。
条件
1-2.はCS関連の���士号と4年の経験
3. はCS関連の博士号・課程
Hiring ZK engineers & researchers to build next-generation provers and real-world applications!
We’re looking across the ZK stack: prover design & implementation, circuits, and smart contracts.
DM if you have questions!
Links to apply 👇
Justin Thaler からの量子計算機まわりの注意喚起
1. 過剰に恐れないこと
2. 適切な場所に適切な時間をかけること
3. 一番怖いのは急いだ結果の実装バグ
機密が漏れる可能性のある暗号から対策を始める。量子計算機が登場しても、偽の署名や証明が作られるだけで、SNARK のゼロ知識性は破られない
1/ Quantum computing predictions lately range from "public key cryptography will be broken in 2 years" to "it's a century away." Both are wrong.
My latest post explains what publicly known progress actually supports — and what blockchains should do about it.
Thread below 🧵
8年前のzcachのスレッドにて、TNFS は既存の攻撃手法の NFS よりも速く、 BN254(BN_128) は想定よりも弱いのではと議論された。
その後、多くのプロジェクトはより大���な BLS12-381 への移行を進めたが、 現在に至るまで TNFS は NFS よりも遅く、これは空振りの警告だったのではないかというお話。
NFS experts:
Was the tower number field sieve in hindsight a false alarm causing many to move to larger curves because of over-optimistic estimates to its practical performance?
https://t.co/EQSCdlhY2f
"プライバシーを守るのは公衆衛生と似ている"(かなりの意訳)
Privacy cannot be solved at the technological layer alone; The appropriate level of privacy in shared systems is ultimately a social choice, mediated by legal norms and political legitimacy, with technology merely expressing the boundaries we collectively decide.
LatticeFoldとNeoのAjtai Commitmentだけど、on-the-fly にpublicパラメータを生成できるのはとても良い。ただ、乱数の行列を作るだけ。
しかも、コミットメントがたったの2KiB
だけど、とにかく乱数の数が多い!
witness数*16*64 個の乱数を生成しないといけなくて、下手すると1億個の乱数が必要!
人類はすでにビットコインだけで、2^96 回分のハッシュ計算をやってしまったらしい。
このePrintが出たタイミングで、セキュリティビットが128bit ほど必要なことが、ある意味確かめられたわけで、すごく面白い。
https://t.co/lSm3N2u4pf
My rough math based on average difficulty stats suggests that Bitcoin mining crossed the total 2**96 hashes milestone very recently?
Seems like a good reason to insist on (close to) 128 bit security (ie. @drakefjustin was right)
31 bit 程度の小さな体を使ったHashベースの SNARG/STARK では、パラメータをギリギリまで攻めるのは想定ほど安全ではない、とのことで、
KoalaBear, BabyBearなどを使う場合には、少し注意が必要かもしれない。
著者のGiacomoはEPFLのZK研究者で、共著のAntonioは Ethereum Foundationの暗号研究者
New work with @asanso!
We present an attack against hash based SNARGs using small fields that reduces conjectured security by around 10 bits.
Most hash-based systems using 31-bit (or smaller) base fields are affected.
https://t.co/OL6NhNevNZ
"サービスや便利さの値段は、どれだけプライバシーを諦めるかで決まってしまっている" (意訳)
I believe it was Henry David Thoreau who once said:
> The cost of a thing is the amount of what I will call _privacy_ which is required to be exchanged for it, immediately or in the long run.
Ligeroの共同創業者のMuthuによると、端末で省メモリに証明できる変更がplonky3へマージされたとのこと。
世界的なメモリ高騰の中でのこのコントリビューションは、plonky3を使う全員にとって嬉しいはず!
A shoutout to @jedodinh from the @ligero_inc team. Our goal is to scale ZK so you can prove anything from a device in your pocket, which crucially requires memory efficiency for the prover.
Jérémi from our team pushed an update to plonky3 that helps exactly with that. Hash-based ZK needs to run parallel FFTs, which typically require pre-computed twiddle factors. With this update, plonky3-based programs can share the same DFT instance across multiple threads and reuse the same precomputed twiddles, eliminating redundant computation and unnecessary memory usage.
この人たちだけを追えばいい、のZK界を引っ張る人たちのリスト作ったので、よければ皆さんも��ォローしてみてください🦾
https://t.co/qf633a6Gma
Last Seen Users on Sotwe
Most Popular Users
Elon Musk 
@elonmusk
240.6M followers
Barack Obama
@barackobama
119.2M followers
Donald J. Trump
@realdonaldtrump
111.7M followers
Cristiano Ronaldo
@cristiano
110.5M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.6M followers
NASA
@nasa
92.2M followers
Justin Bieber
@justinbieber
90.9M followers
KATY PERRY
@katyperry
87.6M followers
Taylor Swift
@taylorswift13
81.5M followers
Lady Gaga
@ladygaga
73M followers
Virat Kohli
@imvkohli
69.8M followers
Kim Kardashian
@kimkardashian
69.8M followers
YouTube
@youtube
68.7M followers
Bill Gates
@billgates
63.9M followers
Neymar Jr
@neymarjr
62.5M followers
The Ellen Show
@theellenshow
62.4M followers
CNN
@cnn
61.9M followers
X
@x
60.8M followers
Selena Gomez
@selenagomez
60.7M followers