Daily Digest 每日摘要 View All 查看全部

December 2025 2025 年十二月

Fri

2025-12-26

Ethproofs 2025 Review & 2026 Roadmap Blog

Ethproofs zkVM Real-Time Proving

Ethproofs recapped 2025 progress: faster provers, broader coordination, and previewed a 2026 shift toward security and standardization for Ethereum L1. Ethproofs团队在博客中回顾了2025年平台进展，包括性能提升和生态协调，并展望2026年将重点转向安全性和标准化，以支持以太坊L1强制证明的过渡。

Key Points: 要点：

• 2025: Ethproofs verified ~200,000 ETH blocks; proof latency cut 5x, cost 15x. 2025年Ethproofs验证了约20万个以太坊区块，平均证明延迟降低5倍，成本降低15倍
• P99 latency <10s, single-GPU proving <1min, proof cost <$0.01/block by several teams. 多个团队已实现P99延迟<10秒、单GPU证明<1分钟，证明成本降至每区块低于1美分
• Platform evolved to a coordination layer, supporting 7 zkVMs and 15 proving teams. 平台从性能跟踪演变为协调层，支持7个zkVM和15个证明团队
• 2026 focus: security, standardizing runtime, energy, and proof size metrics. 2026年重心转向安全性，将标准化指标如运行时间、能效和证明大小
• Unified metrics and RTP Cohort for real-time production visibility. 引入统一指标层和实时区块监控（RTP Cohort），提升生产环境可见性
• Goal: ensure trust, decentralization, and correctness in ETH mandatory proofs via public measurement. 目标是通过公开测量和协调，确保以太坊强制证明过渡的可信、去中心化和持久正确性

Wed

2025-12-24

FRIVail: A Data Availability Scheme based on FRI Binius Paper

Rachit Anand Srivastava KZG

In the paper, Srivastava proposed FRIVail, a data availability scheme based on FRI-Binius, supporting ZK proofs, post-quantum and hybrid aggregation strategies, and providing a modular foundation for blockchain data availability protocols. Srivastava在论文中提出了一种基于FRI-Binius的数据可用性方案FRIVail，支持ZK证明、后量子和混合聚合策略，为区块链数据可用性协议提供模块化基础。

Key Points: 要点：

• FRIVail uses FRI's Reed-Solomon structure so each commitment is a codeword for easy sampling. FRIVail利用FRI的Reed-Solomon结构，每个承诺自然编码一个码字，便于轻客户端直接采样
• Each data row gets its own FRI proof, then aggregation combines them into a global certificate. 方案为每行数据分配独立FRI证明，再通过聚合策略组合成全局可用性证书
• ZK aggregation creates short proof-of-proofs, allowing concise global checks and row independence. ZK聚合策略生成紧凑的证明之证明(proof-of-proofs)，实现简洁全局验证同时保持行独立性
• Post-quantum aggregation recursively uses FRI-Binius for proof-of-proofs, relying on proximity checks and new polynomials. 后量子聚合递归应用FRI-Binius构建证明之证明，依赖FRI邻近性检查但需重构聚合多项式
• KZG aggregation enables direct openings but needs pairing and trusted setup, so it's not post-quantum secure. KZG混合聚合支持直接代数开箱但依赖配对假设和可信设置，不具备后量子安全性
• All variants let light clients check availability with a few openings, no full data download needed. 所有变体都使轻客户端能通过少量本地开箱检查验证可用性，无需下载完整数据

Tue

2025-12-23

ZKDL Camp Tutorial

Distributed Lab Groth16 PlonK

Distributed Lab organized the ZKDL Camp lecture series, focusing on explaining the working principles of modern zkSNARKs such as Groth16, PlonK, and GKR from scratch, covering mathematical foundations, protocol construction, and practical applications. Distributed Lab组织了ZKDL Camp系列讲座，专注于从零讲解现代zkSNARKs如Groth16、PlonK、GKR的工作原理，涵盖数学基础、协议构建和应用实践。

