⏵ Renegade Audit: When ZK meets MPC
We recently had the pleasure of auditing Renegade’s circuits and smart contracts, and it was a great experience. Over three weeks, our team explored their top-notch code and documentation, with the Renegade team providing awesome support throughout. Curious how it all went? Dive into our full report for the inside scoop!
⏵ FRIDA: Data-Availability Sampling from FRI
We’ve just dropped a blog post exploring the cool world of Ethereum’s latest EIP-4844 upgrade and how it tackles the data-availability conundrum with Proto-Danksharding. Get ready to dive into the intricacies of making data more accessible (and less pricey) by using nifty concepts like blobs and polynomial evaluations. Plus, we dish on the role of FRI in data-availability sampling and how it can streamline things even more. Curious? Check out the details and see how this all shapes Ethereum’s future!
⏵ zkSecurity x Bain Capital (Whiteboard Session): Unveiling the Power of Multi-Party Computation
We’re thrilled to share that we’re featured in Bain Capital Crypto’s Whiteboards series! In the first episode, David and Guillermo Angeris dive deep into the intriguing world of Multi-Party Computation (MPC). Join them as they break down complex concepts like additively-shared secrets and Shamir Secret Sharing, making the cutting-edge tech behind MPC accessible and engaging. Check out the full episode for some engaging insights and reach out to us if you’re looking for MPC stack auditors!
⏵ Circle STARKs: Part I, Mersenne
Discover the intriguing world of Circle STARKs and how they can supercharge zero-knowledge proofs. This blog post sets the stage for a fascinating series about utilizing Mersenne prime fields to achieve lightning-fast arithmetic operations in STARK systems. You’ll explore recent breakthroughs that make these fields more practical despite their previous limitations, and you’ll get a sneak peek at what’s to come, including delving into group structures and implementing circle FFTs. If you’re keen on cryptography and zero-knowledge proofs, this series will unveil how modern advancements are pushing the boundaries of what’s possible.
⏵ The State of Security Tools for ZKPs
Zero-knowledge proofs (ZKPs) have come a long way from theory to real-world applications like blockchains and private transactions. We’ve been busy auditing various ZKP implementations and developing tools to improve circuit safety and security. In this blog post, we’ll explore how vulnerabilities can crop up in SNARK systems and the current state of tools designed to spot these issues. From circuit bugs to the often-overlooked frontend and backend layers, we cover how various analysis techniques and formal verification approaches are evolving to ensure robust ZKP systems. Dive in to discover the potential and current challenges in ZKP security!
⏵ noname meets Ethereum: Integration with SnarkJS
We’re excited to share that our programming language, noname, now supports R1CS, making it easier to write zero-knowledge (ZK) circuits and deploy them on Ethereum using SnarkJS. This update introduces an alternative to the common Circom language, with a simple and intuitive syntax inspired by Rust and Golang. In this post, we illustrate how to deploy a noname-based Sudoku circuit on Ethereum, demonstrating core benefits like proving a solution’s correctness without revealing it. Dive in to explore how noname could potentially unify the fragmented zkSNARK ecosystem and simplify your circuit writing process!
⏵ Ditch the Pump & Dump Drama: Your ZK Tech Hub Awaits
We’re excited to share our latest project, zkNews—your go-to hub for all things zero-knowledge. This link aggregator keeps you updated with the latest ZK news, groundbreaking research, and cutting-edge projects. Dive into the ZK world, stay informed with breaking announcements, and explore innovative tools and applications. Join our beta and help shape the future of zkNews with your feedback—big plans are in the works, and we’d love you to be a part of it!
⏵ A Year of ZK Security
A year after launching, we’ve grown and evolved alongside the world of zero-knowledge proofs, uncovering bugs and learning the ins and outs of ZK technology. From circuit audits to developing our own tools like Circomscribe, it’s been a wild ride. We’ve discovered how easy it is to misstep with ZK code, especially as these systems grow complex and impact financial security. As zkVMs gain popularity, we’re excited about the challenges ahead and are expanding our expertise. Want to dive into the world of ZK with us? Check out our latest projects and even take on our zkBank challenge!
⏵ ZPrize Came To An End! Who And How Did They Win $500,000?
In an exciting collaboration with ZPrize, we embarked on a journey to discover the fastest proofs for ECDSA signatures, ultimately crowning two standout approaches as winners. The blog post delves into the innovative solutions that captured the $500,000 prize by pushing the boundaries of zero-knowledge proofs. The story offers a fascinating glimpse into how these cutting-edge techniques might pave the way for privacy-focused applications. Curious to know which teams came out on top and how they did it? Dive in to explore the thrilling results and what’s next in the ZK space!
⏵ Public report of Lighter ZK circuits
We recently teamed up with Lighter to dive deep into their custom ZK circuits used for a verifiable orderbook matching on a Layer 2 exchange. Our findings show solid and well-structured code, thanks to their cooperative engineering team. The post gives a fascinating look into how Lighter’s ZK rollup ensures valid state transitions on Layer 1 through zero-knowledge proofs and the innovative structure of their order book matching process. It explains the roles of the main operation and exit hatch circuits, while also touching on how users can exit in emergencies. It’s a great read if you’re curious about how these systems maintain security and efficiency in decentralized finance.
