{"id":"https://openalex.org/W4379537474","doi":"https://doi.org/10.1145/3591282","title":"Automated Detection of Under-Constrained Circuits in Zero-Knowledge Proofs","display_name":"Automated Detection of Under-Constrained Circuits in Zero-Knowledge Proofs","publication_year":2023,"publication_date":"2023-06-06","ids":{"openalex":"https://openalex.org/W4379537474","doi":"https://doi.org/10.1145/3591282"},"language":"en","primary_location":{"id":"doi:10.1145/3591282","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3591282","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3591282","source":{"id":"https://openalex.org/S4210216081","display_name":"Proceedings of the ACM on Programming Languages","issn_l":"2475-1421","issn":["2475-1421"],"is_oa":true,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the ACM on Programming Languages","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"diamond","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3591282","any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5007146828","display_name":"Shankara Pailoor","orcid":"https://orcid.org/0000-0002-9253-9585"},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Shankara Pailoor","raw_affiliation_strings":["Veridise, USA"],"affiliations":[{"raw_affiliation_string":"Veridise, USA","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101573237","display_name":"Yanju Chen","orcid":"https://orcid.org/0000-0002-6494-3126"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Yanju Chen","raw_affiliation_strings":["Veridise, USA"],"affiliations":[{"raw_affiliation_string":"Veridise, USA","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5032237836","display_name":"Franklyn Wang","orcid":"https://orcid.org/0000-0003-1659-2138"},"institutions":[{"id":"https://openalex.org/I136199984","display_name":"Harvard University","ror":"https://ror.org/03vek6s52","country_code":"US","type":"education","lineage":["https://openalex.org/I136199984"]},{"id":"https://openalex.org/I4210134579","display_name":"Dana-Farber/Harvard Cancer Center","ror":"https://ror.org/03pvyf116","country_code":"US","type":"healthcare","lineage":["https://openalex.org/I136199984","https://openalex.org/I4210117453","https://openalex.org/I4210134579"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Franklyn Wang","raw_affiliation_strings":["Harvard University, USA / 0xparc, USA"],"affiliations":[{"raw_affiliation_string":"Harvard University, USA / 0xparc, USA","institution_ids":["https://openalex.org/I4210134579","https://openalex.org/I136199984"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5041607436","display_name":"Clara Rodr\u00edguez-N\u00fa\u00f1ez","orcid":"https://orcid.org/0000-0002-5417-8934"},"institutions":[{"id":"https://openalex.org/I121748325","display_name":"Universidad Complutense de Madrid","ror":"https://ror.org/02p0gd045","country_code":"ES","type":"education","lineage":["https://openalex.org/I121748325"]}],"countries":["ES"],"is_corresponding":false,"raw_author_name":"Clara Rodr\u00edguez","raw_affiliation_strings":["Complutense University of Madrid, Spain"],"affiliations":[{"raw_affiliation_string":"Complutense University of Madrid, Spain","institution_ids":["https://openalex.org/I121748325"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5063278309","display_name":"Jacob Van Geffen","orcid":"https://orcid.org/0009-0007-7468-4205"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Jacob Van Geffen","raw_affiliation_strings":["Veridise, USA"],"affiliations":[{"raw_affiliation_string":"Veridise, USA","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5078847008","display_name":"Jason Morton","orcid":"https://orcid.org/0000-0001-8008-1960"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Jason Morton","raw_affiliation_strings":["ZKonduit, USA"],"affiliations":[{"raw_affiliation_string":"ZKonduit, USA","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5075933948","display_name":"Michael