ERC grant awarded to the CIRCUZZ project
An ERC Proof of Concept Grant is funding from the European Research Council that helps researchers turn results from an existing or recently completed ERC-funded frontier research project into a practical application, product, service, method or another form of commercial or societal impact. It is a follow-up grant for researchers who already hold or have held an ERC frontier research grant, such as a Starting, Consolidator, Advanced or Synergy Grant. Its purpose is to test feasibility, explore innovation potential, prepare commercialisation or societal application, connect with users or partners, and move research closer to real-world use.
Prof. Maria Christakis has been awarded an ERC Proof of Concept Grant for CIRCUZZ, a project that will turn advanced research on testing zero-knowledge systems into a practical open-source tool for developers and security auditors. Zero-knowledge proofs allow a system to verify that something is true without revealing the underlying data. For example, they can prove that a person is above a certain age without disclosing their exact birthdate. This makes them highly valuable for privacy-preserving applications, blockchain infrastructures and secure digital identities. At the same time, the software behind these systems is extremely complex, and even carefully audited implementations can contain subtle but serious bugs. In authentication scenarios, such bugs may prevent a legitimate user from being recognized or, more seriously, allow someone to be incorrectly authenticated and gain access to information they should not see.
CIRCUZZ addresses this challenge by automating parts of the testing process. Instead of relying only on manual expert review, the tool uses black-box testing techniques to check whether the prover and verifier components of a zero-knowledge system behave consistently. It can also deliberately modify intermediate cryptographic artifacts, such as constraints, proofs or verification results, to test whether the system correctly detects tampering. If a corrupted artifact is still accepted as valid, this points to a potentially serious security flaw. The approach has already shown strong real-world impact: prototypes developed by Christakis and her collaborators have uncovered more than 50 previously unknown bugs in widely used zero-knowledge systems, including critical correctness and security flaws, most of which have since been acknowledged and fixed by developers.
With the ERC Proof of Concept Grant, CIRCUZZ will now move from research prototype towards a robust and user-friendly tool for real-world use. The project will focus on improving usability, expanding the range of testable zero-knowledge software and helping developers and auditors secure privacy-preserving systems more effectively. The research behind CIRCUZZ builds on recent papers accepted at the ACM Conference on Computer and Communications Security and the USENIX Security Symposium, two leading venues in cybersecurity research. It also complements Christakis’ broader research agenda in automated software testing, including her ERC Starting Grant project MirandaTesting, which develops new techniques for testing complex software-analysis tools.
Further reading: The related open-access CCS ’25 paper “Fuzzing Processing Pipelines for Zero-Knowledge Circuits” by Christoph Hochrainer, Anastasia Isychev, Valentin Wüstholz and Maria Christakis is available via ACM Digital Library.
Also read: TUW Informatics announcement