Cobbled together with Clanker Claude over a few weekends, based on work I was doing on the RAPTOR project for automated vulnerability finding. Based on the CHEESECLOTH by Cueller et al. from USENIX '23 - https://www.usenix.org/conference/usenixsecurity23/presentat...
With a lot of disclosure chatter going around like it's 2000-and-great, perhaps we can utilise the cryptography of ZKPs and tlock cryptography to disclose bugs; I can prove the bug works in a zkVM, without anyone knowing the details of the exploit except those who have the keys. Then you can timelock it to reveal after disclosure period, or not... your choice. Either way, we can assess the risk and determine important facts about an exploit without ever diclosing it until required.
Aim - to upgrade the conversation around disclosure. It's the future, let's act like we have more options.
unprovable•48m ago
With a lot of disclosure chatter going around like it's 2000-and-great, perhaps we can utilise the cryptography of ZKPs and tlock cryptography to disclose bugs; I can prove the bug works in a zkVM, without anyone knowing the details of the exploit except those who have the keys. Then you can timelock it to reveal after disclosure period, or not... your choice. Either way, we can assess the risk and determine important facts about an exploit without ever diclosing it until required.
Aim - to upgrade the conversation around disclosure. It's the future, let's act like we have more options.