This article introduces Labrador, the first lattice-based zkSNARK protocol, generating compact proofs via recursion, applicable to tasks like post-quantum signature aggregation, with detailed insights into its construction, security, and implementation.
Fully Homomorphic Encryption (FHE) enables arbitrary computations on encrypted data without decryption, ensuring full privacy. Despite current computational overhead, its performance improves 8x annually, promising future applications in encrypted cloud computing, privacy-preserving AI, and blockchain, ushering in a "privacy by default" internet era.
Beam Day at EthCC[8] 2025 was a technical event focused on the Ethereum Beam chain upgrade, covering post-quantum cryptography, zkVM integration, and consensus improvements, bringing together researchers, developers, and client teams to discuss progress and future directions.
ICICLE offers a high-performance Rust API for lattice-based SNARK constructions, supporting efficient operations over integer and polynomial rings with CPU and CUDA backends, ideal for post-quantum cryptographic protocols like Labrador, featuring NTT, matrix operations, vector arithmetic, and random sampling.
It was published on TCHES 2025.
This paper presents the first SNARK system suitable for general circuits, featuring horizontal scalability, transparency, and plausibly post-quantum (PQ) security. The system draws inspiration from the distributed proof generation technique proposed in Pianist (IEEE S&P 2024), encoding the witness using bivariate polynomials and employing the KZG polynomial commitment scheme to achieve linear scalability. While Pianist and other scalable SNARK systems excel in performance, they rely on trusted setup ceremonies and cryptographic assumptions that lack PQ security, such as pairing-based primitives. In contrast, we propose a bivariate polynomial commitment scheme based on FRI as a transparent and plausibly PQ-secure alternative. Given the high communication overhead of distributed FRI, we introduce a customizable technique called Fold-and-Batch, which applies partial folding operations locally and then executes batched FRI centrally. We formally prove the security of this construction and implement three distributed FRI variants, conducting comprehensive performance evaluations. The results demonstrate that Fold-and-Batch effectively reduces communication overhead while maintaining scalability and moderate proof sizes. To the best of our knowledge, this is the first SNARK system that achieves horizontal scalability for general circuits while ensuring transparency and plausibly PQ security, offering a tunable trade-off between efficiency, verification cost, and communication overhead.
In this work, we present Interstellar—a novel folding and IVC framework based on a technique we call "circuit interpolation," specifically designed for circuit satisfiability problems. By incorporating the GKR protocol, our approach eliminates the need for commitments to the full computation trace and cross-term vectors, requiring only commitments to the actual circuit witness and optionally a small subset of intermediate gate values. This design significantly reduces the size of vectors that need to be committed in each folding round, offering a crucial advantage over existing solutions, as vector commitments typically involve costly group multi-scalar multiplication operations. Furthermore, Interstellar is highly flexible, naturally extending to support higher-degree gates and lookup gates, enabling multi-instance folding, and efficiently handling non-uniform IVC, making it well-suited for a variety of practical applications ranging from zkML to zkVM program execution proofs. We instantiate the protocol with multiple vector/polynomial commitment schemes and provide a comprehensive cost analysis, demonstrating substantial reductions in proof overhead compared to existing methods.
Despite the increasing popularity of blockchain, its scalability remains a significant challenge. Layer-2 (L2) solutions aim to address this by introducing operators to process transactions off-chain and publish compressed summaries to Layer-1 (L1). However, existing L2 designs face pain points such as limited throughput improvements, complex exit mechanisms, insufficient data availability, or high computational costs for users.
This paper proposes PlasmaFold, a novel L2 architecture designed to overcome these limitations. PlasmaFold adopts a hybrid architecture: aggregators generate proofs of block correctness on the server side, while users maintain balance proofs on their devices. This separation of responsibilities enables users to achieve instant and non-interactive exits through balance proofs, while the majority of verification work is handled by block proofs, minimizing user costs. By leveraging Incrementally Verifiable Computation (IVC) technology, PlasmaFold achieves significant efficiency improvements. Users can update balance proofs in their browsers with less than 1 GB of memory and under 1 second per transaction. Additionally, only the identities of users who have confirmed data receipt are published to L1, ensuring data availability while maintaining minimal on-chain storage costs. This design results in extremely low L1 overhead, with a theoretical throughput exceeding 14,000 TPS.
<100 subscribers
