Hasty Briefsbeta

Bilingual

AI Meets Cryptography 2: What AI Found in OpenVM's ZkVM

2 hours ago
  • #zkVM security
  • #cryptography bugs
  • #AI auditing
  • zkao, an AI auditor, found a critical soundness bug in OpenVM's guest library openvm-pairing, allowing a malicious prover to forge any pairing equality.
  • The bug (CVE-2026-46669) was in the pairing check missing a subfield validation for the scaling factor, enabling forgery by setting scaling factor as the inverse of the Miller loop output.
  • OpenVM fixed the issue in version 1.6.0 by adding a subfield membership test to reject scaling factors not in the proper subfield.
  • The bug impacted cryptographic protocols using pairings, such as Groth16 SNARKs, BLS signatures, and KZG openings, breaking soundness for L2 rollups, bridges, and privacy protocols.
  • The experiment highlighted limitations of naive LLMs for complex codebases like zkVMs, requiring advanced context engineering in zkao to capture module dependencies and invariants.
  • Automated triage with LLM-generated PoCs proved unreliable due to false positives, prompting improvements in zkao's triaging process to reduce such issues.
  • Future work includes targeted engagements with projects like OpenVM 2.0 and sharing more findings as part of an ongoing series on AI auditing.