The 2022 Pwnie Nominee For Best Cryptographic Attack

0 & 00

Researcher Name: https://twitter.com/cryptosubtlety

While cryptocurrency doesn’t have good reputation in general, the truth is *some good* cryptocurrency projects use the most advanced cryptographic protocols in the world. The *practical* attacks vectors against them were not fully understood.
Quan Thoi Minh Nguyen presented 2 talks at Black Hat USA 2021, Black Hat ASIA 2022 using 0-related bugs to exploit different protocols including BLS signature, BLS-aggregate signatures and C++ zero-knowledge proof PLONK. All the reported bugs were in the scope of vendors’ bug bounty program:

1/ ​​https://www.blackhat.com/us-21/briefings/schedule/#zero—the-funniest-number-in-cryptography-228901625065256 (article https://github.com/cryptosubtlety/0) (reward $39,300) high-light: “splitting zero” attack to show that conventional wisdom wasn’t correct because the attacker can split 0 key into multiple parts whose sum is 0 making detecting them infeasible computational-wise.
2/ https://www.blackhat.com/asia-22/briefings/schedule/index.html#using-zero-to-attack-zero-knowledge-proof-zkp-plonk-25941 (article https://github.com/cryptosubtlety/00) (reward $15000): critical bugs in C++ zero-knowledge proof PLONK + ECDSA