ZK Hints
Daily Digest 每日摘要 View All 查看全部
@LayerZero_Core released Zero, a decentralized multi-core world computer using ZK proofs to decouple execution from verification, enabling a heterogeneous architecture with lightweight validators and aiming for 2 million TPS per Zone. @LayerZero_Core 发布了Zero,这是一种去中心化的多核世界计算机,利用ZK证明将执行与验证解耦,实现异构架构,支持轻量级验证器,目标达到每Zone 200万TPS。
Key Points: 要点:
- • Claimed to have proven one month of Ethereum blocks in 30s 据称在30秒内完成了一个月的以太坊区块验证
- • Zero decouples execution from verification via ZK proofs, eliminating redundant replay. Zero利用ZK证明解耦执行与验证,避免所有验证器重复执行交易
- • Heterogeneous architecture: lightweight validators + high-performance producers using Jolt prover. 异构架构:轻量验证器+高性能生产者,使用Jolt证明器
- • Targets 2M TPS per Zone, addressing state storage and parallel compute bottlenecks. 目标每Zone 200万TPS,解决状态存储与并行计算瓶颈
- • Atomicity Zones enable horizontally scalable concurrent execution. Atomicity Zones提供水平可扩展的并发执行环境
- • Aims to replace centralized cloud with decentralized infrastructure. 旨在提供去中心化基础设施,替代集中式云提供商
Wang et al. proposed the zkAgent system in their paper, enabling verifiable agent execution via one-shot complete LLM inference proofs, significantly improving efficiency and supporting end-to-end verification. Wang等人在论文中提出了zkAgent系统,通过一次性完整LLM推理证明实现可验证的智能体执行,显著提升证明效率并支持端到端验证。
Key Points: 要点:
- • First system for verifiable agent execution with full LLM inference and tool interactions zkAgent是首个支持完整LLM推理和工具交互验证的智能体系统
- • One-shot inference proof replaces token-by-token generation for scalable proving 一次性推理证明替代逐令牌生成,实现高效可扩展证明
- • 294× proving speedup vs zkGPT (1.05s/token vs 309s/token) 证明时间比zkGPT快294倍(1.05秒/令牌 vs 309秒/令牌)
- • 9690× verification speedup (0.45s vs 4361s) 验证时间减少9690倍(0.45秒 vs 4361秒)
- • End-to-end agent proofs in 240s, verification in ~0.5s 端到端智能体执行证明仅需240秒,验证约0.5秒
- • 42MB proof size enables practical real-world deployment 42MB证明大小使可验证智能体执行具备实际部署可行性
Khovratovich et al. proposed a novel hybrid compression method in their paper, enabling the use of two different hash functions in SNARK proofs to optimize both on-chain gas usage and prover time. Khovratovich等人在论文中提出了一种名为混合压缩的新方法,允许在SNARK证明中使用两种不同的哈希函数,以同时优化链上验证的gas消耗和证明生成时间。
Key Points: 要点:
- • Long statements in Groth16 are costly; hashing helps but is expensive in contracts or circuits Groth16中长 statement 成本高,哈希解决方案在合约或电路中开销大
- • Hybrid compression uses two hashes: one circuit-optimized, one for on-chain verification 混合压缩方法使用两种哈希:一种优化电路,一种优化链上验证
- • Defined joint UHF hardness and proved it in random oracle model 定义联合UHF硬度安全属性,在随机预言机模型中证明合理性
- • Benchmarks show near-optimal gas and prover time 基准测试显示gas消耗和证明时间均接近最优
- • 8KB statement: 10s prover time, 270K gas vs 290s (SHA-256) or 5M gas (Poseidon) 8KB statement 仅需10秒证明和270K gas,优于SHA-256的290秒或Poseidon的5M gas
- • Two-party protocol for cross-hash input equality with efficient communication 开发两方协议,高效检查使用不同哈希函数时的输入相等性
Bak et al. analyzed reduced instances of Poseidon and Poseidon2 hash functions in their paper, using a new resultant-based algebraic attack to successfully break multiple challenge instances and claim Ethereum Foundation bounties. Bak等人在论文中分析了Poseidon和Poseidon2哈希函数的简化实例,使用基于结果式(resultant)的新代数攻击方法成功破解多个挑战实例,并获得了以太坊基金会的赏金。
