Protocol Labs Research

Modern cryptography plays an integral role in every aspect of online and electronic security, including providing evidence you’re speaking to the intended party and hindering spying on the subsequent communication. Cutting-edge cryptography tools will allow the creation of incredibly strong evidence that general information processing has been performed in a privacy-preserving and trustless way.

2022-09-09 / Report
Impossibilities in succinct arguments: Black-box extraction and more
The celebrated result by Gentry and Wichs established a theoretical barrier for succinct non-interactive arguments (SNARGs), showing that for (expressive enough) hard-on-average languages we must assume non-falsifiable assumptions. We further investigate those barriers by showing new negative and positive results related to extractability and to the preprocessing model.
Matteo Campanelli , Chaya Ganesh, Hamidreza Khoshakhlagh, Janno Siim
2022-09-08 / Report
Curve trees: Practical and transparent zero-knowledge accumulators
In this work we propose a new accumulator construction and efficient ways to prove knowledge of some element in a set without leaking anything about the element. This problem arises in several applications including privacy-preserving distributed ledgers (e.
Matteo Campanelli , Mathias Hall-Andersen
2022-08-30 / Conference paper
Encryption to the future: A paradigm for sending secret messages to future (anonymous) committees
A number of recent works have constructed cryptographic protocols with flavors of adaptive security by having a randomly-chosen anonymous committee run at each round. Since most of these protocols are stateful, transferring secret states from past committees to future, but still unknown, committees is a crucial challenge.
Asiacrypt 2022 / 2022.12.05 / Taipei, Taiwan
Matteo Campanelli , Bernardo David, Hamidreza Khoshakhlagh, Anders Konring, Jesper Buus Nielsen
2022-07-06 / Report
Caulk: Lookup arguments in sublinear time
We present position-hiding linkability for vector commitment schemes: one can prove in zero knowledge that one or m values that comprise commitment cm all belong to the vector of size N committed to in C.
Arantxa Zapico, Vitalik Buterin, Dmitry Khovratovich, Mary Maller, Anca Nitulescu , Mark Simkin
2022-07-06 / Report
Linear-map vector commitments and their practical applications
Vector commitments (VC) are a cryptographic primitive that allow one to commit to a vector and then “open” some of its positions efficiently. Vector commitments are increasingly recognized as a central tool to scale highly decentralized networks of large size and whose content is dynamic.
Matteo Campanelli , Anca Nitulescu , Carla Ràfols, Alexandros Zacharakis, Arantxa Zapico
2022-07-06 / Conference paper
What makes Fiat–Shamir zkSNARKs (updatable SRS) simulation extractable?
We show that three popular universal zero-knowledge SNARKs (Plonk, Sonic, and Marlin) are updatable SRS simulation extractable NIZKs and signatures of knowledge (SoK) out-of-the-box avoiding any compilation overhead. Towards this we generalize results for the Fiat–Shamir (FS) transformation, which turns interactive protocols into signature schemes, non-interactive proof systems, or SoK in the random oracle model (ROM).
SCN 2022 / 2022.09.12 / Amalfi, Italy
Chaya Ganeshe, Hamidreza Khoshakhlagh, Markulf Kohlweiss, Anca Nitulescu , Michal Zajac
2022-06-02 / Report
On the impossibility of algebraic vector commitments in pairing-free groups
Vector Commitments allow one to (concisely) commit to a vector of messages so that one can later (concisely) open the commitment at selected locations. In the state of the art of vector commitments, algebraic constructions have emerged as a particularly useful class, as they enable advanced properties, such as stateless updates, subvector openings and aggregation, that are for example unknown in Merkle-tree-based schemes.
Dario Catalano , Dario Fiore, Rosario Gennaro , Emmanuele Giunta
2022-04-08 / Report
Witness-authenticated key exchange revisited: Improved models, simpler constructions, extensions to groups
We revisit the notion of Witness Authenticated Key Exchange (WAKE) where a party can be authenticated through a generic witness to an NP statement. We point out shortcomings of previous definitions, protocols and security proofs in Ngo et al.
2021-09-27 / Conference paper
MyOPE: Malicious security for oblivious polynomial evaluation
Oblivious Polynomial Evaluation (OPE) schemes are interactive protocols between a sender with a private polynomial and a receiver with a private evaluation point where the receiver learns the evaluation of the polynomial in their point and no additional information.
SCN 2022 / 2022.09.12 / Amalfi, Italy
Malika Izabachène, Anca Nitulescu , Paola de Perthuis, David Pointcheval
2021-09-21 / Conference paper
Count me in! Extendability for threshold ring signatures
Ring signatures enable a signer to sign a message on behalf of a group anonymously, without revealing her identity. Similarly, threshold ring signatures allow several signers to sign the same message on behalf of a group; while the combined signature reveals that some threshold t of the group members signed the message, it does not leak anything else about the signers’ identities.
