Protocol Labs Research
About
People
Research
Groups Areas Talks Publications Tutorials
Outreach
Blog
Cryptonet

Cryptonet is an open distributed research lab working on applied cryptography to improve crypto-networks.

The purpose of Cryptonet is to develop and apply new cryptographic tools to secure computation and communication systems. Much of our past and current work includes designing, proving, and improving the building blocks enabling Filecoin, a decentralized storage network.

Though the group was founded to drive the creation of Filecoin, it seeks to facilitate the development and incorporation of cryptographic tools to increase security and privacy of communication, and engender new capabilities across the Web 3.0 stack.

To learn more about Cryptonet, visit the group’s website.

Publications

View all PL Research publications
2023-08-30 / Report
Filecoin Proof of Useful Space
This document provides a simple formal definition of Proof of Space (taken from the academic literature) and an informal definition of persistent and useful space (needed for Filecoin). It describes construction details and a security proof for the Stacked-DRGs proof of space (SDR), and goes into how SDR is used in Filecoin.
Irene Giacomelli , Luca Nizzardo
Cryptonet
Cryptography
2023-02-13 / Report
tlock: Practical timelock encryption from threshold BLS
We present a practical construction and implementation of timelock encryption, in which a ciphertext is guaranteed to be decryptable only after some specified time has passed. We employ an existing threshold network, the League of Entropy, implementing threshold BLS [BLS01, B03] in the context of Boneh and Franklin’s identity-based encryption (IBE).
Nicolas Gailly , Kelsey Melissaris, Yolan Romailler
Cryptonet
Cryptography
2022-11-01 / Report
Structure-preserving compilers from new notions of obfuscations
The dream of software obfuscation is to take programs, as they are, and then compile them into obfuscated versions that hide their secret inner workings. In this work we investigate notions of obfuscations weaker than virtual black-box (VBB) but which still allow obfuscating cryptographic primitives preserving their original functionalities as much as possible.
Matteo Campanelli , Danilo Francati, Claudio Orlandi
Cryptonet
Cryptography
2022-09-09 / Report
Impossibilities in succinct arguments: Black-box extraction and more
The celebrated result by Gentry and Wichs established a theoretical barrier for succinct non-interactive arguments (SNARGs), showing that for (expressive enough) hard-on-average languages we must assume non-falsifiable assumptions. We further investigate those barriers by showing new negative and positive results related to extractability and to the preprocessing model.
Matteo Campanelli , Chaya Ganesh, Hamidreza Khoshakhlagh, Janno Siim
Cryptonet
Cryptography
2022-09-08 / Report
Curve trees: Practical and transparent zero-knowledge accumulators
In this work we propose a new accumulator construction and efficient ways to prove knowledge of some element in a set without leaking anything about the element. This problem arises in several applications including privacy-preserving distributed ledgers (e.
Matteo Campanelli , Mathias Hall-Andersen
Cryptonet
Cryptography
2022-08-30 / Conference paper
Encryption to the future: A paradigm for sending secret messages to future (anonymous) committees
A number of recent works have constructed cryptographic protocols with flavors of adaptive security by having a randomly-chosen anonymous committee run at each round. Since most of these protocols are stateful, transferring secret states from past committees to future, but still unknown, committees is a crucial challenge.
Asiacrypt 2022 / 2022.12.05 / Taipei, Taiwan
Matteo Campanelli , Bernardo David, Hamidreza Khoshakhlagh, Anders Konring, Jesper Buus Nielsen
Cryptonet
Cryptography
2022-07-06 / Report
Caulk: Lookup arguments in sublinear time
We present position-hiding linkability for vector commitment schemes: one can prove in zero knowledge that one or m values that comprise commitment cm all belong to the vector of size N committed to in C.
Arantxa Zapico, Vitalik Buterin, Dmitry Khovratovich, Mary Maller, Anca Nitulescu , Mark Simkin
Cryptonet
Cryptography
2022-07-06 / Report
Linear-map vector commitments and their practical applications
Vector commitments (VC) are a cryptographic primitive that allow one to commit to a vector and then “open” some of its positions efficiently. Vector commitments are increasingly recognized as a central tool to scale highly decentralized networks of large size and whose content is dynamic.
Matteo Campanelli , Anca Nitulescu , Carla Ràfols, Alexandros Zacharakis, Arantxa Zapico
Cryptonet
Cryptography
2022-07-06 / Conference paper
What makes Fiat–Shamir zkSNARKs (updatable SRS) simulation extractable?
We show that three popular universal zero-knowledge SNARKs (Plonk, Sonic, and Marlin) are updatable SRS simulation extractable NIZKs and signatures of knowledge (SoK) out-of-the-box avoiding any compilation overhead. Towards this we generalize results for the Fiat–Shamir (FS) transformation, which turns interactive protocols into signature schemes, non-interactive proof systems, or SoK in the random oracle model (ROM).
