ZK-Hammer: Leaking Secrets from Zero-Knowledge Proofs via Rowhammer
Zero-knowledge succinct non-interactive arguments of knowledge (zk-SNARK) schemes have been a promising technique in verified computation. Zk-SNARK schemes were designed to be mathematically secure against cryptographic attacks and it remains unclear whether they are vulnerable to fault injection at...
Gespeichert in:
| Veröffentlicht in: | 2025 62nd ACM/IEEE Design Automation Conference (DAC) S. 1 - 7 |
|---|---|
| Hauptverfasser: | , , , , , |
| Format: | Tagungsbericht |
| Sprache: | Englisch |
| Veröffentlicht: |
IEEE
22.06.2025
|
| Schlagworte: | |
| Online-Zugang: | Volltext |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| Abstract | Zero-knowledge succinct non-interactive arguments of knowledge (zk-SNARK) schemes have been a promising technique in verified computation. Zk-SNARK schemes were designed to be mathematically secure against cryptographic attacks and it remains unclear whether they are vulnerable to fault injection attacks. In this work, we provide a positive answer by presenting ZK-Hammer, which leaks secrets from zk-SNARK schemes via Rowhammer. We incur faults in the exponentiate variables in the Quadratic Arithmetic Program (QAP) problem. Then we analyze the faulty proof using the bilinear pairing technique and manage to recover the secret. We employ a Rowhammer fault evaluation in libsnark and identify 3 CVEs. |
|---|---|
| AbstractList | Zero-knowledge succinct non-interactive arguments of knowledge (zk-SNARK) schemes have been a promising technique in verified computation. Zk-SNARK schemes were designed to be mathematically secure against cryptographic attacks and it remains unclear whether they are vulnerable to fault injection attacks. In this work, we provide a positive answer by presenting ZK-Hammer, which leaks secrets from zk-SNARK schemes via Rowhammer. We incur faults in the exponentiate variables in the Quadratic Arithmetic Program (QAP) problem. Then we analyze the faulty proof using the bilinear pairing technique and manage to recover the secret. We employ a Rowhammer fault evaluation in libsnark and identify 3 CVEs. |
| Author | Zhang, Xin Hu, Daqi Wu, Zhonghai Fang, Yuejian Liang, Junkai Shen, Qingni |
| Author_xml | – sequence: 1 givenname: Junkai surname: Liang fullname: Liang, Junkai email: ljknjupku@gmail.com organization: Peking University,School of Computer Science – sequence: 2 givenname: Xin surname: Zhang fullname: Zhang, Xin email: zhangxin00@stu.pku.edu.cn organization: Peking University,National Engineering Research Center for Software Engineering – sequence: 3 givenname: Daqi surname: Hu fullname: Hu, Daqi email: hudaqi0507@gmail.com organization: Peking University,National Engineering Research Center for Software Engineering – sequence: 4 givenname: Qingni surname: Shen fullname: Shen, Qingni email: qingnishen@pku.edu.cn organization: Peking University,National Engineering Research Center for Software Engineering – sequence: 5 givenname: Yuejian surname: Fang fullname: Fang, Yuejian email: fangyj@ss.pku.edu.cn organization: Peking University,National Engineering Research Center for Software Engineering – sequence: 6 givenname: Zhonghai surname: Wu fullname: Wu, Zhonghai email: wuzh@pku.edu.cn organization: Peking University,School of Computer Science |
| BookMark | eNo1j81Kw0AUhUfQhda-gci8QOq9czuZGXclaisNKP5suimT5E4NNhmZFItvb_FndeDAd_jOmTjuY89CXCJMEMFd3cyKnOzUTRQofaiQCBQeibEzzhKhBoKpPRXFapktfNdxupYl-_e238hnrhPvBhlS7OSKU8yWfdxvudmwfEwxhkF-tl4-xf3bD3kuToLfDjz-y5F4vbt9KRZZ-TC_L2Zl5tG4XeZsozXluTK2rgxTMwXLNaLHHJkUGFOHoJiVVSFnMFWlVX3QZa0raMDSSFz87rbMvP5IbefT1_r_G30DW2hHjw |
| ContentType | Conference Proceeding |
