Search papers, labs, and topics across Lattice.
This paper analyzes the security vulnerabilities arising from the lack of context binding in zero-knowledge proximity proofs used in stateful geo-content systems. It introduces a taxonomy of context-binding vulnerabilities and a formal off-circuit verification model to analyze proof transfer attacks. The authors propose Zairn-ZKP, a concrete instantiation that embeds drop identity, policy version, and session context as public circuit inputs, demonstrating reduced operational invariants and comparable proving costs compared to stored-digest server checking.
Seemingly secure zero-knowledge proximity proofs can be trivially exploited in stateful geo-content systems unless context is explicitly bound within the proof itself.
A zero-knowledge proximity proof certifies geometric nearness but carries no commitment to an application context. In stateful geo-content systems, where drops can share coordinates, policies evolve, and content has persistent identity, this gap can permit proof transfer between application objects unless extra operational invariants are maintained. We present a systems-security analysis of this deployment problem: a taxonomy of context-binding vulnerabilities, a formal off-circuit verification model for a transcript-adversary that holds a recorded proof but cannot obtain fresh coordinates, an assumption comparison across five binding strategy classes, and a concrete instantiation, Zairn-ZKP, that embeds drop identity, policy version, and session context as public circuit inputs. Compared with a strong off-circuit alternative based on stored-digest server checking, in-proof binding reduces operational invariants from four to two and adds no measurable proving cost relative to the sound geo-only baseline (-0.12 ms median in our setup). It also removes a correctness pitfall we identify empirically: a plausible off-circuit implementation that omits one server-side check remains vulnerable to cross-drop transfer. Measurements across six network conditions, seven venues in four countries, and an epoch-window simulation indicate that same-epoch transfer is realistic in dense urban deployments unless per-request nonces are maintained. Across five platforms and seven binding strategies, the results support a deployable methodology for reducing assumption surfaces in stateful ZK-backed verification workflows.