Home

tl;dr: Digital signatures are one of the most important cryptographic primitives today. They are used to establish HTTPS connections with your favorite website, to securely download software updates, to provably send emails to others, to sign legal electronic documents, or to transact on a cryptocurrency like Bitcoin.

I suspect that many of you see no real connection between social, political, and ethical values and what you work on. You don’t build bombs, experiment on people, or destroy the environment. You don’t spy on populations. You hack math and write papers. This doesn’t sound ethically laden. I want to show you that it is. –Phillip Rogaway...

tl;dr: Confidential assets are in town! But first, a moment of silence for veiled coins.

tl;dr: For now, just including my tweet, which I keep having to look up to show to people.

tl;dr: Dan, Kamilla, Alin, Rex and Trisha came up with a blazing-fast batched ZK range proof for KZG-like committed vectors of values. This blog post describes a “warm-up” scheme based on univariate polynomials, which we do not yet know to be ZK.

tl;dr: Forget univariate. Forget FFTs. Multilinear polynomials are the bomb! $ \def\bin{\{0,1\}} \def\eq{\mathsf{eq}} \def\SC{\mathsf{SumCheck}} \def\MLE#1{\mathsf{MLE}(#1)} \def\i{\boldsymbol{i}} \def\j{\boldsymbol{j}} \def\x{\boldsymbol{x}} \def\X{\boldsymbol{X}} \def\y{\boldsymbol{y}} \def\Y{\boldsymbol{Y}} $

tl;dr: Hyrax is polynomial commitment scheme (PCS) with (1) sublinear commitment-and-proof sizes and (2) sublinear opening-and-verification times. Hyrax is constructed from Pedersen vector commitments and Bulletproofs inner product arguments (IPAs). Hyrax has information-theoretic hiding commitments and honest verifier zero-knowledge (HVZK) PCS ...

tl;dr: KZG + Hyrax = KZH[^KZHB25e]. This name makes me happy: not only it stands on its own but it also coincides with the first three authors’ initials!