HackerTrans
TopNewTrendsCommentsPastAskShowJobs

baby

15,215 karmajoined 16 anni fa
cryptologie.net

Submissions

Zk.golf: Fearless and Collaborative Optimization of Circuits

blog.zksecurity.xyz
4 points·by baby·9 giorni fa·2 comments

Explainer of the most widely used zero-knowledge proof system

blog.zksecurity.xyz
3 points·by baby·mese scorso·0 comments

Breaking Jolt's Verifier with an Unbound Uni-Skip Claim

blog.zksecurity.xyz
2 points·by baby·2 mesi fa·0 comments

Groth16, Intuitively

blog.zksecurity.xyz
8 points·by baby·2 mesi fa·0 comments

The Final Form of Software Development

blog.zksecurity.xyz
7 points·by baby·2 mesi fa·1 comments

Sum-Check as an Algebraic Tensor Reduction: Part I

blog.zksecurity.xyz
2 points·by baby·2 mesi fa·0 comments

Ghostmd: Ghostty but for Markdown Notes

mimoo.github.io
24 points·by baby·4 mesi fa·44 comments

Lean4 Formalization of "A Simplified Round-by-Round Soundness Proof of Fri"

blog.zksecurity.xyz
1 points·by baby·5 mesi fa·0 comments

Techpants.io

techpants.io
3 points·by baby·9 mesi fa·0 comments

Feds say 100k-card farms could have killed cell towers in NYC near the UN

theregister.com
3 points·by baby·10 mesi fa·3 comments

Ask HN: Is America Going to Become an Autocracy?

59 points·by baby·10 mesi fa·51 comments

Supply chain attacks are the new big thing (2022)

cryptologie.net
1 points·by baby·10 mesi fa·0 comments

comments

baby
·l’altro ieri·discuss
I find Rust more readable than zig
baby
·4 giorni fa·discuss
I work on www.zkao.io so I can expand on this: it's basically like an audit, you click a button and ~9h later you get a report with findings. It's supposed to be better at finding bugs (especially cryptographic bugs) than frontier models AND it's supposed to be better at discarding false positives.
baby
·7 giorni fa·discuss
fixed!
baby
·8 giorni fa·discuss
they're the same, arithmetic circuits are just made out of addition and multiplication gates. They're used all over the place in programmable cryptography (ZKP, FHE, MPC)
baby
·9 giorni fa·discuss
It might not be super clear for people who don't know about formal verification with Lean or about arithmetic circuits, but this project let's you optimize code in a secure way: if you have code that's faster, not only you have a proof that it is indeed faster, but you also have a proof that it is correct and secure by construction!

It's important that the circuits implement the logic "securely" because arithmetic circuits are used in cryptography (in ZKP, MPC, FHE, for example) to implement programs with additions and multiplications (instead of NAND gates for example)
baby
·9 giorni fa·discuss
I'm racing to be the first submission, amazing project :)
baby
·9 giorni fa·discuss
There are different ways to think about this:

1. Imagine what the protocol would look like without privacy (zk allows you to “sign” a computation, so just do the computation in the clear)

2. Imagine what the protocol would look like by revealing a hash of the passport only (the idea of a “nullifier”, a unique identifier that hides the data and and can be revealed to prevent replays)

The first one should already answer your question: the way you would prevent replays or portability (I use your proof) is to attach some sort of session context to your proof
baby
·16 giorni fa·discuss
I let the soup in.
baby
·16 giorni fa·discuss
Tried playing split fiction on the switch 2 and it was so horrible I haven’t played anything since then. I’m picking it up again today for starfox but basically only use it for nintendo games.
baby
·16 giorni fa·discuss
Sounds like you never tried the deck and the switch. So many games are unplayable on the switch besides nintendo official games. I dropped split fiction because it ran so horribly on the switch
baby
·18 giorni fa·discuss
Remittances is the other interesting one and why libra/diem was even on the table.

I was trying to send some money to my parents the other day and it’s still slow and expensive.
baby
·19 giorni fa·discuss
The deck is such a good console compared to the switch and switch 2 that I can’t be stop being happy that they released this now. How is Valve, a tiny company, doing so much better than Nintendo?
baby
·19 giorni fa·discuss
Lefty tenant here. I def. stopped paying my rent a few times until my landlord fixed their shit or agreed to stop scamming me.

Last time I did it I signed a lease for a year, with 2 months of advance notice if I decided to leave (in the UK). I told them 2 months before the end of my lease, and they told me I had to wait for the end of my lease, then wait 2 months, and then I could be out.

I just stopped paying rent, and left them a horrible one star review on gmaps.

One day he showed up at my place (with soup who was coming to fix something) and tried to enter. I told him to stay out. And then he started crying and telling me how I could not just stop paying rent. I could tell how hard it was to be a small landlord.

I told him that I would resume paying if they signed smthg to agree to let me break the lease at the year end AND reimburse me the fees that appeared at the least minute, a year ago, right as I was signing the lease in front of them.

They agreed, reimbursed me my caution/deposit at the end, easy.

Would recommend just stop paying your rent if anything ever happens. I would do it again.
baby
·29 giorni fa·discuss
Am I paranoid or does this comment feels like what an LLM would write to imitate an HN comment?
baby
·mese scorso·discuss
Our experience has been that without a good harness you don't really get much out of codex/claude. And you really need to spend time and energy figuring out why coding agents can't find bugs like you can.

Every week I see bugs (as an auditor) that our own harness (https://zkao.io/) can't find, and we have to figure out pretty interesting techniques in order to make the tool find them. Mind you I'm talking mostly about cryptographic vulnerabilities, not just webapp bugs. So IMO it's going to make a lot of sense for companies to have both their own harness (as tptacek is talking about) and pay for services that focus on making a good harness from experience (and audit firms are going to be the best at doing this, as they see a lot of bugs and can spend time "teaching" their harness about these bugs)

On the other hand, you have to find equally as good techniques to triage, because otherwise you just have some machinery that I call "vibe auditing" that just produces enough false positives to tire all the developers (who are already overwhelmed with crappy AI submissions in bugbounties and other AI tool that review all of their PRs).

At the end of the day, when your harness doesn't return any bug, you're left wondering "does it mean there's no bugs?" We're basically back in this reputation game, where you want to use the best tool, or the best team (that knows what the best tools are), and need to figure out which one is.
baby
·mese scorso·discuss
I would recommend the book over it
baby
·mese scorso·discuss
Would recommend reading the comic instead
baby
·mese scorso·discuss
I read all the persepolis comics a long time ago and to my memory it was the first time I cried reading a comic. A beautiful work of art. I would recommend to anyone reading this comment to order the first book.
baby
·mese scorso·discuss
What annoys me the most is that I can’t efficiently track my emails with the default. It’s unusable imo if you have a lot of emails. What I ended up doing was to disable read on preview, and enable shortcuts, so you can navigate with vim shorcuts and have to manually mark emails as read.
baby
·mese scorso·discuss
turn off is the only option basically, try an android phone bro