ZK Bounty¶

Started in 2023, this project explores using zero knowledge proofs to create fully automated bug bounty markets where security researchers can prove they have valid exploits without disclosing the vulnerability details until payment is secured.

Concept¶

The ZK Bounty system enables: - Proof of Exploitability: Researchers prove they have a working exploit without revealing it - Automated triage: ZK proofs verify the bug's validity programmatically - Private bug markets: Buyers can verify exploit authenticity before purchase - Self-healing software supply chains: Automated vulnerability discovery and remediation

This research was presented across the Zero Knowledge VM Hijinks series: - ETH Portland 2023 - BSides Portland 2023
- Hushcon Seattle 2023

Status¶

Research and development ongoing.

ZK Bounty¶

Concept¶

Related Talks¶

Status¶