{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,30]],"date-time":"2026-01-30T02:34:59Z","timestamp":1769740499248,"version":"3.49.0"},"reference-count":52,"publisher":"Association for Computing Machinery (ACM)","issue":"PLDI","license":[{"start":{"date-parts":[[2023,6,6]],"date-time":"2023-06-06T00:00:00Z","timestamp":1686009600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["Proc. ACM Program. Lang."],"published-print":{"date-parts":[[2023,6,6]]},"abstract":"<jats:p>As zero-knowledge proofs gain increasing adoption, the cryptography community has designed domain-specific languages (DSLs) that facilitate the construction of zero-knowledge proofs (ZKPs). Many of these DSLs, such as Circom, facilitate the construction of arithmetic circuits, which are essentially polynomial equations over a finite field. In particular, given a program in a zero-knowledge proof DSL, the compiler automatically produces the corresponding arithmetic circuit. However, a common and serious problem is that the generated circuit may be underconstrained, either due to a bug in the program or a bug in the compiler itself. Underconstrained circuits admit multiple witnesses for a given input, so a malicious party can generate bogus witnesses, thereby causing the verifier to accept a proof that it should not. Because of the increasing prevalence of such arithmetic circuits in blockchain applications, several million dollars worth of cryptocurrency have been stolen due to underconstrained arithmetic circuits.<\/jats:p>\n          <jats:p>\n            Motivated by this problem, we propose a new technique for finding ZKP bugs caused by underconstrained polynomial equations over finite fields. Our method performs semantic reasoning over the finite field equations generated by the compiler to prove whether or not each signal is uniquely determined by the input. Our proposed approach combines SMT solving with lightweight uniqueness inference to effectively reason about underconstrained circuits. We have implemented our proposed approach in a tool called\n            <jats:italic>QED<\/jats:italic>\n            <jats:sup>\n              <jats:bold>2<\/jats:bold>\n            <\/jats:sup>\n            and evaluate it on 163 Circom circuits. Our evaluation shows that\n            <jats:italic>QED<\/jats:italic>\n            <jats:sup>\n              <jats:bold>2<\/jats:bold>\n            <\/jats:sup>\n            can successfully solve 70% of these benchmarks, meaning that it either verifies the uniqueness of the output signals or finds a pair of witnesses that demonstrate non-uniqueness of the circuit. Furthermore,\n            <jats:italic>QED<\/jats:italic>\n            <jats:sup>\n              <jats:bold>2<\/jats:bold>\n            <\/jats:sup>\n            has found 8 previously unknown vulnerabilities in widely-used circuits.\n          <\/jats:p>","DOI":"10.1145\/3591282","type":"journal-article","created":{"date-parts":[[2023,6,6]],"date-time":"2023-06-06T20:06:24Z","timestamp":1686081984000},"page":"1510-1532","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":15,"title":["Automated Detection of Under-Constrained Circuits in Zero-Knowledge