SoK: What don't we know? Understanding Security Vulnerabilities in SNARKs

Stefanos Chaliasos Jens Ernstberger David Theodore David Wong Mohammad Jahanara Benjamin Livshits

2024

Publication year

Usenix Security Symposium

Venue

Peer-reviewed

Type

§ Abstract

Summary

Zero-Knowledge Succinct Non-Interactive Arguments of Knowledge (zk-SNARKs) have been deployed to secure billions of dollars in blockchain systems. However, subtle vulnerabilities in SNARK constructions and implementations can compromise these systems. We conducted a systematic literature review and security analysis to identify the classes of vulnerabilities that remain understudied in deployed SNARK systems. We identify several areas of concern: soundness bugs in circuit compilation, malleability of proofs enabling replay attacks, and the challenge of verifying the verifier itself. For each class, we document known attacks and assess the vulnerabilities of existing deployed systems.

Cite this paper — BibTeX

@InProceedings{sokwhatdontwe,
  title = "{SoK: What don't we know? Understanding Security Vulnerabilities in SNARKs}",
  author = "Stefanos Chaliasos and Jens Ernstberger and David Theodore and David Wong and Mohammad Jahanara and Benjamin Livshits",
  year = "2024",
  month = aug,
  booktitle = "Usenix Security Symposium",
}