From 2894247adb7b65efb649630460150af09d148354 Mon Sep 17 00:00:00 2001 From: AmalyStark <129071621+AmalyStark@users.noreply.github.com> Date: Wed, 25 Oct 2023 13:52:34 +0000 Subject: [PATCH 1/4] =?UTF-8?q?Create=20Post=20=E2=80=9Csafe-and-sound-a-d?= =?UTF-8?q?eep-dive-into-stark-security=E2=80=9D?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...-sound-a-deep-dive-into-stark-security.yml | 100 ++++++++++++++++++ 1 file changed, 100 insertions(+) create mode 100644 _data/posts/safe-and-sound-a-deep-dive-into-stark-security.yml diff --git a/_data/posts/safe-and-sound-a-deep-dive-into-stark-security.yml b/_data/posts/safe-and-sound-a-deep-dive-into-stark-security.yml new file mode 100644 index 0000000000..27334034ca --- /dev/null +++ b/_data/posts/safe-and-sound-a-deep-dive-into-stark-security.yml @@ -0,0 +1,100 @@ +id: de4b9b79-4ff2-4e64-b6e7-dd9856cbdccc +post_type: article +title: Safe and Sound – A Deep Dive into STARK Security +toc: true +published_date: 2023-10-25T13:48:05.431Z +category: engineering +topic: + - 266fa988-350c-4842-b74e-379068ddcf34 +blocks: + - type: markdown + body: >- + #### Explore the Full Security Analysis of STARK + + + #### TL;DR + + + * Non-interactive STARKs start as *Interactive* Oracle *Proofs* (IOPs), compiled into non-interactive ones in the random Oracle model. + + * This post explains the recent update to the [ethSTARK documentation](https://eprint.iacr.org/2021/582.pdf), which gives a full and concrete analysis of the security of the ethSTARK protocol in the random oracle model. + + + ## STARK Security Explained + + + A STARK proof system (Scalable Transparent Argument of Knowledge) is a powerful tool for computational integrity: it allows verifying the correctness of computations performed on public data in a trustless manner. In this blog post, we delve into the security provided by STARK proofs, defining it and exploring techniques to prove scheme security. + + + (Read Section 6 in the ethSTARK documentation (version 1.2) for full details and the important and comprehensive [independent work](https://eprint.iacr.org/2023/1071.pdf) of Block et al. on the topic.) + + + What are we trying to achieve with our security analysis? We would like to prevent a “successful attack” on the STARK system, which is given by a false statement and a STARK proof accepted by the STARK verifier for this (false) statement. Since false statements are dangerous and they can come in all sizes and shapes, we want to be secure against *all* false statements. Any false statement, even as trivial as 1+1=3, combined with a STARK proof accepted by a STARK verifier for this statement, is considered a successful attack on the system. (Those with a cryptographic background may be interested to know that STARKs also satisfy stronger security notions such as *[knowledge soundness](https://eprint.iacr.org/2016/116.pdf)*, but for simplicity, this post focuses on the simpler case of soundness.