HashCloak Combined Newsletter July & August 2023
What the HashCloak team has been up to in July and August
Welcome to another edition of the HashCloak Combined Newsletter - July and August! Just as in the previous edition, we were fully dedicated to fulfilling our ongoing client commitments, briefly shifting our focus. But now that we've successfully completed those, we're excited to return to our regular monthly schedule of delivering captivating research papers, thought-provoking videos, and all that has piqued the curiosity of the HashCloak team over the months of July and August!
Stuff We’ve Been Reading
Hiromasa, Kawai - Fully Dynamic Multi-Target Homomorphic Attribute-Based Encryption
Kothapalli, Setty, Tzialla - Nova: Recursive Zero-Knowledge Arguments from Folding Schemes
Hash Functions Monolith for ZK Applications: May the Speed of SHA-3 be With You
Bahrani, Garimidi, Roughgarden - Transaction Fee Mechanism Design with Active Block Producers
[DRAFT] A Study of Threshold-Decrypted Mempools, MEV, and Their Benefit to Users
Full Report to Chaincode Labs/Bitcoin Core:
Looking for Lacunae in Bitcoin Core’s Fuzzing EffortsFantastic Four:
Honest-Majority Four-Party Secure Computation With Malicious SecurityEarn While You Reveal:
Private Set Intersection that Rewards ParticipantsBitForge: Fireblocks researchers uncover vulnerabilities in over 15 major wallet providers
Approaching the ‘lookup singularity’: Introducing Lasso and Jolt
Tutorial:
Advanced HE packing methods with applications to ML.
ACM CCS 2022, November 11, 2022Threshold BBS+ Signatures for Distributed Anonymous Credential Issuance
Worldcoin Protocol Cryptography
Security Audit Report
Tools for Humanity
CorporationPrivacy-preserving edit distance computation
using secret-sharing two-party computationDouble Public Key Signing Function Oracle Attack on ed25519-dalek
The Centralizing Effects of Private Order Flow on Proposer-Builder Separation
Stuff We’ve been playing with
Twitter Links
Interesting HashCloak Research Project of the Month
This summer, the HashCloak team participated in the EthGlobal Waterloo Hackathon and developed the Bonfire Wallet project—a passwordless wallet designed to simplify the onboarding process for new users in the cryptocurrency ecosystem using WebAuthn technology. This enables users to create burner wallets through biometric authentication, such as fingerprints, or physical tokens like YubiKeys. This approach eliminates the need for users to manage private keys, making the onboarding process exceptionally user-friendly. The project received two awards from RISC-Zero: Best Use of Bonsai and Best Feedback.
The Bonfire Wallet is built on RISC-Zero, a platform designed to offload computationally intensive tasks (such as signature verification). By leveraging RISC-Zero's ZK-VM through the Bonsai proving service, the Bonfire Wallet ensures efficient and secure off-chain computation. The project comprises an intuitive frontend web wallet and a Solidity smart contract that delegates computation to Bonsai. Users can effortlessly create and manage burner wallets, execute fund transfers, and authenticate transactions using WebAuthn. With ERC-4337 compatibility on the horizon, the project holds significant promise for simplifying the crypto experience for a broader audience while maintaining robust security.
For more details about the Bonfire Wallet project, feel free to visit our GitHub Repo here. This repository contains the source code and documentation that provide a comprehensive overview of the Bonfire Wallet's architecture, functionalities, and implementation details.
Special Purpose Cryptography Protocol of the Month
Every month, we cover a special purpose cryptography for common problems that we encounter in our consultancy practice. This month, we will be covering curve trees, a new tree construction that provides a new efficient cryptographic accumulator that can be used to build private cryptocurrencies.
First, let’s motivate the need for curve trees. The main way in which modern zero-knowledge set membership are designed is that they leverage merkle trees. If you are unfamiliar with merkle trees, check out this explainer. As merkle trees are the main accumulator of choice, a lot of resources have been put into designing more efficient merkle trees. Before the advent of snark-friendly hash functions, merkle trees used hash functions like SHA256, Blake2, etc. With these merkle trees, the number of constraints needed exceeded over 800,000 R1CS constraints! With the advent of snark-friendly hash functions such as Poseidon, Pedersen hashes, etc, the number of R1CS constraints needed was reduced to around 50,000 constraints! The key to this improvement is the fact that snark-friendly hash functions are designed to be implemented within arithmetic circuits unlike their predecessors, which were designed to be implemented within binary circuits (e.g. hardware). By leveraging the environment in which proofs are built in, we can get more efficient operations for merkle trees.
How can we take this fact and construct an even more “native” tree for set membership proofs?
Enter curve trees.
Curve trees are designed such that the resulting digest is native to another hash function. Specifically, curve trees can be seen as a kind of merkle tree in which the hash function is the pedersen commitment over a cycle of elliptic curves. Leafs are points on the base curve. In order to commit to the leaves, one commits both coordinates of the points using pedersen commitments (an efficient version of this is described in the paper in which one only needs the x-coordinate and a sign in order to commit to the entire point in order to save space).
The above construction is not zero-knowledge but it can be made to be! The path of commitments leaks the path to the leaves from the roots. By re-randomizing the commitments, we get commitments that are related to the previous ones but that look completely random. This is done using a more general purpose zero-knowledge proving scheme such as Bulletproofs as shown in the paper. In the circuit, one needs to show that the re-randomized commitment is the child of the previous commitment on the path.
If you want to learn more about the construction, then you can read the following resources:
That wraps up our July Newsletter! We hope you enjoyed this month's blend of insights and project updates. Our team continues to forge new paths in the realm of privacy innovation, and we're eager to keep you in the loop on our latest strides. As always, we appreciate your support and welcome feedback on our work.
Stay in the loop with our latest insights and research by subscribing to our newsletter. You'll be the first to know about our upcoming projects and collaborations.
Also, be sure to follow us on Twitter to stay up-to-date with any announcements related
to our engagements or internal projects. Thank you for your continued interest in HashCloak!
Schedule a call with us to engage in R&D, security auditing, or any other potential collaborations: https://calendly.com/d/hhc-dnq-wfd/hashcloak-services-inquiries.