⏵ Partnership with StarkWare
We’re teaming up with StarkWare to enhance Ethereum’s scalability using an exciting tool called the EVM adapter. This innovative open-source project takes proofs from the Stone Prover and makes them verifiable on Ethereum, showcasing the power of Cairo bootloader programs for Layer 2 scaling. By diving into our collaboration, you’ll get a glimpse of StarkNet’s ability to streamline transactions efficiently and how our joint efforts are driving this tech forward. Plus, our Stark Book offers a deeper technical dive for the curious minds!
⏵ Public report of Darkfi circuits and crypto audit
In February 2024, we dived into a security audit of Darkfi’s built-in contracts and circuits, putting them under the microscope to ensure everything checks out. Curious to know what we discovered while navigating the public Darkfi repository? Check out our full report for insights and findings.
⏵ zkBank: you think you have what it takes to work at zkSecurity?
Join us as we dive into the world of ZK through an exciting challenge called zkBank! Whether you’re a bug-hunting enthusiast or just curious about zero-knowledge projects, this is your chance to test your skills and learn across various areas. Think you can crack it? Check out the details and see if you have what it takes.
⏵ SoK: What don’t we know? Understanding Security Vulnerabilities in SNARKs
We’ve teamed up with some of the top minds in academia and industry to dive deep into the world of zero-knowledge proofs (ZKPs) and their vulnerabilities. Our new paper catalogues hundreds of ZK vulnerabilities, breaking down their root causes and offering strategies to sidestep these pitfalls. By digging into real-life SNARK implementations, we aim to bolster the security of these cutting-edge systems with actionable insights and recommendations. Curious about what makes ZKPs tick and how to keep them secure? You might find this study just what you need!
⏵ zkBitcoin: Use Zero-Knowledge Applications (zkapps) on Bitcoin
We’re excited to introduce zkBitcoin, a new tool that lets you create zero-knowledge applications on Bitcoin using a minimal layer 2 protocol. This innovation opens up a world of complex, privacy-focused apps by enhancing Bitcoin’s scripting capabilities. We’re currently on testnet, so you can jump in and explore the possibilities. Check out our whitepaper or watch some videos for a deeper dive. It’s an exciting time for Bitcoin development, and we can’t wait to see what you’ll build!
⏵ Public report of Aleo's consensus (Bullshark)
We recently audited Aleo’s blockchain consensus and found it to be impressively well-documented and high-quality. Our collaboration with Aleo’s cooperative team helped us uncover several key issues, and the insights from this audit were well-received. In the blog, we dive into Aleo’s Bullshark consensus protocol, explaining its step-by-step process and unique pipelining techniques. We also explore how leaders ensure commitments in even rounds and discuss essential aspects like quorum intersection and garbage collection. Whether you’re a blockchain enthusiast or just curious about cutting-edge consensus protocols, this post has got some fascinating details to offer!
⏵ Public report of Aleo's synthesizer
We were tasked with auditing Aleo’s synthesizer for their blockchain, diving deep into its code and uncovering some important findings along the way. The synthesizer is crucial for deploying and executing user programs, utilizing zero-knowledge proofs to maintain privacy and efficiency. Readers will get a glimpse into how Aleo uses their Leo programming language, the intricate process of synthesizing proof circuits, and how function execution and program deployment flows occur on their platform. This post offers insights into Aleo’s unique approach to tackling challenges similar to those faced by Ethereum but with an innovative twist that includes privacy features and reduced costs.
⏵ Public report of Sui's zkLogin audit
We just finished an audit of the Sui Foundation’s zkLogin application and we’re sharing what we found: the code is well-documented, tested, and specified. The zkLogin is set to make user authentication on the blockchain secure but simple, replacing cryptographic keys with familiar SSO methods like Google or Facebook while preserving user privacy. We also dive into the technical details behind JWT verification, non-native arithmetic for RSA, and vector programming. Plus, learn about the trusted setup process for zkLogin, ensuring maximum security through a decentralized multi-party ceremony. If you’re curious about the intricate mechanics behind zkLogin, this is a must-read.
⏵ Public report of Reclaim protocol's ChaCha20 circuit
We audited Reclaim protocol’s ChaCha20 circuits, diving deep into bit-level operations for a secure and efficient design. After a few iterations, we switched from a word-based to a bit-focused circuit approach, achieving a 10% enhancement in performance and size. We used Circom for implementation, with a focus on Groth16 system constraints. Our findings led Reclaim to revamp their strategy, honing in on bitwise logic for an effective flow without costly re-encodings. Curious about the technical journey and the final audit insights? We’ve got the details covered!
⏵ Watch what we have to say about ZK security in the Node Guardians season 2 episode 1
Catch our cofounder David Wong on the latest episode of Node Guardians, where he chats about ZK security with Sam. Dive into the intriguing world of blockchain auditing, uncover the role math plays, and explore how auditors tackle challenges and rate vulnerabilities. Plus, get insights into the usefulness of formal verification. It’s a must-watch for anyone curious about the future of ZK and the nitty-gritty of blockchain security!