Daily Digest 每日摘要 View All 查看全部

March 2026 2026 年三月

Tue

2026-03-31

PSE Hackathon ZK

PSE held its first Vibecoding hackathon on March 9-10, 2026, exploring AI-assisted development in cryptographic engineering, with 10 projects submitted covering ZK circuit tooling, post-quantum cryptography, and more. PSE于2026年3月9日至10日举办了首届Vibecoding黑客松，探索AI辅助开发在密码学工程中的应用，共提交10个项目，涵盖ZK电路工具、后量子密码学等领域。

Key Points: 要点：

• Vibecoding hackathon focused on AI-assisted development in cryptographic engineering, 2-day fully remote async format Vibecoding黑客松聚焦AI辅助开发在密码学工程的应用，为期2天，完全远程异步进行
• 10 projects submitted including ZK circuit tooling, post-quantum cryptography, anonymous social networks 共18人注册，提交10个项目，包括ZK电路工具、后量子密码学、匿名社交网络等
• Winners: Vibe Circuit (Claude Code plugin), Seal (content-addressed web app), Noir Circuit Auditor (Claude Code plugin) 获奖项目：Vibe Circuit（Claude Code插件）、Seal（内容寻址Web应用）、Noir Circuit Auditor（Claude Code插件）
• Projects ranged from ZK proof generation to post-quantum secure transfers, showing AI potential in complex crypto tasks 项目范围广泛，从ZK证明生成到后量子安全传输，展示AI在复杂密码学任务中的潜力
• PSE is an Ethereum Foundation R&D lab focused on privacy-preserving tech infrastructure PSE作为以太坊基金会研发实验室，专注于隐私保护技术基础设施
• Goal: explore AI-assisted development effectiveness in serious cryptographic engineering beyond web apps 活动旨在验证AI辅助开发在严肃密码学工程中的有效性，超越传统Web应用

Sat

2026-03-28

CatCrypt: From Rust to Cryptographic Security in Lean Paper

Bas Spitters Lean Rust AI

Bas Spitters proposed the CatCrypt library in their paper, offering an end-to-end pipeline from Rust reference implementations to security proofs in Lean's computational model, covering 172 cryptographic protocols with AI-accelerated development. Bas Spitters在论文中提出CatCrypt库，提供从Rust参考实现到Lean计算模型安全证明的端到端管道，涵盖172个密码协议并利用AI加速开发。

Key Points: 要点：

• Offers machine-checked security proofs, covering 172 protocols with 110 having full Rust-to-Lean pipelines. CatCrypt提供机器检查的密码安全证明库，覆盖172个协议，其中110个有完整Rust到Lean管道
• Uses Hax tool for Rust-to-Lean translation, ensuring consistency between implementation and proofs. 使用Hax工具实现Rust到Lean的翻译，确保实现与证明的一致性
• All bounds systematically cross-referenced against sources like IETF RFCs, NIST standards, and academic papers. 所有安全界限均与IETF RFCs、NIST标准和学术论文等来源系统交叉引用
• Some proofs ported from SSProve and EasyCrypt; most are independent formalizations without prior machine-checking. 部分证明从SSProve、EasyCrypt等工具移植，多数为独立形式化无先前机器检查
• Developed in two months vs. traditional months of expert effort, accelerated by GenAI assistance. 开发仅用两个月，相比传统数月专家工作大幅提速，得益于GenAI辅助
• Addresses AI hacking, AI-generated software, and post-quantum security challenges via formal methods. 针对AI黑客能力提升、AI生成软件爆炸和后量子过渡等安全挑战，推动形式化方法应用

Fri

2026-03-27

zk-autoresearch implementation on Plonky3 OSS

@realbarnakiss AI Rust NTT

@realbarnakiss implemented zk-autoresearch on the Plonky3 ZK prover, using AI agents to optimize NTT implementation, achieving ~3% speedup. @realbarnakiss 基于Karpathy的autoresearch循环，在Plonky3 ZK证明器上实现了zk-autoresearch，通过AI代理优化NTT实现，提升性能约3%。

