Tags → #phd

Recursive proof composition without the abyss: Halo to Nova

2 May 2026

The path from Halo's accumulation scheme to Nova's folding scheme, derived from the recurrence relation. Where Halo2, Nova, SuperNova, and HyperNova actually differ, and which one to reach for in 2026.
PPST: extending SPST to arbitrary private computation

2 May 2026

F_RP Construction II. Generalises SPST to private programmable state: arbitrary arithmetic circuits over committed pre/post-state, with R1CS-embedded program execution and atomic PPST-SPST composition.
Halo2 in 2026: what changed since the Zcash era

1 May 2026

A survey of the Halo2 ecosystem six years after the Zcash team published it — what stayed the same (PLONKish, lookups, IPA), what evolved (KZG, gadget libraries, fork landscape), and what we ship today.
SPST: a self-paying shielded transaction model

30 Apr 2026

First construction in F_RP. The SPST relation, balance conservation under DLOG, double-spend resistance under collision-resistant PRF, unlinkability under DDH, simulation-extractable non-malleability.
Circom, by example

30 Apr 2026

A DSL primer told through one circuit — proving knowledge of a Poseidon pre-image. Every Circom keyword annotated as it appears, the constraint graph drawn out, and the R1CS fall-through to a witness.
Proving in the browser, by the numbers

29 Apr 2026

What is actually feasible inside a browser tab in 2026 — Groth16 prover times for Poseidon, Range, and Merkle circuits, the WASM threading story, and where the main thread stops being a viable home for your prover.
Merkle inclusion proofs over compressed account state on Solana

29 Apr 2026

How a 32-byte hash and a logarithmic path replace a multi-kilobyte account. Walk the tree-height math, the Light Protocol compressed-account model, and an inclusion-proof construction you can run in Node.
The fee paradox: why every smart-contract privacy mixer needs a relayer

28 Apr 2026

On account-model chains the very act of paying a transaction fee deanonymises the recipient. This post formalises the paradox, walks through three resolutions, and sets up the SPST construction that resolves it inside the ZK proof itself.
Relayerless privacy on a Turing-complete L1: an intro to F_RP

26 Apr 2026

A series-opening map of the relayerless full-privacy framework I've been writing up. Five cryptographic games, four constructions (SPST, PPST, TAB, UPEE), one main theorem — and why it matters that the target chain is Solana.
Poseidon, by hand and by code

22 Apr 2026

Why one of the cheapest hashes in zero-knowledge cryptography also has the strangest insides. Derive the S-box, count the constraints, and run a 30-line implementation in the browser.

Tags → #phd

# Recursive proof composition without the abyss: Halo to Nova

# PPST: extending SPST to arbitrary private computation

# Halo2 in 2026: what changed since the Zcash era

# SPST: a self-paying shielded transaction model

# Circom, by example

# Proving in the browser, by the numbers

# Merkle inclusion proofs over compressed account state on Solana

# The fee paradox: why every smart-contract privacy mixer needs a relayer

# Relayerless privacy on a Turing-complete L1: an intro to F_RP

# Poseidon, by hand and by code

Recursive proof composition without the abyss: Halo to Nova

PPST: extending SPST to arbitrary private computation

Halo2 in 2026: what changed since the Zcash era

SPST: a self-paying shielded transaction model

Circom, by example

Proving in the browser, by the numbers

Merkle inclusion proofs over compressed account state on Solana

The fee paradox: why every smart-contract privacy mixer needs a relayer

Relayerless privacy on a Turing-complete L1: an intro to F_RP

Poseidon, by hand and by code