ais's Avatar

ais

@aisconnolly.bsky.social

Privacy, MPC, and coSNARKs at TACEO

151 Followers  |  90 Following  |  11 Posts  |  Joined: 17.11.2024  |  2.2737

Latest posts by aisconnolly.bsky.social on Bluesky

Surpising that even in ZK circles, MPC is still considered β€˜just threshold signing.’ Big miss.
MPC allows full computation on encrypted data eg for private defi or agents w/o exposing inputs. It’s makes ZK collaborative and goes far beyond what we know from wallets. Thoughts?

03.10.2025 18:04 β€” πŸ‘ 3    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0
Post image

New Personal Stack is here by cryptographer @aisconnolly.bsky.social from @taceo.bsky.social

Feel free to explore free, open-source tools experts are using.

19.03.2025 13:25 β€” πŸ‘ 7    πŸ” 3    πŸ’¬ 0    πŸ“Œ 0

I think it shows, but I really enjoyed the @zkhack.dev meetup in Denver

06.03.2025 12:24 β€” πŸ‘ 2    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

Very much looking forward to see @zkgaylord.bsky.social and the @zkhack.dev gang β™₯️

12.02.2025 12:07 β€” πŸ‘ 2    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0

We’ll be in Denver to hijack a corner of the @zkhack.dev meetup!
Come chill with us if you want to talk coSNARKs, coNoir, MPC generally, or to get your hands on some of the most notorious stickers in town πŸ”₯

12.02.2025 12:06 β€” πŸ‘ 2    πŸ” 2    πŸ’¬ 0    πŸ“Œ 0
Preview
Multiparty Notaries for zkTLS A blog about various topics in MPC, ZK and other privacy-preserving technologies, by TACEO.

In a (long) tweet and an article, @taceo.bsky.social team first gave a quick refresher on what zkTLS is, and then presented how it can move beyond 2-party computation (2PC) – a TLS-MPC version with multiple parties.
Article: https://buff.ly/4gzN26v

07.02.2025 20:58 β€” πŸ‘ 3    πŸ” 2    πŸ’¬ 1    πŸ“Œ 0
Abstract. The Fiat-Shamir (FS) transform is a prolific and powerful technique for compiling public-coin interactive protocols into non-interactive ones. Roughly speaking, the idea is to replace the random coins of the verifier with the evaluations of a complex hash function. The FS transform is known to be sound in the random oracle model (i.e., when the hash function is modeled as a totally random function). However, when instantiating the random oracle using a concrete hash function, there are examples of protocols in which the transformation is not sound. So far all of these examples have been contrived protocols that were specifically designed to fail. In this work we show such an attack for a standard and popular interactive succinct argument, based on the GKR protocol, for verifying the correctness of a non-determinstic bounded-depth computation. For every choice of FS hash function, we show that a corresponding instantiation of this protocol, which was been widely studied in the literature and used also in practice, is not (adaptively) sound when compiled with the FS transform. Specifically, we construct an explicit circuit for which we can generate an accepting proof for a false statement. We further extend our attack and show that for every circuit C and desired output y, we can construct a functionally equivalent circuit C^(*), for which we can produce an accepting proof that C^(*) outputs y (regardless of whether or not this statement is true). This demonstrates that any security guarantee (if such exists) would have to depend on the specific implementation of the circuit C, rather than just its functionality. Lastly, we also demonstrate versions of the attack that violate non-adaptive soundness of the protocol – that is, we generate an attacking circuit that is independent of the underlying cryptographic objects. However, these versions are either less practical (as the attacking circuit has very large depth) or make some additional (reasonable) assumptions on the underlying cryptographic primitives.

Abstract. The Fiat-Shamir (FS) transform is a prolific and powerful technique for compiling public-coin interactive protocols into non-interactive ones. Roughly speaking, the idea is to replace the random coins of the verifier with the evaluations of a complex hash function. The FS transform is known to be sound in the random oracle model (i.e., when the hash function is modeled as a totally random function). However, when instantiating the random oracle using a concrete hash function, there are examples of protocols in which the transformation is not sound. So far all of these examples have been contrived protocols that were specifically designed to fail. In this work we show such an attack for a standard and popular interactive succinct argument, based on the GKR protocol, for verifying the correctness of a non-determinstic bounded-depth computation. For every choice of FS hash function, we show that a corresponding instantiation of this protocol, which was been widely studied in the literature and used also in practice, is not (adaptively) sound when compiled with the FS transform. Specifically, we construct an explicit circuit for which we can generate an accepting proof for a false statement. We further extend our attack and show that for every circuit C and desired output y, we can construct a functionally equivalent circuit C^(*), for which we can produce an accepting proof that C^(*) outputs y (regardless of whether or not this statement is true). This demonstrates that any security guarantee (if such exists) would have to depend on the specific implementation of the circuit C, rather than just its functionality. Lastly, we also demonstrate versions of the attack that violate non-adaptive soundness of the protocol – that is, we generate an attacking circuit that is independent of the underlying cryptographic objects. However, these versions are either less practical (as the attacking circuit has very large depth) or make some additional (reasonable) assumptions on the underlying cryptographic primitives.

Image showing part 2 of abstract.

Image showing part 2 of abstract.

