Listen to us on the latest episode of zeroknowledge.fm

Our cofounder David Wong was this week’s guest on the zk podcast. Listen to him talk about crypto and zksecurity here. This week, Anna and Guillermo chat with David Wong, author of the Real-World Cryptography book, and a cofounder zksecurity.xyz – an auditing firm focused on Zero Knowledge technology. They chat about what first got him interested in cryptography, his early work as a security consultant, his work on the Facebook crypto project and the Mina project, zksecurity.

→ Read more
zkSecurity partners with ZPrize to make you win hundreds of thousands of dollars!

There’s one big competition in ZK, and it is called ZPrize. Every year, ZPrize rewards contestants who come up with the most performant implementations for a series of challenges. The goal is to push the limits of what’s possible with ZK, and to make sure that the best implementations are open-source and available to everyone. This year, zkSecurity is proud to announce it’ll play the role of one of the three external architects for the competition, hosting the High Throughput Signature Verification ZPrize category.

→ Read more
You like Circom but you find it confusing? Introducing Circomscribe

If you’ve been working in the field of zero-knowledge in the last few years you must have heard of Circom, a tool to write zero-knowledge applications in the form of circuits. Many projects have used Circom, that is the least one could say, as perhaps most ZK projects that have been built as smart contracts directly on Ethereum have been built using Circom; the most infamous project probably being TornadoCash.

→ Read more
Detecting boomerang values in zero-knowledge circuits using tag analysis

zkApps (zero-knowledge applications) are meant to be provable translations of computer programs. That is, they should behave like the computer programs they are intending to represent, while also providing proofs of correct execution that can accompany program outputs. But as we’ve talked about before, translating programs into provable programs is not a straight forward process. To prove executions, zkApps attempt to “witness” all the important parts of an execution trace. They seek to assert every nook and corner specified (explicitly or implicitly) in the original application.

→ Read more
Public report of auditing Penumbra's circuits

We have audited Penumbra’s main circuits, and published a report of the findings. You can read about it on Penumbra’s blog post here, or read the report directly here. Of those 8 issues found, the Penumbra Labs team considered the two highest impact bugs to be the “double spend” and “double vote” bugs (rated high by zkSecurity, see report items #0 and #1), each with clear paths to exploitation. As of time of publication, the Penumbra Labs team has resolved all issues higher than “informational” identified by either of the audit teams, and confirmed these fixes by subsequent follow-up review with both original audit performers.

→ Read more
The zero-knowledge attack of the year might just have happened, or how Nova got broken

Last week, a strange paper (by Wilson Nguyen et al.) came out: Revisiting the Nova Proof System on a Cycle of Curves. Its benign title might have escaped the attention of many, but within its pages lied one of the most impressive and devastating attack on a zero-knowledge proof (ZKP) system that we’ve ever seen. As the purpose of a ZKP system is to create a cryptographic proof certifying the result of a computation, the paper demonstrated a false computation result accompanied with a valid proof.

→ Read more
noname: ZK app developers should be able to see down to the constraints

As we’ve explained before, zero-knowledge apps (or ZK apps) will come in two different shapes: VM instructions and arithmetic circuits. VM instructions should sound familiar. Reading them is like reading assembly, and they’re a level of abstraction higher than arithmetic circuits (as pointed out by this post). Whatever they’re writing, real programmers need to see what their programs compile down to (according to John Carmack). That’s how you find unoptimized bits as a low-level code monkey, but it’s also how you find some security issues and bugs.

→ Read more
wasmati: You should write your WebAssembly in TypeScript

If you know about WebAssembly or Wasm, you might have heard a few different pitches for why you need it: It’s a low level language for the web. So, it’s faster than JS. Use it to speed up things. It’s a build target. As such, it enables you to use languages other than JS on the web. You could write a web library in Rust or Go! You actually don’t use it on the web, but on the backend!

→ Read more
Do in secret. Assert in public. Don't under-constrain your prover's witness computation in ZK programs

Now is the time to learn and dive deep into ZK application development. A large class of security errors can crop up if you’re not careful when starting to build ZK applications. These issues often stem from having the wrong frame of reference in your head and paying attention to the wrong details. Read this article to learn about the mindset you need, and the gotchas to look out for when programming with zero-knowledge proofs.

→ Read more
ZK programmability adds a whole new layer to worry about

Zero-knowledge (ZK) programs are a powerful new tool for developers. They allow you to write programs that can prove their execution without revealing any of the underlying data. This has a wide range of potential applications, including privacy-preserving computation, secure data sharing, and fraud prevention. However, ZK programmability also introduces new security challenges. In this blog post, we will explore the security implications of ZK programs and discuss how developers can mitigate these risks.

→ Read more
← Previous
1 2 3 4 5 6 7
Next →