In our latest blog post, we dig into the fascinating world of blockchain rollups, focusing on their security and how they help Ethereum scale while maintaining its core values of decentralization. We’ll break down the concepts of Optimistic and ZK-Rollups, discuss the importance of projects like L2BEAT in assessing rollup maturity, and introduce our formal model for ensuring rollup security. If you’re curious about how forced transactions, safe blacklisting, and upgradeability are shaping the future of Ethereum, this is a read you won’t want to miss.

We’re thrilled to introduce our new site, bugs.zksecurity.xyz, a hub for exploring past vulnerabilities in ZK circuits. Dive into our growing catalog of documented bugs and learn how we’ve reproduced some with comprehensive scripts. Discover evaluations of prominent security tools like Circomspect and Picus, and see where they shine or stumble. We’re calling on the community to join us in expanding this invaluable resource—whether by adding bugs, reproducing them, or improving our platform. Let’s collaborate to elevate ZK security together!

Kevin Buzzard, a mathematician with a cautious view on human-checked proofs, found solace in interactive theorem provers, which verify mathematical proofs much like type-checking in programming. We explore how these tools, which are gaining traction in fields like applied cryptography, ensure rigorous and reliable proofs. With Lean as our focus, you’ll discover how to dive into this fascinating world, see a proof in action, and learn how this technology is revolutionizing areas like zero-knowledge virtual machines. Curious about building rock-solid, machine-verified proofs? Check out our beginner-friendly guide!

In our latest post, we take you inside the workings of Jolt, a zero-knowledge virtual machine for the RISC-V architecture. This post breaks down the three main components that prove execution correctness: instruction lookup, offline memory checking, and the Rank-1 Constraint System (R1CS). By exploring these elements, you’ll get a grasp on how Jolt ensures VM execution is accurate and reliable, using innovative methods like Lasso lookup arguments and the Spartan protocol. Join us as we unravel this cutting-edge zkVM, which not only promises simplicity but also the potential for exciting advancements.

Ever wondered how zkVMs simplify the use of zero-knowledge proofs in coding? We dive into how they let developers focus more on application logic by abstracting complex cryptographic aspects, using familiar languages like Rust or C++. But hold on, it’s not all smooth sailing—despite these benefits, a single bug anywhere in the complex system of compilers, proof systems, or verification can lead to serious security issues. In the post, we break down the zkVM workflow, explore common vulnerabilities at each phase, and highlight the importance of understanding these layers to build more secure, zk-powered applications. Curious about how this all plays out? Let’s unravel it together!

We recently explored a16z’s Jolt zkVM to bolster its security, discovering significant bugs in the process. Our findings revealed vulnerabilities that could allow malicious provers to forge proofs, highlighting the crucial role of manual reviews in catching these issues. Jolt, with its unique approach using the Lasso lookup technique, aims to improve prover efficiency and system scalability. With these bugs now fixed, this work underscores the importance of thorough audits in ensuring the reliability of advanced zkVM technology. Stay tuned as we continue to delve into zkVM security insights.

In our deep dive into Starknet’s cryptographic components, we tackled the challenge of missing comprehensive specifications by reverse-engineering and publishing draft specs. Readers can explore our work on key protocols like Starknet Channels and STARK Verifier, with an open invitation to join us in refining these efforts. Curious to see what we’ve pieced together? Check out our drafts and get involved!

We’re teaming up with the Zircuit team to bring you a new course on Halo2 development that’s perfect for Rust developers eager to dive into creating Halo2 circuits from scratch. No need to be a cryptographer or have prior knowledge of Halo2, PlonK, or zkSNARKs—our course starts with the basics and guides you through building increasingly complex circuits. By the end, you’ll be a Halo Hero! Plus, you’ll have access to complete, runnable code examples on GitHub. Ready to start your Halo2 journey? Check it out!

We’re super excited to introduce noname 3.0, our zk programming language inspired by Rust and Golang, now achieving full feature parity with Circom. This update brings native hints, a standard library, debugging features, and a lot more to enhance developer experience. Dive into how hint functions work with an ‘unsafe’ keyword to balance innovation and security, explore our new stdlib modules, and see how the compiler pipeline visualizer can help you understand the compiling process. Plus, check out our next steps and how you can contribute to shaping noname’s future.

Zero-knowledge proofs have come a long way in 40 years, thanks to groundbreaking work from many brilliant minds. We’re taking you on a tour of the key milestones in this fascinating journey, from the foundational concepts in 1985 by Goldwasser, Micali, and Rackoff, to modern applications and innovations like STARKs and zkVMs. You’ll get a taste of major papers and projects that have pushed these proofs from theoretical curiosity to practical and scalable solutions. Dive into the history, understand the evolution, and see how these cryptographic marvels continue to shape the future of secure computation!

