Kobi Gurkan
@kobi.bsky.social
applied crypto, security, experimental things.
head of research @baincapitalcrypto.com
head of research @baincapitalcrypto.com
The word of the week is vandermonde
November 4, 2025 at 10:27 PM
The word of the week is vandermonde
doing my favorite thing of composing stuff together, and toying around with x402 and Privacy Pass to see how they can play together to introduce a sort of a blinding layer to x402
an intro to both, how they're used and a possible way to integrate them!
kobi.leaflet.pub/3m3pyyctda22i
an intro to both, how they're used and a possible way to integrate them!
kobi.leaflet.pub/3m3pyyctda22i
Privacy Pass + x402 = blinding for x402 - Kobi's blog
kobi.leaflet.pub
October 21, 2025 at 6:56 PM
doing my favorite thing of composing stuff together, and toying around with x402 and Privacy Pass to see how they can play together to introduce a sort of a blinding layer to x402
an intro to both, how they're used and a possible way to integrate them!
kobi.leaflet.pub/3m3pyyctda22i
an intro to both, how they're used and a possible way to integrate them!
kobi.leaflet.pub/3m3pyyctda22i
The word of the week is malleability
October 11, 2025 at 8:37 PM
The word of the week is malleability
Want to understand ZODA? Tried to implement it and found yourself stumped?? This FAQ is just for you!
Wrote some answers for questions I’ve seen around me and those I had myself, navigating details and tradeoffs
If you have any more - let me know :)
Wrote some answers for questions I’ve seen around me and those I had myself, navigating details and tradeoffs
If you have any more - let me know :)
October 3, 2025 at 4:08 PM
Want to understand ZODA? Tried to implement it and found yourself stumped?? This FAQ is just for you!
Wrote some answers for questions I’ve seen around me and those I had myself, navigating details and tradeoffs
If you have any more - let me know :)
Wrote some answers for questions I’ve seen around me and those I had myself, navigating details and tradeoffs
If you have any more - let me know :)
Signature schemes are a cornerstone of modern infrastructure and we all know the common ones that sign a message, and some of you know ones that can be e.g. aggregated
In more specialized scenarios, the properties needed aren’t obvious until you hit that problem yourself
1/2
In more specialized scenarios, the properties needed aren’t obvious until you hit that problem yourself
1/2
August 27, 2025 at 3:46 PM
Signature schemes are a cornerstone of modern infrastructure and we all know the common ones that sign a message, and some of you know ones that can be e.g. aggregated
In more specialized scenarios, the properties needed aren’t obvious until you hit that problem yourself
1/2
In more specialized scenarios, the properties needed aren’t obvious until you hit that problem yourself
1/2
Came across an interesting paper this weekend about “Early Signs of Steganographic Capabilities
in Frontier LLM”
Specifically they’re testing non-fine tuned models that are widely available, like GPT 4.5
1/4
in Frontier LLM”
Specifically they’re testing non-fine tuned models that are widely available, like GPT 4.5
1/4
July 6, 2025 at 8:24 PM
Came across an interesting paper this weekend about “Early Signs of Steganographic Capabilities
in Frontier LLM”
Specifically they’re testing non-fine tuned models that are widely available, like GPT 4.5
1/4
in Frontier LLM”
Specifically they’re testing non-fine tuned models that are widely available, like GPT 4.5
1/4
Memory leaks are going to have a whole different meaning soon
June 22, 2025 at 1:35 PM
Memory leaks are going to have a whole different meaning soon
You get great results from Claude Code by guiding it to generate tests for itself to verify its output and supporting it by having live data and services running locally, which it utilizes since it runs in your environment
And being able to do it on your phone is the best
1/4
And being able to do it on your phone is the best
1/4
June 18, 2025 at 11:10 AM
You get great results from Claude Code by guiding it to generate tests for itself to verify its output and supporting it by having live data and services running locally, which it utilizes since it runs in your environment
And being able to do it on your phone is the best
1/4
And being able to do it on your phone is the best
1/4
Reposted by Kobi Gurkan
I rewrote my [[Community Search Engine]] note. It's still not very crisp. I include emerging tools that directionally are working on what I want to be using - @dxos.org Composer, @inkandswitch.com Patchwork (not yet public), @grjte.sh's Groundmist, and the newly released by Tonk, TonkbookLM.
June 13, 2025 at 8:05 AM
I rewrote my [[Community Search Engine]] note. It's still not very crisp. I include emerging tools that directionally are working on what I want to be using - @dxos.org Composer, @inkandswitch.com Patchwork (not yet public), @grjte.sh's Groundmist, and the newly released by Tonk, TonkbookLM.
Wei Jie’s write ups are among the best resources you can find for in-depth cryptography implementation topics
If you’re looking to bridge the gap between theory and practice - have a read
If you’re looking to bridge the gap between theory and practice - have a read
1/ Earlier this year, Yuval Domb of @ingonyama.com discovered Logjumps — a more efficient way to do large-prime field multiplication than Montgomery multiplication. So much modern crypto relies on modular multiplication — all the way from TLS sessions to elliptic-curve based ZK proofs.
