We beat Google’s zero-knowledge proof of quantum cryptanalys...#2142
Open
carlospolop wants to merge 1 commit intomasterfrom
Open
We beat Google’s zero-knowledge proof of quantum cryptanalys...#2142carlospolop wants to merge 1 commit intomasterfrom
carlospolop wants to merge 1 commit intomasterfrom
Conversation
Collaborator
Author
🔗 Additional ContextOriginal Blog Post: https://blog.trailofbits.com/2026/04/17/we-beat-googles-zero-knowledge-proof-of-quantum-cryptanalysis/ Content Categories: Based on the analysis, this content was categorized under "Pentesting Web -> Deserialization (or a new page under Crypto / Blockchain & Crypto / ZK security) covering: zkVM/ZKP guest-program attacks, unsafe rkyv deserialization pitfalls (access_unchecked), enum-discriminant UB in match jump tables, and integrity bypass of ‘proved’ metrics". Repository Maintenance:
Review Notes:
Bot Version: HackTricks News Bot v1.0 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
🤖 Automated Content Update
This PR was automatically generated by the HackTricks News Bot based on a technical blog post.
📝 Source Information
🎯 Content Summary
Trail of Bits shows that Google Quantum AI’s April 2026 zkVM-based zero-knowledge proofs (ZKPs) for quantum resource estimates can be forged to claim dramatically better metrics (operations/qubits/Toffoli gates) without any real quantum-algorithm improvement, by exploiting unsafe deserialization (UB/control-flow) and logic/spec bugs in Google’s Rust zkVM guest program (built on Succinct Labs’ SP1 zkVM). Google later patched the implementation (paper/vers...
🔧 Technical Details
rkyv::access_unchecked, enum discriminants (e.g., an opcode field) can be out of the valid range. When Rust compiles largematchstatements, it may emit jump tables; an out-of-range discriminant can index past the intended table and land in adjacent code, effectively redirecting control flow. If the program uses onematchto update security-critical counters/constraints and a latermatchto execute semantics, an attacker can craft the discriminant so that semantics execute while the counter path is skipped, yielding a proof/attestation with correct behavior but falsified accounting.2) Register-aliasing breaks reversibility and yields a deterministic reset primitive: If a simulator/spec for reversible operations (e.g., Toffoli/CCX) fails to enforce that input and output registers are dis...
🤖 Agent Actions
I’m mapping the repo first and then reading candidate crypto/zk files to find a single correct target page without duplicating existing material.
I found blockchain and crypto sections but no existing ZK/zkVM page. I’m reading several nearby files now to judge whether this belongs in an existing blockchain/crypto overview page or whether it would be too off-topic there.
The existing deserialization page is too focused on classic app/object-RCE sinks. This blog is stronger as a blockchain/ZK integrity issue: the proof is valid for buggy guest execution, not for the intended cost statement.
I’ve selected src/blockchain/blockchain-and-crypto-currencies/README.md as the single target file. I’m adding a compact ZK/zkVM security section there, focused on guest-program integrity bugs and proof-forgery techniques rather than the specific Google incident.
The content is in place, but I need to fix file structure now: this README already had a late DeFi section after
## References, so I’m re-reading the tail and normalizing it so references stay at the true end of the file.I’ve finished the edit and I’m doing a final verification pass on the modified README plus the diff, mainly to confirm the new section is concise, non-duplicative, and that
## Referencesis now truly the last section.Updated src/blockchain/blockchain-and-crypto-currencies/README.md with a new
ZK Proof / zkVM Guest Integritysection.I placed it there instead of
pentesting-web/deserializationbecause the transferable technique is not generic web deserialization RCE, but proof-integrity failure in blockchain/ZK systems: unsaferkyv::access_uncheckedon private inputs, out-of-range enum discriminants reaching jump-table UB and skipping accounting, and missing operand-distinctness checks that let reversible instructions collapse into a reset primitive. I kept it focused on reusable audit patterns and verification guidance rather than the specific Google incident, and added references to the Trail of Bits post, patched paper, and PoC repo.Verified the final file structure after editing:
## Referencesis now the last section in the file. No code/tests were needed for this doc-only update.This PR was automatically created by the HackTricks Feed Bot. Please review the changes carefully before merging.