Home

tl;dr: I got nothing, except Karthik Inbasekar’s write-up1. Marlin & Me, by Karthik Inbasekar, 2022 [PDF] ↩

tl;dr: ElGamal public key encrypting $\approx$ Using an ephemeral Diffie-Hellman exchanged key as a one-time pad.

tl;dr: Notes on the [BG12] verifiable shuffle.

tl;dr: Who said you can only sumcheck your multivariate polynomials? $\sum_{i\in[n]} a(\omega^i)b(\omega^i)$ can be proved with two size-$n$ multiexps and 6 FFTs! And verified with a size-4 multipairing (and a bit more?).

tl;dr: What a beautiful construction!

tl;dr: “All is well. All is well.” – Ranchoddas Shamaldas Chanchad

tl;dr: ZK relations are hard to implement. Implement them twice: once in a ZK DSL and once in a sane language. Enshrine a mandatory prover service that checks the sane implementation before creating a ZKP. This way, bugs in the ZK DSL implementation cannot be exploited as long as the prover service is honest.

A few tips and tricks for my next, long motorcyle trip.