This week, we have a new kid on the block in succinct proof systems: *Flock*.
Really cool work from @bbuenz (@EspressoSys), @ronrothblum (@SuccinctLabs) and @kleptographic (
Flock has major implications for *aggregation* of the hash-based PQ signature schemes being considered by the EF & others
👇🧵
Introducing Flock: a new SNARK for proving batches of standard hash functions at just 250× the cost of computing them natively.
Developed by @benediktbuenz from @EspressoSys, @ronrothblum, and NYU's William Wang, Flock puts Ethereum's Post Quantum target in reach.
Just finished latest @zeroknowledgefm ep with @wyatt_benno – thanks for the shout-out @AnnaRRose 🥰
Shirt in question ⬇️
Also it has some cool Jolt/Lasso grand-product terms for lookup permutation checking (used for folding-friendly accumulator in Nova-style IVC) in the back 😎
ECDSA is one of the most intellectually offensive constructions in modern cryptography.
It's ugly.
It's hard to thresholdize.
Indeed, every research grant and venture capital dollar spent on it is, in a final sense, a theft from better cryptography.
https://t.co/eFATG9NNF7
The "how I got into ZK" story sounds pretty crazy 🎧
With generous @SuccinctJT saying yes to a deep dive Asia-time session in the @__zkhack__ Discord on his book. @srinathtv participating in folding scheme meetings (we still run today), the @PrivacyEthereum + Lurk Labs folks who production-hardened my Supernova implementation, and a grant where @JensGroth16 came on a call.. @benediktbuenz telling me "it's all just polynomial evaluations" 😅, and many other awesome people I met along the way.
Hear the journey and where we are going on @zkpodcast 403:
https://t.co/IGId5y67y2
More people should know about the Interfold.
It's basically what I've been yelling at people to build with the MACI ideas ( https://t.co/mlDy84zXQo ) for almost a decade, and now it exists, in a generalized form.
The idea is: a privacy protocol optimized for things like voting (and other use cases eg. secret-ballot auctions). The mechanism generates a threshold encryption key, and people send in their votes onchain, using a ZKP to prove eligibility. An arbitrary computation on the votes gets run inside FHE, and then threshold-decrypted.
From what I can tell (the docs are good https://t.co/adzwK6ezMN ), it gets pretty optimal security guarantees:
* Voter anonymity can be made unconditional if eligibility is proven with ZK-SNARKs
* Censorship resistance is guaranteed by ethereum (votes can be posted directly onchain, and there's a proof that all posted votes are taking into account)
* The correctness of the outputted result can be ensured via ZK over FHE
* Liveness and coercion resistance depend on M-of-N honesty; unavoidable given present-day technology
The main limitation is that today "ZK over FHE" is only properly available for additive vote tallying, as it's too expensive for computations that involve multiplication or other more complicated manipulation at the moment. There's work in progress on slashing-based / optimistic computation for such situations.
(And of course ideally in the long term we'd figure out obfuscation so you can get rid of the M-of-N committees😃)
All talks from zkSummit14 in Rome are now live!
Dive into proof systems, privacy primitives, ZK applications, and our one-for-the-ages Quantum Question Panel.
Check out the full playlist here: https://t.co/iTMen7asNv
This reminded me of the @zeroknowledgefm episode we recorded last year about Watermarking AI using zkps... i wonder if @OpenAI have also considered this approach.
https://t.co/LgQ2Z73vWn
We’re adding new ways for people to identify AI-generated images and understand where they came from.
In addition to C2PA Content Credentials, images now also contain a SynthID watermark, and can be identified using a public verification tool to check whether an image was made by OpenAI products.
https://t.co/qo0l4vyWli
One of the wildest panels - The Quantum Question Panel at zk14 in Rome! Covering the urgency of the issue, & polling the ZK audience on their views
Our musical chairs panel had @nico_mnbl and I hosting @drakefjustin, @feminisItPLT, @JensGroth16@DanBoneh (arriving mid-session)
Yesterday we wrapped up our 14th edition of the zkSummit. Hosted in Rome, it was honestly one of our best yet.
Thanks to everyone who came out, to the speakers, sponsors and team! 💜🇮🇹
All videos are coming throughout the coming week! #zk14
🎙 For ep 400, @AnnaRRose brings back @danboneh — Stanford professor & one of the sharpest minds in crypto. They cover Google's quantum algorithm announcement, why rushing PQ transitions might be riskier than quantum itself, algebraic vs hash-based signatures, hybrid sig schemes, new ZK advances, and the Ethereum Foundation's $ 1M Proximity Prize. A milestone episode.
https://t.co/crVhKloGbn
What might practical Witness Encryption actually look like? Come find out this Thursday at zkSummit14 in Rome.
At 11:00 AM, @levs57 from [[alloc] init] will present our latest research covering the first plausibly implementable WE scheme in his talk:
“Towards Practical Witness Encryption from Arithmetic Affine Determinant Programs”