ClankPan ∞

"Sum-check Is All You Need" eprint.iacr.org/2025/2041

Formal verification of software is having a moment. Thanks Vitalik🫡! But most unfortunately, assume Lean is the only path. It's one of many approaches & each comes with very different trade-offs. Let's look at the trade-offs in four axis: 1) Spec depth: how much of a program can be formally verified using the tool. 2) Security: all possible outputs proven safe. 3) LLM ease: how easily an LLM produces code that meets spec. 4) Succinct verification (probably nothing 🤷): verifying the whole chain — natural language → spec → formally verified code — end-to-end in <1s. *A superpower only cryptography (ZK proofs) can deliver. Before: machine speed coding, human speed verification. Lots of bugs, lots of hacks.. lots of pain. After: machine speed coding, machine speed verification. Provably correct, end-to-end, in under a second. We have Vericoding working at ICME Labs. DM to try it or collab!

How to Read a ZK Protocol? How to find High impact Vulnerability in zkp? - When reading any ZK protocol, ask these questions: - What is the statement? - What is the witness? - What is public? - What is private? - What does the prover control? - What does the verifier check? - Where does randomness come from? - What is committed? - What is challenged? - What is revealed? - What remains hidden? - What assumptions are required? - What happens if inputs are malformed? - What edge cases exist? - What exactly does verification guarantee? These questions are simple. But they are powerful. They turn you from a passive reader into an active reviewer. That is how you begin thinking like a ZK engineer. And eventually, like a ZK security researcher who find High impact bugs!!

I found a critical soundness bug from Jolt zkVM by @a16zcrypto , and successfully exploited it by proving 1333337 == 1333338, which is the highest impact for a zkVM. Deatils and PoC at github.com/soon-haari/jol… , please check it out! It was resolved at github.com/a16z/jolt/pull….

そこそこの規模の言語のコンパイラがClaude Codeを使ったら1週間くらいで書けてしまった。手ではもう書いてられないよなぁ。 僕がコンパイラに詳しいからできるというのは現時点では真実だろうけど、大局観のある人間とAIを組み合わせれば最強みたいな状態は将棋では数年で終わってしまったわけで。

Rustで &v[start..start+len] っていうのを、&v[start..][..len] って書けることに気づいたんだけど、これ有名なテクだったりするんすかね。startが式とかの時に一時変数に束縛しなくてもよくなったりするけど、初見だと、おや？って感じがしなくもない。

???「𝕏社会学の公理その一、承認は、ユーザの第一欲求である。その二、ユーザはたえず成長し拡張するが、𝕏におけるインプレッションの総量はつねに一定である。 それと、もう一点。この二つの公理から𝕏社会学の基本的な青写真を描くためには、あと二つ、重要な概念がある。拡散連鎖と、炎上爆発」

There are things from web3 that are essential for any meaningful agentic commerce. One overlooked one: succinctly verifiable agentic guardrails!

In Denver.. atm. If you are a VC and just want to chat about current Sota of any technical area in web3. I or anyone of my PhD team mates will give you time.. PhD meet MBA type mini sessions ;) It’s amazing how much nonsense floats around, from things people thought two years ago.. Let’s update our brains to understand SoTa and then see where it is finding pmf.

