This is a very thorough description of a bug detected in a Zero Knowledge Proof (ZKP) library used by a blockchain. If you are interested in how modern ZKPs work, this article gives a condensed overview of what is happening in a ZKP, and what the security guarantees are. As always, the devil is in the details, and in this case, a missing verification allowed an attacker to prove anything they wanted.

https://osec.io/blog/2026-04-30-unverified-evaluations-dusk-plonk/

#C4DT_EPFL #WeeklyPick

#C4DT_EPFL #WeeklyPicks Google startete schon im 2010 ein 'Vulnerability Reward Program', ein Bug-Bounty für alle Services von Google, das Belohnungen auszahlt, alleine 17 Millionen US-$ im 2025. Diese Prämie wurde über mehr als 700 Analysten verteilt, die Fehler fanden in Android, der Google Cloud, aber auch in verbreiteten und häufig gebrauchten Open Source Programmen und Bibliotheken.

https://www.heise.de/news/Google-17-1-Millionen-US-Dollar-im-Bug-Bounty-Programm-2025-ausgezahlt-11211996.html

#WeeklyPick #C4DT_EPFL #EPFL #digiges #SocNum @digiges

Un sujet qui m'inquiète en tant que supporteur des logiciels libres et de la souveraineté qui les accompagne: Google veut fermeture sa plate-forme Android pour toute application qui n'est pas signé par un développeur agréé par Google. Le sujet fait débat surtout en Europe, où Apple a dû ouvrir ses iPhones aux applications étrangères.

https://www.societe-numerique.ch/2026/02/26/menace-sur-android-google-veut-verrouiller-nos-telephones-android-va-devenir-une-plateforme-fermee/

#weeklypick #C4DT_EPFL #EPFL

I always liked Anthropic's stance of doing the good thing and setting standards with regards to security and ehtics in LLMs. Unfortunately they changed their mind and will now only define 'goals that we will openly grade our progress towards'. So these goals will be non-binding. At least they kept the rules of 'no AI controlled weapons' and 'no mass domestic surveillance'.

https://edition.cnn.com/2026/02/25/tech/anthropic-safety-policy-change

The Center for Digital Trust (C4DT) is organising a special edition of our bi-annual open-source software services meet-up with an external guest speaker, David Monniaux from Université Grenoble Alpes.

https://rse.swiss/events/2026_03_04_oss_services_meet_up_special_edition/

#C4DT_EPFL

#eID #blog #SICPA #C4DT_EPFL

We are pleased to share some output of our work on electronic credentials in our technical blog: "Choosing a Cryptographic Library for Anonymous Credentials":

https://eid-privacy.github.io/wp2/2026/01/27/docknetwork-crypto-library.html

Long live Friday: here is a short article pointing to our Proof-of-Concept on privacy-preserving #eID presentation of credentials. It includes proofs for issuer signature, holder binding, predicate proofs, and non-revocation proofs.

Spoiler alert: #NoirLang is awesome! It's easy to understand AND fast!

Have a look here:

https://eid-privacy.github.io/2026/01/09/poc-report.html

#C4DT_EPFL #C4DT_FACTORY

Finland is combatting Fake News at its destination. It teaches media literacy in schools, starting from the age of three, on through the whole curriculum of the students. This approach is paying off, with the country ranking at the top of the European Media Literacy Index. Meanwhile, here in Switzerland, students are mostly left to figure out for themselves what is real and what is fake.

https://www.euronews.com/next/2026/01/05/after-decades-of-teaching-media-literacy-finland-equips-students-with-skills-to-spot-ai-de

#C4DT_EPFL #C4DT_WeeklyPicks

This thought-provoking article challenges the rationale behind the increasing integration of large language models (LLMs) into our daily workflows. Is it the result of thorough risk-benefit analyses or because of our growing normalization of the problems inherent in these systems and complacency towards the potentially disastrous consequences?

https://embracethered.com/blog/posts/2025/the-normalization-of-deviance-in-ai/

#C4DT_EPFL #WeeklyPicks