Adedoyin

Day 15/100 of ZK 🔐 Today we moved to lattice-based cryptography, the backbone of post-quantum security and the go to foundation for powerful Fully Homomorphic Encryption (FHE). First, lattices in pure math: A lattice is a discrete subgroup of ℝⁿ generated by integer linear combinations of basis vectors. Think of it as an infinite grid of points in high-dimensional space, regular but sparse. Key hard problems include: * Shortest Vector Problem (SVP): Find the shortest non-zero vector in the lattice. Brutally hard in high dimensions. * Closest Vector Problem (CVP): Given a target point (not necessarily on the lattice), find the closest lattice point. These worst-case problems are believed to resist even quantum attacks, unlike factoring or discrete logs, which Shor's algorithm crushes. Learning With Errors (LWE): Introduced by Regev, LWE turns these into average case hardness perfect for crypto. Given matrix A ∈ ℤ_q^{m×n}, secret s ∈ ℤ_q^n, and small error e (from a discrete Gaussian or similar), samples are (a_i, b_i = + e_i mod q). Recovering s from many samples is as hard as solving approximate SVP/CVP in the worst case. Why lattices for FHE? FHE lets you compute on encrypted data without decrypting — add/multiply ciphertexts to get encrypted results. Classic encryption (RSA, ECC) breaks under quantum threats, and even classically, it can't support unlimited homomorphic ops without noise explosion. Power of FHE: True privacy preserving cloud computing, secure ML on encrypted data, confidential smart contracts — compute anything (arbitrary circuits) while data stays encrypted end-to-end. Lattice-based schemes dominate practical FHE because LWE/Ring-LWE supports noisy but homomorphic operations, with bootstrapping to refresh noise and enable unlimited depth. TFHE (Torus FHE): A fast, practical FHE variant working over the torus ℝ/ℤ (real numbers mod 1). It uses TLWE/TRLWE samples (noisy linear equations on the torus) and GSW-style ciphertexts for fast bootstrapped binary gates. TFHE excels at Boolean circuits, with very efficient gate bootstrapping. Lattice crypto, via LWE and variants, delivers quantum resistant primitives and enables FHE's holy grail: arbitrary computation on encrypted data. The "noise" in LWE hides secrets while allowing meaningful ops, and lattices' hardness survives quantum scrutiny. Thanks a lot @Dev_esayayo for your taking me through the math behind ZK, and for being patient throughout the process.

Week 3 of my zero-knowledge journey with @Web3Bridge... Absolutely Interesting. This week pushed me to my limits and had me questioning all my life decisions at 2 AM 🤣. But honestly? That's when you know you're learning something real.

For two weeks, our ZK cohort dove deep into one of the most complex areas in Web3. Having a mentor who is calm, patient, and understands how to simplify the difficult makes all the difference. To Mentor @Dev_esayayo , thank you for your clarity, your teaching style, and your commitment to helping students truly understand not just memorize. We appreciate you. 🚀🙌 #Web3bridge #ZeroKnowledgeProofs #TechEducation #Web3Learning