PKC 2022 / 2022.03.08 / Virtual
Diego Aranha, Mathias Hall-Anderson, Anca Nitulescu , Elena Pagnin, Sophia Yakoubov
2021-05-13 / Conference paper
SnarkPack: Practical SNARK aggregation
Zero-knowledge SNARKs (zk-SNARKs) are non-interactive proof systems with short and efficiently verifiable proofs. zk-SNARKs are widely used in decentralised systems to address privacy and scalability concerns. One of the main applications is the blockchain, were SNARKs are used to prove computations with private inputs and reduce on-chain footprint verification and transaction sizes.
Financial Cryptography and Data Security 2022 / 2022.05.02 / St George's, Grenada
2021-03-18 / Report
Rinocchio: SNARKs for ring arithmetic
Succinct non-interactive arguments of knowledge (SNARKs) enable non-interactive efficient verification of NP computations and admit short proofs. However, all current SNARK constructions assume that the statements to be proven can be efficiently represented as either Boolean or arithmetic circuits over finite fields.
Chaya Ganesh, Anca Nitulescu , Eduardo Soria-Vazquez
2020-12-05 / Report
Incrementally aggregatable vector commitment techniques and applications to verifiable decentralized storage
Vector commitments with subvector openings (SVC) [Lai-Malavolta, Boneh-Bunz-Fisch; CRYPTO’19] allow one to open a committed vector at a set of positions with an opening of size independent of both the vector’s length and the number of opened positions.
Advances in Cryptology – ASIACRYPT 2020 / 2020.12.05
Matteo Campanelli , Dario Fiore, Nicola Greco , Dimitris Kolonelos, Luca Nizzardo
2020-11-17 / Conference paper
Subversion-resilient enhanced privacy ID
Anonymous attestation for secure hardware platforms leverages tailored group signature schemes and assumes the hardware to be trusted. Yet, there is an increasing concern on the trustworthiness of hardware components and embedded systems.
Cryptographers’ Track at the RSA Conference / 2022.02.07 / San Francisco, CA, USA
Antonio Faonio, Dario Fiore, Luca Nizzardo , Claudio Soriente
2020-10-21 / Conference paper
Winkle: foiling long-range attacks in proof-of-stake systems
Winkle protects any validator-based byzantine fault tolerant consensus mechanisms, such as those used in modern Proof-of-Stake blockchains, against long-range attacks where old validators’ signature keys get compromised. Winkle is a decentralized secondary layer of client-based validation, where a client includes a single additional field into a transaction that they sign: a hash of the previously sequenced block.
AFT '20: 2nd ACM Conference on Advances in Financial Technologies / 2020.10.21 / New York, NY, USA
Sarah Azouvi , George Danezis, Valeria Nikolaenko
2020-04-08 / Conference paper
MonZa: Fast maliciously secure two party computation on Z_{2^k}
In this paper we present a new 2-party protocol for secure computation over rings of the form Z2k. As many recent efficient MPC protocols supporting dishonest majority, our protocol consists of a heavier (input-independent) pre-processing phase and a very efficient online stage.
IACR International Conference on Practice and Theory of Public-Key Cryptography (PKC) / 2020.05.04 / Edinburgh, Scotland
Dario Catalano , Mario Di Raimondo, Dario Fiore, Irene Giacomelli
2020-03-03 / Conference paper
SoK: Tools for game theoretic models of security for cryptocurrencies
Cryptocurrencies have garnered much attention in recent years, both from the academic community and industry. One interesting aspect of cryptocurrencies is their explicit consideration of incentives at the protocol level, which has motivated a large body of work, yet many open problems still exist and current systems rarely deal with incentive related problems well.
Cryptoeconomic Systems / 2020.03.07 / Cambridge, MA, USA
Sarah Azouvi , Alexander Hicks
2020-01-15 / Conference paper
Single secret leader election
In a Single Secret Leader Election (SSLE), a group of participants aim to randomly choose exactly one leader from the group with the restriction that the identity of the leader will be known to the chosen leader and nobody else.
ACM Advances in Financial Technologies 2020 / 2020.10.21
Dan Boneh, Saba Eskandarian, Lucjan Hanzlik, Nicola Greco
2019-10-02 / Conference paper
Efficient UC commitment extension with homomorphism for free (and applications)
Homomorphic universally composable (UC) commitments allow for the sender to reveal the result of additions and multiplications of values contained in commitments without revealing the values themselves while assuring the receiver of the correctness of such computation on committed values.
