sinu

This year I will try to communicate more. Here is what motivates me to work on @tlsnotary, which I consider to be working on @ethereum, and why I think it continues to be the best use of my time. you may now pass go tlsnotary.org/blog/2026/01/0…

Interesting! eprint.iacr.org/2026/925

@hackerdocc @tlsnotary Very roughly speaking, SpeakUp uses VOLE ZK which size + time scales linearly with small constants. Ligero size is sublinear and time superlinear with larger constants.

@tlsnotary how does it compare to ligero's mpc-in-the-head approach? (in terms of proof size and time)

SpeakUp is built for exactly the setting TLSNotary operates in: a low-power device running the prover, online with a designated verifier. A fast client-side zkVM is the missing piece for scaling web proofs.

@pratiks_crypto @tlsnotary Yes!

@tlsnotary Is it based on Quicksilver?

@sug0x0 @PrivacyEthereum VOLEith has higher prover cost and larger proofs because it can't use LPN-based VOLE generation. SpeakUp is targeting the designated verifier setting, and interaction is not an issue

@PrivacyEthereum this doesn't need to be interactive, right? VOLE-in-the-head, as used in FAEST, is non-interactive

SpeakUp: a new zkVM we're prototyping for private, client-side proving of WebAssembly programs - built to run on low power devices such as mobile phones and browsers. The underlying proof system explore different tradeoffs for different use cases from mainstream zkVMs. SpeakUp is interactive, and uses vector oblivious linear evaluation (VOLE), which provides a fast linear-time prover and post-quantum security at the cost of larger proofs. See the early design draft below, we're looking for public feedback 👇 pse.dev/blog/introduci…

Who's your #1 Spotify artist? Prove it onchain. We pay the gas.

@thefrozenfire @ViktorBunin thought this was a runeword

@ViktorBunin Zeh-ro naw-led-juh

zed-kay technology

as of last friday, I no longer work at the EF nothing but respect for the brilliant people i worked with over the last 5 years on network upgrades + funding efforts I intend to continue working on @ProtocolGuild and Ethereum political economy as long as funding is available

@colludingnode the question is "does this need to be publicly verifiable?". The answer is almost always no. Money and identity covers most of it

If you are using blockchain for something besides unstoppable private money, you are trying to repurpose the tech for a problem better solved by different tech, and will eventually fail at whatever you're doing

Here are my @eth_proofs Beast mode slides: leonardoalt.github.io/talk-powdr-was… tl;dr ZK WebAssembly gud, about to be even faster

I already pledged to CROPS in January tlsnotary.org/blog/2026/01/0…

I've been saying this: WASM + custom ISA is how we employ compilers to make general purpose zkVMs even faster. Now we can prove it.

