RiB Newsletter #40
Welcome to the #40 edition of Rust in Blockchain, the monthly newsletter about Rust, distributed systems, cryptography, and other industry topics. Previous: #39.
Thanks
Thanks to contributors: Christopher Goes, dandanlen, djddo, Hadi Hosseini, Hunter Trujillo, Mike C, Brian Anderson, and Aimee Zhu. Thank you for your help!
RiB needs help to keep up with Rust blockchain projects. If you follow a particular project, or otherwise find information that is beneficial to the Rust & blockchain community, please contribute to the next issue by submitting a PR to the next draft.
Project Spotlight
Each month we like to shine a light on a notable Rust blockchain project. This month that project is…
Spiral is a library for private information retrieval via fully homomorphic encryption composition, or “PIR via FHE composition”, described in 2021 in “Spiral: Fast, High-Rate Single-Server PIR via FHE Composition”. It allows an untrusted server to perform database queries without revealing which data is being requested.
There are two live demonstrations: Spiral Block Explorer, which appears to be a fully-developed product, and Wikipedia over Spiral, a research demo.
Interesting Things
News
Blog Posts
- Smart Contract Development — Move vs. Rust
- First impressions of the Move programming language
- Sin7Y Tech Review(30): Thoughts on removing Memory constraints in the ZKEVM
- Ed25519 Deep Dive Addendum
- Zero Knowledge Canon, part 1 & 2
- Area-52: Save the Cosmos While Learning CosmWasm and Rust Smart Contracts
- Execution and Parallelism for DAG-Based BFT Consensus
- BFT on a DAG. A description of recent consensus protocols that perform local ordering of DAGs for high throughput, as exemplified by Narwhal (used by the Sui blockchain).
- ZK White Paper: Efficient ZK Proofs for Keccak
- SNARK Security and Performance
- Trustless Bridging II: Byzantine Fault Tolerance
- The Rise of Fully Homomorphic Encryption
Papers
- RedShift: Transparent SNARKs from List Polynomial Commitments
- Accountable Light Client Systems for PoS Blockchains
- Arithmetization of Functional Program Execution via Interaction Nets in Halo 2
- Knowledge Encryption and Its Applications to Simulatable Protocols With Low Round-Complexity
- Maximal Extractable Value (MEV) Protection on a DAG. Describes Fino, a Narwhal-like DAG protocol with additional MEV protection.
- No More Attacks on Proof-of-Stake Ethereum?
- Efficient Proofs of Software Exploitability for Real-world Processors
- Flashproofs: Efficient Zero-Knowledge Arguments of Range and Polynomial Evaluation with Transparent Setup
- An ECDSA Nullifier Scheme for Unique Pseudonymity within Zero Knowledge Proofs
- zkBridge: Trustless Cross-chain Bridges Made Practical
- ZEBRA: Anonymous Credentials with Practical On-chain Verification and Applications to KYC in DeFi
- Bool Network: An Open, Distributed, Secure Cross-chain Notary Platform
Projects
- Triton VM. A virtual machine that comes with Algebraic Execution Tables (AET) and Arithmetic Intermediate Representations (AIR) for use in combination with a STARK proof system.
- Taiga. A framework for generalized shielded state transitions.
- Circomspect. A static analyzer and linter for the Circom programming language.
- Spiral Block Explorer. A public block explorer that uses homomorphic encryption to look up addresses without revealing them, using spiral-rs.
- huff-snark-verifier. An optimized Groth16 SNARK verification smart contract generator for EVM-based blockchains.
Security Advisories
Monthly security advisories, from RustSec, and GitHub Advisories. Bold entries here are especially relevant to blockchain projects.
- RUSTSEC-2022-0054:
wee_alloc- Unmaintained.- This allocator has often been used for wasm targets.
It has memory leaks.
Modern Rust uses
dlmalloc-rsby default on wasm and is fine for most purposes.
- This allocator has often been used for wasm targets.
It has memory leaks.
Modern Rust uses
- RUSTSEC-2022-0055:
axum-core- Vulnerability in axum-core. - RUSTSEC-2022-0056:
clipboard- Unmaintained. - RUSTSEC-2022-0057:
badge- Unmaintained. - CVE-2022-36114:
cargo- Cargo extracting malicious crates can fill the file system. - CVE-2022-36113:
cargo- Cargo extracting malicious crates can corrupt arbitrary files. - CVE-2022-36086:
linked_list_allocator- Vulnerable to out-of-bound writes onHeapinitialization andHeap::extend. - CVE-2022-39215:
tauri- readDir Endpoint Scope can be Bypassed With Symbolic Links. - GHSA-v8gq-5grq-9728:
mozjpeg- DecompressScanlines::read_scanlines is Unsound. - GHSA-p75v-367r-2v23:
cell-project- used incorrect variance when projecting through&Cell<T>. - CVE-2022-39974:
wasm3- WASM3 Improper Input Validation vulnerability. - GHSA-28r9-pq4c-wp3c:
personnummer- vulnerable to Improper Input Validation. - CVE-2022-39252:
matrix-sdk-crypto- Contains potential impersonation via room key forward responses.