Proofs"],"prefix":"10.1145","volume":"7","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-9253-9585","authenticated-orcid":false,"given":"Shankara","family":"Pailoor","sequence":"first","affiliation":[{"name":"Veridise, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6494-3126","authenticated-orcid":false,"given":"Yanju","family":"Chen","sequence":"additional","affiliation":[{"name":"Veridise, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1659-2138","authenticated-orcid":false,"given":"Franklyn","family":"Wang","sequence":"additional","affiliation":[{"name":"Harvard University, USA \/ 0xparc, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5417-8934","authenticated-orcid":false,"given":"Clara","family":"Rodr\u00edguez","sequence":"additional","affiliation":[{"name":"Complutense University of Madrid, Spain"}]},{"ORCID":"https:\/\/orcid.org\/0009-0007-7468-4205","authenticated-orcid":false,"given":"Jacob","family":"Van Geffen","sequence":"additional","affiliation":[{"name":"Veridise, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8008-1960","authenticated-orcid":false,"given":"Jason","family":"Morton","sequence":"additional","affiliation":[{"name":"ZKonduit, USA"}]},{"ORCID":"https:\/\/orcid.org\/0009-0009-4461-7970","authenticated-orcid":false,"given":"Michael","family":"Chu","sequence":"additional","affiliation":[{"name":"0xparc, USA"}]},{"ORCID":"https:\/\/orcid.org\/0009-0009-4978-4516","authenticated-orcid":false,"given":"Brian","family":"Gu","sequence":"additional","affiliation":[{"name":"0xparc, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1000-1229","authenticated-orcid":false,"given":"Yu","family":"Feng","sequence":"additional","affiliation":[{"name":"Veridise, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8006-1230","authenticated-orcid":false,"given":"I\u015f\u0131l","family":"Dillig","sequence":"additional","affiliation":[{"name":"Veridise, USA"}]}],"member":"320","published-online":{"date-parts":[[2023,6,6]]},"reference":[{"key":"e_1_2_1_1_1","unstructured":"2019. Tornado.cash got hacked. by Us.. https:\/\/tornado-cash.medium.com\/tornado-cash-got-hacked-by-us-b1e012a3c9a8 \t\t\t\t  2019. Tornado.cash got hacked. by Us.. https:\/\/tornado-cash.medium.com\/tornado-cash-got-hacked-by-us-b1e012a3c9a8"},{"key":"e_1_2_1_2_1","unstructured":"Aleo. 2022. Leo code translates to invalid Aleo instruction code. https:\/\/github.com\/AleoHQ\/leo\/issues\/2042 \t\t\t\t  Aleo. 2022. Leo code translates to invalid Aleo instruction code. https:\/\/github.com\/AleoHQ\/leo\/issues\/2042"},{"key":"e_1_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-15497-3_10"},{"key":"e_1_2_1_4_1","unstructured":"Aztec. 2022. Disclosure of recent vulnerabilities. https:\/\/hackmd.io\/@aztec-network\/disclosure-of-recent-vulnerabilities \t\t\t\t  Aztec. 2022. Disclosure of recent vulnerabilities. https:\/\/hackmd.io\/@aztec-network\/disclosure-of-recent-vulnerabilities"},{"key":"e_1_2_1_5_1","unstructured":"aztec. 2022. Disclosure of recent vulnerabilities. https:\/\/hackmd.io\/@aztec-network\/disclosure-of-recent-vulnerabilities \t\t\t\t  aztec. 2022. Disclosure of recent vulnerabilities. https:\/\/hackmd.io\/@aztec-network\/disclosure-of-recent-vulnerabilities"},{"key":"e_1_2_1_6_1","volume-title":"Tools and Algorithms for the Construction and Analysis of Systems","author":"Barbosa Haniel","unstructured":"Haniel Barbosa , Clark Barrett , Martin Brain , Gereon Kremer , Hanna Lachnitt , Makai Mann , Abdalrhman Mohamed , Mudathir Mohamed , Aina Niemetz , Andres N\u00f6tzli , Alex Ozdemir , Mathias Preiner , Andrew Reynolds , Ying Sheng , Cesare Tinelli , and Yoni Zohar . 