ZK Hints
Daily Digest 每日摘要 View All 查看全部
Zou et al. propose ZeroOS, a universal modular library OS for zkVMs, allowing vApp developers to link only the required Linux ABI subset, reducing trusted computing base and unifying the zkVM ecosystem. Zou等人在论文中提出了一种用于zkVM的通用模块化库操作系统ZeroOS,允许vApp开发者仅链接所需Linux ABI子集,减少可信计算基并统一zkVM生态系统。
Key Points: 要点:
- • ZeroOS addresses compatibility issues in zkVMs where modern programs depend on operating systems and libc. ZeroOS解决了zkVM中现代程序依赖操作系统和libc的兼容性问题
- • Traditional approaches create unikernels through language runtime branches, causing version hell and large trusted computing bases. 传统方法通过特定语言运行时分支创建unikernels,导致版本地狱和过大可信计算基
- • ZeroOS allows vApp developers to link only the required Linux ABI subset, reducing attack surface. ZeroOS允许vApp开发者仅链接所需Linux ABI子集,减少攻击面
- • Any zkVM team can easily integrate by writing a ZeroOS bootloader, reducing maintenance burden. 任何zkVM团队可通过编写ZeroOS引导程序轻松集成,降低维护负担
- • This approach unifies the zkVM ecosystem, consolidating development and audit resources. 该方案统一zkVM生态系统,整合开发和审计资源
- • ZeroOS is open-sourced with ready-to-use toolchains, improving vApp development efficiency. ZeroOS已开源,支持现成工具链,提升vApp开发效率
Zakharov et al. proposed a zkML framework Bionetta based on UltraGroth, significantly improving the proof efficiency of custom neural networks and supporting client-side proofs on mobile devices. Zakharov等人在论文中提出了一种基于UltraGroth的zkML框架Bionetta,显著提升了自定义神经网络的证明效率,支持在移动设备上运行客户端证明。
Key Points: 要点:
- • Bionetta based on UltraGroth protocol, optimizing zkML proof performance Bionetta基于UltraGroth协议,优化了zkML的证明性能
- • Supports custom neural networks on mobile devices for client-side proofs 支持自定义神经网络在移动设备上进行客户端证明
- • Significantly improves proof time compared to EZKL, Lagrange's deep-prove, etc. 证明时间相比EZKL、Lagrange的deep-prove等工具显著缩短
- • Deployable on native EVM smart contracts, without large proof scale and verification overhead 可部署于原生EVM智能合约,无需过大证明规模和验证开销
- • One-time preprocessing steps (circuit compilation, trusted setup) cost increase 一次性预处理步骤(电路编译、可信设置)成本增加
- • Suitable for client-side machine learning applications requiring privacy protection 适用于需要隐私保护的客户端机器学习应用场景
Kudinov et al. comprehensively analyzed the application of hash-based signature schemes to Bitcoin in the paper , significantly improving the performance of schemes like SPHINCS+ by optimizing parameters and limiting the number of signatures. Kudinov等人在论文中全面分析了基于哈希的签名方案在比特币中的应用,通过优化参数和限制签名数量,显著提升了SPHINCS+等方案的性能。
Key Points: 要点:
- • Hash-based signature schemes depend on hash function assumptions, compatible with Bitcoin's existing design, making them a potential post-quantum alternative 基于哈希的签名方案依赖哈希函数假设,与比特币现有设计兼容,是潜在的后量子替代方案
- • By optimizing parameters and limiting the number of signatures per public key, significantly reducing signature size and improving efficiency 通过参数优化和限制每公钥签名数量,显著减小了签名大小,提升了效率
- • Applied SPHINCS+C, TL-WOTS-TW, PORS+FP, etc., outperforming standardized SPHINCS+ (SLH-DSA) 应用了SPHINCS+C、TL-WOTS-TW、PORS+FP等最新优化技术,优于标准化的SPHINCS+(SLH-DSA)
- • Discussed limitations in practical applications such as key derivation, multi-signature, and threshold signature 讨论了密钥派生、多重签名和阈值签名等应用的局限性
- • Provided public scripts to ensure the reproducibility and transparency of the research 提供了公开脚本以确保研究的可复现性和透明度
