Mhoc Yar

imo you're missing Censorship Resistance point we're NOT trying to protect users from their Tx ignored by evil leader we're protecting MMs from their stale quotes being taken advantage of and we solved it with propAMMs, whose updates pay x100 more (per CU) so ordering in-protocol by fee/CU solves it, except we have leaders who *intentionally* ignores these higher-paying updates THAT is why CR is important - bc it takes away from validators the ability to order & exclude Tx - leading to predictable execution x.com/uriklarman/sta…

track here and avoid installing anything until this is resolved socket.dev/blog/tanstack-…

Introducing Zinc+, where we tackle the problem of arithmetizing and proving computations unfriendly to finite fields. Examples: classic hashes, hash + signature, lattice ops., etc. We prove 7 SHA-256 compressions followed by the ECDSA MSM with:

👇

Asked Opus 4.7 to check the proofs in 20 crypto papers (10 Eurocrypt, 10 recent ePrint): it reported gaps/errors in 19. I verified a few simple issues but couldn't investigate the rest, and some are likely false positives. Most results probably hold, one EC paper is shaky. DM me for details and Opus reports.

I found a critical soundness bug from Jolt zkVM by @a16zcrypto , and successfully exploited it by proving 1333337 == 1333338, which is the highest impact for a zkVM. Deatils and PoC at github.com/soon-haari/jol… , please check it out! It was resolved at github.com/a16z/jolt/pull….

Warp is now open-source.

We found the same Fiat-Shamir bug in six independent zkVMs. The result: an attacker can bypass the cryptography entirely and prove mathematically impossible statements (like minting $1M out of thin air). Full breakdown ↓

Both protocols used Circom + snarkjs, the most common stack for Groth16 deployments. The bug? They skipped Phase 2 of the trusted setup: the circuit-specific contribution step. Without it, the verification key's γ and δ parameters are both set to the same value: the G2 gens

- OOPS: One-time Oblivious Polynomial Signatures - Argo MAC: Garbling With Elliptic Curve MACs - The Billion Dollar Merkle Tree - Aborting Random Oracles: How to Build Them, How to Use Them - Private Proofs of When and Where - Round-Optimal Pairing-Free Blind Signatures - BABE: Verifying Proofs On Bitcoin Made 1000x Cheaper - Jindo: Practical Lattice-Based Polynomial Commitment for Zero-Knowledge Arguments - A SNARK for (Non-)Subsequences With Text-Sub-Linear Proving Time - Policy-based Access Tokens: Privacy-Preserving Verification for Digital Identity - zkRNN: Zero-Knowledge Proofs for Recurrent Neural Network Inference - Formalizing Privacy In Decentralized Identity: A Provably Secure Framework With Minimal Disclosure - Lether: Practical Post-Quantum Account-Based Private Blockchain Payments - HYPERSHIELD: Protecting the Hypercube MPC-in-the-Head Framework Against Differential Probing Adversaries Without Masking - Designated-Verifier Dynamic zk-SNARKs with Applications to Dynamic Proofs of Index - Structured Matrix Constraint Systems for Architecture-Hiding Succinct Zero-Knowledge Proofs for Neural Networks

Today, I’m excited to (finally) welcome Minimmit to the @commonwarexyz Library. Implemented independently by both @GTE_XYZ and @vex_0x, Minimmit clobbers our benchmarks: [USA]: 51ms blocks (-40%) | 87ms final p75 (-35%) [Global]: 142ms blocks (-30%) | 269ms final p75 (-15%)

We have identified a bug in the proof and currently do not know how to fix it. We leave the eprint as is with more info on what the bug is, because we think some ideas can still be useful.

Super exciting work from Ziyi and Eylon! They construct the first SNARG for NP in the *plain* model (no random oracle) using *only* (subexponential) LWE! Perhaps most surprisingly, the SNARG is one (very clever) instantiation of the classical Killian-Micali construction!

1/ Quantum computing predictions lately range from "public key cryptography will be broken in 2 years" to "it's a century away." Both are wrong. My latest post explains what publicly known progress actually supports — and what blockchains should do about it. Thread below 🧵

wrote a thing about the recent proximity things. Let's see if we can explain proximity gaps without getting lost in moon math! Find it on the @zksecurityXYZ blog, link below

The mcp batch frame, let’s say 20ms, would mean that everyone within a 10ms lightcone gets the same fair auction outcome. So the mcp region can be deployed near the signal source, like Binance or CB or CME, and the users can collocate in that region anywhere within 10ms. So no one has a structured advantage because 10ms is fixable over a weekend.

proximity gap result: the distance between my understanding and the latest findings is increasing exponentially

@_patrickogrady @bdanweiss @FortuneMagazine @tempo This rocks. Very good fit. Congrats!

@bdanweiss @FortuneMagazine @tempo Want to help? Apply now (up to 1% equity): commonware.xyz/hiring

Welcome, @tempo Today, we're thrilled to share that Tempo is building with the @commonwarexyz Library, supporting our growth as a new core contributor, and accelerating our research and engineering with a strategic investment. commonware.xyz/blogs/welcome-…

Worried that teams are apparently using systems with 80 (conjectured) bits of security in production, to secure potentially billions of dollars... Really hope the community settles on at least 100 bits, as also proposed by @SuccinctJT back in 2022 a16zcrypto.com/posts/article/…

Further degradation of lattice security levels: eprint.iacr.org/2025/1910 A few bits demonstrated experimentally; ~10 bits at cryptographic sizes? Next step would be to work out the impact of collision searches and HGJ-style techniques (see Section 4.3 of #hybrid" target="_blank" rel="nofollow noopener">cr.yp.to/papers.html#hy…).