Key Points: 要点：

• ZKDL Camp offers comprehensive courses from basic mathematics to advanced zkSNARK protocols, suitable for in-depth study. ZKDL Camp提供从基础数学到高级zkSNARK协议的全面课程，适合深入学习
• The lectures cover key protocols such as Groth16, PlonK, GKR, Sum-Check, and Bulletproofs. 讲座涵盖Groth16、PlonK、GKR、Sum-Check、Bulletproofs等关键协议
• Includes cutting-edge protocols like UltraGroth, optimizing lookup checks for R1CS circuits. 包括UltraGroth等前沿协议，优化R1CS电路的查找检查
• Provides practical tutorials on tools like Circom to support zk application development. 提供Circom等实践工具教程，支持zk应用开发
• Open-source books and code repositories encourage community participation and knowledge sharing. 开源书籍和代码库鼓励社区参与和知识共享
• Emphasizes the mathematical foundations and verification methods in protocol construction for security. 安全性方面强调协议构建的数学基础和验证方法

Mon

2025-12-22

ZP1 - RISC-V zkVM OSS

ZippelLabs Mersenne31

ZippelLabs open-sourced ZP1, a RISC-V zkVM based on Circle STARKs and Mersenne31, supporting the RV32IM instruction set and integrating features like FRI, LogUp, and parallel constraint evaluation. ZippelLabs 团队开源了ZP1，这是一个基于Circle STARKs和Mersenne31的RISC-V zkVM，支持RV32IM指令集，并集成了FRI、LogUp和并行约束评估等特性。

Key Points: 要点：

• ZP1 is an experimental RISC-V zkVM using Circle STARKs and the Mersenne31 field. ZP1是一个实验性RISC-V zkVM，使用Circle STARKs和Mersenne31字段
• Supports the RV32IM instruction set, integrating FRI, LogUp, and parallel constraint evaluation. 支持RV32IM指令集，集成FRI、LogUp和并行约束评估
• Includes precompiled circuits such as Keccak and SHA2, but has not undergone security auditing. 包含预编译电路如Keccak和SHA2，但未经安全审计
• Recently fixed critical security issues like DEEP quotient domain points. 近期修复了DEEP quotient domain points等关键安全漏洞
• Performance optimizations include bit lookup table acceleration, but Circle FFT efficiency is low. 性能优化包括位查找表加速，但Circle FFT效率较低
• Project status: good test coverage, but limited GPU support and other constraints. 项目状态：测试覆盖良好，但存在GPU支持有限等限制

Sun

2025-12-21

Stark from zero OSS

microbecode STARK Rust

microbecode open-sourced Stark from zero, a Rust implementation of a STARK prover and verifier focused on education, featuring core concepts like Fibonacci trace, LDE, and Merkle commitments. microbecode 开源了Stark from zero，这是一个用Rust实现的STARK证明器和验证器，专注于教育目的，包含斐波那契追踪、LDE和Merkle承诺等核心概念。

Key Points: 要点：

• The project is for educational purposes and not suitable for production, lacking security and optimizations. 项目为教育用途，不适用于生产环境，缺乏安全性和优化
• Omits ZK privacy properties, focusing on teaching STARK core concepts. 省略了ZK隐私属性，专注于STARK核心概念的教学
• Uses small finite fields and traces to simplify implementation for understanding. 使用小型有限域和追踪，简化了实现以便理解
• Does not implement full FRI proof, only provides folding examples. 未实现完整FRI证明，仅提供折叠示例
• Relies on insecure hash functions and simplified commitments, with security vulnerabilities. 依赖非安全哈希函数和简化承诺，存在安全漏洞
• Process includes Fibonacci trace, LDE, Merkle commitments, and Fiat-Shamir sampling. 流程包括斐波那契追踪、LDE、Merkle承诺和Fiat-Shamir采样

Sat

2025-12-20

Mastering Cairo Tutorial

Rareskills Cairo Starknet

Rareskills shared the tutorial series to help Solidity developers quickly learn the Cairo language and build smart contracts on Starknet—no ZK background required. Rareskills分享了教程系列，帮助Solidity开发者快速学习Cairo语言和在Starknet上构建智能合约，无需ZK背景知识。

