any recommendations for learning cryptography? Books or YouTube etc my last elective at university was a cryptography course but it was merely an introduction, plus very theoretical heavy Boby and Alice were there too lol *Bob I can send my exam notes from back then if anyone's curious, feel free to reach out: 5oyX9YVuLbi1SGyiAt9yGzR7nYqaRHG241qcjE9z5rzm what do you mean by learn? like the absolute conceptual basics or you want to be a cryptographer? do you know what a zk proof is? i would first learn how groth16 works and write a simple prover in sage antikythera: yeah I meant more in terms of concepts that are relevant to what is being developed here. So yes ZK proofs are one of them, I've been going through a course someone sent on the telegram chat. Haven't heard of groth16 just study groth16 from online tutorials study this https://medium.com/cryptoadvance/bls-signatures-better-than-schnorr-5a7fe30ea716 Title: BLS signatures: better than Schnorr | by Stepan | Crypto Advance | Medium and learn about elliptic curve group law, and what is a finite field you can play around in sage with them then you're ready antikythera: awesome! tysm came across this book "an intensive intro to cryptography" and this chapter on ZK proofs is recommended: https://intensecrypto.org/public/lec_14_zero_knowledge.html\ Title: Page Not Found https://intensecrypto.org/public/lec_14_zero_knowledge.html Title: An intensive introduction to cryptography: Zero Knowledge proofs hello yoyo Colonizor48: say you mention you're a math major... what areas of math are you into? i'm into elliptic curves, algebraic geometry/number theory and homology https://falcon-sign.info/falcon.pdf We assumed that an automaton works in a framework of discrete time steps, but this aspect has little influence on our subsequent discussion. In digital design, however, the time element assumes considerable significance. In order to synchronize signals arriving from different parts of the computer, delay circuitry is needed. A unit-delay transducer is one that simply reproduces the input (viewed as a continual stream of symbols) one time unit later. Specifically, if the transducer reads as input a symbol a at time t, it will reproduce that symbol as output at time t + 1. At time t = 0, the transducer outputs nothing. We indicate this by saying that the transducer translates input a1a2… into output λa1a2…. Draw a graph showing how such a unit-delay transducer might be designed for ∑ = {a, b} The answer is https://pasteboard.co/svX8dPQIOYeQ.png Title: Pasteboard - Uploaded Image can someone explain to me what is a/λ a/a, b/a etc. i understand the first as input but what is the significance of second character after / i think the second character is output isnt it alright guys i think i figured this out a bit whatever i understood https://eprint.iacr.org/2024/310.pdf alice: you want to go on Libera IRC #physics haumea: okay i'm narodnik on there also #math, #engineering okay i will ping you there if i join libera.chat test test back hello hello wow this is pretty interesting https://github.com/sbellem/qtee/blob/main/qtee.md you can produce an encrypted TEE circuit, which when you give to a manufacturer cannot be tampered with (because only you have the secret key) and when you receive the chip, you can verify it's legit then as well the doc is saying you could have a chip which is securely 'generated' maybe with FHE and verifiable by the p2p network hello hello hello join #markets you need /join Hi everyone hi how's it going? hi fatback hello any have any good resources for learning FHE? fatback: yes i do https://agorism.dev/uploads/zama-fhe-guide.pdf we could study it together found some links in history : https://eprint.iacr.org/2012/733.pdf https://agorism.dev/book/crypto/fhe/modern-cryptography-2_zhiyong-zheng.pdf https://github.com/darkrenaissance/darkfi/blob/master/script/research/tfhe/src/main.rs Title: darkfi/script/research/tfhe/src/main.rs at master · darkrenaissance/darkfi · GitHub but zama.ai seems newer and better Here's an impl of order matching in FHE using zama's crate: https://codeberg.org/darkrenaissance/darkfi/src/branch/master/script/research/tfhe/src/fhe.rs Title: darkfi/script/research/tfhe/src/fhe.rs at master - darkrenaissance/darkfi - Codeberg.org Hey! https://x.com/__zkhack__/status/1776287347597824256 The ZK-HACK hub is going to start a study cohort of the moon-math book Pass the voice if anyone is interested hey ash thanks for sharing will check it out you're welcome language for formalising protocols: https://arxiv.org/pdf/2203.02461v2.pdf A Theory of Composing Protocols > In programming, protocols are everywhere. Protocols describe the pattern of interaction (or communication) between software systems, for example, between a user-space program and the kernel or between a local application and an online service. Ensuring conformance to protocols avoids a significant class of software