Most Active in September
Aptos: 725 merged PRs, 117 closed issues, 27 open issues
Parity: 459 merged PRs, 175 closed issues, 150 open issues
Solana: 429 merged PRs, 63 closed issues, 73 open issues
Sui: 332 merged PRs, 84 closed issues, 103 open issues
Fuel: 283 merged PRs, 190 closed issues, 146 open issues
Project Updates
Aleo
76 merged PRs (1, 2, 3, 4), 41 closed issues (1, 2, 3, 4), 42 open issues (1, 2, 3, 4)
Anoma
45 merged PRs (1, 2), 20 closed issues (1), 54 open issues (1, 2)
Aptos
725 merged PRs (1), 117 closed issues (1), 27 open issues (1)
Casper
37 merged PRs (1, 2), 44 closed issues (1, 2), 14 open issues (1, 2)
ChainSafe
74 merged PRs (1, 2), 38 closed issues (1, 2), 27 open issues (1)
COMIT
4 merged PRs (1, 2), 0 closed issues, 0 open issues
Concordium
62 merged PRs (1, 2, 3, 4), 27 closed issues (1, 2, 3), 13 open issues (1, 2, 3)
Conflux
13 merged PRs (1), 1 closed issues (1), 1 open issues (1)
DarkFi
5 merged PRs (1), 4 closed issues (1), 0 open issues
Dfinity
94 merged PRs (1, 2, 3, 4, 5, 6, 7), 11 closed issues (1, 2, 3), 7 open issues (1, 2, 3, 4, 5)
- Good Practices for Canister Smart Contract Development in Motoko
- Beyond Oracles: Direct HTTPS Outcalls From Canister Smart Contracts on the Internet Computer
Dusk Network
21 merged PRs (1, 2, 3, 4, 5, 6), 17 closed issues (1, 2, 3), 6 open issues (1, 2)
Elrond
42 merged PRs (1, 2), 0 closed issues, 1 open issues (1)
Espresso Systems
11 merged PRs (1, 2, 3), 16 closed issues (1, 2, 3), 6 open issues (1, 2, 3, 4)
Filecoin
129 merged PRs (1, 2, 3, 4, 5, 6, 7), 55 closed issues (1, 2, 3, 4), 59 open issues (1, 2, 3, 4, 5)
Findora
43 merged PRs (1, 2, 3), 1 closed issues (1), 2 open issues (1)
Fluence
82 merged PRs (1, 2, 3, 4, 5, 6), 11 closed issues (1), 2 open issues (1, 2)
Fuel
283 merged PRs (1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13), 190 closed issues (1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11), 146 open issues (1, 2, 3, 4, 5, 6, 7, 8, 9)
Golem
22 merged PRs (1, 2, 3, 4, 5, 6), 25 closed issues (1, 2, 3, 4, 5), 25 open issues (1, 2, 3, 4)
Grin
1 merged PRs (1), 2 closed issues (1), 2 open issues (1, 2)
Helium
14 merged PRs (1, 2, 3, 4), 8 closed issues (1, 2), 2 open issues (1)
Holochain
48 merged PRs (1, 2), 7 closed issues (1, 2), 16 open issues (1, 2)
IOTA
205 merged PRs (1, 2, 3, 4, 5, 6, 7, 8), 71 closed issues (1, 2, 3, 4, 5), 21 open issues (1, 2, 3, 4, 5)
Maidsafe
51 merged PRs (1, 2, 3), 1 closed issues (1), 0 open issues
MobileCoin
64 merged PRs (1, 2), 9 closed issues (1), 16 open issues (1)
NEAR
194 merged PRs (1, 2, 3, 4, 5, 6, 7, 8, 9, 10), 92 closed issues (1, 2, 3, 4, 5, 6), 52 open issues (1, 2, 3, 4, 5, 6, 7, 8)
Nervos
55 merged PRs (1, 2, 3, 4, 5, 6, 7, 8), 10 closed issues (1, 2, 3, 4, 5), 9 open issues (1, 2, 3, 4, 5)
Oasis
9 merged PRs (1), 1 closed issues (1), 0 open issues
Parity
459 merged PRs (1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15), 175 closed issues (1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13), 150 open issues (1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
Radix
31 merged PRs (1, 2), 1 closed issues (1), 3 open issues (1)
Secret Network
41 merged PRs (1, 2, 3), 47 closed issues (1, 2, 3), 2 open issues (1)
Solana
429 merged PRs (1, 2), 63 closed issues (1, 2, 3), 73 open issues (1, 2, 3)
Subspace Labs
33 merged PRs (1), 8 closed issues (1), 9 open issues (1)
Sui
332 merged PRs (1, 2), 84 closed issues (1, 2), 103 open issues (1, 2)
Zcash
105 merged PRs (1, 2, 3, 4), 55 closed issues (1, 2, 3), 40 open issues (1, 2, 3, 4)
Rust in Bitcoin
The Spiral project was published and is a very exciting implementation of a public block explorer that can keep addresses looked up private using homomorphic encryption. The Fedimint team is growing, BDK and LDK continue to make progress, in addition to the teams working on various RGB projects. BDK has released a new blog post detailing their intention to stabilize the API and mark a 1.0 release. It was an auspicious month for prolific Rust Bitcoin developer Dr. Maxim Orlovsky, as his contribution to the Bitcoin Improvement Proposals was accepted as BIP-372: Pay-to-contract tweak fields for PSBT which outlines how pay-to-contract fields can be encoded in PSBTs.