Key Points: 要点：

• The tutorial is aimed at Solidity developers, enabling them to learn Cairo without ZK experience 教程面向Solidity开发者，无需ZK经验即可学习Cairo
• Funded by the Starknet Foundation, emphasizing the adoption of ZK-STARK technology Starknet Foundation提供资金支持，强调ZK-STARK技术的普及
• Covers Cairo language basics, smart contract development, and Starknet-specific features 内容涵盖Cairo语言基础、智能合约开发和Starknet特定功能
• Includes practical exercises such as implementing ERC-20 tokens to enhance learning 包括实践练习，如ERC-20代币实现，以增强学习效果
• Abstracts away underlying cryptography so developers can focus on the application layer 抽象底层密码学，使开发者能专注于应用层开发
• Well-structured from basic to advanced, suitable for quick onboarding 教程结构清晰，从基础到高级，适合快速上手

Thu

2025-12-18

SALSAA – Sumcheck-Aided Lattice-based Succinct Arguments and Applications Paper

Shuto Kuriyama lattices

Kuriyama et al. proposed the SALSAA framework in paper , which optimizes lattice-based succinct arguments by integrating sumcheck techniques, achieving linear-time proving, smaller proof sizes, and supporting broad relations such as R1CS. Kuriyama等人在论文中提出SALSAA框架，通过集成sumcheck技术优化了格基简洁论证，实现了线性时间证明者和更小的证明尺寸，并支持R1CS等广泛关系。

Key Points: 要点：

• SALSAA significantly improves lattice-based arguments efficiency via sumcheck integration, reducing proof size by 2-3x compared to RPS/RnR SALSAA通过sumcheck集成显著提升格基论证效率，证明尺寸比RPS/RnR减少2-3倍
• The framework supports linear-time provers, overcoming the previous bottleneck of quasi-linear norm checks 框架支持线性时间证明者，解决了之前准线性时间范数检查的性能瓶颈
• First to natively support ℓ₂-norm constraints in lattice folding schemes, with highly efficient verification 首次实现原生支持ℓ₂-范数约束的格基折叠方案，验证效率极高
• Provides concrete performance: verification time 41 ms, proof size 979KB (for 2²⁸-element witness) 提供具体性能数据：验证时间41毫秒，证明大小979KB（2²⁸元素见证）
• Modular Rust implementation demonstrates real-world feasibility, suitable for large-scale deployment 模块化Rust实现展示实际可行性，适合大规模应用部署
• Expands the scope of lattice-based arguments, offering new tools for post-quantum secure ZK systems 扩展了格基论证的应用范围，为后量子安全ZK系统提供新工具

Wed

2025-12-17

STARK Lab: Interactive Tutorial Tutorial

Bernhard Mueller STARK FRI

@muellerberndt released the open-source STARK Lab project, featuring interactive tutorials, execution trace generation, and core STARK concept visualizations, enabling users to build zero-knowledge proofs from scratch. @muellerberndt 发布了STARK Lab开源项目，包括交互式教程、执行跟踪生成和核心STARK概念可视化，支持用户从零构建ZK证明。

Key Points: 要点：

• STARK Lab provides interactive tutorials to help users intuitively understand STARK proofs STARK Lab提供交互式教程，帮助用户直观理解STARK证明
• Supports writing simple programs and generating execution traces, learning step by step from constraints to polynomials 支持编写简单程序并生成执行跟踪，从约束到多项式逐步学习
• Currently features a toy verifier, with full STARK verification functionality coming soon 当前包含玩具验证器，完整STARK验证功能即将推出
• Makes mathematical concepts more vivid and understandable through dynamic visualization 通过动态可视化使数学概念更生动易懂
• Starts from basic finite fields and gradually builds up to complete ZK proofs 从基础有限域开始，逐步构建到完整ZK证明
• Focused on educational purposes, lowering the learning threshold for ZK technology 专注于教育目的，降低ZK技术学习门槛

