How to easily make Aptos post-quantum secure
tl;dr: “All is well. All is well.” – Ranchoddas Shamaldas Chanchad
Deploying zero-knowledge proofs with training wheels
tl;dr:
ZK relations are hard to implement.
Implement them twice: once in a ZK DSL and once in a sane language.
Enshrine a mandatory prover service that checks the sane implementation before creating a ZKP.
This way, bugs in the ZK DSL implementation cannot be exploited as long as the prover service is honest.
Vector commitments (VCs)
tl;dr: Definition of vector commitment (VC) schemes (e.g., Merkle trees, KZG-based, Pointproofs[^GRWZ20], aSVC[^TABplus20], etc. can all satisfy this definition.)
Schnorr vs. ECDSA
tl;dr: It’s 2025. Do you know why Schnorr signatures are always better than ECDSA?
Pointcheval-Sanders (PS) signatures
tl;dr: Pointcheval-Sanders (PS) is the coolest most versatile signature scheme I know of!
How to verify a Groth16 VK was generated from some R1CS
tl;dr:
Inspired by a tweet1, we explore whether, given (1) an R1CS and (2) some “powers-of-$\tau$”, we could construct a cryptographic proof that a Groth16 VK was derived from them.
This should make it more efficient for folks to ensure that an on-chain VK corresponds to some published ZK circuit code (e.g., circom).
Nonetheless, this is not suf...
Circom
tl;dr: My current sense: circom is still in its early days.
First, it lacks an ability to write correctness tests natively in its own language (as opposed to JavaScript testing frameworks).
Second, it gives no mechanism for developers to ascertain soundness of their templates.
(In its defense, the only such mechanism is a formal verification fra...
59 post articles, 8 pages.