Key Points: 要点：

• First application of autoresearch pattern to a production ZK prover, Plonky3 基于Karpathy的autoresearch模式，首次应用于生产级ZK证明器Plonky3
• AI agents analyzed Rust and Montgomery arithmetic to find redundancies in expert-optimized code AI代理通过分析Rust和Montgomery算术，在专家优化代码中发现冗余操作
• Optimizations targeted NTT inner loop: precomputing products, hoisting broadcasts, skipping multiplications by 1 优化聚焦于NTT实现的内循环，包括预计算乘积、提升广播和跳过乘1操作
• 74 iterations yielded 6 improvements and 57 regressions, all changes verified as mathematically equivalent 实验运行74次迭代，产生6次改进和57次回归，所有更改经数学等效验证
• Safety ensured via end-to-end ZK proof generation and verification, soundness review pending 安全性通过端到端ZK证明生成和验证确保，Plonky3工程师的健全性审核待定
• Round 2 planned to fix issues, full code and findings to be open-sourced 计划第二轮实验修复已知问题，完整代码和结果将开源

Thu

2026-03-26

Two-Party BBS+ Signature in Two Passes Paper

Xiaofei Wu anonymous credentials

Wu et al. proposed a two-pass two-party BBS+ signing protocol in their paper, reducing communication to 0.85KB (about 27% of prior work) while maintaining efficient computation, making it suitable for lightweight anonymous credential systems. Wu等人在论文中提出了一种两轮两方BBS+签名协议，将通信开销降至0.85KB，比现有最优方案减少约73%，同时保持高效计算性能，适用于轻量级匿名凭证系统。

Key Points: 要点：

• BBS+/BBS signatures are key for anonymous credentials and privacy-preserving authentication, with increasing standardization and deployment. BBS+/BBS签名是匿名凭证和隐私认证的关键组件，正被标准化和广泛应用
• Existing threshold designs require at least three rounds and multi-kilobyte communication in two-party settings. 现有阈值方案在两方设置中至少需要三轮交互和数千字节通信
• New protocol uses only two passes with 0.85KB per signature, about 27% of the most bandwidth-efficient prior work (S&P'25). 新协议仅需两轮交互，每签名通信0.85KB，比S&P'25方案减少约73%
• Competitive signing times (~62ms for one party, ~46ms for the other), efficient even for large message vectors (e.g., ℓ=500). 签名时间高效（一方约62ms，另一方约46ms），支持大消息向量（如500条）
• Full simulation-based security proof in the standard real-ideal paradigm ensures protocol security. 基于标准实理想范式的模拟安全证明，确保协议安全性
• Naturally generalizable to 2-out-of-n threshold settings, enhancing flexibility and practical deployment appeal. 可自然扩展至2-out-of-n阈值设置，增强系统灵活性和部署吸引力

Wed

2026-03-25

A Universal Blinder: One-round Blind Signatures from FHE Paper

Dan Boneh Blind Signature FHE

Boneh and Kim propose a universal compiler in their paper, converting any signature scheme into a one-round blind signature scheme using FHE and ZKP to ensure unforgeability and blindness while maintaining backward compatibility. Boneh和Kim在论文中提出了一种通用编译器，可将任何签名方案转化为单轮盲签名方案，利用FHE和ZKP确保不可伪造性和盲性，并保持向后兼容性。

Key Points: 要点：

• Proposes a universal compiler converting any signature scheme to a one-round blind signature scheme 提出通用编译器，将任意签名方案转化为单轮盲签名方案
• Uses FHE and ZKP to ensure unforgeability and blindness 利用FHE和ZKP确保方案的不可伪造性和盲性
• Blind signature format matches underlying scheme for backward compatibility 盲签名格式与底层签名方案相同，实现向后兼容性
• Offers three compiler variants based on workload distribution between client and signer 提供三种编译器变体，主要区别在于客户端、签名方或双方的工作量分配
• Introduces new concept of committed verifiable FHE where verifier doesn't see circuit in clear 引入新概念“承诺可验证FHE”，验证者无需明文查看电路
• Has significant potential in public-key cryptography applications 该方案在公共密钥密码学领域具有重要应用潜力

