The Real World Crypto 2025 conference highlighted Web3's increasing impact on cryptography, showcasing advancements in zero-knowledge proofs for identity and scalability, alongside critical discussions on security vulnerabilities and the implementation challenges of central bank digital currencies.

Executive Summary

Real World Crypto (RWC) 2025, held in Sofia, Bulgaria, from March 26 to 28, marked a significant shift with Web3 research exerting increasing influence on the broader cryptography space. The conference focused on advancements in zero-knowledge proofs (ZKPs) for identity systems and blockchain scalability, while also addressing critical security vulnerabilities within ZK technologies and examining the complexities of central bank digital currency (CBDC) implementations.

The Event in Detail

The 14th annual Real World Crypto conference, traditionally focused on non-blockchain cryptographic applications, featured numerous presentations related to the Web3 ecosystem. A notable trend was the growing interest in utilizing modern succinct proof systems (SNARKs) for interfacing with legacy cryptographic systems, indicating a mutual integration opportunity between established cryptography and Web3 innovations.

Key discussions centered on the application of zero-knowledge proofs for digital identity, particularly in the context of the EU Digital Identity Wallet (EUDI). Practical security vulnerabilities were also a prominent topic, including a specific Last Challenge Attack identified in PlonK verifiers and various cache-timing side-channel attacks impacting ZK proving libraries. Furthermore, findings from an EU-sponsored commission evaluating the feasibility of a Digital Euro CBDC were presented, outlining potential advantages of UTXO models and challenges such as anti-money laundering (AML) compliance. Additional Web3-related talks covered platforms like Ligetron, zkLogin on Sui, and theoretical underpinnings of modern SNARKs.

Technical Advancements and Security Deconstruction

Zero-Knowledge Proofs in Identity Systems

The EU Digital Identity Wallet (EUDI), mandated for implementation by 2026, aims to transform citizen interaction with digital services. Dr. Jonas Gross, CEO of Hakata, noted that ZKPs "could be the key to enhancing privacy and security" within this framework. The EUDI Wallet integrates Selective Disclosure and ZKPs, allowing users to cryptographically prove attributes, such as being over 18, without revealing specific personal data like an exact birthdate. Thierry Breton, EU Commissioner for the Internal Market, stated that the wallet will "revolutionize the way European citizens and businesses engage with online services by seamlessly integrating convenience, safety and privacy." These wallets are built on eIDAS 2.0 and Self-Sovereign Identity (SSI) principles, with private keys remaining on-device within secure enclaves.

Separately, Mysten Labs' zkLogin on the Sui blockchain utilizes identity tokens from familiar platforms like Google and Facebook for authentication. This system leverages ZKPs to obscure the link between a user's off-chain and on-chain identities. While using Groth16 SNARKs, the speed of proof generation on end-user devices remains an ongoing development challenge.

SNARK Vulnerabilities

OpenZeppelin identified a critical vulnerability, termed the Last Challenge Attack, during an audit of Linea's PlonK verifier. This exploit arises from an incorrect application of the Fiat-Shamir transform, potentially allowing a malicious prover to forge proofs for invalid state transitions. In the context of a ZK rollup on Ethereum, such an attack could enable the theft of all assets by forging a proof for an invalid state transition. While the issue was promptly communicated and fixed, it highlights that the Fiat-Shamir transform is a common source of security vulnerabilities in zkSNARK systems. Adherence to standard specifications, which dictate deriving challenges from the entire transcript, is crucial to prevent such exploits.

Ethereum's Privacy Roadmap

Ethereum is actively addressing privacy challenges through a roadmap structured around Private Writes, Private Reads, and Private Proving. Initiatives include Plasma Fold, an experimental Layer 2 design utilizing zero-knowledge folding for scalability and privacy, and Kohaku, a wallet proof-of-concept designed to natively support privacy sending through privacy pools. Efforts are also underway to develop privacy-preserving credential standards and modular zk-snark wallets.

Broader Market and Strategic Implications

Web3 Ecosystem Integration

The Real World Crypto 2025 conference confirmed a growing convergence of Web3 research with broader cryptography, suggesting deeper integration into mainstream digital systems. Yael Kalai of MIT contributed to this discussion by providing an overview of the theoretical underpinnings of modern SNARKs, reinforcing their foundational role.

Digital Identity Paradigm Shift

The EUDI Wallet represents a significant strategic move by the European Union towards self-sovereign digital identity, which could set a global standard for privacy-preserving digital credentials. This initiative transforms how citizens will interact with digital services and manage personal data.

Central Bank Digital Currencies (CBDCs)

The European Central Bank's exploration of public blockchains like Ethereum and Solana for a digital euro highlights a strategic shift in regulatory thinking. A decision on issuance is anticipated by the end of 2025. This move also aims to counter the dominance of US dollar-pegged stablecoins within the EU financial landscape.

Security Imperatives

The PlonK vulnerability emphasizes the critical need for continuous auditing and adherence to robust cryptographic standards. Such rigorous security practices are essential to maintain trust and enable widespread adoption of zero-knowledge proof technologies in financial applications and other sensitive digital systems.

Long-term Outlook

The advancements discussed at RWC 2025 are poised to foster more scalable, private, and secure blockchain applications. This trajectory is expected to influence broader adoption trends and facilitate the integration of decentralized technologies with traditional financial infrastructures, impacting privacy and identity across various digital systems.