AI Meets Cryptography 2: What AI Found in OpenVM's ZkVM
duha
90 points
6 comments
July 17, 2026
Related Discussions
Found 5 related stories in 746.9ms across 14,015 title embeddings via pgvector HNSW
- AI Meets Cryptography 1: What AI Found in Cloudflare's Circl duha · 102 pts · July 07, 2026 · 73% similar
- Google finds first AI-developed zero-day that bypasses 2FA pkaeding · 11 pts · May 13, 2026 · 55% similar
- The New Linux Kernel AI Bot Uncovering Bugs Is a Local LLM on Framework Desktop guerby · 12 pts · April 26, 2026 · 54% similar
- AI is breaking two vulnerability cultures speckx · 302 pts · May 08, 2026 · 54% similar
- Google TIG reports first example of AI used offensively for zero-day vulns thoughtpeddler · 17 pts · May 11, 2026 · 52% similar
Discussion Highlights (3 comments)
aberoham
What would it mean if someone were to successfully exploit these? Most or all L2 ecosystems or the magic components that let them speak to each other would need a hard reset?
SonOfLilit
TL;DR imagine a signature verification library that verifies a signature indeed signs the given hash, but not that the signed data hashes to that hash. Woopsie. I guess nobody's commenting on this because it's very dense math without any context. Lucky for me I spent an hour or two yesterday learning how practical non-interactive zero knowledge proofs work. In SNARKs (and other commitment schemes based on polynomials in elliptic curve groups, hope I got the terminology right), you verify the commitment (unneeded technical details: polynomial on EC at secret point nobody knows including the committer so he has to make the polynomial match at most points, and polynomials that match at most points match at all points) by multiplying two things you calculated from the circuit and commitment (which is just a couple of group elements) and verifying that it comes out as 1. The multiplication and comparison under encryption is done with a homomorphic encryption primitive-type thing called a "pairing" (normally with elliptic curve encryption only addition can be done on secret group elements that you don't know the value of). They found a way to tell a specific library that implements this operation "believe me, this pairing is ok" that doesn't depend on any of those technical things. Just "these are not the droids you're looking for". Because it was not validating that some precomputed thing needed for the pairing verification actually matches this specific situation, and there are trivial parameters that would always yield 1 (but not be valid in the situation).
wren6991
Cryptography *2*? We're still over here trying to implement Cryptography 1 without side channels, and they went and invented a new one?