SCN 2022 / 2022.09.12 / Amalfi, Italy
Chaya Ganeshe, Hamidreza Khoshakhlagh, Markulf Kohlweiss, Anca Nitulescu , Michal Zajac
Cryptonet
Cryptography
2022-06-02 / Report
On the impossibility of algebraic vector commitments in pairing-free groups
Vector Commitments allow one to (concisely) commit to a vector of messages so that one can later (concisely) open the commitment at selected locations. In the state of the art of vector commitments, algebraic constructions have emerged as a particularly useful class, as they enable advanced properties, such as stateless updates, subvector openings and aggregation, that are for example unknown in Merkle-tree-based schemes.
Dario Catalano , Dario Fiore, Rosario Gennaro , Emmanuele Giunta
Cryptonet
Cryptography
2022-04-08 / Report
Witness-authenticated key exchange revisited: Improved models, simpler constructions, extensions to groups
We revisit the notion of Witness Authenticated Key Exchange (WAKE) where a party can be authenticated through a generic witness to an NP statement. We point out shortcomings of previous definitions, protocols and security proofs in Ngo et al.
Matteo Campanelli , Rosario Gennaro , Kelsey Melissaris, Luca Nizzardo
Cryptonet
Cryptography , Distributed systems
2021-09-27 / Conference paper
MyOPE: Malicious security for oblivious polynomial evaluation
Oblivious Polynomial Evaluation (OPE) schemes are interactive protocols between a sender with a private polynomial and a receiver with a private evaluation point where the receiver learns the evaluation of the polynomial in their point and no additional information.
SCN 2022 / 2022.09.12 / Amalfi, Italy
Malika Izabachène, Anca Nitulescu , Paola de Perthuis, David Pointcheval
Cryptonet
Cryptography
2021-09-21 / Conference paper
Count me in! Extendability for threshold ring signatures
Ring signatures enable a signer to sign a message on behalf of a group anonymously, without revealing her identity. Similarly, threshold ring signatures allow several signers to sign the same message on behalf of a group; while the combined signature reveals that some threshold t of the group members signed the message, it does not leak anything else about the signers’ identities.
PKC 2022 / 2022.03.08 / Virtual
Diego Aranha, Mathias Hall-Anderson, Anca Nitulescu , Elena Pagnin, Sophia Yakoubov
Cryptonet
Cryptography
2021-05-13 / Conference paper
SnarkPack: Practical SNARK aggregation
Zero-knowledge SNARKs (zk-SNARKs) are non-interactive proof systems with short and efficiently verifiable proofs. zk-SNARKs are widely used in decentralised systems to address privacy and scalability concerns. One of the main applications is the blockchain, were SNARKs are used to prove computations with private inputs and reduce on-chain footprint verification and transaction sizes.
Financial Cryptography and Data Security 2022 / 2022.05.02 / St George's, Grenada
Nicolas Gailly , Mary Maller, Anca Nitulescu
Cryptonet
Cryptography
2021-03-18 / Report
Rinocchio: SNARKs for ring arithmetic
Succinct non-interactive arguments of knowledge (SNARKs) enable non-interactive efficient verification of NP computations and admit short proofs. However, all current SNARK constructions assume that the statements to be proven can be efficiently represented as either Boolean or arithmetic circuits over finite fields.
Chaya Ganesh, Anca Nitulescu , Eduardo Soria-Vazquez
Cryptonet
Cryptography
2020-12-05 / Report
Incrementally aggregatable vector commitment techniques and applications to verifiable decentralized storage
Vector commitments with subvector openings (SVC) [Lai-Malavolta, Boneh-Bunz-Fisch; CRYPTO’19] allow one to open a committed vector at a set of positions with an opening of size independent of both the vector’s length and the number of opened positions.
Advances in Cryptology – ASIACRYPT 2020 / 2020.12.05
Matteo Campanelli , Dario Fiore, Nicola Greco , Dimitris Kolonelos, Luca Nizzardo
Cryptonet
Cryptography , Distributed systems
2020-11-17 / Conference paper
Subversion-resilient enhanced privacy ID
Anonymous attestation for secure hardware platforms leverages tailored group signature schemes and assumes the hardware to be trusted. Yet, there is an increasing concern on the trustworthiness of hardware components and embedded systems.
Cryptographers’ Track at the RSA Conference / 2022.02.07 / San Francisco, CA, USA
Antonio Faonio, Dario Fiore, Luca Nizzardo , Claudio Soriente
Cryptonet
Cryptography
2020-04-08 / Conference paper
MonZa: Fast maliciously secure two party computation on Z_{2^k}
In this paper we present a new 2-party protocol for secure computation over rings of the form Z2k. As many recent efficient MPC protocols supporting dishonest majority, our protocol consists of a heavier (input-independent) pre-processing phase and a very efficient online stage.
IACR International Conference on Practice and Theory of Public-Key Cryptography (PKC) / 2020.05.04 / Edinburgh, Scotland
Dario Catalano , Mario Di Raimondo, Dario Fiore, Irene Giacomelli
