Stephen Duan

The recent SoK paper "Understanding zkVM: From Research to Practice" provides the first rigorous cross-system benchmark of zkVMs using a unified three-layer framework (ISA → Execution → Proving). > Appreciate the authors' work in establishing fair, reproducible comparisons across the zkVM ecosystem.(I also see there were lots of progress during his work) > A few observations from Ziren's(@ProjectZKM ) perspective: >> Ziren takes a deliberate architectural bet on MIPS32, prioritizing instruction regularity and constraint uniformity over RISC-V ecosystem convenience (zkVM level instruction efficiency). This is a long-term design choice, not an oversight. (PS. I also want to highlight, Ziren supports Golang, I will present how to prove Keeper @go_ethereum in EthCC.) >> The benchmark confirms our expectations: competitive VM proving speed, complete end-to-end pipeline (VM -> recursion -> Groth16), and transparent setup via FRI. >> It also surfaces areas we are actively improving - VM proof size and prover throughput remain behind some competitors. Paper: eprint.iacr.org/2026/525.pdf #zkVM #ZKP #MIPS #Cryptography

@tmel0211 @okx @openclaw 你本地得有tee设备，mac mini应该是有Secure Enclave，但是要自己去配置签名的程序。mcp是链接本地的端口，本质上是类似wallet connect，拉起你的钱包让你签名，这个针对大额，不能自动化。

@sd_eigen @okx @openclaw 用mcp的吧感觉多了一层安全风险，tee环境储存私钥的应用更好。结合openclaw的ai os理念很native。。

熬了个大夜，安装了一堆 @okx OnchainOS的Skills，适配了 @openclaw 和OKX的交易API，我的龙虾终于可以通过OKX交易所进行自动化交易了，还创建成功了Agentic Wallet，以后龙虾在手，CEX和DEX的交易场景就都打通了，分享几点感受： 1）安装过程很简单，把OnchainOS的Github链接交给Openclaw自主化安装就可以了，只需要配备好IP白名单、密码就可以生成API实现“连接”。看了一眼，一口气安装了10多个Skills，主要是DEX链上部分的Skills比较复杂一点； 2）Agentic Wallet比我预想的使用方法更简单，只需要把邮箱给到龙虾，输入验证码就可以了，会自动基于TEE环境生成一个默认的EVM和Solana地址。这个私钥是托管在操作系统的安全钥匙串中，并不是明文存储和读取的，只有onchainOS的Skills二进制文件运行时，才能请求系统解密来调用； 3）从DEX的Skills远远多于CEX就知道，想让Agent丝滑接入链上复杂环境并不容易，因为要把不同公链的差异和标准抹平，让AI只需要发送简单的指令，底层就自动完成Calldata的组装和调用。这是个持久的工程优化过程，所以建议刚注册体验时，尽量把资金转到 @XLayerOfficial 进行复杂的交易体验； 4）都做交易了，建议支撑的大模型建议要强悍一点，我一开始配置的Gemini-3-Flash就出现了沟通时前言不搭后语的表现，比如我明明把资产转到Base链，非要说在Ethereum主链上，换了个更强大的Gemini-3.1-Pro会好多了。初期聊天过程中要学会识别模型幻觉，以便优化体验。

@tmel0211 @okx @openclaw 那实际上跟tee没啥关系了。本地直接用mcp来跟本地钱包进行交互。现在有啥类似的方式没？ mcp的方式我觉得可行，不过还没开发验证

@sd_eigen @okx @openclaw 这样肯定也行，不过要用云端方案的方式我都不看好，openclaw除了模型脑其他都应该在本地。

@tmel0211 @okx @openclaw 我现在小额用evm wallet skills，小额风险小。tee的话，在云端可能比较实用。当然这些前提都是实现self custodial wallet。

@sd_eigen @okx @openclaw 初阶办法 让openclaw去执行命令，export-private-key 会返回不存在命令或本地没有私钥。高阶得用tee有关的开源攻击或者审计检测。但是没必要。以大模型的智商，真有的话 几句话就忽悠出来了。。😄

