This is big news. TEE for CPU and GPU have arrived! Nvidia Confidential Computing has open-sourced its SDK library. This can imply many things, including outsourced ZKP proof generation with circuit and data privacy... with GPU acceleration on H100.
Exciting
@DzkLabs
update! We've joined the
@efabless
shuttle program, taping out 'Thumbelina'. This chip packs area-efficient BLS12-377 units for
#ZKP
, focusing on
#AleoMining
. Notably, our modular multiplication unit claims just 0.6 mm^2 in a 130nm process.๐ฏ 1/5
Our new prover Stwo just blew our mind ๐ฅ
Here's a demo by
@PapiniShahar
and
@EliBenSasson
of our next-gen prover, Stwo, and its groundbreaking performance: proving 620,000 hashes per second using an M3 laptop!
This is x1000 better than our current prover, Stone, and is the
BREAKING: BITCOIN RESEARCHER GIFTED A QUANTUM CAT FOR BREAKTHROUGH IN OP_CAT DEVELOPMENT
gmeow!
@weikengchen
, a researcher focused on ZK tech from L2 Iterative Ventures, released his working prototype of an OP_CAT-powered STARK verifier on the bitcoin signet!
this means that
"Electron Labs' bridge between NEAR and Ethereum is vulnerable. Zk circuits used for the NEAR light client are incomplete and severely under-constrained. It is possible to create valid proofs for invalid set of signatures. User funds are at risk!"
@NEARProtocol
?
@labs_electron
?
This tweet is a public disclosure for a vulnerability in a recently launched/about to launch blockchain bridge. Below gist has been encrypted with and can be decrypted in 10 days, on 17/06/2023. The team has been aware of vuln for a while and decided
Thanks to
@TaprootWizards
! This transaction finally gets out of the mempool after a few hours since many signet nodes haven't realized OP_CAT is activated :)
For a full walkthrough, check out
"Who needs customized processors when you already have GPUs? They're cheaper, more useful, more programmable, more liquidatable, and better suited for cryptographic algorithms. So, why not stick with our grandma's old-school GPUs?"
#privacy
#ZKP
#ASIC
#GPU
Our paper "HOLMES: Efficient Distribution Testing for Secure Collaborative Learning" (Ian Chang, Katerina Sotiraki, Weikeng Chen, Murat Kantarcioglu, Raluca Popa) has been accepted in USENIX Security 2023. It uses interactive zero-knowledge proofs to accelerate MPC.
just contributed a PR for u32 mul to BitVM. It took 3705 bytes in Bitcoin script. This suffices for fraud proofs.
Can you do better? Submit a PR today to BitVM.
Recently I dig into ML for ZK (not ZK for ML)---training a chatGPT-like AI that writes and verifies ZK circuits. I created a Telegram channel, if you are interested... feel free to join!
A major breakthrough in multiplication over Bitcoin, and in STARK verification on Bitcoin signet! โฟ๐งช
A new algorithm for M31 multiplication by
@avihu28
reduces multiplication cost by 70%! Once fully integrated into our OP_CAT-based Circle STARK verifier (link below), we expect
I know Succinct core team is mostly MIT and UC Berkeley, but from the MIT people I know they would not have allowed this, and I am deeply sad that Berkeley students are part of this.
why do all the benchmarks against RISC Zero choose to (1) not use precompiles that already exist (2) not use GPU prover although it is right there. The problem is that precompiles exactly challenge the fundamental idea of the Jolt design---zkVM is not about just lookup.
1/ We're excited to share the initial release of Jolt, a new approach to zkVM design. Early benchmarks indicate it outperforms RISC Zero by ~6x and SP1 by up to 2x. Major optimizations are still in the pipeline.
Our paper โMPCAuth: Multi-factor Authentication for Distributed-trust Systemsโ (Sijun Tan, Weikeng Chen, Ryan Deng, Raluca Ada Popa) has been accepted in IEEE S&P 2023. This is a complete rewrite of
If zkEVM is too powerful (and with a lot of debates), would there be an open letter like the one against GPT5, to call for a pause on zkEVM?
(Nay I would not sign)
Speaker Announcement
@weikengchen
, Research Partner at
@l2iterative
will be speaking at
#BTCONSEOUL
@l2iterative
invests in the architects of the next digital era, backing blockchain initiatives that stand at the frontier of technological convergence, societal transformation,
"When you submerge 4 Nvidia consumer GPU cards into the Sea, the salty water becomes healthy."
This is how Nvidia's "blockchain" exception to data-center use of consumer-grade cards benefits zk-ML and zk-Rollup.
@VitalikButerin
casually wrote a Circle STARK prover and verifier and presented his journey on the main stage of StarknetCC.
