James Miller
Trail of Bits Blog

The PLONK zero-knowledge proof system

The Frozen Heart vulnerability in PlonK

| | Uncategorized
By Jim Miller In part 1 of this blog post, we disclosed critical vulnerabilities that break the soundness of multiple implementations of zero-knowledge proof systems. This class of vulnerability, which we dubbed Frozen Heart, is caused by insecure implementations of the Fiat-Shamir transformation that allow malicious users to forge proofs ... Read More
Trail of Bits Blog
The Frozen Heart vulnerability in Bulletproofs

The Frozen Heart vulnerability in Bulletproofs

| | Uncategorized
By Jim Miller In part 1 of this series, we disclosed critical vulnerabilities that break the soundness of multiple implementations of zero-knowledge proof systems. This class of vulnerability, which we dubbed Frozen Heart, is caused by insecure implementations of the Fiat-Shamir transformation that allow malicious users to forge proofs for ... Read More
Trail of Bits Blog
The Frozen Heart vulnerability in Girault’s proof of knowledge

The Frozen Heart vulnerability in Girault’s proof of knowledge

| | Uncategorized
By Jim Miller   In part 1 of this series, we disclosed critical vulnerabilities that break the soundness of multiple implementations of zero-knowledge proof systems. This class of vulnerability, which we dubbed Frozen Heart, is caused by insecure implementations of the Fiat-Shamir transformation that allow malicious users to forge proofs ... Read More
Trail of Bits Blog

Part 1: Coordinated Disclosure of Vulnerabilities Affecting Girault, Bulletproofs, and PlonK

| | Uncategorized
By Jim Miller Trail of Bits is publicly disclosing critical vulnerabilities that break the soundness of multiple implementations of zero-knowledge proof systems, including PlonK and Bulletproofs. These vulnerabilities are caused by insecure implementations of the Fiat-Shamir transformation that allow malicious users to forge proofs for random statements. We’ve dubbed this ... Read More
Trail of Bits Blog
\displaystyle \begin{aligned} p(x) = \mathsf{secret} + a_1 x + \ldots + a_{t-1} x^{t-1} \end{aligned}

Disclosing Shamir’s Secret Sharing vulnerabilities and announcing ZKDocs

| | Uncategorized
By Filipe Casal and Jim Miller Trail of Bits is publicly disclosing two bugs that affect Shamir’s Secret Sharing implementation of Binance’s threshold signature scheme library (tss-lib) and most of its active forks. Here is the full list of affected repositories: Binance’s tss-lib Clover Network’s threshold-crypto Keep Network’s keep-ecdsa Swingby’s ... Read More
Trail of Bits Blog
ECDSA: Handle with Care

ECDSA: Handle with Care

| | cryptography
The elliptic curve digital signature algorithm (ECDSA) is a common digital signature scheme that we see in many of our code reviews. It has some desirable properties, but can also be very fragile. For example, LadderLeak was published just a couple of weeks ago, which demonstrated the feasibility of key ... Read More
Trail of Bits Blog

Themes from Real World Crypto 2020

| | Conferences, cryptography
Over 642 brilliant cryptographic minds gathered for Real World Crypto 2020, an annual conference that brings together cryptographic researchers with developers implementing cryptography in the wild. Overall, RWC 2020 was an impressive conference that demonstrated some amazing work. Here we explore three major themes that emerged: Crypto bugs are everywhere...Whether ... Read More
Trail of Bits Blog
Multi-Party Computation on Machine Learning

Multi-Party Computation on Machine Learning

| | cryptography, Internship Projects
During my internship this summer, I built a multi-party computation (MPC) tool that implements a 3-party computation protocol for perceptron and support vector machine (SVM) algorithms. MPC enables multiple parties to perform analyses on private datasets without sharing them with each other. I developed a technique that lets three parties ... Read More
Trail of Bits Blog