Julian Sutherland @ ZKProof

1/ Formal verification is taking over. The Lean language is massively advancing cryptography. There’s huge bullishness around combining AI, raw ASM code, and Lean 4 formal verification to guarantee mathematically bug-free systems at the lowest level.

I am *SO* excited by what will come out of @nethermind’s ZK formal verification effort for the @aptos keyless circuit, which I’ve had the pleasure of being a small part of 🫶

Very excited about this! Amazing work! Benchmarks for the CLAP framework coming soon!

Introducing Zinc+, where we tackle the problem of arithmetizing and proving computations unfriendly to finite fields. Examples: classic hashes, hash + signature, lattice ops., etc. We prove 7 SHA-256 compressions followed by the ECDSA MSM with:

Really fun talk, thank you for having me, get ready for part 2 at ZKProof!

IOPFest in less than 4 days! Go register on the website if you haven't already! We have an amazing lineup of talks ready for you (in thread)

@leonardoalt I think it's worth noting that the EVM semantics we developed are executable and pass all execution tests for Cancun! Hoping to bump this to Osaka compatibility soon.

What's actually trusted: 1. Lean's type checker. 2. EVMYulLean's EVM model (+ 2 axioms: precompile purity, CREATE non-collision). 3. Five structural assumptions about chain state at entry. None are about WETH's bytecode behavior.

Can AI write EVM bytecode + a Lean proof of solvency under arbitrary reentrancy, bypassing the compiler entirely? Yes! In this experiment we create 86 bytes of WETH bytecode plus a sorry-free Lean solvency theorem 👇 (thread + link below)

WHIR 🌪️ is now merged into Plonky3! Excited to see the future improvements and what people will build leveraging the multilinears ;)

@SecurityElena @NethermindSec @fastreedsolomon To clarify the reimplementation is not yet in production, and the formal verification of the circuit and infrastructure around it are still in ongoing development.

@NethermindSec @JulekSU @fastreedsolomon lean zk proofs are cool but auditors matter. aptos keyless circuit reimplementation flagged in coinstats

This week from @JulekSU and the Formal Verification team: · zkDSL progress in Lean · Bluebell program logic formalization · STIR/WHIR IOPP work landing in ArkLib with @fastreedsolomon ⬇️ x.com/JulekSU/status…

Some things happening in the Nethermind formal verification team this week: - Our CLAP zkDSL embedded in Lean has been progressing by leaps and bounds: - Support for compiling larger circuits and a full reimplementation of the Aptos (tag) keyless login circuit. - On-going work on implementing bignum multiplication for RSA key verification - Continued work on our formalisation of the Bluebell program logic in Iris-Lean: formalised the resource model of Bluebell and defined assertions such as the joint conditioning modality and weakest precondition (Hoare triples), which are crucial for proving properties of probabilistic programs. - @fastreedsolomon Continued work on formalising the STIR/WHIR IOPPs in Lean: - New implementation of FFT domain and integration into ArkLib FRI model. This will broadly make the implementation of new IOPPs into ArkLib easier. (github.com/Verified-zkEVM…) - Formalised generalised polynomial folding and theorem 4.6 from the STIR paper: github.com/Verified-zkEVM…

By @JulekSU (Head of Formal Verification, Nethermind) and @Reggia91 (ISO/TC 307 / CEN/JTC 19 Accredited Expert). nethermind.io/blog/formal-ve… Proving zkVM correctness is one layer. Audits, ZK review, and AI-augmented detection are the others. Nethermind does all of them.

New Lean use case: Veil, a multi-modal verification framework for distributed protocols from George Pîrlea, Vladimir Gladshtein, Elad Kinsbruner, Qiyuan Zhao, and Ilya Sergey at NUS. No single verification technique is sufficient for distributed protocols. Veil's approach: write a model once, then apply concrete and symbolic model checking, SMT-based proofs, and interactive theorem proving from a single executable specification in Lean. "As Lean's meta-programming, proof automation, and IDE infrastructure continue to mature, the case for embedding verifiers inside Lean only grows stronger." 🔗See the use case page for more: lean-lang.org/use-cases/veil #LeanLang #LeanProver #FormalVerification #SoftwareVerification

A big technical breakthrough in ZK: we've just successfully executed our first mainnet blocks with ZK-Nethermind on @ziskvm. This means the battle-tested @Nethermind EVM can be used in Ethereum’s ZK future. 1/2

@alinush Always at your service Alin 🫡🫡

@JulekSU and if I didn't attend, but still want to talk formal methods in the ctx of zk and crypto?

If anyone attending EthCC wants to talk formal methods, particularly in the context of zk and cryptography, please reach out!

@vitorpy @Nethermind @ant_sabado We've now released this under an Apache V2 license, go crazy 😁

Do I know anyone at @Nethermind? Is it kosher to use this repo github.com/NethermindEth/… for exploration/research? CC: @ant_sabado

We've tried bug bounties. We've tried audits. Protocols still get rekt. Is math the only answer left? Discussing with @The3D_ and Quentin at Rekt Security Summit. March 27, Cannes.

Rekt Summit: @Lucianadeveth @Kecman_Peter @JulekSU EthCC: @duckdegen @tkstanczak @ConorMcMenamin9 @_deanstef

The Formal Verification team is collaborating with Aptos to develop a formally verified version of the Aptos Keyless Login circuit. Keyless Login allows users to create and authenticate Aptos accounts using OIDC identities such as Google or Apple ID.