2022. cvc5: A Versatile and Industrial-Strength SMT Solver . In Tools and Algorithms for the Construction and Analysis of Systems , Dana Fisman and Grigore Rosu (Eds.). Springer International Publishing , Cham . 415\u2013442. isbn:978-3-030-99524-9 Haniel Barbosa, Clark Barrett, Martin Brain, Gereon Kremer, Hanna Lachnitt, Makai Mann, Abdalrhman Mohamed, Mudathir Mohamed, Aina Niemetz, Andres N\u00f6tzli, Alex Ozdemir, Mathias Preiner, Andrew Reynolds, Ying Sheng, Cesare Tinelli, and Yoni Zohar. 2022. cvc5: A Versatile and Industrial-Strength SMT Solver. In Tools and Algorithms for the Construction and Analysis of Systems, Dana Fisman and Grigore Rosu (Eds.). Springer International Publishing, Cham. 415\u2013442. isbn:978-3-030-99524-9"},{"key":"e_1_2_1_7_1","doi-asserted-by":"crossref","unstructured":"Gilles Barthe Fran\u00e7ois Dupressoir Benjamin Gr\u00e9goire C\u00e9sar Kunz Benedikt Schmidt and Pierre-Yves Strub. 2013. EasyCrypt: A Tutorial. In FOSAD. \t\t\t\t  Gilles Barthe Fran\u00e7ois Dupressoir Benjamin Gr\u00e9goire C\u00e9sar Kunz Benedikt Schmidt and Pierre-Yves Strub. 2013. EasyCrypt: A Tutorial. In FOSAD.","DOI":"10.1007\/978-3-319-10082-1_6"},{"key":"e_1_2_1_8_1","volume-title":"https:\/\/github.com\/iden3\/circomlib\/blob\/cff5ab6288b55ef23602221694a6a38a0239dcc0\/circuits\/babyjub.circom##L45","author":"Baylina Jordi","unstructured":"Jordi Baylina . 2021. Circomlib\/babyjub.circom at CFF5AB6288B55EF23602221694A6A38A0239DCC0 \u00b7 Iden3\/circomlib. https:\/\/github.com\/iden3\/circomlib\/blob\/cff5ab6288b55ef23602221694a6a38a0239dcc0\/circuits\/babyjub.circom##L45 Jordi Baylina. 2021. Circomlib\/babyjub.circom at CFF5AB6288B55EF23602221694A6A38A0239DCC0 \u00b7 Iden3\/circomlib. https:\/\/github.com\/iden3\/circomlib\/blob\/cff5ab6288b55ef23602221694a6a38a0239dcc0\/circuits\/babyjub.circom##L45"},{"key":"e_1_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1109\/MS.2021.3086718"},{"key":"e_1_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2014.36"},{"key":"e_1_2_1_11_1","volume-title":"23rd USENIX Security Symposium (USENIX Security 14)","author":"Ben-Sasson Eli","year":"2014","unstructured":"Eli Ben-Sasson , Alessandro Chiesa , Eran Tromer , and Madars Virza . 2014 . Succinct Non-Interactive Zero Knowledge for a von Neumann Architecture . In 23rd USENIX Security Symposium (USENIX Security 14) . USENIX Association, San Diego, CA. 781\u2013796. isbn:978-1-93 1971-15-7 https:\/\/www.usenix.org\/conference\/usenixsecurity14\/technical-sessions\/presentation\/ben-sasson Eli Ben-Sasson, Alessandro Chiesa, Eran Tromer, and Madars Virza. 2014. Succinct Non-Interactive Zero Knowledge for a von Neumann Architecture. In 23rd USENIX Security Symposium (USENIX Security 14). USENIX Association, San Diego, CA. 781\u2013796. isbn:978-1-931971-15-7 https:\/\/www.usenix.org\/conference\/usenixsecurity14\/technical-sessions\/presentation\/ben-sasson"},{"key":"e_1_2_1_12_1","volume-title":"Bernstein and Tanja Lange","author":"Daniel","year":"2007","unstructured":"Daniel J. Bernstein and Tanja Lange . 2007 . Faster addition and doubling on elliptic curves. Cryptology ePrint Archive, Paper 2007\/286. https:\/\/eprint.iacr.org\/2007\/286 Daniel J. Bernstein and Tanja Lange. 