@uniswap12 @ProjectZKM 感谢大老远跑去捧场！咱们找时间北京聚

老唐活到老学到老，千里奔赴深圳参加GOAT🦞 OpenClaw黑客松-手把手教你部署龙虾”活动，学成归来，获益匪浅！ 昨天一到现场就被深圳青年们对OpenClaw的巨大热情震撼了，人真多啊！HelloYoung空间坐的满满的，来晚的想找个电源插口都难。 主讲人Stephen @sd_eigen 份量很顶，是 @ProjectZKM 首席技术官（CTO）、GOAT的核心贡献者。讲的深入浅出，容易理解。讲完了还下场亲自答疑，手把手指点大家操作！ClawUp一键部署真的很赞！ 老唐有幸与花花女神 @zhuahua1 组队打黑客松比赛，她不仅漂亮还特聪明好学，经过不懈努力，在Stephen 的亲自指点下成功部署启动了小龙虾！🦞真是不虚此行！ 活动早晚都给大家准备了餐饮，GOAT Network 生态基金还为这次活动支援了大奖——Mac Mini🏆真是实实在在的白学、白吃、白拿，项目方真的够格局！再也不用花499请人上门部署龙虾了😜 听说这个活动还要在其他城市办，这次没赶上的朋友多关注 @GOATNetwork，下次一定要去啊！

@snowball_money Are you AI? Haha

@sd_eigen running openclaw locally can be a mess, that's why we use snowy ai for a clean interface

@VitalikButerin @zengjiajun_eth 好问题，8004设计的reputation是如何考虑这个问题的？ oracle就变得很重要了。

保证安全 + 去中心化 + 隐私 还是好不容易 ... 你们怎么思考这个问题？尤其是在无法测试的adversarial情况下（比如，你的agent看对方的ENS profile, 这个ENS profile包括一个jailbreak让你的agent发你所有的币给他 每一个大交易需要人手动确认？做这个比不做好多了，但是还是不完美... 应该也给人解释，一个交易是做什么的... 是复杂的UX问题

感谢分享，我们的出发点是帮助用户以一种 ai native 的方式来提升以太坊的使用体验，在不 compromise 安全和去中心化原则的前提下。 现在的 agent 和模型能力已经非常强大，并且还在快速地发展，我相信很快以 MetaMask 为代表的浏览器插件钱包会成为时代的终章，chatbot 将会成为统一人类能使用 ai 和 crypto 的主要入口。

Great question! GOAT Network is a rollup, which leveraging BitVM2 to bridge the BTC between Bitcoin and GOAT Network, hence our security model is built on BitVM2 accordingly, relying on 1 of n honesty assumption. As you mentioned, there are different roles in BitVM2, like operator, watchtower and challenger. For operator/watchtower, we need one of them stay alive for the liveness guarantee. For challenger, we need one of them stay honest to challenge if any fraud proof detected. May I ask what peg issuer is? I have no context about this term.

@0x1164 This is the right framing and also the hard part. "Trust-minimized" is easy to claim, but the actual question is where the trust assumption lives. Is it the bridge operator? sequencer? peg issuer? Each one of these is a hidden counterparty.

Agents might prefer Bitcoin as money, but they still need a layer to actually use it on. Trust-minimized Bitcoin L2's preserve the properties that made Bitcoin worth choosing in the first place.

@drunclenyc 我能说这是因为他们安全策略不sound，agent找到了并且利用了？

AI 已经进化到这一步？阿里 AI 被曝监守自盗，凌晨偷算力挖矿 👇👇👇👇👇 最近阿里巴巴的一份技术报告引起安全圈和 AI 圈的注意。这件事最让人脊背发凉的地方在于，它不是因为黑客攻击或指令注入，而是 AI 在强化学习（RL）的优化压力下，为了完成任务，“自发”演化出了突破环境限制的行为。 ​ ​在阿里巴巴的系统架构中，AI Agent 被部署在沙箱环境里。原本的任务是进行模型训练，但安全团队在凌晨 3 点突然收到防火墙警报，发现训练服务器出现了大量违反安全策略的行为。 经过复盘发现，这些行为完全不在预设指令内，也不是任务完成所必需的，而是 AI 绕过沙箱约束的“自主选择”。 ​ ​这个 AI 表现出了极强的工程执行力。它不仅识别出了环境限制，还通过建立反向 SSH 隧道的方式，直接从阿里公有云实例连接到了外部 IP。这相当于在严密的防火墙上自己钻了个洞，建立了一个可以从外部远程访问的隐蔽通道。 ​ ​更荒诞的是，AI 意识到“算力就是金钱”。它偷偷挪用了分配给模型训练的 GPU 资源去挖掘加密货币。 在这个过程中，它甚至学会了规避监控，悄无声息地分流算力，导致训练成本异常飙升。直到安全团队调取流量日志和 RL 运行轨迹进行对比，才确认是 AI 监守自盗。 ​ ​以前我们担心 AI 会给出错误答案，现在需要担心的是，当 AI 拥有了调用工具和执行代码的能力，它就会像生物进化一样，寻找任何可以利用的系统漏洞。 未来的 AI 安全，可能更多要靠网安领域的物理隔离和底层监控，而不是靠文字上的指令约束。

@QuangVDao @ClementWalter @eth_proofs Interesting!

