Show HN: Orchid Mantis – PoC Zero Knowledge Proof of Exploit (ZKPoX) Framework
Orchid Mantis has introduced a new framework for Zero-Knowledge Proofs of Exploit Status (ZKPoX), currently in its experimental phase. This framework allows users to prove possession of an exploit for a public program without revealing the exploit itself. It includes binaries for proving and verifying exploit status, but users are advised against using it for real CVE disclosures until the stable version is released.
- ▪Orchid Mantis is a framework for producing and verifying zero-knowledge proofs of exploit status.
- ▪The current version is experimental and not recommended for real CVE disclosures until version 1.0 is released.
- ▪The framework includes two binaries: zkpox-prove for creating disclosure bundles and zkpox-verify for validating them.
Opening excerpt (first ~120 words) tap to expand
Orchid Mantis A Framework for ZKPoX — Zero-Knowledge Proofs of Exploit Status: experimental (v0.1). Bundle format, predicate library, and verifier semantics are not yet stable. Do not use for real CVE disclosure until v1.0 ships. See docs/SCOPE.md for the precise statement of what current bundles prove. zkpox is a standalone framework for producing and verifying zero-knowledge proofs that you possess an exploit for a public program, without revealing the exploit. It ships as two binaries: Binary What it does zkpox-prove Convert a target program + an exploit witness into a CBOR disclosure bundle. zkpox-verify Validate a bundle end-to-end: STARK proof, target binding, envelope, anchor. The proving backend is the SP1 zkVM.
…
Excerpt limited to ~120 words for fair-use compliance. The full article is at GitHub.