Headline
GHSA-5xgj-pmjj-gw49: RISC Zero zkVM notes on zero-knowledge
RISC Zero zkVM was designed from its inception to provide three main guarantees:
- Computational integrity: that a given software program executed correctly.
- Succinctness: that the proof of execution does not grow in relation to the program being executed.
- Zero Knowledge: that details of the program execution are not visible within the proof of program execution.
Ulrich Habock and Al Kindi have released new research that indicates that several STARK implementations -including our RISC Zero zkVM- do not meet the requirements to assert the specific property of zero knowledge provably.
While a vast majority of real-world applications that leverage RISC Zero zkVM or similar systems depend primarily on computational integrity and succinctness, a subset of applications critically depend on the privacy guarantees provided by zero-knowledge; and for those use cases, users are cautioned to understand the research and make informed decisions based on the risks outlined in using an impacted system.
Although the maintainers are not aware of any attacks that can take advantage of this potential weakness, they are working to proactively address this discovery as quickly as possible.
RISC Zero zkVM was designed from its inception to provide three main guarantees:
- Computational integrity: that a given software program executed correctly.
- Succinctness: that the proof of execution does not grow in relation to the program being executed.
- Zero Knowledge: that details of the program execution are not visible within the proof of program execution.
Ulrich Habock and Al Kindi have released new research that indicates that several STARK implementations -including our RISC Zero zkVM- do not meet the requirements to assert the specific property of zero knowledge provably.
While a vast majority of real-world applications that leverage RISC Zero zkVM or similar systems depend primarily on computational integrity and succinctness, a subset of applications critically depend on the privacy guarantees provided by zero-knowledge; and for those use cases, users are cautioned to understand the research and make informed decisions based on the risks outlined in using an impacted system.
Although the maintainers are not aware of any attacks that can take advantage of this potential weakness, they are working to proactively address this discovery as quickly as possible.
References
- GHSA-5xgj-pmjj-gw49
- https://eprint.iacr.org/2024/1037