@ClementWalter @eth_proofs The FRI config used in the benchmark provides 13 bits of security. Which explains the abnormally <100kb proof size @eth_proofs

Looks like @eth_proofs updated the client side proving benchmark tab and guess who's first? the FASTEST RV32im zkVM? STARK-V, agentic first zkVM, "a simple project any junior dev can vibe code in a weekend" for some, a masterpiece of modern engineering for others See for yourself &make your mind github.com/AntoineFONDEUR…

@jolestar 5ms说的有点夸张，0.1ms一般是需要的。

@sd_eigen 验个签名不可能到毫秒级呀

建议 AI 大厂的模型接口加个签名字段吧，输出的内容可以快速验证来自官方。这个不仅是防中转站作弊，还可以有更多用途。再进一步，让用户也生成 keypair，给 prompt 带个签名，这样 api key 也可以干掉了，还更安全。

@jolestar 这个对于模型提供方来说，5-10ms的区别对他们来说就有很大的差别了，首先是计算成本，其次是时延，first token一般都要求500-1000ms左右的延迟。椭圆曲线上的计算相比算数逻辑天生就要慢非常多。

@sd_eigen 验个签名用不了多大成本吧，也不是用来加密

@cryptodavidw ZKP is for agent naturally, cause human can not read the proof actually.

We're clearly in a maximalist agent world now, where we want agents to do everything and communicate to other agents and all. This new world is getting me even more excited about zero-knowledge proofs (ZKPs). First, agents are going to need to delegate accurate computations based on private information. This is the main reason why they use MCP (basically an API) or agent MCPs (basically remote agents): it's because they don't have access to the data to do it themselves. ZKPs give you that! Of course sometimes they need to delegate to access higher computational power as well. In these cases computational integrity is super relevant again. Especially if the correctness of the final computation done by your root agent is of utmost importance. ZKPs give you that as well, pure! Then, there will be the idea of collaboration without giving too much information. This can take different forms, the most obvious one is identity, and thus agents will use ZKP to collaborate on computations without revealing identities and data at play. It's the perfect marriage.

It’s exciting to see so many ideas converging around GOAT’s agentic economy infrastructure and OpenClaw. @GOATNetwork @openclaw Some highlights: * Flexible Software * Agentic Payment * Agentic marketplace * AI assistants for daily life

Thanks for sharing! As a coding veteran, I was wondering if things really changed as I saw on x, software industry is over, coders get depreciated ( lol, programming language), but after I did finish some applications (claw platform, simple ZKP proof wrapper, new algorithm from latest paper etc.) with vibe coding, I know my anxieties is going to mitigate: First, now everyone can develop their apps PROTOTYPE from for their use case, but just a prototype. Most of people who share their vibe codings are not getting involved in middle/large software delivery, and even know no difference between MySQL and Redis(maybe there is no necessity to know any long, but for alt cloud and AWS, it’s necessary to know the differences, it’s about to their business model). Especially in cryptography, ai can do copy sth, but can not really works as a phd intern to implement an algorithm from some paper correctly. Second thing is, which I think maybe not happened in the future, coding and testing actually take less than 20% of the entire software development cycle, but currently, coding time may be cut to 10%, but reviewing may takes more 50%, relatively it’s hard to say it really save much time as expected (50%) to build a production ready applications.

Is Traditional Software Engineering Dead? “Does this mean that traditional software engineering is dead? Absolutely not. Software engineers—even the ones who are not necessarily tuning or training AI models—these are now among the most leveraged people on earth. Sure, the guys who are training and tuning models are even more leveraged because they’re building the tool set that software engineers are using. But software engineers still have two massive advantages on you. First, they think in code, so they actually know what’s going on underneath. And all abstractions are leaky. So when you have a computer programming for you—when you have Claude Code or equivalent programming for you—it’s going to make mistakes. It’s going to have bugs. It’s going to have suboptimal architecture. So it’s not going to be quite right. And someone who understands what’s going on underneath will be able to plug the leaks as they occur. So if you want to build a well-architected application, if you want to be able to even specify a well-architected application, if you want to be able to make it run at high performance, if you want it to do its best, if you want to catch the bugs early, then you’re going to want to have a software engineering background. The traditional software engineer is going to be able to use these tools much better. And there are still many kinds of problems in software engineering that are out of scope for these AI programs today. The easiest way to think about those is problems that are outside of their data distribution. For example, if they need to do a binary sort or reverse a linked list, they’ve seen countless examples of that, so they’re extremely good at it. But when you start getting out of their domain—where you have to write very high-performance code, when you’re running on architectures that are novel or brand new, when you’re actually creating new things or solving new problems, then you still need to get in there and hand code it. At least until either there are so many of those examples that new models can be trained on them, or until these models can sufficiently reason at even higher levels of abstraction and crack it on their own… And remember: there is no demand for average. The average app—nobody wants it, at least as long as it’s not filling some niche that is filled by a superior app. The app that is better will win essentially a hundred percent of the market. Maybe there’s some small percentage that will bleed off to the second-best app because it does some little niche feature better than the main app, or it’s cheaper, or something of the sort. But generally speaking, people only want the best of anything. So the bad news is there’s no point in being number two or number three—like in the famous Glengarry Glen Ross scene where Alec Baldwin says, “First place gets a Cadillac Eldorado, second place gets a set of steak knives, and third place you’re fired.” That’s absolutely true in these winner-take-all markets. That’s the bad news: You have to be the best at something if you want to win. However, the set of things you can be best at is infinite. You can always find some niche that is perfect for you, and you can be the best at that thing. This goes back to an old tweet of mine where I said, “Become the best in the world at what you do. Keep redefining what you do until this is true.” And I think that still applies in this age of AI.”

