This work addresses the lack of trust in hardware functional verification during third-party IP integration, where design confidentiality often precludes formal assurance. To bridge this gap, we present ZK-CEC, the first privacy-preserving formal verification framework that integrates formal methods with zero-knowledge proofs (ZKPs). ZK-CEC enables a prover to demonstrate, without revealing any internal design details, that a secret circuit is functionally equivalent to a public specification. By combining equivalence checking with unsatisfiability proofs under secrecy constraints, our approach efficiently verifies representative circuits—such as the AES S-Box—within practical time bounds. The framework thus provides strong formal guarantees of functional correctness while rigorously preserving intellectual property privacy.

The modern integrated circuit ecosystem is increasingly reliant on third-party intellectual property integration, which introduces security risks, including hardware Trojans and security vulnerabilities. Addressing the resulting trust deadlock between IP vendors and system integrators without exposing proprietary designs requires novel privacy-preserving verification techniques. However, existing privacy-preserving hardware verification methods are all simulation-based and fail to offer formal guarantees. In this paper, we propose ZK-CEC, the first privacy-preserving framework for hardware formal verification. By combining formal verification and zero-knowledge proof (ZKP), ZK-CEC establishes a foundation for formally verifying IP correctness and security without compromising the confidentiality of the designs. We observe that existing zero-knowledge protocols for formal verification are designed to prove statements of public formulas. However, in a privacy-preserving verification context where the formula is secret, these protocols cannot prevent a malicious prover from forging the formula, thereby compromising the soundness of the verification. To address these gaps, we first propose a blueprint for proving the unsatisfiability of a secret design against a public constraint, which is widely applicable to proving properties in software, hardware, and cyber-physical systems. Based on the proposed blueprint, we construct ZK-CEC, which enables a prover to convince the verifier that a secret IP's functionality aligns perfectly with the public specification in zero knowledge, revealing only the length and width of the proof. We implement ZK-CEC and evaluate its performance across various circuits, including arithmetic units and cryptographic components. Experimental results show that ZK-CEC successfully verifies practical designs, such as the AES S-Box, within practical time limits.