Protocol Labs Research
About
People
Research
Outreach
Blog
Cryptonet

Cryptonet is an open distributed research lab working on applied cryptography to improve crypto-networks.

The purpose of Cryptonet is to develop and apply new cryptographic tools to secure computation and communication systems. Much of our past and current work includes designing, proving, and improving the building blocks enabling Filecoin, a decentralized storage network.

Though the group was founded to drive the creation of Filecoin, it seeks to facilitate the development and incorporation of cryptographic tools to increase security and privacy of communication, and engender new capabilities across the Web 3.0 stack.

To learn more about Cryptonet, visit the group’s website.

2022-07-06 / Report
Caulk: Lookup arguments in sublinear time
We present position-hiding linkability for vector commitment schemes: one can prove in zero knowledge that one or m values that comprise commitment cm all belong to the vector of size N committed to in C.
Arantxa Zapico, Vitalik Buterin, Dmitry Khovratovich, Mary Maller, Anca Nitulescu , Mark Simkin
2022-07-06 / Report
Linear-map vector commitments and their practical applications
Vector commitments (VC) are a cryptographic primitive that allow one to commit to a vector and then “open” some of its positions efficiently. Vector commitments are increasingly recognized as a central tool to scale highly decentralized networks of large size and whose content is dynamic.
Matteo Campanelli , Anca Nitulescu , Carla Ràfols, Alexandros Zacharakis, Arantxa Zapico
2022-07-06 / Conference paper
What makes Fiat–Shamir zkSNARKs (updatable SRS) simulation extractable?
We show that three popular universal zero-knowledge SNARKs (Plonk, Sonic, and Marlin) are updatable SRS simulation extractable NIZKs and signatures of knowledge (SoK) out-of-the-box avoiding any compilation overhead. Towards this we generalize results for the Fiat–Shamir (FS) transformation, which turns interactive protocols into signature schemes, non-interactive proof systems, or SoK in the random oracle model (ROM).
SCN 2022 / 2022.09.12 / Amalfi, Italy
Chaya Ganeshe, Hamidreza Khoshakhlagh, Markulf Kohlweiss, Anca Nitulescu , Michal Zajac
2022-06-02 / Report
On the impossibility of algebraic vector commitments in pairing-free groups
Vector Commitments allow one to (concisely) commit to a vector of messages so that one can later (concisely) open the commitment at selected locations. In the state of the art of vector commitments, algebraic constructions have emerged as a particularly useful class, as they enable advanced properties, such as stateless updates, subvector openings and aggregation, that are for example unknown in Merkle-tree-based schemes.
Dario Catalano , Dario Fiore, Rosario Gennaro , Emmanuele Giunta
2022-04-08 / Report
Witness-authenticated key exchange revisited: Improved models, simpler constructions, extensions to groups
We revisit the notion of Witness Authenticated Key Exchange (WAKE) where a party can be authenticated through a generic witness to an NP statement. We point out shortcomings of previous definitions, protocols and security proofs in Ngo et al.
2021-09-27 / Conference paper
MyOPE: Malicious security for oblivious polynomial evaluation
Oblivious Polynomial Evaluation (OPE) schemes are interactive protocols between a sender with a private polynomial and a receiver with a private evaluation point where the receiver learns the evaluation of the polynomial in their point and no additional information.
SCN 2022 / 2022.09.12 / Amalfi, Italy
Malika Izabachène, Anca Nitulescu , Paola de Perthuis, David Pointcheval
2021-09-21 / Conference paper
Count me in! Extendability for threshold ring signatures
Ring signatures enable a signer to sign a message on behalf of a group anonymously, without revealing her identity. Similarly, threshold ring signatures allow several signers to sign the same message on behalf of a group; while the combined signature reveals that some threshold t of the group members signed the message, it does not leak anything else about the signers’ identities.
PKC 2022 / 2022.03.08 / Virtual