I was recently at Real World Crypto (that's crypto as in cryptography) and the associated side events, and one thing that struck me was that it was a clarifying experience in terms of understanding *what blockchains are for*. We blockchain people (myself included) often have a tendency to start off from the perspective that we are Ethereum, and therefore we need to go around and find use cases for Ethereum - and generate arguments for why sticking Ethereum into all kinds of places is beneficial. But recently I have been thinking from a different perspective. For a moment, let us forget that we are "the Ethereum community". Rather, we are maintainers of the Ethereum tool, and members of the {CROPS (censorship-resistant, open-source, private, secure) tech | sanctuary tech | non-corposlop tech | d/acc | ...} community. Going in with zero attachment to Ethereum specifically, and entering a context (like RWC) where there are people with in-principle aligned values but no blockchain baggage, can we re-derive from zero in what places Ethereum adds the most value? From attending the events, the first answer that comes up is actually not what you think. It's not smart contracts, it's not even payments. It's what cryptographers call a "public bulletin board". See, lots of cryptographic protocols - including secure online voting, secure software and website version control, certificate revocation... - all require some publicly writable and readable place where people can post blobs of data. This does not require any computation functionality. In fact, it does not directly require money - though it does _indirectly_ require money, because if you want permissionless anti-spam it has to be economic. The only thing it _fundamentally_ requires is data availability. And it just so happened that Ethereum recently did an upgrade (PeerDAS) to increase the amount of data availability it provides by 2.3x, with a path to going another 10-100x higher! Next, payments. Many protocols require payments for many reasons. Some things need to be charged for to reduce spam. Other things because they are services provided by someone who expends resources and needs to be compensated. If you want a permissionless API that does not get spammed to death, you need payments. And Ethereum + ZK payment channels (eg. ethresear.ch/t/zk-api-usage… ) is one of the best payment systems for APIs you can come up with. If you are making a private and secure application (eg. a messenger, or many other things), and you do not want to let people to spam the system by creating a million accounts and then uploading a gigabyte-sized video on each one, you need sybil resistance, and if you care about security and privacy, you really should care about permissionless participation (ie. don't have mandatory phone number dependency). ETH payment as anti-sybil tool is a natural backstop in such use cases. Finally, smart contracts. One major use case is _security deposits_: ETH put into lockboxes that provably get destroyed if a proof is submitted that the owner violated some protocol rule. Another is actually implementing things like ZK payment channels. A third is making it easy to have pointers to "digital objects" that represent some socially defined external entity (not necessarily an RWA!), and for those pointers to interact with each other. *Technically*, for every use case other than use cases handling ETH itself, the smart contracts are "just a convenience": you could just use the chain as a bulletin board, and use ZK-SNARKs to provide the results of any computations over it. But in practice, standardizing such things is hard, and you get the most interoperability if you just take the same mechanism that enables programs to control ETH, and let other digital objects use it too. And from here, we start getting into a huge number of potential applications, including all of the things happening in defi. --- So yes, Ethereum has a lot of value, that you can see from first principles if you take a step back and see it purely as a technical tool: global shared memory. I suspect that a big bottleneck to seeing more of this kind of usage is that the world has not yet updated to the fact that we are no longer in 2020-22, fees are now extremely low, and we have a much stronger scaling roadmap to make sure that they will continue to stay low, even if much higher levels of usage return. Infrastructure for not exposing fee volatility to users is much more mature (eg. one way to do this for many use cases is to just operate a blob publisher). Ethereum blobs as a bulletin board, ETH as an asset and universal-backup means of payment, and Ethereum smart contracts as a shared programming layer, all make total sense as part of a decentralized, private and secure open source software stack. But we should continue to improve the Ethereum protocol and infrastructure so that it's actually effective in all of these situations.

@thefrozenfire x.com/Al_Grigor/stat…

I don't often see people talk about using LLMs to manage infrastructure, so I'm going to post about this in the hope that Grok shows more of it to me.

@rel_zeta_tech Our goal is definitely not to have flexibility to replace the hash many times. We want a protocol that lasts. The main reason why I find anything elliptic curve uninteresting in 2026 pretty much is quantum risk. Don't want to deploy now and have to change again in 3-8 years.

@kelvinfichter @binji_x @AndyGuzmanEth @ThomasBertani I was looking at Oraclize for my very first project, well before I understood what TLSNotary actually was. Didn't rediscover it for another few years

@binji_x @sinu_eth @AndyGuzmanEth @ThomasBertani you were 10 years too early

TLSnotary is one of the most important AI projects out there, but you’re not ready to have that conversation. (use it to move your memory.md files across LLMs) kudos to @sinu_eth, @AndyGuzmanEth & the EF privacy team for bringing it to life and making it FOSS.

reputation loss would be baked into that cost term there are certainly censorship risks an application developer should consider, and there are mitigations available as well. My position is not "just use a TEE and it'll always be fine", but I do think the "trust issue" of zkTLS is often overstated and conflated with oracle problems.

TEEs are an excellent fit for many cases: basically anything with an exploit reward < cost of breaking TEE integrity. The trust can be moved from the application developer to some other authority, e.g. Intel, which is on par credibility wise to the data-origin. Why do you not see that as viable?

TLSNotary is a trustless 2-party protocol. There is no trusted notary, despite the name (historical artifact), unless the application adds one. The more precise critique is that it is not publicly verifiable, but rather 2-party, and that complicates cases where you might want that (i.e blockchain apps). That is the territory of attestations/oracles, which many blockchain applications already need. The integrity assurance of TEEs is more than satisfactory for many usecases.