*)* + + + How do we formally define the security of a STARK system? We do so by analyzing the “soundness error” which roughly measures the expected “cost” that an attacker would need to spend to construct a successful attack (i.e., find a STARK proof for a false statement that nevertheless is accepted by the STARK verifier). Mathematically speaking, the soundness error is a function *e*(*t*) that gets as input a time parameter “*t”*, representing the amount of computation time an attacker is willing to spend to mount the attack and outputs the success probability of the attacker in succeeding with the attack (finding a convincing proof of a false statement). As the “cost” *t* that the attacker is willing to spend grows, his success probability increases. + + + Thus far, we have defined the security of STARKs as a function *e(t),* which is not the way you naturally discuss security, say, on crypto Twitter. There, you probably heard statements of the form “The scheme has 96 bits of security”. How does such a statement translate to our security definition? There is no one answer to this, as people have slightly different interpretations of “*x* bits of security”: + + + * A very strict translation would mean that for any *t* between 1 and 2⁹⁶, the soundness error is *e*(*t*) *≤ 2⁹⁶* . This means that any attacker running time at most *2⁹⁶* has a tiny probability of success, smaller than *1/2⁹⁶*, which is smaller than one in a billion times a billion times a billion. + + * A more relaxed, and perhaps more common, translation is that 96 bits of security means that for any *t*, it holds that *t*/*e*(*t*) *≥ 2⁹⁶*. This means that the success probability is (inverse) linear to the running time. For example, if an attacker has a running time 2⁸⁶, its success probability is at most 1/2¹⁰. + + + In this blog post, we will relate to the second option. + + + ## From IOPs to STARKs with 96-Bit Security + + + So how do we prove that a scheme has 96 bits of security? To answer that, we need to understand the high-level structure of how STARKs are constructed. A STARK consists of three main ingredients: an IOP (interactive oracle proof), a Merkle tree, and a Fiat-Shamir hash; the main component we will focus on is the IOP. Once these components are specified, one can compile them to yield a STARK. We will elaborate on these, what they are, and how to assemble them together. + + + The first component we’ll review is the IOP: An IOP is similar to a standard interactive proof, where a prover and verifier interact for multiple rounds (we limit ourselves to public-coin protocols, where the verifier only sends random challenges to the prover). In an IOP, the verifier does not read the prover messages entirely but instead samples a small number of bits from each prover message. This is what allows the succinctness of the later compiled STARK. + + + So we have an IOP, how do you build a STARK from it? The prover messages might be long (actually, they are longer than the computation itself). To compress the messages, we use Merkle trees. A Merkle tree is a binary hash tree where each leaf node represents a query or an answer in the IOP. The root of the tree is a commitment to the entire message. When the verifier wants to read a specific location in a message, the prover provides the value at the location and an authentication path. The verifier can then use the path to verify that the value is correct. The IOP verifier reads only a small number of locations from the prover messages. Thus, using a Merkle tree results in a succinct protocol (one with small