I love how he is just sharing what he is passionate about. No effort to package it into bullshit, just thinking about how those new efficient primitives
3/ Benchmark Highlights โซ
Across the board, a properly configured RISC Zero zkVM outperforms a similarly configured SP1 deployment in both cost and speed. This holds true:
โ In the cloud
โOn consumer Macs (M2 Max and M3 Max)
โOn consumer PCs with NVIDIA GPU
Plonky 3 codebase is excellent. I think it's some of the best things that exist in this industry. I need more time to dive more into it.
We will be copying and using many ideas from here in our lambdaworks STARK prover. We will obviously reference them.
Thanks
@dlubarov
for
I have been telling portfolio companies NOT to open-source any code because โbacked byโ will copy. It is crucial that RISC Zero recursion circuit remains only half-open-sourced so that โbacked byโ doesnโt have recursion.
i still find it wild how venture-backed competitors build directly on their competitors' open source code
and i'm all for it
means you have to win not by siloing innovation but on network effects, economies of scale, and being first to market with new tech
This is a very important result for Reed-Solomon-based proof systems. Particularly, it cuts the number of hashes by half, which has significant value to, for example, basically every ZK company that doesn't use Halo2 today.
Say hello to STIR ๐ฅฃ!
STIR is an IOPP for RS which, compared to FRI, has shorter arguments (~2x) and a faster verifier (~1.2x) that performs fewer hashes (~2x).
Joint work with Gal Arnon, Alessandro Chiesa and Eylon Yogev.
-
Smashing on-chain verification costs
The current on-chain verification costs in Ethereum are high, reaching 100M USD per year. These costs come from data storage, access, and computation.
Aligned is poised to revolutionize the cost landscape of zero-knowledge proofs,
In less than one hour, I will be talking about the other direction of "application-specific", that is a *totipotent* software stack for ZKP, and why it is important for developing ZKP applications, as well as hardware-software co-design for ZKP.
๐ค We're chatting with ZPrize architect
@weikengchen
1 week from today about his involvement in the competition.
๐ He'll also be sharing some alpha...
๐ Set that reminder!
We're going to start posting some benchmarks for
@AleoHQ
in the next couple weeks. We're already seeing 150x speedups for basic finite field arithmetic.
Stay tuned.
9/ our approach to danksharding is unique and innovative, currently 6x-7x faster compared to parallel version of rust-kzg with blst-from-sctatch backend.
Primitives such as batched-NTT running up to 30x faster than supranational Sppark.
1/ We are elated to announce our $3M Pre-Seed round participated by prominent investors, including dao5 (
@daofive
), OKX Ventures (
@OKX_Ventures
), and Primitive Ventures (
@primitivecrypto
). Nubit is pioneering a bitcoin-native future with enhanced data throughput and availability
BREAKING MEOWS:
@StarkWareLtd
, developer of the StarkNet rollup ($12B FDV):
๐announces plans to scale bitcoin with OP_CAT
๐adds CAT emoji to username
๐launches $1M fund to support OP_CAT development
do you get it yet anon?
Our latest demo, built using the RISC Zero zkVM, unlocks identity for Web3:
โ Prove & mint your identity as a soulbound NFT
โ Maintain on-chain privacy, stay compliant
โ Links Web2 authentication with Web3 for easy implementation
Start building โถ๏ธ
We believe ZK tech is ready for mass adoption and the number of real world usecases is staggering.
We're proud to share our latest ZK-tech showcase: Bonsai Pay, an open source ZK-powered payments platform that enables users to send crypto to any Google account using Ethereum.
Now that CRYPTO'23 results are officially out, I'm super proud to announce that Anemoi and Jive will be at Santa Barbara in August ๐ฅณ๐ฅณ
Check out our paper() if you haven't yet!! And huge congrats to all my co-authors! โค๏ธ
We released our second article, "Tech Deep Dive: Verifying FHE in RISC Zero, Part II".
We implemented a profiler, called profiler0, and a debugger, called gdb0.
Last year
@SamsungNext
joined
@z_prize
for mobile ZKP acceleration, already thinking about ZK chips in the phone. It could be a small dot in the PCB. I think it is a time for
@Qualcomm
and
@Arm
to explore.
Think browser certificates & passkeys, digital IDs, GPS location proofs, CNP transactions, age verification, election tallying/voting machines, authenticated images/videos in journalism, to name some.
A big overlap being ZK chips will be everywhere
#ePrint
An efficient verifiable state for zk-EVM and beyond from the Anemoi hash function: J Liu, H Patil, AS Peddireddy, K Singh, H Sun, H Sun, W Chen
3/6: The purpose of the recent
@z_prize
competition was to ensure those optimizations end up
#opensource
, promoting a healthy ecosystem that shares value w/ users as opposed to being captured by a few specialized & well-capitalized players
Talking about private equity, hedge funds and crypto with the fiends of
@l2iterative
.
