ZK Hints
Daily Digest 每日摘要 View All 查看全部
Sigma Prime shared a security audit guide for SP1 zkVM on their blog, covering architecture overview, input validation, host-guest code separation, and common vulnerability mitigation strategies. Sigma Prime在博客中分享了SP1 zkVM的安全审计指南,包括架构概述、输入验证、主机与客机代码分离以及常见漏洞缓解策略等内容。
Key Points: 要点:
- • All input data is untrusted and must be validated in the guest program. 所有输入数据均不可信,必须在客机程序中验证
- • Only guest code execution is proven, host code behavior is not guaranteed by encryption. 仅客机代码执行被证明,主机代码行为不受加密保证
- • SP1 uses 32-bit RISC-V, attention needed for integer overflow and pointer arithmetic. SP1使用32位RISC-V,需注意整数溢出和指针算术问题
- • Third-party dependencies may introduce OS calls or 64-bit assumptions, requiring review and adaptation. 第三方依赖可能引入OS调用或64位假设,需审查和适配
- • Security audits should focus on input validation and logic separation to prevent malicious inputs. 安全审计应聚焦输入验证和逻辑分离,防止恶意输入
- • Uses standard Rust toolchain, but attention needed for zkVM environment constraints. 使用标准Rust工具链,但需注意zkVM环境限制
Cong et al. proposed a scalable zkSNARK framework for matrix computations, achieving linear proving time, logarithmic proof size, and verification time, while preserving architecture privacy. Cong等人在论文中提出了一种可扩展的zkSNARK框架,用于矩阵计算,实现线性证明时间、对数级证明大小和验证时间,同时保护架构隐私。
Key Points: 要点:
- • Proposes a generic zkSNARK framework modeling neural networks as matrix-computation DAGs. 提出通用 zkSNARK 框架,将神经网络建模为矩阵计算 DAG。
- • Introduces a dual-layer design: LiteBullet ensures linear proving, PoP compresses proofs and hides structure. 设计双层结构:LiteBullet 保持线性 prover,PoP 压缩证明并隐藏架构。
- • LiteBullet uses folding-based inner product arguments, avoiding polynomial expansion and sumcheck. LiteBullet 基于 folding 内积证明,避免多项式扩展与 sumcheck。
- • The Evalyn interface unifies diverse matrix and nonlinear operations, supporting heterogeneous NNs. Evalyn 接口统一不同矩阵与非线性操作,支持异构 NN。
- • Batching and lookup tables improve efficiency for nonlinear functions and matrix commitments. 批处理与查表提升非线性函数和矩阵承诺效率。
- • Achieves O(Mn²) prover and O(log(Mn)) proof/verification complexity, with an open-source implementation. 实现 O(Mn²) prover 与 O(log(Mn)) proof/验证复杂度,并开源实现。
@0xPARC team released the v2.0.0 version of the programmable cryptography textbook, including updates and bug fixes, supporting learning of ZK and other cryptographic technologies. @0xPARC 团队发布了可编程密码学教材的v2.0.0版本,包括更新内容和错误修复,支持ZK等密码学技术的学习。
Key Points: 要点:
- • Defines programmable cryptography with 2PC, SNARKs, FHE, ORAM. 提出可编程密码学框架:2PC、SNARKs、FHE、ORAM。
- • 2PC: Secure computation via Yao’s circuits and OT. 2PC:Yao电路与OT实现安全计算。
- • SNARK basics: elliptic curves and polynomial commitments. SNARK基础:椭圆曲线与多项式承诺。
- • SNARK example: PLONK with arithmetization and constraints. SNARK实例:PLONK的算术化与约束检查。
- • FHE: LWE-based homomorphic encryption and bootstrapping. FHE:基于LWE的全同态加密与bootstrapping。
- • ORAM: Path ORAM to hide access patterns. ORAM:Path ORAM隐藏访问模式。
@NethermindEth's Garreta et al. proposed Zinc, a hash-based succinct argument scheme that reduces arithmetization overheads using IOPs of proximity to integers, supporting ring operations with arbitrary moduli. 来自 @NethermindEth 的 Garreta等人在论文中提出了一种基于哈希的简洁论证方案Zinc,通过整数上的IOPs减少算术化开销,支持任意模数的环运算。
Key Points: 要点:
- • Zinc aims to reduce arithmetization overheads in ZK proofs, lowering costs by orders of magnitude. Zinc旨在减少ZK证明中的算术化开销,可降低数量级成本
- • Supports ring operations with arbitrary moduli, including non-prime and multi-modulus scenarios. 支持任意模数的环运算,包括非质数和多模数场景