A. Chu","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Michael Chu","raw_affiliation_strings":["0xparc, USA"],"affiliations":[{"raw_affiliation_string":"0xparc, USA","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101835085","display_name":"B.Y. GU","orcid":"https://orcid.org/0009-0009-4978-4516"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Brian Gu","raw_affiliation_strings":["0xparc, USA"],"affiliations":[{"raw_affiliation_string":"0xparc, USA","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101567136","display_name":"Yu Feng","orcid":"https://orcid.org/0000-0003-1000-1229"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Yu Feng","raw_affiliation_strings":["Veridise, USA"],"affiliations":[{"raw_affiliation_string":"Veridise, USA","institution_ids":[]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5006424908","display_name":"I\u015f\u0131l Dillig","orcid":"https://orcid.org/0000-0001-8006-1230"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"I\u015f\u0131l Dillig","raw_affiliation_strings":["Veridise, USA"],"affiliations":[{"raw_affiliation_string":"Veridise, USA","institution_ids":[]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":10,"corresponding_author_ids":["https://openalex.org/A5007146828"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":3.3277,"has_fulltext":true,"cited_by_count":19,"citation_normalized_percentile":{"value":0.93656203,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":94,"max":100},"biblio":{"volume":"7","issue":"PLDI","first_page":"1510","last_page":"1532"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9947999715805054,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9947999715805054,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9894000291824341,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10237","display_name":"Cryptography and Data Security","score":0.9878000020980835,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/compiler","display_name":"Compiler","score":0.8114734292030334},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7528029680252075},{"id":"https://openalex.org/keywords/zero-knowledge-proof","display_name":"Zero-knowledge proof","score":0.7119098901748657},{"id":"https://openalex.org/keywords/mathematical-proof","display_name":"Mathematical proof","score":0.6729620695114136},{"id":"https://openalex.org/keywords/uniqueness","display_name":"Uniqueness","score":0.5468721389770508},{"id":"https://openalex.org/keywords/electronic-circuit","display_name":"Electronic circuit","score":0.48344549536705017},{"id":"https://openalex.org/keywords/bootstrapping","display_name":"Bootstrapping (finance)","score":0.44748765230178833},{"id":"https://openalex.org/keywords/polynomial","display_name":"Polynomial","score":0.44395047426223755},{"id":"https://openalex.org/keywords/theoretical-computer-science","display_name":"Theoretical computer science","score":0.43988433480262756},{"id":"https://openalex.org/keywords/field","display_name":"Field (mathematics)","score":0.4247412085533142},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.41670161485671997},{"id":"https://openalex.org/keywords/algorithm","display_name":"Algorithm","score":0.3996768593788147},{"id":"https://openalex.org/keywords/arithmetic","display_name":"Arithmetic","score":0.34888535737991333},{"id":"https://openalex.org/keywords/cryptography","display_name":"Cryptography","score":0.2861735224723816},{"id":"https://openalex.org/keywords/mathematics","display_name":"Mathematics","score":0.18572884798049927}],"concepts":[{"id":"https://openalex.org/C169590947","wikidata":"https://www.wikidata.org/wiki/Q47506","display_name":"Compiler","level":2,"score":0.8114734292030334},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7528029680252075},{"id":"https://openalex.org/C176329583","wikidata":"https://www.wikidata.org/wiki/Q191943","display_name":"Zero-knowledge