Sean Bowe @ebfull - Twitter Profile

Late last year, we decided to use simpler and more conservative cryptography for Tachyon to reduce the chance of bugs. Earlier this year, we hired @zksecurityXYZ to help configure our circuits for formal verification. Zcash's future shielded pools will all be provably sound.

Project Tachyon

@TachyonZcash

about 20 hours ago

As we blogged about last month, the new shielded pool we're developing for Zcash will use formal verification, more conservative cryptography, a simple arithmetization, robust APIs, fuzzing, and extensive auditing from humans and AI. And much more: https://t.co/H3bwCnzuLY

7

152

30

18

27K

3

131

28

11

6K

Who to follow

Benedikt Bünz ☕️

@benediktbuenz

Chief Scientist @espressosys ☕️ Professor Computer Science @NYU_Courant

Howard Wu

@1HowardWu

ceo @ProvableHQ // founder @AleoHQ // coauthor of libsnark, DIZK, & Zexe

Eli Ben-Sasson | Starknet.io

@EliBenSasson

CEO @ StarkWare | 2xCo-founder: Zcash, StarkWare ZK, Blockchain: ZK-STARK, Zcash co-inventor Opinions mine, no investment advice https://t.co/P98boJxck8

Sean Bowe

@ebfull

about 3 hours ago

@badcryptobitch @zksecurityXYZ Our older pools only needed witness indistinguishability, but we achieved perfect zero-knowledge anyway (w/ subversion ZK in the past where applicable.) There won't be any ECC DH key exchange in Tachyon, and signatures remain perfectly re-randomized.

1

2

0

57

Sean Bowe

@ebfull

about 3 hours ago

@badcryptobitch @zksecurityXYZ Yep, that's a requirement. The pool needs to be plausibly post-quantum private. The proofs (esp. being DLOG-based) are actually the easiest thing to make information theoretically private. (Our other proofs in Zcash are as well.)

1

4

0

130

Sean Bowe

@ebfull

about 6 hours ago

@JohnAlanWoods @oodegen Soundness bugs are hard to spot because ZK circuit code tends to look as though the invariant is being preserved when it isn't. https://t.co/e8CqD9gvcN All of them look "outrageously messy" if you just frame it from the perspective of the broken invariant...

1

10

0

2

172

ebfull retweeted

Cypherpunk ($CYPH) @cypherpunk

about 8 hours ago

Tachyon is bringing battle-tested security to Zcash. With formal verification every circuit comes with a mathematical proof that it does what it's supposed to. It will literally become impossible to find bugs in Zcash circuits moving forward.

1

107

18

3

4K

ebfull retweeted

CipherScan

@cipherscan_app

about 13 hours ago

Zcash was never down. Our nodes were upgrading to support the NU6.2 network upgrade. You can verify the chain is healthy right now: https://t.co/cJX5mZM7be Full thread below on what happened and what we learned.

11

132

31

7

39K

ebfull retweeted

Josh Swihart 🛡

@jswihart

about 9 hours ago

Zcash was never down. Many block explorers have been using unpatched nodes. Happens with every network update. Fight the FUD. https://t.co/dsCHPHMlhw

25

309

55

4

37K

ebfull retweeted

Dev 🧪

@zkDragon

about 19 hours ago

Where were going: - Every circuit formally verified - Written in R1CS, the simplest arithmetization - Automated fuzzing - Over-audited by humans and an army of AI

6

136

19

12

16K

Sean Bowe

@ebfull

about 19 hours ago

Shielded Labs has now funded efforts that helped to discover and remediate at least two major vulnerabilities in Zcash before they could be used by the bad guys!

14

253

37

8

9K

Sean Bowe

@ebfull

about 19 hours ago

@zkDragon @yxNomad @zodl_co The key is generated deterministically at startup by all clients.