Tue

2026-03-24

NI-DKG: Non-Interactive Distributed Key Generation Using Blockchain and Zero-Knowledge Proofs Paper

Alex Kampa DKG Smart Contract

Kampa et al. proposed a non-interactive DKG protocol, NI-DKG, in their paper, using ZK proofs to eliminate dispute phases and leveraging blockchain as a coordination layer, simplifying key generation. Kampa等人在论文中提出了一种非交互式DKG协议NI-DKG，通过ZK证明消除争议阶段，利用区块链作为协调层，简化了密钥生成流程。

Key Points: 要点：

• NI-DKG uses ZK proofs to ensure contribution correctness, eliminating dispute phases in traditional DKG NI-DKG通过ZK证明确保贡献正确性，消除传统DKG中的争议阶段，提升安全性
• Relies on Shamir secret sharing, Feldman commitments, hashed ElGamal, and Chaum-Pedersen proofs 协议依赖标准原语：Shamir秘密共享、Feldman承诺、哈希ElGamal加密和Chaum-Pedersen证明
• Uses smart-contract blockchains as timed public bulletin boards for non-interactive coordination 利用智能合约区块链作为定时公共公告板，实现非交互式协调，简化协议流程
• Provides EVM-compatible implementation with circuit specs for key generation and threshold decryption 提供EVM兼容链的实现框架，包括密钥生成、阈值解密和可选密钥披露的电路规范
• Discusses EVM verifier constraints on public inputs and solutions 讨论EVM验证器对公共输入数量的限制，并概述应对方法
• On-chain zk-SNARK verification improves trustworthiness and attack resistance 通过zk-SNARK链上验证，增强协议的可信度和抗攻击能力

Mon

2026-03-23

Earpicks: Tightly Secure Two-Round Multi- and Threshold Signatures Paper

Renas Bacho Multi-Signatures

Bacho and Chen proposed Earpick-MS, Earpick-TS, and Earpick-muMS in their paper, achieving tightly secure two-round multi- and threshold signatures over pairing-free cyclic groups with improved compactness. Bacho和Chen在论文中提出了Earpick-MS、Earpick-TS和Earpick-muMS三种签名方案，实现了无配对循环群上的紧致安全两轮多重签名和阈值签名，显著提升了签名紧凑性。

Key Points: 要点：

• Earpick-MS reduces signature size to three field elements and one bit, ~3.5x smaller than T-Spoon. Earpick-MS将签名大小缩减至三个域元素和一个比特，比T-Spoon缩小约3.5倍
• Earpick-TS is the first pairing-free two-round threshold signature scheme with tight security proof. Earpick-TS是首个无配对两轮阈值签名方案，具备紧致安全性证明
• Supports key aggregation, enabling multiple public keys to combine into a single aggregate key. 方案支持密钥聚合，允许多个公钥合并为单个聚合公钥
• Implemented over pairing-free cyclic groups for improved efficiency and deployability. 在无配对循环群上实现，提升了实际部署效率和适用性
• Earpick-muMS variant maintains tight security in multi-user setting with compact signatures. Earpick-muMS变体在多用户设置中保持紧致安全性和紧凑签名大小
• Addresses limitations of existing tightly secure schemes with large signatures or more rounds. 解决了现有紧致安全方案签名过大或交互轮次过多的问题

Sat

2026-03-21

S-two Whitepaper Paper

Dan Carmon Circle STARK Flat AIR

Carmon et al. proposed S-two, a circle STARK over the Mersenne prime field, formalizing the flat AIR circuit model and providing in-depth security analysis of proof of proximity, highlighting cross-domain correlated agreement. Carmon等人在论文中提出了S-two，一种基于梅森素数域的circle STARK，形式化了flat AIR电路模型并深入分析了其邻近证明的安全性，强调了跨域相关协议的重要性。

