Justin Thaler

@SuccinctJT

Research Partner @ a16z crypto (starting January 2023) Associate Professor of CS at Georgetown.

Joined January 2022

20 Following

1,720 Followers

Justin Thaler’s Tweets

Justin Thaler

@SuccinctJT

Nov 18

I hope it's a useful resource, and coveys some of the magic that gives these protocols their power. (2/2)

The third part of my talk series on SNARKs is now up! youtu.be/ZEjuh1UBg6A This final talk covers the main ideas that go into designing "polynomial IOPs", which form the information-theoretic core of most SNARKs. (1/2)

youtube.com

SNARK Design Part III with Justin Thaler | a16z crypto research talks

An even deeper dive into SNARKs (Succinct Non-interactive Argument of Knowledge) by Justin Thaler (Georgetown University). Justin recaps his earlier talks, a...

The web3 community's open ethos means that a16z crypto researchers can work with anyone, and contribute to the ecosystem as a whole, not only to the firm. I can't wait to embark on this adventure and look forward to sharing more as I learn and grow with the team (7/7)

I am thrilled to be working with brilliant colleagues, not only in the research group, but throughout the entire firm, including

(6/7)

I’ve already contributed to their robust content library: a 3-part lecture on SNARK design (youtube.com/watch?v=tg6lKP), and posts on SNARK security and performance (a16zcrypto.com/snark-security) and measuring SNARK performance (a16zcrypto.com/measuring-snar) (5/7)

a16zcrypto.com

Measuring SNARK Performance

In this post, I explain how to estimate these costs to determine when it is reasonable to use SNARKs, and how SNARKs might improve in the future.

The breadth and depth of knowledge within the research group and its many visitors is incredible. I have learned a tremendous amount from them directly, as well as from the blog posts, podcasts, and videos produced since the group's inception just 7 months ago. (4/7)

The group is uniquely focused on fundamentally understanding blockchains and on benefiting the ecosystem today. I think this two-pronged focus is maximally impactful, and also a lot of fun. (3/7)

I believe blockchains will transform society’s mechanisms for establishing trust & privacy, and that they raise deep technical and intellectual questions. And I expect that a16z crypto research will play a central role in shaping this emerging discipline. (2/7)

I have some exciting news to share – I’ll be joining

@a16zcrypto

research as a Research Partner at the conclusion of this semester. a16zcrypto.com/justin-thaler (1/7)

a16zcrypto.com

Justin Thaler

a16z crypto is a venture capital fund that invests in crypto and web3 startups. We back bold entrepreneurs building the next generation of the internet (what many call web3), which unlocks a new wave...

334

This content is provided for informational purposes only, and should not be relied upon as legal, business, investment, or tax advice. See a16z.com/disclosures/ for more info. (9/9)

a16z.com

Disclosures | Andreessen Horowitz

Views expressed in “posts” (including podcasts, videos, and social media) are those of the individual a16z personnel quoted therein and are not necessarily the views of AH Capital Management, L.L.C....

I hope the post is informative and sparks a discussion about best practices and norms, both in deploying SNARKs and talking about them. (8/9)

This space is experiencing an explosion of innovation, and I think this technology can be transformative. But if we prioritize performance over security, we may cause people to lose trust in the technology and potentially see misappropriated funds in the process. (7/9)

Given the sophisticated nature of these protocols, experts need to feel comfortable candidly discussing their security and that of the contracts that implement them. This post is my attempt to set an example in this regard. (6/9)

Also, the security of non-PQ SNARKs is determined by the elliptic curve they choose to use, and the community has largely coalesced around a handful of curves with good security. (5/9)

With FRI, there is a tension between verifier costs and security, and the proofs are on the larger side. So this tension may get resolved in favor of performance over security. (4/9)

These issues mainly arise in post-quantum-secure SNARKs (PQ-SNARKs), which in today's deployments means FRI-based ones. This might be for a combination of reasons. (3/9)

The upshot is that some deployed SNARKs are being run at "80 bits of security" - which is not as well-defined a term as it may seem. My post unpacks this and explains why I think it is not enough. (2/9)

After my last post, I had a request from some folks to discuss the security of SNARKs as they are currently deployed. I've done so in this new post here: a16zcrypto.com/snark-security (1/9)

a16zcrypto.com

SNARK security and performance

This post compares the security properties of different SNARKs, and also explores the tension between verification costs and security in practical post-quantum-secure SNARKs.

265

Show this thread

Justin Thaler Retweeted

Replying to

and

Btw, the talks cite a version of plonk using 510k gas, I'm guessing this is the zk-sync turbo-plonk. The version we (

@aztecnetwork

) use on chain is standard plonk, which is more verifier efficient using 270k gas in our optimized impl...

dashboard.tenderly.co

Tenderly Dashboard

Tenderly is an Ethereum monitoring, debugging and analytics platform. It empowers blockchain teams and individuals by providing a powerful Debugger, intuitive Gas Profiler, Transaction Simulations,...

Justin Thaler

@SuccinctJT

Aug 20

At some point a third talk will likely be posted, focusing more on how SNARKs work and less on the intricacies of the rollup application. (4/4)

Hopefully, the talks will be useful to anyone who, like me, is trying to understand this application space. It was awesome to dive into the details of many innovative projects. More detailed statements about SNARK performance are in this blog post: a16zcrypto.com/measuring-snar (3/4)

a16zcrypto.com

Measuring SNARK Performance

In this post, I explain how to estimate these costs to determine when it is reasonable to use SNARKs, and how SNARKs might improve in the future.

The talks focus on SNARKs and their applications to blockchain scalability. In preparing these, I learned a lot about validity rollups and their subtleties---I was surprised by just how much there was to learn. (2/4)

A couple of talks I gave during a recent visit to a16z are now up on Youtube. Part 1: youtube.com/watch?v=tg6lKP Part 2: youtube.com/watch?v=cMAI7g (1/4)

144

Show this thread