Key Points: 要点:
- • Ethereum Foundation issued bounty challenges for Poseidon and Poseidon2 hash functions in Nov 2024 以太坊基金会于2024年11月发布针对Poseidon和Poseidon2哈希函数的赏金挑战
- • Team successfully broke multiple reduced instances of Poseidon2-31m, Poseidon2-31k and Poseidon-256 研究团队成功破解Poseidon2-31m、Poseidon2-31k和Poseidon-256的多个简化实例
- • Used new resultant-based algebraic attack for Poseidon2 instances 对Poseidon2实例使用了基于结果式的新代数攻击方法
- • Used known univariate root finding for Poseidon-256 instances 对Poseidon-256实例使用了已知的单变量求根方法
- • All solutions except first Poseidon-256 instance confirmed eligible for bounties 除第一个Poseidon-256实例外,其他破解方案均被确认符合赏金条件
- • Research reveals potential security risks in reduced configurations of Poseidon hash functions 该研究揭示了Poseidon系列哈希函数在简化配置下的潜在安全风险
Kobeissi analyzes formally verified cryptographic libraries like libcrux and hpke-rs in the paper, highlighting verification boundary issues that allowed multiple security vulnerabilities. Kobeissi在论文中分析了Cryspen的libcrux和hpke-rs等宣称形式化验证的密码库,指出其存在验证边界问题,导致多个安全漏洞被忽略。
Key Points: 要点:
- • Formal verification is often marketed as highest assurance but has boundary issues. 形式化验证常被宣传为最高安全保证,但实际存在验证边界问题
- • Case study finds five vulnerabilities in Cryspen's libcrux and hpke-rs libraries. 案例研究揭示Cryspen的libcrux和hpke-rs库存在五个漏洞
- • Vulnerabilities include SHA-3 output failure, missing X25519 validation, nonce reuse. 漏洞包括SHA-3输出失败、X25519验证缺失、nonce重用等
- • Formal verification targets specific properties; needs complementary engineering practices. 形式化验证仅针对特定属性,需结合传统工程实践
- • Gap between marketing claims and engineering reality poses systemic risk. 营销声称的完整验证与工程现实间的差距构成系统性风险
- • Recommend precise communication of verification scope to avoid security theater. 建议精确沟通验证范围,避免形式化验证沦为安全剧场
Nguyen et al. proposed Hachi, a lattice-based multilinear polynomial commitment scheme in their paper, achieving square-root verification time and compact proofs (~55KB) by integrating Greyhound with ring-switching. Nguyen等人在论文中提出了Hachi,一种基于格的多线性多项式承诺方案,通过结合Greyhound与环切换技术,实现了验证时间的平方根复杂度提升和约55KB的紧凑证明。
Key Points: 要点:
- • Hachi offers poly(ℓ,λ) proof size and Õ(√2^ℓλ) verifier time for ℓ-variate polynomials under Module-SIS Hachi基于Module-SIS假设,为ℓ变量多项式提供poly(ℓ,λ)大小的证明和Õ(√2^ℓλ)验证时间
- • Achieves Õ(λ) asymptotic improvement over Greyhound, with 12.5x practical speedup 相比当前最优方案Greyhound,验证时间渐进改进Õ(λ),实际加速达12.5倍
- • Uses sumcheck protocol but addresses bottlenecks in lattice-based constructions 采用sumcheck协议优化验证,但标准sumcheck在格构造中存在效率瓶颈
- • Novel integration of Greyhound with ring-switching eliminates R_q multiplications for verifier 创新结合Greyhound与环切换技术,使验证器无需在R_q上进行乘法运算
- • Generic reduction converts extension field proofs to cyclotomic ring statements 引入通用归约,将扩展域F_{q^k}上的多项式求值证明转换为分圆环R_q上的等价陈述
- • Technique applicable to lattice-based SNARKs for faster verification 该技术可独立应用于构建基于格的SNARK,特别适用于实现更快验证
Block et al. proposed a field-agnostic SNARK based on expand-accumulate codes in their paper, addressing the limitation of existing schemes that rely on specific finite fields, with proof generation time as low as 0.23 seconds, two orders of magnitude faster than non-field-agnostic SNARKs. Block等人在论文中提出了一种基于扩展累积码的域无关SNARK,解决了现有方案依赖特定有限域的问题,证明生成时间仅需0.23秒,比非域无关方案快两个数量级。