Key Points: 要点：

• S-two is a circle STARK implementation over the Mersenne prime field (modulus p=2^31-1) S-two是基于梅森素数域（模数p=2^31-1）的circle STARK实现
• Formalizes the flat AIR circuit model used by modern ZK virtual machines 形式化了flat AIR电路模型，这是现代零知识虚拟机常用的算术化范式
• Provides in-depth security analysis of proof of proximity for flat AIRs 深入分析了flat AIR邻近证明的安全性，特别关注多表证明的可靠性误差控制
• Highlights importance of cross-domain correlated agreement for multi-table proofs 强调了跨域相关协议概念对多表证明的重要性
• Shows multi-table circle FRI satisfies this notion up to Johnson bound 展示了多表circle FRI满足Johnson界内的相关协议要求
• Discusses conjectures on list-decodability and line-decodability of Reed-Solomon codes 讨论了Reed-Solomon码列表可解码性和线可解码性的两个合理猜想

Fri

2026-03-20

SoK: Understanding zkVM: From Research to Practice Paper

Yunbo Yang zkVM zkML

Yang et al. conducted a systematization of knowledge on zkVMs in their paper, decomposing them into ISA, VM, and proving layers, and evaluated representative systems for performance, scalability, and usability. Yang等人在论文中对zkVM进行了系统化研究，将其分解为ISA、VM和证明三层，并评估了代表性系统的性能、可扩展性和可用性。

Key Points: 要点：

• zkVM is a key infrastructure for proving program execution correctness, widely used in blockchain rollups, privacy-preserving ML, and off-chain computation. zkVM作为证明程序执行正确性的基础设施，在区块链Rollup、隐私保护机器学习和链下计算中广泛应用
• Existing zkVMs have heterogeneous designs in instruction formats, trace layouts, and proving backends, making system relationships hard to understand. 现有zkVM在指令格式、执行轨迹布局和证明后端上存在异构设计，导致系统关系难以理解
• Proposes a three-layer decomposition: ISA layer for instruction semantics, VM layer for program execution, and proving layer for final proof generation. 论文提出三层分解框架：ISA层定义指令语义，VM层捕获程序执行，证明层生成最终证明
• Conducted comprehensive experimental evaluation of representative zkVMs using this framework to analyze design impacts on performance, scalability, and usability. 通过分层框架对代表性zkVM进行了全面的实验评估，分析设计选择对性能、可扩展性和可用性的影响
• Summarized key observations and outlined potential directions for zkVM design and implementation. 总结了主要观察结果，并展望了zkVM设计和实现的潜在发展方向
• Bridges the gap between theory and practice, offering insights for standardization and optimization of zkVMs. 研究有助于弥合理论与实践的差距，为zkVM的标准化和优化提供参考

Thu

2026-03-19

Human-Extractable ZK Proofs of Knowledge: A Solution to Dark DAOs Paper

Zeyuan Yin Dark DAO CAPTCHA

Yin et al. proposed a human-extractable ZK proof of knowledge (HE-ZKPoK) protocol in their paper, using CAPTCHA puzzles to defend against Dark DAO vote-buying attacks without specialized hardware. Yin等人在论文中提出了一种人类可提取的ZK知识证明（HE-ZKPoK）协议，通过结合CAPTCHA谜题来防御Dark DAO的投票购买攻击，无需依赖专用硬件。

