Zero-knowledge (ZK) proofs can be formally correct while their deployment pipelines remain fragile. The practical failure modes often arise not at the proof layer, but at the layers where trust is injected: setup, key custody, entropy sourcing, implementation, governance, and deployment interfaces. This paper models ZK pipelines as trust-graphs and proposes an audit-first separation between (i) proof correctness and (ii) pipeline integrity. The core claim is structural: for any non-trivial ZK pipeline, there exists at least one responsibility binding layer R where trust is required and accountability must be assigned. Removing a ceremony does not remove responsibility; it relocates it. We provide minimal definitions, a traceable audit interface, and compact structural examples intended to support reproducible security reviews without overclaiming. Keywords: zero-knowledge; trusted setup; CRS; SNARK; STARK; trust graph; audit; governance; pipeline integrity; responsibility relocation
Hisashi Suga (Sat,) studied this question.