Blob Me Maybe
This repository stores CTF challenge Blob Me Maybe
, which appeared at 2023 WACON Finals. You may learn how Ethereum's EIP-4844 is secure, based on KZG ceremony.
Category: Blockchain
+ Crypto
Description
Author's Intention
Challenge name/idea inspired by blob-me-baby.
EIP-4844 scales Etheurem using KZG Commitments and brings blobs. This setup, unfortunately requires toxic waste,
This challenge asks to forge a KZG proof when
-
/admin/eval
: Input:$x$ . Output:$P(x)$ where$P$ is admin's polynomial. -
/admin/verify
: Input:$x, P(x)$ , proof$\pi$ . Output: Boolean where verification succeeded or not based on admin's polynomial. -
/admin/flag
: Input:$x, z, P(x) \neq z$ , proof$\pi$ . Output: Boolean where$P(x) \neq z$ and proof$\pi$ is valid.
There were CTF challenges where participants were asked to forge a KZG proof when
Blobs
Blob is a
TL, DR: Blob is an encoded polynomial, which holds information big enough to scale Ethereum.
KZG
The entire blob(an encoded form of polynomial
TL, DR: KZG is a tool that helps to verify evaluation using proof based on committed information, with no need for the entire information.
Trusted Setup Initialization
You can create your own trusted setup by selecting your own --secret
flag in the Makefile,
gen_kzg_setups:
cd $(SCRIPTS_DIR); \
if ! test -d venv; then python3 -m venv venv; fi; \
. venv/bin/activate; \
pip3 install -r requirements.txt; \
python3 ./gen_kzg_trusted_setups.py --secret=1337 --g1-length=4 --g2-length=65 --output-dir ${CURRENT_DIR}/presets/minimal/trusted_setups; \
python3 ./gen_kzg_trusted_setups.py --secret=1337 --g1-length=4096 --g2-length=65 --output-dir ${CURRENT_DIR}/presets/mainnet/trusted_setups
I set
Flag
WACON2023{eip4844-fun-with-kzg-and-trusted-setup-ceremony}
Solution
- Call
/admin/eval
4096 times to fetch information to extract and interpolate admin's polynomial$P$ . - Evaluate commitment
$C$ based on$P$ and trusted setup. - Forge proof
$\pi$ based on$z, x, P(x)$ where$P(x) \neq z$ , using leaked toxic waste$\tau = 13371337$ .-
$\pi = (C - z * G_{1}) / (\tau - x)$ where$G_{1}$ is the BLS12-381 Generator.
-
- Call
/admin/flag
with$\pi, x, z$ and get flag.
Challenge setup
Deploy dist directory as tarball. Includes trusted setup based on
Distribute http endpoint.
Challenge deploy
Go to src
docker compose build --no-cache
docker compose up -d