- • Based on hash and code, no hidden order is required, enhancing security. 方案基于哈希和代码,无需隐藏阶群,增强安全性
- • Core components include the Zinc-PIOP framework and Zip polynomial commitments. 核心组件包括Zinc-PIOP框架和Zip多项式承诺
- • Utilizes rational number-based lookup arguments to ensure proof integrity. 利用有理数上的查找论证确保见证整数性
- • Suitable for integer arithmetic applications, improving the practical efficiency of ZK proofs. 适用于整数算术应用,提升ZK证明的实用效率
In the paper, Xue et al. propose the ZK-Eval evaluation framework and the ZK-Coder enhancement framework to assess and improve LLM capabilities in ZK code generation, significantly boosting the correctness of Circom and Noir programs. Xue等人在论文中提出了ZK-Eval评估框架和ZK-Coder增强框架,用于评估和改进LLM在ZK代码生成中的能力,显著提升Circom和Noir程序的正确率。
Key Points: 要点:
- • ZKP programming is hard and error-prone; LLMs lack systematic evaluation. ZKP 编程困难且易错,LLM 在该领域缺乏系统评估。
- • ZK-Eval benchmark covers language, gadget, and end-to-end generation. ZK-Eval 基准涵盖语言知识、gadget 能力和端到端生成。
- • LLMs handle syntax well but fail on gadgets and semantics; Circom is harder. LLM 语法掌握好,但 gadget 与语义正确性差,Circom 更难。
- • ZK-Coder uses sketching, retrieval, and repair to improve reliability. ZK-Coder 结合约束 sketch、检索和交互修复提升生成质量。
- • Success rates on Circom/Noir rise from <30% to 80–90%. 在 Circom/Noir 上成功率从 <30% 提升至 80–90%。
- • Repair loop is crucial; challenges remain in efficiency and data scarcity. 修复循环最关键,挑战在电路效率与数据稀缺。
PSE team (@PrivacyEthereum) shared their blog, discussing the Ethereum privacy roadmap, including private writes, reads, and proving, to drive privacy as a first-class citizen in the application layer. PSE团队 (@PrivacyEthereum) 分享了博文,讨论了Ethereum隐私路线图,包括私有写入、读取和证明等关键领域,以推动隐私成为应用层的一等公民。
Key Points: 要点:
- • PSE transforms into Privacy Stewards for Ethereum to make privacy default PSE转型为以太坊隐私守护者,推动隐私成为默认特性
- • Focus on three areas: Private writes, reads and proving 聚焦三大领域:私有写入、私有读取和私有证明
- • Goal: Make private operations as cheap as public ones 目标:私有操作与公有操作同等廉价便捷
- • Short-term: Private transfers, voting protocols, institutional solutions 短期重点:隐私转账、投票协议和机构隐私方案
- • Build ecosystem through collaboration for privacy solutions 通过协作共建生态,推进隐私解决方案落地
- • Vision: Enable global digital commerce and value internet 愿景:支撑全球数字商业的价值互联网
@IrreducibleHW shared the release of Binius64 in their blog, discussing CPU performance optimization, differences from Binius V0, and performance benchmark results. @IrreducibleHW 在博客中分享了Binius64的发布,讨论了其针对CPU性能的优化、与Binius V0的区别以及性能基准测试结果。
Key Points: 要点:
- • Launched Binius64: CPU-optimized ZK proof system 推出Binius64:新一代CPU优化的零知识证明系统
- • Native 64-bit support with hardware-friendly constraints 原生64位支持,硬件友好约束(位运算/整数乘法)
- • 5x faster than GPU zkVMs (multi-threaded CPU) 性能较GPU加速zkVM快5倍(多线程CPU)
- • Zero-knowledge coming by end-2025 暂不支持零知识,计划2025年底实现
- • Focus: private payments, anonymous credentials 专注隐私支付、匿名凭证等应用场景
- • Open-sourced, improving verification & developer experience 已开源,将改进验证简洁性和开发体验
@IrreducibleHW discussed company transformation in their blog, moving from hardware to software, focusing on Binius proof system and local proofs, to drive the development of verifiable internet. @IrreducibleHW 团队在博客中讨论了公司转型,从硬件转向软件,专注于Binius证明系统和本地证明,以推动可验证互联网的发展。
Key Points: 要点:
- • Strategic pivot: From hardware to software, focused on proof systems 战略转型:从硬件转向软件,专注证明系统开发
- • Technical focus: CPU-optimized Binius64 proof system 技术重点:推出CPU优化的Binius64证明系统
- • Hardware abandoned: Due to weak demand and GPU ecosystem advantages 放弃硬件:因市场需求不足和GPU生态优势
- • Privacy focus: Local verification for privacy applications 聚焦隐私:支持本地设备验证的隐私应用