Cryptonet
Cryptography
2020-01-15 / Conference paper
Single secret leader election
In a Single Secret Leader Election (SSLE), a group of participants aim to randomly choose exactly one leader from the group with the restriction that the identity of the leader will be known to the chosen leader and nobody else.
ACM Advances in Financial Technologies 2020 / 2020.10.21
Dan Boneh, Saba Eskandarian, Lucjan Hanzlik, Nicola Greco
Cryptonet
Cryptography
2019-11-20 / Report
Exploring connections between active learning and model extraction
Machine learning is being increasingly used by individuals, research institutions, and corporations. This has resulted in the surge of Machine Learning-as-a-Service (MLaaS) - cloud services that provide (a) tools and resources to learn the model, and (b) a user-friendly query interface to access the model.
Varun Chandrasekaran, Kamalika Chaudhuri, Irene Giacomelli , Somesh Jha, Songbai Yan
Cryptonet
2019-10-02 / Conference paper
Efficient UC commitment extension with homomorphism for free (and applications)
Homomorphic universally composable (UC) commitments allow for the sender to reveal the result of additions and multiplications of values contained in commitments without revealing the values themselves while assuring the receiver of the correctness of such computation on committed values.
Advances in Cryptology – ASIACRYPT 2019 / 2019.10.02
Ignacio Cascudo, Ivan Damgård, Bernardo David, Nico Döttling, Rafael Dowsley, Irene Giacomelli
Cryptonet
Cryptography
2019-08-24 / Conference paper
PLONK: Permutations over Lagrange-bases for oecumenical noninteractive arguments of knowledge
zk-SNARK constructions that utilize an updatable universal structured reference string remove one of the main obstacles in deploying zk-SNARKs[GKM + ]. The important work of Maller et al. [MBKM19] presented Sonic-the first potentially practical zk-SNARK with fully succinct verification for general arithmetic circuits with such an SRS.
Stanford Blockchain Conference / 2020.02.19 / Stanford, CA, USA
Ariel Gabizon , Zachary J Williamson, Oana Ciobotaru
Cryptonet , CryptoComputeLab
Cryptography
2019-05-29 / Report
AuroraLight: Improved prover efficiency and SRS size in a Sonic-like system
Using ideas from the recent Aurora zk-STARK of Ben-Sasson et al. [BCR + 19], we present a zk-SNARK with a universal and updatable SRS similar to the recent construction of Maller et al.
Ariel Gabizon
Cryptonet , CryptoComputeLab
Cryptography
2018-10-15 / Report
Scaling proof-of-replication for Filecoin mining
A proof-of-replication (PoRep) is a proof system that a server can use to demonstrate to a network in a publicly verifiable way that it is dedicating unique resources to storing one or more replicas of a data file.
Ben Fisch , Joseph Bonneau , Nicola Greco , Juan Benet
Cryptonet
Cryptography , Distributed systems
2018-07-14 / Report
PoReps: Proofs of space on useful data
A proof-of-replication (PoRep) is an interactive proof system in which a prover defends a publicly verifiable claim that it is dedicating unique resources to storing one or more retrievable replicas of a data file.
Ben Fisch
Cryptonet , CryptoComputeLab
Cryptography , Distributed systems
2017-07-27 / Report
Power fault tolerance
Byzantine Fault Tolerance (BFT) accounts for faults as the number of faulty nodes and is thus cumbersome to apply to many modern decentralized systems. We introduce the Power Fault Tolerance (PFT) model, which reframes BFT in terms of participants’ influence over the outcome of a protocol, instead of the number of nodes.
Protocol Labs
Cryptonet , CryptoComputeLab
Cryptography , Distributed systems
2017-07-27 / Report
Proof of replication
We introduce Proof-of-Replication (PoRep), a new kind of Proof-of-Storage, that can be used to prove that some data D has been replicated to its own uniquely dedicated physical storage. Enforcing unique physical copies enables a verifier to check that a prover is not deduplicating multiple copies of D into the same storage space.
Juan Benet , David Dalrymple , Nicola Greco
Cryptonet
Cryptography , Distributed systems
2017-07-19 / Report
Filecoin: A decentralized storage network
The internet is in the middle of a revolution: centralized proprietary services are being replaced with decentralized open ones; trusted parties replaced with verifiable computation; brittle location addresses replaced with resilient content addresses; inefficient monolithic services replaced with peer-to-peer algo-rithmic markets.
Protocol Labs
Cryptonet , CryptoComputeLab
Cryptography , Distributed systems
2014-07-15 / Report
Filecoin: A cryptocurrency operated file storage network
Filecoin is a distributed electronic currency similar to Bitcoin. Unlike Bitcoin’s computation-only proof-of-work, Filecoin’s proof-of-work function includes a proof-of-retrievability component, which requires nodes to prove they store a particular file. The Filecoin network forms an entirely distributed file storage system, whose nodes are incentivized to store as much of the entire network’s data as they can.
Protocol Labs
Cryptonet , CryptoComputeLab
Cryptography , Distributed systems

