zkDaily - 2026-02-08

零知识证明 zkDaily

ZKP Frontier Tracker 🎯

Sun

02.08

2026

Claiming bounties on small scale Poseidon and Poseidon2 instances using resultant-based algebraic attacks

Paper

https://eprint.iacr.org/2026/150

Antoine Bak Poseidon Cryptanalysis

Bak et al. analyzed reduced instances of Poseidon and Poseidon2 hash functions in their paper, using a new resultant-based algebraic attack to successfully break multiple challenge instances and claim Ethereum Foundation bounties.

Notes

Ethereum Foundation issued bounty challenges for Poseidon and Poseidon2 hash functions in Nov 2024
Team successfully broke multiple reduced instances of Poseidon2-31m, Poseidon2-31k and Poseidon-256
Used new resultant-based algebraic attack for Poseidon2 instances
Used known univariate root finding for Poseidon-256 instances
All solutions except first Poseidon-256 instance confirmed eligible for bounties
Research reveals potential security risks in reduced configurations of Poseidon hash functions

Collected by @icerdesign

零知识证明 zkDaily

Q&A Deep Dive 💬

Sun

02.08

2026

Why do the attacks focus on small-scale or round-reduced Poseidon instances?

Full-parameter Poseidon includes ample security margins. The bounty challenges intentionally use reduced-round or small-field instances to test cryptanalytic techniques, not to break production settings.

What role does the resultant play in these algebraic attacks?

Resultants eliminate variables from multivariate polynomial systems, reducing dimensionality. The authors use them to transform Poseidon2 constraints into univariate or low-dimensional equations that are tractable to solve.

What do these results imply about Poseidon's security as a ZK-friendly hash?

The results confirm the intended security margins: attacks only appear under aggressive round reduction. They validate parameter choices and analysis techniques rather than undermining standard Poseidon instances.

Prompted by @icerdesign