https://files.catbox.moe/qgy1ni.pdf Perhaps it's a bit silly but I show here the full conversation I had yesterday with Claude, in which I asked it to teach me Groth16 (the most famous ZKP system). It's a little cheat-y in that I had already "overview" studied it, more than once, but I always found the existing explanatory materials difficult to work though and lost track at some point. This time, with Claude actively teaching me, I can confidently say I have a solid understanding of the whole system, after one single day. In my opinion LLMs are great for these things: Search, learning and language (incl. code). They can seem ludicrously brilliant at all of these, but in each case you have to be wary of different variants of the same flaw: their inability to notice their weakspots. In learning Spanish I get 97% perfect explanations/answers/translations, but with certain obscure slang it might resolutely refuse to accept the existence of the phrase I'm referring to. In this Groth16 conversation it slips up with a specific equation/algebraic notation (it says it was 'sloppy'; I'd say it was wrong) halfway through, in a way a human professor wouldn't. In search I'm not as sure as I don't use it as much, you could argue semantics and say it's not really the one doing the search, but I bet it slips up in a similar way there too. I don't think this kind of flaw is the real story, though. The real story is that if you frame your request properly, and you engage seriously and reflectively, you have access to a teacher that a decent simulation of a high-level expert, in a one-on-one session. If you actually want to learn something, I do think you should do as I did here and ask it to "teach me X based on the fact that my background is roughly Y (so it can pitch at the right level), and ask concept-checking questions along the way". (btw this is not a commentary about claude vs others .. i think this kind of job can be done ~ equally by all the latest models). I have to emphasize how natural this felt. I really felt like I was talking to a teacher that was listening carefully to my responses and engaging with them. Among a number of notable moments in the conversation, this one in particular, after the aforementioned algebra screwup, stood out to me: I asked "yes. back to Q13. rewrite it if necessary, otherwise I'll just keep thinking." and it responded after a few seconds: "{Claude:} The question stands as is. Take your time." A reasonable push-back on this example is that I chose something that has been described and discussed on the 'net a lot over the last 8+ years - certainly no other ZKP system has as much material. So it's showing the best it can be. If you discuss cutting-edge research with it, you're in *much* more dangerous territory.

A bit of an update/nuance on the below, after continuing to read more about this new field: it's a valuable correction to say "this is not just like a federated sidechain: you can get a 1 out of n trust model, not only a majority/quorum". indeed, you can, though i would caution that you have to reflect on the security limitations of having a designated set of verifiers, even if only 1 of them has to be honest (I think that model is not bad at all for setup, but for continuous operation it's not so great; think: "men with guns"). Also worth noting that a related paper was released shortly after, using a different trick (witness encryption, pretty exotic stuff) but based on the same general ideas: https://eprint.iacr.org/2026/065.pdf View quoted note →

A second round of Glock review/reading to better .. grok? .. what the hell this stuff is. The TLDR is that, afaik, there is still no there there. I don't mean that this research isn't incredibly impressive and exciting; at least to my dumb eyes, it is. I mean that it hasn't created the dream scenario of verifying arbitrary off-chain contract execution with negligible onchain cost. It *almost* has done this: it allows you to verify a SNARK, post the proof somewhere offchain and have people be able to punish you onchain if you lie. All that happens without nasty onchain costs like in BitVM and similar. But there's a crucial detail: the SNARK we're talking about here is "designated verifier"; so it's not public verification, it's more like a sidechain where you trust an entity or a federation to enforce the rules. Obviously, that in itself is not really interesting to most people. The new follow-up "Argo MAC" paper ( https://eprint.iacr.org/2026/049.pdf ) is really in the weeds (though if like me you find Elliptic Curve endomorphisms interesting then .. it's fun!) but it *does* change the above crudely described system from "impractical" to "probably completely practical" - because the garbled circuit stuff suddenly went from 100s of GBs to 10s of MBs. But the DV- nature of the SNARK is not changed by it .. so the open question is "can you replace the DV-SNARK with a public verifiable SNARK" and I have no idea of the answer except, the verifier circuit has to be small and that's .. hard? if anyone out there (not *that* unlikely) can correct or refine that description, I'd be grateful. #cryptography #bitcoin

Maple.ai via Tor with anon account paid for with Lightning. I think this a decent tradeoff against the appalling reality of what most of us are doing giving personal data to OpenAI, Anthropic etc. The at-home build isn't viable for real work except if you pay like $20K and sink time into it (and even then). Also I'm not shilling maple here .. it probably can't give you the same level of convenience etc. But maybe close, I think? Opinions? #asknostr

Warning: do NOT use travala.com any more, if you did. They directly stole my money. Here is my response to the customer service agent: (Customer service agent), > Sorry for the delay, im ahmed from compliance department, for refund or either processing the booking, the verification is a mandatory step, we require the minimum and basic info for that, and you can pass it easily through the following link : <snipped> Let's establish the facts: I have been a regular customer of Travala for years, have done probably a hundred or more bookings through your site - mentioning this *not* to claim some status as a customer (which I do not want, and do not have), but to point out that ZERO times on the website or through any of those transactions was it mentioned that you could simply keep my money and provide no service - i.e. STEAL my money - if I did not pass a verification process -handing over extensive and intrusive personal documents - that you never documented anywhere. And indeed for this booking, again, no such advance warning was given. So you (that is to say Travala, not you personally!) act exactly as a kidnapper: to give me back the money which is mine, you insist that I hand over security sensitive information. Which I will not do. There are an endless stream of documented violent theft events of cryptocurrency holders, so spreading one's personal information is stupid, and any claim you make to "keep my data safe" is ridiculous, given the equally endless stream of reported hacking events. I do not trust your company with my personal information because I don't trust *any* company with it. I have been doing Bitcoin development work for over a decade, I will make sure that a lot of people in the community know that Travala steals its customers money, directly, with no apology. Feel free to pass this message to any management, I would appreciate that. (me)