https://miscreants.github.io/blog.trailofbits.com/categories/zero-knowledge/Recent content in zero-knowledge on The Trail of Bits BlogHugoen-usFri, 31 Oct 2025 00:00:00 -0400https://miscreants.github.io/blog.trailofbits.com/2025/10/31/the-cryptography-behind-electronic-passports/Fri, 31 Oct 2025 07:00:00 -0400https://miscreants.github.io/blog.trailofbits.com/2025/10/31/the-cryptography-behind-electronic-passports/This blog post describes how electronic passports work, the threats within their threat model, and how they protect against those threats using cryptography. It also discusses the implications of using electronic passports for novel applications, such as zero-knowledge identity proofs.https://miscreants.github.io/blog.trailofbits.com/2024/02/26/circomspect-has-been-integrated-into-the-sindri-cli/Mon, 26 Feb 2024 09:00:02 -0500https://miscreants.github.io/blog.trailofbits.com/2024/02/26/circomspect-has-been-integrated-into-the-sindri-cli/Our tool Circomspect is now integrated into the Sindri command-line interface (CLI)! We designed Circomspect to help developers build Circom circuits more securely, particularly given the limited tooling support available for this novel programming framework. Integrating this tool into a development environment like that provided by Sindri is a significant step toward […]https://miscreants.github.io/blog.trailofbits.com/2022/11/29/specialized-zero-knowledge-proof-failures/Tue, 29 Nov 2022 07:30:56 -0500https://miscreants.github.io/blog.trailofbits.com/2022/11/29/specialized-zero-knowledge-proof-failures/Zero-knowledge (ZK) proofs are useful cryptographic tools that have seen an explosion of interest in recent years, largely due to their applications to cryptocurrency. The fundamental idea of a ZK proof is that a person with a secret piece of information (a cryptographic key, for instance) can prove something about the secret […]https://miscreants.github.io/blog.trailofbits.com/2022/11/14/livestream-workshop-fuzzing-echidna-slither/Mon, 14 Nov 2022 08:30:23 -0500https://miscreants.github.io/blog.trailofbits.com/2022/11/14/livestream-workshop-fuzzing-echidna-slither/Over the years, we’ve built many high-impact tools that we use for security reviews. You might know some of them, like Slither, Echidna, Amarna, Tealer, and test-fuzz. All of our tools are open source, and we love seeing the community benefit from them. But mastering our tools takes time and practice, and it’s easier if […]https://miscreants.github.io/blog.trailofbits.com/2022/09/15/it-pays-to-be-circomspect/Thu, 15 Sep 2022 00:00:43 -0400https://miscreants.github.io/blog.trailofbits.com/2022/09/15/it-pays-to-be-circomspect/In October 2019, a security researcher found a devastating vulnerability in Tornado.cash, a decentralized, non-custodial mixer on the Ethereum network. Tornado.cash uses zero-knowledge proofs (ZKPs) to allow its users to privately deposit and withdraw funds. The proofs are supposed to guarantee that each withdrawal can be matched against a […]https://miscreants.github.io/blog.trailofbits.com/2022/04/18/the-frozen-heart-vulnerability-in-plonk/Mon, 18 Apr 2022 07:00:01 -0400https://miscreants.github.io/blog.trailofbits.com/2022/04/18/the-frozen-heart-vulnerability-in-plonk/In part 1 of this blog post, we disclosed critical vulnerabilities that break the soundness of multiple implementations of zero-knowledge proof systems. This class of vulnerability, which we dubbed Frozen Heart, is caused by insecure implementations of the Fiat-Shamir transformation that allow malicious users to forge proofs for random statements. In part […]https://miscreants.github.io/blog.trailofbits.com/2022/04/15/the-frozen-heart-vulnerability-in-bulletproofs/Fri, 15 Apr 2022 07:00:52 -0400https://miscreants.github.io/blog.trailofbits.com/2022/04/15/the-frozen-heart-vulnerability-in-bulletproofs/In part 1 of this series, we disclosed critical vulnerabilities that break the soundness of multiple implementations of zero-knowledge proof systems. This class of vulnerability, which