Daily Digest 每日摘要 View All 查看全部
Vivian Plasencia introduces LeanIMT+, a dynamic Merkle tree for efficient membership and non-membership proofs. Vivian Plasencia在博客中介绍LeanIMT+,结合LeanIMT动态深度与Indexed Merkle Tree低叶技巧,高效支持成员与非成员证明,适用于凭证撤销等场景。
Key Points: 要点:
- • Built for credential revocation proofs. LeanIMT+面向可验证凭证撤销,需要证明凭证未被撤销
- • Combines LeanIMT depth with low-leaf proofs. 结构结合LeanIMT动态深度和Indexed Merkle Tree的low leaf非成员证明
- • Avoids zero hashes by promoting odd nodes. 奇数节点直接提升,不使用zero hashes,减少不必要哈希
- • Leaves store value and nextValue. 叶子存储value与nextValue,按值形成有序链表
- • Leaf hashing is domain-separated. 叶子哈希使用3输入和TAG_LEAF,与内部节点哈希做域分离
- • Dynamic depth cuts ZK costs versus deep SMTs. 2048叶场景下,LeanIMT+避免SMT常见128层固定深度带来的电路成本
Shangguan et al. propose HMT, an ADS that shortens hot-item proofs and lowers update costs for dynamic workloads. Shangguan等人在论文中提出Huffman-Merkle Tree,通过冷热分层、访问频率跟踪与批量迁移优化动态工作负载下的认证数据结构证明与更新成本。
Key Points: 要点:
- • Targets mutable state with shifting access frequencies. HMT面向访问频率不断变化的大规模可变状态
- • Hot items use a Huffman-style layout near the root. 热门项采用Huffman式布局,更靠近根以缩短成员证明
- • Cold and new items stay in a binary Merkle Tree. 冷门和新增元素放入二叉Merkle Tree,降低更新开销
- • Uses count-min sketch and batched layout changes. 系统用count-min sketch跟踪频率,并批量应用布局变化
- • Compares against Ethereum MPT and UBT. 评估对比Ethereum MPT与UBT,关注哈希次数和访问加权证明大小
- • Best policy reports fewer hashes and shorter weighted proofs. 最佳策略相对MPT减少约2.4x哈希操作,证明也更短
Charles Guillemet said Taiko lost about $1.7M after a Raiko SGX signing key was exposed, showing the risk of TEE-based trust. Charles Guillemet指出Taiko约170万美元被盗源于Raiko仓库中暴露的SGX enclave签名key,攻击者可借MrSigner信任路径注册恶意证明者,并凸显有效性证明替代TEE信任的重要性。
Key Points: 要点:
- • enclave-key.pem reportedly appeared in the public Raiko repo. 来源称Raiko公共GitHub仓库中出现enclave-key.pem,即用于签署Taiko SGX enclaves的RSA key
- • The attacker could derive MrSigner and sign a malicious enclave. 攻击思路是从公开key派生MrSigner,签署恶意enclave,并作为受信任证明者注册
- • Matching MrSigner let fake SGX attestations pass the trust path. L1合约信任MrSigner匹配的enclave,伪造SGX attestations后可影响假L2区块相关消息流程
- • processMessage() made messages retriable; retryMessage() skipped proof checks. 帖子称processMessage()将消息置为RETRIABLE,而retryMessage()没有执行证明验证,最终导致资金流出
- • Replies note that accepting debug enclaves was also key. 回复中补充争议点:仅泄露MrSigner可能不足以利用,问题还涉及接受debug enclaves的组合条件
- • The case favors validity proofs over single-key TEE trust. 事件强调单一密钥和TEE运营纪律是脆弱信任根,链上简洁有效性证明可避免此类伪造路径
Londhe et al. proposed a generalized regex-matching ZKP system for ZK Email in their paper, using ε-free NFA path verification with DKIM, SHA-256, and structural regex circuits. Londhe等人在论文中提出面向ZK Email的广义正则匹配ZKP系统,通过ε-free NFA路径验证降低复杂邮件验证开销,并集成DKIM、SHA-256与正则约束电路。
Key Points: 要点:
- • Focuses on anonymized email verification, proving structured properties of DKIM-signed emails without revealing the full message. 论文聚焦匿名邮件验证,允许证明DKIM签名邮件中的结构化属性而不公开完整邮件