errors. Subsequently, there has been a lot of work on verifying code against formal protocol specifications recently came across Ross Anderson who was a professor at Cambridge uni in security/cryptography, he has a lot of papers collated here https://www.cl.cam.ac.uk/~rja14/ Title: Ross Anderson's Home Page So, I was trying to write a zk proof in which there is a set of EC points in a merkle tree and I own one of those points, that is P = xG and P is a part of the set. Now if I take just a merkle tree, I can prove that I own a leaf node in that merkle tree using proof path. With a set of EC points, the data nodes which create the leaf nodes would be that set Merkle tree's public key would be the root node, and that is created by the hashes which sounds good to me. I treat P as the root node, xG as the proof path then it is possible to have a zero knowledge proof that I own a node but then P won't be able to be a part of the set since it is supposed to be a hash so kinda stuck with how to get this done. (here is the braindead stuff I was thinking about while trying to implement it: https://write.as/h635wlnt6xh7p.md) (also write.as won't let me post reference links but those are just existing there and I write down my take away from those links. apologies for the shit formatting) looking, sec airpods69: so look inside proof/ inside darkfi, and reach in the docs about zkas then working with zk proofs would make more sense, esp trying to run some examples .etc you can cd src/contract/dao or src/contract/money and run make test https://codeberg.org/darkrenaissance/darkirc-rln check this example too okayy, getting onto it. also about that document, was I a bit close to what the actual thing should be like? no it's more simple than that. if you look at .zk files, it is just a simpler thing nothing to do with polynomials. i think maybe you need more working knowledge of making/using zk proofs, before it makes more sense understood, thankss np! airpods69: https://darkrenaissance.github.io/darkfi/zkas/writing-zk-proofs.html also check examples in that section B1-66ER: Thanks, reading through itt does anyone have any good resources to learn about homomorphic encryption? didn't you guys share something just recently? fatback: https://agorism.dev/uploads/zama-fhe-guide.pdf hanje-san offered to learn with you: #math we could study it together Oh man I totally forgot! were you able to search previous posts to find that out? yes I really need to up my weechat chops, hahaha. to search for older messages, I go through the telegram mirror Oh I gotcha stupid question... What did "#math " this do? fatback: that's because I copied the chat entry from the telegram mirror channel. there, all the channels are combined into one, therefore each entry is "prefixed" with the channel it came from (here: #math) then who wrote it (here: hanje-san) and lastly the chat itself so "#math we could study it together" means "hanje-san wrote in the #math channel 'we could study it together'" ooooooooooh hahaha thank you for explaining that to me. well make test didn't work so well in src/contract/dao or src/contract/money and I think I am mentally stuck at a point while tryin to implement something. Like I get zk proof now I guess but like hanje pointed out, I over complicated things? What are you trying to achieve? Trying to learn about zk proofs, so hanje told me to try implementing a proof > "write a zk proof in which there is a set of EC points in a merkle tree and I own one of those points, that is P = xG and P is a part of the set. " Been trying to wrap my head around this and went down a rabbit hole of over-complications why didn't make test work? btw lets make it easier, you have values a and b, P = hash(a, b), and prove P is in the set lets get the unit test working first ah, B1-66ER, trying it again but it was cause some file was missing two directories back getting the logs for the exact error well, wow tests work now. So all I did was accidentally run `make test` in the darkfi directory and then ran `make test` in the folder dao folder. It worked yay (should have done it yesterday but guess I was too sleepy that time) ah yeah you probably needed to generate the wasm contracts by running make inside each src/contract/ subdir first and then doing make zkas we should fix that... yep, all good though, it works :D now I feel like I am more confused than closer to a solution. So a and b are two values and I have P = hash(a, b). I need to prove that P is part of a set... but which? Test Test back airpods69: make a new merkle tree, add in some random values and your P. Then the root of that tree R is public in the zk proof See constrain_instance Also see tests/smt.rs hey isnt to show that P is part of the merkel tree i need number of nodes equal to depth of the node P if i need to show a leaf is part of the merkel tree i need log(total no of nodes) of that tree nodes. isnt it since every node is hash