Leo Fan from Cysic is our architect of Prize 1: Beat the Best (FPGA/GPU). In this blog we’ll dive into his background, what motivates his work in the space of zero-knowledge tech, why he and Cysic are involved with ZPrize and what types of proofs Leo thinks may help mitigate the risks of quantum computing.
I got my PhD in cryptography from Cornell, after which I spent some time as a postdoc and research scientist at several organizations. Today, I am an assistant professor in the Department of Computer Science at Rutgers.
In terms of ZPrize, I believe privacy is a basic human right and that collaboration is necessary to move us forward towards the realization of that ideal. In cryptography we design certain privacy preserving schemes that allow you to verify a transaction, keeping the bulk of data private. All in all, however, most of these schemes or protocols are not ready for real-world deployment due to inefficiencies related to their design and performance.
As ZPrize continues to produce advancements in hardware acceleration related to privacy protocols and schemes, these structures will become ready for real-world deployment. This is the true value of collaborative competition.
It’s worth mentioning that ZK-tech unto itself cannot help too much in mitigating the risks of quantum computing. ZK-tech is used to certify that some statement is true without revealing private information, while quantum computing presents a significant challenge to many of the cryptographic systems we use today.
To defend against the threats of quantum computing, we need to consider building post-quantum secure zero-knowledge proofs, for which STARKs are the most logical underlying structures.
The key assumption underlying STARK-based systems is that a hash function is conjectured to be quantum secure if its parameters are set correctly. To get more confidence in the post-quantum security of STARKs, we need to make our hash functions more ZK-friendly and more efficient, while ensuring they can achieve the same security level as those we currently depend on.
Another example here is the lattice-based ZKP designed by the Linea team. The assumptions based on lattices have been studied extensively in the past 20 years without making much progress in cracking these assumptions quantumly or classically, until recently.
In NIST’s current post-quantum cryptography standards, all of the standardized schemes are based on lattices. Using their example, we can also explore more efficient constructions of zero-knowledge proofs using lattices.
What role do zero-knowledge proofs and protocols play in preventing data leakage from machine learning algorithms/systems?
As we’ve said, zero-knowledge proofs allow us to verify whether a statement is true or false without revealing any personal or identifying information about the parties involved. For example, it can be used to prove that the result of an inference comes from GPT4 instead of GPT2.
ZKPs can also be used in combination with multiparty computation protocols or homomorphic encryption to prevent data leakage from machine learning systems. Even so, ZKPs do not give us the power to do computations with encrypted data, which is a hurdle in the area of machine learning algorithms and systems.
So far it seems substantial progress is needed to use ZKPs to push forward research quality and accuracy. For instance, we can write some kind of circuit which checks a research statement and its reasoning as the witness. Through doing so, we can also use the resultant ZKP to generate a proof of the reasoning and make it easier to verify.
I think it can. As we know, machine learning has a larger sized audience than the blockchain community. Recent advancements, like ChatGPT, open up new possible applications for machine learning.
As the underlying AI models become more complicated, it also becomes nearly impossible for humans to distinguish the results they generate from those generated by different models. To address this problem, we can attach a ZK-proof to the inferred result to certify that the result is indeed from the specified AI model or models. This combination of ZK and ML, along with with possible others, can lead to better scaling of ZK-applications.
Inside the blockchain community I believe we have done a very good job in educating about ZK. ZK is trending in our community and we are exploring all possible applications of it. Despite this, I think we are not doing enough with ZK education outside the blockchain community. Building successful products at the application layer would help immensely. Even a simple application using ZKP, as in a zero-knowledge proof system to track ESG emissions, could attract the interest of a wide swathe of people outside of the blockchain space.
Speed of proof generation is one of the top obstacles preventing wide-scale deployment of zero-knowledge proofs. There are two ways to address this problem. The first is hardware acceleration, as in what Cysic and our peers are working on.
The other way is to design more efficient ZK algorithms, like Hyperplonk and the recent progress made with folding schemes. The combination of these two approaches can significantly improve the proof generation speed of zero-knowledge proofs.
I feel like post-quantum security research in ZK is a bit underappreciated. The hash functions we design and use in the ZK space don’t currently attract enough research effort in this area. On the contrary, the NIST standardized hash function, which is not ZK friendly, underwent thorough scrutiny related to post-quantum security, which leads me to believe we should pay more attention to its approach to security and the related parameter settings.
By the time Cysic was incorporated last year, the ZPrize 2022 competition was already over. Consequently we got some inspiration from last year’s competition and are now excited to contribute more directly to the community. The thesis of ZPrize is to accelerate the use of ZK in the real world, which aligns with the goal of Cysic. Besides that, we really enjoy the vibe of the technical discussion on the Discord channel. During our engineering process, we have found some interesting facts which we would like to share with everyone involved with ZPrize.
As we roll into next year, the total energy consumption for ZK computation will hit a high mark as well. To reduce the future impact, we are adding the consideration of energy consumption as one of our metrics for evaluating competitors this year. So, ZPrize gives us the opportunity to promote the idea of natural-friendly ZK computation in the blockchain community. All in all, this is why we volunteered to architect the track focused on end-to-end proof acceleration for ZPrize’23.
There are three great ways to stay in the loop with Cysic. First, we regularly publish our engineering progress on Twitter. Second, we write blog posts explaining certain design choices related to our hardware, how we view the hardware space, and how we believe we can accelerate the proof generation of some latest proof systems. Lastly, I personally have written research papers about cryptography, formal methods and hardware acceleration and plan to post these drafts to eprint (https://eprint.iacr.org/).
–
Interested in getting involved in ZPrize 2023? Head to our Discord and join in on discussions as the competition continues to take shape!