Security Research & Zero-Knowledge Cryptography
This blog post explains the security intuition behind the FRI protocol, which proves that a function is close to a valid Reed-Solomon codeword. It introduces the “prover message graph,” a layered structure that visualizes how correct and incorrect folds affect verification. We conclude that if too many folds are inconsistent, the verifier will likely reject, but if most are correct, the initial function must be close to a proper codeword.
Read →
In this post, we dive deep into the Inner Product Argument (IPA), the mathematical core of Bulletproofs. Starting from simple vector folding, we build up to a full zero-knowledge proof with Pedersen commitments, explore how the mysterious `L` and `R` terms appear, and finish with smart verifier optimizations. All illustrated with clear, runnable SageMath code.
Read →Learn how Bulletproofs enables efficient zero-knowledge proofs without trusted setups by computing inner products in a verifiable way. This post breaks down the core folding technique that reduces large vectors to single elements through recursive compression, making proofs both compact and fast to verify. Used in Monero, Mina's Kimchi, and Zcash's Halo 2, Bulletproofs is a practical alternative to pairing-based schemes.
Read →
In Session 07 of "Proof is in the Pudding," we explore the other dark forest—the realm of offchain public keys. We dive into zkLogin, ZK Email, and ZKPassport, examining how these protocols handle authentication and privacy. We also discuss the issue of unlinkability in privacy protocols and why replacing traditional signature verifications with zero-knowledge proofs could unlock more interesting and powerful ZK products.
Read →In the latest "Proof is in the Pudding" session, we team up with Archetype to break down the essentials of Data Availability Sampling. We dive into how rollups and Ethereum's DA system work, explore the role of DA chains, and touch on the basics of verifiable sharding. This introduction is perfect for anyone curious about the foundations of data availability sampling and how these concepts are playing out in the blockchain world.
Read →In this blog post, we explore a clever design in Zcash's halo2 implementation for securing the Fiat-Shamir transformation. By using a mutable transcript, the process ensures that values are automatically absorbed, reducing potential bugs. You'll find explanations of the distinct roles of `write` and `read` functions for points and scalars, highlighting how this abstraction makes the prover-verifier interaction seamless and secure. If you're curious about the inner workings of cryptographic protocols, this is a fascinating read.
Read →Paul Kocher's 1996 timing attack showed how microsecond differences in execution time could leak private keys from RSA implementations. This tutorial recreates the attack journey from clean operation counting through noisy wall-clock measurements to sophisticated engineering solutions. Learn the variance distinguisher, explore schoolbook modular arithmetic, and discover the measurement techniques that make practical timing attacks possible despite system noise.
Read →