New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Scholarship for Research on Zero-Knowledge Proofs #31

Open
bbuenz opened this Issue May 18, 2018 · 16 comments

Comments

Projects
None yet
4 participants
@bbuenz

bbuenz commented May 18, 2018

Proposal: A scholarship to support my PhD research on Zero-Knowledge Proofs and other cryptographic systems motivated by cryptocurrencies.

Motivation: Zero-Knowledge proofs are at the core of privacy preserving cryptocurrencies like ZeroCash. The success of these cryptocurrencies would not have been possible without recent advances in the practicality of zero-knowledge proofs. However, there are still many open questions that remain. For example, is it possible to instantiate the ZeroCash protocol using a ZKP that does not rely on trusted setup in a practical manner? Can we have privacy preserving transactions in connection with (privacy-preserving) smart contracts? What zero-knowledge proof systems are most useful in these situations and is it possible to improve on them? The ZeroCash foundation lists in its mission statement that it "will encourage this scientific research and educate the public regarding the substance and benefits of these scientific developments". I am currently pursuing a PhD and attempting to answer such scientific question, as they relate specifically to zero-knowledge proofs and in general to the cryptography of cryptocurrencies. I am, therefore, asking for a schoalarship from the ZCash Foundation to support my PhD and research on these questions.

Who am I: My name is Benedikt Bünz and I am currently finishing the 2nd year of my PhD at Stanford. I am advised by Dan Boneh and a member of the Applied Cryptography Group and the Crypto Currency Research Group at Stanford. My research on cryptocurrencies includes proofs of solvency for cryptocurrency exchanges, randomness beacons, and super light clients. Most recently I worked on a new zero-knowledge proof system called Bulletproofs that does not require a trusted setup but still has short proofs. I attached my CV and you can find my website at crypto.stanford.edu/~buenz

How much: A scholarship to support a PhD student for one year comes to about $80,000. It covers both the cost of tuition and a salary. I would be extremely grateful for any support, but supporting my work for two years would enable me to purely focus on the research topics outlined above.

@b-g-goodell

This comment has been minimized.

b-g-goodell commented May 18, 2018

Would this scholarship be covering your tuition? Can you speak about other funding sources that your colleagues use to get through university? Some folks aren't familiar with teaching and research assistantships, and the details of how these are distributed vary from discipline to discipline. Do you already have a teaching or research assistantship lined up? Would you be accepting this scholarship in addition to an assistantship?

80kUSD is more than the median salary for either a mathematics or a CS university professor in the US, and is almost 25% 33% of the funding available for this round of grants, so I think some clarity on this would be valuable to the grant-making committee.

@bbuenz

This comment has been minimized.

bbuenz commented May 18, 2018

@b-g-goodell I edited the proposal to make it more clear what the scholarship would be used for. It does cover both salary and tuition. The cost of tuition for 3 quarters is 33,930 and the salary for research assistants at Stanford is 48,700. For outside scholarships the costs are slightly different but in the same ballpark. Until now I have received funding through teaching and research assistantships. Both of which are 20h of work per week during the school year. Teaching assistants help with grading homework, teaching sections, holding office hours and other organizational tasks for a class. Research assistants work on research with the professor that provides them the funding. The funding comes from the professor's research grants. If I received the scholarship I would not have to work as an assistant but would be able to purely focus on the research outlined in the proposal. I would of course acknowledge my funding source in all my future publications.

@b-g-goodell

This comment has been minimized.

b-g-goodell commented May 19, 2018

Thanks for the response, this is exactly what I was hoping for!

@tromer

This comment has been minimized.

Collaborator

tromer commented May 25, 2018

@bbuenz, among the primary evaluation criteria are the proposal's prospective value to the community, and probability of delivering the value. This is very hard to judge for a carte blanche scholarship.

Can you flesh out your proposal with more detailed plans for specific directions, and what you expect to achieve along these directions within the timeframe?

It's understood that in a research project, plans may evolve as you discover more. But we do need to start with a plausible plan.

@tromer tromer added the info-needed label May 25, 2018

@tromer

This comment has been minimized.

Collaborator

tromer commented May 30, 2018

The grant review committee needs further information, as discussed above, in order to evaluate your proposal.