Key Points: 要点:
- • Proposed a field-agnostic SNARK based on expand-accumulate codes, independent of specific finite fields 提出基于扩展累积码的域无关SNARK,不依赖特定有限域
- • Key technical contribution: proved these codes have constant rate and relative distance, solving an open problem 主要技术贡献:证明这些码具有恒定速率和相对距离,解决先前开放问题
- • Prover time O(M log M), proof size O(√M), with significant concrete efficiency improvements 证明者时间为O(M log M),证明大小为O(√M),具体效率显著提升
- • ECDSA verification on secp256k1 requires only 0.23s proof generation, 100x faster than non-field-agnostic SNARKs ECDSA验证在secp256k1曲线上证明生成仅需0.23秒,比非域无关方案快100倍
- • Compared to Brakedown, proof size reduced by 1.9-2.8x with only 1.2x overhead in prover time 相比Brakedown,证明大小减少1.9-2.8倍,证明者时间仅增加1.2倍开销
- • Features transparent setup and plausible post-quantum security, suitable for various practical applications 具有透明设置和潜在的后量子安全性,适用于多种实际应用场景
Fu et al. proposed the zkCraft framework in their paper, combining deterministic localization with proof search to detect semantic inconsistencies in ZK circuits, using LLM-guided mutation templates to improve edge-case coverage and reduce solver interaction costs. Fu等人在论文中提出了zkCraft框架,结合确定性定位与证明搜索来检测ZK电路语义不一致,利用LLM引导突变模板提升边缘案例覆盖,减少求解器交互成本。
Key Points: 要点:
- • ZK circuits are tricky due to tight witness-constraint coupling, causing subtle bugs. ZK电路因见证计算与约束紧密耦合而难以正确实现,易产生语义不一致
- • zkCraft uses R1CS-aware localization and proof search to catch under/over-constrained issues. zkCraft框架结合确定性R1CS感知定位与证明承载搜索,检测欠约束和过约束故障
- • Row-Vortex polynomials encode edits; Violation IOP replaces repeated solver checks with a proof. 将候选约束编辑编码为Row-Vortex多项式,用Violation IOP替代重复求解器查询,提供简洁证明
- • LLM-guided mutations target edge cases, keeping algebraic verification auditable. 确定性LLM驱动突变模板偏向探索边缘案例,同时保持可审计的代数验证
- • Tested on Circom, zkCraft finds diverse bugs, lowers false positives and solver costs. 在真实Circom代码评估中,证明承载定位检测多种故障,假阳性低,减少求解器交互成本
- • Links formal verification with automated debugging for scalable ZK circuit development. 该方法连接形式验证与自动调试,为稳健ZK电路开发提供可扩展路径
@AntoineFONDEUR open-sourced stark-v, a general-purpose zkVM built on Stwo that generates STARK proofs for RISC-V program execution, enabling rapid constraint development. @AntoineFONDEUR 开源了stark-v,这是一个基于Stwo构建的通用zkVM,为RISC-V程序执行生成STARK证明,支持快速约束开发。
Key Points: 要点:
- • stark-v is an RV32IM zkVM that generates STARK proofs for RISC-V program execution. stark-v 是一个RV32IM zkVM,为RISC-V程序执行生成STARK证明。
- • Uses declarative macros to generate Stwo AIR components for rapid constraint development. 使用声明式宏生成Stwo AIR组件,加速新约束的开发过程。
- • Defines fixed memory layout for program code, input/output, and stack in guest programs. 提供内存布局定义,支持固定地址范围的程序代码、输入输出和堆栈。
- • Includes benchmarks measuring proof throughput (kHz) and explores parallelization strategies. 包含基准测试,测量证明吞吐量(kHz),并探索并行化策略。
- • Project is a work in progress and not yet ready for production use. 项目仍在开发中,暂不建议用于生产环境。
- • Architecture inspired by OpenVM, supports allocators like jemalloc and mimalloc. 架构灵感来源于OpenVM,支持多种分配器如jemalloc、mimalloc。