Tue

2025-12-16

Implements Halo2 from scratch OSS

Rasmus Kirk Jakobsen Halo2

Rasmus Kirk Jakobsen open-sourced the complete implementation of Halo2, including theoretical explanation and Rust code, supporting unit testing and benchmark testing. Rasmus Kirk Jakobsen 开源了 Halo2 的完整实现项目，包括理论解释和 Rust 代码，支持单元测试和基准测试。

Key Points: 要点：

• Complete implementation of Halo2 from scratch, providing both theoretical foundations and practical code. 项目完全从零实现 Halo2，提供理论基础和实际代码
• Includes unit and benchmark tests for code validation and performance evaluation. 包含单元测试和基准测试，支持代码验证和性能评估
• Offers detailed reports explaining the theory, construction, and benchmark results of Halo2. 提供详细报告，解释Halo2的理论、构造和基准结果
• Reports include: committee signature chain compression based on IVC, enabling fast and secure light node synchronization. 报告包括：基于 IVC 的委员会签名链压缩，实现 light node 快速安全同步。
• Reports include: IVC-friendly Plonk engineering implementation without trusted setup. 报告包括：无需 trusted setup 的 IVC-friendly Plonk 工程实现。

Mon

2025-12-15

Architecture-private Zero-knowledge Proof of Neural Networks Paper

Yanpei Guo NUS zkML

Guo et al. propose a privacy-preserving zkML scheme based on architecture-private zero-knowledge proof, using parameterized R1CS and functional relationship proofs to hide CNN model architecture, achieving 30% slower proof time than BFG+23 on VGG16. Guo等人在论文中提出了一种架构隐私的zkML方案，通过参数化R1CS和功能关系证明来隐藏CNN模型架构，在VGG16上仅比BFG+23慢30%。

Key Points: 要点：

• Existing zkML schemes mainly hide model parameters but expose the complete CNN architecture information. 现有zkML方案主要隐藏模型参数，但会暴露CNN的完整架构信息
• Proposes parameterized R1CS (pR1CS) as a generalization of R1CS to allow the prover to submit the model architecture. 提出参数化R1CS（pR1CS）作为R1CS的泛化，便于证明者提交模型架构
• Introduces a functional relationship proof scheme to verify that the submitted architecture is valid. 引入功能关系证明方案来验证提交的架构是有效的
• When batch proving 64 instances on the VGG16 model, proof time is only 30% slower than BFG+23. 在VGG16模型上批量证明64个实例时，证明时间仅比BFG+23慢30%
• Using pR1CS to prove matrix multiplication is at least 3 times faster than traditional R1CS. 使用pR1CS证明矩阵乘法比传统R1CS快至少3倍
• This scheme provides dual privacy protection for both the architecture and parameters of neural networks in zero-knowledge proofs. 该方案为神经网络零知识证明提供了架构和参数的双重隐私保护

Sun

2025-12-14

ZeroOS: A Universal Modular Library OS for zkVMs Paper

Guangxian Zou LayerZero Labs zkVM

Zou et al. propose ZeroOS, a universal modular library OS for zkVMs, allowing vApp developers to link only the required Linux ABI subset, reducing trusted computing base and unifying the zkVM ecosystem. Zou等人在论文中提出了一种用于zkVM的通用模块化库操作系统ZeroOS，允许vApp开发者仅链接所需Linux ABI子集，减少可信计算基并统一zkVM生态系统。

Key Points: 要点：

• ZeroOS addresses compatibility issues in zkVMs where modern programs depend on operating systems and libc. ZeroOS解决了zkVM中现代程序依赖操作系统和libc的兼容性问题
• Traditional approaches create unikernels through language runtime branches, causing version hell and large trusted computing bases. 传统方法通过特定语言运行时分支创建unikernels，导致版本地狱和过大可信计算基
• ZeroOS allows vApp developers to link only the required Linux ABI subset, reducing attack surface. ZeroOS允许vApp开发者仅链接所需Linux ABI子集，减少攻击面
• Any zkVM team can easily integrate by writing a ZeroOS bootloader, reducing maintenance burden. 任何zkVM团队可通过编写ZeroOS引导程序轻松集成，降低维护负担
• This approach unifies the zkVM ecosystem, consolidating development and audit resources. 该方案统一zkVM生态系统，整合开发和审计资源
• ZeroOS is open-sourced with ready-to-use toolchains, improving vApp development efficiency. ZeroOS已开源，支持现成工具链，提升vApp开发效率

