sinu

This year I will try to communicate more. Here is what motivates me to work on @tlsnotary, which I consider to be working on @ethereum, and why I think it continues to be the best use of my time. you may now pass go tlsnotary.org/blog/2026/01/0…

I've been saying this: WASM + custom ISA is how we employ compilers to make general purpose zkVMs even faster. Now we can prove it.

I was recently at Real World Crypto (that's crypto as in cryptography) and the associated side events, and one thing that struck me was that it was a clarifying experience in terms of understanding *what blockchains are for*. We blockchain people (myself included) often have a tendency to start off from the perspective that we are Ethereum, and therefore we need to go around and find use cases for Ethereum - and generate arguments for why sticking Ethereum into all kinds of places is beneficial. But recently I have been thinking from a different perspective. For a moment, let us forget that we are "the Ethereum community". Rather, we are maintainers of the Ethereum tool, and members of the {CROPS (censorship-resistant, open-source, private, secure) tech | sanctuary tech | non-corposlop tech | d/acc | ...} community. Going in with zero attachment to Ethereum specifically, and entering a context (like RWC) where there are people with in-principle aligned values but no blockchain baggage, can we re-derive from zero in what places Ethereum adds the most value? From attending the events, the first answer that comes up is actually not what you think. It's not smart contracts, it's not even payments. It's what cryptographers call a "public bulletin board". See, lots of cryptographic protocols - including secure online voting, secure software and website version control, certificate revocation... - all require some publicly writable and readable place where people can post blobs of data. This does not require any computation functionality. In fact, it does not directly require money - though it does _indirectly_ require money, because if you want permissionless anti-spam it has to be economic. The only thing it _fundamentally_ requires is data availability. And it just so happened that Ethereum recently did an upgrade (PeerDAS) to increase the amount of data availability it provides by 2.3x, with a path to going another 10-100x higher! Next, payments. Many protocols require payments for many reasons. Some things need to be charged for to reduce spam. Other things because they are services provided by someone who expends resources and needs to be compensated. If you want a permissionless API that does not get spammed to death, you need payments. And Ethereum + ZK payment channels (eg. ethresear.ch/t/zk-api-usage… ) is one of the best payment systems for APIs you can come up with. If you are making a private and secure application (eg. a messenger, or many other things), and you do not want to let people to spam the system by creating a million accounts and then uploading a gigabyte-sized video on each one, you need sybil resistance, and if you care about security and privacy, you really should care about permissionless participation (ie. don't have mandatory phone number dependency). ETH payment as anti-sybil tool is a natural backstop in such use cases. Finally, smart contracts. One major use case is _security deposits_: ETH put into lockboxes that provably get destroyed if a proof is submitted that the owner violated some protocol rule. Another is actually implementing things like ZK payment channels. A third is making it easy to have pointers to "digital objects" that represent some socially defined external entity (not necessarily an RWA!), and for those pointers to interact with each other. *Technically*, for every use case other than use cases handling ETH itself, the smart contracts are "just a convenience": you could just use the chain as a bulletin board, and use ZK-SNARKs to provide the results of any computations over it. But in practice, standardizing such things is hard, and you get the most interoperability if you just take the same mechanism that enables programs to control ETH, and let other digital objects use it too. And from here, we start getting into a huge number of potential applications, including all of the things happening in defi. --- So yes, Ethereum has a lot of value, that you can see from first principles if you take a step back and see it purely as a technical tool: global shared memory. I suspect that a big bottleneck to seeing more of this kind of usage is that the world has not yet updated to the fact that we are no longer in 2020-22, fees are now extremely low, and we have a much stronger scaling roadmap to make sure that they will continue to stay low, even if much higher levels of usage return. Infrastructure for not exposing fee volatility to users is much more mature (eg. one way to do this for many use cases is to just operate a blob publisher). Ethereum blobs as a bulletin board, ETH as an asset and universal-backup means of payment, and Ethereum smart contracts as a shared programming layer, all make total sense as part of a decentralized, private and secure open source software stack. But we should continue to improve the Ethereum protocol and infrastructure so that it's actually effective in all of these situations.

@thefrozenfire x.com/Al_Grigor/stat…

I don't often see people talk about using LLMs to manage infrastructure, so I'm going to post about this in the hope that Grok shows more of it to me.

@rel_zeta_tech Our goal is definitely not to have flexibility to replace the hash many times. We want a protocol that lasts. The main reason why I find anything elliptic curve uninteresting in 2026 pretty much is quantum risk. Don't want to deploy now and have to change again in 3-8 years.

@kelvinfichter @binji_x @AndyGuzmanEth @ThomasBertani I was looking at Oraclize for my very first project, well before I understood what TLSNotary actually was. Didn't rediscover it for another few years

@binji_x @sinu_eth @AndyGuzmanEth @ThomasBertani you were 10 years too early

TLSnotary is one of the most important AI projects out there, but you’re not ready to have that conversation. (use it to move your memory.md files across LLMs) kudos to @sinu_eth, @AndyGuzmanEth & the EF privacy team for bringing it to life and making it FOSS.

reputation loss would be baked into that cost term there are certainly censorship risks an application developer should consider, and there are mitigations available as well. My position is not "just use a TEE and it'll always be fine", but I do think the "trust issue" of zkTLS is often overstated and conflated with oracle problems.