@Web3Bridge Thank you for the opportunity 🤗🤗

Day 13/100 of ZK 🔐 Today we finally reached one of the most important building blocks in modern zk-SNARKs: Polynomial Commitment Schemes (PCS). A commitment scheme is a cryptographic primitive that works like a digital envelope, you commit to a value now (hide it), and later you can open/reveal it exactly as committed, without being able to change your mind. Two core security properties: * Hiding: The commitment reveals nothing about the committed value (looks random to anyone who doesn’t know the opening). * Binding: Once committed, you cannot open to a different value. A Polynomial Commitment Scheme (PCS) extends this to entire polynomials instead of single values. You commit to a polynomial f(x) of known degree, then later prove statements about it (most commonly “f(a) = b for this point a”) with a very small proof that anyone can verify quickly. A typical PCS has four main algorithms: * Setup: Generate public parameters (often via a trusted setup ceremony). * Commit: Produce a compact commitment C to the polynomial f(x). * Prove evaluation: Generate a short proof π that f(a) = b (without revealing f). * Verify: Check that the proof π is correct for the given commitment C, point a, and claimed value b. Many PCS require a trusted setup, a one-time ceremony that produces structured reference strings (SRS). If the toxic waste from setup is destroyed, the scheme is secure, if leaked, fake proofs can be forged. Zero polynomial The zero polynomial is the polynomial that is identically zero everywhere (all coefficients = 0). In ZK, many protocols reduce the proof of correct computation to showing that a certain “error” or “constraint” polynomial is the zero polynomial. Proving “this polynomial is identically zero” is much easier than proving arbitrary properties, you just show it evaluates to zero at enough random points (or use techniques like sum-check). If it’s zero at more points than its degree, it must be the zero polynomial everywhere (by fundamental theorem of algebra over fields). The big picture in zk-SNARKs: SNARK = IOP (Interactive Oracle Proof) + PCS The IOP gives an interactive protocol with oracle access to polynomials, the PCS turns those oracle queries into short, non-interactive proofs via commitments and evaluation proofs. KZG (Kate-Zaverucha-Goldberg) commitment scheme is one of the most widely used PCS today (especially in PLONK, Marlin, and many Ethereum zk-rollups). It uses bilinear pairings on elliptic curves and a trusted setup to produce very small evaluation proofs (usually just one group element). PCS lets us hide entire polynomials and prove evaluations succinctly, turning huge computations into small, verifiable claims. KZG + trusted setup + zero-polynomial checks = the succinctness engine behind most production zk-SNARKs today. #ZeroKnowledgeProof #Math

@Sultan0fSwagg @MylesGaret64559 @Anthony_Bonato I'm sorry to hear that, what happened? If you wish to share, my dm is open

@Dev_esayayo @MylesGaret64559 @Anthony_Bonato pls wish me luck bro im prop going on academic probation

The professor who wrote this math test was trolling with those instructions

@Sultan0fSwagg @MylesGaret64559 @Anthony_Bonato I mean you will get used to the textbook

@Dev_esayayo @MylesGaret64559 @Anthony_Bonato pattern in what

@Sultan0fSwagg @MylesGaret64559 @Anthony_Bonato At the beginning yes, but eventually you will see the pattern

@Dev_esayayo @MylesGaret64559 @Anthony_Bonato Adedoyin but its so hard

@EmilMieilica @leonardog27 @CompSciFact FFT is fast because it breaks a big problem into smaller ones. Instead of doing n^2 work like the normal method, it: Splits the problem in half, solves each half and repeats this about log n times. I understood this when I was trying to implement Lagrange interpolation of polys

@leonardog27 @CompSciFact I'm even more confused than before 😂

The Fast Fourier Transform takes O(n log n) operations to transform a vector of length n.

@MylesGaret64559 @Anthony_Bonato Rudin is nice for beginners 💯

@Anthony_Bonato Trolling with a calculator, definitely. Using Rudin's Real Analysis as the course text, probably.

Day 12/100 of ZK 🔐 Today was a deliberate repeat of Day 11, we went back over cyclic groups, the discrete logarithm problem, Diffie-Hellman key exchange, the generalized DLP, and elliptic curves. Reinforcement for better understanding. Sometimes the second (or third) pass is when the concepts really lock in. Seeing how the shared secret emerges from exponentiation without ever sending the exponents, why prime-order cyclic subgroups are non-negotiable for security, how the same DLP hardness applies across different algebraic structures, and why elliptic curves give us a more efficient, stronger version of the same one-way function. Mastery in crypto and ZK comes from revisiting the foundations until they feel intuitive. Cyclic groups + DLP/ECDLP remain the bedrock of secure key agreement, signatures, and most ZK protocols.

