Beneath privacy
and decentralization

We use cryptography to solve real-world problems and to promote security and privacy in digital communication.

Cryptographic innovation & real-world applications

We believe that diversity of expertise is key to tackling complex challenges, and that cross-disciplinary collaboration is essential to driving meaningful innovation.

Our Cryptography Research team works closely with our external partners and engages in continuous internal research across several domains.

Cryptography protocols

Decentralized identity, verifiable credentials

Sybil and white-labeling resistance

Consensus design

Zero-knowledge proofs: security analysis & new schemes

Distributed Validator Technology (DVT)

Cryptography protocols
Decentralized identity, verifiable credentials
Sybil and white-labeling resistance
Consensus design
Distributed Validator Technology (DVT)
Zero-knowledge proofs: security analysis & new schemes

Decentralized identity, Sybil resistance, and a quality operator set

Our research is helping the Lido DAO transition from a permissioned staking service into a permissionless one.

The problem

Lido is a liquid staking protocol that converts ETH to a liquid token and stakes the funds on the Beacon Chain. It relies on external parties, called operators, for validators. Operator candidates must currently be approved by the Lido DAO through a voting process, granting the DAO a great deal of power. Ideally, the onboarding process should be permissionless without input from the DAO.

The solution

Phase 1 of our project focused on systematizing knowledge for decentralized identity and verifiable credential schemes. We looked at classical results, academic research, and projects that aim to implement these primitives, with special attention given to projects from the Web3 space. In the following phases, we will address:

Sybil and White-label Resistance: To preserve decentralization and remove any single points of failure preventing any one operator from controlling too much staked funds is crucial. We will design a mechanism that makes it difficult for a party to onboard multiple operators without disclosing that the operators are connected, or to run the operator through a white-label operator without running the operator themselves.

Reputation system: Onboarded operators are paid for performing their duties. A reputation system is needed to trace the operators’ performance, measure how much they contribute to the quality of the operators’ set, and pay rewards accordingly.

Permissionless operators onboarding: We will design a decentralized system to permissionlessly onboard operators. The system will verify their credentials, such as who they are and whether they can perform the necessary tasks, using web3 primitives such as oracles, token-curated assets, and prediction markets.

The problem

Lido is a liquid staking protocol that converts ETH to a liquid token and stakes the funds on the Beacon Chain. It relies on external parties, called operators, for validators. Operator candidates must currently be approved by the Lido DAO through a voting process, granting the DAO a great deal of power. Ideally, the onboarding process should be permissionless without input from the DAO.

The solution

Phase 1 of our project focused on systematizing knowledge for decentralized identity and verifiable credential schemes. We looked at classical results, academic research, and projects that aim to implement these primitives, with special attention given to projects from the Web3 space. In the following phases, we will address:

Sybil and White-label Resistance: To preserve decentralization and remove any single points of failure preventing any one operator from controlling too much staked funds is crucial. We will design a mechanism that makes it difficult for a party to onboard multiple operators without disclosing that the operators are connected, or to run the operator through a white-label operator without running the operator themselves.

Reputation system: Onboarded operators are paid for performing their duties. A reputation system is needed to trace the operators’ performance, measure how much they contribute to the quality of the operators’ set, and pay rewards accordingly.

Permissionless operators onboarding: We will design a decentralized system to permissionlessly onboard operators. The system will verify their credentials, such as who they are and whether they can perform the necessary tasks, using web3 primitives such as oracles, token-curated assets, and prediction markets.

Private smart contracts

A research project that Nethermind is currently conducting with Cardinal Cryptography.

The problem

Aleph Zero is a layer 1 blockchain built by Cardinal Cryptography that aims to provide a general framework for private smart contracts operating on their private states. While secure multi-party computation (MPC) theoretically enables this, in practice, MPC alone is highly inefficient. For instance, a practical design would require only using it for a very specific part of the entire computation and verifying the rest using Zero-Knowledge Proofs.

The solution

In this joint project with Cardinal Cryptography, we explore how to combine multi-party computation (MPC) and zero-knowledge proofs (ZKP) in a way that results in an efficient cryptographic solution. Our learnings have been applied to build a novel DEX design called COMMON, which addresses user privacy and price inefficiency challenges.

The problem

Aleph Zero is a layer 1 blockchain built by Cardinal Cryptography that aims to provide a general framework for private smart contracts operating on their private states. While secure multi-party computation (MPC) theoretically enables this, in practice, MPC alone is highly inefficient. For instance, a practical design would require only using it for a very specific part of the entire computation and verifying the rest using Zero-Knowledge Proofs.

The solution

In this joint project with Cardinal Cryptography, we explore how to combine multi-party computation (MPC) and zero-knowledge proofs (ZKP) in a way that results in an efficient cryptographic solution. Our learnings have been applied to build a novel DEX design called Common, which addresses user privacy and price inefficiency challenges.

