Security Research & Advanced Cryptography
A practical guide to the trade-offs between KZG, IPA/Halo, and FRI, the three major polynomial commitment scheme families powering modern zero-knowledge proof systems. We compare proof sizes, verification costs, trust assumptions, benchmarks, and on-chain gas costs.
Read →The first two known exploits against live ZK circuits happened in the past week. Both stem from the same root cause. They were not subtle underconstrained bugs, but rather Groth16 verifiers (generated by snarkjs) with an incorrect setup (just missing the last step). One was exploited by white-hat hackers for ~$1.5M, the other was drained for 5 ETH.
Read →Google Research used Gemini to find a bug in a cryptography paper on SNARGs from LWE. We summarize how those events unfolded, look at their iterative self-correction prompting strategy and discuss the growing role of LLMs in academic research.
Read →
Today we're launching zkao, a product by zkSecurity that makes AI security research work the way fuzzing works: not as a one-shot event, but as something you run continuously until coverage compounds.
Read →An intuition-first walkthrough of why 33% BFT needs two voting rounds, how 20% designs get true one-round finality, and how an optimistic fast path can bridge the gap.
Read →A Lean4 formalization of the paper "A Simplified Round-by-round Soundness Proof of FRI" by Albert Garreta, Nicolas Mohnblatt, and Benedikt Wagner, completed using Harmonic's Aristotle agent and Claude Code. Welcome to the strange world of machine-led formalization of cryptography.
Read →In Session 08 of "Proof is in the Pudding," we explore how different networks have approached privacy over the years. From E-Cash and Monero to MobileCoin and Zether, we break down blind signatures, Pedersen commitments, stealth addresses, ring signatures, and more. This session provides a comprehensive tour of the techniques used to break linkability, hide addresses, and obscure transaction data in the name of privacy and safety.
Read →