RiB Newsletter #45
Welcome to the #45 edition of Rust in Blockchain, the monthly newsletter about Rust, distributed systems, cryptography, and other industry topics. Previous: #44.
Thanks
Thanks to contributors: Dennis Zoma, djddo, François Garillot, Rodairos, Brian Anderson and Aimee Zhu. Thank you for your help!
RiB needs help to keep up with Rust blockchain projects. If you follow a particular project, or otherwise find information that is beneficial to the Rust & blockchain community, please contribute to the next issue by submitting a PR to the next draft.
Project Spotlight
Each month we like to shine a light on a notable Rust blockchain project. This month that project is…
microsoft/Nova and jules/supernova.
Nova is a recursive SNARK, and SuperNova is a refinement of Nova with more efficient proofs of individual program steps.
In SuperNova the cost of proving a step of the program is proportional only to the size of the circuit for that instruction; whereas in most SNARKS the cost of proving a single step is proportional to the sum of circuit sizes of all possible instructions.
Described in “Nova: Recursive Zero-Knowledge Arguments from Folding Schemes” and “SuperNova: Proving universal machine executions without universal circuits”.
While Nova is a Microsoft project, the above SuperNova implementation is not, though the Nova author has plans to publish a SuperNova implementation.
Interesting Things
News
- Hello, Stylus. Arbitrum’s new programming enviroment that supports Rust, C, C++ and more. It’s not open sourced yet.
Blog Posts
- A walkthrough on the open source Aleo VM implemented with Arkworks and blockchain implemented with Tendermint
- What Is a zkEVM?
- What Is Zero-Knowledge Encryption?
- Unveiling OlaVM Proof of Concept: The Next-Generation Full-Featured zkVM
- Sangria: a Folding Scheme for PLONK, a way to achieve IVC, similar to Nova, but on top of a Plonk arithmetization instead of R1CS.
Papers
- Faithful Simulation of Randomized BFT Protocols on Block DAGs
- Reputation-based state machine replication
- Byzantine-Resilient Multi-Agent Distributed Exact Optimization with Less Data
Projects
- Bonsai Starter Template. Starter template for writing an application using Bonsai, a general purpose zero-knowledge proof network.
- Arti 1.1.1 released. Arti is Tor implemented as a Rust library.
- SuperNova. Rust implementation of the SuperNova protocol.
Security Advisories
Monthly security advisories, from RustSec, and GitHub Advisories. Bold entries here are especially relevant to blockchain projects.
- RUSTSEC-2022-0086: Vulnerability in
slack-morphism
. - RUSTSEC-2022-0087: Vulnerability in slack-morphism.
- RUSTSEC-2022-0084: Vulnerability in libp2p.
- RUSTSEC-2023-0004: Vulnerability in bzip2.
- RUSTSEC-2022-0085: Vulnerability in matrix-sdk-crypto.
- RUSTSEC-2022-0083: Vulnerability in evm.
- RUSTSEC-2023-0005: Unsoundness in tokio.
- RUSTSEC-2020-0166: Security notice about personnummer.
- RUSTSEC-2022-0088: Vulnerability in tauri.
- RUSTSEC-2022-0089: Vulnerability in aliyun-oss-client.
- RUSTSEC-2023-0008: Vulnerability in openssl-src.
- X.509 Name Constraints Read Buffer Overflow
- RUSTSEC-2023-0013: Vulnerability in openssl-src.
NULL
dereference during PKCS7 data verification
- RUSTSEC-2023-0010: Vulnerability in openssl-src.
- Double free after calling
PEM_read_bio_ex
- Double free after calling
- RUSTSEC-2023-0007: Vulnerability in openssl-src.
- Timing Oracle in RSA Decryption
- RUSTSEC-2023-0012: Vulnerability in openssl-src.
NULL
dereference validating DSA public key
- RUSTSEC-2023-0009: Vulnerability in openssl-src.
- Use-after-free following
BIO_new_NDEF
- Use-after-free following
- RUSTSEC-2023-0006: Vulnerability in openssl-src.
- X.400 address type confusion in X.509
GeneralName
- X.400 address type confusion in X.509
- RUSTSEC-2023-0011: Vulnerability in openssl-src.
- Invalid pointer dereference in
d2i_PKCS7
functions
- Invalid pointer dereference in
- RUSTSEC-2020-0167: Vulnerability in pnet_packet.