Thu

2025-12-11

Bionetta: Efficient Client-Side Zero-Knowledge Machine Learning Proving Paper

Dmytro Zakharov UltraGroth zkML

Zakharov et al. proposed a zkML framework Bionetta based on UltraGroth, significantly improving the proof efficiency of custom neural networks and supporting client-side proofs on mobile devices. Zakharov等人在论文中提出了一种基于UltraGroth的zkML框架Bionetta，显著提升了自定义神经网络的证明效率，支持在移动设备上运行客户端证明。

Key Points: 要点：

• Bionetta based on UltraGroth protocol, optimizing zkML proof performance Bionetta基于UltraGroth协议，优化了zkML的证明性能
• Supports custom neural networks on mobile devices for client-side proofs 支持自定义神经网络在移动设备上进行客户端证明
• Significantly improves proof time compared to EZKL, Lagrange's deep-prove, etc. 证明时间相比EZKL、Lagrange的deep-prove等工具显著缩短
• Deployable on native EVM smart contracts, without large proof scale and verification overhead 可部署于原生EVM智能合约，无需过大证明规模和验证开销
• One-time preprocessing steps (circuit compilation, trusted setup) cost increase 一次性预处理步骤（电路编译、可信设置）成本增加
• Suitable for client-side machine learning applications requiring privacy protection 适用于需要隐私保护的客户端机器学习应用场景

Wed

2025-12-10

Hash-based Signature Schemes for Bitcoin Paper

Mikhail Kudinov SPHINCS+

Kudinov et al. comprehensively analyzed the application of hash-based signature schemes to Bitcoin in the paper , significantly improving the performance of schemes like SPHINCS+ by optimizing parameters and limiting the number of signatures. Kudinov等人在论文中全面分析了基于哈希的签名方案在比特币中的应用，通过优化参数和限制签名数量，显著提升了SPHINCS+等方案的性能。

Key Points: 要点：

• Hash-based signature schemes depend on hash function assumptions, compatible with Bitcoin's existing design, making them a potential post-quantum alternative 基于哈希的签名方案依赖哈希函数假设，与比特币现有设计兼容，是潜在的后量子替代方案
• By optimizing parameters and limiting the number of signatures per public key, significantly reducing signature size and improving efficiency 通过参数优化和限制每公钥签名数量，显著减小了签名大小，提升了效率
• Applied SPHINCS+C, TL-WOTS-TW, PORS+FP, etc., outperforming standardized SPHINCS+ (SLH-DSA) 应用了SPHINCS+C、TL-WOTS-TW、PORS+FP等最新优化技术，优于标准化的SPHINCS+（SLH-DSA）
• Discussed limitations in practical applications such as key derivation, multi-signature, and threshold signature 讨论了密钥派生、多重签名和阈值签名等应用的局限性
• Provided public scripts to ensure the reproducibility and transparency of the research 提供了公开脚本以确保研究的可复现性和透明度
• Focused on Bitcoin, providing practical guidance for post-quantum cryptography deployment in blockchain 专注于比特币特定需求，为后量子密码学在区块链中的部署提供实用指导

Mon

2025-12-08

Quantum computing and blockchains: Matching urgency to actual threats Blog

Justin Thaler Post-Quantum Cryptography

Justin Thaler analyzed the threat of quantum computing to blockchains in blog, clarifying the different risks of encryption and signatures under HNDL attacks, and discussing the quantum security of zkSNARKs. Justin Thaler在博文中分析了量子计算对区块链的威胁，澄清了加密和签名在HNDL攻击下的不同风险，并讨论了zkSNARKs的量子安全性。

