Ethereum

Releasing micro-zk-proofs: JS library to create and verify zk-SNARK proofs. Proofs are created in parallel using Web Workers. Noble cryptography is utilized underneath.

During development of zkp, a vulnerability was found in wasmsnark, alternative proof generation library.

Wasmsnark vulnerability reduced entropy of proof's components from 32 bytes to 8 bytes. This made some proofs less secure. It has since been fixed, and the pkg has been upgraded to noble cryptography.

micro-zk-proofs is available on github and NPM:

Security, austrian school. Developing noble cryptography: audited js libraries for web3. https://paulmillr.com/noble

Wasmsnark vulnerability reduced entropy of proof's components from 32 bytes to 8 bytes. This made some proofs less secure. It has since been fixed, and the pkg has been upgraded to noble cryptography.

micro-zk-proofs is available on github and NPM: https://github.com/paulmillr/micro-zk-proofs

Because circom compiles programs into js which requires these bigints. Doing otherwise would require custom circuit compiler. 

It's optional only for old circom programs

Curious Why does it need to monkey patch BigInt

My casts are immutable, but my opinions might get a soft fork.

Followed by @woj.eth 🎖️

Nice! Any chance you can share more about the vulnerability in wasmsnark? Always keen to learn more about what went wrong and how it was fixed

Awesome share, I was not aware that a vulnerability was found.