Talks

View all PL Research talks
2021-09-21
A survey of rational proofs
Protocol Labs Research Talks / 2021.09.21
Rosario Gennaro
Cryptonet
Cryptography
2020-07-01
Vector commitment techniques and applications to verifiable decentralized storage
Theory and Practice of Blockchains 2020 / 2020.07.01
Matteo Campanelli , Dario Fiore, Nicola Greco , Luca Nizzardo , Dimitris Kolonelos
Cryptonet
Cryptography
2020-03-04
Drand: Distributed, bias resistant, unpredictable and publicly verifiable randomness
Protocol Labs Research Talks / 2020.03.04
Nicolas Gailly
Cryptonet
Distributed systems
2019-02-02
Expected consensus
ConsensusDay 1 / 2019.02.02 / Stanford, CA, USA
Henri Stern
Cryptonet , CryptoComputeLab
Distributed systems
2018-10-23
PoReps: Proof of space on real data
Lab Day 2018 / 2018.10.23 / San Francisco, CA, USA
Ben Fisch
Cryptonet , CryptoComputeLab
Cryptography , Distributed systems
2018-06-28
Good SNARKs are here needed
Zcon0 / 2018.06.28 / Montréal, Canada
Nicola Greco
Cryptonet
Cryptography
2018-02-03
VDFs and Filecoin
VDF Day / 2018.02.03 / Stanford, CA, USA
Jeromy Johnson
Cryptonet
Cryptography , Distributed systems

