In this episode, Benjamin Perez from Trail of Bits discusses auditing zero knowledge proof systems and the challenges faced. They touch on the evolution of the crypto tech auditing business, recent bugs and vulnerabilities in zkp systems, and the importance of analyzing security properties in protocols like Zcash.
Read more
AI Summary
AI Chapters
Episode notes
auto_awesome
Podcast summary created with Snipd AI
Quick takeaways
Auditing blockchain systems has evolved from quick audits for ICOs to analyzing complex protocols like proof of stake and zero knowledge systems.
There is a need to make zero knowledge proofs more accessible through usable libraries and APIs to expand their applications beyond blockchain.
Deep dives
Blockchain Audits and the Role of the Auditor
The podcast episode discusses the evolution of the role of an auditor in the blockchain space. In the past, auditors focused on conducting quick audits for ICOs during the peak of the ICO boom in 2017-2018. However, as the industry matured, the role of auditors shifted to auditing more complex and advanced blockchain protocols, such as proof of stake and zero knowledge systems. The shift was driven by the need to ensure the security and robustness of these new protocols, which involved analyzing not only the code but also the papers and cryptographic proofs behind them. The podcast also touches upon the challenges of auditing systems that rely on privacy-preserving tools like zero knowledge proofs and the importance of understanding the complexities and subtleties of these technologies. Additionally, the episode highlights the collaboration between academia and industry in discovering vulnerabilities and improving the security of systems, with examples of recent vulnerabilities found in Zcash and Monero. Overall, the podcast emphasizes the significance of auditors in ensuring the security and trustworthiness of blockchain systems and the need to adapt to the evolving landscape of technology.
The Future of Zero Knowledge Research
The podcast explores the future of zero knowledge research and the increasing interest in using zero knowledge proofs in various applications beyond blockchain. While zero knowledge proofs have gained attention in the academic world, there is a growing need to make these cryptographic tools more accessible to industry and non-experts. The episode highlights the importance of building usable libraries and APIs that simplify the implementation of zero knowledge proofs for purposes such as voting systems, privacy protection, and bug bounties. By making these tools more user-friendly and reducing the reliance on highly specialized experts, zero knowledge proofs can be adopted and utilized by a wider range of organizations. The podcast emphasizes the significance of combining academic research with practical applications to further develop and advance the field of zero knowledge research.
Auditing Vulnerabilities in Zero Knowledge Systems
The podcast delves into the process of auditing vulnerabilities in zero knowledge systems. It discusses the challenges auditors face in analyzing the real-world implementation of zero knowledge protocols, as opposed to theoretical cryptographic constructions. The episode highlights the importance of uncovering edge cases and subtleties that may lead to exploitable vulnerabilities, even in cryptographically sound systems. It also explores the concept of using zero knowledge proofs to disclose vulnerabilities without revealing the details of the exploit, thereby offering a way to secure bug bounties or protect consumers without endangering existing users. The podcast concludes with the potential of zero knowledge research and vulnerability auditing to enhance consumer protection and improve vulnerability disclosure processes in the future.
The Intersection of Academia and Industry in Zero Knowledge Research
The podcast episode emphasizes the collaboration and intersection between academia and industry in the field of zero knowledge research. It highlights the shift in incentive structure for academics to work on real-world problems and vulnerabilities that affect industry applications, rather than solely focusing on theoretical cryptographic constructions. The episode discusses the value of academic research in uncovering vulnerabilities and improving security properties in practical systems, such as blockchain protocols. It also underscores the need for academics to work closely with industry experts to address real-world challenges and develop usable tools and libraries for broader adoption of zero knowledge proofs. The podcast emphasizes the importance of combining expertise from both academia and industry to advance the field and ensure the security and efficiency of zero knowledge systems.
In this week's episode, we chat with Benjamin Perez from Trail of Bits about zero knowledge proof systems and security. We touch on the evolution of the crypto tech auditing business, the new challenges that emerge in zero knowledge proof systems regarding security, some of the recent bugs and vulnerabilities found in zkp systems and more!
If you want to join the zkSummit 5 online event, happening on Marcch 31st at 7 am PST, 10am EST, 4pm CET, please buy a ticket for the crowdcast here: https://www.crowdcast.io/e/zksummit