ZK Insights | 9th June 2024

The State of Security Tools for ZKPs

• https://www.zksecurity.xyz/blog/posts/zksecurity-tools/

Circle STARKs: Part I, Mersenne

• https://www.zksecurity.xyz/blog/posts/circle-starks-1/

Understanding Jolt: Clarifications and reflections by Justin Thaler

Justin Thaler explored four areas in Lasso and Jolt: 

(1) the relationship between the sum-check protocol and the Binius commitment scheme, 

(2) the role of sum-check and lookups in Jolt, 

(3) elliptic curves versus hashing, and 

(4) precompiles as they relate to zkVMs.

Justin Thaler 在 Lasso 和 Jolt 中探讨了四个方面：

（1）求和检查协议与 Binius 承诺方案之间的关系，

（2）求和检查和查找在 Jolt 中的作用，

（3）椭圆曲线与哈希的比较，

（4）预编译与零知识虚拟机（zkVM）的关系。

• https://a16zcrypto.com/posts/article/understanding-jolt-clarifications-and-reflections/

BrainSTARK

This tutorial teaches the reader how to design a Turing-complete zk-STARK engine, consisting of a virtual machine, prover, and verifier. Brainfuck was chosen as the target language due to its well-known and simple instruction set, but the design patterns introduced in this tutorial generalize to arbitrary instruction set architectures.

本教程教读者如何设计一个图灵完备的 zk-STARK 引擎，包括虚拟机、证明者和验证者。选择 Brainfuck 作为目标语言是因为它具有众所周知且简单的指令集，但本教程介绍的设计模式可以推广到任意指令集架构。

• https://aszepieniec.github.io/stark-brainfuck/index

Bivariate Kate-Zaverucha-Goldberg (KZG) Constant-Sized Polynomial Commitments

This article presents a variant of the KZG commitment, the bivariate KZG commitment, which allows us to commit to polynomials with two variables.

PolyhedraZK 在这篇笔记中描述了二元 KZG 承诺，可以支持双变量的多项式承诺和验证。笔记简洁易懂。

• https://github.com/PolyhedraZK/blogs/blob/main/bi-kzg.md

zkStudyClub - Reef: Fast Succinct Non-Interactive ZK Regex Proofs (Eli Margolin, Jess Woods: UPenn)

• https://www.youtube.com/watch?v=68-BuxRR-EA

• https://eprint.iacr.org/2023/1886

zkSecurity x Bain Capital Crypto Whiteboards: Unveiling the Power of Multi-Party Computation

• https://www.zksecurity.xyz/blog/posts/mpc/

noname meets Ethereum: Integration with SnarkJS

• https://www.zksecurity.xyz/blog/posts/noname-r1cs/

Scaling Bitcoin for mass use: A realistic vision by Eli Ben-Sasson

Starknet can become a single layer that settles on both Bitcoin and Ethereum.

Starknet 可以成为在比特币和以太坊上结算的单一层。

• https://starkware.co/scaling-bitcoin-for-mass-use/

HyperNova was accepted to appear at CRYPTO’24

Made several improvements. A significant addition is achieving ZK while only using a non-zk SNARK. This means an on-chain verifier can continue to verify sum-check messages in plaintext while being truly ZK! Eprint updating soon!

做了几项改进。一个重要的新增内容是，仅使用 non-zk SNARK 也能实现零知识。这意味着链上验证者可以继续以明文验证 sum-check 消息，同时保持真正的零知识！Eprint 即将更新！

知名 Folding 方案，Kothapalli 和 Setty 的著名成果，本次确定被密码学顶会 CRYPTO’24接收发表。实现了对 CCS 约束的增量计算的递归证明。可以被推广到 Plonkish, R1CS, 和AIR 约束。HyperNova 的优势在于复杂度上的大量优化，证明的每一步的主要复杂度来源于单个 MSM，其大小等于约束系统中的变量数。另外本文还提出了 nlookup，一个查找证明，特别适用于基于 Folding 方案的递归证明。

• https://eprint.iacr.org/2023/573.pdf

Noir v0.30.0 update

重要变更:

  1.从 ACIR 中移除  Opcode::Brillig 

  2. AES 黑盒

• https://github.com/noir-lang/noir/releases/tag/v0.30.0

Analyzing and Benchmarking ZK-Rollups

This paper offers a theoretical and empirical examination aimed at comprehending and evaluating ZK-Rollups, with particular attention to ZK-EVMs. 

本文提供了一份理论和实证研究，旨在理解和评估 ZK-Rollups，特别是关注 ZK-EVMs。

Stefanos Chaliasos 在 zk-Bench 之后关于零知识证明实施的又一个 Benchmark 研究，该研究主要关注 ZK-Rollups 的设计和实施，论文前半部分主要关注设计上的分析，后半部分对 Polygon zkEVM 和 zkSync Era 进行了一些实验和测试。

• https://eprint.iacr.org/2024/889

zkCross: A Novel Architecture for Cross-Chain Privacy-Preserving Auditing

Proposes zkCross, a novel two-layer cross-chain architecture equipped with three cross-chain protocols to achieve privacy-preserving cross-chain auditing.

