Fuzzing Processing Pipelines for Zero-Knowledge Circuits

Hochrainer, Christoph; Isychev, Anastasia; Wüstholz, Valentin; Christakis, Maria

doi:10.1145/3719027.3744791

DC Field

Value

Language

dc.contributor.author

Hochrainer, Christoph

dc.contributor.author

Isychev, Anastasia

dc.contributor.author

Wüstholz, Valentin

dc.contributor.author

Christakis, Maria

dc.date.accessioned

2025-12-16T09:22:42Z

dc.date.available

2025-12-16T09:22:42Z

dc.date.issued

2025-11-22

dc.identifier.citation

<div class="csl-bib-body"> <div class="csl-entry">Hochrainer, C., Isychev, A., Wüstholz, V., & Christakis, M. (2025). Fuzzing Processing Pipelines for Zero-Knowledge Circuits. In <i>CCS ’25: Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security</i> (pp. 783–797). Association for Computing Machinery. https://doi.org/10.1145/3719027.3744791</div> </div>

dc.identifier.uri

http://hdl.handle.net/20.500.12708/222602

dc.description.abstract

Zero-knowledge (ZK) protocols have recently found numerous practical applications, such as in authentication, online-voting, and blockchain systems. These protocols are powered by highly complex pipelines that process deterministic programs, called circuits, written in one of many domain-specific programming languages, e.g., Circom, Noir, and others. Logic bugs in circuit-processing pipelines could have catastrophic consequences and cause significant financial and reputational damage. As an example, consider that a logic bug in a ZK pipeline could result in attackers stealing identities or assets. It is, therefore, critical to develop effective techniques for checking their correctness. In this paper, we present the first systematic fuzzing technique for ZK pipelines, which uses metamorphic test oracles to detect critical logic bugs. We have implemented our technique in a tool called Circuzz. We used Circuzz to test four significantly different ZK pipelines and found a total of 16 logic bugs in all pipelines. Due to their critical nature, 15 of our bugs have already been fixed by the pipeline developers.

dc.description.sponsorship

WWTF Wiener Wissenschafts-, Forschu und Technologiefonds

dc.description.sponsorship

European Commission

dc.language.iso

dc.subject

fuzzing

dc.subject

zero-knowledge circuits

dc.subject

metamorphic testing

dc.title

Fuzzing Processing Pipelines for Zero-Knowledge Circuits

dc.type

Inproceedings

dc.type

Konferenzbeitrag

dc.contributor.affiliation

Consensys, Austria

dc.relation.isbn

979-8-4007-1525-9

dc.description.startpage

783

dc.description.endpage

797

dc.relation.grantno

ICT22-007

dc.relation.grantno

101076510

dc.type.category

Full-Paper Contribution

tuw.booktitle

CCS '25: Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security

tuw.peerreviewed

true

tuw.relation.publisher

Association for Computing Machinery

tuw.relation.publisherplace

New York, NY, USA

tuw.project.title

Effective Formal Methods for Smart-Contract Certification

tuw.project.title

Testing Program Analyzers Ad Absurdum

tuw.researchTopic.id

tuw.researchTopic.name

Information Systems Engineering

tuw.researchTopic.value

100

tuw.publication.orgunit

E194-01 - Forschungsbereich Software Engineering

tuw.publication.orgunit

E056-26 - Fachbereich Automated Reasoning

tuw.publisher.doi

10.1145/3719027.3744791

dc.description.numberOfPages

tuw.author.orcid

0000-0001-6375-0421

tuw.author.orcid

0000-0003-1496-1104

tuw.author.orcid

0000-0002-2649-1958

tuw.event.name

CCS '25: ACM SIGSAC Conference on Computer and Communications Security

tuw.event.startdate

13-10-2025

tuw.event.enddate

17-10-2025

tuw.event.online

On Site

tuw.event.type

Event for scientific audience

tuw.event.place

Taipei

tuw.event.country

tuw.event.presenter

Hochrainer, Christoph

wb.sciencebranch

Informatik

wb.sciencebranch.oefos

1020

wb.sciencebranch.value

100

item.openairecristype

http://purl.org/coar/resource_type/c_5794

item.fulltext

no Fulltext

item.cerifentitytype

Publications

item.grantfulltext

none

item.openairetype

conference paper

item.languageiso639-1

crisitem.author.dept

E194-01 - Forschungsbereich Software Engineering

crisitem.author.dept

E194-01 - Forschungsbereich Software Engineering

crisitem.author.dept

Consensys, Austria

crisitem.author.dept

E194-01 - Forschungsbereich Software Engineering

crisitem.author.orcid

0000-0001-6375-0421

crisitem.author.orcid

0000-0003-1496-1104

crisitem.author.orcid

0000-0002-2649-1958

crisitem.author.parentorg

E194 - Institut für Information Systems Engineering

crisitem.author.parentorg

E194 - Institut für Information Systems Engineering

crisitem.author.parentorg

E194 - Institut für Information Systems Engineering

crisitem.project.funder

WWTF Wiener Wissenschafts-, Forschu und Technologiefonds

crisitem.project.funder

European Commission

crisitem.project.grantno

ICT22-007

crisitem.project.grantno

101076510

Appears in Collections:

Conference Paper

Show simple item record

Page view(s)

checked on Dec 16, 2025

Google Scholar^TM

Check

Page view(s)

Google ScholarTM

Google Scholar^TM