2007. Faster addition and doubling on elliptic curves. Cryptology ePrint Archive, Paper 2007\/286. https:\/\/eprint.iacr.org\/2007\/286"},{"key":"e_1_2_1_13_1","unstructured":"Maurizio Binello. 2019. R1CS. https:\/\/www.zeroknowledgeblog.com\/index.php\/the-pinocchio-protocol\/r1cs \t\t\t\t  Maurizio Binello. 2019. R1CS. https:\/\/www.zeroknowledgeblog.com\/index.php\/the-pinocchio-protocol\/r1cs"},{"key":"e_1_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1007\/s00145-004-0314-9"},{"key":"e_1_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1007\/s12190-019-01257-y"},{"key":"e_1_2_1_16_1","first-page":"1021","article-title":"Halo: Recursive Proof Composition without a Trusted Setup","volume":"2019","author":"Bowe Sean","year":"2019","unstructured":"Sean Bowe , Jack Grigg , and Daira Hopwood . 2019 . Halo: Recursive Proof Composition without a Trusted Setup . IACR Cryptol. ePrint Arch. , 2019 (2019), 1021 . Sean Bowe, Jack Grigg, and Daira Hopwood. 2019. Halo: Recursive Proof Composition without a Trusted Setup. IACR Cryptol. ePrint Arch., 2019 (2019), 1021.","journal-title":"IACR Cryptol. ePrint Arch."},{"key":"e_1_2_1_17_1","unstructured":"Vitalik Buterin. 2016. Quadratic arithmetic programs: From zero to hero. https:\/\/medium.com\/@VitalikButerin\/quadratic-arithmetic-programs-from-zero-to-hero-f6d558cea649 \t\t\t\t  Vitalik Buterin. 2016. Quadratic arithmetic programs: From zero to hero. https:\/\/medium.com\/@VitalikButerin\/quadratic-arithmetic-programs-from-zero-to-hero-f6d558cea649"},{"key":"e_1_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.5281\/zenodo.7776035"},{"key":"e_1_2_1_19_1","volume-title":"LEO: A Programming Language for Formally Verified, Zero-Knowledge Applications. https:\/\/docs.zkproof.org\/pages\/standards\/accepted-workshop4\/proposal-leo.pdf","author":"Chin Collin","year":"2021","unstructured":"Collin Chin . 2021 . LEO: A Programming Language for Formally Verified, Zero-Knowledge Applications. https:\/\/docs.zkproof.org\/pages\/standards\/accepted-workshop4\/proposal-leo.pdf Collin Chin. 2021. LEO: A Programming Language for Formally Verified, Zero-Knowledge Applications. https:\/\/docs.zkproof.org\/pages\/standards\/accepted-workshop4\/proposal-leo.pdf"},{"key":"e_1_2_1_20_1","unstructured":"Michael Connor. 2021. Disclosure of recent vulnerabilities. https:\/\/hackmd.io\/@aztec-network\/disclosure-of-recent-vulnerabilities \t\t\t\t  Michael Connor. 2021. Disclosure of recent vulnerabilities. https:\/\/hackmd.io\/@aztec-network\/disclosure-of-recent-vulnerabilities"},{"key":"e_1_2_1_21_1","unstructured":"Ricardo Corin and Jerry den Hartog. 2005. A Probabilistic Hoare-style logic for Game-based Cryptographic Proofs (Extended Version). http:\/\/eprint.iacr.org\/2005\/467 To appear in ICALP 2006 Track C corin@cs.utwente.nl 13264 received 23 Dec 2005 last revised 26 Apr 2006 \t\t\t\t  Ricardo Corin and Jerry den Hartog. 2005. A Probabilistic Hoare-style logic for Game-based Cryptographic Proofs (Extended Version). http:\/\/eprint.iacr.org\/2005\/467 To appear in ICALP 2006 Track C corin@cs.utwente.nl 13264 received 23 Dec 2005 last revised 26 Apr 2006"},{"key":"e_1_2_1_22_1","unstructured":"Craig Costello and Benjamin Smith. 2017. Montgomery curves and their arithmetic: The case of large characteristic fields. Cryptology ePrint Archive Paper 2017\/212. https:\/\/eprint.iacr.org\/2017\/212 \t\t\t\t  Craig Costello and Benjamin Smith. 