Home

tl;dr: Notes on the [BG12] verifiable shuffle.

tl;dr: Who said you can only sumcheck your multivariate polynomials? $\sum_{i\in[n]} a(\omega^i)b(\omega^i)$ can be proved with two size-$n$ multiexps and 6 FFTs! And verified with a size-4 multipairing (and a bit more?).

tl;dr: What a beautiful construction!

tl;dr: “All is well. All is well.” – Ranchoddas Shamaldas Chanchad

tl;dr: ZK relations are hard to implement. Implement them twice: once in a ZK DSL and once in a sane language. Enshrine a mandatory prover service that checks the sane implementation before creating a ZKP. This way, bugs in the ZK DSL implementation cannot be exploited as long as the prover service is honest.

A few tips and tricks for my next, long motorcyle trip.

tl;dr: Definition of vector commitment (VC) schemes (e.g., Merkle trees, KZG-based, Pointproofs[^GRWZ20], aSVC[^TABplus20], etc. can all satisfy this definition.)

tl;dr: It’s 2025. Do you know why Schnorr signatures are always better than ECDSA?