Fuzzing Processing Pipelines for Zero-Knowledge Circuits

TL;DR

This paper presents the first systematic fuzzing technique for ZK pipelines, which uses metamorphic test oracles to detect critical logic bugs and found a total of 16 logic bugs in all pipelines.

Abstract

Zero-knowledge (ZK) protocols have recently found numerous practical applications, such as in authentication, online-voting, and blockchain systems. These protocols are powered by highly complex pipelines that process deterministic programs, called circuits, written in one of many domain-specific programming languages, e.g., Circom, Noir, and others. Logic bugs in circuit-processing pipelines could have catastrophic consequences and cause significant financial and reputational damage. As an example, consider that a logic bug in a ZK pipeline could result in attackers stealing identities or assets. It is, therefore, critical to develop effective techniques for checking their correctness. In this paper, we present the first systematic fuzzing technique for ZK pipelines, which uses metamorphic test oracles to detect critical logic bugs. We have implemented our technique in an open-source tool called Circuzz. We used Circuzz to test four significantly different ZK pipelines and found a total of 16 logic bugs in all pipelines. Due to their critical nature, 15 of our bugs have already been fixed by the pipeline developers.

Figures (6)

• Figure 1: Overview of zero-knowledge pipeline stages.
• Figure 2: Overview of our fuzzing technique for circuit-processing pipelines.
• Figure 3: An example logic bug found by Circuzz in Circom.
• Figure 4: Critical bugs detected by Circuzz in Circom (left) and Corset (right) and fixed by the developers.
• Figure 5: Critical bugs detected by Circuzz in Gnark (left) and Noir (right) and fixed by the developers.