Hash-Based Stark/Fri Soundness As Coding-Theory Regime Management (Mca/Batching And List-Decoding Terms)

Issue 63 Edition 2026-03-04 7 min read

General

Sources: 1 • Confidence: Medium • Updated: 2026-03-08 21:26

Key takeaways

In hash-based proof systems, batching/soundness analyses reduce to coding-theory distance preservation questions about how corruption fractions evolve through protocol steps.
A $1 million Ethereum Foundation–sponsored Proximity Prize was created to incentivize counterexamples or proofs related to proximity-gap conjectures used in STARK/FRI-style hash-based proof systems.
LeanVM’s proof approach is multilinear and sumcheck-oriented, and incorporates modern lookup techniques such as LogUp/LogUp*.
The Ethereum Foundation is funding a new $1 million effort focused on the security of the Poseidon/Poseidon2 hash function family.
For hash-based SNARKs, security can be proven information-theoretically in the random-oracle model assuming hash collision resistance, but only within certain corruption-fraction parameter regimes.

In hash-based proof systems, batching/soundness analyses reduce to coding-theory distance preservation questions about how corruption fractions evolve through protocol steps.
For hash-based SNARKs, security can be proven information-theoretically in the random-oracle model assuming hash collision resistance, but only within certain corruption-fraction parameter regimes.
Prior to the recent research wave, unconditional security was known up to the Johnson bound and insecurity was known beyond capacity, leaving an unresolved region between for codes of interest.
Goyal and Guruswami showed a strengthened mutual correlated agreement property holds almost up to capacity for certain code families (including random linear codes and some Reed–Solomon-related constructions).
In FRI/STARK-style analyses, a soundness term depends on Reed–Solomon list-decoding list size and this term can dominate in list-decoding regimes.
The discussed analysis-based “attacks” are information-theoretic security degradations rather than constructed efficient exploits, and they can shift guarantees from information-theoretic to computational for some parameter regimes.

A $1 million Ethereum Foundation–sponsored Proximity Prize was created to incentivize counterexamples or proofs related to proximity-gap conjectures used in STARK/FRI-style hash-based proof systems.
The Ethereum Foundation’s SoundCalc tool previously supported conjectural soundness estimates but now omits conjectural cases and reports only unique-decoding or Johnson-bound regimes.
After the sequence of security-degradation results, the Ethereum Foundation team decided to target 128-bit provable security and largely abandon conjectural near-capacity parameter regimes for deployed analysis.
The Proximity Prize is structured around two core challenge areas: mutual correlated agreement bounds and Reed–Solomon list decoding beyond the Johnson bound.

LeanVM’s proof approach is multilinear and sumcheck-oriented, and incorporates modern lookup techniques such as LogUp/LogUp*.
LeanVM’s signature-aggregation proof stack is being built around hash-based primitives and a custom composition of VM arithmetization with polynomial-commitment-style components.
LeanVM’s current SNARK stack is described as a composition of SuperSpartan, LogUp/LogUp*, and Whir rather than a single named protocol.

The Ethereum Foundation is funding a new $1 million effort focused on the security of the Poseidon/Poseidon2 hash function family.

The Ethereum Foundation is funding a new $1 million effort focused on the security of the Poseidon/Poseidon2 hash function family.

Which specific deployed proof systems and parameter sets experienced the stated 3–5 bit security reduction, and under what exact assumptions/regimes was that reduction computed?
What are the exact conditions (corruption-fraction thresholds, code family constraints, and protocol-step definitions) that delineate the “safe” regimes where information-theoretic guarantees hold for these hash-based systems?
What concrete parameter changes (e.g., blowup factors, query counts, domain sizes, security margins) follow from the SoundCalc shift to only unique-decoding/Johnson-bound reporting?
For the small-field/extension-field setting, what deployment configurations trigger the additional ~10-bit degradation, and how does it scale with field size and extension degree?
Can the near-capacity mutual correlated agreement results be turned into efficiently decodable, practically implementable code constructions with concrete parameters suitable for SNARK/STARK deployments?

Ethereum Foundation shifting to provable Johnson bound regimes may increase demand for conservative parameterization and tooling that automates soundness budgeting, influencing providers of STARK and FRI stacks and related developer tools.
Two one million dollar EF security efforts on proximity gaps and Poseidon or Poseidon2 suggest heightened scrutiny of hash based proof system assumptions, potentially slowing deployments until parameter sets and hash assurance are clarified.
LeanVM moving toward hash based multilinear and sumcheck with modern lookups implies ecosystem momentum away from pairing centric designs, favoring components that integrate sumcheck, lookup arguments, and hash based commitments.

More teams adopt SoundCalc outputs limited to unique decoding and Johnson bound regimes, and publicly retune blowup factors, query counts, or domain sizes to target 128 bit provable security.
Proximity Prize or Poseidon or Poseidon2 efforts produce concrete proofs or counterexamples that tighten safe corruption fraction thresholds and reduce reliance on conjectural near capacity assumptions.
Protocol updates and audits explicitly document the previously mentioned 3 to 5 bit and small field extension degradations with named parameter sets, and then ship mitigations or new conservative defaults.

EF funded work finds critical weaknesses in Poseidon or Poseidon2 or indicates collision resistance assumptions are insufficient for claimed regimes, forcing redesigns away from those hashes.
New counterexamples show that even Johnson bound based parameter regimes used in practice have larger soundness losses than reported, undermining the conservative posture and tooling approach.
Near capacity results remain impractical and no efficiently decodable constructions emerge, while conservative parameter increases become too costly, reducing adoption of hash based proof systems in targeted deployments.