Advances in Cryptology – ASIACRYPT 2019 / 2019.10.02
Ignacio Cascudo, Ivan Damgård, Bernardo David, Nico Döttling, Rafael Dowsley, Irene Giacomelli
2019-08-24 / Conference paper
PLONK: Permutations over Lagrange-bases for oecumenical noninteractive arguments of knowledge
zk-SNARK constructions that utilize an updatable universal structured reference string remove one of the main obstacles in deploying zk-SNARKs[GKM + ]. The important work of Maller et al. [MBKM19] presented Sonic-the first potentially practical zk-SNARK with fully succinct verification for general arithmetic circuits with such an SRS.
Stanford Blockchain Conference / 2020.02.19 / Stanford, CA, USA
Ariel Gabizon , Zachary J Williamson, Oana Ciobotaru
2019-05-29 / Report
AuroraLight: Improved prover efficiency and SRS size in a Sonic-like system
Using ideas from the recent Aurora zk-STARK of Ben-Sasson et al. [BCR + 19], we present a zk-SNARK with a universal and updatable SRS similar to the recent construction of Maller et al.
2018-10-15 / Report
Scaling proof-of-replication for Filecoin mining
A proof-of-replication (PoRep) is a proof system that a server can use to demonstrate to a network in a publicly verifiable way that it is dedicating unique resources to storing one or more replicas of a data file.
2018-07-14 / Report
PoReps: Proofs of space on useful data
A proof-of-replication (PoRep) is an interactive proof system in which a prover defends a publicly verifiable claim that it is dedicating unique resources to storing one or more retrievable replicas of a data file.
2017-07-27 / Report
Power fault tolerance
Byzantine Fault Tolerance (BFT) accounts for faults as the number of faulty nodes and is thus cumbersome to apply to many modern decentralized systems. We introduce the Power Fault Tolerance (PFT) model, which reframes BFT in terms of participants' influence over the outcome of a protocol, instead of the number of nodes.
Protocol Labs
2017-07-27 / Report
Proof of replication
We introduce Proof-of-Replication (PoRep), a new kind of Proof-of-Storage, that can be used to prove that some data D has been replicated to its own uniquely dedicated physical storage. Enforcing unique physical copies enables a verifier to check that a prover is not deduplicating multiple copies of D into the same storage space.
2017-07-19 / Report
Filecoin: A decentralized storage network
The internet is in the middle of a revolution: centralized proprietary services are being replaced with decentralized open ones; trusted parties replaced with verifiable computation; brittle location addresses replaced with resilient content addresses; inefficient monolithic services replaced with peer-to-peer algo-rithmic markets.
Protocol Labs
2014-07-15 / Report
Filecoin: A cryptocurrency operated file storage network
Filecoin is a distributed electronic currency similar to Bitcoin. Unlike Bitcoin’s computation-only proof-of-work, Filecoin’s proof-of-work function includes a proof-of-retrievability component, which requires nodes to prove they store a particular file. The Filecoin network forms an entirely distributed file storage system, whose nodes are incentivized to store as much of the entire network’s data as they can.
Protocol Labs
A survey of rational proofs
Protocol Labs Research Talks / 2021.09.21
Scaling zkSNARKs to meet the demands of Filecoin
ETH Global Scaling via Zero-Knoweldge Summit / 2021.05.05
Verifiable computation on encrypted data
Protocol Labs Research Talks / 2021.01.26
Vector commitment techniques and applications to verifiable decentralized storage
Theory and Practice of Blockchains 2020 / 2020.07.01
Matteo Campanelli , Dario Fiore, Nicola Greco , Luca Nizzardo , Dimitris Kolonelos
Single secret leader election
ConsensusDay 1 / 2019.02.02 / Stanford, CA, USA
PoReps: Proof of space on real data
Lab Day 2018 / 2018.10.23 / San Francisco, CA, USA
Good SNARKs are here needed
Zcon0 / 2018.06.28 / Montréal, Canada
VDFs and Filecoin
VDF Day / 2018.02.03 / Stanford, CA, USA
Proof of replication using depth robust graphs
BPASE 18 / 2018.01.26 / Stanford, CA, USA
2022-08-26 / Blog
Protocol Labs research funding recipients 2022
Protocol Labs Research is thrilled to announce the first research funding recipients of 2022! We fund researchers around the world and have given out 11 awards so far this year. These awards include three RFPs, two Summer Research Grants, five Doctoral fellowships, and one Postdoctoral fellowship.
2022-08-11 / News, Grants
Introducing Cryptonet network grants
Originally founded to drive the creation of Filecoin, Cryptonet set out to create a community of researchers and engineers working on designing, proving, improving the building blocks for crypto-networks to engender new capabilities across the Web 3.