communication). + + + ![stark security](https://starkware.co/wp-content/uploads/2023/10/stark-security.jpg) + + + ## Compressing Rounds + + + One may opt for interactive STARKs, meaning, but often it is convenient to make them non-interactive to simplify the process of generating them, so that the prover need not wait for external messages when constructing one. Indeed, this is the way currently all STARK systems are deployed, and this is the way the ethSTARK protocol is constructed. Non-interactive STARKs are also a special case of transparent SNARKs (transparency means that no trusted setup is needed to instantiate them; this is also known as an “Arthur Merlin protocol” or a “public coin IOP”). To this end, a final step is to apply Fiat-Shamir to compress the rounds to a single message, which we’ll call the STARK Proof. The Fiat-Shamir transformation converts an interactive protocol into a non-interactive one. The prover simulates the interactive protocol while “talking to a hash function”. To derive the random challenge for round *i*, the prover hashes the partial transcript up to round *i*, and interprets the output as the next challenge. + + + This ensures that the prover cannot change their responses after the challenge has been generated. However, the cheating prover has some new strategy avenues that it did not have with the interactive IOP. The prover can regenerate the verifier challenge by modifying the last prover message, which would give a new transcript and thus, a new challenge. As it turns out, the standard soundness notion of IOPs does not suffice to prove the security of the Fiat-Shamir transformation. + + + For example, consider an IOP with 96 rounds with the following “hack” to the verifier: if the first bit of the randomness of the verifier is 0 in each of the 96 rounds then the verifier accepts (without looking at the proof whatsoever). One can see that adding this hack to the verifier only adds a term of *1/2⁹⁶* to the soundness error of the IOP. However, after the Fiat-Shamir transformation, an attacker can easily modify the prover messages to ensure that each hash begins with a zero, essentially breaking the system within a very short time. Rest assured, this scary scenario is merely a theoretical example, not one that applies to deployed STARKs. So, let’s see why our STARKs are secure after all? In a nutshell, we’ll show that an attacker running at most t steps will succeed in attacking with probability at most *e(t) ≤ t / 2⁹⁶*. Details follow. + + + ## IOPs and Round-by-Round Soundness + + + A STARK can only be as secure as its underlying IOP. But what does it mean for an IOP to have 96-bits of security? The standard definition would say that the IOP has soundness error *1/2⁹⁶*: meaning that the probability of any attacker (regardless of running time) fooling the verifier is at most *1/2⁹⁶*. However, as we discussed, IOP soundness is only one component out of three, which does not suffice to get 96 bits of security for the STARK compiled from all three steps. Instead, the security of the compiled STARK is proven, assuming the STARK has 96 bits of *round-by-round* soundness error (sometimes a similar definition called *state-restoration soundness* is used). + + + Intuitively, the round-by-round