- • Licensing: Prover AGPL, verifier Apache 许可策略:证明器AGPL,验证器Apache
- • Vision: Building verifiable internet with ZK proofs 愿景:用零知识证明构建可验证的互联网
Beriane et al. proposed an optimization method for zk-Rollup architecture backend verification in their paper, using polynomial aggregation and scalar decomposition techniques to significantly reduce on-chain verification costs. Beriane 等人在论文中提出了一种优化zk-Rollup架构后端验证的方法,通过多项式聚合和标量分解等技术显著降低了链上验证成本。
Key Points: 要点:
- • Proposes optimizations for high on-chain verification costs in zk-Rollups 针对zk-Rollup链上验证成本高的问题提出优化方案
- • Key optimization: Reduces G1 exponentiations from 40 to 31, saving 108k Gas per verification 核心优化:G1指数运算从40次降至31次,单次验证省108k Gas
- • Replaces FFT with dynamic barycentric interpolation, cutting Gas by 92-95% for sparse polynomials 采用动态重心插值法替代FFT,稀疏多项式求值Gas降92-95%
- • Introduces proof aggregation to minimize precompile calls while maintaining 128-bit security 提出证明聚合策略,减少预编译调用且保持128位安全性
- • Experimental results: Total verification cost reduced from 857.2k to 748.45k Gas 实验效果:总验证成本从857.2k Gas降至748.45k Gas
- • Optimizations are compatible with Pectra upgrade and provide blueprint for efficient on-chain verification 优化兼容Pectra升级,为高效链上验证提供技术蓝图
@a16zcrypto team shared the design of Jolt zkVM, including a high-performance RISC-V implementation based on sumcheck and lookup arguments, as well as its simplicity and speed advantages. @a16zcrypto 团队分享了Jolt zkVM的设计,包括基于sumcheck和查找参数的高性能RISC-V实现,以及其简单性和速度优势。
Key Points: 要点:
- • Jolt zkVM is designed based on sumcheck and lookup arguments, emphasizing performance and simplicity Jolt zkVM基于sumcheck和查找参数设计,强调性能和简单性
- • Uses Spartan and Dory as underlying proof systems to optimize R1CS constraints 使用Spartan和Dory作为底层证明系统,优化R1CS约束
- • Supports RISC-V architecture for efficient virtual machine proofs 支持RISC-V架构,适用于高效虚拟机器证明
- • Open-source project including related papers and blog articles, providing detailed documentation 开源项目包括相关论文和博客文章,提供详细文档
- • Performance reaches state-of-the-art levels, particularly outstanding on CPU 性能达到state-of-the-art水平,特别在CPU上表现突出
- • Design centered around the Just One Lookup Table concept, simplifying implementation complexity 设计围绕Just One Lookup Table理念,简化实现复杂度
@class_lambda team shared the basic properties of multilinear polynomials in blog, including definitions, interpolation methods, and tensor product operations, providing a foundation for understanding Sum-Check protocol optimization. @class_lambda 团队在博客中分享了多线性多项式的基本性质,包括定义、插值方法和张量积操作,为理解Sum-Check协议优化提供基础。
Key Points: 要点:
- • Multilinear polynomials are key components of the Sum-Check protocol in ZKP, used for efficient computation and verification 多线性多项式是ZKP中Sum-Check协议的关键组件,用于高效计算和验证
- • Interpolation methods allow any function to be represented by multilinear polynomials on Boolean hypercubes, simplifying calculations 插值方法允许任意函数在布尔超立方体上被多线性多项式表示,简化计算
- • Tensor product operations provide a vector space abstraction for polynomial multiplication, optimizing memory and time usage 张量积操作提供多项式乘法的向量空间抽象,优化内存和时间使用
- • Coordinate calculations based on Lagrange basis, directly through function evaluation, improving efficiency 坐标计算基于拉格朗日基,直接通过函数求值获得,提升效率
- • These properties help accelerate Sum-Check proofs, reducing ZKP system overhead 这些性质有助于加速Sum-Check证明,减少ZKP系统的开销
- • The article provides a mathematical foundation for understanding more complex ZKP protocols (e.g., GKR) 文章为理解更复杂的ZKP协议(如GKR)提供了数学基础