2017. Montgomery curves and their arithmetic: The case of large characteristic fields. Cryptology ePrint Archive Paper 2017\/212. https:\/\/eprint.iacr.org\/2017\/212"},{"key":"e_1_2_1_23_1","unstructured":"Fredrick Dahlgren. 2022. It pays to be Circomspect. https:\/\/blog.trailofbits.com\/2022\/09\/15\/it-pays-to-be-circomspect\/ \t\t\t\t  Fredrick Dahlgren. 2022. It pays to be Circomspect. https:\/\/blog.trailofbits.com\/2022\/09\/15\/it-pays-to-be-circomspect\/"},{"key":"e_1_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1109\/Cybermatics_2018.2018.00199"},{"key":"e_1_2_1_25_1","unstructured":"electriccoin. 2019. Zcash Counterfeiting Vulnerability Successfully Remediated. https:\/\/electriccoin.co\/blog\/zcash-counterfeiting-vulnerability-successfully-remediated \t\t\t\t  electriccoin. 2019. Zcash Counterfeiting Vulnerability Successfully Remediated. https:\/\/electriccoin.co\/blog\/zcash-counterfeiting-vulnerability-successfully-remediated"},{"key":"e_1_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/3548606.3560630"},{"key":"e_1_2_1_27_1","volume-title":"Reference: Racket","author":"Flatt Matthew","year":"2010","unstructured":"Matthew Flatt and PLT. 2010 . Reference: Racket . PLT Design Inc .. https:\/\/racket-lang.org\/tr1\/ Matthew Flatt and PLT. 2010. Reference: Racket. PLT Design Inc.. https:\/\/racket-lang.org\/tr1\/"},{"key":"e_1_2_1_28_1","unstructured":"Martin Gagn\u00e9 Pascal Lafourcade and Yassine Lakhnech. 2013. Automated Security Proofs for Almost-Universal Hash for MAC verification. Cryptology ePrint Archive Paper 2013\/407. https:\/\/eprint.iacr.org\/2013\/407 \t\t\t\t  Martin Gagn\u00e9 Pascal Lafourcade and Yassine Lakhnech. 2013. Automated Security Proofs for Almost-Universal Hash for MAC verification. Cryptology ePrint Archive Paper 2013\/407. https:\/\/eprint.iacr.org\/2013\/407"},{"key":"e_1_2_1_29_1","first-page":"1063","article-title":"Cairo - a Turing-complete STARK-friendly CPU architecture","volume":"2021","author":"Goldberg Lior","year":"2021","unstructured":"Lior Goldberg , Shahar Papini , and Michael Riabzev . 2021 . Cairo - a Turing-complete STARK-friendly CPU architecture . IACR Cryptol. ePrint Arch. , 2021 (2021), 1063 . Lior Goldberg, Shahar Papini, and Michael Riabzev. 2021. Cairo - a Turing-complete STARK-friendly CPU architecture. IACR Cryptol. ePrint Arch., 2021 (2021), 1063.","journal-title":"IACR Cryptol. ePrint Arch."},{"key":"e_1_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1145\/22145.22178"},{"key":"e_1_2_1_31_1","volume-title":"Poseidon: A New Hash Function for Zero-Knowledge Proof Systems. In 30th USENIX Security Symposium (USENIX Security 21)","author":"Grassi Lorenzo","year":"2021","unstructured":"Lorenzo Grassi , Dmitry Khovratovich , Christian Rechberger , Arnab Roy , and Markus Schofnegger . 2021 . Poseidon: A New Hash Function for Zero-Knowledge Proof Systems. In 30th USENIX Security Symposium (USENIX Security 21) . USENIX Association, 519\u2013535. isbn:978-1-939133-24-3 https:\/\/www.usenix.org\/conference\/usenixsecurity21\/presentation\/grassi Lorenzo Grassi, Dmitry Khovratovich, Christian Rechberger, Arnab Roy, and Markus Schofnegger. 2021. Poseidon: A New Hash Function for Zero-Knowledge Proof Systems. In 30th USENIX Security Symposium (USENIX Security 21). USENIX Association, 519\u2013535. isbn:978-1-939133-24-3 https:\/\/www.usenix.org\/conference\/usenixsecurity21\/presentation\/grassi"},{"key":"e_1_2_1_32_1","unstructured":"Jens Groth. 