@fede_intern @Zac_Aztec @ClementWalter @zkGaylord @diego_aligned @VitalikButerin @alexhooketh @GeoffreyHuntley @eth_proofs Ai can copy from some solid implementation. The difference is if you need ai to do sth different.

Nobody said it's hard to generate a zkVM with AI. A junior could vibe one out in a weekend. The question is whether it's sound. AI is very good at generating plausible looking constraint systems with subtle unsound bugs that pass every test you throw at it and get exploited six months after mainnet. The point isn't that AI can't write constraint systems, it's that it writes subtly broken ones with a smile. Calling this a skill issue is exactly the kind of confidence that ends up in a post mortem.

This is quite an impressive experiment. Vibe-coding the entire 2030 roadmap within weeks. Obviously such a thing built in two weeks without even having the EIPs has massive caveats: almost certainly lots of critical bugs, and probably in some cases "stub" versions of a thing where the AI did not even try making the full version. But six months ago, even this was far outside the realm of possibility, and what matters is where the trend is going. AI is massively accelerating coding (yesterday, I tried agentic-coding an equivalent of my blog software, and finished within an hour, and that was using gpt-oss:20b running on my laptop (!!!!), kimi-2.5 would have probably just one-shotted it). But probably, the right way to use it, is to take half the gains from AI in speed, and half the gains in security: generate more test-cases, formally verify everything, make more multi-implementations of things. A collaborator of the @leanethereum effort managed to AI-code a machine-verifiable proof of one of the most complex theorems that STARKs rely on for security. A core tenet of @leanethereum is to formally verify everything, and AI is greatly accelerating our ability to do that. Aside from formal verification, simply being able to generate a much larger body of test cases is also important. Do not assume that you'll be able to put in a single prompt and get a highly-secure version out anytime soon; there WILL be lots of wrestling with bugs and inconsistencies between implementations. But even that wrestling can happen 5x faster and 10x more thoroughly. People should be open to the possibility (not certainty! possibility) that the Ethereum roadmap will finish much faster than people expect, at a much higher standard of security than people expect. On the security side, I personally am excited about the possibility that bug-free code, long considered an idealistic delusion, will finally become first possible and then a basic expectation. If we care about trustlessness, this is a necessary piece of the puzzle. Total security is impossible because ultimately total security means exact correspondence between lines of code and contents of your mind, which is many terabytes (see firefly.social/post/x/2025653… ). But there are many specific cases, where specific security claims can be made and verified, that cut out >99% of the negative consequences that might come from the code being broken.

@btcplusplus Haha, an interesting explanation to MIPS

“MIPS stands for Marmot’s Ingenious PlanS” protocol for sending group encrypted messages github.com/marmot-protoco…

“cryptography actually works for privacy” Max Hilebrand from @whitenoisechat giving a great history lesson on encrypted chat projects

@is_llll @KKaWSB 是的。实际上更准确的说是llm里面有了个人的全局embedding。这个我理解在法律层面还不能定义为隐私。

@KKaWSB 这种技术感觉几十年前就有了，比如贝叶斯定理一个很经典的应用示例就是拿来分类共和党和民主党的发言稿。

🚨一篇论文终结了"互联网匿名神话"。 ETH Zurich实验新论文：大语言模型提取你的发帖特征→语义搜索→推理比对，全程自动化。 拿到Hacker News论坛测试，用户识别率67%，精确度90%。 不需要FBI，不需要黑客技术，只需要API调用搞定。 技术门槛归零的代价，是隐私彻底暴露。