0

1

0

56

ebfull retweeted

Zcash Open Development Lab

@zodl_co

about 20 hours ago

@DefuseSec @ZcashFoundation Excellent work, Taylor. Thank you for helping keep the Zcash ecosystem secure. 🫡

2

50

4

0

2K

ebfull retweeted

Taylor Hornby 🛡❤️

@DefuseSec

1 day ago

Zcash unambiguously has the best security response in the world, thanks to @zodl_co and @ZcashFoundation engineers.

18

153

26

2

7K

ebfull retweeted

Project Tachyon

@TachyonZcash

about 20 hours ago

As we blogged about last month, the new shielded pool we're developing for Zcash will use formal verification, more conservative cryptography, a simple arithmetization, robust APIs, fuzzing, and extensive auditing from humans and AI. And much more: https://t.co/H3bwCnzuLY

7

152

30

18

27K

ebfull retweeted

Zcash Open Development Lab

@zodl_co

about 20 hours ago

https://t.co/oRMstGLqp5

35

304

66

56

102K

ebfull retweeted

Dev 🧪

@zkDragon

about 22 hours ago

Zcash's "internal viewing key" and "external viewing key" separation were done in 2022 to ensure a quantum attacker _could not_ leak privacy for when you spend your funds. Pretty cool to know this has always been accounted for.

0

109

11

3

2K

ebfull retweeted

Cypherpunk ($CYPH) @cypherpunk

2 days ago

The shielded and transparent pools in Zcash are mathematically independent. Even if 99% of ZEC were transparent, the privacy of the shielded 1% would be determined only by the shielded pool itself. Transparency doesn't dilute encryption. Very few *actually* understand this.

13

156

20

6

5K

Sean Bowe

@ebfull

3 days ago

> In the current Tachyon design, would it still be possible for a user to reasonably operate completely independently by running their own full archival/proving/PIR stack, or would the resource burden make third-party service dependency inevitable in practice? It needs to remain possible and permissionless for anyone (with the resources) to run an archival/full node. Clients already do proving, and PIR's main purpose is to have a way to query an external archive node privately, so you don't need it at all if you have your own. I do think the resource burden will be too high for the average person to do this, though, at some scale. But the average person will not do it even if they could, and so because you can rely on RPCs using PIR without giving up custody or privacy, I'm not sure that it matters...

1

2

0

61

Sean Bowe

@ebfull

3 days ago

I don't think we really disagree about that. Was there a part of my post above that contradicted anything you just said? I tried to be careful to say "recovery from seed from blockchain" precisely to distinguish from mere "recovery from seed" because the discussion was about using the blockchain to recover access to your on-chain wallet history, not really about custody. My argument is that: 1) it's not sustainable for the network, because the blockchain is not an ideal permanent storage location for every person's transaction history for the entire planet 2) even if it were sustainable, most people will use third party services to interface with the chain in order to recover from it anyway (for several practical reasons), so if your goal is to solely rely on blockchain availability I think you've already lost for 99% of people 3) if third party services are needed for most users, I don't see the moral distinction between using them to interface with the chain and using a third party service to help you recover from off-chain backups. There would be a distinction if the trust model is different, but I don't think it needs to be: you don't need to trust these services (in either case) with your privacy or your custody to maintain wallet history backups for you. It's encrypted, it can be replicated... 4) my final conjecture is that a substantial class of users will find more intuitive models for backup & restore, and those will inevitably require the help of third-party services. I use this as supporting evidence for the philosophy, not necessarily as an endorsement for those models. (I think self-custody and trust minimization are very important! I practice them too.) FWIW many new scalable (private) payment protocols (Shielded CSV, Lightning, etc.) also cannot rely on on-chain backups either, for this exact same reason, or for even more compelling ones. And it has nothing to do with whether those protocols incorporate seedphrases somehow, which they do!

0

1

0

55

Sean Bowe

@ebfull

Who to follow

Last Seen Users on Sotwe

Trends for you

Most Popular Users