proof","level":3,"score":0.7119098901748657},{"id":"https://openalex.org/C108710211","wikidata":"https://www.wikidata.org/wiki/Q11538","display_name":"Mathematical proof","level":2,"score":0.6729620695114136},{"id":"https://openalex.org/C2777021972","wikidata":"https://www.wikidata.org/wiki/Q22976830","display_name":"Uniqueness","level":2,"score":0.5468721389770508},{"id":"https://openalex.org/C134146338","wikidata":"https://www.wikidata.org/wiki/Q1815901","display_name":"Electronic circuit","level":2,"score":0.48344549536705017},{"id":"https://openalex.org/C207609745","wikidata":"https://www.wikidata.org/wiki/Q4944086","display_name":"Bootstrapping (finance)","level":2,"score":0.44748765230178833},{"id":"https://openalex.org/C90119067","wikidata":"https://www.wikidata.org/wiki/Q43260","display_name":"Polynomial","level":2,"score":0.44395047426223755},{"id":"https://openalex.org/C80444323","wikidata":"https://www.wikidata.org/wiki/Q2878974","display_name":"Theoretical computer science","level":1,"score":0.43988433480262756},{"id":"https://openalex.org/C9652623","wikidata":"https://www.wikidata.org/wiki/Q190109","display_name":"Field (mathematics)","level":2,"score":0.4247412085533142},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.41670161485671997},{"id":"https://openalex.org/C11413529","wikidata":"https://www.wikidata.org/wiki/Q8366","display_name":"Algorithm","level":1,"score":0.3996768593788147},{"id":"https://openalex.org/C94375191","wikidata":"https://www.wikidata.org/wiki/Q11205","display_name":"Arithmetic","level":1,"score":0.34888535737991333},{"id":"https://openalex.org/C178489894","wikidata":"https://www.wikidata.org/wiki/Q8789","display_name":"Cryptography","level":2,"score":0.2861735224723816},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.18572884798049927},{"id":"https://openalex.org/C149782125","wikidata":"https://www.wikidata.org/wiki/Q160039","display_name":"Econometrics","level":1,"score":0.0},{"id":"https://openalex.org/C2524010","wikidata":"https://www.wikidata.org/wiki/Q8087","display_name":"Geometry","level":1,"score":0.0},{"id":"https://openalex.org/C119599485","wikidata":"https://www.wikidata.org/wiki/Q43035","display_name":"Electrical engineering","level":1,"score":0.0},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.0},{"id":"https://openalex.org/C202444582","wikidata":"https://www.wikidata.org/wiki/Q837863","display_name":"Pure mathematics","level":1,"score":0.0},{"id":"https://openalex.org/C134306372","wikidata":"https://www.wikidata.org/wiki/Q7754","display_name":"Mathematical analysis","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3591282","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3591282","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3591282","source":{"id":"https://openalex.org/S4210216081","display_name":"Proceedings of the ACM on Programming Languages","issn_l":"2475-1421","issn":["2475-1421"],"is_oa":true,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the ACM on Programming Languages","raw_type":"journal-article"}],"best_oa_location":{"id":"doi:10.1145/3591282","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3591282","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3591282","source":{"id":"https://openalex.org/S4210216081","display_name":"Proceedings of the ACM on Programming Languages","issn_l":"2475-1421","issn":["2475-1421"],"is_oa":true,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the ACM on Programming