Towards Fuzzing Zero-Knowledge Proof Circuits (Short Paper)

Towards Fuzzing Zero-Knowledge Proof Circuits (Short Paper)

연구 분야: Strategies

학회: ISSTA Companion '25: Proceedings of the 34th ACM SIGSOFT International Symposium on Software Testing and Analysis

Zero-knowledge proofs (ZKPs) have evolved from a theoretical cryptographic concept into a powerful tool for implementing privacy-preserving and verifiable applications without requiring trust assumptions. Despite significant progress in the field, implementing and using ZKPs via ZKP circuits remains challenging, leading to numerous bugs that affect ZKP circuits in practice, and fuzzing remains largely unexplored as a method to detect bugs in ZKP circuits. We discuss the unique challenges of applying fuzzing to ZKP circuits, examine the oracle problem and its potential solutions, and propose techniques for input generation and test harness construction. We demonstrate that fuzzing can be effective in this domain by implementing a fuzzer for zk-regex, a cornerstone library in modern ZKP applications. In our case study, we discovered 13 new bugs that have been confirmed by the developers.