NDSS 2025 – MTZK: Testing And Exploring Bugs In Zero-Knowledge (ZK) Compilers
好的,我现在需要帮用户总结一篇关于零知识证明编译器的文章内容。用户要求控制在100字以内,不需要特定的开头,直接写描述。 首先,我快速浏览文章,发现主要讨论的是零知识(ZK)证明在隐私和区块链中的应用。作者们开发了一个叫做MTZK的测试框架,用于检测ZK编译器中的错误。他们测试了四个工业级编译器,发现了21个漏洞,并修复了其中15个。 接下来,我需要将这些信息浓缩到100字以内。重点包括:MTZK的作用、测试对象、发现的漏洞数量以及修复情况。同时,要提到这些漏洞可能带来的安全风险。 然后,我组织语言,确保简洁明了。例如:“本文介绍MTZK框架用于检测零知识证明编译器错误,测试四个工业级编译器发现21个漏洞并修复15个,强调其对隐私和区块链安全的重要性。” 最后,检查字数是否符合要求,并确保信息准确无误。 </think> 本文介绍了一种名为MTZK的测试框架,用于检测零知识(ZK)证明编译器中的错误。通过设计特定的变异关系,该框架能够自动测试编译器的正确性,并成功发现了四个工业级ZK编译器中的21个漏洞,其中15个已修复。研究强调了这些漏洞对隐私和区块链系统的潜在安全威胁。 2026-3-1 16:0:0 Author: securityboulevard.com(查看原文) 阅读量:0 收藏

Session 14B: Privacy & Cryptography 2

Authors, Creators & Presenters: (All Via The Hong Kong University of Science and Technology) Dongwei Xiao, Zhibo Liu, Yiteng Peng, Shuai Wang
PAPER
MTZK: Testing and Exploring Bugs in Zero-Knowledge (ZK) Compilers
Zero-knowledge (ZK) proofs have been increasingly popular in privacy-preserving applications and blockchain systems. To facilitate handy and efficient ZK proof generation for normal users, the industry has designed domain-specific languages (DSLs) and ZK compilers. Given a program in ZK DSL, a ZK compiler compiles it into a circuit, which is then passed to the prover and verifier for ZK checking. However, the correctness of ZK compilers is not well studied, and recent works have shown that de facto ZK compilers are buggy, which can allow malicious users to generate invalid proofs that are accepted by the verifier, causing security breaches and financial losses in cryptocurrency. In this paper, we propose MTZK, a metamorphic testing framework to test ZK compilers and uncover incorrect compilations. Our approach leverages deliberately designed metamorphic relations (MRs) to mutate ZK compiler inputs. This way, ZK compilers can be automatically tested for compilation correctness using inputs and mutated variants. We propose a set of design considerations and optimizations to deliver an efficient and effective testing framework. In the evaluation of four industrial ZK compilers, we successfully uncovered 21 bugs, out of which the developers have promptly patched 15. We also show possible exploitations of the uncovered bugs to demonstrate their severe security implications.
ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.

Our thanks to the Network and Distributed System Security (NDSS) Symposium for publishing their Creators, Authors and Presenter’s superb NDSS Symposium 2025 Conference content on the Organizations’ YouTube Channel.

*** This is a Security Bloggers Network syndicated blog from Infosecurity.US authored by Marc Handelman. Read the original post at: https://www.infosecurity.us/blog/2026/3/1/ndss-2025-mtzk-testing-and-exploring-bugs-in-zero-knowledge-zk-compilers


文章来源: https://securityboulevard.com/2026/03/ndss-2025-mtzk-testing-and-exploring-bugs-in-zero-knowledge-zk-compilers/
如有侵权请联系:admin#unsafe.sh