ZK WHITEBOARD SESSIONS
We just wrapped the 5th edition of ZK Hack Online last month, and this one was a blast!
ZK Hack V is first and foremost a puzzle competition, and we could not have done it without our favorite Puzzle designers Kobi Gurkan, Andrija Novakovic, Nicolas Mohnblatt, and grjte from Bain Capital Crypto!
Lots of partners joined in as well to host fantastic workshops and talks. Big thanks to Polygon, zkVerify and Nebra for being a key part of this event and hosting this edition’s workshops, and to David Wong from zkSecurity for coming on to chat with us about his experience in ZK auditing. All sessions, puzzle announcements and workshops of ZK Hack V Online were recorded and are available on the ZK Hack YouTube channel, or on the ZK Hack V website.
Lastly, how do you wrap-up an online crypto puzzle competition? A metaverse after party and ZK Job Fair, that’s how!
Let’s look back at the past four weeks of competition, from November 26th to December 17th, 2024!
ZK HACK V Puzzle Competition
As usual: broken advanced cryptography protocols. Find the bug and exploit it to win the bounty!
Once again, a big shout-out to this edition’s puzzle designers Kobi Gurkan, Andrija Novakovic, Nicolas Mohnblatt, and grjte from Bain Capital Crypto for crafting and creating the lore around the puzzles for our community to solve!
The competition was fierce to make it to the top of the leaderboard, with the participants competing for speed on the 3 puzzles that were prepared…
Puzzle 1: Zeitgeist
“Everybody knows that you don’t really have to use the ZK version of SNARKs, because the proofs are so small anyway and can’t reveal much. Or do you?”
Puzzle 1: link, Puzzle 1 solution & write-up: link.
This puzzle explored a clever vulnerability in non-zero-knowledge SNARKs. The core issue was that when multiple proofs are generated using the same secret but different nonces, information about the secret can be leaked through the proof structure.
Specifically, the puzzle demonstrated that in a PLONK-based proof system, if proper randomization isn’t implemented (like filling the last few table rows with random values), the advice columns in the proofs contain polynomial evaluations that can be used to reconstruct the secret through Lagrange interpolation. The vulnerability arises because:
- The same secret gets placed in the same cell in the PLONK table across different proofs
- This leads to the same polynomial being used to encode that column’s values
- By collecting enough proofs, an attacker can gather sufficient evaluations of this polynomial to reconstruct it and extract the secret
This puzzle effectively highlighted why the “zero-knowledge” property in ZK-SNARKs is crucial for privacy, even though the proofs themselves are small. Without proper randomization, even compressed proofs can leak sensitive information.
* Nico recently published an article about this if you want to dive in > Chosen-Instance Attack.
Puzzle 2: Don’t Look Up
“Small fields have been all the rage for increasing performance on SNARKs. We should use them everywhere, also in lookup arguments! Or should we?”
Puzzle 2: link, Puzzle 2 solution & write-up: link.
This puzzle demonstrated a critical vulnerability in implementing lookup arguments with small finite fields. The challenge presented a LogUp/ProtoStar-based protocol for range-checking values between 0 and 63, but used a small prime field.
The vulnerability arose because when witness elements are repeated exactly p times (where p is the field’s characteristic), they sum to zero in the protocol’s equations. This allowed proving that numbers outside the valid range were valid, completely breaking the range check.
The puzzle highlighted why using small characteristic fields with lookup arguments can be dangerous, even though they might seem appealing for performance reasons.
* Ulrich Haböck and Liam Eagen just published a tweak to avoid this exact bug > Bypassing the characteristic bound in logUp.
Puzzle 3: Shadow
“It’s a wonderful era of ZK where we can use it for flexible and safe authentication mechanisms. Or can we?”
Puzzle 3: link, Puzzle 3 solution & write-up: link.
A bit of a twist for this one, this time written in Noir!
This puzzle demonstrated a flaw in an authentication system that let users prove their identity without private keys, using a combination of their public key and a “pepper” value.
The system checks two things separately: that the hash of the user’s identifier is whitelisted, and that the specified public key appears in the identifier (the identifier is composed of the public key and the pepper). The attacker exploits this by crafting an identifier where the first part contains their valid credentials (generating an accepted hash), while the target’s public key is tucked away at the end – allowing the attacker to impersonate the target.
It showed that when the size of the array containing the data is greater than the length of the data being used, it’s a security flaw to assume that the rest of the array is empty. Engineers must either explicitly exclude these extra array indices every time the data is used or enforce that the rest of the array is correctly padded with zeros.
ZK Hack V Winners:
We were so thrilled to see lots of new faces in the leaderboard, with a new record of 62 participants, and with so many of you finishing all 3 puzzles (you all earned a reward for completing this)!
