Hey! I'm David, the author of the Real-World Cryptography book. I'm a crypto engineer at O(1) Labs on the Mina cryptocurrency, previously I was the security lead for Diem (formerly Libra) at Novi (Facebook), and a security consultant for the Cryptography Services of NCC Group. This is my blog about cryptography and security and other related topics that I find interesting.

noname developer update #4: showcasing method calls posted September 2022

This is part 4 of a series on noname. See part 1, part 2, and part 3.

I just implemented method calls in noname, and I made a video showcasing it and checking if the implementation is correct with some simple examples.

Don't forget, if you want to play with it check it out here: https://github.com/mimoo/noname and if you have any questions or are running into something weird please leave a comment on the Github repo!

comment on this story

noname developer update #3: user-defined functions posted September 2022

I guess this is part 3. With part 1 introducing noname, a programming language inspired by rust that makes use zero-knowledge proofs to provide verifiable computation, part 2 going over a simple arithmetic example and part 3 going over custom types.

In this update, I showcase a new feature: functions, and go through the debug compilation of an example program to see if the implementation is sound (that it constrains what it is supposed to constrain). In this video I do something more: I optimize the implementation of assert_eq so that you can see a bit of the compiler internals. I also end the video abruptly, thinking I found a bug in the implementation. If you were an attentive student, you would have figured out that there was no bugs: doing things on constants does not create any gates.

You can play with the noname language here! And you can read the noname book as well.

comment on this story

noname developer update #2: structs are working! posted September 2022

noname is the DSL I'm working on to write rust-like programs and prove their executions using zero-knowledge proofs.

The previous post used noname as an education tool to explain how programs get compiled to gates and constraints.

In this post, I showcase a new feature: custom gates, and go through the debug compilation of an example program to see if the implementation is sound (that it constrains what it is supposed to constrain).

Don't forget, you can play with the noname language here! And you can read the noname book as well.

comment on this story

noname developer update #1: learning about zero-knowledge apps and circuits using the noname educational DSL posted September 2022

I've talked about noname previously, my toy side project to create a DSL to write zkapps on top of kimchi.

I've recorded a video that showcase it, and walks through the circuit output by compiling one of the example. It might not make too much sense if you don't know about kimchi or plonk. And so you might want to watch my series of videos on plonk beforehands.

you can play with the noname language here

comment on this story

the noname language, a toy DSL for zkapps posted September 2022

I've been spending a few weekends working on a DSL for writing zero-knowledge programs. It's been a fun project that's taught me a LOT about programming languages and their designs. I've always thought that it'd be boring to write a programming language, but my years of frustrations with languages X and Y, and my love for features Z and T of L, have made me really appreciate tweaking my own little language to my preferences. I can do whatever I want!

It's called "noname" because I really didn't know what name to give it, and I still haven't found a good one. You can play with it here: https://github.com/mimoo/noname, it is still quite bare bone but I'm amazed at what it can already do :D

It is very close to Rust, with some ideas from Golang that I liked. For example, I do not implement too much inference because it decreases readability, I force the user to qualify each library calls, I forbid shadowing within a function, etc.

Programs look like this:

use std::crypto;

fn main(pub public_input: Field, private_input: [Field; 2]) {
let x = private_input[0] + private_input[1];
assert_eq(x, 2);

let digest = crypto::poseidon(private_input);
assert_eq(digest[0], public_input);
}

and you can use the CLI to write your own programs, and generate proofs (and verify them). Underneath the kimchi proof system is used.

But the really cool feature is how transparent it is for developers! If you run the following command with the --debug option for example:

\$ cargo run -- --path data/for_loop.no --private-inputs '{"private_input": ["2", "3", "4"]}' --public-inputs '{"public_input": ["9"]}' --debug

you will get a nice output teaching you about the layout of the compiled circuits:

as well as how the wiring is done:

I think there's a lot of educational benefit from this approach. Perhaps I should make a video going over a few circuits :)

comment on this story

I'm launching a podcast: Two And A Half Coins posted August 2022

It's been forever since I've been thinking of doing a podcast. Today I decided screw it, I'll do it live.

From the description:

This series focuses on teaching you about cryptocurrencies from the very start! We'll start with databases, banks, distributed systems, and we will then go further with Bitcoin, Ethereum, Mina, and other cryptocurrencies that are making the world advance today.

Listen to it here or on your favorite platform:

Or just listen to it here:

Cryptocurrencies from scratch: databases, the banking world, and distributed systems

This is the first episode of a series on cryptocurrencies. In this series I will tell you about cryptocurrencies from scratch. This first episode is quite non-technical and should be easy to understand for most folks. I will explain what databases are, how banks around the world move money around, and what cryptocurrencies fundamentally offer.

Bitcoin from scratch: The Bitcoin client, public keys and signatures, and the miners

In the previous episode we briefly talked about what cryptocurrencies fundamentally are, and what problems they attempt to solve. In this episode we'll dig int our very first cryptocurrency: Bitcoin. This will be a high-level overview that will cover what the software looks like, what cryptographic signatures are, and who are these miners who process transactions.

More on Bitcoin: How does mining work? What are hash functions? And what is Proof of Work?

In this third episode we'll dig more into the tech of Bitcoin. But for that, we'll need to talk briefly about cryptographic hash functions and how they work. Once done, we'll talk about mining, proof of work, chains of blocks, and mining pools!

comment on this story

JournalDuCoin: Cryptographie, VMs & circuits posted August 2022

I was on JournalDuCoin and spent 2 hours talking with Sam and Louis (Starkware) about zero-knowledge, circuits, VMs, etc.

Beware, it's in French, and you watch it here:

comment on this story