soundness says that every round has 96-bits of security and not just the overall protocol. In more detail, round-by-round says that there exists a predicate that gets a partial transcript of the protocol and tells us if this transcript is “fooling”: The empty transcript is not “fooling”, a full transcript is “fooling” if and only if the verifier accepts it. Finally, for any partial transcript that is not one that “fools” the verifier, the probability that in the next round the transcript will become “fooling” is at most *1/2⁹⁶*. If such a predicate exists with these properties, we say that the protocol has 96 bits of round-by-round soundness (the predicate is not required to be efficiently computable). + + + In many cases, only the soundness of an IOP is analyzed and not its round-by-round soundness. Admittedly, it is hard to think of examples where an IOP has standard soundness but not round-by-round soundness (except for contrived examples). However, the differences between the two might come up when deriving concrete security bounds where each bit matters. Thus, to derive tight and concrete bounds, one must give a tight analysis of the round-by-round soundness of the IOP. This is precisely what we do to the [FRI protocol](https://www.youtube.com/watch?v=c3EHV3iJQSE) and then ethSTARK IOP that underlies the IOP of our STARKs. The analysis itself is far from trivial and beyond the scope of this post. Using the new analysis, we can set precise parameters for our proofs. + + + The round-by-round soundness does give us the desired guarantee. The prover can regenerate the challenge many times, but we know that for any round, the probability of generating a “fooling” transcript is *1/2⁹⁶*. Thus, if the prover has time *t*, which is measured as the number of hash invocations, then it can try at most *t* times to get a fooling transcript, which limits its success probability to *e(t) ≤* min*{t /2⁹⁶,1}*. + + + ## Adding All the Error Terms + + + Finally, for all of this to hold, we need to ensure that the prover cannot tamper with the Merkle tree. One can show that as long as the prover finds no collision in the hash function, it cannot cheat in the Merkle tree. The probability of an attacker finding a collision using *t* invocations (to a random hash function) is at most min{*t²/ 2ˢ,1}*, where *s* is the output length of the hash function (this is due to the “birthday paradox”). This is why we set the hash function to have a length that is double the desired security. Thus, if we have a hash function with output length 192 bits and an IOP with round-by-round soundness of 96 bits, we get a compiled STARK with soundness error *e*(*t*) = *t* /2⁹⁶ + min*{t² / 2¹⁹²,1}*. In particular, such a scheme has 95 bits of security since the function we use to define security, namely *t*/*e*(*t*), satisfies the inequality *t*/*e*(*t*) ≥ *t/(t /2⁹⁶ +* min*{t² / 2¹⁹²,1}),* and the right hand side of this inequality achieves its minimal valueat *t=2⁹⁶,* and for this value of *t* we have *t/e(t)* ≥ *2⁹⁵.