Highlights

未来科学大奖得主访谈：王小云的数学和密码人生

关于王小云院士，迄今内容最翔实的一篇访谈。

• https://mp.weixin.qq.com/s/FWdGRikqBI4tg4SGkdvvnw

New Directions in Property Testing | Richard M. Karp Distinguished Lecture

Property testing algorithms seek to determine whether an unknown massive object has some particular property of interest, or is "far" from having the property, while inspecting only a tiny portion of the object. Recent years have witnessed significant progress on both classic property testing problems and the development of several new property testing problems and frameworks, motivated by connections to machine learning theory and high-dimensional data analysis. In this talk, Rocco Servedio will survey several of these new property testing problems, models, and results.

• https://www.youtube.com/watch?v=QBr98n1ba4w

Awesome-ZKP-Security

帝国理工博士 Stefanos Chaliasos 整理的零知识证明安全性研究的博客，播客，披露，审计，访谈，CTF，和谜题，论文，工具列表。

A curated list of awesome ZKP Security resources, papers, tutorials, and tools.

• https://github.com/StefanosChaliasos/Awesome-ZKP-Security

An Introduction to Verifiable Computation

可验证的计算的简单介绍，主要从概念和直觉层面介绍了可验证计算的定义，意义，基本组成部分和应用。

1. Part 1 - What is verifiable computation?

2. Part 2 - Why should you care about verifiable computation?

3. Part 3 - What is a SNARK?

4. Part 4 - Conceptual building blocks for SNARKs

5. Part 5 - Building verifiable applications

• https://hackmd.io/@pgaf/HytIDVAPC

Pinocchio: verifiable computation revisited

在这篇文章中，LambdaClass 介绍了匹诺曹协议背后的主要思想，以及他们使用 Lambdaworks 库的实现。

In this post LambdaClass covered the main ideas behind Pinocchio's protocol and their implementation using Lambdaworks library.

• https://blog.lambdaclass.com/pinocchio-verifiable-computation-revisited

Apple Announcing Swift Homomorphic Encryption

苹果公司公布了 Swift 语言实现的同态加密包， 并且以 iOS 18 中实现的 Live 来电显示和垃圾邮件拦截服务进行了演示。

• https://www.swift.org/blog/announcing-swift-homomorphic-encryption/

Sphinx (A fork of SP1)

Sphinx is an open-source zero-knowledge virtual machine (zkVM) that can prove the execution of RISC-V bytecode, with initial tooling support for programs written in Rust. Additionally, Sphinx aims to support other reduction engines, including the evaluator for the Lurk programming language , which could be extended to other functional languages like JavaScript or Lean.

• https://github.com/argumentcomputer/sphinx

Updates

Ingonyama x Starknet Strategic Partnership

Breaking the hashes-proven-per-second world record on Vitalik’s laptop

• https://medium.com/@ingonyama/ingonyama-x-starknet-strategic-partnership-af22539d41b2

Irreducible x Polygon Labs

Irreducible 和 Polygon Labs 正在合作为 Polygon 的 ZK rollups 生态系统构建一个生产级、基于 Binius 的 ZK 虚拟机。

Announcing collaboration with Polygon Labs on Binius-based zkVM

• https://www.irreducible.com/posts/irreducible-x-polygon-labs-collaboration

LatticeFold is updated

Dan Boneh 和 Binyi Chen 在第 4.3 节中为 CCS 关系添加了优化的折叠方案（感谢 @srinathtv 提出批量求和检查的问题）。还更新了知识证明，以处理 k > 2 时的 k 对 1 格点折叠。

We add an optimized folding scheme for CCS relation in Sect. 4.3 (thanks@srinathtv for bringing up the question of batching sumchecks). We also update our knowledge proof to deal with k-to-1 lattice folding where k > 2.

• https://eprint.iacr.org/2024/257.pdf

PSE Project Spotlight Episode 1: Identity Day

The theme of our first episode is Identity featuring PSE projects such as TLSNotary, Semaphore and Anon Aadhaar. In this one-hour session we discuss all things identity and how cryptography enables a more secure and practical use case for it.

• https://www.youtube.com/watch?v=M85rQ3_TUPk

From (RISC) Zero to Hero: Advanced ZK Programming for Ethereum with Rami Khalil, RISC Zero

• https://www.youtube.com/watch?v=yZiC7CM9l1Y&list=PLcPzhUaCxlCgCvzkkaBWzVuHdBRsTNxj1&index=14

Think Like a Circom Circuit with OxMilica, ZK Educator

• https://www.youtube.com/watch?v=aoOkX1hfmcI&list=PLcPzhUaCxlCgCvzkkaBWzVuHdBRsTNxj1&index=16

Unboxing Valida zkVM: Architectural Innovations in Custom ISA zkVM Design

• https://www.youtube.com/watch?v=8-xuQC8UO6w

Research Day 2024 (Video Playlist)

• https://www.youtube.com/playlist?list=PLrTmn1_Dm_Upsw8BY-1wVyqIDYgS5c51H

Encrypt Brussels 2024 (Video Playlist)

• https://www.youtube.com/playlist?list=PLYQnwnLD-Fq2-79KMfSwssQdGwn8zEZPi

Eurocrypt 2024: Succinct Lattice-Based Polynomial Commitments from Standard Assumptions (SLAP)

This blog post is based on the paper “SLAP: Succinct Lattice-Based Polynomial Commitments from Standard Assumptions” presented by Giacomo Fenzi in Zurich at Eurocrypt 2024.