Languages","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4379537474.pdf","grobid_xml":"https://content.openalex.org/works/W4379537474.grobid-xml"},"referenced_works_count":20,"referenced_works":["https://openalex.org/W18814837","https://openalex.org/W1602903055","https://openalex.org/W1614061774","https://openalex.org/W2013613544","https://openalex.org/W2014239329","https://openalex.org/W2043007983","https://openalex.org/W2144752539","https://openalex.org/W2499905456","https://openalex.org/W2930749604","https://openalex.org/W2948043589","https://openalex.org/W2977627479","https://openalex.org/W3166471020","https://openalex.org/W3187976475","https://openalex.org/W3202097495","https://openalex.org/W4225922019","https://openalex.org/W4250846042","https://openalex.org/W4308409306","https://openalex.org/W4361028448","https://openalex.org/W4377825188","https://openalex.org/W4379537474"],"related_works":["https://openalex.org/W1534274833","https://openalex.org/W571281153","https://openalex.org/W2949403936","https://openalex.org/W2497793302","https://openalex.org/W18444363","https://openalex.org/W1908445849","https://openalex.org/W1970588133","https://openalex.org/W2022025391","https://openalex.org/W2163538620","https://openalex.org/W1567449721"],"abstract_inverted_index":{"As":[0],"zero-knowledge":[1,19,51],"proofs":[2,20],"gain":[3],"increasing":[4,123],"adoption,":[5],"the":[6,16,30,54,58,70,82,88,110,122,173,179,192,247,250,263],"cryptography":[7],"community":[8],"has":[9,268],"designed":[10],"domain-specific":[11],"languages":[12],"(DSLs)":[13],"that":[14,69,116,232,243,259],"facilitate":[15,29],"construction":[17,31],"of":[18,23,32,121,125,136,239,249,257,262],"(ZKPs).":[21],"Many":[22],"these":[24,240],"DSLs,":[25],"such":[26,126],"as":[27],"Circom,":[28],"arithmetic":[33,60,127,144],"circuits,":[34],"which":[35],"are":[36],"essentially":[37],"polynomial":[38,162],"equations":[39,163,176],"over":[40,164,172],"a":[41,47,50,63,79,85,97,101,114,152,217,255],"finite":[42,165,174],"field.":[43],"In":[44],"particular,":[45],"given":[46,98],"program":[48,83],"in":[49,81,87,129,216,274],"proof":[52,115],"DSL,":[53],"compiler":[55,89,180],"automatically":[56],"produces":[57],"corresponding":[59],"circuit.":[61,264],"However,":[62],"common":[64],"and":[65,222],"serious":[66],"problem":[67],"is":[68,188],"generated":[71,177],"circuit":[72],"may":[73],"be":[74],"underconstrained,":[75],"either":[76,245],"due":[77,141],"to":[78,112,142,181,204],"bug":[80,86],"or":[84,184,253],"itself.":[90],"Underconstrained":[91],"circuits":[92,128],"admit":[93],"multiple":[94],"witnesses":[95,258],"for":[96,155],"input,":[99],"so":[100],"malicious":[102],"party":[103],"can":[104,235],"generate":[105],"bogus":[106],"witnesses,":[107],"thereby":[108],"causing":[109],"verifier":[111],"accept":[113],"it":[117,224,244],"should":[118],"not.":[119],"Because":[120],"prevalence":[124],"blockchain":[130],"applications,":[131],"several":[132],"million":[133],"dollars":[134],"worth":[135],"cryptocurrency":[137],"have":[138,211],"been":[139],"stolen":[140],"underconstrained":[143,161,208],"circuits.":[145,209,228,276],"Motivated":[146],"by":[147,160,178,191],"this":[148],"problem,":[149],"we":[150],"propose":[151],"new":[153],"technique":[154],"finding":[156],"ZKP":[157],"bugs":[158],"caused":[159],"fields.":[166],"Our":[167,194,229],"method":[168],"performs":[169],"semantic":[170],"reasoning":[171],"field":[175],"prove":[182],"whether":[183],"not":[185],"each":[186],"signal":[187],"uniquely":[189],"determined":[190],"input.":[193],"proposed":[195,214],"approach":[196,215],"combines":[197],"SMT":[198],"solving":[199],"with":[200],"lightweight":[201],"uniqueness":[202,248],"inference":[203],"effectively":[205],"reason":[206],"about":[207],"We":[210],"implemented":[212],"our":[213],"tool":[218],"called":[219],"QED":[220,233,266],"2":[221,234,267],"evaluate":[223],"on":[225],"163":[226],"Circom":[227],"evaluation":[230],"shows":[231],"successfully":[236],"solve":[237],"70%":[238],"benchmarks,":[241],"meaning":[242],"verifies":[246],"output":[251],"signals":[252],"finds":[254],"pair":[256],"demonstrate":[260],"non-uniqueness":[261],"Furthermore,":[265],"found":[269],"8":[270],"previously":[271],"unknown":[272],"vulnerabilities":[273],"widely-used":[275]},"counts_by_year":[{"year":2026,"cited_by_count":2},{"year":2025,"cited_by_count":8},{"year":2024,"cited_by_count":7},{"year":2023,"cited_by_count":2}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}