Hey there! Interested in learning about SNARKs that work beyond finite fields? We’ve been diving into $\mathbb{Z}$NARKs, which are SNARKs tailored for computations involving integers. Our latest post unpacks this intriguing area, showing how we can construct efficient proof systems for integer-based computations. You’ll discover nifty tricks like range checks without bit decomposition and mixed field emulation, plus how these techniques can simplify RSA computations. Intrigued by the idea of using randomness for more reliable proofs or exploring an intellectual curiosity like $\mathbb{Q}$-circuits? This post covers it all, including a peek into the future of polynomial commitments. Dive in and explore with us!

We’re excited to introduce the Stone CLI, our new tool designed to simplify the process of proving and verifying Cairo programs. Working alongside the StarkWare team, we’ve streamlined the toolchain for developers, making it easier to compile, run, and prove these programs with less hassle. You’ll get the scoop on how to seamlessly use the Stone CLI across various verifiers, serialize proofs, and even create Ethereum-compliant proofs using the bootloader. Dive in to see how we’re making life easier for both beginners and seasoned Cairo enthusiasts!

In our “Proof is in the Pudding” series, hosted with Archetype, we dive into the world of zkTLS—also known as zkOracles, HTTPz, or MPC-TLS. You’ll get the inside scoop on various approaches like public oracles, TEE methods such as TownCrier, and hybrid models using MPC protocols. It’s a perfect chance to explore cutting-edge TLS technologies and see how they shape secure communication. Check out the recorded session on Archetype’s channel!

Ever wondered if you could create a ciphertext that’s only decrypted when a polynomial inside a commitment has a particular value? We’ve explored this notion using KZG commitments in our latest Asiacrypt 2024 paper. Dive into the elegant world of Witness Encryption and see how it can be applied in cool ways like Laconic Oblivious Transfer. This approach keeps things as efficient as regular KZG operations and might just spark some creative applications of your own! Curious to learn more? Let’s explore together!

We’re excited to join zkHack’s new season of whiteboard sessions, where you’ll dive into the real meaning of “Zero Knowledge” with Nicolas Mohnblatt and David Wong. Discover when true zero-knowledge is at play, explore the differences between honest and dishonest verifiers, and understand why adaptive models are preferred. We’ll unpack methods for generating hiding commitments and give you a comprehensive overview of the zero-knowledge aspects of PLONK. Don’t miss out on this opportunity to expand your understanding of ZK and its various applications!

Join us for a deep dive into the fascinating world of arithmetization as David from our team breaks down the process of converting logical statements into algebraic forms to create arithmetic circuits, essential for constructing ZK proofs. This unedited recording from our “Proof is in the Pudding” series offers a unique opportunity to grasp these foundational concepts, perfect for anyone keen on unlocking the mechanics behind zero-knowledge proofs. Curious? Check out the session on Archetype’s channel!

Last weekend, we had a blast crafting challenges for a CTF event at the MOCA Italian hacker camp. One cryptography challenge, “2+2=5,” involved the Jolt zkVM and a RISC-V program. In this post, we share the ins and outs of the challenge, the clever use of a modified Jolt library, and how we managed to prove an invalid execution without triggering verification alarms. Get ready to dive into the world of Jolt and pick up some nifty insights on exploiting cryptographic systems like a true hacker.

We recently had the thrill of judging the latest zkHack competition in Montreal, where developers, researchers, and enthusiasts dove into the world of zero-knowledge proofs and privacy tech. The projects were incredibly innovative, featuring creative applications like ZK breathalyzers and ZK & GPS solutions. Check out the exciting results and insights from this year’s event—you won’t want to miss what these brilliant minds are bringing to the table!

Check out our latest blog post where we dive into the world of Zero-Knowledge Proof (ZKP) vulnerabilities, sharing our insights from replicating known ZK circuit weaknesses. We’ve launched a GitHub repo with detailed scripts to help you understand, reproduce, and learn from these vulnerabilities. Discover how this hands-on approach aids in grasping attack vectors, testing fixes, and enriching educational resources. Whether you’re a researcher or a developer, this post is packed with info to enhance your knowledge and skills in ZKP security. Plus, find out how you can contribute to expanding this invaluable resource!

We’re excited to introduce the preview of noname 2.0, packed with features that make developing advanced ZK circuits easier than ever. This update includes flexible generic-sized arrays, seamless integration with folding schemes for IVC, and an interactive online playground to test and share code. We’ve also optimized R1CS constraint generation to boost performance. Plus, there are numerous community-driven enhancements and bug fixes that make the language more robust and user-friendly. Dive in to explore the specifics of our journey, learn from the contributions of our vibrant open-source community, and see how noname is evolving into a more versatile tool for developers.