2016. On the Size of Pairing-based Non-interactive Arguments. Cryptology ePrint Archive Paper 2016\/260. https:\/\/eprint.iacr.org\/2016\/260 \t\t\t\t  Jens Groth. 2016. On the Size of Pairing-based Non-interactive Arguments. Cryptology ePrint Archive Paper 2016\/260. https:\/\/eprint.iacr.org\/2016\/260"},{"key":"e_1_2_1_33_1","unstructured":"Thomas Hader. 2022. Non-linear SMT-reasoning over finite fields. \t\t\t\t  Thomas Hader. 2022. Non-linear SMT-reasoning over finite fields."},{"key":"e_1_2_1_34_1","unstructured":"Iden3. 2018. SnarkJS. https:\/\/github.com\/iden3\/snarkjs \t\t\t\t  Iden3. 2018. SnarkJS. https:\/\/github.com\/iden3\/snarkjs"},{"key":"e_1_2_1_35_1","unstructured":"Wei Koh Jie. 2019. Private voting and whistleblowing on Ethereum using Semaphore. https:\/\/weijiek.medium.com\/private-voting-and-whistleblowing-in-ethereum-using-semaphore-449b376808e \t\t\t\t  Wei Koh Jie. 2019. Private voting and whistleblowing on Ethereum using Semaphore. https:\/\/weijiek.medium.com\/private-voting-and-whistleblowing-in-ethereum-using-semaphore-449b376808e"},{"key":"e_1_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1007\/s102070100002"},{"key":"e_1_2_1_37_1","unstructured":"Matter-Labs. 2022. Zinc. https:\/\/github.com\/matter-labs\/zinc \t\t\t\t  Matter-Labs. 2022. Zinc. https:\/\/github.com\/matter-labs\/zinc"},{"key":"e_1_2_1_38_1","doi-asserted-by":"crossref","unstructured":"Tobias Nipkow Markus Wenzel and Lawrence Charles Paulson. 2002. Isabelle\/HOL: A Proof Assistant for Higher-Order Logic. \t\t\t\t  Tobias Nipkow Markus Wenzel and Lawrence Charles Paulson. 2002. Isabelle\/HOL: A Proof Assistant for Higher-Order Logic.","DOI":"10.1007\/3-540-45949-9"},{"key":"e_1_2_1_39_1","unstructured":"Noir. 2022. Proof verification fails with a simple example. https:\/\/github.com\/noir-lang\/noir\/issues\/358 \t\t\t\t  Noir. 2022. Proof verification fails with a simple example. https:\/\/github.com\/noir-lang\/noir\/issues\/358"},{"key":"e_1_2_1_40_1","volume-title":"Snarky: Write efficient, beautiful, safe zk-SNARK code. https:\/\/o1-labs.github.io\/snarky\/","year":"2022","unstructured":"o1 Labs. 2022 . Snarky: Write efficient, beautiful, safe zk-SNARK code. https:\/\/o1-labs.github.io\/snarky\/ o1 Labs. 2022. Snarky: Write efficient, beautiful, safe zk-SNARK code. https:\/\/o1-labs.github.io\/snarky\/"},{"key":"e_1_2_1_41_1","doi-asserted-by":"crossref","unstructured":"Ceyhun Onur and Arda Yurdakul. 2022. ElectAnon: A Blockchain-Based Anonymous Robust and Scalable Ranked-Choice Voting Protocol. \t\t\t\t  Ceyhun Onur and Arda Yurdakul. 2022. ElectAnon: A Blockchain-Based Anonymous Robust and Scalable Ranked-Choice Voting Protocol.","DOI":"10.1145\/3598302"},{"key":"e_1_2_1_42_1","unstructured":"Alex Ozdemir. 2022. CVC5-ff. https:\/\/github.com\/alex-ozdemir\/CVC4\/tree\/ff \t\t\t\t  Alex Ozdemir. 2022. CVC5-ff. https:\/\/github.com\/alex-ozdemir\/CVC4\/tree\/ff"},{"key":"e_1_2_1_43_1","volume-title":"Wahby","author":"Ozdemir Alex","year":"2020","unstructured":"Alex Ozdemir , Fraser Brown , and Riad S . Wahby . 2020 . CirC: Compiler infrastructure for proof systems, software verification, and more. Cryptology ePrint Archive, Paper 2020\/1586. https:\/\/eprint.iacr.org\/2020\/1586 Alex Ozdemir, Fraser Brown, and Riad S. Wahby. 