Advisories for Cargo/Risc0-Zkvm package

2025

zkVM Underconstrained Vulnerability

Due to a missing constraint in the rv32im circuit, any 3-register RISC-V instruction (including remu and divu) in risc0-zkvm 2.0.0, 2.0.1, and 2.0.2 are vulnerable to an attack by a malicious prover. The main idea for the attack is to confuse the RISC-V virtual machine into treating the value of the rs1 register as the same as the rs2 register due to a lack of constraints in the rv32im circuit. …

2024

RISC Zero zkVM notes on zero-knowledge

RISC Zero zkVM was designed from its inception to provide three main guarantees: Computational integrity: that a given software program executed correctly. Succinctness: that the proof of execution does not grow in relation to the program being executed. Zero Knowledge: that details of the program execution are not visible within the proof of program execution. Ulrich Habock and Al Kindi have released new research that indicates that several STARK implementations …