Sitting on the shoulders of giants, I am glad to announce the following paper with Eli Ben-Sasson, Dan Carmon, Swastik Kopparty, and Shubhangi Saraf: eccc.weizmann.ac.il/report/2… On the one hand, we improve the existing decoder analysis from Ben-Sasson, Carmon, Ishai, Kopparty and Saraf (BCIKS 2020), reducing it to an O(n) soundness error for correlated agreement up to the Johnson radius. In practice, it shows that degree 4 extensions of a 31 bit prime field (like M31, Babybear or Koalabear) are sufficient for FRI up to that radius, in many applications, considering that you are willing to grind. On the other hand, we provide additional counter examples that question the proximity gaps conjecture as written. Notably, over binary fields one cannot expect an O(n) error already *at* Johnson radius, rather a quadratic one. In general, proximity gaps stop at the distance where we have more than field size many proximates, meaning that we have to respect small gap to capacity. (See also the recent work of Crites and Stewart, as well as Diamond and Gruen.)

While you discuss your Monad or MegaETH allocations, privacy devs get sentenced. Similar story to Tornado Cash in the Netherlands Sad moment for privacy.

In new work with Alistair Stewart, we disprove proximity gaps and list-decodability conjectures up to capacity. These conjectures underpin the security and efficiency of many deployed SNARKs and are the subject of Ethereum’s “Millennium Prize.” eprint.iacr.org/2025/2046 🧵

In new work with @AngusGruen, we show that the 𝘶𝘱-𝘵𝘰-𝘤𝘢𝘱𝘢𝘤𝘪𝘵𝘺 proximity gaps conjecture (Ben-Sasson–Carmon–Ishai–Kopparty–Saraf) is not true. This affects the security analysis of most zkVMs deployed today. eprint.iacr.org/2025/2010

🚨 TEEs are AGAIN compromised! 🚨 This time it's even bigger! TL;DR - 3 weeks ago: Intel SGX exploit (DDR4) - Today: Exploit affecting the latest State-Of-The-Art TEEs by Intel, AMD and Nvidia (DDR5) TEEs don't bring privacy or security in crypto. All you need to know 👇🧵

Further degradation of lattice security levels: eprint.iacr.org/2025/1910 A few bits demonstrated experimentally; ~10 bits at cryptographic sizes? Next step would be to work out the impact of collision searches and HGJ-style techniques (see Section 4.3 of cr.yp.to/papers.html#hybrid).

New blog post "MODPOD: The collapse of IETF's protections for dissent." blog.cr.yp.to/20251005-modpo… #ietf #objections #censorship #hybrids --- Note that there's useful action here that you can take by "Tuesday October 7 (in any time zone)".

We are alarmed by reports that Germany is on the verge of a catastrophic about-face, reversing its longstanding and principled opposition to the EU’s Chat Control proposal which, if passed, could spell the end of the right to privacy in Europe. signal.org/blog/pdfs/germany…

On July 7, 2025, Google activated a sweeping update that slipped under the radar: Gemini AI is now scanning conversations across third-party apps like WhatsApp and Messages on Android. Google calls it a convenience feature to “help with daily tasks.” But in reality, it means your texts, photos, and notifications may already be under analysis—without your explicit consent. puri.sm/posts/is-googles-ai-…

The UK is demanding another backdoor in Apple’s encryption. ft.com/content/d101fd62-14f9…

Denmark to proceed with ChatControl despite minority opposition Planning to present the proposal at the Justice and Home Affairs Council meeting on October 14.

The EU’s Chat Control proposal has been stopped, for now, thanks to opposition from Germany and Luxembourg. But the fight isn’t over. We’ve been opposing this dangerous attempt to weaken encryption since 2022, and the EU will likely try again.

Any recommendations for a textbook / survey article on the classical FFTs used in signal processing, like Cooley-Tukey, radix-4 and 8 (and maybe 16), plus split-radix? Where the algorithms are explicitly described, maybe with depicted butterfly? Need it for reference.

Actually never took notice of Lev Soukhanov's logup* construction. Such a beautiful idea, to keep looked-up columns entirely virtual, and prove their value at the random point by duality, translating the lookup consistency to the Lagrange function (the eq). eprint.iacr.org/2025/946 Long time ago, I played with same duality to prove the shift on the hypercube. But I did not realise how useful it is for lookups!

Even more strange, the missing entries are listed in the bbl file...

Strange phenomenon when using LLNCS stylesheet in Latex, with a work around that uses the following snippet to remove the page break caused by the table of content command: \let\clearpage\relax \setcounter{tocdepth}{2} \tableofcontents \let\clearpage\clearpage Regardless of the bibliography style (I am using alpha, but the same for splncs04) the last bibliography entries are skipped... Anyone knows how to fix that?

Added a revision on the previous soundness analysis of Basefold in the list decoding regime. This one now clarifies round-by-round soundness, and adds a separate analysis of WHIR in the list decoding regime, using the same techniques as for the other Basefold-like protocols. eprint.iacr.org/2024/1571

Check out recent work eprint.iacr.org/2025/1325 with @rel_zeta_tech exploring the (known but imo under appreciated) IPA sumcheck connection. Allows connecting BaseFold/FRI with IPA in a neat way and an efficient decider for transparent accumulation & folding schemes

A few words on recent paper with @liameagen. A drawback of IPAs is the linear time verification. This was partially mitigated in Halo by deferring this linear time verifier op via accumulation. We give a minor improvement of this accumulation over Halo/BCMS. More interestingly, we improve the final verifier complexity from linear to polylog by using Basefold (and consequently, FRI) - but for a polynomial over a group rather than field. eprint.iacr.org/2025/1325

Join @adr1anh and @andrewmilson at zkSummit to explore their novel approach to FRI low degree testing. Their work introduces a multi-domain polynomial commitment scheme that maintains uniform verification while allowing flexible reduction steps. May 12th in Toronto: zksummit.com/