- • Uses path verification over ε-free NFAs, with prover complexity linear in the captured path and independent of original email size. 新方案基于ε-free NFA的路径验证,证明者复杂度与捕获路径线性相关,并独立于原始邮件大小
- • Integrates DKIM verification, arbitrary-length SHA-256 under RFC 6376, and a general regex primitive into end-to-end ZK Email circuits. 系统将DKIM签名验证、RFC 6376下任意长度SHA-256电路和通用正则原语整合进端到端ZK Email电路
- • Shows substantial proving-time improvements over DFA-based approaches while supporting richer regex languages. 相较先前DFA方案,实验显示证明时间有显著效率提升,并支持更丰富的正则语言
- • The implementation is integrated with ZK Email, MIT licensed, and evaluated for client-side and zkVM (SP1) deployments. 实现已集成到ZK Email并以MIT许可证发布,覆盖客户端和zkVM(SP1)部署场景
- • Security analysis formalizes zero-knowledge relations under realistic adversary models for email provenance. 安全分析覆盖现实对手模型下的零知识关系和邮件来源证明需求
Microsoft Research introduced Vega, a low-latency ZKP system for proving facts from government credentials with fold-and-reuse proving and device-side privacy. Microsoft Research发布Vega,一种面向政府凭证的低延迟ZKP系统,可在设备端证明年龄、真人或职业状态,并通过折叠与复用实现快速隐私验证。
Key Points: 要点:
- • Vega proves facts such as age, personhood, or professional status without uploading the credential. Vega允许用户证明年龄、真人或职业状态等属性,而不上传政府凭证本身
- • It requires no trusted setup and reports about 92 ms proving, 108 KB proofs, and 23 ms verification for a mobile driver's license. 系统无需可信设置,典型移动驾照场景下约92 ms生成108 KB证明,验证约23 ms
- • NeutronNova folds SHA-256 step instances, while Spartan proves the folded step and core circuits. 通过NeutronNova折叠SHA-256 step instances,并用Spartan证明折叠后的step与core circuits
- • NovaBlindFold adds zero-knowledge with low overhead over a small verifier-check constraint system. NovaBlindFold用于低开销实现零知识,避免在完整秘密数据上承担过高开销
- • Fold-and-reuse proving caches credential work and rerandomizes commitments for unlinkable repeated presentations. fold-and-reuse proving将凭证相关工作缓存并重随机化,使多次出示不可链接且更快
- • Device binding signs a fresh session nonce with a secure-element key to reduce misuse of leaked credentials. 设备绑定要求安全硬件中的设备私钥签名会话nonce,降低凭证泄露后的滥用风险
Zhang et al. systematized PIOP-based SNARKs for general computation in , proposing a unified framework that refines frontend-backend decomposition and integrates lookup arguments and recursive composition. Zhang等人在论文中系统化分析了基于PIOP的SNARKs通用计算方案,提出统一框架,细化前端后端分解,并整合查找参数与递归证明组合。
Key Points: 要点:
- • PIOP combined with PCS is the dominant SNARK paradigm PIOP结合多项式承诺方案(PCS)是主流SNARK范式
- • Proposes a unified framework refining Thaler's frontend-backend decomposition at finer granularity 提出统一框架,细化Thaler的前后端分解为更细粒度组件
- • Incorporates lookup arguments as core components 将查找参数(lookup arguments)作为核心组件整合入框架
- • Integrates recursive proof composition for improved efficiency and applicability 纳入递归证明组合,提升效率和适用性
- • Systematically analyzes component interactions to clarify modern SNARK construction 系统梳理组件间交互,助于理解现代SNARK构造与分析
Arunachalaramanan et al. present a tutorial and survey on private information retrieval (PIR) in their paper, covering various PIR schemes, their extensions, efficiency comparisons, and guidance for practical deployment. Arunachalaramanan等人在论文中撰写了关于私有信息检索(PIR)的教程与综述,介绍了多种PIR方案及其扩展,并比较了不同范式的实际效率,为选择方案和探索高级主题提供指导。
