Comment by Groxx
4 days ago
It seems to be pretty explicit that the "program" being run contains the full hashing algorithm used (to output the correct answers most of the time) plus additional logic to allow cheating.
That rather clearly goes wildly beyond what most ZK schemes use. That's arbitrary code execution of your choice, either as input or as part of selecting the program. Which seems like it puts this somewhere near "if you allow `eval` on user input in your script, it could do anything", doesn't it?
Plus like. They fixed it. That seems to imply it's more of an implementation flaw than a fundamental, even if it may be a surprisingly achievable one.
So the proofs I’m most familiar with embed programs as polynomials over finite fields. Input data also corresponds to choosing some coefficients, and if you can choose enough coefficients (enough to embed the hash function) then the attack may be feasible.
The problem is compounded because the hash functions are typically chosen to have extremely short polynomial representations.