Tweet Disematkan
Hossein Hafezi
474 posts
Hossein Hafezi
@RandomString00
PhD @ NYU, working on ZKP
Cambridge, UK Bergabung Haziran 2018
165 Mengikuti289 Pengikut
@AbdelStark Groth16 has a statistical zero-knowledge; even if you break the soundness with a Q-machine later, the historical proofs still do not reveal anything about the past.
English
Yo Google, very impressive work.
Just a small note: maybe next time consider using a post quantum ZK proving system when you generate proofs about post quantum stuff 😘
ZK-STARK everything
Haseeb >|<@hosseeb
This is wild. Google Research demonstrates a ~20x more efficient implementation of Shor's algorithm that could break ECDSA keys within minutes with ~500K physical qubits. Google is now are more confident on a 2029 post-quantum transition. We are no longer looking at mid 2030s, we could have quantum computers of this scale by the end of the decade. They believe this result is so severe that they are not publishing the actual circuits. They instead published a ZKP proving that they know of the quantum circuit with these properties. This is very atypical, showing Google thinks this is serious shit. All blockchains need a transition plan ASAP. Post-quantum is no longer a drill.
English
Hossein Hafezi me-retweet
As a recent PC chair, I can confirm that this will be a real problem in a few months.
Liyi Zhou@lzhou1110
We may be entering a death spiral in academic peer review. x.com/lzhou1110/stat…
English
Kinda reflects the state of the job market everywhere:
Thomas Van Riet@ThomasVanRiet2
350 applicants for a PhD position in theoretical physics. It grows every time. Not just in Leuven, but everywhere.
English
Madrid or Lisbon — which city do you prefer?
English
Hossein Hafezi me-retweet
Hossein Hafezi me-retweet
Hi everyone! 👋
We're running a brief anonymous survey on how cryptographers and security researchers view the potential quantum threat, for a research project. We'd really appreciate your input!
forms.gle/6wDL65dRPb5JSu…
Thanks so much! 🙏
English
@wadg Thanks! I haven't looked into Kimchi before, but this applies to any proof system whose cost is dominated by MSMs over a fixed base (so not Bulletproof-style systems). It works for Plonk and HyperPlonk (with KZG), Nova, HyperNova, KZH-fold, Groth, etc.
English
@RandomString00 Great great job Hossein 👏!!! I was wondering if is could be applicable to recursive ZKPs like Kimchi (Mina proofs System) ?
English
1) We present the first truly private, single-server zkSNARK delegation scheme for well-known group-based zkSNARKs such as Groth16, Plonk, and Nova. Our core idea is to delegate the prover’s most expensive computation—namely, the MSM—to a single server.
English
@MMJahanara Let me know!! What ultimately matters is the computational power of the server/client, e.g. with a single-threaded client we saw up to a 40× speedup. Also with GPU-accelerated hardware, the server could be another 5× faster...
English
@RandomString00 This is awesome! Congrats 👏
I am going to try to implement the scheme over the weekend and share some benchmarks 😁
English
@thefrozenfire We had the network bandwidth in our protocol considered, but right we ignored costs such as serialisation, thanks for the suggestion!
English
It would be good to see some network simulation tests in your implementation on GH, to demonstrate communication complexity, latency and bandwidth sensitivity. The existing benchmarks seem to be entirely in-memory, which obscures these metrics.
The cost of serializing the protocol to the wire + the time each communication round takes can undermine the feasibility of protocols like this.
English
2) While we maintain strong privacy guarantees. Unlike all prior works (including multi-server settings), our proofs are unlinkable to the client–server interaction, making the scheme suitable for privacy-critical applications, such as Zcash.
English
Hossein Hafezi me-retweet
This new paper looks very cool. I was never a fan of delegation schemes requiring you to secret share the witness between servers. Here there is a nice idea of how to privatey delegate an MSM to one server using the learning parity with noise assumption.
eprint.iacr.org/2025/2113.pdf
English
@alinush But, we've found a gap in research for efficient schemes supporing large unstructured tables. Schemes like CQ require a significant amount of preprocessing, i.e. impractical for tables larger than 2^30. Fortunately, most tables in practice are structured and decomposable though
English
@alinush Honestly, I'd say it really depends on the underlying table, whether you, e.g. if it's a structure table, then you can decompose it into smaller tables, then table-dependent approaches like plookup would be okay!
English
(1) In this paper, we provide a unified framework for lookup table arguments, considering some overlooked aspects such as projectiveness and different modes of compatibility with proof systems.
English
دو سال پیش که بلژیک بودم، با آبتین اومدیم اینجا و این عکس رو گرفتم.
Sina@PapaCna
کسی تو اینا اکادمیک حساب نمیشه پس
فارسی
(4) We also provide an excellent survey of existing techniques categorised into four families: (i) multi-hash based ones, (ii) logup based (iii) subvector extraction (matrix-vector) and (iv) polynomial processing.
English
(3) We point out some important gaps, such as a lack of a lookup scheme with moderate preprocessing and efficiency for unstructured tables, etc.
English
@PapiniShahar @secparam More standard than Poseidon, what is the rate on a server?
English
@RandomString00 @secparam Does blake2/3 proving count? I don't think I've seen any faster yet, but I could be wrong.
English
