Home

tl;dr: An interactive oracle proof (IOP) is an interactive proof system where the verifier has oracle access to the prover’s messages rather than reading them in full. This combines the expressiveness of interactive proofs with the efficiency of PCPs. Introduced in [BCS16][^BCS16].

tl;dr: Too many FRI[^BBHR18FRI] conjectures that need to be understood, so here we are…

tl;dr: Pedersen commitments[^Pede91Comm] are one of the most important cryptographic primitives for a beginner to understand, in my opinion.

tl;dr: Notes on our current use of Groth16 for Aptos Keyless and how we might improve upon it. Should have applications to anonymous payments, confidential assets, zkVM proof wrapping etc.

tl;dr: The 1st multivariate polynomial commitment scheme based on a non-trivial generalization of KZG.

tl;dr: (Almost?) all of the cryptography deployed on Aptos. For users, for developers and for general security.

tl;dr: We present DeKART: a batched ZK range proof for a KZG-committed vector, inspired from Borgeaud’s unbatched protocol1. This is joint work with Dan Boneh, Trisha Datta, Kamilla Nazirkhanova and Rex Fernando. Note that this blog fixes up a previous non-ZK variant and allows for a trading off proving speed for faster verification. ...

$ \def\msg{m} \def\ctxt{C} \def\pk{\mathsf{pk}} \def\sk{\mathsf{sk}} \def\kgen{\mathsf{KGen}} \def\enc{\mathsf{Enc}} \def\dec{\mathsf{Dec}} % IBE \def\ibe{\mathsf{IBE}} \def\tibe{\mathsf{IBE}} \def\id{\mathsf{id}} \def\mpk{\mathsf{mpk}} \def\msk{\mathsf{msk}} \def\dk{\mathsf{dk}} \def\derive{\mathsf{Derive}} $ tl;dr: Encrypt to a phone number ...