We are collaborating with StarkWare on the EVM adapter, an open-source verification adapter on Ethereum, currently tailored for Cairo bootloader proofs. At its core, it transforms a proof generated by the Stone Prover into a format that can be verified on Ethereum. The Cairo bootloader program serves as an prime example of the flexibility and usability for Layer 2 scaling offered by StarkWare technology. StarkNet utilizes this bootloader program to execute and batch-verify transactions from various Cairo programs, thereby elegantly achieving scalability without necessitating architectural changes.

In the week from February 12th to February 16th 2024, zkSecurity performed a security audit of Darkfi’s built-in contracts and circuits. The audit was performed on the public darkfi repository. You can find the full report here.

We’re always on the lookout for passionate people to join us to work on the most exciting projects in the ZK space. If you love finding bugs and are interested in ZK, you might want to take our new challenge: zkBank. This challenge is for everyone, and you’ll have to learn a bit of everything to solve it. If you think you have what it takes, then give it a go: https://github.

We just released a systemization of knowledge (SoK) whitepaper in collaboration with the Imperial College London, the Technical University of Munich, the Ethereum Foundation, the Scroll Foundation, and Matter Labs. The study goes through hundreds of ZK vulnerabilities to categorize them and understand the root causes of these vulnerabilities. We also provide a comprehensive list of mitigation strategies and best practices to avoid these vulnerabilities. The paper is currently available on arxiv.

In collaboration with Σ0, we released a new primitive called zkBitcoin, which allows for the creation of zero-knowledge applications (zkapps) on Bitcoin via a minimal layer 2 protocol that uses Bitcoin as data availability layer and a committee of participants to perform threshold signatures. This is a significant milestone for the Bitcoin ecosystem as it augments the capability of the Bitcoin scripting language allowing for larger and more complex application.

On October 9th, 2023, zkSecurity was tasked to audit Aleo’s consensus for use in the Aleo blockchain. Two consultants worked over the next 3 weeks to review Aleo’s codebase for security issues. The code was found to be thoroughly documented and of high quality. In addition, the team acted in a highly cooperative way and was key in helping us find a number of the issues in this report.

On September 11th, 2023, zkSecurity was tasked to audit Aleo’s synthesizer for use in the Aleo blockchain. Two consultants worked over the next 3 weeks to review Aleo’s codebase for security issues. The code was found to be thoroughly documented, rigorously tested, and well specified. A number of findings were reported. You can find the full report here. The report was well received by the Aleo team: What follows is a copy/paste of the overview section of the report

The Sui Foundation just released our public report on an audit of their zkLogin application. You can read it here. As we noted in our report, the code was found to be thoroughly documented, rigorously tested, and well specified. What follows is a copy of parts of the report’s content. Overview of zkLogin This section provides a simplified overview of the zkLogin application. zkLogin is a new way of authenticating users in Sui.

We have audited the ChaCha20 circuits of the Reclaim protocol. You can find the report here as well as Reclaim’s own announcement here. Through two audit iterations, it became evident that the word-based circuit approach still posed challenges, as several bit-level operations could not be efficiently constrained. This realization led us to revisit the initial individual-bits approach, optimize it, and undergo the audit for the third, final, time. The outcome of this comprehensive audit was a significant performance improvement.

Check out the latest episode of Node Guardians to see our cofounder David Wong talk about ZK security and the future of ZK with Sam. In this episode, David discusses the different workflows that can be used for blockchain auditing, the importance of math in auditing, and the scope of work that blockchain auditors typically perform. He also talks about the challenges of working in different contexts, how vulnerabilities are rated, and the usefulness of formal verification.