We beat Google’s zero-knowledge proof of quantum cryptanalysis
Trail of Bits researchers successfully forged a zero-knowledge proof for a quantum circuit by exploiting memory safety and logic vulnerabilities in Google's Rust-based zkVM prover. By leveraging unsafe deserialization and register aliasing, they bypassed resource counters and quantum reversibility constraints, demonstrating critical attack surfaces in modern zero-knowledge proof implementations.
Authors: Trail of Bits
Source:
Trail of Bits
- sha2560x7efe1f62bb14a978322ab9ed41d670fc0fe0f211331032615c910df5a540e999SHA-256 hash of the malicious kickmix circuit used to forge the zero-knowledge proof.
Key Takeaways
- Trail of Bits forged a zero-knowledge proof that artificially beat Google's quantum circuit metrics for breaking elliptic curve cryptography.
- The exploit leveraged an out-of-bounds read in unsafe Rust code during rkyv deserialization to bypass gate counters.
- A register aliasing vulnerability in the CCX (Toffoli) operation allowed the bypass of quantum reversibility constraints, trivializing uncomputation.
- A logic error in HMR and R instructions allowed qubit resets without trashing the phase.
- The research highlights the unique attack surface and trust redistribution introduced by zero-knowledge proof systems.
Affected Systems
- Google's Rust prover code (unpatched versions)
- Succinct Labs SP1 zkVM
- rkyv serialization library (when used with access_unchecked)
Attack Chain
The attacker supplies a maliciously crafted kickmix assembly script to the zkVM simulator. During deserialization, the use of unsafe Rust code (rkyv::access_unchecked) allows an out-of-bounds op.kind value to be processed without validation. This out-of-bounds value causes the simulator to jump past the gate-counting logic directly to the execution logic, effectively bypassing the Toffoli gate counter. Additionally, the attacker leverages a register aliasing flaw in the CCX operation to violate quantum reversibility constraints, allowing them to generate a valid zero-knowledge proof with artificially minimized resource metrics.
Detection Availability
- YARA Rules: No
- Sigma Rules: No
- Snort/Suricata Rules: No
- KQL Queries: No
- Splunk SPL Queries: No
- EQL Queries: No
- Other Detection Logic: No
No specific detection rules are provided in the article.
Detection Engineering Assessment
EDR Visibility: None — The exploitation occurs entirely within the memory space of the zkVM guest program during proof generation, which is not monitored by standard EDR tools. Network Visibility: None — The vulnerability is exploited locally during the generation of the zero-knowledge proof; no network traffic is generated by the exploit itself. Detection Difficulty: Very Hard — Zero-knowledge proofs inherently obfuscate the inputs and execution state. Detecting the forgery requires analyzing the submitted proof metrics for logical impossibilities rather than observing the exploit execution.
Required Log Sources
- Application Logs
Hunting Hypotheses
| Hypothesis | Telemetry | ATT&CK Stage | FP Risk |
|---|---|---|---|
| Identify zero-knowledge proofs submitted for complex quantum circuits (like elliptic curve point addition) that report impossibly low resource metrics, such as 0 Toffoli gates. | Application Logs | Execution | Low |
Control Gaps
- Lack of bounds checking during deserialization of untrusted input in the zkVM.
- Absence of register aliasing checks in quantum circuit simulators.
Key Behavioral Indicators
- Zero-knowledge proof outputs reporting 0 Toffoli gates for operations known to require them.
False Positive Assessment
- Low
Recommendations
Immediate Mitigation
- Update Google's verification code to the patched version that addresses the deserialization and register aliasing vulnerabilities.
Infrastructure Hardening
- Remove or strictly audit
unsafeblocks in Rust code handling untrusted deserialization, specifically when using libraries likerkyv. - Implement strict bounds checking for all operation types and opcodes parsed from external inputs.
User Protection
- N/A
Security Awareness
- Educate development teams working on cryptographic simulators and zkVMs about the risks of register aliasing and undefined behavior in memory-unsafe code blocks.
MITRE ATT&CK Mapping
- T1562.001 - Impair Defenses: Disable or Modify Tools
- T1059 - Command and Scripting Interpreter
Additional IOCs
- File Paths:
program/src/main.rs- Source code file containing the vulnerable unsafe rkyv deserialization block.
- Other:
0x0e78f4db0000000000000000000000000000000000000000000000000000000000000000008cd56e10c2fe24795cff1e1d1f40d3a324528d315674da45d26afb376e8670000000000000000000000000000000000000000000000000000000000000000024ac7f8dd6b1de6279bcce54e8840d8eb20d522bf27dedd776046f6590f33add217db465201c63724e6b460641985543d2b79c3c54daeea688581676a786aafc1dba8604a361acdd9809e268b6d8bc73943a713bb0ed0d96221f73d26def6ea4041d05b077523d9351a48b2ecd984c686b6473df69d20a24296d0a1cba3cdbe92eb13a7cc0ecd92f27f7bf23f9ac859d4293e17216dcbd85d1c7f60a52f65a9d02faef077336acd39e845d534200b575b029d6e3f0afb4f90815557233eab70b0fe88919834dd9beb90d47241f1490dc202e0dce44e4894982b07073c8d4426513732d79e9af9913b254aa29471e1a98fa1b43a1886afb5dbd36988153217aa2- Groth16 proof bytes generated by the forged circuit.