Day 11/100 of ZK 🔐 Today we continued exploring cyclic groups and connected them directly to the discrete logarithm problem (DLP), then looked at Diffie-Hellman key exchange, the generalized DLP, elliptic curves, and their analytical expression. Cyclic groups are groups in which one element can generate all other elements in the group (the element is called primitive or generator ) under the group operation. In ZK and crypto, we always use cyclic groups of prime order because of their properties: One generator for every element except the identity, and the discrete log problem stays hard. They maximize security. The discrete logarithm problem (DLP) is the core hardness assumption here. Given a generator α and an element A = α^a (mod p), finding the secret exponent a = log_α A (mod p) is believed to be computationally infeasible for well-chosen groups (large prime order, no special structure). This one-wayness is what secures many protocols. Diffie-Hellman key exchange uses exactly this hardness. Alice picks private exponent α, computes A = α^α (mod p) and sends A publicly. Bob picks private exponent β, computes B = α^β (mod p) and sends B publicly. Alice computes the shared secret: B^α = (α^β)^α = α^(αβ) (mod p) Bob computes the same: A^β = (α^α)^β = α^(αβ) (mod p) Both now share the secret key α^(αβ) (mod p). An eavesdropper sees α, p, A, and B but must solve the DLP to find α or β (or compute the shared secret directly, which is the Computational Diffie-Hellman problem, which is still hard if DLP is hard). Generalized DLP The same problem exists in any cyclic group (G, ∘) with operation ∘ and order n (size |G| = n): given generator g and h = g^x, recover x. The hardness depends on the group: classic multiplicative groups mod p, elliptic curve groups, etc. Each setting can offer different security levels or advantages (e.g., elliptic curves give smaller keys for equivalent security). Elliptic curves are the most common setting for modern DLP today. An elliptic curve over a finite field is defined by an equation of the form y² = x³ + a x + b (mod p), the analytical (equation) form. Points on the curve form an abelian group under a geometric “chord-and-tangent” addition law. Scalar multiplication k·P = P + P + … + P (k times) is easy, but the inverse — given Q = k·P, find k—is the ECDLP (elliptic curve discrete logarithm problem), which is currently harder than classic DLP for the same bit size, which is why elliptic curves dominate in signatures, key exchange, and zk-SNARKs.. Analytical expression This simply refers to the explicit equation that defines the curve, like y² = x³ + a x + b over the field. Choosing a and b such that the curve has no singularities, has large prime order, and resists known attacks is critical for security in protocols. Cyclic groups + DLP hardness = the foundation of secure key exchange and signatures. Elliptic curves give us a stronger, more compact version of the same idea, which is why most modern ZK systems (Groth16, Plonk, etc.) run on EC groups. #ZeroKnowledgeProof #ZK #Math

@blip_tm @lauriewired This is very correct 💯

@lauriewired pretty important to note that this only works when you’re working over the integers mod q! it’s not a computationally hard problem over the regular integers

@lauriewired Solid article🔥, I used LWE in my final year project at UNILAG. For you to understand LWE, you have to understand Learning without error which is basically solving systems of linear equation

Day 10/100 of ZK 🔐 Today we stayed focused on polynomials, digging deeper into multilinear polynomials, revisiting Lagrange interpolation, exploring partial evaluation, and getting an intro to arithmetization — the bridge from computation to polynomials. Multilinear polynomials These are multivariate polynomials where each variable has degree at most 1. Simple example: f(x, y) = 4 + 6x + 9y + 11xy No squared terms, no higher powers, just products of different variables (or single ones, or constants). In ZK they work because many computations (especially boolean circuits or hypercube sums) naturally produce multilinear extensions. This keeps degrees low, which means smaller proofs, faster verification, and more efficient protocols like sum-check. Lagrange interpolation The straightforward method that finds the unique lowest-degree polynomial that passes exactly through every one of those points. Picture it as building the curve piece by piece: for each known point, you create a small “helper” function that is 1 only at that point and 0 at all the others. Then you scale each helper by the known value and add them up. The result is the full polynomial equation. This is used in ZK to open commitments (“prove the value at this point is correct”) and in secret sharing (rebuild the secret from enough points). Partial evaluation When you have a polynomial with several variables, partial evaluation means plugging in values for some of them, leaving the others free. Example: f(x, y, z) = xy + 3z + 5x + 2 Set y = 2 and z = 1 → f(x, 2, 1) = x·2 + 3·1 + 5x + 2 = 7x + 5 You’ve reduced a complicated 3-variable polynomial to a simple one-variable one. ZK protocols (especially sum-check) use this repeatedly: fix variables one by one, reduce the dimension step by step, and prove each smaller piece until only a single evaluation remains to check. Arithmetization (first intro) This is the process of turning any computation (code, circuit, execution trace) into one or more polynomial equations that must hold true. Once everything is polynomials, the prover can use commitments, evaluations, and interpolation tricks to prove the computation was done correctly without revealing private inputs. Multilinear polynomials keep things fast and low-degree; partial evaluation shrinks big problems layer by layer; Lagrange lets us reconstruct from points; arithmetization translates real-world programs into the math language ZK can prove. #ZK #ZeroKnowledgeProof #Cryptography #Math

