ZK-Hammer: Leaking Secrets from Zero-Knowledge Proofs via Rowhammer

Zero-knowledge succinct non-interactive arguments of knowledge (zk-SNARK) schemes have been a promising technique in verified computation. Zk-SNARK schemes were designed to be mathematically secure against cryptographic attacks and it remains unclear whether they are vulnerable to fault injection at...

Full description

Saved in:
Bibliographic Details
Published in:2025 62nd ACM/IEEE Design Automation Conference (DAC) pp. 1 - 7
Main Authors: Liang, Junkai, Zhang, Xin, Hu, Daqi, Shen, Qingni, Fang, Yuejian, Wu, Zhonghai
Format: Conference Proceeding
Language:English
Published: IEEE 22.06.2025
Subjects:
Arithmetic
Cryptography
Design automation
Fault diagnosis
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Zero-knowledge succinct non-interactive arguments of knowledge (zk-SNARK) schemes have been a promising technique in verified computation. Zk-SNARK schemes were designed to be mathematically secure against cryptographic attacks and it remains unclear whether they are vulnerable to fault injection attacks. In this work, we provide a positive answer by presenting ZK-Hammer, which leaks secrets from zk-SNARK schemes via Rowhammer. We incur faults in the exponentiate variables in the Quadratic Arithmetic Program (QAP) problem. Then we analyze the faulty proof using the bilinear pairing technique and manage to recover the secret. We employ a Rowhammer fault evaluation in libsnark and identify 3 CVEs.
DOI:10.1109/DAC63849.2025.11133021