How to Prove False Statements: Practical Attacks on Fiat-Shamir (Dmitry Khovratovich, Ron D. Rothblum, Lev Soukhanov) ia.cr/2025/118

27.01.2025 01:58 β€” πŸ‘ 38    πŸ” 17    πŸ’¬ 0    πŸ“Œ 6
Preview
Collaborative SNARKs and Private Shared State EthereumZuri.ch 2025 As blockchain technology matures, the expansion from purely public state systems, pioneered by Ethereum, to privacy-centric platforms like Aztec and Aleo marks significant progress. However, the devel...

We'll be at Ethereum Zurich next week to talk all things coSNARKs and private shared state! Let us know if you're in town, and would like to talk prog crypto and the future of privacy in Web3.
cfp.ducttape.events/ethereumzuri...

22.01.2025 19:02 β€” πŸ‘ 4    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0

Only a few days left to nominate for @web3privacy awards! Support privacy tech and share your favorite projects.
Need ideas? Check @fileverse: portal.fileverse.io/#/0xe141365...

Info for nominating: awards.web3privacy.info/

23.12.2024 11:00 β€” πŸ‘ 4    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0
Preview
TACEO 2024: Coffee, Code, and CoSNARKs A blog about various topics in MPC, ZK and other privacy-preserving technologies, by TACEO.

We had a great year. From bringing super optimized MPC protocols to the mass market and securing 9 million people's irises with World, to developing open source coSNARK tooling and building an alphanet for private proof delegation, it's been wild.
Full breakdown here: blog.taceo.io/eoy/

22.12.2024 09:45 β€” πŸ‘ 3    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0
Preview
Poseidon Cryptanalysis Scrutinizing Poseidon for Good

The Ethereum Foundation is running a cryptanalysis project focusing on Poseidon, with grants and bounties up for grabs!
www.poseidon-initiative.info

28.11.2024 13:31 β€” πŸ‘ 11    πŸ” 7    πŸ’¬ 1    πŸ“Œ 0
Major update to coNoir (November 2024) | TACEO coSNARKs Summary

βœ…Range checks in collaborative Noir
βœ…Support for asserts, and...
βœ…The first version of the Brillig VM in MPC!

Though still in early experimental stages, this is huge progress for private shared state in Noir
Read more in the coNoir releases: docs.taceo.io/docs/release...

05.12.2024 14:27 β€” πŸ‘ 1    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0
EncryptedSystems.org

If you’re curious about the design and analysis of encrypted algorithms and encrypted databases, I’m putting together a collection of resources at encryptedsystems.org

03.12.2024 16:02 β€” πŸ‘ 50    πŸ” 19    πŸ’¬ 2    πŸ“Œ 1

hi there. welcome to 2016.

03.12.2024 08:41 β€” πŸ‘ 2    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Post image

CoSNARKs have been heating up since Devcon πŸ”₯
and some of the leading ZK projects are currently onboarding to try our alphanet for private proof delegation.
There are a few slots left, so if you wanted to offload some proving in a privacy preserving way, our dms are open.

26.11.2024 17:22 β€” πŸ‘ 3    πŸ” 2    πŸ’¬ 0    πŸ“Œ 0
Preview
CoSnarks in Action at Devcon7 A blog about various topics in MPC, ZK and other privacy-preserving technologies, by TACEO.

It worked!
Almost flawlessly!
1800+ people generated 15000+ coSNARKs!
Last week we established a coSNARK Alphanet with the Cursive team and PSE so that the Cursive Devcon app could privately outsource proof generation. More details:
blog.taceo.io/devcon-demo/

22.11.2024 13:35 β€” πŸ‘ 1    πŸ” 1    πŸ’¬ 1    πŸ“Œ 0
Join the TACEO Discord Server! Check out the TACEO community on Discord - hang out with 137 other members and enjoy free voice and text chat.

I was asked if the exhibition had a website. It doesn't, yet, but I promised to add links to all the papers displayed in our Discord. Some of the papers are really nice, especially the earlier ones, as they are easy to read. See them here: discord.gg/XZxXQyfE

20.11.2024 14:03 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Post image

It was cool to see Jens Groth generating proofs, the Aztec team getting excited about Plonk's place in the museum, and best of all was Andrew Lu meeting Don Beaver.

20.11.2024 14:03 β€” πŸ‘ 2    πŸ” 1    πŸ’¬ 1    πŸ“Œ 0

Moreover, the Cursive experience was about generating ✨cryptographic connections✨ and I wanted to highlight that behind the science there are real people, (some even at the conference!) who have connected and worked and fought through years of ideas to get here.

20.11.2024 14:03 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0
Post image Post image Post image

I also had other motives - I wanted to create a space to learn about the underlying science, as such educational resources are scarce in web3. People stood and read for 30+ mins at the exhibition, which was wonderful to see.

20.11.2024 14:03 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0
Post image Post image

Last week at Devcon, I exhibited as part of Cursive's Cryptographic Connections museum. Inspired by the experience of generating coSNARKs on the Alphanet, I wanted to showcase the history of MPC, tracing the development of coSNARKs and TACEO tooling from their beginnings.

20.11.2024 14:03 β€” πŸ‘ 1    πŸ” 1    πŸ’¬ 1    πŸ“Œ 0

Hello and thank you for having me.

18.11.2024 10:02 β€” πŸ‘ 2    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

@aisconnolly is following 20 prominent accounts