Fiat-Shamir Transform Exhibits Soundness Vulnerabilities in Research
/ 1 min read
🧩 Fiat-Shamir transform faces soundness issues in practical applications. The Fiat-Shamir (FS) transform, a widely used method for converting public-coin interactive protocols into non-interactive ones, has been shown to have soundness vulnerabilities when instantiated with concrete hash functions. While previously identified issues involved contrived protocols, new research reveals that a popular interactive succinct argument based on the GKR protocol is not adaptively sound when compiled with the FS transform. The study constructs explicit circuits that can generate accepting proofs for false statements, indicating that security guarantees must rely on specific circuit implementations rather than general functionality. Additionally, variations of the attack challenge non-adaptive soundness, although they may require impractical circuit depths or additional assumptions about cryptographic primitives.
