Comment by tempodox
4 days ago
Does that mean you can fake Bitcoins or cryptocurrency transactions? What exactly could be affected by these vulnerabilities? Is there a better article anywhere that actually spells it out for the layman?
4 days ago
Does that mean you can fake Bitcoins or cryptocurrency transactions? What exactly could be affected by these vulnerabilities? Is there a better article anywhere that actually spells it out for the layman?
Extremely theoretically, and the article is very sensational.
The paper is half a year old, and hasn't made a splash; if this were significant news, I would expect to be able to find more coverage on it.
I did find this more nuanced take here: https://blog.cryptographyengineering.com/2025/02/04/how-to-p...
I haven't seen much of Quanta "Magazine", but I feel all of it has been stuff like this?
Quanta is a pretty popular, popular science outlet. It tends to be closer to the theory than (capital P, S) Popular Science magazine, but ultimately much of what they publish is digested to a degree for lay consumption.
They had an article just the other day about a more optimal sphere packing that was up my alley as a technical (programmer) person with a casual interest in broader pure math.
They do sensationalize a bit as a side effect of their process though, no argument there.
The nuanced take was also discussed here at the time: https://news.ycombinator.com/item?id=42939312
usually they are very thorough (for a magazine targeting curious well-motivated, but of course still a virtually completely laymen audience), but it seems recently their volume has increased whil quality stayed constant :)
Quanta is “pop science” for smart lay people who might also read, for instance, the New Yorker.
From my cursory reading, it doesn't seem related to Bitcoin at all, but it might affect some more complex Ethereum protocols. Doesn't seem related to Ethereum itself, but it seems related to some zero-knowledge proofs.
edit: it seems to be related to something called "GKR protocol" that some cryptocurrencies use (?) - can use (?) - for somehow proving ... something? mining?.. using zero-knowledge proofs.... like here - https://www.polyhedra.network/expander (as usual in cryptocurrency, hard to tell what is actually being done/sold)
what I take from this, as a laic, is that... experimental ZK-proofs are indeed experimental.
Schnorr signatures, which Bitcoin uses, are based on the Fiat-Shamir transform, but I don't know enough about this attack to be able to tell whether there's any problem with that particular instance of it.
So the way Ethereum comes in is that the community at large is moving user activity to "L2s" - separate blockchains (sidechains) usually rolled up in and therefore secured by Ethereum Mainnet. Some of the newer L2s where apparently using this. So it affects Ethereum to the extent that its users could be bridging witg unsane protocols and implementations.
There are usually "bridge contracts" deployed on Mainnet to allow briding assets/tokens between them. This (besides obv exchanges) is where most of the ridiculous hacks and online theft of past few years have happened. The Axie/Ronin hack was a huge facepalm and should have been a lesson to be more wary of handwavy security claims of these more experimental networks.
No, this could not allow for faking Bitcoin or Ethereum TXs. This type of vulnerability mainly concerns "zero-knowledge" proof methods, which do not occur inside the Bitcoin or Ethereum base layers. Some teams are building ZK proofs on top of these and other blockchains though, so those systems could be vulnerable, though they are still largely experimental.
(Take this with a grain of salt as I only learned about the Fiat-Shamir heuristic via this HN thread last week https://crypto.stackexchange.com/q/879 for some discussion of the mechanics of how it might happen, once you choose a real hash function.
This new paper advances the field by showing an attack that targets a real-world protocol that people actually use, GKR. It shows (and again, take my interpretation with a grain of salt) that when you pick a real hash function, the attacker can construct an input (circuit) that results in whatever output the attacker wants.
---
What's the real-world impact?
There do exist real non-interactive zero-knowledge proof systems, mainly used in blockchains. Instead of publicly exposing all the info to the world and doing computation on the (slow) blockchain, you can protect privacy of transactions and/or bundle a bunch of updates into a cheaper one (ZK-rollups). Theoretically these could be attacked using the methods described in the paper.
It's unclear to me whether those are affected here (though my guess is no, since they could have mentioned it if so).
Probably - but you are likely to be caught as eventually someone will verify your work with a non-broke program. I'm not clear exactly how likely that is (I'm not interested enough in cryptocurrency to bother to dig into the algorithm, but IIRC several different parties need to agree on a transaction before it is considered real - or something like that, I hope I sound confused), but if you are doing a lot of bitcoin fraud someone will notice.
I'm not sure if they can trace the fraud to you.
A security researcher showed me years ago that blockchains were hackable. I don’t remember the proof, but since then have had low interest in crypto or blockchains. I’d like to make money off of it, but it’s insecure.
The major blockchains are basically billion-dollar bug bounty programs. If they were hackable that easily, we'd probably know already.
That depends on the hack. If the hack is something that is traceable to you then the hack becomes fraud and the police will be at your door. This assumes that the likes of Russia and North Korea have decided that there is more value in bitcoin remaining operational than the one time haul of money they can get from the fraud (which to be fair seems unlikely since it is prisoners dilemma where the defector chooses the final round)
5 replies →