Diego Aranha, Mathias Hall-Anderson, Anca Nitulescu , Elena Pagnin, Sophia Yakoubov
2021-05-13 / Conference paper
SnarkPack: Practical SNARK aggregation
Zero-knowledge SNARKs (zk-SNARKs) are non-interactive proof systems with short and efficiently verifiable proofs. zk-SNARKs are widely used in decentralised systems to address privacy and scalability concerns. One of the main applications is the blockchain, were SNARKs are used to prove computations with private inputs and reduce on-chain footprint verification and transaction sizes.
Financial Cryptography and Data Security 2022 / 2022.05.02 / St George's, Grenada
2021-03-18 / Report
Rinocchio: SNARKs for ring arithmetic
Succinct non-interactive arguments of knowledge (SNARKs) enable non-interactive efficient verification of NP computations and admit short proofs. However, all current SNARK constructions assume that the statements to be proven can be efficiently represented as either Boolean or arithmetic circuits over finite fields.
Chaya Ganesh, Anca Nitulescu , Eduardo Soria-Vazquez
2020-12-05 / Report
Incrementally aggregatable vector commitment techniques and applications to verifiable decentralized storage
Vector commitments with subvector openings (SVC) [Lai-Malavolta, Boneh-Bunz-Fisch; CRYPTO’19] allow one to open a committed vector at a set of positions with an opening of size independent of both the vector’s length and the number of opened positions.
Advances in Cryptology – ASIACRYPT 2020 / 2020.12.05
Matteo Campanelli , Dario Fiore, Nicola Greco , Dimitris Kolonelos, Luca Nizzardo
2020-11-17 / Conference paper
Subversion-resilient enhanced privacy ID
Anonymous attestation for secure hardware platforms leverages tailored group signature schemes and assumes the hardware to be trusted. Yet, there is an increasing concern on the trustworthiness of hardware components and embedded systems.
Cryptographers’ Track at the RSA Conference / 2022.02.07 / San Francisco, CA, USA
Antonio Faonio, Dario Fiore, Luca Nizzardo , Claudio Soriente
2020-04-08 / Conference paper
MonZa: Fast maliciously secure two party computation on Z_{2^k}
In this paper we present a new 2-party protocol for secure computation over rings of the form Z2k. As many recent efficient MPC protocols supporting dishonest majority, our protocol consists of a heavier (input-independent) pre-processing phase and a very efficient online stage.
IACR International Conference on Practice and Theory of Public-Key Cryptography (PKC) / 2020.05.04 / Edinburgh, Scotland
Dario Catalano , Mario Di Raimondo, Dario Fiore, Irene Giacomelli
2020-01-15 / Conference paper
Single secret leader election
In a Single Secret Leader Election (SSLE), a group of participants aim to randomly choose exactly one leader from the group with the restriction that the identity of the leader will be known to the chosen leader and nobody else.
ACM Advances in Financial Technologies 2020 / 2020.10.21
Dan Boneh, Saba Eskandarian, Lucjan Hanzlik, Nicola Greco
2019-11-20 / Report
Exploring connections between active learning and model extraction
Machine learning is being increasingly used by individuals, research institutions, and corporations. This has resulted in the surge of Machine Learning-as-a-Service (MLaaS) - cloud services that provide (a) tools and resources to learn the model, and (b) a user-friendly query interface to access the model.
Varun Chandrasekaran, Kamalika Chaudhuri, Irene Giacomelli , Somesh Jha, Songbai Yan
2019-10-02 / Conference paper
Efficient UC commitment extension with homomorphism for free (and applications)
Homomorphic universally composable (UC) commitments allow for the sender to reveal the result of additions and multiplications of values contained in commitments without revealing the values themselves while assuring the receiver of the correctness of such computation on committed values.
Advances in Cryptology – ASIACRYPT 2019 / 2019.10.02
Ignacio Cascudo, Ivan Damgård, Bernardo David, Nico Döttling, Rafael Dowsley, Irene Giacomelli
2019-08-24 / Conference paper
PLONK: Permutations over Lagrange-bases for oecumenical noninteractive arguments of knowledge