* + + + ## Summary + + + In conclusion, STARKs provide a powerful method for verifying the correctness of computations performed on public data in a trustless manner. The security of STARKs is typically measured in terms of the “soundness error”, which represents the probability of an attacker successfully providing a false statement and convincing the verifier with a proof. To achieve a desired level of security, such as 96 bits, the underlying IOP must satisfy round-by-round soundness, ensuring that every round maintains a high level of security. We analyzed the round-by-round soundness of the IOP underlying our SATRKs which allowed us to derive concrete security bounds. From 3aac47e7af42d74833a7217852f6501340e942ce Mon Sep 17 00:00:00 2001 From: AmalyStark <129071621+AmalyStark@users.noreply.github.com> Date: Wed, 25 Oct 2023 13:59:29 +0000 Subject: [PATCH 2/4] =?UTF-8?q?Update=20Post=20=E2=80=9Csafe-and-sound-a-d?= =?UTF-8?q?eep-dive-into-stark-security=E2=80=9D?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...nd-sound-a-deep-dive-into-stark-security.yml | 9 +++++---- ...-a-deep-dive-into-stark-security-300x168.jpg | Bin 0 -> 11618 bytes 2 files changed, 5 insertions(+), 4 deletions(-) create mode 100644 public/assets/safe-and-sound-a-deep-dive-into-stark-security-300x168.jpg diff --git a/_data/posts/safe-and-sound-a-deep-dive-into-stark-security.yml b/_data/posts/safe-and-sound-a-deep-dive-into-stark-security.yml index 27334034ca..521dd5028e 100644 --- a/_data/posts/safe-and-sound-a-deep-dive-into-stark-security.yml +++ b/_data/posts/safe-and-sound-a-deep-dive-into-stark-security.yml @@ -2,16 +2,17 @@ id: de4b9b79-4ff2-4e64-b6e7-dd9856cbdccc post_type: article title: Safe and Sound – A Deep Dive into STARK Security toc: true -published_date: 2023-10-25T13:48:05.431Z +published_date: 2023-10-04T13:48:05.431Z +image: /assets/safe-and-sound-a-deep-dive-into-stark-security-300x168.jpg category: engineering topic: - 266fa988-350c-4842-b74e-379068ddcf34 +short_desc: "" blocks: + - type: markdown + body: "#### Explore the Full Security Analysis of STARK" - type: markdown body: >- - #### Explore the Full Security Analysis of STARK - - #### TL;DR diff --git a/public/assets/safe-and-sound-a-deep-dive-into-stark-security-300x168.jpg b/public/assets/safe-and-sound-a-deep-dive-into-stark-security-300x168.jpg new file mode 100644 index 0000000000000000000000000000000000000000..d75ee464e4e9d951f58e0dc85f3dd6e3108e34a8 GIT binary patch literal 11618 zcmb7qRZv`Ev+WEFZZo*MySuyF;O_30012*xySuvv2@>2P!QCYUOGuCa0WSaf@2R@4 zxA$Z3Z&z3CuJx_8x?k5`_W)pJc_n!O5C{MO-yXp0CLjWU2m&F1K!^wk2#AP?NGO;n zD9Fet*cce7n0VOu_;}d3xCF#hqy&T%M7X$Q3}h74G<0-y_@qp%jI=CNv~;wU960+3!e0O;^Wsn^h(Gf8f>c;fWK?GF17V)9_^D{x{xvzk)I`|~a{*=} z&Qe$~ej`$dsT_Ak%wAk`ZoD^qh_9K_{`6 ziSaf`1)kT#=rM*{(y(RCbsXcGCXs90`gEh^cfMSbxr!N%{6W^gvCpJ?3 z_f0p~1i8g$OEZZbZ8ZC9*d<$09U)V!@)2i<)Fkmhn9-ejGq%{UXup3!6V0f|Qs({;S%UT77F@w)o;&yH6c4#Kf-nx_VkeOX8$~&BT?11{`xZd_5>?L0LIvQOVOF;b zHSx>hX$vANAP~91Ln&;?hL%tJaze*HcW8NFwkCrS?Z8rMB}%7un{q1s`mDAlX_7)> zW-&+#4g0rL8Z`L0jA|41Y-O|;kGl!mOL)J>f)xs&Cqp=AK^OWmzEwlCMwigP)93fX z9l^Ri4!+-C!tmvD(QA0*a{p~48#Zz;Mw6$w+r%m3n;xuWGDbdqOKj1i5n{=-IlrH1`;ri#ax#FLY?lGJB#&^yupOeH|Tt93uQeDUY&Wf!S z<5B^|lBZkT=&@mp!~W1zmS6Vn&(!J{DkAk#IMk~BYGHAwi!E?tB1yvbnP$ipay4sJ zqxU!1i0BusAa%K0WL$-&*_v9Leg2m^e6&tBZY1Vt{6)yP|Ij~1z)Z0Hc?Cm%d7UVP zsg~#Lq||CE)Zm`{#qnpaM9$uf`sYU}`_E55-DyQ;8S<6v8dO2mvF*3R{(I?{i~f9L zclP6h(B-8eW6(1%C_v)?Q%h^CfUP<2+4{~xzJs+H$^3@MS06Vm z%M!TfvVYvnIw05`@U|W%o0^^Vy!gNac{MnlYq_uJ)6Y8;@1A>t0yP}V>4)y zq1koeQrU$dBj|1Chp(xgaiDBCvO3ShldBffy5gG!oh<85Cm)-Dnwjr zE-(!