Hacker News·4 min read·hard

AI Meets Cryptography 2: What AI Found in OpenVM's ZkVM

D
duha
AI Summary

Security researchers used an AI auditor to identify a critical soundness bug in OpenVM's guest library, which was subsequently assigned a CVE and patched. The experiment highlights the challenges of using LLMs to audit complex cryptographic systems.

This is the second post in the series. In case you have not read the first one on Cloudflare's CIRCL , it has more context on why we run these experiments and how our pipeline is set up. In this post, we pointed zkao , our AI auditor, at OpenVM's zkVM , and it found a critical soundness bug in its guest library openvm-pairing that lets a malicious prover forge any pairing equality. Note that this is not a soundness bug in the zkVM's proving system itself; it only affects code that uses the vulnerable library.

Continue reading on Headlinne

Create a free account to read the full article.

Read full article →
technologyscience

Get the full story

Sign up for Headlinne to unlock AI insights, political bias analysis, and your personalized news feed.

Create free account

Already have an account? Sign in