- • Focused on Bitcoin, providing practical guidance for post-quantum cryptography deployment in blockchain 专注于比特币特定需求,为后量子密码学在区块链中的部署提供实用指导
Justin Thaler analyzed the threat of quantum computing to blockchains in blog, clarifying the different risks of encryption and signatures under HNDL attacks, and discussing the quantum security of zkSNARKs. Justin Thaler在博文中分析了量子计算对区块链的威胁,澄清了加密和签名在HNDL攻击下的不同风险,并讨论了zkSNARKs的量子安全性。
Key Points: 要点:
- • HNDL attacks make post-quantum encryption deployment urgent, but signatures are not affected, migration can be delayed HNDL攻击使后量子加密部署紧迫,但签名无此风险,迁移可延迟
- • zkSNARKs' zero-knowledge properties are post-quantum secure, with no HNDL attack threat zkSNARKs的零知识属性后量子安全,无HNDL攻击威胁
- • Quantum computers cannot break encryption in the short term, CRQC may take decades to achieve 量子计算机短期内无法破解加密,CRQC需数十年才可能实现
- • Post-quantum signatures have high performance overhead and implementation risks, requiring careful migration 后量子签名性能开销大,实施风险高,需审慎迁移
- • Enterprises should prioritize solving more urgent security issues, such as code vulnerabilities 企业应优先解决更紧迫的安全问题,如代码漏洞
- • Hybrid encryption schemes (e.g., ML-KEM+X25519) can balance security and performance 混合加密方案(如ML-KEM+X25519)可平衡安全与性能
Fenzi and Sanso analyzed the security of small-field hash-based SNARGs, proposing a general attack method, indicating that their actual security is lower than expected, affecting existing deployment systems. Fenzi和Sanso在论文中分析了小域哈希SNARG的安全性,提出通用攻击方法,指出其实际安全性低于预期,影响现有部署系统。
Key Points: 要点:
- • The security of small-field hash-based SNARGs relies on the combination of proximity error and list size parameters of linear codes. 小域哈希SNARG的安全性依赖线性码的距离保持误差和列表大小两个组合参数
- • Existing deployment systems operate under capacity mechanism, but security may be overestimated. 现有部署系统在容量机制下操作,但安全性可能被高估
- • The research proposes a general attack method, and the success probability depends on the list size parameter. 研究提出通用攻击方法,其成功概率取决于列表大小参数
- • Analysis of extension codes in small fields shows that combining lower bounds leads to strong attacks. 对扩展码在小基域上的分析显示组合下界会导致强攻击
- • This challenges the optimistic assumption of the near-gap conjecture, affecting actual deployment systems. 这挑战了接近间隙猜想的乐观假设,影响实际部署系统
- • The research provides important references for Ethereum Proximity Prize and security evaluation. 研究为Ethereum Proximity Prize等安全评估提供重要参考
@class_lambda team shared the optimization implementation of the Sumcheck protocol in blog, introducing the SVO and Eq-Poly optimization strategies based on the BDDT paper and their application in the Whir-P3 code library. @class_lambda 团队在博客中分享了Sumcheck协议的优化实现,详细介绍了基于BDDT论文的SVO和Eq-Poly优化策略及其在Whir-P3代码库中的应用。
Key Points: 要点:
- • BDDT optimization delays extension field operations, converting expensive 𝔩𝔩 operations to more base field 𝔰𝔰 operations, improving performance BDDT优化通过延迟扩展域运算,将昂贵的𝔩𝔩操作转换为更多基础域𝔰𝔰操作,提升性能
- • SVO uses Lagrange interpolation to replace polynomial expansion, reducing pre-computation cost from exponential to polynomial SVO利用拉格朗日插值替代多项式展开,降低预计算成本从指数级到多项式级
- • Eq-Poly optimization based on Gruen method, splitting and reducing 𝔩𝔩 multiplications for eq polynomials Eq-Poly优化基于Gruen方法,通过拆分和减少𝔩𝔩乘法处理eq多项式
- • Two-stage strategy: first 3 rounds use SVO, subsequent rounds apply Algorithm 5 实现采用两阶段策略:前3轮使用SVO,后续轮次应用Algorithm 5
