ZK/SEC Quarterly

Back to all posts

New on Mpcsec.org: an MPC Bug Tracker, Templates, and a Cleaner UI

ZK/SEC June 25, 2026 1 min read
educative security MPC

banner

Last month we announced mpcsec.org, an open, collaborative reference for the implementation mistakes that keep recurring in multi-party computation. Since then, we have shipped several updates aimed at making MPC implementation mistakes easier to find, classify, and document.

The biggest addition is the MPC Bug Tracker: a searchable collection of real-world MPC bugs drawn from deployments, disclosures, and audits. The tracker connects concrete incidents back to reusable pitfall patterns, turning isolated bugs into reusable lessons for future MPC reviews.

We also expanded the site’s taxonomy with a section on cryptographic primitives. MPC protocols rely on building blocks such as commitments, hashes, signatures, Paillier encryption, elliptic-curve groups, and randomness. When those primitives are misused or instantiated with the wrong assumptions, the protocol around them can fail even if the high-level design looks sound.

To make contributions easier, the repository now includes templates for adding both concrete bugs and reusable pitfall patterns. The goal is to keep the structure consistent while lowering the friction for people who have seen MPC bugs in the wild and want to document them.

We also refreshed the site UI to make the pitfall categories and bug tracker easier to browse.

If you have seen an MPC bug we are missing, send it our way. And if you would like an extra set of eyes on your MPC stack, reach out at hello@zksecurity.xyz.

zkSecurity offers auditing, research, and development services for cryptographic systems including zero-knowledge proofs, MPCs, FHE, consensus protocols and more.

Learn More →

Latest Posts

zkNews Is Now Open to Everyone

ZK/SEC June 06, 2026
announcement

zkNews is now open to everyone. When we first launched, access was limited to a small beta group to keep things stable while we found our footing. That rate limit is gone. Anyone can now sign up, submit links, and join the discussion at news.zksecurity.xyz. Come help us build the home for zero-knowledge news.

Clean: from Verified Circuits to Verified zkVMs

Gregor Mitscha-Baude June 05, 2026
formal-verification zk circuits tools

Clean, our circuit DSL, is growing toward verification of complex multi-AIR ensembles. We introduce channels as a way to model lookups, permutation arguments, and zkVM cross-table interactions, then explain how local gadget proofs can compose into global soundness theorems. Watch our talk from ZKProof 8 or read the post.

Announcing Mpcsec.org: What Goes Wrong When You Implement MPC

ZK/SEC May 25, 2026
educative security MPC

mpcsec.org is a new collaborative reference for common pitfalls in MPC implementations and the cryptographic primitives they rely on, built with contributors from zkSecurity, Trail of Bits, Partisia, and Zama. If you build, audit, or deploy threshold signatures, distributed key generation, or other MPC protocols, it's a starting point for the mistakes you don't want to repeat.

Recommended Reading

Announcing Mpcsec.org: What Goes Wrong When You Implement MPC

ZK/SEC May 25, 2026
educative security MPC

mpcsec.org is a new collaborative reference for common pitfalls in MPC implementations and the cryptographic primitives they rely on, built with contributors from zkSecurity, Trail of Bits, Partisia, and Zama. If you build, audit, or deploy threshold signatures, distributed key generation, or other MPC protocols, it's a starting point for the mistakes you don't want to repeat.

A Gentle Introduction to the Mpc-in-the-head Transformation

Giorgio Dell'Immagine February 20, 2025
educative zk MPC

In this blog post, we dive into the fascinating world of zero-knowledge proofs using the MPC-in-the-Head transformation, a clever method that constructs proof systems from any secure multiparty computation protocol. Originally proposed in 2007, this transformation uses a creative approach involving "imaginary parties" to prove knowledge without revealing it. We explain how this technique can be applied to develop post-quantum signature schemes, providing insights into its practical implications and efficiency. By exploring these concepts, readers will uncover a unique intersection of cryptography and computer science.

Renegade Audit: When ZK Meets MPC

ZK/SEC July 22, 2024
security zk MPC audit

We recently had the pleasure of auditing Renegade's circuits and smart contracts, and it was a great experience. Over three weeks, our team explored their top-notch code and documentation, with the Renegade team providing awesome support throughout. Curious how it all went? Dive into our full report for the inside scoop!

More to Explore

A Year of ZK Security

David Wong May 30, 2024
announcement

A year after launching, we've grown and evolved alongside the world of zero-knowledge proofs, uncovering bugs and learning the ins and outs of ZK technology. From circuit audits to developing our own tools like Circomscribe, it’s been a wild ride. We've discovered how easy it is to misstep with ZK code, especially as these systems grow complex and impact financial security. As zkVMs gain popularity, we're excited about the challenges ahead and are expanding our expertise. Want to dive into the world of ZK with us? Check out our latest projects and even take on our zkBank challenge!

Improving the Security of the Jolt zkVM

Suneal Gong, Imam Al-Fath November 19, 2024
security zk audit zkvm

We recently explored a16z’s Jolt zkVM to bolster its security, discovering significant bugs in the process. Our findings revealed vulnerabilities that could allow malicious provers to forge proofs, highlighting the crucial role of manual reviews in catching these issues. Jolt, with its unique approach using the Lasso lookup technique, aims to improve prover efficiency and system scalability. With these bugs now fixed, this work underscores the importance of thorough audits in ensuring the reliability of advanced zkVM technology. Stay tuned as we continue to delve into zkVM security insights.

Trust, but Measure: a Friendly Intro to Tees with Intel TDX

ZK/SEC June 28, 2025
educative TEE security

In the latest session of "Proof is in the Pudding," we teamed up with Archetype to explore the basics of Trusted Execution Environments. Through a collaborative whiteboarding session, we break down key concepts and practical applications, making this tech topic accessible and engaging. Dive in to discover how these environments can enhance digital security in a straightforward way.
View all articles