disrupting tech, verify don't trust, recipes for SNARKs
🧠 Big idea: Forget antitrust, let tech disrupt itself
by Christian Catalini
Today we’re at a critical policymaking juncture for all of our digital infrastructure, including AI, robotics, financial services, and digital marketplaces. If the United States wants to continue to lead, it must create the right conditions for competition to thrive. As in the early days of the internet, this starts with policymakers embracing and nurturing a novel architecture based on open protocols.
But how can open protocols limit the power of big tech intermediaries and accelerate a new wave of innovation? In Latin, intermediary means “in the middle.” While intermediation can be helpful — many transactions would never exist without them — when intermediaries accumulate too much power, they not only capture all of the value they create but also slow progress.
Accumulating power is a natural result of being an intermediary: When you’re in the middle, you have access to better information than either side, can decide on what terms others participate, and shape interactions to your advantage. Historically, we’ve alternated between the rise of new intermediaries and the subsequent push to remove them from their privileged position.
In an op-ed first published on Forbes, Christian Catalini, cofounder of Lightspark and the MIT Cryptoeconomics Lab, proposes an effective approach to rein in powerful intermediaries.
📝 read op-ed
🕵️ Trend spotting: Don’t trust, verify
with Justin Thaler, Sam Ragsdale, Michael Zhu, and Robert Hackett
Verifiable computing is a method for trustlessly outsourcing computation — and it’s a fast-evolving area of technology that could scale blockchains. More generally, verifiable computing could also help decentralize the internet, with applications ranging from software supply chain security to social media feed and app store curation. In the latest episode of web3 with a16z, we dig into the world of verifiable computing through the lens of zkVMs — or zero-knowledge virtual machines — tools that enable computers to prove that they ran programs correctly, as well as the SNARKs (another cryptographic tool) that enable them to work their magic.
Joining the conversation are members of the a16z crypto research and engineering teams who spent the past year closely collaborating to develop the simplest, most performant zkVM to date: Jolt. Together, they explore the intellectual history of the field, the surprising similarities between SNARK design and computer chip architecture, the opposing benefits of general purpose versus application specific programming, and the challenges of turning abstract research theory into concrete engineering practice.
🎧 listen to podcast
📺 watch video
🫴 share tweet | cast | linkedin
see also:
🎧 “Definitions, Security and Sumcheck in ZK Systems with Justin Thaler” — a deeper dive into the protocol that powers Jolt on the Zero Knowledge Podcast
📺 Jolt, zkVMs, and speeding up blockchain — a quick (five minute) explanation of what Jolt is and why it's important.
📺 Correcting some SNARK misconceptions — a deeper dive into some of the common misconceptions behind Lasso (the theoretical foundation of Jolt) and how this new paradigm works.
Jolt updates since launch:
Standard library support: a16z crypto engineer Noah Citron shipped support for Rust's standard library, making Jolt much easier to use.
External contributors: Jolt now has 10 total contributors and has merged 40 pull requests.
Wiki improvements: The wiki describing everything you need to know about Jolt — and a crash course on multilinear SNARKs — is improving every day.
Minor speed improvements (sub 10%)
Work begun on: GPU compatibility, multiplication extension, better abstractions and readability, as well as support for multiple fields and polynomial commitment schemes — more on that last point below
⚡ Going deeper: Recipes for SNARKs (Binius x Jolt)
by Justin Thaler
The Binius commitment scheme for multilinear polynomials — a way of compressing data so it does not all have to be sent to a SNARK verifier — which Vitalik describes with brilliant clarity in his recent blog post, represents a major advance. But a polynomial commitment scheme is just one component of a SNARK. To create a complete SNARK, it must be paired with a polynomial IOP (interactive oracle proof), in order to prove that the committed data actually validates the prover’s claims.
The SNARK community often highlights commitment schemes as the key building block of a SNARK. It's important also to remember the vital role of the other component, the polynomial IOP.
Binius' commitment is specifically compatible with polynomial IOPs that use the sum-check protocol. Sum-check relies on multilinear polynomials, not univariate ones, meaning it can be directly combined with the Binius commitment scheme, and FRI-Binius, a variant with shorter proofs, even uses sum-check internally. Sum-check polynomial IOPs also operate across fields of any characteristic, which is crucial for taking full advantage of Binius’ novel performance traits. But Binius's commitment is not compatible with the polynomial IOPs that are most popular today, which unfortunately don’t use sum-check.
Of course, designing a fast polynomial IOP requires much more insight than just the phrase "apply sum-check." Binius makes use of over a decade’s worth of work employing the sum-check protocol to implement prover-efficient polynomial IOPs. In fact, Sections four and five of the Binius paper are devoted to designing new highly efficient sum-check-based polynomial IOPs to combine with the commitment scheme.
Jolt is the only zkVM today that is exclusively based on the sum-check protocol. For this reason, the Binius commitment and Jolt go together like peanut butter and jelly. Incorporating the Binius commitment scheme into Jolt is our highest priority.
related resources, read:
🧊 “Binius: highly efficient proofs over binary fields” by Vitalik Buterin — an overview of the Binius polynomial commitment scheme which can accelerate prover speed, and which pairs perfectly with Jolt
🧮 “Succinct Arguments over Towers of Binary Fields” by Benjamin E. Diamond and Jim Posen — the original Binius paper from 2023
🗼 “Polylogarithmic Proofs for Multilinears over Binary Towers” by Benjamin E. Diamond and Jim Posen — a newer variant of Binius with shorter proofs from 2024
⚡ “Boosting Lasso+Jolt through faster commitments – with far-reaching consequences” by Justin Thaler — explains how Binius modifies the Ligero/Brakedown commitment scheme and can lead to dramatically faster SNARKs
💪 “The Unreasonable Power of the Sum-Check Protocol” by Justin Thaler — an overview of the sum-check protocol and how to apply it
…we accept the fact that we had to sacrifice a whole saturday in detention
-- Robert Hackett, Tim Sullivan, & the a16z crypto team
You’re receiving this newsletter because you signed up for it on our websites, at an event, or elsewhere (you can opt out any time using the ‘unsubscribe’ link below). This newsletter is provided for informational purposes only, and should NOT be relied upon as legal, business, investment, or tax advice. Furthermore, the content is not directed at nor intended for use by any investors or prospective investors in any a16z funds. Please see a16z.com/disclosures for additional important details, including link to list of investments.