As part of a grant awarded by the Ethereum Foundation, we proved that the FRI protocol and a family of FRI-based protocols including Plonky2 and ethSTARK, are secure after applying the Fiat-Shamir transform. This is joint work with Alexander Block, Jonathan Katz, Justin Thaler, and Pratyush R. Tiwari. The paper was accepted and presented at Asiacrypt 2023. Part of the work is concurrent with the ethSTARK paper by StarkWare. In more detail:
‍
We showed for the first time that several popular proof systems are secure after the Fiat Shamir transform. These include “Plonk-like” protocols using FRI such as Plonky2, and the ethSTARK protocol. To do so, we showed that the FRI protocol is round-by-round sound, and, roughly speaking, provide a general way of compiling certain types of Polynomial Interactive Oracle Proofs into a SNARK using FRI, Merkle trees, and the Fiat Shamir transform.

Read blog post

Our paper

This paper originated while conducting our work on the paper “Fiat-Shamir security of FRI-based SNARKs”. Here we establish several relations between different notions of security for Interactive Oracle Proofs. This is joint work with Alexander Block and Pratyush R. Tiwari.

Our paper

We have developed a novel zkSNARK called “Vampire”, that has the shortest proof among all updatable and universal zkSNARKs. The proof size is twice as small as Plonk’s and only marginally worse than Groth16’s. Importantly, the latter proof system is neither updatable nor universal. A proof-of-concept implementation will be available soon.

About Vampire zk SNARKs

We have researched how to aggregate proving tasks for FRI-based SNARKs (e.g., ethSTARK, Plonky2, RISC0, Boojum, etc.) Our technique reduces the verifier’s work and the proof sizes (compared to producing proofs for each witness and the verifier checking each of these). We showed through experimentation that the technique is useful in practice.

Read more about Starkpack in the blog below and stay tuned for an upcoming paper on it.

Read blog post

We are researching methods to improve current state of the art approaches to zkML. Mostly, we plan to leverage techniques such as floating point approximation and folding schemes. This is part of one of the Worldcoin Community Grants.

Read announcement

Modern zkSNARKs are cryptographic zero-knowledge proof systems - in other words, systems used to prove the veracity of statements while still keeping parts of the statements private. To achieve this goal, zkSNARKs utilize mathematical procedures, such as the Fast Fourier Transform, that require performing computations on sets of numbers known as finite fields. As it turns out, the native arithmetic performed on CPUs and GPUs does not operate on finite fields, but instead works on sets of numbers called rings, specifically integers modulo 2^64. Our team is working on creating a zkSNARK employing the native CPU/GPU arithmetic of rings, which could lead to better efficiency and performance on these computing architectures.

Our team has developed a user-friendly tool to help securely store mnemonic keys, which are essential for accessing digital wallets. We use a method called Shamir's secret sharing to split the key into multiple shares. To reveal the original key, a certain number of these shares (known as the threshold) must be combined.

The tool allows the user to choose both the number of shares and the threshold.This approach enhances security, as the key parts can be stored on different devices or locations, making it harder for hackers to access the entire key. Additionally, it reduces the risk of losing the key due to accidents or device failures. Our cryptography research team has written a blog post explaining how Shamir's secret sharing works and how to use it for secure mnemonic key sharing.

Read blog post