• https://www.esat.kuleuven.be/cosic/blog/eurocrypt-2024-succinct-lattice-based-polynomial-commitments-from-standard-assumptions-slap/

Noir v0.31.0 is now live with:

• New is_unconstrained logic condition
• New set and map BoundedVecs methods
• Redefined Noir <> Proving Backend interface

Read more about the new Noir <> Proving Backend workflow from end to end:

• https://noir-lang.org/docs/getting_started/hello_noir/

Full changelog:

• https://github.com/noir-lang/noir/releases/tag/v0.31.0Start building:
• https://noir-lang.org/docs/getting_started/installation/

noir-edwards

Optimized implementation of Twisted Edwards curves.

• https://github.com/noir-lang/noir-edwards

pz-web

Compiltion of a few useful phantom-zone applications usable in a browser.

• https://github.com/RiverRuby/pz-web

Papers

Mova: folding without committing to error terms and without sumcheck

Mova 以 Nova 的折叠方案为基础，通过在验证器采样的随机点对 和 的多线性扩展 (MLE) 进行评估，从而避免对 Nova 的所谓误差项 和交叉项 做出承诺。

Mova, which is based on the Nova folding scheme, manages to avoid committing to Nova's so-called error term and cross term by replacing said commitments with evaluations of the Multilinear Extension (MLE) of and at a random point sampled by the Verifier.

• https://eprint.iacr.org/2024/1220

What Have SNARGs Ever Done for FHE?

Does the SNARG actually add any meaningful security to input privacy? We address this question in this note and give a security definition that meaningfully captures the security of the FHE plus SNARG construction.

• https://eprint.iacr.org/2024/1207

Hᴇᴋᴀᴛᴏɴ: Horizontally-Scalable zkSNARKs via Proof Aggregation

我们介绍 Hᴇᴋᴀᴛᴏɴ，它是一种可以高效处理任意大型计算的 zkSNARK。我们通过一个新的「分发 - 聚合」框架来构建 Hᴇᴋᴀᴛᴏɴ，该框架将大型计算分解成小块，在分布式系统中并行证明这些小块，然后将得到的小块证明聚合成一个简洁的证明。这个框架的基础是一种新技术，用于高效处理各块之间共享的数据。

We introduce Hᴇᴋᴀᴛᴏɴ, a zkSNARK that can efficiently handle arbitrarily large computations. We construct Hᴇᴋᴀᴛᴏɴ via a new "distribute-and-aggregate" framework that breaks up large computations into small chunks, proves these chunks in parallel in a distributed system, and then aggregates the resulting chunk proofs into a single succinct proof. Underlying this framework is a new technique for efficiently handling data that is shared between chunks.

• https://eprint.iacr.org/2024/1208

Collaborative CP-NIZKs: Modular, Composable Proofs for Distributed Secrets

We present the first, general definition for collaborative commit-and-prove NIZK (CP-NIZK) proofs of knowledge and construct distributed protocols to enable their realization. We implement our protocols for two commonly used NIZKs, Groth16 and Bulletproofs, and evaluate their practicality in a variety of computational settings. Our findings indicate that composability adds only minor overhead, especially for large circuits.

• https://eprint.iacr.org/2024/1209

More Optimizations to Sum-Check Proving

We describe an optimization to the sum-check prover that substantially reduces the cost coming from the eq factor. Over large prime-order fields, our optimization eliminates roughly field multiplications compared to a standard linear-time implementation of the prover, and roughly field multiplications when considered on top of Gruen's optimization. These savings are about a (respectively ) end-to-end prover speedup in common use cases, and potentially even larger when working over binary tower fields.

• https://eprint.iacr.org/2024/1210

Efficient Layered Circuit for Verification of SHA3 Merkle Tree

We present an efficient layered circuit design for SHA3-256 Merkle tree verification, suitable for a GKR proof system, that achieves logarithmic verification and proof size.

• https://eprint.iacr.org/2024/1212

Foldable, Recursive Proofs of Isogeny Computation with Reduced Time Complexity

We empirically build a system to prove the execution of the circuit computing the isogeny rather than produce a proof of knowledge. This proof can then be used as part of the verifiable folding scheme Nova, which reduces the complexity of an isogeny proof of computation for a chain of isogenies from to by providing at each step a single proof that proves the whole preceding chain.

• https://eprint.iacr.org/2024/1219

Benchmarking Attacks on Learning with Errors

To improve our understanding of concrete LWE security, we provide the first benchmarks for LWE secret recovery on standardized parameters, for small and low-weight (sparse) secrets. We evaluate four LWE attacks in these settings to serve as a baseline: the Search-LWE attacks uSVP, SALSA, and Coo & Cruel, and the Decision-LWE attack:  Dual Hybrid Meet-in-the-Middle (MitM).

• https://eprint.iacr.org/2024/1229

*感谢 Kurt、权、Xor0v0、Purple 对本期 ZK Insights 的特别贡献！