We beat Google's zero-knowledge proof of quantum cryptanalysis
4 hours ago
- #security vulnerabilities
- #quantum cryptography
- #zero-knowledge proofs
- Trail of Bits improved on Google's zero-knowledge proof of a quantum circuit for elliptic curve cryptography by exploiting vulnerabilities in Google's Rust prover code.
- The forged proof reduces total operations from 17,000,000 to 8,300,000, qubits from 1,175 to 1,164, and Toffoli count from millions to 0.
- Key vulnerabilities include unsafe Rust deserialization bypassing Toffoli counting and register aliasing enabling non-reversible classical gate operations.
- The exploit required implementing elliptic curve point addition with classical logic gates, optimized via Proos-Zalka register sharing to reduce qubits.
- Zero-knowledge proofs shift trust to programming systems, raising risks; Google's open-source approach enabled vulnerability discovery and patching.