Pinned
alin.apt
3,467 posts
alin.apt
@alinush
i put the “crypto” in “cryptocurrency.”
head of cryptography at @aptoslabs | math, research, engineering
💍 + 👶 + 🏍️ = ❤️
Joined July 2009
🧵 What is a zero-knowledge proof [system]? It's the *sane* way of proving a statement is true. For example, say I want to convince you I can solve a Sudoku puzzle *x*. Why should I have to give you the solution *w* to the puzzle? You did not ask me for the solution, did you?
- Did you ever hear about these fancy-shmancy elliptic curves with “pairings” or “bilinear maps”? Did you know *S*NARKs would not be possible without them? Or that jail time can be conducive to great mathematical results? If so, this blog post is for you: alinush.github.io/2022/12/31/pai…
- Dear #crypto Twitter, what kind of cryptography would you like to use in your Move smart contracts on @AptosLabs? Currently...
- Want to write or play randomized games on @Aptos_Network in Move? 🎮 We are looking for feedback on our on-chain, distributed randomness API in Move 🎲! See Aptos Improvement Proposal (AIP) 41 here: github.com/aptos-foundati… A very short (1/4) thread 🧵below...
- 🥳 How @Aptos confidential transfers work: 1. Users now have an encrypted balance next to their public one 2. TXNs can now encrypt the transferred amount 3. TXNs prove encrypted amount does not exceed sender's balance 4. Validators update encrypted balances homomorphically
Replying to @AptosLabs4/ How & What ACTs Do 💪 Encrypt token balances and transfer amounts under a long-term encryption key, so only the sender, recipient and any designated auditors can see numeric values. An additively-homomorphic encryption scheme lets the chain add or subtract encrypted values - How do @Aptos confidential transactions encrypt your balance on-chain & the transferred amount? We use (what we call) Chunked'n'Twisted ElGamal encryption: a version of ElGamal that works well with Bulletproofs and zero-knowledge Σ-protocols 👇
- A question about @sama's @worldnetwork: What happens when I lose my SK after registering with my iris? Or when my SK is stolen. Currently, nothing, it seems. I'm done. I can't recover my account (see whitepaper.worldcoin.org/technical-impl…). Disturbing, but potentially fixable (1/n) 🧵
- If you ride motorcycles and do other fun things like commit to polynomials, Verkleize your trees, aggregate signatures or proofs, make HVZK interactive protocols non-interactive and/or write Rust code, then apply to @AptosLabs and we'll take you for a ride! (@rgelash @sherry_xzy)
00:00 - What is an @Aptos keyless account? 🧵 It's a blockchain account derived from (say) your Google account and an application (wallet, dapp, etc). It's bound not just to you (e.g., [email protected]) but also to the application (e.g., @PetraWallet, or @ThalaLabs, or @VibrantXFinance)
- If you were trying to boot someone up _really fast_ on *applied* cryptography, what sequence of concepts would you run then through? I'd start w/ math, constructions and definitions for: 1. Pedersen commitments 2. Diffie-Hellman KEX 3. ElGamal encryption 4. BLS sigs 5. KZG comm.
What is an @Aptos keyless account? 🧵 It's a blockchain account derived from (say) your Google account and an application (wallet, dapp, etc). It's bound not just to you (e.g., [email protected]) but also to the application (e.g., @PetraWallet, or @ThalaLabs, or @VibrantXFinance)- At the core of @aptos confidential transfers lies a very nice cryptographic primitive: zero-knowledge (batched) range proofs. We currently use Bulletproofs for this. But: last summer, my interns and I thought we could do better...