Week 2 of my zero-knowledge journey with @Web3Bridge is complete, and I'm having an absolute blast! 🔥 The mathematics behind cryptography is incredibly fascinating.

Day 9/100 of ZK 🔐 Continued with the group theory, bijections, rings, and then straight into polynomial territory. Group theory deep dive: A subgroup is simply a smaller group living inside a bigger one. A subgroup H of group G is a subset that is itself a group under the same operation: closed, has identity, inverses, associative. Conditions: non-empty, closed under operation & inverses. Cyclic groups are generated by a single element g: G = {g^k | k ∈ ℤ} (or mod order for finite). Most ZK-friendly elliptic curves use cyclic subgroups of prime order for security (ECDLP hard). Group homomorphism φ: G → H preserves operation (φ(a * b) = φ(a) * φ(b)). Isomorphism is a bijective homomorphism, basically a structure-preserving relabeling of elements. Bijection = one-to-one and onto (every element in target maps uniquely from source). Rings: A ring is a set with two operations (usually + and ×): (R, +) is an abelian group, × is associative + distributive over +. Types we touched: commutative rings (× commutative), rings with identity (has 1), integral domains (no zero divisors), fields (every non-zero element has × inverse). Finite fields F_p (p prime) and polynomial rings are everywhere in ZK. Then we reached polynomials, the real workhorse A polynomial is a sum of monomials (coefficient times variable to a power). Univariate = one variable, e.g., f(x) = 4x³ – 2x + 7. Multivariate = several variables, e.g., f(x,y) = xy + 3x + 2y + 5. Multilinear polynomials are special multivariate ones where no variable appears to power higher than 1 (very useful for efficient protocols like sum-check). Evaluation and Interpolation: Evaluation just means “put a number in place of the variable and calculate the result.” Example: f(x) = 2x + 3 f(5) = 2×5 + 3 = 13 That’s it. In ZK we evaluate at hidden points to check properties without showing the whole polynomial. Lagrange interpolation: Imagine you have a secret curve (the polynomial) and you only know a few exact spots it passes through, like: * At x=1, the height is 4 * At x=3, height is 10 * At x=5, height is 28 Lagrange interpolation is the clever recipe that rebuilds the exact polynomial that goes through all those spots, and it’s guaranteed to be the unique lowest-degree one that fits perfectly. It works by creating little helper curves (basis polynomials) that are 1 at one known point and 0 at all the others, then blending them together weighted by the known heights. This is the backbone of Shamir secret sharing and many polynomial commitment opening proofs.

