MTZK: Testing and Exploring Bugs in Zero-Knowledge (ZK) Compilers
Dongwei Xiao
Network and Distributed System Security (NDSS) Symposium 2025 · Day 3 · Privacy & Cryptography 2
Dongwei Xiao's talk, "MTZK: Testing and Exploring Bugs in Zero-Knowledge (ZK) Compilers," presented at the NDSS Symposium, addresses a critical and emerging security challenge in the rapidly evolving landscape of zero-knowledge proofs (ZKPs). The presentation details a novel methodology for automatically testing ZK compilers, which are foundational components in systems leveraging zero-knowledge technology. By identifying and highlighting vulnerabilities in these compilers, the research underscores the potential for severe security breaches and financial losses in applications where ZKPs are used, such as high-value blockchain systems.
AI review
Dongwei Xiao brings a genuinely novel contribution to a space that gets almost no rigorous security scrutiny: the compiler layer of ZK proof systems. The mutation-based methodology is clever, the 21-bug yield across four mainstream compilers is hard to argue with, and the attack scenarios — especially the MAX_INT constraint bypass — are concrete enough to make any ZK application developer uncomfortable in exactly the right way.