we dubbed Frozen Heart, is caused by insecure implementations of the Fiat-Shamir transformation that allow malicious users to forge proofs for random statements. In part 2, […]https://miscreants.github.io/blog.trailofbits.com/2022/04/14/the-frozen-heart-vulnerability-in-giraults-proof-of-knowledge/Thu, 14 Apr 2022 07:00:32 -0400https://miscreants.github.io/blog.trailofbits.com/2022/04/14/the-frozen-heart-vulnerability-in-giraults-proof-of-knowledge/In part 1 of this series, we disclosed critical vulnerabilities that break the soundness of multiple implementations of zero-knowledge proof systems. This class of vulnerability, which we dubbed Frozen Heart, is caused by insecure implementations of the Fiat-Shamir transformation that allow malicious users to forge proofs for random statements. The vulnerability is […]https://miscreants.github.io/blog.trailofbits.com/2022/04/13/part-1-coordinated-disclosure-of-vulnerabilities-affecting-girault-bulletproofs-and-plonk/Wed, 13 Apr 2022 07:00:00 -0400https://miscreants.github.io/blog.trailofbits.com/2022/04/13/part-1-coordinated-disclosure-of-vulnerabilities-affecting-girault-bulletproofs-and-plonk/Trail of Bits is publicly disclosing critical vulnerabilities that break the soundness of multiple implementations of zero-knowledge proof systems, including PlonK and Bulletproofs. These vulnerabilities are caused by insecure implementations of the Fiat-Shamir transformation that allow malicious users to forge proofs for random statements. We’ve dubbed this class of vulnerabilities Frozen Heart. […]https://miscreants.github.io/blog.trailofbits.com/2021/12/21/disclosing-shamirs-secret-sharing-vulnerabilities-and-announcing-zkdocs/Tue, 21 Dec 2021 07:00:04 -0500https://miscreants.github.io/blog.trailofbits.com/2021/12/21/disclosing-shamirs-secret-sharing-vulnerabilities-and-announcing-zkdocs/Trail of Bits is publicly disclosing two bugs that affect Shamir’s Secret Sharing implementation of Binance’s threshold signature scheme library (tss-lib) and most of its active forks. Here is the full list of affected repositories: Binance’s tss-lib Clover Network’s threshold-crypto Keep Network’s keep-ecdsa Swingby’s tss-lib THORchain’s tss-lib ZenGo X’s […]https://miscreants.github.io/blog.trailofbits.com/2021/02/19/serving-up-zero-knowledge-proofs/Fri, 19 Feb 2021 06:59:31 -0500https://miscreants.github.io/blog.trailofbits.com/2021/02/19/serving-up-zero-knowledge-proofs/Zero-knowledge (ZK) proofs are gaining popularity, and exciting new applications for this technology are emerging, particularly in the blockchain space. So we’d like to shine a spotlight on an interesting source of implementation bugs that we’ve seen—the Fiat Shamir transformation. A ZK proof can be either interactive, where the […]https://miscreants.github.io/blog.trailofbits.com/2020/12/14/reverie-an-optimized-zero-knowledge-proof-system/Mon, 14 Dec 2020 07:50:27 -0500https://miscreants.github.io/blog.trailofbits.com/2020/12/14/reverie-an-optimized-zero-knowledge-proof-system/Zero-knowledge proofs, once a theoretical curiosity, have recently seen widespread deployment in blockchain systems such as Zcash and Monero. However, most blockchain applications of ZK proofs make proof size and performance tradeoffs that are a poor fit for other use-cases. In particular, these protocols often require an elaborate trusted setup phase and optimize for proof […]https://miscreants.github.io/blog.trailofbits.com/2020/05/21/reinventing-vulnerability-disclosure-using-zero-knowledge-proofs/Thu, 21 May 2020 07:50:27 -0400https://miscreants.github.io/blog.trailofbits.com/2020/05/21/reinventing-vulnerability-disclosure-using-zero-knowledge-proofs/We, along with our partner Matthew Green at Johns Hopkins University, are using zero-knowledge (ZK) proofs to establish a trusted landscape in which tech companies and vulnerability researchers can communicate reasonably with one another without fear of being sabotaged or scorned. Over the next four years, we will push the state of the art in […]