June 11, 2025 at 12:41 AM
Wei Jie’s write ups are among the best resources you can find for in-depth cryptography implementation topics
If you’re looking to bridge the gap between theory and practice - have a read
If you’re looking to bridge the gap between theory and practice - have a read
I’m on board with nap coding
Is it too late to change the trend of "vibe coding" to "nap coding"? I want to kick off an agent run and then take a nap. Get some real shut-eye. Wake up to have working code, kick off another prompt, and then go back to sleep. I think it'd really help the industry if everyone got more sleep.
June 9, 2025 at 1:19 PM
I’m on board with nap coding
On the lookout for a one click experience to collect interesting things I come across my day, so that I could get a nice summarized digest a day after
The closest I had was with X bookmarks, but that’s limited to X
x.com/kobigurk/st...
1/2
The closest I had was with X bookmarks, but that’s limited to X
x.com/kobigurk/st...
1/2
June 1, 2025 at 3:27 PM
On the lookout for a one click experience to collect interesting things I come across my day, so that I could get a nice summarized digest a day after
The closest I had was with X bookmarks, but that’s limited to X
x.com/kobigurk/st...
1/2
The closest I had was with X bookmarks, but that’s limited to X
x.com/kobigurk/st...
1/2
Video of my talk in zksummit about Ligerito has been published!
It’s about the work by Andrija and @lmao.bsky.social introducing a small and concretely fast polynomial commitment scheme
Since then, a fun thing has happened —
1/3
It’s about the work by Andrija and @lmao.bsky.social introducing a small and concretely fast polynomial commitment scheme
Since then, a fun thing has happened —
1/3
May 28, 2025 at 8:34 PM
Video of my talk in zksummit about Ligerito has been published!
It’s about the work by Andrija and @lmao.bsky.social introducing a small and concretely fast polynomial commitment scheme
Since then, a fun thing has happened —
1/3
It’s about the work by Andrija and @lmao.bsky.social introducing a small and concretely fast polynomial commitment scheme
Since then, a fun thing has happened —
1/3
“A penny for your thoughts” has a very different meaning now
May 24, 2025 at 1:56 PM
“A penny for your thoughts” has a very different meaning now
anyone trying to do provable image transformation as in eprint.iacr.org/2024/1066 in fast proving zkVMs?
It’s one of the cases a bunch of time will pass until you need to compress it for fast verification, if at all
It’s one of the cases a bunch of time will pass until you need to compress it for fast verification, if at all
VerITAS: Verifying Image Transformations at Scale
Verifying image provenance has become an important topic, especially in the realm of news media. To address this issue, the Coalition for Content Provenance and Authenticity (C2PA) developed a standard to verify image provenance that relies on digital signatures produced by cameras. However, photos are usually edited before being published, and a signature on an original photo cannot be verified given only the published edited image. In this work, we describe VerITAS, a system that uses zero-knowledge proofs (zk-SNARKs) to prove that only certain edits have been applied to a signed photo. While past work has created image editing proofs for photos, VerITAS is the first to do so for realistically large images (30 megapixels). Our key innovation enabling this leap is the design of a new proof system that enables proving knowledge of a valid signature on a large amount of witness data. We run experiments on realistically large images that are more than an order of magnitude larger than th
eprint.iacr.org
May 23, 2025 at 5:24 PM
anyone trying to do provable image transformation as in eprint.iacr.org/2024/1066 in fast proving zkVMs?
It’s one of the cases a bunch of time will pass until you need to compress it for fast verification, if at all
It’s one of the cases a bunch of time will pass until you need to compress it for fast verification, if at all
Reposted by Kobi Gurkan
Leaflet Publications: blogging on Bluesky — version 0.1 is here!
✅ now: make publications, add posts, publish to Bluesky
🗓️ soon: subscribing, commenting & other social features
Try it: leaflet.pub/home
We'd love your feedback & ideas for how we can make this great!
✅ now: make publications, add posts, publish to Bluesky
🗓️ soon: subscribing, commenting & other social features
Try it: leaflet.pub/home
We'd love your feedback & ideas for how we can make this great!
May 22, 2025 at 3:16 PM
Leaflet Publications: blogging on Bluesky — version 0.1 is here!
✅ now: make publications, add posts, publish to Bluesky
🗓️ soon: subscribing, commenting & other social features
Try it: leaflet.pub/home
We'd love your feedback & ideas for how we can make this great!
