DigiNews

Summary

Trail of Bits reports a forged zero-knowledge proof that purportedly improves Google's zkVM metrics by exploiting memory-safety and logic vulnerabilities. The post details two main vulnerabilities (bypassing the Toffoli counter via invalid operation types and register aliasing) and presents circuit metrics comparing Google's proofs with their own, while also discussing disposal of disclosure practices and open-source replication. The piece highlights implications for zk-based security in practice and considerations for patching and responsible disclosure.