- The article is lacking a lot of details, so maybe I'll check the paper if I have the time in the coming days. But, my understanding from the article is that this attack works by breaking a premise of the considered protocols that doesn't have much to do with the random oracle model. They basically say that, if you agree on a program to use and you hash it as part of your commitment, then you can use the Fiat-Shamir transform to prove claims regarding the program's output. But it seems natural to me that, if you are tricked into accepting the use of a malicious program, then the protocol breaks. After all, the hashing of the program at the beginning is meant to ensure that you're using a specific binary you agreed upon, but it does nothing to show that such a binary works as intended. This has to be verified outside of such protocol.
Am I missing something? Or maybe the point is that, under the random oracle model, it should be hard to write a program that contains its own hash? But then again, would the trick of reading the hash from an external configuration file that isn't considered as part of the hashing be fair game?
by PretzelPirate
1 subcomments
- > When he shared his thoughts with Ethereum’s cryptographers, he was startled to learn that they were unfamiliar with this work
It would be nice if the article included timelines. Ethereum researchers have been talking about GKR since 2020,so it's hard to imagine the lack of familiarity.
- Does that mean you can fake Bitcoins or cryptocurrency transactions? What exactly could be affected by these vulnerabilities? Is there a better article anywhere that actually spells it out for the layman?
- Here's a whiteboard session going over that but https://blog.zksecurity.xyz/posts/pudding3/
- The key to why this even works (and didn’t work before) is here: https://community.intercoin.app/t/paper-shows-relying-on-has...
Simply put, a reliable random oracle in an adversarial environment should be based on sources of randomness from multiple sources and participants, usually the sources are the participants’ meaningful actions to prevent collusion.
It has been known for quite a while that if the space of inputs being hashed is small, the hashing is relatively useless for most benefits of a true one-way function (eg hashing a phone number in USA).
- I recall someone creating a crypto system and then forgetting to protect the constructor of the initial object so other could change the constructor and do whatever they wanted with that crypto system, but in the end the creators were just web developers with a little training in crypto.
In those circumstances those millions of coins flying in or out are not a tragedy (at least for me) but a very plausible outcome.
by austin-cheney
6 subcomments
- Hashes should never be a source of randomness. Randomness makes assumptions far outside their intended use case.
Hashes should only be a reproducible label that cannot be used to produce the material described by the hash. When used for their intended purposes hashes serve as the strongest point of integrity until value collisions are discovered.
- I find the actual paper more readable and understandable than this summarization.
https://eprint.iacr.org/2025/118
by seriousmountain
0 subcomment
- [dead]
by PontingClarke
0 subcomment
- [flagged]
by bsenftner
7 subcomments
- [flagged]
- My initial prediction is they just divided by zero someplace - just like every other undergrad in any degree program that requires some advanced math has. I'm happy to see they didn't make this obvious mistake.
- What is a lie? what is the truth? It is very difficult to find the truth, and the descriptions of the same thing are different for different persons. So the title and its content is a lie.
by doodlebugging
4 subcomments
- >if a professor has assigned 100 problems for homework but doesn’t want to grade a student’s entire assignment, she can randomly choose 10 problems to grade. In the language of computer scientists, she is making 10 “random challenges” to the student’s homework. If the answers to those 10 problems are correct, the professor can feel confident that most of the other answers are correct too.
Eureka! I found the reason that so many things in society have gone to shit in the last few years. Far too many professors are so overworked or maybe just lazy and are using this type of tool to grade student work and the end result is that we have too many students passing through the system who have demonstrably only been able to score a 10/100.
I'm over 60 now and if I had scored lower than my current age back in the day I would fail and need to repeat the grade/course. Now they just kick the can('ts) on down the road and hope no one ever notices.
Too bad some of these failures end up in positions of influence where their uncharted deficiencies have the power to disrupt or destroy functional systems.
Or maybe I'm joking. I'll know once the caffeine hits.