✅ now: make publications, add posts, publish to Bluesky
🗓️ soon: subscribing, commenting & other social features
Try it: leaflet.pub/home
We'd love your feedback & ideas for how we can make this great!
trying out @leaflet.pub for my recent post, I'm really enjoying the UI a lot: kobi.leaflet.pub/3lpruvjqlhs22
just a question - wen math? would like to use it for my next post :D
I also see comments are on horizon, but how does it work with unpublished drafts that I don't want others to see yet 👀
just a question - wen math? would like to use it for my next post :D
I also see comments are on horizon, but how does it work with unpublished drafts that I don't want others to see yet 👀
Verifiable Verifications - Kobi's blog
kobi.leaflet.pub
May 22, 2025 at 7:46 PM
trying out @leaflet.pub for my recent post, I'm really enjoying the UI a lot: kobi.leaflet.pub/3lpruvjqlhs22
just a question - wen math? would like to use it for my next post :D
I also see comments are on horizon, but how does it work with unpublished drafts that I don't want others to see yet 👀
just a question - wen math? would like to use it for my next post :D
I also see comments are on horizon, but how does it work with unpublished drafts that I don't want others to see yet 👀
How are people thinking of tool use with local models? Feels to me qwen 30b a3b gets confused easily, at least when using the OpenAI agents sdk tool infra
May 22, 2025 at 2:01 PM
How are people thinking of tool use with local models? Feels to me qwen 30b a3b gets confused easily, at least when using the OpenAI agents sdk tool infra
real time proving on pretty complex statements on the server side is here
same developer experience on client side would be huge for experimentation
(delegation is helpful but interested to see what we can do without)
same developer experience on client side would be huge for experimentation
(delegation is helpful but interested to see what we can do without)
May 21, 2025 at 1:21 PM
real time proving on pretty complex statements on the server side is here
same developer experience on client side would be huge for experimentation
(delegation is helpful but interested to see what we can do without)
same developer experience on client side would be huge for experimentation
(delegation is helpful but interested to see what we can do without)
Some thoughts about how verifications in Bluesky can be extended to ZK-based methods, to achieve Verifiable Verifications
This builds on ideas from the recent verification protocol, and explores both direct integrations and lightweight ones, with different points in the tradeoff space of trust
1/2
This builds on ideas from the recent verification protocol, and explores both direct integrations and lightweight ones, with different points in the tradeoff space of trust
1/2
May 19, 2025 at 4:00 PM
Some thoughts about how verifications in Bluesky can be extended to ZK-based methods, to achieve Verifiable Verifications
This builds on ideas from the recent verification protocol, and explores both direct integrations and lightweight ones, with different points in the tradeoff space of trust
1/2
This builds on ideas from the recent verification protocol, and explores both direct integrations and lightweight ones, with different points in the tradeoff space of trust
1/2
Another way to think about is adding some generic external code execution mechanism to enable arbitrary verifiers
How do people think about new verifications mechanisms in a way that don’t complicate the protocol?
E.g. automated verification that can be verified completely using cryptography, lets say about emails
Would a good way be:
1. Use the current mechanism with an automated user as the verifier
1/2
E.g. automated verification that can be verified completely using cryptography, lets say about emails
Would a good way be:
1. Use the current mechanism with an automated user as the verifier
1/2
May 17, 2025 at 2:32 PM
Another way to think about is adding some generic external code execution mechanism to enable arbitrary verifiers
How do people think about new verifications mechanisms in a way that don’t complicate the protocol?
E.g. automated verification that can be verified completely using cryptography, lets say about emails
Would a good way be:
1. Use the current mechanism with an automated user as the verifier
1/2
E.g. automated verification that can be verified completely using cryptography, lets say about emails
Would a good way be:
1. Use the current mechanism with an automated user as the verifier
1/2
May 17, 2025 at 2:24 PM
How do people think about new verifications mechanisms in a way that don’t complicate the protocol?
E.g. automated verification that can be verified completely using cryptography, lets say about emails
Would a good way be:
1. Use the current mechanism with an automated user as the verifier
1/2
E.g. automated verification that can be verified completely using cryptography, lets say about emails
Would a good way be:
1. Use the current mechanism with an automated user as the verifier
1/2
It’s a weird point in time where the easiest way to connect remotely from Mac to Linux is through the Windows app
May 15, 2025 at 11:39 AM
It’s a weird point in time where the easiest way to connect remotely from Mac to Linux is through the Windows app
Annnyoing observation about fiat shamir: there are known ways on how to use the hash functions securely (e.g. SAFE), there are reasonable type-based methods to make sure you include everything that’s needed from the protocol description (maybe post incoming?), but
1/2
1/2
May 15, 2025 at 9:16 AM
Annnyoing observation about fiat shamir: there are known ways on how to use the hash functions securely (e.g. SAFE), there are reasonable type-based methods to make sure you include everything that’s needed from the protocol description (maybe post incoming?), but
1/2
1/2
Reposted by Kobi Gurkan
🧵 The AT Protocol shows the power of a personal data store. All of our public atproto data is easy to find and access. We can interact with it flexibly in myriad ways and combinations.
Wouldn't it be nice to do the same for our private and collaborative data? 👇
Wouldn't it be nice to do the same for our private and collaborative data? 👇
May 14, 2025 at 2:45 PM
🧵 The AT Protocol shows the power of a personal data store. All of our public atproto data is easy to find and access. We can interact with it flexibly in myriad ways and combinations.
Wouldn't it be nice to do the same for our private and collaborative data? 👇
Wouldn't it be nice to do the same for our private and collaborative data? 👇