@bbuenz

This comment has been minimized.

bbuenz commented May 30, 2018

@tromer , yes I am happy to do that.
One of the most immediate and tangible research focuses which would be of value to the ZCash community is exploring the feasibility of implementing the ZeroCash protocol using Bulletproofs. Bulletproofs unlike SNARKs do not require a trusted setup, however they have asymptotically larger proofs and longer verification time. Given that the proofs are practically very efficient it is an interesting question whether the ZeroCash protocol can be instantiated efficiently using Bulletproofs. This requires optimizing the Sapling circuit for the Bulletproof proving system and doing benchmark measurements. Accurate and optimized benchmark will make it easier to way off the benefits of not having a trusted setup vs. the larger transaction size and transaction verification time.

As for future research research direction my main focus will be on improving zero-knowledge proofs and their applicability to crypto currencies.
Roughly this can be divided into three areas:

Improving Zero-Knowledge proof systems:

In recent years a variety of Zero-knowledge proof systems have been developed each one with a different set of tradeoffs. A majority of my research will focus on improving these proof systems. For example I have ideas for and will work on improving the verification time of Bulletproofs and reducing the proof size for STARK and making the trusted setup for SNARKs more universal. I believe that there is still a lot of room for improvement for each of these proof techniques and improving them will enable new and more exciting application as well as improve existing applications.

Finding new applications for Zero-Knowledge proofs in crypto currencies:

With the ZeroCash protocol the problem of private crypto currency transactions is largely solved from an academic point of view. However, there remain many open challenges. ZeroCash only supports simple transfers of money. Even a limited SCRIPT support like in Bitcoin seems non-trivial. In particular, how can we enable private SCRIPTs for private cryptographic transactions such that neither sender, receiver, amount or the SCRIPT get’s leaked. A current technological hurdle is that SNARKs require a circuit-specific trusted setup that is not flexible to handle a variety of SCRIPTs. An interesting research question is how other proof techniques like Bulletproofs or even new and advanced proof systems can handle such situations.
Another interesting research challenge is how to design confidential smart contracts such that multiple parties can interact with the smart contract without leaking their inputs to the contract or the output of the contract. This will likely require other cryptographic techniques such as secure multi-party computation.

Other cryptographic tools for and from cryptocurrencies:

I will also focus on additional cryptographic tools that can increase the usability of cryptocurrencies or interact with cryptocurrencies. Specifically building randomness beacons from and for blockchains is an exciting research area. I will also work on improving mobile light clients for more scalable blockchains.

@tromer

This comment has been minimized.

Collaborator

tromer commented Jun 1, 2018

The Zcash Foundation Grant Review committee has reviewed your pre-proposal, including the above discussion, to evaluate its potential and competitiveness relative to other proposals. Every pre-proposal was evaluated by at least 3 (and typically more than 4) committee members .

The committee's opinion is that your pre-proposal is a promising candidate funding in this round, and the committee therefore invites you to submit a full proposal.
Please submit a full proposal by June 15th, following the detailed structure described in the Call for Proposals. We encourage you to submit a draft as early as possible, to allow for community feedback.

@tromer tromer added the invited-full label Jun 1, 2018

@tromer

This comment has been minimized.

Collaborator

tromer commented Jun 15, 2018

@bbuenz, in your full submission (due today...) please make sure to address the points listed in the Call for Proposals.

Also, while your explanation above on the goals and questions in the context of privacy-preserving cryptocurrencies is very helpful, there is still little information on the approach you will take. The latter is essential for the committee to assess the potential of successfully achieving this goals under the grant.

What I wrote before applies to this as well: it's understood that in a research project, and plans may evolve as you discover more; but we do need to start with a plausible plan. It's also understandable that not all details can be presented in full before verification and publication, but the more you can say about the approach and its expected concrete results, the easier it will be for the committee to assess it.

@bbuenz

This comment has been minimized.

bbuenz commented Jun 16, 2018

@tromer I fully understand that this proposal is unusual for a grant system that seems to be more designed for isolated projects rather than broad scholarships. I am, therefore, very grateful that my application is even being considered and that I was invited to submit a full proposal. I also understand that you would like more details on the concrete approaches that I'll take and the research ideas that I have. I am, however, not quite certain how much information about unpublished and not fully developed ideas I want to put publicly online. I would at least like to consult with my advisor and collaborators on these projects. Could I, therefore, get an extension until Monday? I am also happy to provide more details to the selection committee directly.

@tromer

This comment has been minimized.

Collaborator

tromer commented Jun 16, 2018

Extension granted, and I emailed you some suggestions for information that could be helpful.

