Nico
@nicomnbl.bsky.social
picious until proven otherwise.
Cryptography research and auditing at zkSecurity. Recurring co-host on the ZKPodcast.
Troubadour at HMLTD. ♟ 1. b3.
nmohnblatt.github.io
Cryptography research and auditing at zkSecurity. Recurring co-host on the ZKPodcast.
Troubadour at HMLTD. ♟ 1. b3.
nmohnblatt.github.io
Is this available on iOS too?
June 23, 2025 at 7:50 PM
Is this available on iOS too?
Don't think this was the case for everyone but for me it was about keeping my phone number private (before Signal introduced usernames)
June 23, 2025 at 7:45 PM
Don't think this was the case for everyone but for me it was about keeping my phone number private (before Signal introduced usernames)
I'm kind of conflicted over this.
Up to now my Signal has been almost exclusively for personal use and Telegram exclusively for connecting at conferences. And I've come to value this clean separation
To the point where I have said no to connecting over Signal
Up to now my Signal has been almost exclusively for personal use and Telegram exclusively for connecting at conferences. And I've come to value this clean separation
To the point where I have said no to connecting over Signal
June 23, 2025 at 3:33 PM
I'm kind of conflicted over this.
Up to now my Signal has been almost exclusively for personal use and Telegram exclusively for connecting at conferences. And I've come to value this clean separation
To the point where I have said no to connecting over Signal
Up to now my Signal has been almost exclusively for personal use and Telegram exclusively for connecting at conferences. And I've come to value this clean separation
To the point where I have said no to connecting over Signal
Reposted by Nico
2/ As such, I wrote a research note to help cryptography engineers fully understand both techniques: baincapitalcrypto.com/a-deep-dive-...
A Deep Dive into Logjumps: a Faster Modular Reduction Algorithm
Logjumps is a recently discovered technique for modular reduction over large prime fields.
baincapitalcrypto.com
June 11, 2025 at 12:40 AM
2/ As such, I wrote a research note to help cryptography engineers fully understand both techniques: baincapitalcrypto.com/a-deep-dive-...
Video or it didn't happen 👀
May 7, 2025 at 12:28 PM
Video or it didn't happen 👀
But this might not work in your case depending on how strict you want to be on the caveat you mentioned
February 28, 2025 at 2:30 PM
But this might not work in your case depending on how strict you want to be on the caveat you mentioned
The usual pattern is:
1. arrange the keys into a Merkle tree and give each signer their authentication path in that tree
2. signer produces a signature on the data
3. signer produces a ZKP that signature verifies against some public key, and that this public key is included in the Merkle tree
1. arrange the keys into a Merkle tree and give each signer their authentication path in that tree
2. signer produces a signature on the data
3. signer produces a ZKP that signature verifies against some public key, and that this public key is included in the Merkle tree
February 28, 2025 at 2:29 PM
The usual pattern is:
1. arrange the keys into a Merkle tree and give each signer their authentication path in that tree
2. signer produces a signature on the data
3. signer produces a ZKP that signature verifies against some public key, and that this public key is included in the Merkle tree
1. arrange the keys into a Merkle tree and give each signer their authentication path in that tree
2. signer produces a signature on the data
3. signer produces a ZKP that signature verifies against some public key, and that this public key is included in the Merkle tree
Part 2 starts with important terminology (pre-quantum vs post-quantum vs quantum). Or then explains how to make Bitcoin and Ethereum post-quantum secure via signature lifting and then talks about using quantum computers to make digital money
zeroknowledge.fm/podcast/297/
2/2
zeroknowledge.fm/podcast/297/
2/2
February 26, 2025 at 3:20 PM
Part 2 starts with important terminology (pre-quantum vs post-quantum vs quantum). Or then explains how to make Bitcoin and Ethereum post-quantum secure via signature lifting and then talks about using quantum computers to make digital money
zeroknowledge.fm/podcast/297/
2/2
zeroknowledge.fm/podcast/297/
2/2
Bit of a tradeoff. We have O(1) proofs and verifiers using univariate polynomials, whereas sumcheck gives at best O(log(circuit))
February 7, 2025 at 11:42 PM
Bit of a tradeoff. We have O(1) proofs and verifiers using univariate polynomials, whereas sumcheck gives at best O(log(circuit))
It replaces the "quotient polynomial". This was the method used to succinctly check that all the Plonk contraints or AIR rows are satisfied.
The advantage is that with sumcheck the prover no longer needs to perform polynomial division and therefore can run in linear time
The advantage is that with sumcheck the prover no longer needs to perform polynomial division and therefore can run in linear time
February 6, 2025 at 2:17 AM
It replaces the "quotient polynomial". This was the method used to succinctly check that all the Plonk contraints or AIR rows are satisfied.
The advantage is that with sumcheck the prover no longer needs to perform polynomial division and therefore can run in linear time
The advantage is that with sumcheck the prover no longer needs to perform polynomial division and therefore can run in linear time
The original description has it as an IP (no oracles). And the messages are actually super short: for a MV polynomial with degree at most d in each variable, the prover only needs to send d field elements in each round
February 6, 2025 at 1:22 AM
The original description has it as an IP (no oracles). And the messages are actually super short: for a MV polynomial with degree at most d in each variable, the prover only needs to send d field elements in each round