Key Points: 要点：

• HNDL attacks make post-quantum encryption deployment urgent, but signatures are not affected, migration can be delayed HNDL攻击使后量子加密部署紧迫，但签名无此风险，迁移可延迟
• zkSNARKs' zero-knowledge properties are post-quantum secure, with no HNDL attack threat zkSNARKs的零知识属性后量子安全，无HNDL攻击威胁
• Quantum computers cannot break encryption in the short term, CRQC may take decades to achieve 量子计算机短期内无法破解加密，CRQC需数十年才可能实现
• Post-quantum signatures have high performance overhead and implementation risks, requiring careful migration 后量子签名性能开销大，实施风险高，需审慎迁移
• Enterprises should prioritize solving more urgent security issues, such as code vulnerabilities 企业应优先解决更紧迫的安全问题，如代码漏洞
• Hybrid encryption schemes (e.g., ML-KEM+X25519) can balance security and performance 混合加密方案（如ML-KEM+X25519）可平衡安全与性能

Sun

2025-12-07

Small-field hash-based SNARGs are less sound than conjectured Paper

Giacomo Fenzi Proximity gaps

Fenzi and Sanso analyzed the security of small-field hash-based SNARGs, proposing a general attack method, indicating that their actual security is lower than expected, affecting existing deployment systems. Fenzi和Sanso在论文中分析了小域哈希SNARG的安全性，提出通用攻击方法，指出其实际安全性低于预期，影响现有部署系统。

Key Points: 要点：

• The security of small-field hash-based SNARGs relies on the combination of proximity error and list size parameters of linear codes. 小域哈希SNARG的安全性依赖线性码的距离保持误差和列表大小两个组合参数
• Existing deployment systems operate under capacity mechanism, but security may be overestimated. 现有部署系统在容量机制下操作，但安全性可能被高估
• The research proposes a general attack method, and the success probability depends on the list size parameter. 研究提出通用攻击方法，其成功概率取决于列表大小参数
• Analysis of extension codes in small fields shows that combining lower bounds leads to strong attacks. 对扩展码在小基域上的分析显示组合下界会导致强攻击
• This challenges the optimistic assumption of the near-gap conjecture, affecting actual deployment systems. 这挑战了接近间隙猜想的乐观假设，影响实际部署系统
• The research provides important references for Ethereum Proximity Prize and security evaluation. 研究为Ethereum Proximity Prize等安全评估提供重要参考

Thu

2025-12-04

Speeding Up Sumcheck: An In-Depth Walkthrough of Our Implementation Blog

LambdaClass Optimization BDDT SVO

@class_lambda team shared the optimization implementation of the Sumcheck protocol in blog, introducing the SVO and Eq-Poly optimization strategies based on the BDDT paper and their application in the Whir-P3 code library. @class_lambda 团队在博客中分享了Sumcheck协议的优化实现，详细介绍了基于BDDT论文的SVO和Eq-Poly优化策略及其在Whir-P3代码库中的应用。

Key Points: 要点：

• BDDT optimization delays extension field operations, converting expensive 𝔩𝔩 operations to more base field 𝔰𝔰 operations, improving performance BDDT优化通过延迟扩展域运算，将昂贵的𝔩𝔩操作转换为更多基础域𝔰𝔰操作，提升性能
• SVO uses Lagrange interpolation to replace polynomial expansion, reducing pre-computation cost from exponential to polynomial SVO利用拉格朗日插值替代多项式展开，降低预计算成本从指数级到多项式级
• Eq-Poly optimization based on Gruen method, splitting and reducing 𝔩𝔩 multiplications for eq polynomials Eq-Poly优化基于Gruen方法，通过拆分和减少𝔩𝔩乘法处理eq多项式
• Two-stage strategy: first 3 rounds use SVO, subsequent rounds apply Algorithm 5 实现采用两阶段策略：前3轮使用SVO，后续轮次应用Algorithm 5
• Optimization is targeted at base field such as Baby Bear, with significant higher extension field operation cost 优化针对基础域如Baby Bear，扩展域运算成本显著高于基础域
• 代码实现强调与理论概念的一对一映射，便于理解核心逻辑

