Fun with Zero Knowledge Execution Environments (Part 2)¶
Presented at BSides Portland 2023, this iteration focused more on security and privacy applications, particularly Proof of Exploitability for the infosec community.
Highlights¶
- Reframed Zero Knowledge Execution Environments as a new way to think about emerging ZK technologies with implications for privacy, scalability, and verifiable computing
- Walked through ZK history: from the interactive "Cave of Ali Baba" protocol (1990) through ZK Gadgets and Circuits (CIRCOM), to ZK Virtual Machines like Polygon ZkEVM
- Deep dive on ZK Identity systems: the holder-issuer-verifier model with privacy-preserving credential verification (including UniRep)
- Emphasized Proof of Exploitability: using ZK to prove possession of a bug in software without disclosing exploit details, enabling automated triage and private bug markets
- Explored governance applications: voting mechanisms with arbitrary privacy and transparency properties
- Covered ZK applications including Tornado.cash (private deposits/withdrawals), Dark Forest (ZK MMO with decentralized fog of war), and ZKML (verifiable AI model execution)
- Discussed blockchain scaling through ZkEVM: eliminating the need to verify transactions individually for "basically unlimited scaling"
- Positioned Proof of Exploitability as a key security application: running target software in a fuzzing harness within a zkVM to generate crash data/proof without revealing the malicious input