Key Points: 要点:
- • PIR enables private database retrieval without revealing which entry is accessed. PIR允许用户从公开数据库检索条目而不泄露检索目标
- • Covers IT-secure, computational, single-/multi-server, and preprocessing models. 综述覆盖了信息论安全、计算安全、单服务器及多服务器等不同设定
- • Extensions for keyword and batch queries are introduced. 介绍了支持关键词查询和批量查询的PIR扩展
- • Efficiency comparisons and selection guidance provided for different paradigms. 分析了不同PIR范式的具体效率,帮助读者根据需求选择方案
- • Discusses practical applications of PIR. 讨论了PIR的实际应用场景
- • Serves as an introduction for readers new to the field and a springboard for advanced topics. 旨在帮助初学者理解当前研究格局并迈向更高级话题
Castejon-Molina et al. proposed a cryptographic collateralized loan protocol without smart contracts in their paper, introducing VGES to encrypt signatures on a graph, ensuring decryption only after repayments along valid paths, compatible with Bitcoin. Castejon-Molina等人在论文中提出无需智能合约的加密抵押贷款协议,引入新原语VGES,用于图加密签名,确保只有在完成图中路径对应的还款后才能解密签名,支持比特币等有限脚本区块链。
Key Points: 要点:
- • Proposes a cryptographic collateralized loan protocol for limited‑scripting blockchains (e.g., Bitcoin) without smart contracts. 提出面向有限脚本区块链(如比特币)的抵押贷款密码协议,无需智能合约。
- • Introduces VGES, a new primitive to encrypt signatures on a graph, ensuring decryption only after valid repayment paths. 引入新原语VGES(可验证图加密签名),确保签名仅在图路径还款完成后解密。
- • Relies on oracles but uses only basic on‑chain transactions, enabling wide compatibility. 协议依赖预言机,但利用链上基本交易实现逻辑,兼容性广。
- • Provides two constructions with trade‑off between on‑chain transaction count and off‑chain computation. 给出两种构造,提供链上交易数量与链下计算开销的权衡。
- • Implementation shows efficiency on commodity hardware, deployable on Bitcoin‑like chains. 实现评估显示在普通硬件上均高效,可部署于比特币等链。
- • Extends the possibility of contract‑free, cross‑chain cryptographic lending. 纯密码学方法扩展了跨链无合约借贷的可能性。
Lai and Maino, in their paper, propose efficient zkSNARK for isogeny-based cryptography using optimized Vélu formulas and theta model to encode various isogeny relations in R1CS, with applications to DeuringVRF signatures, SQISign, and POKÉ key validation, removing extra assumptions. Lai和Maino在论文中提出了面向同源密码的高效zkSNARK方案,通过优化Vélu公式和theta模型为多种同源关系提供R1CS编码,并展示了在DeuringVRF签名、SQISign和POKÉ密钥验证中的应用,移除了额外安全假设。
Key Points: 要点:
- • Existing ZKP for isogenies limited to small-degree chains, inefficient. 现有同源密码的ZKP局限于小次数同源链,效率低
- • Provide efficient R1CS for - and -isogenies and masked evaluations via optimized Vélu formulas. 利用优化的Vélu公式为 - 和 -同源及其掩码求值提供高效 R1CS 编码
- • Design R1CS for non-smooth isogenies of special degrees using theta model. 基于theta模型为特殊度数非光滑同源设计R1CS
- • Compiler removes 'one-more' evaluation assumption in DeuringVRF signatures. 构建编译器消除DeuringVRF签名中的“one-more”求值假设
- • Eliminate hint-based assumption in SQISign; conceptual key validation for POKÉ. 移除SQISign的提示假设,并概念性设计POKÉ密钥验证机制
- • Experimental proof sizes around 400 KB under NIST-1 primes. 实验显示在NIST-1素数下证明大小约400 KB