Key Points: 要点：

• Dark DAO uses MPC or TEE for key encumbrance to enable automated vote-buying, attacking inalienable authentication in remote e-voting Dark DAO利用MPC或TEE进行密钥约束，实现自动化投票购买，攻击远程电子投票系统的不可剥夺认证
• Existing defenses rely on TEE or ASIC, difficult to deploy on blockchain 现有防御方案依赖TEE或ASIC，难以在区块链上部署
• HE-ZKPoK protocol forces prover to solve human-extractable CAPTCHA puzzles and complete standard ZKPoK HE-ZKPoK协议要求证明者解决人类可提取的CAPTCHA谜题并完成标准ZK知识证明
• Any human can extract witness by looking at prover's CAPTCHA queries and puzzles 任何人类实体仅通过查看证明者的CAPTCHA查询和关联谜题即可提取见证
• Assuming humans cannot encumber secrets, vote-selling exposes private key, deterring vote-buying 假设人类无法约束秘密，如果选民出售选票，其私钥将完全暴露，从而阻止投票购买
• Provides hardware-free alternative solution to Dark DAO 该方案为Dark DAO提供了一种无需专用硬件的替代解决方案

Wed

2026-03-18

powdr-wasm OSS

powdr labs crush ISA WASI

@powdr_labs has open-sourced powdr-wasm, an optimized zkVM for WASM built on @openvm_org and the crush ISA, with early benchmarks showing 1.5x fewer trace cells and faster proof times compared to RISC-V (OpenVM), and support for Go guests via WASI. @powdr_labs 团队开源了powdr-wasm，这是一个基于@openvm_org和crush ISA优化的zkVM，早期基准测试显示相比RISC-V（OpenVM）减少1.5倍追踪单元并提升证明速度，同时支持通过WASI运行Go程序。

Key Points: 要点：

• powdr-wasm is a zkVM optimized for WASM, built on OpenVM and the crush ISA powdr-wasm是基于OpenVM和crush ISA构建的zkVM，专为WASM优化
• Early benchmarks show 1.5x fewer trace cells and faster proof times vs. RISC-V (OpenVM) 早期基准测试显示，相比RISC-V（OpenVM），追踪单元减少1.5倍，证明时间更快
• Supports Go guests via WASI, expanding zkVM use cases 支持通过WASI运行Go程序，扩展了zkVM的应用场景
• Aims to improve performance and efficiency of zkVM in WASM environments 该项目旨在提升zkVM在WASM环境下的性能和效率
• Open-source release facilitates community involvement and further optimization 开源发布有助于社区参与和进一步优化
• Combines WASM and ZKP technologies to advance zero-knowledge proofs in WebAssembly ecosystems 结合WASM和ZKP技术，推动零知识证明在WebAssembly生态系统中的应用

Fri

2026-03-13

ZK API Usage Credits: LLMs and Beyond Blog

Davide Crapis RLN

Davide Crapis and Vitalik Buterin discuss a ZK API usage credit protocol in their blog, addressing privacy, security, and efficiency in API metering, especially for LLM inference. Davide Crapis 和 Vitalik Buterin 在博客中讨论了ZK API使用信用协议，旨在解决API计量中的隐私、安全和效率问题，特别适用于LLM推理等场景。

Key Points: 要点：

• API metering struggles to balance privacy, security, and efficiency; Web2 auth and on-chain payments fall short. API计量在隐私、安全和效率间难以平衡，传统Web2认证和链上支付各有不足。
• Uses RLN for anonymous deposits and anti-abuse, preventing spam and double-spending. 提出用RLN实现匿名充值和反滥用，防止垃圾请求和双花。
• Enables variable-cost APIs; users prove solvency and privacy via refund tickets and ZK proofs. 支持可变费用API，用户通过退款票据和ZK证明展示余额，同时保护隐私。
• Dual staking enforces policy: servers can penalize but not profit, ensuring transparency. 引入双重质押，违反政策时服务器可惩罚但无法获利，提升透明度。
• Considers homomorphic encryption to optimize refunds and simplify client/ZK logic. 探讨同态加密优化退款累积，简化客户端数据和ZK电路。

Thu

2026-03-12

Lookup Arguments over Rings and Applications to Batch-Verification of RAM Programs Paper