Blog

View all PL Research posts
2023-04-06 / News
Cryptonet launches new open source SNARK system
Testudo is a new open source SNARK system developed by Cryptonet that offers efficient proofs with smaller setups. It uses polynomial commitments and sumchecks to prove the satisfiability of an R1CS system, and applies several optimizations to reduce the trusted setup size, improve proving times, and achieve fast verification and small proof size.
Rosario Gennaro
Cryptonet
Cryptography
2022-08-26 / Blog
Protocol Labs research funding recipients 2022
Protocol Labs Research is thrilled to announce the first research funding recipients of 2022! We fund researchers around the world and have given out 11 awards so far this year. These awards include three RFPs, two Summer Research Grants, five Doctoral fellowships, and one Postdoctoral fellowship.
Abby Silin
ConsensusLab , CryptoComputeLab , CryptoEconLab , Cryptonet , Network Research , ProbeLab , Research Acceleration
Cryptography , Distributed systems , Metaresearch , Networking
2022-08-11 / News, Grants
Introducing Cryptonet network grants
Originally founded to drive the creation of Filecoin, Cryptonet set out to create a community of researchers and engineers working on designing, proving, improving the building blocks for crypto-networks to engender new capabilities across the Web 3.
Rosario Gennaro , Jorge M. Soares
Cryptonet
Distributed systems , Cryptography
2022-07-15 / News, Team
Ioannis Caragiannis to advise Cryptonet
Cryptonet is excited to announce that Ioannis Caragiannis will be supporting the team as a research advisor. Ioannis is a professor at Aarhus University, where he also serves as the head of the research group on computational complexity and game theory.
Cryptonet
2022-07-05 / Blog
On algebraic vector commitments

In this post, we discuss a recent result from Cryptonet about the impossibility of succinct vector commitments in groups of known prime order.

Rosario Gennaro
Cryptonet
Cryptography
2022-06-06 / Blog
A deep dive into DKG, chain of SNARKs, and arkworks
In this blog post I am going to share the main takeaways I have learned while implementing a proof of concept (PoC) of a Distributed Key Generation (DKG) inside of a SNARK.
Nicolas Gailly
Cryptonet
Cryptography
2022-04-08 / News, Team
Matteo Campanelli joins CryptoNetLab as a Research Scientist
CryptoNetLab is pleased to welcome Matteo Campanelli to the team as a research scientist. Matteo previously worked as a postdoctoral researcher at Aarhus University (with Claudio Orlandi) and at the IMDEA Software Institute (with Dario Fiore).
Karola Kirsanow
Cryptonet
2022-03-07 / News, Team
Dario Catalano to advise CryptoNetLab
CryptoNetLab is excited to announce that Dario Catalano will be supporting the team as a research advisor. Dario is a professor at University of Catania, where he investigates questions related to reducing the gap between theory and practice in cryptography, with a particular focus on developing advanced yet efficient encryption mechanisms and designing secure distributed digital signature schemes.
Karola Kirsanow
Cryptonet
2021-12-21 / Blog
Protocol Labs research funding recipients 2021, part 2
Last week we introduced you to the researchers pursuing key problems in cryptography via RFP-009, RFP-010, and a Nucleation Grant. Now we are excited to share the recipients of research awards intended to fund proposals from PhD candidates, postdoctoral fellows, and faculty through our open grant offerings.
Jonathan Gross
AbstractionLab , Cryptonet , ResNetLab
Cryptography , Distributed systems , Metaresearch , Networking
2021-12-17 / Blog
Protocol Labs research funding recipients 2021, part 1
This has been a prodigious year for generating new funded collaborations between Protocol Labs Research and top academic researchers around the world! We have given out a whopping eighteen awards since August (with others pending).
Jonathan Gross
Cryptonet , CryptoComputeLab
Cryptography
2021-11-22 / Blog
Increasing software update security through PGP-compatible threshold signatures
Increasing software update security through PGP-compatible threshold signatures Whether we are aware of them or not, software updates and the systems that support them permeate the current software landscape. Given their pervasiveness, it should come as a surprise that software created to manage such updates, broadly referred to as package managers, still pose security concerns.
Lukas Zapolskas, Nicolas Gailly
Cryptonet
Cryptography
2021-10-22 / Blog
CryptoComputeLab announces proofs release version 10.0.0.0
CryptoComputeLab is very proud to release Proofs v10.0.0! A lot has changed under the hood in this release, but ultimately, it comes down to additional GPU support options and better performance during proving.
nemo, Volker Mische
CryptoComputeLab , Cryptonet
Cryptography
2021-07-29 / Blog
The Winding Journey to Proofs v8.0.0 and beyond

