We’re excited to introduce zkBitcoin, a new tool that lets you create zero-knowledge applications on Bitcoin using a minimal layer 2 protocol. This innovation opens up a world of complex, privacy-focused apps by enhancing Bitcoin’s scripting capabilities. We’re currently on testnet, so you can jump in and explore the possibilities. Check out our whitepaper or watch some videos for a deeper dive. It’s an exciting time for Bitcoin development, and we can’t wait to see what you’ll build!

We recently audited Aleo’s blockchain consensus and found it to be impressively well-documented and high-quality. Our collaboration with Aleo’s cooperative team helped us uncover several key issues, and the insights from this audit were well-received. In the blog, we dive into Aleo’s Bullshark consensus protocol, explaining its step-by-step process and unique pipelining techniques. We also explore how leaders ensure commitments in even rounds and discuss essential aspects like quorum intersection and garbage collection. Whether you’re a blockchain enthusiast or just curious about cutting-edge consensus protocols, this post has got some fascinating details to offer!

We were tasked with auditing Aleo’s synthesizer for their blockchain, diving deep into its code and uncovering some important findings along the way. The synthesizer is crucial for deploying and executing user programs, utilizing zero-knowledge proofs to maintain privacy and efficiency. Readers will get a glimpse into how Aleo uses their Leo programming language, the intricate process of synthesizing proof circuits, and how function execution and program deployment flows occur on their platform. This post offers insights into Aleo’s unique approach to tackling challenges similar to those faced by Ethereum but with an innovative twist that includes privacy features and reduced costs.

We just finished an audit of the Sui Foundation’s zkLogin application and we’re sharing what we found: the code is well-documented, tested, and specified. The zkLogin is set to make user authentication on the blockchain secure but simple, replacing cryptographic keys with familiar SSO methods like Google or Facebook while preserving user privacy. We also dive into the technical details behind JWT verification, non-native arithmetic for RSA, and vector programming. Plus, learn about the trusted setup process for zkLogin, ensuring maximum security through a decentralized multi-party ceremony. If you’re curious about the intricate mechanics behind zkLogin, this is a must-read.

We audited Reclaim protocol’s ChaCha20 circuits, diving deep into bit-level operations for a secure and efficient design. After a few iterations, we switched from a word-based to a bit-focused circuit approach, achieving a 10% enhancement in performance and size. We used Circom for implementation, with a focus on Groth16 system constraints. Our findings led Reclaim to revamp their strategy, honing in on bitwise logic for an effective flow without costly re-encodings. Curious about the technical journey and the final audit insights? We’ve got the details covered!

Catch our cofounder David Wong on the latest episode of Node Guardians, where he chats about ZK security with Sam. Dive into the intriguing world of blockchain auditing, uncover the role math plays, and explore how auditors tackle challenges and rate vulnerabilities. Plus, get insights into the usefulness of formal verification. It’s a must-watch for anyone curious about the future of ZK and the nitty-gritty of blockchain security!

Join our cofounder David Wong on the latest zk podcast as he dives into his compelling journey through cryptography, from his early days as a security consultant to his pivotal roles in major projects like Facebook’s crypto initiatives and Mina. Get an insider’s view on how we approach auditing in a Zero Knowledge context, the common pitfalls in ZK code, and how these insights shape our work. It’s an engaging and informative chat for anyone fascinated by the world of cryptography and ZK technology!

We’re gearing up for this year’s ZPrize competition, where we’ll be hosting the High Throughput Signature Verification category. This challenge is all about creating the most efficient signature verification circuit using Aleo’s Varuna proof system. Participants will work with ECDSA on the Bitcoin and Ethereum curve and the Ethereum hash function, keccak256. It’s a great chance to dive into some of the hottest problems in arithmetic circuits and optimize cryptographic algorithms. If you’re curious about pushing the boundaries in ZK, join us and share your feedback on our prize specification through our Discord channel.

Dive into our exploration of Circomscribe, a nifty tool designed to illuminate the mysterious process of how your Circom code gets translated into constraints. We share insights from our experience with Circom circuit audits, highlighting common pitfalls developers face when their high-level intentions meet low-level reality. By showcasing how Circomscribe can help visualize this transition, we aim to empower developers to craft more bug-free, secure ZK applications. If you’re keen on understanding the inner workings of Circom and enhancing your coding prowess, this post is your guide.

Ever wonder how zkApps ensure their execution is spot-on? This post digs into the idea of boomerang values—sneaky bugs that can crop up when zkApps mix in-circuit and out-of-circuit logic. We explore how these values disrupt your circuit’s trustworthiness, especially when variables are reintegrated unverified. Plus, we share how tools like MIRAI’s tag analysis can help spot these issues, making your zkApps more secure. Perfect for anyone into zero-knowledge applications or budding Rust enthusiasts looking for insights on taming complex bugs!