They found barriers to usability for the MPC frameworks (tbh I’m more happy that MPC has come along far enough that we’re complying about this)
-
-
(That’s not to say it’s the only one trustable, the speaker was just being conservative in her recommendations)
Prikaži ovu nit -
(Interestingly, this talk has received more questions/comments then any other talk at
#realworldcrypto so far)Prikaži ovu nit -
-
Noooo, this talk isn’t about MPC, just “multiple parties doing cryptography”. Not gonna lie, I’m disappointed
Prikaži ovu nit -
Now we’re talking about a service to find things like devices of your friends. Can’t imagine what the privacy issues with that would be
(*whispers* sometimes it’s the computation itself that is privacy-leaking)pic.twitter.com/yhc5xAgf6q
Prikaži ovu nit -
Now speaker is explaining how they can locate your Apple device while it is offline.
Prikaži ovu nit -
So this whole talk is gonna be about how only the people you want to track you can track you.
Prikaži ovu nit -
Linking to
@durumcrustulum’s thread on this talk https://twitter.com/durumcrustulum/status/1215286857241591809?s=21 …https://twitter.com/durumcrustulum/status/1215286857241591809 …
Prikaži ovu nit -
Next talk! Building new hash functions for zero knowledge. Why do we need different ones? Because SHA has a giant circuit/R1CS description and they want smaller ones for protocol efficiencypic.twitter.com/EyTTVFKcno
Prikaži ovu nit -
ZCash v1.0 took 45 seconds just for a SHA-2 use (within the ZK proof statement)pic.twitter.com/9RKd7zXpja
Prikaži ovu nit -
This is a really interesting (if niche) area of cryptography- building crypto primitives that won’t be used in the wild, but rather will only (?) be used in the description language for other crypto primitives (MPC in the Head-based ZK is another area for this)
Prikaži ovu nit -
Want to use more finite field-type hashes (like Pedersen commitment based) because R1CS is basically field arithmetic so it’s much more compactly representable (versus SHA which is more intuitively describable as a Boolean circuit)pic.twitter.com/hP4lZTSVCz
Prikaži ovu nit -
Side note- what can possibly go wrong when we roll new crypto to build a currency
Prikaži ovu nit -
What follows was a description how their new hash has fewer S-Box operations because the degree of the polynomial (thinking about this as an arithmetic circuit) is the same... so who needs more of them
(huh)pic.twitter.com/4UX7upHACw
Prikaži ovu nit -
Their hash functions are *really* small (in terms of R1CS size) vs even Pedersen hashpic.twitter.com/Zomb3wIEsB
Prikaži ovu nit -
-
Aaaaand now time for questions. That was quite a session. Wish there had been more actual MPC but whatever, I’m biased
Prikaži ovu nit
Kraj razgovora
Novi razgovor -
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.