The proofs team is proud to announce the recent proofs releases v8.0.0, v8.0.1, and v8.0.2! These releases are Hyperdrive-enabled, which means that they contain the proof aggregation API that uses SnarkPack – in fact, the major difference between proofs v7.0.x and v8.0.x is the aggregation functionality!

nemo, Volker Mische
CryptoComputeLab , Cryptonet
Cryptography
2021-05-13 / Careers
We're hiring!
Protocol Labs Research has been growing rapidly, with the launch of CryptoComputeLab, CryptoEconLab, and CryptoNetLab, a number of new projects, and new researchers, advisors, and support staff joining the team.
Jorge M. Soares
CryptoComputeLab , CryptoEconLab , Cryptonet , ResNetLab
2021-05-10 / Blog
SnarkPack: How to aggregate SNARKs efficiently
A guided dive into the cryptographic techniques of SnarkPack This post exposes the inner workings of SnarkPack, a practical scheme to aggregate Groth16 proofs, a derivation of the Inner Pairing Product work of Bünz et al.
Nicolas Gailly
Cryptonet
Cryptography
2020-12-02 / News, Team
Anca Nitulescu joins Protocol Labs Research
Anca Nitulescu is joining CryptoLab (Update: now CryptoNetLab) as a Research Scientist. After obtaining their PhD in cryptography at ENS Paris, they worked as a Postdoctoral Scholar at Aarhus University and as Chief Cryptographer at Cosmian before coming to Protocol Labs.
Cryptonet
2020-11-23 / Blog
A research perspective on Filecoin, part two
In Part One, we traced the intellectual and technological history of modern implementations of distributed ledger technology. Now let’s take a stroll through the technological landscape around the time of Filecoin’s release:
David Dalrymple , Irene Giacomelli , Karola Kirsanow
Cryptonet , CryptoComputeLab
Cryptoeconomics , Cryptography , Distributed systems
2020-11-16 / Blog
A research perspective on Filecoin
The Filecoin network is launching in the middle of a revolution in internet architecture, where vulnerable centralized services dependent on trusted parties are being replaced with resilient decentralized solutions based on verifiable computation, and internet services are being relocated from inefficient central monoliths to the far reaches of the network by peer-to-peer markets.
David Dalrymple , Irene Giacomelli , Karola Kirsanow
Cryptonet , CryptoComputeLab
Cryptoeconomics , Cryptography , Distributed systems
2020-05-22 / News
Rosario Gennaro named 2020 IACR Fellow
In May, Rosario Gennaro was named a 2020 Fellow of the International Association for Cryptologic Research (IACR). IACR established its Fellows Program in 2002 to recognize oustanding members for significant technical and professional contributions to cryptology and related fields.
Jonathan Gross
Cryptonet , CryptoComputeLab
Cryptography
2020-02-18 / News, Team
Sarah Azouvi joins Protocol Labs Research
Sarah joins us from the Information Security Group at University College London, where she did research on consensus and worked towards her forthcoming PhD in Computer Science. During her studies, she collaborated with Protocol Labs and was also an intern at Calibra.
Cryptonet
Distributed systems , Cryptography
2020-01-27 / News, Team
Luca Nizzardo’s thesis wins UPM Extraordinary Award
Source: IMDEA Software Institute. Posted here with permission. Luca Nizzardo was a PhD student of the IMDEA Software Institute and his thesis “Cryptographic Techniques for the Security of Cloud and Blockchain Systems” defended in 2018 was directed by Associate Professor Dario Fiore.
Cryptonet
Distributed systems , Cryptography