zk-SNARK constructions that utilize an updatable universal structured reference string remove one of the main obstacles in deploying zk-SNARKs[GKM + ]. The important work of Maller et al. [MBKM19] presented Sonic-the first potentially practical zk-SNARK with fully succinct verification for general arithmetic circuits with such an SRS.
Stanford Blockchain Conference / 2020.02.19 / Stanford, CA, USA
Ariel Gabizon , Zachary J Williamson, Oana Ciobotaru
2019-05-29 / Report
AuroraLight: Improved prover efficiency and SRS size in a Sonic-like system
Using ideas from the recent Aurora zk-STARK of Ben-Sasson et al. [BCR + 19], we present a zk-SNARK with a universal and updatable SRS similar to the recent construction of Maller et al.
2018-10-15 / Report
Scaling proof-of-replication for Filecoin mining
A proof-of-replication (PoRep) is a proof system that a server can use to demonstrate to a network in a publicly verifiable way that it is dedicating unique resources to storing one or more replicas of a data file.
2018-07-14 / Report
PoReps: Proofs of space on useful data
A proof-of-replication (PoRep) is an interactive proof system in which a prover defends a publicly verifiable claim that it is dedicating unique resources to storing one or more retrievable replicas of a data file.
2017-07-27 / Report
Power fault tolerance
Byzantine Fault Tolerance (BFT) accounts for faults as the number of faulty nodes and is thus cumbersome to apply to many modern decentralized systems. We introduce the Power Fault Tolerance (PFT) model, which reframes BFT in terms of participants' influence over the outcome of a protocol, instead of the number of nodes.
Protocol Labs
2017-07-27 / Report
Proof of replication
We introduce Proof-of-Replication (PoRep), a new kind of Proof-of-Storage, that can be used to prove that some data D has been replicated to its own uniquely dedicated physical storage. Enforcing unique physical copies enables a verifier to check that a prover is not deduplicating multiple copies of D into the same storage space.
2017-07-19 / Report
Filecoin: A decentralized storage network
The internet is in the middle of a revolution: centralized proprietary services are being replaced with decentralized open ones; trusted parties replaced with verifiable computation; brittle location addresses replaced with resilient content addresses; inefficient monolithic services replaced with peer-to-peer algo-rithmic markets.
Protocol Labs
2014-07-15 / Report
Filecoin: A cryptocurrency operated file storage network
Filecoin is a distributed electronic currency similar to Bitcoin. Unlike Bitcoin’s computation-only proof-of-work, Filecoin’s proof-of-work function includes a proof-of-retrievability component, which requires nodes to prove they store a particular file. The Filecoin network forms an entirely distributed file storage system, whose nodes are incentivized to store as much of the entire network’s data as they can.
Protocol Labs
2021-09-21
A survey of rational proofs
Protocol Labs Research Talks / 2021.09.21
2020-07-01
Vector commitment techniques and applications to verifiable decentralized storage
Theory and Practice of Blockchains 2020 / 2020.07.01
Matteo Campanelli , Dario Fiore, Nicola Greco , Luca Nizzardo , Dimitris Kolonelos
2019-02-02
Expected consensus
ConsensusDay 1 / 2019.02.02 / Stanford, CA, USA
2018-10-23
PoReps: Proof of space on real data
Lab Day 2018 / 2018.10.23 / San Francisco, CA, USA
2018-06-28
Good SNARKs are here needed
Zcon0 / 2018.06.28 / Montréal, Canada
2018-02-03
VDFs and Filecoin
VDF Day / 2018.02.03 / Stanford, CA, USA
2022-08-11 / News, Grants
Introducing Cryptonet network grants
Originally founded to drive the creation of Filecoin, Cryptonet set out to create a community of researchers and engineers working on designing, proving, improving the building blocks for crypto-networks to engender new capabilities across the Web 3.
2022-07-15 / News, Team
Ioannis Caragiannis to advise Cryptonet
Cryptonet is excited to announce that Ioannis Caragiannis will be supporting the team as a research advisor. Ioannis is a professor at Aarhus University, where he also serves as the head of the research group on computational complexity and game theory.
2022-07-05 / Blog
On algebraic vector commitments

