Oh, and in case you were wondering, isn't something like witness discount similar? The answer is a resounding no! Think about it - what the witness discount controls is *how much stuff can go into a block* and is therefore a *global* consensus rule. If miners break it they fork off. Here what the ZIP is discussing is having everyone sing kumbaya and agree what kinds of fees are fair, reasonable and keep good privacy and ddos resistance for everyone. It'll work fine, until it doesn't. View quoted note →

I discovered something quite remarkable today after seeing podcasts with Sean Bowe [1] describing the new tachyon system and then one today with Ying Tong [2] mentioning the fabled 'sandblasting attack' . It turns out that zcash put out a ZIP zips.z.cash/zip-0317 with what seems to me extraordinary content: it says not that there is some resource limit for blocks, but that individual transactions *should* be treated thusly: fee should be linear in number of ins/outs, but 2 outs should be treated like one (for a privacy reason), that certain types of transactions (their different shielded pools) should not be discriminated, and they disrecommend relay of transactions with other fees, and then give a long RECOMMENDED section to miners on how to construct blocks. This is totally nuts - the miner incentive is always to maximize fee revenue, and while it can be hard to work under that scenario sometimes, it's crazy to try to say things like randomize your candidate transactions and only take high paying txs in this ratio, or similar, as they do. Bear in mind that the sandblasting attack, which genuinely crippled the network afaik because they couldn't verify, in a normal node, as fast as the attacker could create transactions, happened because they had the insane idea of a flat fee for every individual transaction, no matter how big it was! (to be sure, they must have done that for better privacy, but it's an utterly broken concept). These are some of the very smartest cryptographers in the world, and I am not exaggerating for effect, there. How did they get such batshit insane ideas (or lack of ideas?) about how a permissionless p2p network works? [1] its on the recent Zero Knowledge podcast, look it up, [2] the recent BTCKVR podcast 'BitVM optimizations', around 35 minutes #cryptography #bitcoin #zcash

IACR Cryptology ePrint Archive

Cryptography with Certified Deletion

We propose a new, unifying framework that yields an array of cryptographic primitives with certified deletion. These primitives enable a party in p...

"We propose a new, unifying framework that yields an array of cryptographic primitives with certified deletion. These primitives enable a party in possession of a quantum ciphertext to generate a classical certificate that the encrypted plaintext has been information-theoretically deleted, and cannot be recovered even given unbounded computational resources." 🤯 #cryptography

https://files.catbox.moe/qgy1ni.pdf Perhaps it's a bit silly but I show here the full conversation I had yesterday with Claude, in which I asked it to teach me Groth16 (the most famous ZKP system). It's a little cheat-y in that I had already "overview" studied it, more than once, but I always found the existing explanatory materials difficult to work though and lost track at some point. This time, with Claude actively teaching me, I can confidently say I have a solid understanding of the whole system, after one single day. In my opinion LLMs are great for these things: Search, learning and language (incl. code). They can seem ludicrously brilliant at all of these, but in each case you have to be wary of different variants of the same flaw: their inability to notice their weakspots. In learning Spanish I get 97% perfect explanations/answers/translations, but with certain obscure slang it might resolutely refuse to accept the existence of the phrase I'm referring to. In this Groth16 conversation it slips up with a specific equation/algebraic notation (it says it was 'sloppy'; I'd say it was wrong) halfway through, in a way a human professor wouldn't. In search I'm not as sure as I don't use it as much, you could argue semantics and say it's not really the one doing the search, but I bet it slips up in a similar way there too. I don't think this kind of flaw is the real story, though. The real story is that if you frame your request properly, and you engage seriously and reflectively, you have access to a teacher that a decent simulation of a high-level expert, in a one-on-one session. If you actually want to learn something, I do think you should do as I did here and ask it to "teach me X based on the fact that my background is roughly Y (so it can pitch at the right level), and ask concept-checking questions along the way". (btw this is not a commentary about claude vs others .. i think this kind of job can be done ~ equally by all the latest models). I have to emphasize how natural this felt. I really felt like I was talking to a teacher that was listening carefully to my responses and engaging with them. Among a number of notable moments in the conversation, this one in particular, after the aforementioned algebra screwup, stood out to me: I asked "yes. back to Q13. rewrite it if necessary, otherwise I'll just keep thinking." and it responded after a few seconds: "{Claude:} The question stands as is. Take your time." A reasonable push-back on this example is that I chose something that has been described and discussed on the 'net a lot over the last 8+ years - certainly no other ZKP system has as much material. So it's showing the best it can be. If you discuss cutting-edge research with it, you're in *much* more dangerous territory.

A bit of an update/nuance on the below, after continuing to read more about this new field: it's a valuable correction to say "this is not just like a federated sidechain: you can get a 1 out of n trust model, not only a majority/quorum". indeed, you can, though i would caution that you have to reflect on the security limitations of having a designated set of verifiers, even if only 1 of them has to be honest (I think that model is not bad at all for setup, but for continuous operation it's not so great; think: "men with guns"). Also worth noting that a related paper was released shortly after, using a different trick (witness encryption, pretty exotic stuff) but based on the same general ideas: https://eprint.iacr.org/2026/065.pdf View quoted note →

A second round of Glock review/reading to better .. grok? .. what the hell this stuff is. The TLDR is that, afaik, there is still no there there. I don't mean that this research isn't incredibly impressive and exciting; at least to my dumb eyes, it is. I mean that it hasn't created the dream scenario of verifying arbitrary off-chain contract execution with negligible onchain cost. It *almost* has done this: it allows you to verify a SNARK, post the proof somewhere offchain and have people be able to punish you onchain if you lie. All that happens without nasty onchain costs like in BitVM and similar. But there's a crucial detail: the SNARK we're talking about here is "designated verifier"; so it's not public verification, it's more like a sidechain where you trust an entity or a federation to enforce the rules. Obviously, that in itself is not really interesting to most people. The new follow-up "Argo MAC" paper ( https://eprint.iacr.org/2026/049.pdf ) is really in the weeds (though if like me you find Elliptic Curve endomorphisms interesting then .. it's fun!) but it *does* change the above crudely described system from "impractical" to "probably completely practical" - because the garbled circuit stuff suddenly went from 100s of GBs to 10s of MBs. But the DV- nature of the SNARK is not changed by it .. so the open question is "can you replace the DV-SNARK with a public verifiable SNARK" and I have no idea of the answer except, the verifier circuit has to be small and that's .. hard? if anyone out there (not *that* unlikely) can correct or refine that description, I'd be grateful. #cryptography #bitcoin

Maple.ai via Tor with anon account paid for with Lightning. I think this a decent tradeoff against the appalling reality of what most of us are doing giving personal data to OpenAI, Anthropic etc. The at-home build isn't viable for real work except if you pay like $20K and sink time into it (and even then). Also I'm not shilling maple here .. it probably can't give you the same level of convenience etc. But maybe close, I think? Opinions? #asknostr