At the top, the leaderboard spots kept switching and the top 4 finished within 15 (!) points of each other. Puzzle V-3 for instance saw only 53 seconds between the first and second submission! What a tight leaderboard, and with a first time Grand Winner!
Congratulations to everyone! Limited Edition ZK Hack V T-shirts, Limited Edition ‘ZK’ Ledger Hardware Wallets, tickets to the upcoming zkSummit 13 in Toronto, and over $15k in cash prizes were distributed to all the puzzle winners. A special shoutout to this edition’s winners—well done!
***
🥇 ZK Hack V Grand Winner: bkomuves
🥈 ZK Hack V 2nd place: Rumata888
🥉 ZK Hack V 3rd place: niooss-ledger
***
View the full leaderboard ↗.
We will be organizing interview sessions for the Top 3. We want to hear their take on approaching the puzzles, solving them across topics and languages, and more. If you have questions you’d like us to ask them, write them in the zk-hack-v channel on Discord for us!
Stay tuned and subscribe to the ZK Hack YouTube channel to get notified!
ZK Hack V Workshops
4 weeks = 4 workshops for this edition of ZK Hack Online!
We’d like to thank our workshop partners Polygon, zkVerify and Nebra for their help in making this event possible, and for the great guests that joined in to host this edition’s workshops.
Session #1 Kickoff
Chat – Real World ZK Hacks with Anna Rose & David Wong – watch on YouTube ↗
Anna Rose was joined by David Wong from zkSecurity to chat about David’s journey into ZK and various topics related to auditing zk-circuits, zk-DSLs or zk-VMs: the mindset, common pitfalls, new tools like formal verification or fuzzers, etc. As David answered the questions from Anna and from the ZK Hack V audience, the discussion shed some light on the key concepts encountered in ZK auditing.
Session #2 w/ zkVerify
Workshop – Integrating zkVerify into your dApp – watch on YouTube ↗
Daniele Di Benedetto, Steve Rushby and Luca Giussani from zkVerify joined us to dive into the details of what zkVerify does and how to use it.
Daniele started by giving some background context for the idea behind zkVerify, as well as a technical overview. Steve then demonstrated how the zkVerify chain can be used for web2 apps generating/verifying zk-proofs, before Luca showed how it can be integrated for web3 dApps living on different chains.
At last, Daniele closed the workshop by saying a few words about future steps and what’s next for zkVerify.
Session #3 w/ Polygon
Workshop – Range Checks Using Polygon Plonky3 – watch on YouTube ↗
What is Plonky3, and how can you use it? Brian Seong from Polygon looked into concrete examples to answer these questions in his workshop.
After starting with some background context for Plonky3, as well as a technical overview, he then proceeded with 3 examples of Range Check implementations:
- the Mersenne31 Range Check,
- BabyBear Range Check “basic” implementation, and
- an optimized BabyBear Range Check with Constraint Degree Comparison
Links to the GitHub repos presented by Brian during the workshop:
Session #4 w/ Nebra
Workshop – Proof Singularity with Nebra – watch on YouTube ↗
Nebra co-founder Shumo Chu, explored the intricacies of Nebra, explaining its purpose and how to use it.
He began by providing some background on the concept behind Nebra, followed by a technical overview through a deep dive into its documentation.
Finally, he introduced a new zk-app example called Proof.fun and discussed how developers and cryptographers can get involved with Nebra as well.
ZK HACK V Job Fair & Afterparty
ZK Hack V participants were invited to join our online Job Fair, hosted on gather.town, a virtual space platform where the attendees were able to interact with each other in real-time. They got to meet with our sponsors’ teams and chat about ZK, what it’s like to work in ZK and discuss job openings published on the Zero Knowledge Podcast’s ZK Jobs Board.
A few hours in, the Job Fair gave way to some lively one-on-one chats happening all around, while a poker game had kicked off at the top of the map.
Closing words
Well, that’s a wrap on ZK Hack V, which was our last event of 2024!
A big shoutout to our fantastic partners – Workshop Partners Polygon, zkVerify and Nebra, Community Sponsors Xion, zkPass, powdr, and Fermah, as well as Media Partner Zero Knowledge Podcast, to our Puzzle designers Kobi Gurkan, Andrija Novakovic, Nicolas Mohnblatt, and grjte from Bain Capital Crypto, and lastly, to our incredible cryptographers that battled on this edition’s puzzles.
We hope you had a blast, and we can’t wait to see you at the next one!
To stay up to date with ZK Hack, follow our X/Twitter account @__zkhack__, and get involved with the community by joining the ZK Hack Discord!
