This work addresses the satisfiability problem for first-order polynomial formulas with existential quantifiers over large prime fields by proposing a novel SMT solving approach based on DPLL(T). The method introduces an innovative “orchestral” modular architecture that dynamically integrates multiple polynomial constraint solvers, each striking a different balance between completeness and efficiency, thereby achieving both high performance and theoretical completeness. The resulting prototype system significantly outperforms state-of-the-art tools on benchmarks derived from zero-knowledge proof compiler correctness verification and novel arithmetic circuits, demonstrating its effectiveness in supporting formal verification of zero-knowledge protocols.

Zero-knowledge proofs (ZKPs) are an emerging technology that has become the solution to efficiently provide security and privacy along with the transparency requirement of blockchains. ZKPs are usually expressed by means of arithmetic circuits and, more generally, systems of polynomial equations in a large prime field (commonly ranging from 64-bit to 256-bit values). An increasing interest to apply formal verification techniques to ensure soundness and completeness properties of ZKP protocols has shown the need of developing powerful SMT solvers able to handle such constraint systems. In this paper we consider the problem of deciding the satisfiability of existentially quantified first-order formulas defined over polynomial equations on a prime field. We present a new DPLL($T$)-based approach in which the theory solver orchestrates several modules with different trade-offs between completeness and efficiency. We have implemented the proposed techniques in a prototype that already shows better results than existing state-of-the-art tools on both benchmarks from the domain of ZKP compiler correctness and new benchmarks coming from the verification of arithmetic circuits for ZKPs. \keywords{SMT \and Finite field \and Polynomials \and Zero-Knowledge Proofs.