| DBID | 6IE 6IH CBEJK RIE RIO |
| DOI | 10.1109/DAC63849.2025.11133021 |
| DatabaseName | IEEE Electronic Library (IEL) Conference Proceedings IEEE Proceedings Order Plan (POP) 1998-present by volume IEEE Xplore All Conference Proceedings IEEE Electronic Library (IEL) IEEE Proceedings Order Plans (POP) 1998-present |
| DatabaseTitleList | |
| Database_xml | – sequence: 1 dbid: RIE name: IEEE Electronic Library (IEL) url: https://ieeexplore.ieee.org/ sourceTypes: Publisher |
| DeliveryMethod | fulltext_linktorsrc |
| EISBN | 9798331503048 |
| EndPage | 7 |
| ExternalDocumentID | 11133021 |
| Genre | orig-research |
| GrantInformation_xml | – fundername: National Natural Science Foundation of China funderid: 10.13039/501100001809 |
| GroupedDBID | 6IE 6IH CBEJK RIE RIO |
| ID | FETCH-LOGICAL-a179t-98d55366278cb7e3d408ec11a161e32077cff2ee282f6e07bb52c979e55b0d083 |
| IEDL.DBID | RIE |
| IngestDate | Wed Oct 01 07:05:15 EDT 2025 |
| IsPeerReviewed | false |
| IsScholarly | true |
| Language | English |
| LinkModel | DirectLink |
| MergedId | FETCHMERGED-LOGICAL-a179t-98d55366278cb7e3d408ec11a161e32077cff2ee282f6e07bb52c979e55b0d083 |
| PageCount | 7 |
| ParticipantIDs | ieee_primary_11133021 |
| PublicationCentury | 2000 |
| PublicationDate | 2025-June-22 |
| PublicationDateYYYYMMDD | 2025-06-22 |
| PublicationDate_xml | – month: 06 year: 2025 text: 2025-June-22 day: 22 |
| PublicationDecade | 2020 |
| PublicationTitle | 2025 62nd ACM/IEEE Design Automation Conference (DAC) |
| PublicationTitleAbbrev | DAC |
| PublicationYear | 2025 |
| Publisher | IEEE |
| Publisher_xml | – name: IEEE |
| Score | 2.2957954 |
| Snippet | Zero-knowledge succinct non-interactive arguments of knowledge (zk-SNARK) schemes have been a promising technique in verified computation. Zk-SNARK schemes... |
| SourceID | ieee |
| SourceType | Publisher |
| StartPage | 1 |
| SubjectTerms | Arithmetic Cryptography Design automation Fault diagnosis |
| Title | ZK-Hammer: Leaking Secrets from Zero-Knowledge Proofs via Rowhammer |
| URI | https://ieeexplore.ieee.org/document/11133021 |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| link | http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV1LSwMxEA5aPHhSseKbHLym3WY3OxtvUi1CpRQfUHopm9lZ7KUr7bb-fTNpq3jw4C2EPMhjMpPJfPmEuIl15sAVWll0WiWlS5WNs0QlYBzmkJaQuEA2AYNBNhrZ4QasHrAwRBSCz6jFyfCWX1S4ZFdZm2nR44hh47sAsAZrbVC_nci27--6fjclDD_RprUt_Is2JWiN3sE_-zsUzR_8nRx-a5YjsUOzY9Ed99Xaz3wrnyiQSMkXNvrqhWSQiBzTvFL9rY-MG_AKTq6muXyuPt9DzaZ46z28dh_VhgJB5V5SamWzwpiYP2nP0AHFRRJlhJ1O7g01inUEgGWpifzFqUwpAueMRguWjHFR4c2rE9GYVTM6FZJSRC-dOueXR8TCIoB16LzFmJf-SDwTTZ6Bycf6l4vJdvDnf-RfiH2eZw6b0vpSNOr5kq7EHq7q6WJ-HdbmC3Q9kDE |
| linkProvider | IEEE |
| linkToHtml | http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV1LTwIxEG4MmuhJjRjf9uC1sNttt1tvBiUYkBDFhHAh29nZyGWXwIJ_37aAxoMHb03TR_qYznQ6Xz9C7iKeGGUyzjQYzkRuYqajRDChpIFUxbkSxpNNqH4_GY30YANW91gYRPTBZ9hwSf-Wn5WwdK6ypqNFjwIHG9-VQvBwDdfa4H7DQDcfH1p2PwkHQOGysS3-izjF64324T97PCL1HwQeHXzrlmOyg8UJaY27bO1pvqc99DRS9M2ZfdWCOpgIHeO8ZN2tl8w1YFUcXU1T-lp-fviadfLefhq2OmxDgsBSKysV00kmZeS-aU_AKIwyESQIYZhaUw0jHigFec4R7dUpjzFQxkgOWmmU0gSZNbBOSa0oCzwjFGMAK588dW-PAJkGpbQBY23GNLeH4jmpuxmYzNb_XEy2g7_4I_-W7HeGL71J77nfvSQHbs5dEBXnV6RWzZd4TfZgVU0X8xu_Tl8m-ZN4 |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=proceeding&rft.title=2025+62nd+ACM%2FIEEE+Design+Automation+Conference+%28DAC%29&rft.atitle=ZK-Hammer%3A+Leaking+Secrets+from+Zero-Knowledge+Proofs+via+Rowhammer&rft.au=Liang%2C+Junkai&rft.au=Zhang%2C+Xin&rft.au=Hu%2C+Daqi&rft.au=Shen%2C+Qingni&rft.date=2025-06-22&rft.pub=IEEE&rft.spage=1&rft.epage=7&rft_id=info:doi/10.1109%2FDAC63849.2025.11133021&rft.externalDocID=11133021 |