- RUSTSEC-2023-0014: Unsoundness in cortex-m-rt.
- RUSTSEC-2022-0090: Vulnerability in libsqlite3-sys.
- RUSTSEC-2023-0016: Unsoundness in partial_sort.
- RUSTSEC-2023-0015: Unsoundness in ascii.
- RUSTSEC-2022-0091: Vulnerability in tauri.
- CVE-2023-26103: Deno vulnerable to Regular Expression Denial of Service.
- GHSA-p2gm-ffr3-w2xw: Nervos CKB vulnerable to low-resource flood DDoS attacks through network message.
- GHSA-fjj4-2q73-jvgc: Nervos CKB calculation of program load cycles may be missed when executing in resume mode.
Most Active in February
Sui: 471 merged PRs, 57 closed issues, 122 open issues
Solana: 419 merged PRs, 125 closed issues, 35 open issues
Parity: 414 merged PRs, 215 closed issues, 156 open issues
Fuel: 311 merged PRs, 169 closed issues, 119 open issues
Starkware: 286 merged PRs, 37 closed issues, 6 open issues
Project Updates
Aleo
61 merged PRs (1, 2, 3, 4, 5), 9 closed issues (1, 2, 3), 10 open issues (1, 2, 3, 4)
Anoma
53 merged PRs (1, 2, 3), 32 closed issues (1, 2), 29 open issues (1, 2, 3)
Aptos
241 merged PRs (1), 67 closed issues (1), 41 open issues (1)
Casper
68 merged PRs (1, 2), 66 closed issues (1, 2), 67 open issues (1, 2)
COMIT
1 merged PRs (1), 0 closed issues, 0 open issues
Concordium
45 merged PRs (1, 2, 3, 4), 18 closed issues (1, 2, 3), 26 open issues (1, 2, 3, 4)
Conflux
11 merged PRs (1), 1 closed issues (1), 3 open issues (1)
DarkFi
6 merged PRs (1), 9 closed issues (1), 2 open issues (1)
Dfinity
80 merged PRs (1, 2, 3, 4, 5, 6), 7 closed issues (1, 2, 3), 3 open issues (1, 2)
Dusk Network
21 merged PRs (1, 2), 26 closed issues (1, 2, 3), 11 open issues (1, 2)
Espresso Systems
33 merged PRs (1, 2, 3, 4), 37 closed issues (1, 2, 3), 31 open issues (1, 2)
Filecoin
191 merged PRs (1, 2, 3, 4, 5, 6, 7), 167 closed issues (1, 2, 3), 39 open issues (1, 2, 3, 4)
Findora
18 merged PRs (1, 2), 1 closed issues (1), 1 open issues (1)
Fluence
141 merged PRs (1, 2, 3, 4, 5, 6), 0 closed issues, 0 open issues
Fuel
311 merged PRs (1, 2, 3, 4, 5, 6, 7, 8), 169 closed issues (1, 2, 3, 4, 5, 6, 7), 119 open issues (1, 2, 3, 4, 5, 6, 7, 8)
Golem
10 merged PRs (1), 24 closed issues (1, 2), 19 open issues (1, 2)
Helium
24 merged PRs (1, 2, 3, 4), 5 closed issues (1, 2, 3), 0 open issues
Holochain
133 merged PRs (1, 2, 3), 11 closed issues (1, 2), 8 open issues (1, 2)
IOTA
144 merged PRs (1, 2, 3, 4, 5), 43 closed issues (1, 2), 34 open issues (1, 2, 3)
Maidsafe
114 merged PRs (1, 2, 3, 4, 5, 6), 9 closed issues (1, 2, 3), 7 open issues (1, 2)
Mina
0 merged PRs, 0 closed issues, 1 open issues (1)
MobileCoin
39 merged PRs (1), 13 closed issues (1), 15 open issues (1)
MultiversX
33 merged PRs (1, 2, 3), 2 closed issues (1), 3 open issues (1)
NEAR
142 merged PRs (1, 2, 3, 4, 5, 6, 7, 8), 35 closed issues (1, 2), 43 open issues (1, 2, 3)
Nervos
68 merged PRs (1, 2, 3, 4, 5, 6, 7), 3 closed issues (1, 2), 9 open issues (1, 2, 3, 4)
Oasis
10 merged PRs (1, 2), 0 closed issues, 0 open issues
Parity
414 merged PRs (1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14), 215 closed issues (1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13), 156 open issues (1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
Radix
74 merged PRs (1, 2, 3), 0 closed issues, 2 open issues (1)
Secret Network
28 merged PRs (1, 2, 3), 1 closed issues (1), 0 open issues
Solana
419 merged PRs (1, 2), 125 closed issues (1, 2), 35 open issues (1, 2)
Subspace Network
36 merged PRs (1), 26 closed issues (1), 18 open issues (1)
Sui
471 merged PRs (1), 57 closed issues (1), 122 open issues (1)
Zcash
56 merged PRs (1, 2, 3, 4), 38 closed issues (1, 2, 3, 4, 5), 36 open issues (1, 2, 3, 4, 5)
Rust in Bitcoin
For discussion join the Rust in Bitcoin Telegram group.