Jonathan Bootle Rings

Bootle et al. proposed ring-based lookup arguments in their paper, extending Plookup and LogUp protocols for batch verification of RAM programs, addressing compatibility in post-quantum schemes. Bootle等人在论文中提出了基于环的查找参数，扩展了Plookup和LogUp协议，并应用于RAM程序的批量验证，解决了后量子方案中的兼容性问题。

Key Points: 要点：

• Existing lookup arguments are field-based, incompatible with ring-based post-quantum lattice schemes. 现有查找参数基于域设计，与基于环的后量子格方案不兼容
• Systematic security issues arise when translating field techniques to rings; some known arguments are vulnerable. 将域技术迁移到环时存在系统性安全问题，部分已知参数易受攻击
• Extend Plookup and LogUp polynomial IOPs to ring R=Zq[X]/(Xd+1). 扩展Plookup和LogUp多项式IOP到环R=Zq[X]/(Xd+1)
• Combine with lattice-based polynomial commitments for succinct lattice-based lookup arguments. 结合基于格假设的多项式承诺，构建简洁的格基查找参数
• Apply ring lookups for batch verification of RAM updates with arbitrary ring elements. 应用环查找参数实现RAM更新的批量验证，支持任意环元素
• Provides key components for post-quantum ZK systems, improving efficiency for arithmetization-unfriendly operations. 为后量子ZK证明系统提供关键组件，提升算术不友好操作效率

Wed

2026-03-11

New Plonky3 release just dropped News

Robin Salen Plonky3 STARK

Robin Salen announced a new Plonky3 release with faster lookups, high-arity folding, N-ary Merkle trees and caps, Poseidon2 optimizations, and Poseidon1 support. Robin Salen宣布Plonky3发布新版本，包含更快的查找、高元折叠、N元Merkle树和Merkle caps、Poseidon2优化及Poseidon1支持等多项改进。

Key Points: 要点：

• New Plonky3 release, described as the most impactful and ambitious so far Plonky3新版本发布，号称最具影响力和雄心勃勃的版本
• Includes much faster lookups for improved performance 包含更快的查找功能，提升整体性能
• Introduces high-arity folding to optimize proof generation 引入高元折叠技术，优化证明生成
• Supports N-ary Merkle trees and Merkle caps for enhanced data structures 支持N元Merkle树和Merkle caps，增强数据结构
• Major optimizations for Poseidon2 and adds Poseidon1 support 对Poseidon2进行重大优化，并支持Poseidon1
• Additional improvements included, with details to be broken down 还包括其他多项改进，具体细节待进一步分解

Tue

2026-03-10

Zolt OSS

MatteoMer Zig Jolt

@MatteoMer released Zolt, a Zig-based zkVM prover generating proofs verifiable by the a16z/jolt verifier, with zero dependencies and all cryptography implemented from scratch. @MatteoMer 发布了Zolt开源项目，这是一个用Zig语言实现的zkVM证明器，生成可被a16z/jolt验证器验证的证明，无需依赖外部库，所有密码学操作均从零实现。

Key Points: 要点：

• Zolt is experimental and unaudited; not for production use. Zolt是一个实验性项目，未经审计，不建议用于生产环境
• Generates ZK proofs for RISC-V ELF binaries, verifiable by upstream Jolt verifier. 支持生成RISC-V ELF二进制文件的ZK证明，验证兼容上游Jolt验证器
• Zero dependencies and FFI; all cryptography implemented from scratch using Zig stdlib. 零依赖和零FFI，所有密码学（如域运算、配对、MSM、多项式承诺）均用Zig标准库实现
• CLI includes proof generation, emulator run, and examples (e.g., Fibonacci, prime counting). 提供CLI工具，包括证明生成、模拟运行和示例程序（如斐波那契、素数计算）
• Benchmarks show faster than Jolt (Rust) on some programs, slower on complex ones like prime counting. 性能基准显示，在部分程序上比Jolt（Rust）更快，但复杂程序如素数计算较慢
• Clear project structure with modules for field arithmetic, polynomial commitments, Sumcheck, etc., aiding extensibility and audit. 项目结构清晰，包含字段运算、多项式承诺、Sumcheck协议等模块，便于扩展和审计

