Paul Grubbs and coauthors win IEEE S&P Distinguished Paper Award for research on security risks in modern zero-knowledge proof systems

Prof. Paul Grubbs and coauthors Quang Dao (Carnegie Mellon University), Jim Miller (Trail of Bits), and Opal Wright (Trail of Bits) have received a Distinguished Paper Award at the 2023 IEEE Symposium on Security and Privacy (S&P) conference  for their paper, Weak Fiat-Shamir Attacks on Modern Proof Systems. Their paper was one of just 12 papers to receive the distinction, comprising 1% of all papers submitted to the conference and 6% of accepted papers. Grubbs’s research was recognized by the IEEE S&P award committee due both to its scientific rigor and its broader implications for proof system security in cryptocurrency and other applications. 

Proof systems are becoming an increasingly prevalent tool in cryptography. These systems consist of a prover, whose task is to prove the truth of a given statement to a verifier. One application of zero-knowledge proofs is to allow blockchain stakeholders to rely on purely computational means to establish trust, a necessary foundation for any digital transaction, whether financial, legal, or personal.

Virtually all of today’s proof systems are non-interactive, consisting of only a single message from the prover to the verifier. This non-interactivity relies on the use of a security measure known as the Fiat-Shamir (F-S) transformation. The F-S transformation works by hashing the prover’s past messages, thus enhancing the security of proof systems.

That said, little is known about the risks of incorrectly applying the F-S transformation, a salient concern given that many modern proof system implementations utilize weak F-S, which does not hash public information in the prover’s transcript. In their paper, Grubbs and his coauthors set out to explore this issue and assess the security risks associated with weak F-S application.

To accomplish this, the research team first conducted a comprehensive survey of open-source proof systems using F-S, auditing over 70 repositories, among which they found 36 applications of weak F-S across 12 proof systems. They then built and implemented a set of knowledge soundness attacks to test the verifier’s effectiveness at discerning false statements from a malicious prover.

Through subsequent case studies, their research revealed that these weak F-S attacks can lead to major breaks in real proof systems. One of their case studies showed, for instance, that by exploiting weak F-S, an attacker could potentially create unlimited money in the Dusk Network testnet. The team also found an attack on Incognito chain that would have similarly allowed a malicious user to steal all assets, posing a significant threat to system security. Grubbs’s research on this topic represents an important contribution to the rapidly growing area of modern proof systems and cryptography overall.