@9;Fl#EgcWOv=;9hk|4h!%p2A`%Zrj5^tO!ZRxnhBPN&cMTA@|##(e$>lOP;M zeg(K?4=XGxoC~a{`Br~aV^XdU6e2ZF8QCpE^EDjcD+FW@CSq=kjI7u$jeiM2fnB6HqBujra~k9EsgEO>a|u6j1F(YRZvg(_2xH%ror zHN79We?~TuZha_Y8)});H4e!FMP|&Iy|`FWQR0~ui!&h^@PZNLOjMcwzBNGi z+fSy(JarIU|CT*!pHpb}8PTpL+XSu?4htUzcT7Ey$gfi%c}cdSn&__8Oms^iO|YMM zAj)YQYsXkNT^B0pnRbpmK>wP@{vQ4#MpSFyK!2VId_t5D|2GUwxg!hO4^^<8+a~H5 zc^1jnM6();rEtmE&Qd7(bxZ58$5!8{K1E)3wXQ~n3TaN{%G89-CXj#J;YTnG!yU*W zr01s>d?J{nBExH|s^h4s z3iPJ%g@#hooUwv0^zvX?N_JCnza3T^_V?R5$KQE$j^Q7v$pmacBC84vda~ty8_5)v^>LF;{O?D$b0fJT~5=Qwb0r{|ZR@ zW9=k(fRHBmI23qW8u$vJI6RA?t(r^t!{5qy=T%@>)f|S&+;_&dBP3XtGB6rxHrf$e zIZGw|Ao9+k6uW8r8P#4P8T$F= zUnuFbPW`3j;uyA=g}m=VL3rt2w1^zYik)sXaeVzcz_Tq0M`%p`;2mrBFqwCM1J=E{j97iH;X7^bpXeyX~8 z;;K!XN^;us^A*n^7vC$O`Zr$XIWLdIE?>80!5IpdRjL3DaS!v&w9f>!_W8q5_|AEN zEi=7bvEO&qb?lev6nd@sPRx^3`Jis6`k|3LKaP7m@)nD%-wZoh49pNrB)vETb-Uwi~BA~LwHO+aF$SIR43Vm4Meft}GXNF+8ZorS8-tbn7H z$W?GvM#4&4r5DdR?x;y=#7j(sG>d{x=_t`TU-hp|Q+F7&0k4p8P!78|Ba&NA86?X;e!RS-5?UEoW8Vd8L5v zj9iEAYZ2B(krkee8B_nfq5fTOE5TC8X%V!n0D zX6c+q#OPX`e+6uMCA|ndo1OH2Ajcj>5&G`)LcjPdkVKoTK*OA;eQq$LbU*oC!uiMM zLkBev`q_ZXQVm+USN8^&i4s<1i&#EpP%8b1aJ)U-EL&H)@H0di#bRd zvmB=SK@w5KkDljABO`?Ek|}t+#v?c09`xbeB6)kis@^po)LMN2c1805vKKsH`lCH| zNtL*2auTGW5qjO1l==bob>hmu^6!_qGG%9#Wd6k;5$m)E;`4l{aYrJ=+iVtcRA%-1rd9bW$r9z zHo*o7OLz`eP^PW81$~pGm#Qh19a|yz0eB890&RbKKK`+I_1~M7nGK1nJ)fYOg z4`3RGSsRZEP8pf?h3(*?=UWH@~G5u{5QyzCNi*_$t5>smaq?-ItOUxd69PeL18lA5y4Y1xdpC0pB!ejHvR(Gah4+w_LbHg<%I zb!y2gF%6g=H}UB|=5Afg3UIl}5BTux>)Sn|;n9RqR0>afWLMfu7alYve@W#e86wu- zWFa49yFV>%A-=D!%y`!e?bf+0W! z*)=+0OzIWjFeVZjY{)7au5d%4(a@4h=0I?@IT+)cETHW*J)|cA5`NNQ9aWcczMx^* z%4OeH@&DMaS63~9&+=V@GAl7CpG?Yb6LAkZK21%W7{_4m&!Xy^T475cit0RC_^OHs#%e?jm(Oh`8??gEeDc>`;h3MeGptOIb^ zG|62iiBic0M`o=ZeYQbgzCWv_=*QL&zXB>!nqGvD`=$G_iqsCWn|ceP)SCS1TiQ9# z8DIi8D^9I0^@}MLeu_sV3L7oj#`tP}v)^6inl5&K^j_vY3lu_$t2H>b#^HnS1XgHs z(ED$br<11u6ZH-kGVbER(BSeiv)B4O4f8m#2oF&2U%rxvH|KBJp@^L1THh>98wCC3TzuM<0<~lvKg^pIi2KJ*mxcAvKI62#gJ~%^s%NNWEOrv!5gtJVGAz(_V+FwTl_RtPaaJ zt?7E-MAB8qKWuEb=bJVQ-&0tqqO(s#uBbwJuYIo9Qhr?fF;j?SbTzMbVIwkSqBOn+ zyDd_;p|ZC1yYOBWmfQn--e<_h2e=>1KLig>deBuz7XtABL?-LQ29g6vpPz8tuC>kO z`Q+eb!o4^nl)49p!PPST=YjS{ofrv7hutHr^H+G7 zKt170xe}{#O9^|lDnmI@=V*eU%%$Avx(@log726T@FQqG`}ByilgG)2wF$HfyOI<+ z`G@?g5L-SeJmny+3^Ru6C{oWX`9*g4xLIsl<^%-(gYF*GUSOr|)aQQ3_Ev*Kl)}&n zanP&>aWj)B&F!he=>l}<=EbHoSN0UFD8FrOsbgT%@qPM+kiW!Eec~>dLjB~GU2}$4#z1xQhJ7oxVfLmrG*R z$;GOCp5jjIZJt-s$aon-AWMCg1d=SeOYzw`M&D5^Cve2GfjQa}>_801+;M@M$lf7f z3%X^TmVdG6DWT7J7cy!1Y0yn%8>M+w)9Q?zY0k%;_qsrT@Z}&RAF4jkN=N#2!i2A9 zM=yH)&Yzt*ks7$KYjqE>hHz$&$rtO-3V!k5rPFxsQKnZSo(dCTj;;9SHNyhASEWC+ z-ar@Q!CLAsI79EE;KO6tk5IViw?z~I;tF5YiDI+?Q-)z+n)k&WX?FKH&PEHW4AJWw z{6_mJXqeb+VF)w9>lRu2$7HM1%kOGXcg&{O2P5EO5`ZveKLV?AITpp zIi=z&jKD%#L}oJ-x}*3nbU>l~IUg-j*s%vTCgwic-j`)wMe5#0TFiKx7W{TglyOXy z#J!N&@3Risx;d^Xtr(Wy#)4``+Cvo6viVS2x^Q2@HHv8?eM=V6)#7GvTO;X z5m_DKoFFg{Fs8JJl-a~zW z6Pu+rh#p>MR1ULd#RBWV09`MMfUvaPea({q1$8!In~$i5&XPv#BrIIkNPs@H+V-1_mK+_Y6$Xj;9O(zCO}qWGD?+({Pl zjiBRMq5c)wk(wP|!t|pMMq+P;LhZr@8vkM#UQE}z;D!f+Qw*CZn4H35k9$@;FkRIt zkp`T=F4SwgQ(!i7(tXl1gQ(jV*OJCB6@vfAScUbtjgBkV-8t7$y4CwaQblV>gQPR8 zST|E6S5$L5l6)?#7ARETO)oS{6m?RsLVQW;RMJzKR)S+@rr z){j4p1XZ}-@_anCo72UePnB2~7% zC`v>*2^2B?7iTWNQud|ieBKm&r%%YG2|F=mMYK@W<^%RCS(W1xp>z^9Z&F`*nFyGP z+l|5`1?