Sun

2026-03-08

Icefish: Practical zk-SNARKs for Verifiable Genomics Paper

Alexander Frolov Genomics CRISPR

Frolov et al. proposed Icefish in their paper, conducting the first systematic study of zk-SNARKs for verifiable genomics, including building blocks like sequence alignment, and exploring two end-to-end applications: verifiable GWAS and CRISPR eligibility verification. Frolov等人在论文中提出了Icefish，首次系统研究zk-SNARK在可验证基因组学中的应用，包括序列比对等基础构建块，并探索了可验证全基因组关联研究和CRISPR资格验证两个端到端应用。

Key Points: 要点：

• First systematic study of zk-SNARKs for verifiable genomics, addressing a gap in the field 首次系统研究zk-SNARK在可验证基因组学中的应用，填补了该领域空白
• Developed zero-knowledge proofs for sequence alignment, 30x faster than prior art 开发了序列比对的零知识证明，速度比现有技术快30倍
• Implemented verifiable GWAS ensuring data integrity and computational correctness with <20 min proving time 实现了可验证全基因组关联研究，确保数据完整性和计算正确性，证明时间小于20分钟
• Proposed new zk-SNARK use case in gene engineering (e.g., CRISPR) for therapy eligibility verification without revealing DNA 提出了zk-SNARK在基因工程（如CRISPR）中的新应用场景，用于验证治疗资格而不泄露DNA序列
• Designed storage-efficient indexes for large-scale genomic data, asymptotically reducing costs 设计了适用于大规模基因组数据的高效存储索引，渐近降低存储成本
• Focuses on privacy and verification needs for highly sensitive genomic data 重点关注基因组数据这一高度敏感信息的隐私保护需求

Sat

2026-03-07

Lattice HD Wallets: Post-Quantum BIP32 Hierarchical Deterministic Wallets from Lattice Assumptions Paper

Conor Deegan ML-DSA Raccoon-G

Deegan et al. proposed two post-quantum HD wallet constructions in their paper, recovering BIP32's public key derivation functionality based on lattice assumptions, including schemes using ML-DSA and Raccoon-G. Deegan等人在论文中提出了两种后量子HD钱包构造，基于格假设恢复BIP32的公钥派生功能，包括使用ML-DSA和Raccoon-G的方案。

Key Points: 要点：

• Two post-quantum HD wallet constructions recovering BIP32 public key derivation based on lattice assumptions 提出两种后量子HD钱包构造，基于格假设恢复BIP32公钥派生功能
• First uses ML-DSA for hardened derivation with proofs of unlinkability and unforgeability 第一种使用ML-DSA支持硬化派生，证明不可链接性和不可伪造性
• Second uses Raccoon-G variant enabling non-hardened public key derivation via Gaussian-distributed secrets 第二种使用Raccoon-G变体，通过高斯分布秘密实现非硬化公钥派生
• Modified Raccoon-G to publish full unrounded public keys preserving linearity 修改Raccoon-G以发布完整未舍入公钥，保持线性特性
• Proved unlinkability and unforgeability under standard lattice assumptions 证明在标准格假设下的不可链接性和不可伪造性
• Introduced method for generating rerandomizable Raccoon-G key pairs from fixed randomness 引入从固定随机性生成可重随机化Raccoon-G密钥对的方法

Thu

2026-03-05

Collaborative Incrementally Verifiable Computation Paper

Eden Aldema Tshuva CoSNARK IVC

Tshuva et al. proposed collaborative incrementally verifiable computation in their paper, enabling multiple parties to jointly update succinct proofs during streaming computations with reduced overhead. Tshuva等人在论文中提出协作增量可验证计算，允许多方在流式计算中联合更新简洁证明，显著降低内存和通信开销。