- • Optimization is targeted at base field such as Baby Bear, with significant higher extension field operation cost 优化针对基础域如Baby Bear,扩展域运算成本显著高于基础域
- • 代码实现强调与理论概念的一对一映射,便于理解核心逻辑
PSE's zkID team proposed OpenAC, a decentralized identity scheme based on ZKP, to enhance user privacy protection and identity authentication security. PSE的zkID团队在论文中提出了基于ZKP的去中心化身份方案OpenAC,旨在增强用户隐私保护和身份验证安全性。
Key Points: 要点:
- • OpenAC adds anonymity and selective disclosure without changing issuers. OpenAC 在不改 Issuer 的前提下提供匿名与选择性披露。
- • A Prepare–Show split moves heavy work offline to cut online cost. Prepare–Show 结构将重计算离线化以降低在线成本。
- • Hyrax commitments enable hiding, binding, and unlinkability via re-randomization. Hyrax 承诺用于隐藏、绑定与重随机化避免链接。
- • Built on transparent zk-Spartan with no trusted setup. 基于透明 zk-Spartan,无需 trusted setup。
- • Show proofs run ~100 ms and ~40 KB on mobile. Show 证明移动端约 100ms、40KB。
- • Compatible with SD-JWT/mDL and EUDI ARF, with room for PQ upgrades. 兼容 SD-JWT/mDL 与 EUDI ARF,具 PQ 升级空间。
Bitan et al. proposed an extension of the sum-check protocol for approximate computations, using the metric structure of low-degree polynomials, supporting adjustable error parameters, and analyzing the security under Fiat-Shamir transformation. Bitan等人在论文中提出了一种近似计算的sum-check协议扩展,利用低度多项式的度量结构,支持可调误差参数,并分析了Fiat-Shamir变换下的安全性。
Key Points: 要点:
- • Protocol extends sum-check for approximate computations, supporting adjustable error parameters δ 协议扩展sum-check以处理近似计算,支持可调误差参数δ
- • Soundness error gracefully decreases with δ/Δ, validators may reject with initial error Δ large 可靠性误差随δ/Δ优雅下降,初始误差Δ大时验证者更易拒绝
- • Utilizes the metric structure of low-degree polynomials, distinct from classic algebraic methods 利用低度多项式的度量结构,区别于经典代数方法
- • Natural instantiation over complex numbers, analysis based on polynomial behavior on the unit circle 复数域实例化最自然,分析基于单位圆上的多项式行为
- • New intermediate security phenomena appear under Fiat-Shamir transformation, related to approximation Fiat-Shamir变换下出现新的中间安全现象,与近似相关
- • Achieves black-box feasibility, compiler independent of arithmetic operations, only needing to satisfy error bounds 实现黑盒可行性,编译器独立于算术操作实现,仅需满足误差界
Arnon et al. proposed a publicly verifiable SNARG, which only contains two group elements and no additional bits, achieving the minimum proof size in GGM + ROM, and establishing a lower bound for single group element SNARGs. Arnon等人提出了一种公开可验证SNARG,证明仅含两个群元素且无额外比特,在GGM + ROM中实现最小证明尺寸,并建立了单群元素SNARG的下界。
Key Points: 要点:
- • Proposed the first publicly verifiable SNARG, which only contains two group elements and no additional bits, achieving the minimum proof size in GGM + ROM, and establishing a lower bound for single group element SNARGs. 提出首个公开可验证SNARG,证明仅两个群元素,无额外比特
- • Achieves the minimum proof size in GGM + ROM, with BLS12-381 instance size of 768 bits 在GGM + ROM中实现最小证明尺寸,BLS12-381实例下为768比特
- • Tight security analysis with no hidden security losses 安全性分析紧密,无隐藏安全损失
- • Establishes a new lower bound: single group element SNARGs are impossible in GGM + ROM 建立新下界:单群元素SNARG在GGM + ROM中不可行
- • Proof size is nearly twice that of existing schemes, but not yet specifically efficient 证明尺寸较现有方案提升近2倍,但尚未具体高效
- • Paves the way for future practical instantiation, reinforcing Groth's lower bound 为未来实用实例化铺平道路,强化了Groth的下界