Wed

2025-12-03

OpenAC: Open Design for Transparent and Lightweight Anonymous Credentials Paper

zkID privacy-ethereum

PSE's zkID team proposed OpenAC, a decentralized identity scheme based on ZKP, to enhance user privacy protection and identity authentication security. PSE的zkID团队在论文中提出了基于ZKP的去中心化身份方案OpenAC，旨在增强用户隐私保护和身份验证安全性。

Key Points: 要点：

• OpenAC adds anonymity and selective disclosure without changing issuers. OpenAC 在不改 Issuer 的前提下提供匿名与选择性披露。
• A Prepare–Show split moves heavy work offline to cut online cost. Prepare–Show 结构将重计算离线化以降低在线成本。
• Hyrax commitments enable hiding, binding, and unlinkability via re-randomization. Hyrax 承诺用于隐藏、绑定与重随机化避免链接。
• Built on transparent zk-Spartan with no trusted setup. 基于透明 zk-Spartan，无需 trusted setup。
• Show proofs run ~100 ms and ~40 KB on mobile. Show 证明移动端约 100ms、40KB。
• Compatible with SD-JWT/mDL and EUDI ARF, with room for PQ upgrades. 兼容 SD-JWT/mDL 与 EUDI ARF，具 PQ 升级空间。

Tue

2025-12-02

Sum-check protocol for approximate computations Paper

Dor Bitan Probabilistic proofs

Bitan et al. proposed an extension of the sum-check protocol for approximate computations, using the metric structure of low-degree polynomials, supporting adjustable error parameters, and analyzing the security under Fiat-Shamir transformation. Bitan等人在论文中提出了一种近似计算的sum-check协议扩展，利用低度多项式的度量结构，支持可调误差参数，并分析了Fiat-Shamir变换下的安全性。

Key Points: 要点：

• Protocol extends sum-check for approximate computations, supporting adjustable error parameters δ 协议扩展sum-check以处理近似计算，支持可调误差参数δ
• Soundness error gracefully decreases with δ/Δ, validators may reject with initial error Δ large 可靠性误差随δ/Δ优雅下降，初始误差Δ大时验证者更易拒绝
• Utilizes the metric structure of low-degree polynomials, distinct from classic algebraic methods 利用低度多项式的度量结构，区别于经典代数方法
• Natural instantiation over complex numbers, analysis based on polynomial behavior on the unit circle 复数域实例化最自然，分析基于单位圆上的多项式行为
• New intermediate security phenomena appear under Fiat-Shamir transformation, related to approximation Fiat-Shamir变换下出现新的中间安全现象，与近似相关
• Achieves black-box feasibility, compiler independent of arithmetic operations, only needing to satisfy error bounds 实现黑盒可行性，编译器独立于算术操作实现，仅需满足误差界

Mon

2025-12-01

Pairing-Based SNARGs with Two Group Elements Paper

Gal Arnon Random Oracle Model

Arnon et al. proposed a publicly verifiable SNARG, which only contains two group elements and no additional bits, achieving the minimum proof size in GGM + ROM, and establishing a lower bound for single group element SNARGs. Arnon等人提出了一种公开可验证SNARG，证明仅含两个群元素且无额外比特，在GGM + ROM中实现最小证明尺寸，并建立了单群元素SNARG的下界。

Key Points: 要点：

• Proposed the first publicly verifiable SNARG, which only contains two group elements and no additional bits, achieving the minimum proof size in GGM + ROM, and establishing a lower bound for single group element SNARGs. 提出首个公开可验证SNARG，证明仅两个群元素，无额外比特
• Achieves the minimum proof size in GGM + ROM, with BLS12-381 instance size of 768 bits 在GGM + ROM中实现最小证明尺寸，BLS12-381实例下为768比特
• Tight security analysis with no hidden security losses 安全性分析紧密，无隐藏安全损失
• Establishes a new lower bound: single group element SNARGs are impossible in GGM + ROM 建立新下界：单群元素SNARG在GGM + ROM中不可行
• Proof size is nearly twice that of existing schemes, but not yet specifically efficient 证明尺寸较现有方案提升近2倍，但尚未具体高效
• Paves the way for future practical instantiation, reinforcing Groth's lower bound 为未来实用实例化铺平道路，强化了Groth的下界