I'll be discussing work on using AI for pharmacovigilance (led by @claudeai 😉 ) as a Spotlight in #Agents4Science today at 11:00am PST! It was really fun participating in @james_y_zou's experiment on what happens if we let an LM lead a research project

Tomorrow at CCS @jneu_net will talk about our Accountable Liveness paper ( https://t.co/bZmEETcS4x). It's well-known how to attribute blame (slashing conditions) when there is a safety violation. Doing the same for liveness violations is harder, but we pin down when it's possible.

I will present new work @acm_ccs this week Breaking Omertà: On Threshold Cryptography, Smart Collusion, and Whistleblowing https://t.co/O0SGFwIV5j tldr; preventing collusion in crypto protocols is hard and even more so when smart contracts are used to facilitate collusion. 1/🧵

New preprint on AI + Education! 🍎 “Modeling Student Learning with 3.8M Program Traces” 💻 When students code, their edits tell a story about their reasoning process: exploring, debugging, and tinkering 🧠 What can LMs learn from training on student edit sequences? 📚

We've had 25 research interns over the past four summers @a16crypto, many of whom are now among the most visible researchers in the space. If you'd like to be a part of the summer '26 cohort, apply here:

10 years ago, @paraga and I were working together to introduce ranking to Twitter’s timeline for hundreds of millions of consumers. Now he’s started @p0 to build infrastructure for a very different kind of user: AI agents. And in a full circle moment, we’re able to work together

just setting up my twttr, again I’ve been heads down building Parallel with some of the best people I’ve ever worked with. We’re creating infrastructure for AIs to search and use the web.

You can find more details here:

We also build a new multivariate polynomial commitment scheme that supports: 1) Opening proofs for evaluations of derivatives 2) Batch opening algorithm to compute proofs at many points, and 3) repairing an opening proof from a few other proofs. 4/5

We construct a new DAS scheme using locally correctable multiplicity codes—these let nodes repair their data chunk by talking to just a few other nodes. No need to re-download or re-encode the whole blob. And it’s way lighter on storage and sampling bandwidth too! 3/5

In today’s DAS systems, like Ethereum's Fulu DAS, if a node loses its chunk of the data, there is no way to repair it. We formally define the notion of repair, along with security guarantees that a DAS scheme must provide 2/5

Excited to present our new work on Data Availability Sampling (DAS) with repair tomorrow at SBC! #sbc25 With @jneu_net , @danboneh & @lera_banda. We tackle a key open problem: how to repair missing data chunks in DAS. 1/5

How to prove many ranges in zero-knowledge, faster than Bulletproofs?👇 Last summer, we worked on a batched ZK range proof with @TrishaCDatta, @nazirkamilla, @rex1fernando and @danboneh. We wanted a sufficiently-succinct but much faster construction to be used for PVSS.

In our work, define and study traceable threshold VRFs. We propose a construction based on Paillier encryption, and use ideas from a previous work on traceable secret sharing ( https://t.co/XqEKcDW4h7) Shout out to @alinush407 for inspiring us to solve this problem!! 5/5

But what happens if some of these parties start selling their key shares to someone? That someone can now predict future VRF values and win those on-chain lotteries…!! 4/5

At a high level, VRFs are pseudorandom functions where the output is also publicly verifiable. To thresholdize, the VRF evaluation key is secret shared among n parties, and any number of parties beyond the threshold can evaluate the VRF 3/5

Threshold VRFs are are widely used for randomness beacons (e.g. @AptosLabs), which can be used for on-chain lotteries, games, or even consensus (e.g. @AlgoFoundation) 2/5

Excited to share our new work on accountability for threshold VRFs, or Verifiable random functions!! (Joint work with @danboneh and Lior Rotem) 1/5 https://t.co/nGdz0iFN7z

Wow- treating a hash function as if it’s random is standard in cryptography. We always knew that it is not 100% theoretically justified and there were works (also by me) with contrived counter examples. This is the first time there is an attack on a standard protocol that’s

Over the past three summers @a16zcrypto we've had 19 tremendous research interns. Want to be part of the summer '25 cohort? The application is open now, for full consideration apply by Nov 8. (Link in replies.)