@bbuenz

This comment has been minimized.

bbuenz commented Jun 19, 2018

Thank you very much. Here is the proposal and my CV. Please let me know if there are any questions.

proposal31.pdf

cvbuenz.pdf

@tromer

This comment has been minimized.

Collaborator

tromer commented Jun 26, 2018

@bbuenz, several committee members expressed reservations about the open-ended parts of the proposal. Would it be of interest, to you, to pare down the proposal to the concrete elements, such as implementation+benchmarking of a Sapling-like ZKP using Bulletproofs (and whatever other schemes you believe are likely to be mature within a half-year scale)?

If so, can you suggest corresponding scope and budget?

@tromer

This comment has been minimized.

Collaborator

tromer commented Jun 26, 2018

@bbuenz, please note that, as explained in the Call for Proposals, the intended scale is 1 to 6 person-months of effort. The $80,000 for a full year thus exceeds the intended scope of funding.

@bbuenz

This comment has been minimized.

bbuenz commented Jun 26, 2018

@tromer I fully understand the reservations. However, I am really more interested in a general scholarship than committing myself to a single implementation focussed project. That being said, I still very much plan to work on the topics outlined in my proposal and might apply for a more project-specific grant in the future.

@sonyamann

This comment has been minimized.

Collaborator

sonyamann commented Nov 6, 2018

I'm thrilled to inform you that the Grant Review Committee and the Zcash Foundation Board of Directors have approved your proposal, pending a final compliance review. Congratulations, and thank you for the excellent submission!

Next steps: Please email josh@z.cash.foundation from an email address that will be a suitable point of contact going forward. We plan to proceed with disbursements following a final confirmation that your grant is within the strictures of our 501(c)(3) status, and that our payment to you will comply with the relevant United States regulations.

We also wish to remind you of the requirement for monthly progress updates to the Foundation’s general mailing list, as noted in the call for proposals.

Before the end of this week, the Zcash Foundation plans to publish a blog post announcing grant winners to the public at large, including a lightly edited version of the Grant Review Committee’s comments on your project. The verbatim original text of the comments can be found below.

Congratulations again!

Grant Review Committee comments:

The proposer is a graduate student working on zero-knowledge proofs and blockchains, and coauthor of the Bulletproof paper. This proposal has two components:

  • An open-ended scholarship to pursue several research directions that are promising and pertinent to privacy-preserving cryptocurrencies (and ZK proofs in genreal). This has high potential for advancing the state of the art in pertinent proof systems, given the proposer's record and training; but is not certain to result in directly useful deliverables.
  • Studying the prospect of a Bulletproofs variant of Zcash Sapling, as a way to avoid the need for a parameter setup ceremony. Note that there is no commitment to a concrete implementation.

Inventing and optimizing zero-knowledge proof systems is crucial to financial privacy infrastructure and specifically to Zcash. Such cryptographic innovation most often originates in open-ended academic research funded by flexible grants and scholarships, such as this proposal by a graduate student. This particular graduate student and his adviser have already made notable contributions to the technologies underlying privacy-focused payment systems, and have demonstrated a strong research focus on zero-knowledge proof techniques and applications that are relevant to privacy-preserving cryptocurrencies (including both Zcash and Monero).

Some committee members are uncomfortable with funding open-ended research without concrete goals or clear deliverables, and are concerned that while the sponsored research may result in publications of interest to the academic cryptographic community, is not necessarily geared towards the particular needs of privacy-preserving cryptocurrencies. We recognize an inherent tension between prudent use of funds and the need to support open-ended/high-risk/high-gain cryptographic research. Conversely, it was open-ended academic research that led to the creation of Zcash and many of its underlying ideas.

Going forward, we suggest that the Foundation considers creating a dedicated funding track for open-ended research and in particular academic scholarships. Such a track should set evaluation criteria that recognize the inherent unpredictability of such research. It should be explicit about whether grants are scholarship for specific students, or grants at the Principal Investigator level. It should set expectation on effort level dedicated to the project, and the commensurate costs under standard academic conventions. It should also strive for equal access and not amplifying existing bias.

The committee recommends funding this proposal, at a reduced level of $40,000 (to adjust for the intended scale is 1 to 6 person-months of effort, rather than 1 year as proposed).

@bbuenz

This comment has been minimized.

bbuenz commented Nov 9, 2018

I just publicly want to say that I am thrilled to receive the grant and thank the review committee as well as the ZCash foundation as a whole!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment