Amazing results by Rohan and Venkat! In a week of negative news about proximity gaps, they show that folded RS codes, univariate multiplicity codes, random linear codes and randomly punctured RS codes have mutual CA *up to capacity*!

The maintainer of libxml2 put it very well

Ethereum's next network upgrade, Fusaka, will go live on mainnet on Dec 3rd! This upgrade brings more scalability for L2's via PeerDAS, introduces a new process called 'Blob Parameter Only' forks and has many other improvements for the network. Bullish Ethereum; bullish ETH!

🧵Another EF Protocol research update, covering: * Benchmarking zkVMs for Ethereum * Hybrid Encrypted Mempools * Optimizations for the p2p networking layer * A security analysis of one of the core building blocks in modern SNARK systems …and more! All posts🔗👇🏼

🚨 TEEs are AGAIN compromised! 🚨 This time it's even bigger! TL;DR - 3 weeks ago: Intel SGX exploit (DDR4) - Today: Exploit affecting the latest State-Of-The-Art TEEs by Intel, AMD and Nvidia (DDR5) TEEs don't bring privacy or security in crypto. All you need to know 👇🧵

Impressed with the level of compatibility of the new memory-safe C/C++ compiler Fil-C (filcc, fil++; fil-c.org/) based on clang. Many libraries and applications that I've tried work under Fil-C without changes, and the exceptions haven't been hard to get working.

1/ New post: Jolt now proves RISC-V programs with 64-bit registers (RV64IMAC), at speeds exceeding those we previously reported for 32-bit. 1.5M cycles/sec on a 32-core CPU, 500k cycles/sec on a MacBook. Here’s why this matters 🧵

Progress toward real-time proving for Ethereum L1 is nothing short of extraordinary. In May, SP1 Hypercube proved 94% of L1 blocks in under 12 seconds using 160 RTX 4090s. Five months later Pico Prism proves 99.9% of the same blocks in under 12 seconds, with just 64 RTX 5090s. Average proving latency is now 6.9 seconds. Performance has outpaced Moore's law ever since Zcash pioneered practical SNARKs a decade ago. Today's Pico Prism results are a striking reminder of that exponential curve. Beyond performance, zkVM diversity is remarkable. At least nine zkVMs are racing toward real-time proving: Airbender, Ceno, Jolt, OpenVM, Pico Prism, R0VM, SP1 Hypercube, Ziren, ZisK. That diversity is strength, similar to CL and EL client diversity. Fusaka, expected in December, will simplify real-time proving. EIP-7825 caps per-tx gas usage, enabling more parallel proving via subblocks. MODEXP, a prominent "prover killer", is being repriced with EIP-7823 and EIP-7883. By year's end several teams will prove every L1 EVM block on a 16-GPU cluster, drawing less than 10kW total. The 10kW target—about the same as a Tesla home charger—matters for on-prem proving in garages and offices, eliminating reliance on cloud proving. gigagas frontier L1 throughput has grown 100x since genesis ten years ago, from 20 kilogas/sec to 2 megagas/sec. With zkEVMs we can 100x again, in half the time. The key is to bypass validators as Ethereum's current scalability bottleneck. Lean execution proofs also decentralise validation. Goodbye 4TB NVMe, 8 cores, 64GB RAM recommended by EIP-7870. A Raspberry Pi running statelessly, or even a phone, will soon suffice. The scalability vs decentralisation dilemma is dying. Zooming out, the lean Ethereum vision is gigagas L1 and teragas L2. Gigagas L1 (10K TPS) means high-value payments, trading, and social apps directly on mainnet. Teragas L2 (10M TPS) means welcoming the entirety of finance onto Ethereum. Nov 22: Ethproofs day demo Behind the scenes teams are preparing a special Devconnect demo. In 38 days my home validator will run on zkEVM proofs. My mighty Geth node will go dark—no more execution client. Devconnect Argentina is Ethereum's world fair. World fairs unveiled the lightbulb, running water, cars, refrigeration, phones, escalators. Real-time proving is Ethereum's lightbulb moment. Ethereum's future is bright. Believe in something :)

Want to know what happens when commercial TEEs meet improvised DRAM memory interposers? SGX mayhem including attestation key extraction. Please DO try that at home😉. Check out our work at wiretap.fail/

🧵 Keccacheck: towards a SNARK friendly Keccak Reilabs publishes a method to batch-verify Keccak hashes with <4000 R1CS constraints, enabling new levels of efficiency for the ZK ecosystem. [1/1]

New Paper w/ @YourBuddyConner, @spilehchiha, @nico_mnbl, @convoluted_code, Akis Kattis. Mispricing issues in major rollups enable practical DoS and finality attacks. All major rollups have made adjustments in production and we were awarded multiple bug bounties. 1/🧵

Finally after 18 mos, my PR to gnark got merged: BLS12-381 G2 signature verification circuit implementation. My original PR was github.com/Consensys/gnark/p… Then @ikubjas developed more codes based on it and it became github.com/Consensys/gnark/p…, merged four days ago. Glad to contribute.

We don’t stop shipping - ever. 🚢 Detailed pages on the ZK Catalog are live. Dive into proof systems, trusted setups and onchain verifiers securing Ethereum’s scaling stack - and learn how to check them yourself.

Rumor has it that the main point is showing strength towards the US administration by forcing US big tech to give in to EU demands. It's about power. That's a very stupid thing to do, but it's what actually motivates the relevant decision makers. I do not say I agree with this

I know it’s been said again and again, but what does it say about ChatControl that its backers keep explicitly *exempting* law enforcement and national security accounts from content scanning?

Here's a new multiset hashing technique: eprint.iacr.org/2025/1503, which my coauthor Jasleen will present at Asiacrypt 2025. Multiset hashing allows you to compute a collision resistant digest of a multiset. We make it faster and zk friendly. @NexusLabs

Sigh. I need a binary encoder for some digital signature schemes. Figured I'll look at CBOR, since it's used in Bluesky among others. Someone did a nifty website running some tests against existing CBOR implementations. Yeah...

known gnark users ;) @reclaimprotocol

I meant that trusted setup is expensive but not impossible to attack. This is similar to 80-bit cryptography: expensive but not impossible to attack. Does that make sense?

We, um, just ran zip on them.