In this post, we discuss a recent result from Cryptonet about the impossibility of succinct vector commitments in groups of known prime order.

2022-06-06 / Blog
A deep dive into DKG, chain of SNARKs, and arkworks
In this blog post I am going to share the main takeaways I have learned while implementing a proof of concept (PoC) of a Distributed Key Generation (DKG) inside of a SNARK.
2022-04-08 / News, Team
Matteo Campanelli joins CryptoNetLab as a Research Scientist
CryptoNetLab is pleased to welcome Matteo Campanelli to the team as a research scientist. Matteo previously worked as a postdoctoral researcher at Aarhus University (with Claudio Orlandi) and at the IMDEA Software Institute (with Dario Fiore).
2022-03-07 / News, Team
Dario Catalano to advise CryptoNetLab
CryptoNetLab is excited to announce that Dario Catalano will be supporting the team as a research advisor. Dario is a professor at University of Catania, where he investigates questions related to reducing the gap between theory and practice in cryptography, with a particular focus on developing advanced yet efficient encryption mechanisms and designing secure distributed digital signature schemes.
2021-12-21 / Blog
Protocol Labs research funding recipients 2021, part 2
Last week we introduced you to the researchers pursuing key problems in cryptography via RFP-009, RFP-010, and a Nucleation Grant. Now we are excited to share the recipients of research awards intended to fund proposals from PhD candidates, postdoctoral fellows, and faculty through our open grant offerings.
2021-12-17 / Blog
Protocol Labs research funding recipients 2021, part 1
This has been a prodigious year for generating new funded collaborations between Protocol Labs Research and top academic researchers around the world! We have given out a whopping eighteen awards since August (with others pending).
2021-11-22 / Blog
Increasing software update security through PGP-compatible threshold signatures
Increasing software update security through PGP-compatible threshold signatures Whether we are aware of them or not, software updates and the systems that support them permeate the current software landscape. Given their pervasiveness, it should come as a surprise that software created to manage such updates, broadly referred to as package managers, still pose security concerns.
Lukas Zapolskas, Nicolas Gailly
2021-10-22 / Blog
CryptoComputeLab announces proofs release version 10.0.0.0
CryptoComputeLab is very proud to release Proofs v10.0.0! A lot has changed under the hood in this release, but ultimately, it comes down to additional GPU support options and better performance during proving.
2021-07-29 / Blog
The Winding Journey to Proofs v8.0.0 and beyond

The proofs team is proud to announce the recent proofs releases v8.0.0, v8.0.1, and v8.0.2! These releases are Hyperdrive-enabled, which means that they contain the proof aggregation API that uses SnarkPack – in fact, the major difference between proofs v7.0.x and v8.0.x is the aggregation functionality!

2021-05-13 / Careers
We're hiring!
Protocol Labs Research has been growing rapidly, with the launch of CryptoComputeLab, CryptoEconLab, and CryptoNetLab, a number of new projects, and new researchers, advisors, and support staff joining the team.
2021-05-10 / Blog
SnarkPack: How to aggregate SNARKs efficiently
A guided dive into the cryptographic techniques of SnarkPack This post exposes the inner workings of SnarkPack, a practical scheme to aggregate Groth16 proofs, a derivation of the Inner Pairing Product work of Bünz et al.
2020-12-02 / News, Team
Anca Nitulescu joins Protocol Labs Research
Anca Nitulescu is joining CryptoLab (Update: now CryptoNetLab) as a Research Scientist. After obtaining their PhD in cryptography at ENS Paris, they worked as a Postdoctoral Scholar at Aarhus University and as Chief Cryptographer at Cosmian before coming to Protocol Labs.
2020-11-23 / Blog
A research perspective on Filecoin, part two
In Part One, we traced the intellectual and technological history of modern implementations of distributed ledger technology. Now let’s take a stroll through the technological landscape around the time of Filecoin’s release:
2020-11-16 / Blog
A research perspective on Filecoin
The Filecoin network is launching in the middle of a revolution in internet architecture, where vulnerable centralized services dependent on trusted parties are being replaced with resilient decentralized solutions based on verifiable computation, and internet services are being relocated from inefficient central monoliths to the far reaches of the network by peer-to-peer markets.
2020-05-22 / News
Rosario Gennaro named 2020 IACR Fellow
In May, Rosario Gennaro was named a 2020 Fellow of the International Association for Cryptologic Research (IACR). IACR established its Fellows Program in 2002 to recognize oustanding members for significant technical and professional contributions to cryptology and related fields.
2020-02-18 / News, Team
Sarah Azouvi joins Protocol Labs Research
Sarah joins us from the Information Security Group at University College London, where she did research on consensus and worked towards her forthcoming PhD in Computer Science. During her studies, she collaborated with Protocol Labs and was also an intern at Calibra.
2020-01-27 / News, Team
Luca Nizzardo’s thesis wins UPM Extraordinary Award
Source: IMDEA Software Institute. Posted here with permission. Luca Nizzardo was a PhD student of the IMDEA Software Institute and his thesis “Cryptographic Techniques for the Security of Cloud and Blockchain Systems” defended in 2018 was directed by Associate Professor Dario Fiore.