Captain McAteer pfp

Captain McAteer

@firn

54 Following
59 Followers
Captain McAteer pfp
Captain McAteer
@firn
WTH is "Warpcast", and why did I just receive an email about it?
1 reply
0 recast
1 reaction
Captain McAteer pfp
Captain McAteer
@firn
as for how i built confidence, the unsatisfying answer is: extreme rigor, diligence and care at every step. i actually don't have such a high opinion of audits. btw, the original paper is extremely thoroughly spec'd out; see Appendix A of https://eprint.iacr.org/2020/293.pdf
0 reply
0 recast
0 reaction
Captain McAteer pfp
Captain McAteer
@firn
(note that these zkps have no trusted setup and are secure under the discrete log assumption alone.) and actually, this arguably makes verification on the whole much easier than it is in the circuits + prover setting, since it's very self-contained.
1 reply
0 recast
0 reaction
Captain McAteer pfp
Captain McAteer
@firn
secondly, Firn actually doesn't use "circuits" in the sense of TCash, Aztec, etc., (those protocols break the cryptography into a "circuits" and a backend "prover"). Firn uses hand-designed zero-knowledge proofs, constructed specifically for its purposes. so these can/should be verified directly in the contracts.
1 reply
0 recast
1 reaction
Captain McAteer pfp
Captain McAteer
@firn
it's a multi-step answer. first, the vast majority of the criticality resides in the contracts, rather than the front-end, since (most) contract bugs lead to loss of funds, while (most) front-end bugs lead only to temporary inaccessibility of funds.
1 reply
0 recast
0 reaction
Captain McAteer pfp
Captain McAteer
@firn
correct, this is intentional (for now). but linking to a private repo was not šŸ˜€sorry about this. can you tell me where it is linked to?
1 reply
0 recast
0 reaction
Captain McAteer pfp
Captain McAteer
@firn
btw; it's already live! https://www.firn.cash.
0 reply
0 recast
0 reaction
Captain McAteer pfp
Captain McAteer
@firn
i actually mean the term "euphemistically" literally hereā€”not in the sense of "derogatively", but literally as "calling it something more pleasant than it is". i.e., Aztec's indexer barely deserves the title "roll-up" (since it's really an indexer / proof bundler). so i'm not knocking roll-ups; actually the opposite.
1 reply
0 recast
0 reaction
Captain McAteer pfp
Captain McAteer
@firn
www.firn.cash. also just added it to my profile
0 reply
0 recast
0 reaction
Captain McAteer pfp
Captain McAteer
@firn
so some big differences. i am making a bet that these will prove to be crucial (feel free to check out Aztec's discord to see how many bugs they're already dealing with). or better yet: check out our discord šŸ˜€ always happy to talk ZK and privacy with anyone here.
0 reply
0 recast
0 reaction
Captain McAteer pfp
Captain McAteer
@firn
in Aztec, they call this setupā€”i.e., unassisted proof-generationā€”an "emergency withdrawal". it requires that you spin up their entire "roll-up" / indexer _yourself_, locally. i'm not sure whether anyone has even tested this, and have no clue how expensive it would be.
1 reply
0 recast
0 reaction
Captain McAteer pfp
Captain McAteer
@firn
that's it. and no IP tracking. thus Firn's liveness and efficiency guarantees have _no_ reliance on heavy off-chain infrastructure, i.e. a bundling or indexing service (euphemistically called a "roll-up"). you can generate proofs in well under a second, using your browser alone, and by talking through your RPC alone.
2 replies
0 recast
0 reaction
Captain McAteer pfp
Captain McAteer
@firn
the exception is when you actually kick off a private withdrawal/transfer. for privacy reasons, this _must_ be gasless. since we don't have account abstraction yet, we must implement this using the Firn Relay: an ultra-lightweight transaction forwarding service. all it does is receive your ZKP and pay the gas.
1 reply
0 recast
0 reaction
Captain McAteer pfp
Captain McAteer
@firn
moroever, Firn's front-end only "talks to" the blockchain _through_ your wallet, and doesn't initiate any "backdoor" connections to Firn-specific services during sync/proofgen. this gives you full control over which RPC provider you use (i.e., you can select this at will in your wallet). you can even use your own node.
1 reply
0 recast
0 reaction
Captain McAteer pfp
Captain McAteer
@firn
in fact, Firn never "syncs" at all, in the sense that the Firn browser client never even caches state on the device. you can use Firn on a completely freshā€”and even untrustedā€”device with no performance or security implications whatsoever. you can even use Firn through Tor.
1 reply
0 recast
0 reaction
Captain McAteer pfp
Captain McAteer
@firn
with Firn, you can "synchronize" (i.e., determine your own account state, and in particular your account balance) in O(1) time and O(1) bandwidth. i.e. a small constant, independent of - the total state size of the system - the time elapsed / transactions posted since you last sync'd. same drill for proof-generation.
1 reply
0 recast
0 reaction
Captain McAteer pfp
Captain McAteer
@firn
i realized here people actually read what I write. just to explain what I'm working on: Firn is a privacy service which evades certain inefficiencies our competitors (read: Aztec) face. it's able to do this because it uses completely different cryptography (it's account-based privacy, instead of UTXO-based privacy).
2 replies
0 recast
1 reaction
Captain McAteer pfp
Captain McAteer
@firn
the Snap lets you do this. it lets 3rd-party Dapps create the user interface, solicit the user's inputs, assemble the Solidity arguments / contract calls, and so onā€”and then pipe all that into Firn, which will generate the ZKP. the effect is that you just used that dapp, but anonymously.
0 reply
0 recast
0 reaction
Captain McAteer pfp
Captain McAteer
@firn
e.g., Uniswap's front-end does all sorts of parameter creation/construction under the hood. if you look at the actual smart contracts sitting underneath, they're complicated, with complicated interfaces. so we need to combine two things: a dapp which exposes a nice front-end to the user and creates args, and Firn.
1 reply
0 recast
0 reaction
Captain McAteer pfp
Captain McAteer
@firn
i.e., Firn is able to call any function on any smart contract privately. the annoying part is UX: if you do this the standard way through Firn's main app, you have to enter in all the Solidity arguments (or raw calldata) manually. this is not fun, since the whole point of dapp UIs is to assemble this for you.
1 reply
0 recast
0 reaction