HashCloak

Share this post

HashCloak Newsletter June 2023

hashcloak.substack.com

Discover more from HashCloak

Your Monthly guide to blockchain privacy
Continue reading
Sign in

HashCloak Newsletter June 2023

What the HashCloak team has been up to in June

hashcloak
Aug 9, 2023
2
Share this post

HashCloak Newsletter June 2023

hashcloak.substack.com
Share

We are delighted to bring you the latest edition of the HashCloak June Newsletter. 

We went on a bit of a hiatus to focus on our ongoing client engagements. Now that those are completed, we will be back to our regular monthly schedule of delivering interesting research papers, videos and whatever the HashCloak team deems to be interesting over the past month!

Stuff We’ve been reading

  • Benchmarking ZK-Circuits in Circom

  • Tim Roughgarden - Transaction Fee Mechanism Design

  • Shi, Chung, Wu - What Can Cryptography Do For Decentralized Mechanism Design?

  • Ethereum is game-changing technology, literally

  • Disclosure of Security Vulnerabilities in Atomic Wallet, Audited by Least Authority

  • Beosin Security Researchers Discovered SnarkJS Library Vulnerability CVE-2023–33252

  • Flashbots Forum: Bookmarks relevant for redistribution researchers

  • MEV

  • Chialva, Dooms - Conditionals in Homomorphic Encryption, and Machine Learning Applications

  • Elena Fuentes Bongenaar - Multi-key fully homomorphic encryption report

  • Martin Gunnarsson - Efficient Security Protocols for Constrained Devices

  • You And Your Research

  • Intent-Based Architectures and Their Risks

Stuff We’ve been playing with 

  • GitHub - 0xPARC / zk-bug-tracker

  • GitHub - RFP: OP Stack Zero Knowledge Proof · Issue #61 · ethereum-optimism/ecosystem-contributions

  • GitHub - Uniswap v4-core

  • GitHub - crytic/medusa

  • GitHub - mir-protocol/plonky2

  • GitHub - dalek-cryptography/ed25519-dalek: Fast and efficient ed25519 signing and verification in Rust.

https://twitter.com/0xonurinanc/status/1664555051329765377

https://twitter.com/brockjelmore/status/1674869041629118471

  • (You're writing require statements wrong - Nascent.xyz)

  • https://twitter.com/BasspittersBs/status/1673056390414229505

Stuff We’ve been watching

  • ZK Whiteboard Sessions – Module Thirteen: Fast Recursion with Plonky2

Share

Interesting HashCloak Research Project of the Month

In our continued collaboration with Fuel Labs, we built a WebAuthn-based burner wallet using Sway's predicates and NIST standardized curves to enhance the onboarding experience for new users on Fuel Network. This browser-based hot wallet will enable users to deposit small amounts of funds through a browser extension or web page, seamlessly transferring them onto Fuel Labs' L2. The current implementation successfully obtains the WebAuthn public key, which is configurable as a constant in a script, and verifies p256 signatures from WebAuthn through a Smart Contract dedicated to the verification process. This wallet generates keys that can be universally used across web services, thus enhancing accessibility and convenience for new users.

For those interested in exploring the technical aspects and implementation details of the burner wallet using WebAuthn, the complete project repository can be found on our GitHub.

Share

Special Purpose Cryptography Protocol of the Month

Every month, we cover a special purpose cryptography for common problems that we encounter in our consultancy practice. This month, we will be covering Groth and Kohlweiss’ one out of many proofs protocol for showing that a commitment opens to 0 amongst a list of many commitments. 

Let’s quickly motivate the need for such a protocol. Commitments are a common building block in many blockchain applications, namely for privacy-related applications. In particular, one out of many proofs can be used to construct group signatures and other forms of membership proofs. These more complex protocols can then in turn be used to construct privacy protocols for blockchains. Protocols like Firo’s Lelantus Spark leverage one out of many proofs for its next generation privacy protocol.

Let’s do a quick deep dive into the one out of many proofs protocol. First, it builds upon a simpler sigma protocol for showing that a commitment opens to either 0 or 1.

Given a commitment key ck for some homomorphic commitment scheme (e.g. Pedersen commitments), the prover is trying to show that m is either 0 or 1 without revealing m to the verifier. The prover and verifier engage in the following protocol:

  • The prover sends 2 commitments to the verifier that depend on randomly generated field elements and the message

  • The verifier sends a randomly generated challenge

  • The prover sends 3 linear equations as a function of this random challenge and their own randomly generated elements.

  • The verifier checks that the given information from the prover does open to 0 without knowing the contents of the message

The above protocol is complete, sound and special honest verifier zero-knowledge (sHVZK) which makes it a good building block for the more generalized protocol that makes up the core of the paper.

Given some commitment key ck, the prover has a list of commitments of which one of the commitments opens to 0. Equivalently, the prover wants to show to the verifier that there exist some index l such that the equality i=0N-1cil= Commit(0, r) for some randomness r. This equality works because the kronecker’s delta function will make all the terms where i ≠ l equal to 1 in the product. In the case where i = l, we will get the commitment we want. This fact is used to design the protocol above. As one may have noted, the structure of the one out of many proofs protocol is very similar to the protocol for showing that a commitment opens to 0 or 1. In fact, if one uses the binary representation of l, combined with using the previously described trick, the one out of many proofs protocol is essentially simply engaging in showing that the commitments are either 0 or 1 n times where n is the number of bits in l.

If you would like to learn more of the nitty-gritty details of this protocol, take a look at the original paper.


That’s a wrap-up for our June Newsletter, we hope you found this month’s content informative and engaging. Our team is constantly exploring new avenues in privacy innovation and we're thrilled to share our latest progress with you. As always, we appreciate your support and welcome feedback on our work.

Stay in the loop with our latest insights and research by subscribing to our newsletter. You'll be the first to know about our upcoming projects and collaborations.

Also, be sure to follow us on Twitter to stay up-to-date with any announcements related 

to our engagements or internal projects. Thank you for your continued interest in HashCloak!

Schedule a call with us to engage in R&D, security auditing, or any other potential collaborations:  https://calendly.com/d/hhc-dnq-wfd/hashcloak-services-inquiries.

2
Share this post

HashCloak Newsletter June 2023

hashcloak.substack.com
Share
Comments
Top
New

No posts

Ready for more?

© 2023 HashCloak Inc
Privacy ∙ Terms ∙ Collection notice
Start WritingGet the app
Substack is the home for great writing