Security firm Trail of Bits has released a report revealing multiple vulnerabilities in the code used to support Google. paper The Trail of Bits team exploited these flaws to generate fake tests that clearly exceeded their metrics. paper Google’s rating on all metrics.
Trail of Bits said in a report Google shared today, April 17th, that it has already patched the code. ensured that its scientific claims were not affected. he paper Google estimates that a quantum computer could compromise Bitcoin encryption with less than 500,000 physical qubits, which is nearly 20 times less than previous estimates.
However, Google has decided not to publish the specific quantum circuits that support that assumption, so as not to provide malicious attackers with a blueprint for their attacks. Instead, using zero-knowledge proofs (ZK proof), a cryptographic mechanism that allows you to prove that something is true without revealing any information that proves it.
Specifically, a zero-knowledge virtual machine (zkVM) was used that runs a program and generates verifiable evidence that the program executed correctly with specific parameters.
What did Trail of Bits find?
According to their report, Trail of Bits Two vulnerabilities identified In the Rust code that Google used as a checker:
- first The Toffoli gate counter, which is an indicator of the computational cost of quantum circuits, can now be omitted without changing the calculation results. Simply put, Google’s code accepted a type of invalid operation where the calculation would be performed correctly but not recorded in the counter, similar to when an employee performs his or her job without punching.
- The second vulnerability, which allows the same variable to be the input and output of an operation at the same time, violates the principle of reversibility in quantum circuits, but was not detected by Google’s verifiers.
Taking advantage of both flaws, Trail of Bits built a circuit that, according to the proof it generated, would require zero Toffoli gates, a total of 8.3 million operations, and 1,164 qubits to breach Bitcoin’s cryptography, outperforming Google’s metrics on all measures.
In other words, if the evidence is valid, This means breaking Bitcoin crypto is even easier than Google estimates. But that’s not the case. These numbers come not from actual advances in quantum computing, but from exploiting flaws in validation software that cause the system to accept fake data as if it were valid.
Clearly, the tampered proof was cryptographically indistinguishable from the legitimate proof using Google’s unpatched code, and may have been unwittingly accepted by third-party verifiers.
Why doesn’t this disable it? paper From Google?
The central question is whether the discovery of Trail of Bits paper From Google about Bitcoin quantum risk. The answer is no.
The vulnerabilities found were in the verification software, not in the quantum circuits or algorithms developed by Google. Google has patched its code to explicitly confirm that its scientific claims are correct, such as estimating that fewer than 500,000 physical qubits are needed to compromise Bitcoin. not affected.
This case highlights the limitations of the chosen disclosure mechanism. According to Trail of Bits, zkVM is not a magic wand that eliminates the need for trust, it simply redistributes trust from scientific experts to programming languages, compilers, and testing systems. Errors in any of these components can compromise validation, even though the scientific results are inaccurate.
he paper Google’s comments triggered one of the most intense post-quantum debates the Bitcoin ecosystem has seen in recent weeks.
Trail of Bits’ findings do not change Google’s numbers or the debate it has generated, but they caution against using zkVM as a responsible science dissemination mechanism. Operational risks are not excludedjust move from the scientific content to the code that validates it. If there is a flaw in that code, a fake test can be passed around as valid without anyone detecting it.
(Tag translation) Bitcoin (BTC)