BDK
23 merged PRs (1, 2, 3, 4, 5), 6 closed issues (1, 2, 3), 19 open issues (1, 2, 3)
BitMask
3 merged PRs (1), 0 closed issues, 2 open issues (1)
Cyphernet
7 merged PRs (1, 2, 3, 4), 1 closed issues (1), 4 open issues (1, 2)
Electrs
7 merged PRs (1), 12 closed issues (1), 2 open issues (1)
Fedimint
142 merged PRs (1, 2), 45 closed issues (1), 28 open issues (1)
LDK
38 merged PRs (1, 2), 14 closed issues (1), 12 open issues (1)
LNP/BP
11 merged PRs (1, 2, 3, 4), 20 closed issues (1, 2, 3), 3 open issues (1, 2)
LNP WG
2 merged PRs (1, 2), 0 closed issues, 2 open issues (1)
Nomic
10 merged PRs (1, 2), 0 closed issues (), 2 open issues (1, 2)
RGB
4 merged PRs (1, 2), 16 closed issues (1), 2 open issues (1)
Rust Bitcoin
69 merged PRs (1, 2, 3, 4), 31 closed issues (1, 2, 3), 18 open issues (1, 2, 3, 4)
Rust Simplicity
1 merged PRs (1), 0 closed issues, 1 open issues (1)
Talaia
6 merged PRs (1), 5 closed issues (1), 3 open issues (1)
If we’ve missed any other notable Rust Bitcoin projects or ecosystems, feel free to contribute!
Rust in Ethereum
Ethers-rs
59 merged PRs (1), 14 closed issues (1), 14 open issues (1)
Foundry
66 merged PRs (1), 75 closed issues (1), 95 open issues (1)
Lighthouse
35 merged PRs (1, 2), 18 closed issues (1, 2), 28 open issues (1)
Mir Protocol
20 merged PRs (1, 2), 1 closed issues (1), 2 open issues (1)
Starkware
286 merged PRs (1, 2), 37 closed issues (1, 2), 6 open issues (1, 2)
zkSync
2 merged PRs (1, 2), 2 closed issues (1), 2 open issues (1)
If we’ve missed any other notable Rust Ethereum projects or ecosystems, feel free to contribute!
Events
Mar 9-19 | Online | Holochain Dev Training for Rust Developers
Mar 13 - Apr 7 | Ho Chi Minh City, Vietnam | ZK Spring Residency in Vietnam
Mar 20-24 | Paris, France | Paris Blockchain Week
Mar 26 | Tokyo, Japan | FHE.org conference 2023
Mar 27-29 | Tokyo, Japan | RWC 2023
Apr 4 | Lisbon, Portugal | zkSummit9
May 1-5 | Bol, Brač, Croatia | Financial Cryptography and Data Security 2023
May 20-21 | Amsterdam, Netherlands | ETHDam
Jun 3-5 | Prague, Czech Republic | Gateway to Cosmos 2023
Jun 17-20 | Paris, France | EthCC
Aug 28-30 | Palo Alto, CA, US | The Science of Blockchain Conference 2023
Sep 11-13 | Berlin, Germany | DappCon
Sep 12-15 | Albuquerque, NM & Online | RustConf 2023
Careers
Blockstream | Remote
Stellar | Remote
More jobs can be found at Job Board.
Want to be included in the next issue? Feel free to submit a PR to the next draft.
Join the discussion on RiB telegram group ❤️