2022-07-05 / Blog
On algebraic vector commitments

In this post, we discuss a recent result from Cryptonet about the impossibility of succinct vector commitments in groups of known prime order.

2022-06-06 / Blog
A deep dive into DKG, chain of SNARKs, and arkworks
In this blog post I am going to share the main takeaways I have learned while implementing a proof of concept (PoC) of a Distributed Key Generation (DKG) inside of a SNARK.
2021-12-21 / Blog
Protocol Labs research funding recipients 2021, part 2
Last week we introduced you to the researchers pursuing key problems in cryptography via RFP-009, RFP-010, and a Nucleation Grant. Now we are excited to share the recipients of research awards intended to fund proposals from PhD candidates, postdoctoral fellows, and faculty through our open grant offerings.
2021-12-17 / Blog
Protocol Labs research funding recipients 2021, part 1
This has been a prodigious year for generating new funded collaborations between Protocol Labs Research and top academic researchers around the world! We have given out a whopping eighteen awards since August (with others pending).
2021-11-22 / Blog
Increasing software update security through PGP-compatible threshold signatures
Increasing software update security through PGP-compatible threshold signatures Whether we are aware of them or not, software updates and the systems that support them permeate the current software landscape. Given their pervasiveness, it should come as a surprise that software created to manage such updates, broadly referred to as package managers, still pose security concerns.
Lukas Zapolskas, Nicolas Gailly
2021-10-22 / Blog
CryptoComputeLab announces proofs release version
CryptoComputeLab is very proud to release Proofs v10.0.0! A lot has changed under the hood in this release, but ultimately, it comes down to additional GPU support options and better performance during proving.
2021-07-29 / Blog
The Winding Journey to Proofs v8.0.0 and beyond

The proofs team is proud to announce the recent proofs releases v8.0.0, v8.0.1, and v8.0.2! These releases are Hyperdrive-enabled, which means that they contain the proof aggregation API that uses SnarkPack – in fact, the major difference between proofs v7.0.x and v8.0.x is the aggregation functionality!

2021-07-13 / News
zk-SNARKs for the world!
Did you know Filecoin is the largest zk-SNARK network deployed to date? For the past two years we have been working on bringing zk-SNARKs to the world and to the Filecoin Network.
2021-05-18 / Blog
CryptoComputeLab announces proofs release versions 7.0.0 and 7.0.1
The Proofs Team is pleased to announce the recent release of version 7.0.0 of the proofs library. The most notable improvement is that we’ve replaced the old gpu code with the new gpu2 code.
2021-05-10 / Blog
SnarkPack: How to aggregate SNARKs efficiently
A guided dive into the cryptographic techniques of SnarkPack This post exposes the inner workings of SnarkPack, a practical scheme to aggregate Groth16 proofs, a derivation of the Inner Pairing Product work of Bünz et al.
2021-03-24 / Blog
CryptoComputeLab announces proofs release 6.1.0
Today we’re proud to announce the recent release of rust-fil-proofs v6.1.0. This release contains a number of significant re-factors and performance optimizations, but we’d like to dig deeper into a couple of them to show some of the real-world impacts.
2020-11-23 / Blog
A research perspective on Filecoin, part two
In Part One, we traced the intellectual and technological history of modern implementations of distributed ledger technology. Now let’s take a stroll through the technological landscape around the time of Filecoin’s release:
2020-11-16 / Blog
A research perspective on Filecoin
The Filecoin network is launching in the middle of a revolution in internet architecture, where vulnerable centralized services dependent on trusted parties are being replaced with resilient decentralized solutions based on verifiable computation, and internet services are being relocated from inefficient central monoliths to the far reaches of the network by peer-to-peer markets.
2020-05-22 / News
Rosario Gennaro named 2020 IACR Fellow
In May, Rosario Gennaro was named a 2020 Fellow of the International Association for Cryptologic Research (IACR). IACR established its Fellows Program in 2002 to recognize oustanding members for significant technical and professional contributions to cryptology and related fields.
2020-02-18 / News, Team
Sarah Azouvi joins Protocol Labs Research
Sarah joins us from the Information Security Group at University College London, where she did research on consensus and worked towards her forthcoming PhD in Computer Science. During her studies, she collaborated with Protocol Labs and was also an intern at Calibra.
2020-01-27 / News, Team
Luca Nizzardo’s thesis wins UPM Extraordinary Award
Source: IMDEA Software Institute. Posted here with permission. Luca Nizzardo was a PhD student of the IMDEA Software Institute and his thesis “Cryptographic Techniques for the Security of Cloud and Blockchain Systems” defended in 2018 was directed by Associate Professor Dario Fiore.