Home

tl;dr: This is a “note to self” that there’s some interesting work out there on malleable NIZKs[^CH20]$^,$[^DaEFplus23e].

tl;dr: Some notes to self on state-of-the-art witness encryption (WE) schemes. $ \def\adp{\mathsf{ADP}} \def\aadp{\mathsf{AADP}} \def\eval{\mathsf{eval}} \def\x{\mathbf{x}} \def\M{\mathsf{M}} \def\A{\mathbf{A}} \def\B{\mathbf{B}} \def\R{\mathbf{R}} \def\Rvss{\mathcal{R}_\mathsf{vss}} \def\Radp#1{\mathcal{R}_\mathsf{adp}^{#1}} \def\span{\mathsf...

tl;dr: What has happened in quantum computing over the years.

tl;dr: Sigma protocols are unconditionally sound, but their non-interactive (Fiat-Shamir) counterparts only have computational soundness. Against quantum adversaries, $\lambda$-bit Fiat-Shamir challenges give only $\approx\lambda/2$ bits of security (due to Grover search), and the classical ROM soundness proof does not carry over to the quantum ...

tl;dr: A catalog of polynomial commitment schemes for multilinear polynomials (i.e., multivariate polynomials where each variable has degree at most 1). These are the workhorse of modern SNARKs based on the sumcheck protocol.

tl;dr: Write an intro paragraph here.

tl;dr: UTT is Chaumiam ecash done the right way: efficiently, decentralized and with sensible-anonymity: a user can only send (say) $\$L$ coins per month (assuming a Sybil-resistant proof-of-humanity system). UTT is academic work that started in 2018 at VMware, was rebooted in 2021 and now lives as an eprint[^TBAplus22e]. UTT did see deployment...

tl;dr: Notes on the Fiat-Shamir transform and its security.