Back in December 2021 I started noticing some leaks in ZK-Dapps and issued it on Github, BitcoinTalk & Discord.
First, I will explain zero knowledge proof as a cryptography and technology in cryptocurrency. Then I will talk about some security issues in ZKP cryptocurrency. such as: implementation risks, data leakage in transaction, crypto failure, and some others security issues. After that I will give some technical info about the application layer of ZKP for hackers. For example, how to make money via secret key batches,Side-channel attack and database attacks, or sell some 0day via zero knowledge proof to prevent yourself to be exposed.
We all know about bitcoin story. Bitcoin is a decentralized digital currency. All the transaction of bitcoin is published on the Ledger, so it’s publicly verifiable. However, there is lack of anonymity in Bitcoin. All your personal cash flow, your balance of your wallet address is public online, everyone can read it. So, there is minimum privacy in bitcoin. And because all the history of bitcoin is public. So, each money become unequal. For example, some money maybe used by some the shadowbrokers before, so the money become black money. Or some money maybe used by Satoshi Nakamoto, this money become a souvenir coin.
The privacy issues and the unequal issues is bad for a currency system, researcher is working hard to solve these issues.
In the picture below we visualise the Linkedability of transactions and thereby confirm lack of privacy.
Based on the linked-ability of transactions here is a exsample cash flow of bitcoin. As we can see in the picture above, Alice (sender) send 1 bitcoin to bob (receiver 1), and finally bob send this 1 bitcoin to Eve (Receiver 2). All the detail is published on the chain. How can be solve the privacy issues? A simple idea is just encryption all the transactions.
For example, we can see the following picture. We can encrypt the sender address, the receiver address, and the amount of money. Then your privacy is protected. But this cannot work, because if you encrypt everything. Other people cannot verify the transaction, this will break the Public verifiability of bitcoin. To solve this problem, here come zero knowledge proof (ZKP) with RSA (Rivest–Shamir–Adleman). In a ZKP system, there is a prover P, and a verifier V. P have some statement X, and he claim to the V that X belong to some language R. After few interaction, P will send a proof pi to the V. Then V could decide to accept or reject the. There are 3 property of a ZKP system. First, Completeness:The statement is correct, the prover can persuade the verifier. Second, Soundness: The statement is wrong, the prover cannot persuade the verifier. Third, Zero knowledge: The verifier is unable to obtain any other information except that the statement is correct.
The protocol in the picture below is what we call an interactive zero knowledge proof based on RSA encryption methode, in a real application. P and V may not be able to online at the same time. So, we need the zero-knowledge proof to be non-interactive. Which means P can directly send a proof to V, then V can decide to accept or reject it. This is a non-interactive zero knowledge proof, we call it NIZK. It’s not hard to construct an NIZK system. If factorization is hard, then for an NP language, we can build a NIZK.
After we have a ZKP system, we can add it to bitcoin to get a system with privacy.
We can encryption all the transactions, then every information will be protected. In the meantime, we also provide a proof pi. Which is a non-interactive zero knowledge proof. To prove that the encrypted transaction is legal. They are not double spending, and it follow the rule of the system. Then we solved the conflict between encryption and public verifiability. We get a bitcoin system with privacy.