Since so much rides on these proofs, the Ethereum Foundation decided to test their security by offering a bounty to anyone who could attack Fiat-Shamir for any proof protocol of their choice, using a popular hash function called Poseidon. Before announcing the bounty, the foundation invited Rothblum to review a draft of its announcement.

Rothblum’s reaction was that the foundation had phrased things too loosely. After all, cryptographers have known for decades about contrived proof protocols that are vulnerable to attack, no matter which hash function you use. When he shared his thoughts with Ethereum’s cryptographers, he was startled to learn that they were unfamiliar with this work. Rothblum began collaborating with Khovratovich and Soukhanov (who worked at Ethereum at the time) to explore more deeply.