`7M3F+FI!6z@6S3tl=UR_#U!pY{49XM58@eqb8hW`Y0(vuf$liX>$Rx%MA zz=ZwAEGyt+(;J_l2fy)$|9Eh32Hbz`dmsQp#U-U>`9C~j9z6K#djEf|HwmzkCS{nq z9d;w$Z!0*;ShKn=0MMGvWWXoeJ;uTWnS3fUrEVHaUI+9w_%m#pHw6tbG_%Warv&v8 zXc!Y)ym`&zfN>vhT&eA5^uz+oE$PRrD%CNdOs^Miq zu%tbdVRViELHTiLP7TO~;7|9jKr&Vt(Cz{B?~~I)nsK0Xrnq{DE2eG!mpp>2j4G5* z%KJk&e#{L6RDs4;t>){K_pzutru|p(xz4CAi-L~v=u9ErKViF6k5Z(L7Oz@l+?D!$F(i5X3rOZ2*C8BB+=OM-pp51-7J z6#|EF_XU9HtW}k+DxCq;9otPc;LZWzB~K&_xr)&cYDbT8FgXbII)^X7fQUSGr>*N3 zX8V~@}Q@N`LwF?<3ZbZHX;^#<*V2zM<4d1{(umo&aalzahBD9#hTm z-h*DbpM&TeII(8rv?rQXUp@{`;% z6zvsqrL>&(igIG({gJs*H8w;`?h{A<=@B~JmytT-0Y5i;AlvWkdf07U;^`}3Ntz&7 z5=9w9FKe{w7N69cP{@D*jy_kpw!Z<+J;qG?nO!%x3soJ7PeJ-0ZPpP zWH@m_^vjkoTi?_|{V*^iZ{9}NLJk)gQ|>inG2~Jw0VScwtu=6Q-{K#QYMhzXOQbQR z*9ZB)%~o!YMN1PkvC|t@7^_{QG2^Lrj&ycIc`t)=90cJbGfbVfRraNv*nUIQKShm+ z+H<<{pV});XuNpb9uH%ek`BKi%+rL~(Gu+kIikHq|M(@{_ zycy@I72yEKg34GYO-7J9lk*B#o5iCv#WU~Rz_LpAN?=lQZcJK#>e3y zTf8`H7efTEgew$bjxgeokROAkV%p2;#`5l^6jUR&Ds!-@rsF6{f<|Javw?OQ@2>3N~9vV#tHcCRp6Fxvr7EAzYR|Qd(eJ zo0#>%6pf`BWiWq9KffJ{zp*u*#VeqMj2e|DP0ORUdfKh`%5304EW<)Eb6Oeh2ODd6 z5$J3ftUT^v_e~DzNqc0~0~#Xu1;Wil@-C+|tdNoz%3?{ns#1!L6iV51-D8QTe41vK z2b;2RmGKk$lD&^|^0~8;GKnW~PE1v87=1K>cjg=odrw~R5K9@i{q(p=u!kX|a5^_Q&y%NwN|)*GKj1#0oo`HVp^!f12F%TK^Bs6 z6EYK;77|Jc(Gsg}GKY$4 zz}Cs^ID(m(hN*-@0q(|ZuFtj!lR6eC6JTtRPbVI)6`~DoUE{|^JB~)h%b598Fs_AH7ZL((CRpd!C0ywLsR*Bx8kd*z3J{rFHoRBQ}vESa-<_dAy8^JqhACkd7 zWob4coye38KN)OjTcUcHtC^3xol;Y9e{XHq@^wS|cwp__rA0AN*DxZ*1?*J?YC8vL z%}D9eTvevaVQNUkSn89Geo|Ple0Nt(O@P{{Ob|XIQ0E;Ww=kHtVnv9j%2$&~8aHR4 z*M*&cxGLhQ(B=(?41aCv`dzzs4$8AJ0E+fp;7uG(PN^=r1SP#YD< zv>b(loJU~onAVZ2j)JKoQL4Q>24gn0e@1urUr}|ckVZ;yZSNjUtK`u-Y#uPR=^Y+N z>?cik%^GBW%6l3>o)5~*i)9WqCTUi|cftcGx9MY8++VVZ`$Q1w!77+rtXWxG(LB*3 z(~(+_sTLgT%gjmv|FB!Ld3oIS*iEDb;Z2O(=<~yW%bRxFdRC}Fm-K)Jj6A_lq`W25 z82*u*L|(Ep+#$2St4#uF9>Z%iHYi}^D!sJ-1`G`zBvD5>J}7H=C@XO4HzR(ShK1+~ znA!hLJeI<~*yC=HJRe!AM-u;q&CAd#%PhTP+B_ZM=afGviP!@RizB~)*pwH>LH|JL zt)cGSFyE?1XTJhuc~3J^_pQ11%dn;ye@MA8ySmshM6} zuaDSE$VWmmLb`kwLDqBTgh(;zN-i*=TI*ii(Kz-LDqUoT@q9R^_C;FNx(hClND#&SB zqP9fZj<6T+F%CY$G`rF2hb{p9`#AEO3{4>9ZJ6QQPHa4-lpRS3nAqXL)Q${qD?a)b z#K)i5c&$CAf_U04um3T$PJ??lLulf?TA}UrnsJXOBJ(hxv=vr za+SjriY5MNp>Xgyma<$ ze{Ai#qH>Snt!*!vt|N{dMSgN15N$oz8j7rQEZ!RXc4UT6O~>@9Q)yOR8`9u(-V&vX z$CYASOYoTGKpm&n`3QRx!Q1AL$hdkhvL%!Q)g{@xYRRi(TxG=mY0`q~@e>((p7el>*aRnZc-n2Nr{@^0H&+J)Wt+f=Q0o z-Uy~J-J)6p`T;MNLuVHlap+gwPYAShRhj!83*9vF!23t}eff1wUg;XqEgu>Dd>v5& z9i6EIgv<2zM&(tC%GZ}BgBNA|QH^EU=UQ3mBwph5I7dI)B>_Wxy*rj-)NDRt^BlYx zjQk+9toP?7=>Ha>?fI_sL1H2L}2E@?vbl_5U0b82XR@EPyD#OKrfJg7fqe>)kH zU=F3#oJ@YNOd>J@O*bzBJlZXZP#G5a)N(qqM)miVq%eDwKvRB!Kqp4mBt zy18=7rAsGK^s7)Fn_jm%vf*e$)6AfEG4ned=Egaklo>7?4AhqhcA?t3FJ1qNPXAzC zwbuGGf6uWCGq)zgv!q-NOo{1~PHmFr`K*{{&t7lCmb@fThv282^ zyiMs)9o{riI#F3~Gh;#qJ};?#tdVkgPyc58#S*_5x_Yu#2v#Tee5;?$lgbQyF1MAb zurwe6y4CG9QDr_LeVl0DewTleVDZt)Q8=Z}S1epR@#~*0?}%4G-{`%yF!qmkc(%7Y zLjJ#DK~tCS3U?~-u{&ze8Vb?^F9VvJ>adHSn-f+FOQzx_LyDKUdQzrPUjgsPH2=M^ zjvEC0(`j7!F6+3woSqE3b?N2Q09bV^b6o^vee*pjqxD(BKQze!t~Dh z`z?aEuV7ugs`mkTC>dY8k|LPD>;T&s=kj^DNcr+43;}4T+)8j9{VgZftjd7Wm0cb(S_c$1L7GZh&Tu!Fdx+v|TLiZ@KL6xg zx&es6c-VV02gOGD0bvtdj#^Bf<^4@gsm37S+C< z;Ha1(1mNOKM;Rx^;zMkEIbQ+NJyHR~V zKL~@4UDG`%$F>{{3RG@vSAoYU5OKEo(O@jnqY=B=Ey8J|J7)(x;N(hg z&4^m9f#I}u;VoiR^&rLCYsUoBu;3HWB^{o*gVnv5v|s#uzoY`w%H+|a^oLz4r%plN zb97;cvNR)pI;6j?cKf@+KSkBIC}iK1Ajy7ekq*Zm?w#wFNvC~EC`Qjn9`c*YHYkai zeEyvLd_I^YrAvaN??