@Marvysmind Love seeing the progress 🔥 Solid foundations today. keep going!👏👏👏👏

Day 8/100 of ZK 🔐 Today we worked on more solutions on RSA, generating keys, encrypting/decrypting small messages, and seeing how extended Euclidean delivers the private exponent in practice. Then we shifted gears into the algebraic foundations that underpin elliptic curves, finite fields, and the group structures in modern ZK: set theory, binary operations, and an introduction to group theory. Set theory basics we covered: * A set is a collection of distinct objects (no duplicates, no order). * Finite sets have a well defined boundary (e.g., {1, 2, 3}). * Infinite sets go on forever (e.g., natural numbers ℕ, integers ℤ). * Cardinality |S| measures “how many” elements in a set. * Countability: a set is countable if you can list its elements in a sequence (bijection with ℕ). * Subset: A ⊆ B means every element of A is also in B. Proper subset A ⊂ B excludes equality. Binary operations and properties: A binary operation * on a set S takes two elements from S and produces one in S (e.g., addition +, multiplication × on integers). Key properties we reviewed: * Closure: a * b is always in S * Associativity: (a * b) * c = a * (b * c) * Commutativity: a * b = b * a * Identity element: exists e such that a * e = e * a = a * Inverses: for each a exists b such that a * b = b * a = e * Distributivity (when two operations coexist, like + and ×) Group theory intro: A group is a set G with one binary operation * that satisfies: 1. Closure 2. Associativity 3. Identity element 4. Every element has an inverse If it’s also commutative → abelian group. Examples: (ℤ, +) is an infinite abelian group; (ℤ/nℤ, + mod n) is finite cyclic, multiplicative group of units modulo n (numbers coprime to n under × mod n) is crucial for RSA (order φ(n)). Why this matters for ZK: Elliptic curve points form an abelian group under point addition. Finite fields F_p are fields (groups under + and ×*). Cyclic groups and their generators drive discrete-log hardness in protocols like Schnorr signatures and early zk-SNARKs. RSA is just one application, group theory gives us the algebraic structure where “one-way” operations live.

@Marvysmind Great session today 👌 Solid foundations: primes, CRT, inverses (this is how strong cryptographers are built. Keep going) 💪

Day 7/100 of ZK 🔐 Today was about primes, modular inverses, Chinese Remainder Theorem, extended Euclidean, Euclid’s lemma, Fermat’s Little Theorem, and a first taste of RSA. Prime numbers are the building blocks, integers >1 divisible only by 1 and themselves. Two integers a and b are relatively prime (coprime) if gcd(a, b) = 1. This is crucial because only when a number is coprime to the modulus n does it have a modular inverse. The modular inverse of a modulo n is an integer b such that a·b ≡ 1 (mod n). It exists if and only if gcd(a, n) = 1. The extended Euclidean algorithm computes both the gcd and the coefficients: given a and n, it finds x, y such that ax + ny = gcd(a, n). When gcd = 1, x is the inverse (mod n). This algorithm is the workhorse for inverting elements in finite fields and rings used in ZK. Euclid’s lemma states that if a prime p divides ab, then p divides a or p divides b, key for unique factorization and many primality proofs. Fermat’s Little Theorem says that if p is prime and a is not divisible by p, then a^(p-1) ≡ 1 (mod p). This gives a quick way to test primality (Fermat primality test) and underpins exponentiation tricks in crypto. Chinese Remainder Theorem (CRT) tells us that if n = p₁·p₂·…·p_k where the p_i are pairwise coprime, then the system of congruences x ≡ a_i (mod p_i) has a unique solution modulo n. CRT is everywhere in ZK, it lets us decompose computations across small primes for faster proving (e.g., in some SNARK backends) and combines results efficiently. RSA cryptography ties it all together: choose two large primes p and q, set n = p·q, compute φ(n) = (p-1)(q-1), pick public exponent e coprime to φ(n), compute private d = e⁻¹ (mod φ(n)) via extended Euclidean. Encryption: c = m^e (mod n); decryption: m = c^d (mod n). Security rests on the hardness of factoring n back into p and q, plus Fermat/Euclid tools for key generation and inversion. These theorems aren’t abstract trivia, they directly enable modular inverses (for signatures and fields), efficient decomposition (CRT in proving), fast exponentiation checks (Fermat), and the factoring assumption that still secures huge parts of crypto and early ZK constructions.