In our previous post, we delved into the Jolt zkVM and uncovered several significant bugs in the code. In this post, we will provide a detailed walkthrough on how Jolt actually works. Jolt is a zero-knowledge Virtual Machine (zkVM) designed for the RISC-V architecture and developed by a16z. It employs the Lasso lookup argument to prove the correctness of VM execution. While often praised as the simplest zkVM, Jolt is a relatively new protocol with limited resources explaining its functionality.

A zkVM (Zero-Knowledge Virtual Machine) uses zero-knowledge proofs to prove and verify computations run in specific ISA (Instruction Set Architecture). Existing zkVMs (e.g., risc0, sp1, jolt, valida, zkm) allow developers to write programs in high-level languages like Rust or C++ without needing to worry about the complexities of ZKPs. It abstracts away the underlying cryptographic details, enabling developers to focus on their application logic and ship faster. Once a zkVM is secure, it provides “out-of-the-box” ZKP functionality to any program running on it, giving developers the benefit of zero-knowledge proofs without additional effort.

Over the past few weeks, zkSecurity took a deep dive into a16z’s Jolt zkVM. This joint effort with a16z aimed to help strengthen the security of their zero-knowledge (ZK) stack. Jolt’s zkVM is positioned to become a key player in the zk space, and security work like this is essential to ensuring it can deliver on its promises. Through this review, we uncovered several significant bugs. These issues could allow a malicious prover to forge proofs with ease, posing serious risks.

In our partnership with Starknet, we have performed a number of security audits on some of the network’s cryptographic components. One challenge we encountered was the lack of comprehensive specifications – a common hurdle in the ZKP space. To navigate this, we had to reverse-engineer the protocol, piecing together its logic from various sources and observations. In this quest to understand the true protocol being implemented, we wrote and published draft specifications for a number of the protocols that we looked at.

In collaboration with the Zircuit development team, we are excited to announce the release of a course on Halo2 development. Unlike the excellent Halo2 book which focuses on the proof system itself, this course focuses on teaching Rust developers how to develop Halo2 circuits from scratch – without any prior knowledge of Halo2, PlonK or developing circuits for zkSNARKs required. You don’t need to be a cryptographer to follow along!

We’ve been working on noname for a while now, a zk programming language inspired by Rust and Golang, with the goal to provide a better experience than Circom for developers. We’re excited to announce that noname should now achieve full feature parity with Circom. We introduce noname 3.0, the most important update to noname which includes native hints, a standard library (stdlib), more debugging features, and many more quality-of-life improvements for developers.

Zero-knowledge proofs have evolved remarkably over nearly 40 years, achieving unprecedented levels of sophistication and efficiency. Today, new papers and projects emerge daily, building on a rich foundation of ideas and innovations. Curious about how it all started? In this post, we’ll dive into the history of zero-knowledge proofs, exploring 10 milestone papers that helped shape the field as we know it. #1 - The origins Goldwasser, Micali, Rackoff - The knowledge complexity of interactive proof-systems (1985) 1

$\mathbb{Z}$NARKs - SNARKs for The Integers Are SNARKs always for computation over finite fields? Turns out no. Today, we will explore the techniques presented in our recent preprint Fully-Succinct Arguments over the Integers from First Principles, which investigates the construction of SNARKs for circuits over the integers. This work provides a simple, but novel, approach to building efficient proof systems for computations involving whole numbers which sidesteps most of the usual complications of dealing with integers.

Introduction We are pleased to announce that after working for months with the StarkWare team, we are finally launching the Stone CLI, a tool for easily proving and verifying Cairo programs! Huge thanks to the StarkWare team for their work and guidance as well as the Lambdaclass and Herodotus teams for building the infrastructure that makes this possible. Motivation Currently, the Cairo ecosystem is fragmented in that there are multiple tools for compiling, running, proving, and verifying Cairo programs.

Proof is in the Pudding is a IRL series of whiteboard sessions hosted by Archetype and zkSecurity. For Session 02, we cover zkTLS (also called zkOracles, HTTPz, or MPC-TLS). This includes public approaches like public oracles (chainlink), TEE approaches like TownCrier, TLS Notary and Deco style approaches that mix using MPC protocols or pure proxies. Watch it on Archetype’s channel!