Key Points: 要点：

• Existing collaborative zkSNARKs suffer from high memory/communication overhead and lack updatability. 现有协作zkSNARK面临内存和通信开销大、缺乏可更新性等瓶颈
• New scheme allows multiple parties to jointly update proofs at each step of streaming computation. 新方案支持多方在流式计算中每一步联合更新证明，避免从头重算
• Constant communication overhead per step (with broadcast) and memory scaling with single step. 每步计算仅需常数通信开销和单步内存开销
• Applicable to privacy-preserving healthcare data aggregation, audits, and joint ML models. 适用于隐私医疗数据聚合、隐私审计和联合机器学习等应用
• Integrates IVC, folding, and MPC techniques to improve efficiency for large-scale datasets. 结合IVC、折叠和MPC技术，提升大规模数据集处理效率
• Breaks scalability barriers of collaborative proofs, enabling practical deployment. 突破现有协作证明的扩展性限制，支持实际应用部署

Wed

2026-03-04

Unfaithful Claims: Breaking 6 zkVMs Blog

Himanshu Sheoran Fiat-Shamir

Himanshu Sheoran and Valter Wik expose security flaws in six zkVM systems due to unbound claim data in Fiat-Shamir transcripts, enabling attackers to bypass cryptographic verification and prove impossible statements. Himanshu Sheoran和Valter Wik在博客中揭示了六个zkVM系统的安全漏洞，这些漏洞源于Fiat-Shamir转录中未绑定声明数据，允许攻击者绕过密码学验证，证明数学上不可能的陈述。

Key Points: 要点：

• Flaws arise from unbound claim data in Fiat-Shamir transcripts, making challenges independent of values like claimed_sum. 漏洞源于Fiat-Shamir转录中未绑定声明数据，如claimed_sum和opening_claim，导致挑战独立于这些值。
• Attackers can solve linear equations to adjust unbound values, passing verification for invalid executions. 攻击者可通过线性方程求解调整未绑定值，使验证通过，即使执行无效。
• Affected systems: Jolt, Nexus, Cairo-M, Ceno, Expander, Binius64. 受影响系统包括Jolt、Nexus、Cairo-M、Ceno、Expander和Binius64。
• In blockchain, this could create assets out of thin air. 在区块链场景中，此漏洞可能导致凭空创造资产。
• Fix requires absorbing all verification-affecting values into transcript before challenge generation. 修复需确保影响验证的值在挑战生成前被吸收到转录中。
• Jolt fixed via PR #981 on Oct 3, 2025; status of others unclear. Jolt已于2025年10月3日修复，其他系统状态未明确。

Sun

2026-03-01

The First ZK Exploits Happened, and They Weren't What We Expected Blog

zkSecurity snarkjs Trusted Setup

@zkSecurity analyzes recent ZK circuit exploits in a blog post, attributing them to Groth16 verifier setup errors where missing Phase 2 contributions cause identical γ and δ parameters, enabling proof forgery. @zkSecurity 在博客中分析了近期两起针对ZK电路的攻击事件，指出它们源于Groth16验证器设置错误，即缺少第二阶段贡献，导致验证密钥中的γ和δ参数相同，从而允许伪造证明。

Key Points: 要点：

• Both exploits stem from Groth16 verifier setup errors in snarkjs, where missing Phase 2 contributions leave γ and δ parameters identical. 两起攻击均因snarkjs生成的Groth16验证器设置错误，缺少第二阶段贡献，使γ和δ参数相同
• Losses: ~$1.5M and 5 ETH, discovered by white-hat hackers to prevent malicious attacks. 攻击导致约150万美元和5 ETH损失，由白帽黑客发现
• Root cause: snarkjs sets γ and δ to the same generator point when initializing zkey 根源：snarkjs在初始化zkey时设置γ和δ为相同生成点
• Phase 2 contribution is required to randomize δ 需通过第二阶段贡献随机化δ
• Developers often overlook simple mistakes while focusing on complex parts 开发者常因关注复杂部分而忽略简单错误，
• ZK DSLs are easy to misuse and lack foundational tooling support ZK DSL易误用且缺乏基础工具支持