of the leaf srry hash of their leaves srry again instead of "nodes equal to depth of the node P" log(total no. of nodes upto the level of node P) nvm test test back B1-66ER thanks, checking those out. I have no clue why I didn't think of using zk/zkas and decided to do everything from scratch. lol are you gonna write your own zk proving system including pairings and gadgets for hashing? gl see you in a year (or 2) I won't now. I wasn't using my brain to think that zkas can be used lol gonna give this another attempt today and learn. Been stuck with this for so long that that I now know I am a junior xd okay so either I am stupid or I am missing the complete point of how to implement this (I haven't gotten far from a blank text file) so I'll illuminate this a bit more. Imagine on your anonymous service (like a blockchain), people post objects that are C = hash(a, b). Imagine the a and b are attributes like a represents your name somehow and b represents idk your age (dumb example) so everybody can see the C values: C1, C2, C3, C4 (lets imagine just these for now) so step 1. is make a merkle tree and add C1, C2, C3, C4 to it, and get the merkle root hash (you don't need to write an actual merkle tree, there's an API to use for this) now I have the root R, you have it and everybody else has it too since they have all the C values so then the next step 2: as a prerequisite to access some service or perform some action, you want to say to me: "I have some C value (without revealing which one) which is in the merkle tree." So you make a proof there is a C in the tree. step 3: furthermore this C = hash(a, b) (without revealing a, b OR C). Note you still must reveal R the tree root lmk any questions the thing is with linux, everyone is stuck in the past trying to copy winblows or macoshit, but we have to realize the power of linux is in making infra that enables communities to operate B1-66ER: yess, I am almost at step 3 (got that whole pseudocode to finally run successfully so I am happy with it) to make these services, they need to be p2p and anonymous so we can escape the trap of big tech surveillance capitalism but they also need economics behind them so that people provisioning infra are rewarded. this has been the weak point of linux tech renaissance and free software this stuff with ZK might seem super abstract / low level because it's fundamentally a new and very different computing paradigm. we still haven't figured out how to build optimizing compilers, but as the first step are building applications and exploring the design space honestly i found the concept of being able to prove things to people without revealing the data was mindblowing so many possibilities... suddenly any anon application is now possible, and in a p2p context where everyone can/must see the data so now I can give you a value C, and you know C = hash(a, b), but you don't know what a and b are when hanje*-san told me about it, it was the first time I heard about zk proof and I had my mind blown away as well. also the stuff with zk is just really new to me and I never came across this. So, that would explain a really big skill issue I have here also to be popular, people will try to copy what is already popular (winblows or macoshit) and thus the replication to linux. the issue is that linux was innovating in early 90s, but then the opensource corporate FOSS people came along and everybody started rejecting stallmans teachings saying "we need normies and the mass adoption" then windows became the gold standard and we started following rather than leading thing is windows/mac build for a dystopian vision of tech where society is low IQ drooling sheep who have no control over their computing whereas linux is about freedom, it's a fundamentally different vision of tech where we band together, and become economically powerful. so we really need to get back to our roots i kinda see it happening now with the minimalist linux meme and anti-systemd pushback, a kind of linux renaissance where we're soul searching and trying to get back to what made us strong originally (instead of trying to go after the markets owned by mac/win, maybe we have our own distinct one) Majority has already fallen into the drooling sheep category with no control over their compute. They dont try to understand their device either. The freedom they know about is the american pseudo freedom. it's not enough though since we need an anon p2p/distributed computing paradigm that has an economic model so it can hire devs and grow seems like that is what darkfi is doing having an anon p2p is really difficult. I believe in it but I don't think the govs or big shots would like that who hide their shady works. producing a witness in a merkle tree would mean what? (Referring to MerkleTree.mark()) :s/Merkle/Bridge also B1-66ER -> Step2 would be the zk proof file? or something else I am using the one in the pseudocode for burn.zk what