Skip to content

Xor0v0/awesome-zero-knowledge-proofs-security

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

18 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Awesome zero knowledge proofs security

Awesome A curated list of awesome things related to learning zero knowledge proofs security

Table of Content

1. Introduction

Zero Knowledge Proof (ZKP) technology is considered as a very promising infrastructure in blockchain field, even not limited to the Web3 world.

In concept, proving system (or proof system in some context) are indeed advanced cryptographic techniques as you can see in various papers. But when it comes to a ZK application, from a development perspective, it is usually divided into two parts: front-end and back-end.

In general, ZKP is a technique for proving the correct execution of programs, which has completeness, soundness, and zero knowledge property. Specifically, the front-end is these programs that can be proven, namely circuits that implement computation logic, while the back-end is a proving system used to generate proof for the execution of these logic.

As with other programming field, the primary technical risk faced by both is code bugs.

I strongly recommand everyone to learn ZK Security from the perspective of zkapp. The following figure from Aumasson'slides which provide us with a good layered display.

To be more precise, circuits implementation comes with its own set of vulnerability classification, disjoint from the low-level cryptography bugs that may be found in the proving system.

2. Vulnerability Classification

The mental models of circuits (or constraints) are very different from traditional programming, programmers should be very careful about it.

While the programming approach of zkVM programs is more similar to traditional programming (but not exactly the same because the underlying VM is implemented as circuits, so only some circuit friendly operations can be implemented, such as hash functions pedersen, poseidon, and MiMC, so the learning threshold and cost are lower. The underlying of zkVM is essentially circuits.

The emergence of zkVM (including zkEVM) has greatly enriched the application of zk technology, and people can prove more diverse programs, such as smart contracts (starknet based on cairo VM, blockchain based on various EVMs such as Polygon, Scroll, zksync, etc.) and general programs (RISC Zero, SP1, etc.) .

Meanwhile, it also aligns with many traditional programming fields, such as reverse engineering (A CTF puzzle by weikeng chen)。

Therefor, the scope of programs above zkVM is much boarder, including smart contracts (Solidity, Cairo) and other traditional programs, which security will not be discussed here for now.

Architectureal Design Flaws

FrontEnd: Circuits

Soundness Error (Under-constrained)

Missing constraints or under-constrained is the most common bug in zk circuits, which occurs when a system, fails to enforce necessary limitations or conditions on inputsor operations. This could be due to absent validation checks, insufficient boundary enforcement, or improper assumptions about input data. As a result, users or attackers can manipulate or bypass expected behavior, leading to unintended consequences, security issues, or data corruption.

This is a very general type of bug, and we divide it into 6 sub issues:

Completeness Error (Over-constrained)

  • not much

Zero Knowledge Error

Misc: Witness Generation & Arithemtization

Worth further exploring.

BackEnd: Proving system

The backend is the proving system that leans towards the cryptographic part, so this part involves more secure applications of cryptographic primitives. One must note: even secure primitives may introduce vulnerabilities if used incorrectly in the larger protocol or configured in an insecure manner.

To sum up, most vulnerabilities of proving system are Unstandardized Cryptographic Implementation.

3. Security Consideration

circom

cairo

  1. No payable functions
  2. Name hashed storage slots
  3. Upgradeability built-in
  4. Separated internal/external functions
  5. Cheap execution means readable algorithms
  6. Immutable variables by default
  7. Safe type conversions
  8. Option and Result traits

Reference

4. Learning Resources

Books & Docs

Papers

Blogs

Highlights

Resources

Videos & Podcast

Audit Reports

You can directly visit the solodit website to get some off-the-shelf audit reports.

If you are intereted in security about zkVM programs, here are some audit material about smart contract.

Solidity:

Cairo:

Tools

Tool Technique UC OC CE
Circomspect SA
ZKAP SA
halo2-analyzer SA
Coda FV
Ecne FV
Picus FV
Aleo FV
SnarkProbe DA
CIVER FV
GNARK/Lean FV

zkHACK/CTF/Puzzles

writeups

Lectures

Algebraic Error Correcting Codes

Miscellaneous

Acknowledgements

Special thanks go to the following individuals and organizations for their ongoing support and encouragement: Nullity.

About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published