Featured
ZK/SEC
August 31, 2023
1 min read
announcement
educative
zk
Catch our cofounder David Wong on the latest episode of Node Guardians, where he chats about ZK security with Sam. Dive into the intriguing world of blockchain auditing, uncover the role math plays, and explore how auditors tackle challenges and rate vulnerabilities. Plus, get insights into the usefulness of formal verification. It's a must-watch for anyone curious about the future of ZK and the nitty-gritty of blockchain security!
Read →
ZK/SEC
August 30, 2023
1 min read
announcement
zk
Join our cofounder David Wong on the latest zk podcast as he dives into his compelling journey through cryptography, from his early days as a security consultant to his pivotal roles in major projects like Facebook's crypto initiatives and Mina. Get an insider's view on how we approach auditing in a Zero Knowledge context, the common pitfalls in ZK code, and how these insights shape our work. It's an engaging and informative chat for anyone fascinated by the world of cryptography and ZK technology!
Read →
ZK/SEC
August 27, 2023
1 min read
announcement
zk
We're gearing up for this year's ZPrize competition, where we'll be hosting the High Throughput Signature Verification category. This challenge is all about creating the most efficient signature verification circuit using Aleo's Varuna proof system. Participants will work with ECDSA on the Bitcoin and Ethereum curve and the Ethereum hash function, keccak256. It's a great chance to dive into some of the hottest problems in arithmetic circuits and optimize cryptographic algorithms. If you're curious about pushing the boundaries in ZK, join us and share your feedback on our prize specification through our Discord channel.
Read →
ZK/SEC
August 26, 2023
2 min read
announcement
tools
security
zk
circom
Dive into our exploration of Circomscribe, a nifty tool designed to illuminate the mysterious process of how your Circom code gets translated into constraints. We share insights from our experience with Circom circuit audits, highlighting common pitfalls developers face when their high-level intentions meet low-level reality. By showcasing how Circomscribe can help visualize this transition, we aim to empower developers to craft more bug-free, secure ZK applications. If you're keen on understanding the inner workings of Circom and enhancing your coding prowess, this post is your guide.
Read →
ZK/SEC
August 25, 2023
10 min read
announcement
MPC
Ever wonder how zkApps ensure their execution is spot-on? This post digs into the idea of *boomerang values*—sneaky bugs that can crop up when zkApps mix in-circuit and out-of-circuit logic. We explore how these values disrupt your circuit's trustworthiness, especially when variables are reintegrated unverified. Plus, we share how tools like MIRAI's tag analysis can help spot these issues, making your zkApps more secure. Perfect for anyone into zero-knowledge applications or budding Rust enthusiasts looking for insights on taming complex bugs!
Read →
ZK/SEC
August 24, 2023
14 min read
security
zk
audit
We conducted an audit of Penumbra's main circuits and found eight issues, including the critical "double spend" and "double vote" bugs, which the Penumbra team promptly fixed. Our findings highlight Penumbra's robust documentation and code testing. Readers will get insights into how Penumbra uses zero-knowledge proofs for privacy, its decentralized exchange features, and its governance model. The post also provides detailed pseudocode for various cryptographic protocols, emphasizing how Penumbra ensures secure and private transactions. It's a deep dive into the technical details for those intrigued by privacy-focused blockchain technologies.
Read →
David Wong
July 02, 2023
13 min read
security
zk
Last week, a surprising paper revealed a major vulnerability in Microsoft's Nova, a leading zero-knowledge proof (ZKP) system, that showcased a false computation with a valid proof. This discovery is especially intriguing given the complexity and robustness typically associated with ZKP systems. We had just launched our company to tackle bugs in ZKP frameworks, and while we anticipated issues, complete breakdowns of systems themselves are rare. Nova's issue revolved around cycles of elliptic curves, showing how small implementation oversights in complex cryptographic systems can lead to significant errors. This post dives into the intricate mechanics of Nova and the discovery process, offering a fascinating glimpse into why rigorous specifications are crucial in cryptography.
Read →