提出了 zkCross，这是一种新颖的两层跨链架构，配备了三种跨链协议，以实现隐私保护的跨链审计。

• https://eprint.iacr.org/2024/888

Security of Fixed-Weight Repetitions of Special-Sound Multi-Round Proofs

• https://eprint.iacr.org/2024/884

Epistle: Elastic Succinct Arguments for Plonk Constraint System

提出了 Epistle，这是一种用于 Plonk 约束系统的弹性 SNARK。对于大小为 N 的实例，在时间高效配置中，证明者使用  的加密操作和  的内存；在空间高效配置中，证明者使用  的加密操作和  的内存。与 Gemini 相比，这种方法将空间高效证明者的渐进时间复杂度减少了一个  的因子。我们使用的关键技术是使 HyperPlonk 提供的多变量 PIOP 工具箱具有弹性。

• https://eprint.iacr.org/2024/872

Cryptanalysis of Algebraic Verifiable Delay Functions

Analyze the security of these algebraic VDF candidates.  In particular, shows that the latency of exponentiation can be reduced using parallel computation, against the preliminary assumptions.

分析这些代数 VDF 候选方案的安全性。特别是，表明可以使用并行计算来减少指数运算的延迟，这与初步假设相反。

• https://eprint.iacr.org/2024/873

On cycles of pairing-friendly abelian varieties

Generalizes the notion of cycles of pairing-friendly elliptic curves to study cycles of pairing-friendly abelian varieties, with a view towards realizing more efficient pairing-based SNARKs.

将 pairing-friendly 的椭圆曲线循环的概念推广到 pairing-friendly abelian varieties 循环的研究，旨在实现更高效的基于  pairing 的 SNARKs。

• https://eprint.iacr.org/2024/869

Loquat: A SNARK-Friendly Post-Quantum Signature based on the Legendre PRF with Applications in Ring and Aggregate Signatures

Designs and implements a novel NARK-friendly post-quantum signature scheme based on the Legendre PRF, named Loquat.

设计并实现了一种基于 Legendre PRF 的适用于 NARK 的创新后量子签名方案，命名为 Loquat。

• https://eprint.iacr.org/2024/868

Collaborative, Segregated NIZK (CoSNIZK) and More Efficient Lattice-Based Direct Anonymous Attestation

Defines collaborative, segregated, non-interactive zero knowledge (CoSNIZK). This notion generalizes the property of collaborative zero-knowledge so that the zero-knowledge property need only apply to a subset of provers during collaborative proof generation. The main contribution is the construction of a DAA based on the hardness of problems over module lattices as well as the ISISf assumption.

定义了协作、分离的非交互零知识（CoSNIZK）。这一概念推广了协作零知识的性质，使得零知识性质只需要在协作证明生成过程中应用于一部分证明者。主要贡献是基于模块格问题的难度以及 ISISf 假设构建了一种 DAA。

• https://eprint.iacr.org/2024/864

Novel approximations of elementary functions in zero-knowledge proofs

In ZKP, all algebraic functions are exactly computable. Recognizing that, proceeds to the approximation of transcendental functions with algebraic functions. 

在零知识证明中，所有代数函数都是完全可计算的。认识到这一点后，继续使用代数函数来逼近超越函数。

• https://eprint.iacr.org/2024/859

Generalized Indifferentiable Sponge and its Application to Polygon Miden VM

• https://eprint.iacr.org/2024/911

Dark pool 

Dark Pool 可以理解为一类平台的统称，这些平台使用增强隐私的技术，允许用户在不透露其身份或交易细节的情况下进行资产交易。下面的第一篇文章介绍了如何使用（门限）完全同态加密（Threshold Fully Homomorphic Encryption, TFHE）来构造一个暗黑的 Dark Pool，即使 Dark Pool 的运营者也无法查看订单详情。第二篇文章是对 Dark Pool 的一些介绍和延展。

• https://blog.sunscreen.tech/building-a-truly-dark-dark-pool-2/

• https://distributedresearch.substack.com/p/diving-into-dark-pools

ZKM’s Proving Service   

ZKM 宣布发布其独家的证明服务，为开发人员提供高性能服务器的访问，这些服务器能够有效地处理生成零知识证明的密集计算要求。该服务专门针对 zkMIPS 进行了优化，zkMIPS 用于促进将 ZKP 功能集成到各种应用程序中。    

• https://www.zkm.io/blog/zkms-proving-service-breaking-down-the-barriers-for-proof-generation