18811
Lukas
@lh1 #18811
Building at TACEO
Believing in programmable cryptography.
93 Follower 81 Following
Make MPC cypherpunk again
Global Private State vs. Private Shared State:
π Consistent vs. β³ Ephemeral
π₯ Millions of users vs. π€handful to dozens
π οΈ Examples: Worldcoin's MPC Uniqueness Check vs. Renegades' Dark Pool ZK-MPC Matching
π Consistent vs. β³ Ephemeral
π₯ Millions of users vs. π€handful to dozens
π οΈ Examples: Worldcoin's MPC Uniqueness Check vs. Renegades' Dark Pool ZK-MPC Matching
If you think creating representative benchmarks for ZK is hard, then don't even start thinking about MPC. The addition of network dynamics introduces a whole new level of complexity that could be debated endlessly.
Even before the launch of Ethereum Vitalik talked about the need for private shared state.
No better place to make progress on co-noir.
What is the end-game for privacy infra?
Equilibrium just dropped a banger blog post.
original, unopinionated, funny
Itβs the best piece you can read about the MPC, FHE, ZKP, and TEEs landscape.
chapeau @hammyx π©
https://equilibrium.co/writing/do-all-roads-lead-to-mpc
Equilibrium just dropped a banger blog post.
original, unopinionated, funny
Itβs the best piece you can read about the MPC, FHE, ZKP, and TEEs landscape.
chapeau @hammyx π©
https://equilibrium.co/writing/do-all-roads-lead-to-mpc
After an intense week at Science of Blockchain I needed to sleep a lot and then touch grass.
Thanks @cdixon.eth β¬β© for my new cap.
Thanks @cdixon.eth β¬β© for my new cap.
Takeaway from this week: Negative definition worked best to explain what MPC we do β everything except wallets.
OH: Among ZKP, FHE, MPC, TEEs - MPC is the strongest decentralization force.
3 big zk privacy players under one roof (next to the π).
1h gets you up to speed on all of them.
Privacy is a requirement for mass adoption. Thanks for pushing Aleo @aztecnetwork @polygonchain
1h gets you up to speed on all of them.
Privacy is a requirement for mass adoption. Thanks for pushing Aleo @aztecnetwork @polygonchain
By now, everyone into zk knows about lookup tables (thanks to Plookup, Lasso, etc.). But did you know that lookup tables (LUTs) also exist in MPC?
Why explore MPC lookups? They help balance a common trade-off in MPC: secret sharing-based protocols have minimal total communication but require many rounds, while Yao-Garbled Circuits (GC) have a constant number of rounds but higher communication overhead.
The most compelling application of LUTs is private ML inference (more on this in another post). However, there's an underexplored area: MPC LUTs for collaborative SNARKs.
To support proof systems that leverage LUTs, we need to find efficient ways to compute zk LUTs in an MPC-fied manner. We are actively researching this area and would love to speak with anyone interested in this topic.
Why explore MPC lookups? They help balance a common trade-off in MPC: secret sharing-based protocols have minimal total communication but require many rounds, while Yao-Garbled Circuits (GC) have a constant number of rounds but higher communication overhead.
The most compelling application of LUTs is private ML inference (more on this in another post). However, there's an underexplored area: MPC LUTs for collaborative SNARKs.
To support proof systems that leverage LUTs, we need to find efficient ways to compute zk LUTs in an MPC-fied manner. We are actively researching this area and would love to speak with anyone interested in this topic.
What is Programmable Cryptography? Here is an in depth article by @gubsheep
I especially like the visionary aspect (what can we achieve in 10+ years)
https://0xparc.org/blog/programmable-cryptography-1
I especially like the visionary aspect (what can we achieve in 10+ years)
https://0xparc.org/blog/programmable-cryptography-1
Why MPC and Noir are a good fit:
1. Noir is lowered to ACIR, an intermediate representation that consists of 7 opcodes (making the evaluation of it rather simple) and is backend agnostic. ACIR can be used as an entry point, greatly reducing complexity as one can reuse the Noir compiler.
2. The ecosystem is designed to add support for proving systems, i.e., we can just write a co-SNARKs backend. So, we do not need to hack around the ecosystem - we can just leverage everything because it is designed to do so (we had to fork circom to build our co-SNARKs as the intended use case was not to add other proof systems).
3. The witness extension is the most complex part to support for co-SNARKs. For Noir, we can support a large portion of all possible circuits by MPC-ifying the most basic opcodes of ACIR (simple solver of equations which is fine in MPC).
1. Noir is lowered to ACIR, an intermediate representation that consists of 7 opcodes (making the evaluation of it rather simple) and is backend agnostic. ACIR can be used as an entry point, greatly reducing complexity as one can reuse the Noir compiler.
2. The ecosystem is designed to add support for proving systems, i.e., we can just write a co-SNARKs backend. So, we do not need to hack around the ecosystem - we can just leverage everything because it is designed to do so (we had to fork circom to build our co-SNARKs as the intended use case was not to add other proof systems).
3. The witness extension is the most complex part to support for co-SNARKs. For Noir, we can support a large portion of all possible circuits by MPC-ifying the most basic opcodes of ACIR (simple solver of equations which is fine in MPC).
Would be nice to finish before the 5. e-print anniversary of PLONK.
https://x.com/taceo_io/status/1819005440572715197?s=46
https://x.com/taceo_io/status/1819005440572715197?s=46
Noir gud!
The start of track and field at the Olympics is today.
Track and field is to sports what math is to science. I love both!
Track and field is to sports what math is to science. I love both!
I see zkTLS / zkEmail as a vampire attack on web2 data. Fully deserved.
π€for Noir meets MPC
Most folks think GDPR is all about data privacy, but it's also about free data movement. These goals often clash, but we don't have to pick one over the other.
Thanks to programmable cryptography (ZK, MPC, FHE), we can have both.
These techniques let us protect sensitive info like financial and health data, while still getting valuable insights from services like portfolio optimization and fitness recommendations.
Thanks to programmable cryptography (ZK, MPC, FHE), we can have both.
These techniques let us protect sensitive info like financial and health data, while still getting valuable insights from services like portfolio optimization and fitness recommendations.