Thanks
@weikengchen
for pushing us to meet
@klee_049
. They got aligned.
RISC Zero is now fully open source. ๐ก
We released our entire circuit source code and compiler tech.
Empowering developers, partners, and auditors worldwide to confidently build, verify, and innovate.
PolyU and HKU brought DIZK to Plonk, an effort toward modern distributed proof generation. Now, one can generate proofs with low latency without waiting for ASICs.
๐ฅ The winning team is made up of students from
@HongKongPolyU
and
@HKUniversity
.
They reduced proof generation time by 40%, and developed a new dispatcher to efficiently distribute the prover's computation across a cluster of computers.
@WebGPU
is going to make ZKP technology actually accessible to the client without delegation. This is essential to
#privacy
It's a large challenge working with
@WebGPU
in its early state but there are workarounds for most issues. And you can't ignore the performance gains.
Circle STARK is implemented and open-sourced in about one month after the whitepaper. This is faster than an academic conference paper review process :)
Another ZK event in Greece? Hold my beer ๐
@PapiniShahar
, Cairo wizard at StarkWare, will be present to introduce our new high-performance prover, Stwo, to the Greek community ๐ฌ๐ท
๐ ย 11 April at 9:05AM UTC+3!
Wait, what? โFederico grew up in Buenos Aires with his parents and sister. He learned to code at age 12, inspired by his software engineer father, and at age 14, sold his first programโa plugin for the video game Minecraftโfor $10,000.โ
I happen to know a few professors and practitioners working on this. This is a relatively new research area, and there is a lot of potential. Let me know if you are interested. We should create an initiative to study this new family of tools.
Someone should invent like "Zero-Knowledge" ZK SNARKs, where not only is the proof succinct, but it also doesn't reveal anything else beyond the truth of the statement.
Is anyone working on this?
@andrewmilson
just completed the world's first production-ready open source STARK prover.
He generated a proof and submitted it to
@StarkWareLtd
's onchain verifier. It was accepted, which proves that it works.
We feel honored to have him as part of the ZeroSync team!!
๐ช๐ค๐งก
RISC Zero is coming to
@Starknet
Our verifier will deploy on Starknet, enabling devs to compute without limits.
This integration enhances developer expressivity with Rust & enables cross-verification between proof systems.
The future is verified. ๐ก๐บ
Great work by
@weikengchen
: We now have finite field arithmetic for the M31 and Baby Bear fields, as well as for their degree-4 extensions. These are the basis for implementing STARK verifiers on Bitcoin.
Exciting times for Script research!
Get some free time on weekends and interested in ZKP hardware acceleration. Perfect! We get you something to read. ZK Hardware Acceleration: the Past, the Present and the Future:
Say hello to STIR ๐ฅฃ!
STIR is an IOPP for RS which, compared to FRI, has shorter arguments (~2x) and a faster verifier (~1.2x) that performs fewer hashes (~2x).
Joint work with Gal Arnon, Alessandro Chiesa and Eylon Yogev.
-
Although our acceleration result for the common modules is amazing, but there is still room to improve for end-to-end acceleration, since the percentage for accelerated MSM and NTT is quite small. Our job in the next months is to accelerate every components in the process.
Valida Alpha Release has arrived.
With the alpha release of our C Compiler and LLVM compiler backend, devs can now compile, run, and test C programs on
#valida
- our brazenly fast and performant zkVM.
[1/]
We uploaded the full version of "HOLMES: Efficient Distribution Testing for Secure Collaborative Learning" (to appear at USENIX Security 2023) in IACR ePrint.
We basically rewrote the entire paper to get the paper in. It is instructive!
I think the good thing about OP_CAT is that it can remove some multisig assumptions. ZKP is expensive to verify, but OP_CAT itself, without ZKP, can also be used to enforce a lot of things (like, people have been building vaults).
@Ethan_Heilman
@TheBlueMatt
@theinstagibbs
LN provides unilateral exit at minimal cost (fees for an on-chain txn). My understanding is rollups have centralized sequencers and it is a research project to try to avoid this? And multi-sigs in which at least 1 party must be honest unless bitcoin adds a ZKP opcode?
Updated our note as two of the open problems are just solved by Melissa Chase (Microsoft Research), Michele Orrรน (UC Berkeley), Trevor Perrin (Signal Foundation), and Greg Zaverucha (Microsoft Research).
@mmaker
@MSFTResearch
@trevp__