WeSearch

Show HN: Orchid Mantis – PoC Zero Knowledge Proof of Exploit (ZKPoX) Framework

·3 min read · 0 reactions · 0 comments · 17 views
#technology#security#software
Show HN: Orchid Mantis – PoC Zero Knowledge Proof of Exploit (ZKPoX) Framework
TL;DR · WeSearch summary

Orchid Mantis has introduced a new framework for Zero-Knowledge Proofs of Exploit Status (ZKPoX), currently in its experimental phase. This framework allows users to prove possession of an exploit for a public program without revealing the exploit itself. It includes binaries for proving and verifying exploit status, but users are advised against using it for real CVE disclosures until the stable version is released.

Key facts
Original article
GitHub
Read full at GitHub →
Opening excerpt (first ~120 words) tap to expand

Orchid Mantis A Framework for ZKPoX — Zero-Knowledge Proofs of Exploit Status: experimental (v0.1). Bundle format, predicate library, and verifier semantics are not yet stable. Do not use for real CVE disclosure until v1.0 ships. See docs/SCOPE.md for the precise statement of what current bundles prove. zkpox is a standalone framework for producing and verifying zero-knowledge proofs that you possess an exploit for a public program, without revealing the exploit. It ships as two binaries: Binary What it does zkpox-prove Convert a target program + an exploit witness into a CBOR disclosure bundle. zkpox-verify Validate a bundle end-to-end: STARK proof, target binding, envelope, anchor. The proving backend is the SP1 zkVM.

Excerpt limited to ~120 words for fair-use compliance. The full article is at GitHub.

Anonymous · no account needed
Share 𝕏 Facebook Reddit LinkedIn Threads WhatsApp Bluesky Mastodon Email

Discussion

0 comments

More from GitHub