This month, the following projects were added to the running list of Rust in Bitcoin projects kept in a pinned message in the Telegram group:
- https://github.com/menonsamir/spiral-rs
- https://github.com/laanwj/rust-clightning-rpc
- https://crates.io/crates/tonic_openssl_lnd
For discussion join the Rust in Bitcoin Telegram group.
BDK
37 merged PRs (1, 2, 3, 4, 5), 21 closed issues (1, 2, 3), 7 open issues (1, 2, 3)
Bitmask
8 merged PRs (1), 5 closed issues (1), 2 open issues (1)
Electrs
4 merged PRs (1), 0 closed issues, 1 open issues (1)
Internet2
1 merged PRs (1), 1 closed issues (1), 1 open issues (1)
LDK
48 merged PRs (1, 2), 7 closed issues (1, 2), 6 open issues (1)
LNP/BP
0 merged PRs, 0 closed issues, 1 open issues (1)
LNP WG
3 merged PRs (1), 0 closed issues, 0 open issues
MyCitadel
0 merged PRs, 0 closed issues, 1 open issues (1)
Nakamoto
3 merged PRs (1), 3 closed issues (1), 1 open issues (1)
Nomic
3 merged PRs (1), 0 closed issues, 2 open issues (1, 2)
RGB
8 merged PRs (1), 2 closed issues (1), 6 open issues (1, 2)
Rust Bitcoin
55 merged PRs (1, 2, 3, 4), 13 closed issues (1, 2), 28 open issues (1, 2, 3, 4, 5, 6)
- Add API method absolute::LockTime::is_satisfied_by_lock - Improves a method to better compare locktimes
Rust Simplicity
5 merged PRs (1), 0 closed issues, 0 open issues
Sapio
7 merged PRs (1), 0 closed issues, 2 open issues (1)
Talaia
10 merged PRs (1), 6 closed issues (1), 4 open issues (1)
If we’ve missed any other notable Rust Bitcoin projects or ecosystems, feel free to contribute!
Rust in Ethereum
Ethers-rs
54 merged PRs (1), 7 closed issues (1), 7 open issues (1)
Foundry
189 merged PRs (1), 145 closed issues (1), 60 open issues (1)
Lighthouse
5 merged PRs (1, 2), 40 closed issues (1), 14 open issues (1)
Rust Ethereum
0 merged PRs, 0 closed issues, 1 open issues (1)
Rust Web3
0 merged PRs, 0 closed issues, 3 open issues (1)
zkSync
9 merged PRs (1), 2 closed issues (1), 0 open issues
If we’ve missed any other notable Rust Ethereum projects or ecosystems, feel free to contribute!
Events
Oct 7-16 | Bogota, Colombia
Oct 14 - Nov 18 | Online
Oct 28-30 | Lisbon, Portugal
Oct 31-Nov 6 | San Francisco, USA
Nov 3 | San Francisco, USA
Ethereum hackathon: ETH San Francisco 2022
Nov 3 | San Francisco, USA
Nov 7-10 | Chicago, USA
Nov 10-11 | Dubai, United Arab Emirates
ICSCB 2022: 16. International Conference on Smart Contracts and Blockchain
Nov 14-17 | Istanbul, Turkey
Careers
Blockstream | Remote
Chainflip Labs | Berlin
- Software Engineer (Rust)
- Blockchain Support Engineer
- Ecosystem Development Manager
- Senior Full Stack Engineer
Stellar Development Foundation | USA
More jobs can be found at Job Board.
Want to be included in the next issue? Feel free to submit a PR to the next draft.
Join the discussion on RiB telegram group ❤️