2020. CirC: Compiler infrastructure for proof systems, software verification, and more. Cryptology ePrint Archive, Paper 2020\/1586. https:\/\/eprint.iacr.org\/2020\/1586"},{"key":"e_1_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1145\/3591282"},{"key":"e_1_2_1_45_1","volume-title":"Pinocchio: Nearly Practical Verifiable Computation. Cryptology ePrint Archive, Paper 2013\/279. https:\/\/eprint.iacr.org\/2013\/279","author":"Parno Bryan","year":"2013","unstructured":"Bryan Parno , Craig Gentry , Jon Howell , and Mariana Raykova . 2013 . Pinocchio: Nearly Practical Verifiable Computation. Cryptology ePrint Archive, Paper 2013\/279. https:\/\/eprint.iacr.org\/2013\/279 Bryan Parno, Craig Gentry, Jon Howell, and Mariana Raykova. 2013. Pinocchio: Nearly Practical Verifiable Computation. Cryptology ePrint Archive, Paper 2013\/279. https:\/\/eprint.iacr.org\/2013\/279"},{"key":"e_1_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.5555\/646756.705507"},{"key":"e_1_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1109\/CSF51468.2021.00050"},{"key":"e_1_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-21401-6_33"},{"key":"e_1_2_1_49_1","unstructured":"TornadoCash. 2019. Introducing Private Transactions On Ethereum NOW!. https:\/\/tornado-cash.medium.com\/introducing-private-transactions-on-ethereum-now-42ee915babe0 \t\t\t\t  TornadoCash. 2019. Introducing Private Transactions On Ethereum NOW!. https:\/\/tornado-cash.medium.com\/introducing-private-transactions-on-ethereum-now-42ee915babe0"},{"key":"e_1_2_1_50_1","unstructured":"TornadoCash. 2019. Tornado.cash got hacked. By us.. https:\/\/tornado-cash.medium.com\/tornado-cash-got-hacked-by-us-b1e012a3c9a8 \t\t\t\t  TornadoCash. 2019. Tornado.cash got hacked. By us.. https:\/\/tornado-cash.medium.com\/tornado-cash-got-hacked-by-us-b1e012a3c9a8"},{"key":"e_1_2_1_51_1","unstructured":"Tornado.cash. 2019. Tornado.cash got hacked. by Us.. https:\/\/tornado-cash.medium.com\/tornado-cash-got-hacked-by-us-b1e012a3c9a8 \t\t\t\t  Tornado.cash. 2019. Tornado.cash got hacked. by Us.. https:\/\/tornado-cash.medium.com\/tornado-cash-got-hacked-by-us-b1e012a3c9a8"},{"key":"e_1_2_1_52_1","unstructured":"trailofbits. 2022. The Frozen Heart vulnerability in Bulletproofs. https:\/\/blog.trailofbits.com\/2022\/04\/15\/the-frozen-heart-vulnerability-in-bulletproof \t\t\t\t  trailofbits. 2022. The Frozen Heart vulnerability in Bulletproofs. https:\/\/blog.trailofbits.com\/2022\/04\/15\/the-frozen-heart-vulnerability-in-bulletproof"}],"container-title":["Proceedings of the ACM on Programming Languages"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3591282","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3591282","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T16:47:20Z","timestamp":1750178840000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3591282"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,6,6]]},"references-count":52,"journal-issue":{"issue":"PLDI","published-print":{"date-parts":[[2023,6,6]]}},"alternative-id":["10.1145\/3591282"],"URL":"https:\/\/doi.org\/10.1145\/3591282","relation":{},"ISSN":["2475-1421"],"issn-type":[{"value":"2475-1421","type":"electronic"}],"subject":[],"published":{"date-parts":[[2023,6,6]]},"assertion":[{"value":"2023-06-06","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}