I hope it's a useful resource, and coveys some of the magic that gives these protocols their power. (2/2)
Justin Thaler
@SuccinctJT
Research Partner @ a16z crypto (starting January 2023)
Associate Professor of CS at Georgetown.
Joined January 2022
Justin Thaler’s Tweets
The third part of my talk series on SNARKs is now up! youtu.be/ZEjuh1UBg6A This final talk covers the main ideas that go into designing "polynomial IOPs", which form the information-theoretic core of most SNARKs. (1/2)
3
18
86
Show this thread
The web3 community's open ethos means that a16z crypto researchers can work with anyone, and contribute to the ecosystem as a whole, not only to the firm. I can't wait to embark on this adventure and look forward to sharing more as I learn and grow with the team (7/7)
5
1
15
Show this thread
I am thrilled to be working with brilliant colleagues, not only in the research group, but throughout the entire firm, including (6/7)
1
1
14
Show this thread
I’ve already contributed to their robust content library: a 3-part lecture on SNARK design (youtube.com/watch?v=tg6lKP), and posts on SNARK security and performance (a16zcrypto.com/snark-security) and measuring SNARK performance (a16zcrypto.com/measuring-snar) (5/7)
1
3
19
Show this thread
The breadth and depth of knowledge within the research group and its many visitors is incredible. I have learned a tremendous amount from them directly, as well as from the blog posts, podcasts, and videos produced since the group's inception just 7 months ago. (4/7)
1
1
10
Show this thread
The group is uniquely focused on fundamentally understanding blockchains and on benefiting the ecosystem today. I think this two-pronged focus is maximally impactful, and also a lot of fun. (3/7)
1
10
Show this thread
I believe blockchains will transform society’s mechanisms for establishing trust & privacy, and that they raise deep technical and intellectual questions. And I expect that a16z crypto research will play a central role in shaping this emerging discipline. (2/7)
1
12
Show this thread
I have some exciting news to share – I’ll be joining research as a Research Partner at the conclusion of this semester. a16zcrypto.com/justin-thaler (1/7)
39
50
334
Show this thread
This content is provided for informational purposes only, and should not be relied upon as legal, business, investment, or tax advice. See a16z.com/disclosures/ for more info. (9/9)
1
12
Show this thread
I hope the post is informative and sparks a discussion about best practices and norms, both in deploying SNARKs and talking about them. (8/9)
1
11
Show this thread
This space is experiencing an explosion of innovation, and I think this technology can be transformative. But if we prioritize performance over security, we may cause people to lose trust in the technology and potentially see misappropriated funds in the process. (7/9)
1
2
16
Show this thread
Given the sophisticated nature of these protocols, experts need to feel comfortable candidly discussing their security and that of the contracts that implement them. This post is my attempt to set an example in this regard. (6/9)
1
13
Show this thread
Also, the security of non-PQ SNARKs is determined by the elliptic curve they choose to use, and the community has largely coalesced around a handful of curves with good security. (5/9)
1
11
Show this thread
With FRI, there is a tension between verifier costs and security, and the proofs are on the larger side. So this tension may get resolved in favor of performance over security. (4/9)
1
11
Show this thread
These issues mainly arise in post-quantum-secure SNARKs (PQ-SNARKs), which in today's deployments means FRI-based ones. This might be for a combination of reasons. (3/9)
1
13
Show this thread
The upshot is that some deployed SNARKs are being run at "80 bits of security" - which is not as well-defined a term as it may seem. My post unpacks this and explains why I think it is not enough. (2/9)
1
2
14
Show this thread
After my last post, I had a request from some folks to discuss the security of SNARKs as they are currently deployed. I've done so in this new post here: a16zcrypto.com/snark-security (1/9)
17
96
265
Show this thread
Btw, the talks cite a version of plonk using 510k gas, I'm guessing this is the zk-sync turbo-plonk. The version we () use on chain is standard plonk, which is more verifier efficient using 270k gas in our optimized impl...
1
1
4
At some point a third talk will likely be posted, focusing more on how SNARKs work and less on the intricacies of the rollup application. (4/4)
7
Show this thread
Hopefully, the talks will be useful to anyone who, like me, is trying to understand this application space. It was awesome to dive into the details of many innovative projects.
More detailed statements about SNARK performance are in this blog post: a16zcrypto.com/measuring-snar (3/4)
1
1
6
Show this thread
The talks focus on SNARKs and their applications to blockchain scalability. In preparing these, I learned a lot about validity rollups and their subtleties---I was surprised by just how much there was to learn. (2/4)
1
1
3
Show this thread
A couple of talks I gave during a recent visit to a16z are now up on Youtube.
Part 1: youtube.com/watch?v=tg6lKP
Part 2: youtube.com/watch?v=cMAI7g (1/4)
22
28
144
Show this thread