Our research collaboration with Nethermind on private smart contracts is a big success. The team brought academic-level math skills and a profound understanding of the blockchain domain to the project, which is a rare and impressive combination.

Adam Gagol

CTO and CO-Founder, Aleph Zero

Concrete security analysis of zkSNARKs

zkSNARKS have received increasing interest in the last few years because of their practical implications in designing efficient, secure, and privacy-preserving proof systems. However, there is a trade-off between security and communication, proof generation, and proof verification complexity - often resolved to the detriment of security.

We analyzed the security of zkSNARKs used in the Ethereum ecosystem, specifically to secure zk rollups. We found that some zkSNARKs do not meet the reference value of 128 bits of security and are much less secure. The reduction of security was possible due to our sound understanding of theoretical cryptography, which allowed us to design attacks that are significantly more efficient than those considered by zkSNARKs’ authors.

Distributed Validator Technology (DVT)

Distributed Validator Technology (DVT) is a system that enables an Ethereum validator, responsible for proposing a block or attesting on a proposed block, to operate across multiple computers instead of just one. This approach increases security and reliability. In simple terms, if t or less computers get hacked, the attackers won't be able to sign messages or steal the validator's secret keys. Moreover, if more than t computers are functioning correctly, they can work together to perform the validator's tasks and sign transaction blocks securely. This research addresses critical aspects of security, decentralization, and reliability within the Ethereum protocol.

Our team has broad expertise on DVT building blocks such as distributed key generation (DKG), threshold signature schemes (TSSs), and consensus algorithms.

Distributed Key Generation (DKG) protocols

Allow mutually distrusting parties to jointly generate a signing key. Each party holds only a share of the key, and at least t out of n parties are needed to sign a message.

Read more

Threshold Signature Schemes (TSS)

Allow parties to perform the signing operation without revealing the secret signing key.

Read more

Consensus algorithms

Enable parties to agree on the block they will sign.

Read more

Distributed Validator Technology (DVT)

Distributed Validator Technology (DVT) is a system that enables an Ethereum validator, responsible for proposing a block or attesting on a proposed block, to operate across multiple computers instead of just one. This approach increases security and reliability. In simple terms, if t or less computers get hacked, the attackers won't be able to sign messages or steal the validator's secret keys. Moreover, if more than t computers are functioning correctly, they can work together to perform the validator's tasks and sign transaction blocks securely. This research addresses critical aspects of security, decentralization, and reliability within the Ethereum protocol.

Our team has broad expertise on DVT building blocks such as distributed key generation (DKG), threshold signature schemes (TSSs), and consensus algorithms.

Distributed Key Generation (DKG) protocols

Allow mutually distrusting parties to jointly generate a signing key. Each party holds only a share of the key, and at least t out of n parties are needed to sign a message.

Read more

Threshold Signature Schemes (TSS)

Allow parties to perform the signing operation without revealing the secret signing key.

Read more

Consensus algorithms

Enable parties to agree on the block they will sign.

Read more

Building zkSNARKs optimized for CPU and GPU architectures

Modern zkSNARKs are cryptographic zero-knowledge proof systems - in other words, systems used to prove the veracity of statements while still keeping parts of the statements private. To achieve this goal, zkSNARKs utilize mathematical procedures, such as the Fast Fourier Transform, that require performing computations on sets of numbers known as finite fields. As it turns out, the native arithmetic performed on CPUs and GPUs does not operate on finite fields, but instead works on sets of numbers called rings, specifically integers modulo 2^64. Our team is working on creating a zkSNARK employing the native CPU/GPU arithmetic of rings, which could lead to better efficiency and performance on these computing architectures.

zkSNARKs with the smallest communication complexity

We have developed a novel zkSNARK called “Vampire”, that has the shortest proof among all updatable and universal zkSNARKs. The proof size is twice as small as Plonk’s and only marginally worse than Groth16’s. Importantly, the latter proof system is neither updatable nor universal. A proof-of-concept implementation will be available soon.

Tool for secret sharing of mnemonics

Our team has developed a user-friendly tool to help securely store mnemonic keys, which are essential for accessing digital wallets. We use a method called Shamir's secret sharing to split the key into multiple shares. To reveal the original key, a certain number of these shares (known as the threshold) must be combined. The tool allows the user to choose both the number of shares and the threshold.

This approach enhances security, as the key parts can be stored on different devices or locations, making it harder for hackers to access the entire key. Additionally, it reduces the risk of losing the key due to accidents or device failures. Our cryptography research team has written a blog post explaining how Shamir's secret sharing works and how to use it for secure mnemonic key sharing.

Collaborating on this project

Michal

Zajac

Albert

Garreta

Isaac

Villalobos

Yevgeny

Zaytman

Ignacio

Manzur

Collaborating on this project

Michal

Zajac

Albert

Garreta

Isaac

Villalobos

Yevgeny

Zaytman

Ignacio

Manzur

No items found.