Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

SoK: What don't we know? Understanding Security Vulnerabilities in SNARKs

Stefanos Chaliasos, Jens Ernstberger, David Theodore, David Wong, Mohammad Jahanara, Benjamin Livshits

TL;DR

This paper shifts the focus from theoretical SNARK security to end-to-end security in real-world deployments by establishing a four-layer system model and a comprehensive threat taxonomy. It analyzes 141 publicly disclosed vulnerabilities across circuits, frontends, backends, and integrations, identifying root causes such as under-constrained circuits, misapplied Fiat-Shamir transforms, and integration-layer gaps. The authors evaluate existing defenses, reveal notable gaps (especially at the integration layer), and propose practical directions for tooling, formal verification, and safer DSLs to harden SNARK ecosystems. The work emphasizes that ensuring robustness in SNARK-based systems requires holistic testing and cross-layer safeguards to protect critical properties like completeness, soundness, and zero-knowledge in practice.

Abstract

Zero-knowledge proofs (ZKPs) have evolved from being a theoretical concept providing privacy and verifiability to having practical, real-world implementations, with SNARKs (Succinct Non-Interactive Argument of Knowledge) emerging as one of the most significant innovations. Prior work has mainly focused on designing more efficient SNARK systems and providing security proofs for them. Many think of SNARKs as "just math," implying that what is proven to be correct and secure is correct in practice. In contrast, this paper focuses on assessing end-to-end security properties of real-life SNARK implementations. We start by building foundations with a system model and by establishing threat models and defining adversarial roles for systems that use SNARKs. Our study encompasses an extensive analysis of 141 actual vulnerabilities in SNARK implementations, providing a detailed taxonomy to aid developers and security researchers in understanding the security threats in systems employing SNARKs. Finally, we evaluate existing defense mechanisms and offer recommendations for enhancing the security of SNARK-based systems, paving the way for more robust and reliable implementations in the future.

SoK: What don't we know? Understanding Security Vulnerabilities in SNARKs

TL;DR

This paper shifts the focus from theoretical SNARK security to end-to-end security in real-world deployments by establishing a four-layer system model and a comprehensive threat taxonomy. It analyzes 141 publicly disclosed vulnerabilities across circuits, frontends, backends, and integrations, identifying root causes such as under-constrained circuits, misapplied Fiat-Shamir transforms, and integration-layer gaps. The authors evaluate existing defenses, reveal notable gaps (especially at the integration layer), and propose practical directions for tooling, formal verification, and safer DSLs to harden SNARK ecosystems. The work emphasizes that ensuring robustness in SNARK-based systems requires holistic testing and cross-layer safeguards to protect critical properties like completeness, soundness, and zero-knowledge in practice.

Abstract

Zero-knowledge proofs (ZKPs) have evolved from being a theoretical concept providing privacy and verifiability to having practical, real-world implementations, with SNARKs (Succinct Non-Interactive Argument of Knowledge) emerging as one of the most significant innovations. Prior work has mainly focused on designing more efficient SNARK systems and providing security proofs for them. Many think of SNARKs as "just math," implying that what is proven to be correct and secure is correct in practice. In contrast, this paper focuses on assessing end-to-end security properties of real-life SNARK implementations. We start by building foundations with a system model and by establishing threat models and defining adversarial roles for systems that use SNARKs. Our study encompasses an extensive analysis of 141 actual vulnerabilities in SNARK implementations, providing a detailed taxonomy to aid developers and security researchers in understanding the security threats in systems employing SNARKs. Finally, we evaluate existing defense mechanisms and offer recommendations for enhancing the security of SNARK-based systems, paving the way for more robust and reliable implementations in the future.
Paper Structure (35 sections, 8 figures, 8 tables)

This paper contains 35 sections, 8 figures, 8 tables.

Table of Contents

  1. Introduction
  2. Background on SNARKs
  3. System and Threat Models for SNARKs
  4. System Model
  5. Threat Model Taxonomy
  6. Methodology
  7. Circuit Issues
  8. Vulnerabilities
  9. Root Causes
  10. Integration Layer Issues
  11. Vulnerabilities
  12. Root Causes
  13. Frontend/Backend Issues
  14. Frontend Vulnerabilities
  15. Backend Vulnerabilities
  16. ...and 20 more sections

Figures (8)

  • Figure 1: System model of an application based on . Note that witness generation can sometimes be produced by the compiler, while at other times it may be integrated into the backend.
  • Figure 2: Example circuit written in the eDSL gnark gnark. Lines highlighted in gray add constraints in the circuit.
  • Figure 3: Circom Circuit example: Underconstrained -- Assigned but Unconstrained
  • Figure 4: Halo2 Circuit example: Underconstrained -- Missing Input Constraint
  • Figure 5: Circom Circuit example: Underconstrained -- Unsafe Reuse of Circuit
  • ...and 3 more figures