+c}5W6g5m(=~}I^KhBOz8L+weXa}>N?2O9u-|kw|sIGxc2LP zfiU*g*A1F|nvuT|6>v3_GR^s1N-RCZzutbwQcr}nu*$CbkW7iSFnotBAYOc=FGzyi zf>o$M%(A6Y9w9q+MR#BFXqxGhGZ2fXlD3I6k#f(5_K}Al7s-AM_cT&KD&wVSZR96T zr5@SD_t-_B(8-pvrv~~>aWZ~v%1urG&k4cQD|>9Ta}}^jx~P`7!D<;w^C&*+3CayK|0S z_Alxs)wWX->{WB^JV`g(b)N(R5BgyJQNiVvM1h)zlv33u_RxXmfP1c=jVlZNuYets z5iqEE}HP^YY5v z)^n9~=in7)JXaJmL8i77Xs9hLi0i;;2^LoT*f+PMde1MCSVq%eZw;*^-z2>9MS~Ps z*`zL?*&gm@P5{>oGvv}!n@A`bce}zaq8I)qg<4(UpRhG)UHT{Z-SBa>HWFWoM~td} zXCD%iF<1Q&?`#YpIpA>S+Un`X{3Nd7P2DDwjudc5dG0UY6#HPl0L|@Kll~ZGfjxlra7$aD+TV5ba+Mm9W&}SOv1-Q9$I5tfL&uA5+xke7Z)VQdqC=10 zS2)vkMLY2Q_neIKHt%9vsM<^++WYtoP|ngH{C`oOkPx-=vOAg<@3S8+_(MEw@&9bu z*=?Sgd!N__ElMmfay>~c6ilu5d^nSE!X)wj4saszi|jnWEI;K{{cu*tvGuMy%WCbY z3eM-czMbYL>m*YDr{74=SIpQxAmt~lB|5SY&lCN3jyU*xQt?yrn=wn_w;CQqO#|T~ zs@_6iI-YPEz>G<42gN1*9J+L+Y;aIwwOd>fuEs$bx89z(lspc66xhAXQ~t8=S|l XkupT4D)^tSS?cAqaFHb_Uf2H*pZidv literal 0 HcmV?d00001 From 12291dd1b831c054a3907712ba8578af0f0cd0c0 Mon Sep 17 00:00:00 2001 From: AmalyStark <129071621+AmalyStark@users.noreply.github.com> Date: Wed, 25 Oct 2023 14:00:53 +0000 Subject: [PATCH 3/4] =?UTF-8?q?Update=20Post=20=E2=80=9Csafe-and-sound-a-d?= =?UTF-8?q?eep-dive-into-stark-security=E2=80=9D?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- _data/posts/safe-and-sound-a-deep-dive-into-stark-security.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/_data/posts/safe-and-sound-a-deep-dive-into-stark-security.yml b/_data/posts/safe-and-sound-a-deep-dive-into-stark-security.yml index 521dd5028e..e72515cf6b 100644 --- a/_data/posts/safe-and-sound-a-deep-dive-into-stark-security.yml +++ b/_data/posts/safe-and-sound-a-deep-dive-into-stark-security.yml @@ -8,6 +8,9 @@ category: engineering topic: - 266fa988-350c-4842-b74e-379068ddcf34 short_desc: "" +seoFocusKeywords: + - STARK Security + - "" blocks: - type: markdown body: "#### Explore the Full Security Analysis of STARK" From c97ac98d13bbfd01cc1dfcce4754958516cf1049 Mon Sep 17 00:00:00 2001 From: AmalyStark <129071621+AmalyStark@users.noreply.github.com> Date: Wed, 25 Oct 2023 17:15:13 +0300 Subject: [PATCH 4/4] =?UTF-8?q?Update=20Post=20=E2=80=9Csafe-and-sound-a-d?= =?UTF-8?q?eep-dive-into-stark-security=E2=80=9D?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../safe-and-sound-a-deep-dive-into-stark-security.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/_data/posts/safe-and-sound-a-deep-dive-into-stark-security.yml b/_data/posts/safe-and-sound-a-deep-dive-into-stark-security.yml index e72515cf6b..38d77ac870 100644 --- a/_data/posts/safe-and-sound-a-deep-dive-into-stark-security.yml +++ b/_data/posts/safe-and-sound-a-deep-dive-into-stark-security.yml @@ -7,7 +7,11 @@ image: /assets/safe-and-sound-a-deep-dive-into-stark-security-300x168.jpg category: engineering topic: - 266fa988-350c-4842-b74e-379068ddcf34 -short_desc: "" +short_desc: Dive into the intricate details of STARK security, a pivotal + component for ensuring computational integrity in trustless systems. This + article deciphers the latest ethSTARK update, elucidates the soundness error, + and dissects the transformation from IOPs to STARKs, ensuring 96 bits of + security for your computations. seoFocusKeywords: - STARK Security - ""