⏵ The zero-knowledge attack of the year might just have happened, or how Nova got broken

Last week, a strange paper (by Wilson Nguyen et al.) came out: Revisiting the Nova Proof System on a Cycle of Curves. Its benign title might have escaped the attention of many, but within its pages lied one of the most impressive and devastating attack on a zero-knowledge proof (ZKP) system that we’ve ever seen. As the purpose of a ZKP system is to create a cryptographic proof certifying the result of a computation, the paper demonstrated a false computation result accompanied with a valid proof.

→ Read more
⏵ noname: ZK app developers should be able to see down to the constraints

As we’ve explained before, zero-knowledge apps (or ZK apps) will come in two different shapes: VM instructions and arithmetic circuits. VM instructions should sound familiar. Reading them is like reading assembly, and they’re a level of abstraction higher than arithmetic circuits (as pointed out by this post). Whatever they’re writing, real programmers need to see what their programs compile down to (according to John Carmack). That’s how you find unoptimized bits as a low-level code monkey, but it’s also how you find some security issues and bugs.

→ Read more
⏵ wasmati: You should write your WebAssembly in TypeScript

If you know about WebAssembly or Wasm, you might have heard a few different pitches for why you need it: It’s a low level language for the web. So, it’s faster than JS. Use it to speed up things. It’s a build target. As such, it enables you to use languages other than JS on the web. You could write a web library in Rust or Go! You actually don’t use it on the web, but on the backend!

→ Read more
⏵ Do in secret. Assert in public. Don't under-constrain your prover's witness computation in ZK programs

Now is the time to learn and dive deep into ZK application development. A large class of security errors can crop up if you’re not careful when starting to build ZK applications. These issues often stem from having the wrong frame of reference in your head and paying attention to the wrong details. Read this article to learn about the mindset you need, and the gotchas to look out for when programming with zero-knowledge proofs.

→ Read more
⏵ ZK programmability adds a whole new layer to worry about

Zero-knowledge (ZK) programs are a powerful new tool for developers. They allow you to write programs that can prove their execution without revealing any of the underlying data. This has a wide range of potential applications, including privacy-preserving computation, secure data sharing, and fraud prevention. However, ZK programmability also introduces new security challenges. In this blog post, we will explore the security implications of ZK programs and discuss how developers can mitigate these risks.

→ Read more
⏵ Private delegated computation is here, and there will be bugs!

What is this new and exciting cryptography field called zero-knowledge cryptography? How is it related to trusted and confidential computing, and why do we need to rethink security because of it? This is what you’ll learn in this article. But first, who are we? We’re three cofounders: David, ex-Facebook security lead at Libra/Diem and author of the Real-World Cryptography book; Brandon, founding engineer of the Mina blockchain and ex-Pinterest/Facebook; and Gregor, tech lead of zero-knowledge framework SnarkyJS, and one of the winners of the largest zk competition ZPrize.

→ Read more
← Previous
1 2 3 4 5 6 7