On September 6th, during an event in Singapore, Vitalik Buterin responded to a question about ZK security verification posed by BMAN, co-founder of ABCDE Capital. He stated that, in the short term, ensuring the security of ZK systems requires relying on at least two verification systems. In cases where these systems disagree, a governance mechanism can be employed to determine which one is correct. Looking ahead in the medium term, multiple verification systems such as Optimism can be introduced. In the long term, the incorporation of verification into protocols could be explored.
The full text of the Q&A reply is as follows:
BMAN: I wanted to ask some questions about the security of ZK circuit. There are a lot of emerging ZK circuits and the big zk projects, like zkSync, Scroll, Polygon and Taiko are launching mainnet, but most of them find it hard to audit, which might cause a lot of security problems. You previously wrote articls regarding the concern of zk circuit security. What’s your opinion on that right now?
Vitalik Buterin:That’s a great question. What we need in the short term is what I call multiparty. Basically, instead of relying on singular system, you rely on at least two proof systems, plus a governance mechanism. Basically if the proof systems disagreed, the governance can decide which one of the two it's the correct one.
Vitalik Buterin: And if you do that, they’ll become more secure against the possibility that only one of the systems has a right. It's very unlikely that the two systems will have a bug that causes them to disagree or that causes them to give the wrong answer in the exact same way, right? So I think many projects are already going in this direction.
Optimism already has a multi-groups system in the roadmap. I believe they at least told me they are in that direction. Their next version is going in that direction in a short to medium term. In the longer term, I think there is also an option to try more verification to the protocol. That's obviously much more challenge.
But like if we do that, that would reduce the number of lines of code than people have to write themselves, and it would like put more things under the protocol. This would improve things more in the long term. But like we're obviously not quite there yet.
All Comments