Home

tl;dr: When the discrete log $a$ of $a\cdot G$ is known to lie in a small range $[m)$, the baby-step giant-step (BSGS) algorithm recovers $a$ in $\ceil{\sqrt{m}}$ $\Gr$ additions using only a precomputed table of exactly $\ceil{\sqrt{m}}$ compressed points, trading the $O(1)$ time of the naive $m$-sized lookup table for much less memory. This p...

tl;dr: The good: Audit went well. Lúcás Meier’s Cait-Sith threshold ECDSA protocol seems like a reasonable, conservative choice. The bad: Near’s MPC currently works in a 5 out of 8 setting, without any proactive refresh. Notes Good MPC’s configuration is transparent, on-chain $\Rightarrow$ can monitor for suspicious membership changes “u...

tl;dr: Running some secp256k1 MSM benchmarks.

tl;dr: Groth’s non-interactive distributed key generation paper[^Grot21e], which uses a novel approximate ZK range proofs to argue correct chunking, but inadvertantly increases share decryption time.

tl;dr: a few notes on Move (and maybe on Aptos too).

tl;dr: This is a “note to self” that there’s some interesting work out there on malleable NIZKs[^CH20]$^,$[^DaEFplus23e].

tl;dr: Some notes to self on state-of-the-art witness encryption (WE) schemes. $ \def\adp{\mathsf{ADP}} \def\aadp{\mathsf{AADP}} \def\eval{\mathsf{eval}} \def\x{\mathbf{x}} \def\M{\mathsf{M}} \def\A{\mathbf{A}} \def\B{\mathbf{B}} \def\R{\mathbf{R}} \def\Rvss{\mathcal{R}_\mathsf{vss}} \def\Radp#1{\mathcal{R}_\mathsf{adp}^{#1}} \def\span{\mathsf...

tl;dr: What has happened in quantum computing over the years.