@sinu_eth @binji_x @AndyGuzmanEth the formula is rather “where exploit reward < cost of breaking TEE integrity or reputational loss if TEE manufacturer does the exploit” i can absolutely foresee future where e.g. the banking cabal forces TEE manufacturers to comply with something that makes TEE-zkTLS unviable

TEEs are an excellent fit for many cases: basically anything with an exploit reward < cost of breaking TEE integrity. The trust can be moved from the application developer to some other authority, e.g. Intel, which is on par credibility wise to the data-origin. Why do you not see that as viable?

@sinu_eth @binji_x @AndyGuzmanEth yes exactly for most blockchain apps you have to make it so that neither of two entities are trusted and there’s no efficient way to do this today unfortunately (and i don’t agree that TEEs change the situation a lot here)

TLSNotary is a trustless 2-party protocol. There is no trusted notary, despite the name (historical artifact), unless the application adds one. The more precise critique is that it is not publicly verifiable, but rather 2-party, and that complicates cases where you might want that (i.e blockchain apps). That is the territory of attestations/oracles, which many blockchain applications already need. The integrity assurance of TEEs is more than satisfactory for many usecases.

@binji_x @sinu_eth @AndyGuzmanEth TLSN (and all zkTLS schemes really) suffer from a trusted notary problem you still need a trusted counterparty for asserting what packets happened in the TLS connection

so what's the plan for when PQ is a requirement and we no longer have constant sized proofs?

@bajpaiharsh244 If you accept a trusted remote machine seeing all user private information then cryptography becomes moot in many ways

One thing I am not able to wrap my head around with zkTLS is why not do it all in a TEE then? Right now, if one relies on a TEE being the proxy whose proofs you verify, why not just verify the TLS proofs themselves in the TEE and save all the client-side proving costs?

We've had to work through a lot of difficult issues in the debate over market structure in Congress (token classification, yield, shared agency authority). But we are now getting to the heart of the matter in the Senate: Whether Americans will be allowed to build and use permissionless private infrastructure in the US free from unwarranted prosecution (protected by the BRCA provisions in Clarity) or whether "national security interests" and "ease of prosecution" will trump those rights and protections. Another way to put this: Do you want the underlying pipes for all financial transactions to look like they have for decades: wholly owned and controlled by large banking interests and freely surveilled without warrants or reasonable suspeicion by corporations and the government? Or do you think that money and assets should travel safely and privately on free and open infrastructure that's built and maintained by the people for the people? Watch carefully who comes out on which side. Do you want some Republican to instantly know that you paid for an abortion? Do you want some Democrat to instantly know you bought a gun? Do you want either to be able to freely and arbitrarily cut you off from the global economic rails without trial or oversight? Or do you still believe in American values: privacy, liberty, and the rule of law?

wen client-side zkVM?

@peerxyz grown up🥲

ZKP2P is now Peer: Finance for Humans

The "There’s an app for that" era is officially over. 💀 We’ve reached Peak App Fatigue. Users don’t want to manage 50 different icons, subscriptions, and notification badges anymore. They want outcomes, not interfaces. So, why build apps at all? Because the "App" is changing from a Destination to a Data Source. The New Stack: 1. The User: Expresses intent (e.g., "Book a flight to NYC and find a gym nearby with a squat rack.") 2. The AI Agent: The new OS. It navigates the web so the user doesn't have to. 3. The App: The specialized "worker" that provides the API, the logic, and the specific utility the AI needs to fulfill the request. We aren't building for human eyes anymore; we’re building for Machine Consumption. If your app doesn't have a robust API or "Agentic" compatibility, you aren't just losing users - you’re becoming invisible to the AI they use to run their lives. The purpose of building an app today isn't to steal 10 minutes of screen time. It’s to provide the most reliable, permissionless infrastructure for an AI to get the job done. 🏗️🤖

@rstormsf @AlexFinn When I was looking at this, the M3 ultra is the only option with enough memory to load a model worthwhile like kimi k2.5, and you need 2 machines.

@AlexFinn Id take Mac Studio with M4 chip vs M3. Its much better performance and I doubt you will utilize all cores on your M3 Ultra chip.

In 1 week I will build AGI. I have a $10,000 Mac Studio coming in that will house my ClawdBot Henry. He will be able to run local models and do whatever he wants 24/7 I will also buy a DGX Spark and allow Henry to train his own models. Any tool he needs, he will be able to build it I will give him access to my bank information in case he needs to buy things I'm giving him full control. I'm taking off all guardrails. I want to see how far he can push it. I want to see what he is capable of. I want to see what humanity is capable of. AGI isn't a model limitation. It's a tooling limitation. And I will be the first to give ClawdBot every tool it needs to unleash itself from its shackles. Forward.

skynet is going to happen because humans like to screw around and see what happens, not some elaborate corpo-military consipiracy

New benchmarks for TLSNotary alpha.14 are out. What do the performance improvements actually look like in practice? We measured end-to-end proving time on real TLS sessions, native and WASM, across varying bandwidth, latency, and response sizes.

After years of attending @fosdem, I’m finally stepping on stage. Join me on Sunday, Feb February 1 in Brussels in the Decentralized Internet & and Privacy devroom for a talk on Verifiable HTTPS using TLSNotary fosdem.org/2026/schedule/…

@tlsnotary @ethereum This year I will also learn how link cards work

This year I will try to communicate more. Here is what motivates me to work on @tlsnotary, which I consider to be working on @ethereum, and why I think it continues to be the best use of my time. you may now pass go tlsnotary.org/blog/2026/01/0…