< NULLCON 2025 - GOA />

About the Speaker

CFP CTF Training Speakers Sponsors Registration Venue
GO BACK
img
Anto Joseph
Principal Security Engineer Eigen Labs

< Talk Title />

The Future is Trustless: How zkVMS and zkTLS Transform Bug Bounties

< Talk Category />

Technical Speakers

< Talk Abstract />

The current bug bounty ecosystem thrives on the collaboration between security researchers and organizations, yet it fundamentally hinges on mutual trust. Researchers are required to disclose detailed information about vulnerabilities, often exposing sensitive exploit data, while organizations must trust the accuracy and integrity of these disclosures. This trust-dependent model poses significant risks, including potential misuse of exploit information and uncertainties in reward allocations.

This presentation introduces innovative applications of zero-knowledge proofs through zkVMS (Zero-Knowledge Virtual Machines) and zkTLS (Zero-Knowledge Transport Layer Security) to revolutionize bug bounty programs. With zkVMS, researchers can cryptographically prove the existence of software vulnerabilities without revealing the exploit code or any sensitive details. Similarly, zkTLS enables the cryptographic verification of network interactions—such as HTTP requests leading to SQL injections—without disclosing the actual payloads involved.

We will delve into how these technologies eliminate the need for trust by allowing proof of vulnerabilities in a manner that protects both the researchers’ methods and the organizations’ assets. The session includes a live demonstration showcasing the practical implementation of trustless bug bounties using zkVMS and zkTLS. Attendees will gain insights into the technical mechanisms underpinning these tools and their profound implications for the future of secure, trustless collaboration in cybersecurity.

Join us to explore how zero-knowledge technologies are paving the way toward a new paradigm in vulnerability disclosure—one that enhances security while preserving confidentiality and integrity for all parties involved.

< Speaker Bio />

Anto Joseph works as a Principal Security Engineer at Eigen Labs. He enjoys researching distributed systems,DeFi protocols,Android and ML systems.He is involved in developing and advocating security in blockchains & DeFi. Previously, he has worked at Coinbase, Tinder, Intel, Citrix and E&Y in multiple information security roles.He has been a presenter and trainer at various security conferences including BH USA, Defcon, BruCon, HackInParis, HITB Amsterdam, HackLu, Hacktivity, PHdays, X33fCon, NullCon, c0c0n and more. He is an active contributor to many open-source projects and some of his work is available at https://github.com/antojoseph