Sheybani et al. surveyed 25 ZKP frameworks in their paper, including performance testing and Docker container support, aimed at reducing developer entry barriers. Sheybani等人在论文中对25个通用ZKP框架进行了系统调查和评估,包括性能测试和Docker容器支持,旨在降低开发者入门门槛。
Key Points: 要点:
- • Surveyed 25 ZKP frameworks: SNARK, STARK, MPCitH, VOLE. 系统调查25个ZKP框架,涵盖SNARK、STARK、MPCitH、VOLE。
- • Metrics: performance, usability, accessibility; Docker for reproducibility. 评估指标:性能、可用性、可访问性,并提供Docker复现。
- • SNARK most mature: Arkworks, Gnark; PLONK: Gnark-KZG, Noir. SNARK最成熟,推荐Arkworks、Gnark;PLONK推荐Gnark-KZG、Noir。
- • STARKs for post-quantum apps, RISC Zero recommended. STARK适合后量子安全,推荐RISC Zero。
- • VOLE-ZK fits IoT/distributed learning; MPCitH limited options. VOLE-ZK适合IoT与分布式学习;MPCitH框架有限。
- • Future: high-level APIs, interoperability, hardware acceleration. 未来方向:高层API、互操作、硬件加速。
Eagen et al. proposed a novel optimistic smart contract protocol Glock for Bitcoin in their paper, using Garbled Circuits to leak secrets and generate signatures as fraud proofs, reducing dependency on Grug technology. Eagen等人在论文中提出了一种基于混淆电路的乐观智能合约协议Glock,用于比特币,通过泄露秘密和生成签名作为欺诈证明,并减少对Grug技术的依赖。
Key Points: 要点:
- • Glock uses garbled circuits to leak secrets and generate signatures as fraud proofs Glock使用混淆电路泄露秘密并生成签名作为欺诈证明
- • First practical construction without the need for Grug technology, enhancing security 首次提出无需Grug技术的实际构造,提高安全性
- • Achieves malicious security by combining Cut-and-Choose, VSS, and Adaptor Signatures 结合Cut-and-Choose、VSS和Adaptor Signatures实现恶意安全
- • Optimizes SNARK pari to reduce proof size and lower on-chain verification costs 优化SNARK Pari以减小证明大小,降低链上验证成本
- • Works independently and in parallel with Delbrag and BitVM3, providing alternatives 与Delbrag和BitVM3为独立并行工作,提供替代方案
- • Reduces communication and computational complexity, suitable for the Bitcoin network 减少通信和计算复杂度,适用于比特币网络
@ZamDimon discussed the UltraGroth protocol in the blog, explaining how to modify Groth16 to support lookup checks, optimizing non-local operations and reducing constraint numbers. @ZamDimon 在博客中讨论了UltraGroth协议,包括如何通过修改Groth16来支持查找检查,从而优化非本地操作和减少约束数量。
Key Points: 要点:
- • UltraGroth enhances Groth16 with lookup table support UltraGroth是Groth16的改进版,支持查找表优化
- • Maintains Groth16's efficient verification (3 points, 3 pairings), adds only 1 G1 point and 1 pairing 保持Groth16验证高效性(3点3配对),仅增加1个G1点和1次配对
- • Enables efficient non-native operations via secure randomness sampling 通过安全随机数采样实现高效非本地操作(如位运算、范围检查)
- • Significantly reduces circuit constraints (e.g., ReLU from linear to sublinear) 大幅降低电路约束(如ReLU从线性降至亚线性复杂度)
- • Proven in production with Bionetta, secure and reliable 已在实际项目Bionetta中应用,安全可靠
- • Provides efficient proving for complex ZK circuits 为复杂ZK电路提供高效证明方案
Khovratovich et al. proposed a hybrid compression method in the paper, optimizing Groth16 framework proof costs for long statements by combining different hash functions to improve smart contract and proof circuit efficiency. Khovratovich等人在论文中提出了一种混合压缩方法,用于优化Groth16框架中长语句的证明成本,结合不同哈希函数以提高智能合约和证明电路的效率。
Key Points: 要点:
- • Proposes Hybrid Compression allowing different hashes in circuit and contract. 提出 Hybrid Compression,电路和合约可用不同哈希。
- • Contract uses SHA-256, circuit uses Poseidon, consistency via UHF. 合约用 SHA-256,电路用 Poseidon,通过 UHF 保证一致。
- • Introduces joint UHF-hardness assumption for security. 提出 joint UHF-hardness 假设确保安全性。
- • Models problem as 'Data Matching in Unequal Worlds' protocol. 将问题建模为“不等世界下的数据匹配”协议。
- • Benchmarks show near-optimal gas and proving time. 实验表明 gas 和证明时间均接近最优。
- • Resolves hash dilemma for efficient on-chain verification. 解决哈希困境,实现高效链上验证。