if I switch things from burn.zk to inclusion_proof.zk hmmmmm I shall And that seems to work so well lez goooo Time for step 3 finally (I am so sorry for the spam here) And I think I got it right??? lez gooo it does pass the test gonna need someone to verify it though: https://github.com/airpods69/darkfi/blob/master/tests/simple_merkle_tree.rs airpods69: Yeah that looks correct :) Finally! Well done, nearly let hash = (a + b) * (a + b + 1) / 2 + a; Should be poseidon hash of a and b Let a = pallas::Base::from(10); Same for b Ohh okay, I'll replace it, gimme 5 mins. Away from laptop. I couldn't get Poseidon hash working (didn't realise a and b needed to be pallas::Base) so I just went with a simple hash to get it done Not relevant here but if you ever want a simple hash, mimc is super basic Altho Poseidon is quite simple to implement too Both are algebraic hashes which means fast to compute in zk. Sha256 or other normal hash fns are veeery ineffecient in zk oh no no, the hash in the code right now was just a ductape solution cause it was 3:30 am and my brain started to stop working that time replacing with poseidon B1-66ER: donee nice congrats, you just made a decentralized credential auth system. It's still a toy, but we if you begin adding things, you can create more complex applications you learn fast too which is good Yay, I could use EC points to complete the original task that hanje*-san was talking about. Not that it would be different from appending random values. Also, thank you. I found a pdf copy of Modern Cryptography & Elliptic curves if anyone's interested, I checked the link and it's legit: https://www.pdfdrive.com/modern-cryptography-and-elliptic-curves-a-beginners-guide-d189512436.html thanks deki, would start without it in a bit (10-15 mins I believe) ah seems like bad gateway for me libgen lead me to this -> http://library.lol/main/564FA4146BB1EAD8FF5AB8F233A1B430 oh weird I just uploaded it here, the pdf version: https://wormhole.app/Loop1#nK6dtHsiFJdPVt4729deQw link will expire in 24hrs anyway I have to go thanks hi everyone https://www.youtube.com/watch?v=SyD4p8_y8Kw Title: Hitler Learns Topology - YouTube haha hi everyone greets, howdy fatback any math news? i've done a bit of category theory I was listening to a few podcasts about that but in the subject of machine learning. interested in it for (co)homology and multilinear maps a lot of practical uses in crypto hello yo fatback what's happening? https://www.youtube.com/watch?v=wD4xrnzKN1Y > Ted Kaczynski's PhD Thesis who wants to study this with me lol I've been meaning to read some of his writings. I see it come up often. may I ask a silly beginner question? sure I've been reading some introductory material into cryptography and I often see the mention of "circuits". Would someone mind explaining what a circuit is? fatback: "circuits" in this case are arthematic circuits. set of operations to be done just like a boolean circuit (or a real life electrical circuit which is meant to perform operations if you wanna think of it that ways) ^ exactly that hello o/ hey airpods69 are you experienced in cryptography? nope, I just had one course at university about cryptography. Thats where my experience starts and ends honestly. wassup though, what do you wanna ask? well let me ask as this might be a beginner question... I've been reading some introductory material into cryptography and I often see the mention of "circuits" Do you know what is meant by a circuit? ahh I did answer that today check out the chat log here: https://agorism.dev/log/ :D or on telegram, whichever suits you Oh was that my question you answered? yepp my bad! its alright, happens to the best of us :D The last thing I saw when I logged into this channel today was that question I posted. Is it possible to extend the number of lines saved? I think mine is set to 20. you can always get the logs from ~/.local/share/weechat/logs/ (I couldn't figure out how to do it so I just look at the text logs XD) Ohhh that's good to know. yepp Ok, let me read through your response. I appreciate it! So is it all the math operations that go into an algorithm? Sort of like a computational graph? As far as my knowledge goes, yes. Ok that makes sense. Thanks for the answer. Anything on your mind today? glad I could help :D Trying to add constant support to zkas here so thats on my mind. zka? fatback: https://darkrenaissance.github.io/darkfi/zkas/index.html got it! came across this site that teaches cryptography principles https://cryptohack.org/ unsure how good it is but it seems well established or how relevant it is to what you guys do here, but they have a course on elliptic curves: https://cryptohack.org/courses/elliptic/course_details/ thanks deki, gonna check it out np test test back hello hello https://archetype.mirror.xyz/Lov-dI8FOueUt4J4MXPH9gXLyS4VXfHCdEmSg67jzoM Verifiable Compute: Scaling Trust with Cryptography hello hello hello hello