If you are a non-technical VC let's chat about TEE in Denver. It's in many specs for agentic web3 and is generally the easiest g2m.. but there are drawbacks & caveats. TEE are not a silver bullet. 1. TEE proofs are generally not succinct. So to prove on ETH/SOL/other, or on constrained devices you need to wrap in zk (zkDCAP) *You are going to have to pay more gas, use other chains, or have a zk overhead in any case. @_weidai 2. TEEs are expensive. To order a GPU-enabled TEE, it can cost upwards of $30,000 per GPU with lead times of 6 months or more .. or $2–8 per GPU-hour to rent in the cloud. Or you can use @PhalaNetwork. 3. zkML was super slow.. years ago. Modern ZKML is finding traction in real world use-case across various sectors and companies. As shown with Layer_Zero and more generally 'mathed out' by @SuccinctJT .. sumcheck based lookup centric architectures are blazing fast. 1gpu realtime proving of 1cpu is likely happening this year. *A noble endeavor with strong technical foundations 🦾 By extension our zkML variant of JOLT; Jolt-Atlas is benching at amazing speeds..speeds that even a year ago people would say it's IMPOSSIBLE. 4. Different security assumptions. You can look into this for whatever tech (ZK, TEE, FHE, whatev).. trust hardware providers, trust math.. trust slashing.. etc. --- The golden grail 🥛 is use-case. Users pick what they need and operators *should* pick the tech to match. Do the users care about cost (price elastic)? Can they afford TEE? Do they trust NVIDIA? Do users even want blockchain? Do we need ZKML? As some smart skeptical people have asked. @VitalikButerin ✅Yes for very specific use-case. For our users.. we wrap a well known big cloud approach to agentic guardrails (AR); in a very web3 way (zkML). Natural language -> to formal logic (special SLM) = protects up to 99%. This is compared to human-in-the-loop, heuristics, and observability.. which at best get up to 88%.. 12% of the time the airplane crashes.✈️🫣 windy day... The issue with this approach is that AR is not succinctly verifiable. Its black boxed. The policy needs to be public. But with the tech we have at @icme_labs / @NovaNet_zkp makes it succinctly verifiable with minimal trust assumptions 🥁 When we meet.. we can talk about some economics around agentic guardrails. TL;DR. The only way we will have secure machine speed agentic commerce — is with machine speed verifiability. Humans (principals) will never be able to keep up with agents moving at machine speed. Reputation, human tracing, stopping to check spooky looking transactions.. will not scale. This economic fact REQUIRES succinctly verifiable proofs (ZK).. if you want e2e verifiability with private policies it REQUIRES zkML. zkML is the standard, for guardrails. eips.ethereum.org/EIPS/eip-8004

SNARKで何かをしたいとき、 "計算するな検証しろ” というのを常に考えたい

FoldingScheme を切り拓いた Srinath Setty さんが、Microsoft の週3勤務の職を三つ募集しているようです！ 1. Nova/SDKの開発、GPU最適化など。 2. ZK検証のSolidityコントラクト開発など。 3. トップ国際会議での論文発表など。 条件 1-2.はCS関連の学士号と4年の経験 3. はCS関連の博士号・課程

Justin Thaler からの量子計算機まわりの注意喚起 1. 過剰に恐れないこと 2. 適切な場所に適切な時間をかけること 3. 一番怖いのは急いだ結果の実装バグ 機密が漏れる可能性のある暗号から対策を始める。量子計算機が登場しても、偽の署名や証明が作られるだけで、SNARK のゼロ知識性は破られない

8年前のzcachのスレッドにて、TNFS は既存の攻撃手法の NFS よりも速く、 BN254(BN_128) は想定よりも弱いのではと議論された。 その後、多くのプロジェクトはより大きな BLS12-381 への移行を進めたが、 現在に至るまで TNFS は NFS よりも遅く、これは空振りの警告だったのではないかというお話。

"プライバシーを守るのは公衆衛生と似ている"（かなりの意訳）

LatticeFoldとNeoのAjtai Commitmentだけど、on-the-fly にpublicパラメータを生成できるのはとても良い。ただ、乱数の行列を作るだけ。 しかも、コミットメントがたったの2KiB だけど、とにかく乱数の数が多い！ witness数*16*64 個の乱数を生成しないといけなくて、下手すると1億個の乱数が必要！

人類はすでにビットコインだけで、2^96 回分のハッシュ計算をやってしまったらしい。 このePrintが出たタイミングで、セキュリティビットが128bit ほど必要なことが、ある意味確かめられたわけで、すごく面白い。 x.com/VitalikButerin…

31 bit 程度の小さな体を使ったHashベースの SNARG/STARK では、パラメータをギリギリまで攻めるのは想定ほど安全ではない、とのことで、 KoalaBear, BabyBearなどを使う場合には、少し注意が必要かもしれない。 著者のGiacomoはEPFLのZK研究者で、共著のAntonioは Ethereum Foundationの暗号研究者

"サービスや便利さの値段は、どれだけプライバシーを諦めるかで決まってしまっている" (意訳)

Ligeroの共同創業者のMuthuによると、端末で省メモリに証明できる変更がplonky3へマージされたとのこと。 世界的なメモリ高騰の中でのこのコントリビューションは、plonky3を使う全員にとって嬉しいはず!

この人たちだけを追えばいい、のZK界を引っ張る人たちのリスト作ったので、よければ皆さんもフォローしてみてください🦾 x.com/i/lists/199645…