iden3 · StefanosChaliasos · Feb 26, 2026 · Mar 23, 2026 · Copilot · Mar 23, 2026
diff --git a/src/groth16_verify.js b/src/groth16_verify.js
@@ -69,6 +69,11 @@ export default async function groth16Verify(_vk_verifier, _publicSignals, _proof
     const vk_alpha_1 = curve.G1.fromObject(vk_verifier.vk_alpha_1);
     const vk_beta_2 = curve.G2.fromObject(vk_verifier.vk_beta_2);
 
+    if (curve.G2.eq(vk_gamma_2, vk_delta_2)) {
+        if (logger) logger.error("SOUNDNESS ERROR: vk_gamma_2 and vk_delta_2 are equal. This verification key is insecure, the zkey likely has no phase 2 contribution. Proofs can be forged. Aborting verification.");
+        return false;
+    }
+
     const res = await curve.pairingEq(
         curve.G1.neg(pi_a) , pi_b,
         cpub , vk_gamma_2,

diff --git a/src/zkey_export_verificationkey.js b/src/zkey_export_verificationkey.js
@@ -56,6 +56,10 @@ async function groth16Vk(zkey, fd, sections) {
     const curve = await getCurve(zkey.q);
     const sG1 = curve.G1.F.n8 * 2;
 
+    if (curve.G2.eq(zkey.vk_gamma_2, zkey.vk_delta_2)) {
+        throw new Error("SOUNDNESS ERROR: vk_gamma_2 and vk_delta_2 are equal. This zkey is insecure, it likely has no phase 2 contribution. Proofs can be forged. Run 'snarkjs zkey contribute' before exporting.");
+    }
+
     const alphaBeta = await curve.pairing(zkey.vk_alpha_1, zkey.vk_beta_2);
 
     let vKey = {