Researchers have found a way to deceive commercially available proof systems into verifying false statements, even though the systems, when paired with a particular hash function, have been shown to be secure in a commonly used cryptographic model known as the random oracle model.
The random oracle model is used by numerous cryptographic applications, and the flaw demonstrates that such systems need to be reassessed.
The researchers targeted a proof system called the GKR protocol, which is used for proving that a computer program produces a certain output when given a secret input, and showed how to embed a malicious program in any task.
It remains to be seen whether the newly discovered technique could be used to undermine the security of cryptocurrencies and other applications.
The researchers discovered the vulnerability and notified the company that sold the product prior to publication, and a patch has since been issued.
