ZK/SEC Quarterly

Back to all posts

Announcing Mpcsec.org: What Goes Wrong When You Implement MPC

ZK/SEC May 25, 2026 1 min read
educative security MPC

banner

On May 15, 2026, THORChain was hit by a targeted exploit that drained roughly $10.7M from one of its vaults, the result of a flawed implementation of GG20, an MPC-based threshold signature scheme. Even when a scheme is theoretically sound, things can easily go wrong while implementing it. So, if you are implementing or auditing MPC, head over to mpcsec.org.

What is mpcsec.org?

At the RWMPC 2025 workshop, a group of practitioners agreed that the field needed a shared, living reference for the implementation mistakes that keep recurring. That conversation grew into a collaborative project, and today we are happy to announce its first public release: mpcsec.org, a guide to common multi-party computation pitfalls maintained with contributors from zkSecurity, Trail of Bits, Partisia, and Zama.

The guide currently covers six categories: input validation, context binding, concurrency and state, insecure subprotocols, failure recovery, and adaptive inputs. It also catalogs improper use of the cryptographic primitives that MPC protocols rely on, since even a well-designed scheme can fail when its building blocks are misused. Each entry walks through a pitfall, how it can go wrong, and how to avoid it, with examples drawn from real deployed libraries like tss-lib, WSTS, MP-SPDZ and Drand.

Auditing with AI assistance

mpcsec.org also ships with a SKILL.md file to help guide LLM-assisted code reviews.

Your Feedback is Invaluable

We hope that this website becomes a reference. Tell us what you think. Share your suggestions, or any new MPC-related bugs, via a PR.

Get in touch

If you would like an extra set of eyes on your MPC stack, reach out at hello@zksecurity.xyz.

Tip

Curious about how MPC techniques connect to zero-knowledge proofs? See our gentle introduction to the MPC-in-the-Head transformation.

zkSecurity offers auditing, research, and development services for cryptographic systems including zero-knowledge proofs, MPCs, FHE, consensus protocols and more.

Learn More →

Latest Posts

Sum-check as an Algebraic Tensor Reduction: Part III

Marco Besier May 18, 2026
sum-check algebraic reductions of knowledge tensors linear maps

This post is all about the maps that let us move between modules without breaking their structure. We’ll see when a map is truly “linear,” when two modules are (secretly) the same, and why two-input maps deserve special attention. Along the way, (bi-)linear maps and isomorphisms become less like abstract definitions and more like tools we can actually use. By the end, we’ll have all the tooling we need to tackle abstract tensor products head-on.

Sum-check as an Algebraic Tensor Reduction: Part II

Marco Besier May 10, 2026
sum-check algebraic reductions of knowledge tensors rings modules

In this part of our series, we start introducing the algebraic language needed to formalize sum-check as a tensor reduction. We start with the basics of rings and modules. Rings generalize fields by dropping the requirement that every non-zero element has a multiplicative inverse. Modules then generalize vector spaces by allowing scalars to come from a ring instead of a field. In this post, we’ll use plenty of examples to make these ideas concrete and build intuition along the way.

Breaking Jolt’s Verifier with an Unbound Uni-skip Claim

Minsun Kim May 09, 2026
security zk zkvm

We found a critical soundness bug in Jolt’s transparent verifier that allowed a forged proof for an invalid execution to verify. The issue was fixed quickly after disclosure, and the full PoC and write-up are available in the linked repository.

Recommended Reading

A Gentle Introduction to the Mpc-in-the-head Transformation

Giorgio Dell'Immagine February 20, 2025
educative zk MPC

In this blog post, we dive into the fascinating world of zero-knowledge proofs using the MPC-in-the-Head transformation, a clever method that constructs proof systems from any secure multiparty computation protocol. Originally proposed in 2007, this transformation uses a creative approach involving "imaginary parties" to prove knowledge without revealing it. We explain how this technique can be applied to develop post-quantum signature schemes, providing insights into its practical implications and efficiency. By exploring these concepts, readers will uncover a unique intersection of cryptography and computer science.

Watch What We Have to Say About ZK Security in the Node Guardians Season 2 Episode 1

ZK/SEC August 31, 2023
announcement educative zk

Catch our cofounder David Wong on the latest episode of Node Guardians, where he chats about ZK security with Sam. Dive into the intriguing world of blockchain auditing, uncover the role math plays, and explore how auditors tackle challenges and rate vulnerabilities. Plus, get insights into the usefulness of formal verification. It's a must-watch for anyone curious about the future of ZK and the nitty-gritty of blockchain security!

Renegade Audit: When ZK Meets MPC

ZK/SEC July 22, 2024
security zk MPC audit

We recently had the pleasure of auditing Renegade's circuits and smart contracts, and it was a great experience. Over three weeks, our team explored their top-notch code and documentation, with the Renegade team providing awesome support throughout. Curious how it all went? Dive into our full report for the inside scoop!

More to Explore

SoK: What Don’t We Know? Understanding Security Vulnerabilities in Snarks

ZK/SEC February 26, 2024
educative security zk

We've teamed up with some of the top minds in academia and industry to dive deep into the world of zero-knowledge proofs (ZKPs) and their vulnerabilities. Our new paper catalogues hundreds of ZK vulnerabilities, breaking down their root causes and offering strategies to sidestep these pitfalls. By digging into real-life SNARK implementations, we aim to bolster the security of these cutting-edge systems with actionable insights and recommendations. Curious about what makes ZKPs tick and how to keep them secure? You might find this study just what you need!

You Like Circom but You Find It Confusing? Introducing Circomscribe

ZK/SEC August 26, 2023
announcement tools security zk circom

Dive into our exploration of Circomscribe, a nifty tool designed to illuminate the mysterious process of how your Circom code gets translated into constraints. We share insights from our experience with Circom circuit audits, highlighting common pitfalls developers face when their high-level intentions meet low-level reality. By showcasing how Circomscribe can help visualize this transition, we aim to empower developers to craft more bug-free, secure ZK applications. If you're keen on understanding the inner workings of Circom and enhancing your coding prowess, this post is your guide.

New Challenge Alert: Complete Both to Join zkSecurity

ZK/SEC December 01, 2025

Think you have what it takes to join zkSecurity? We're raising the bar with a second challenge! Now candidates must complete both zkBank and our new Curve Machine challenge to prove their skills across the full spectrum of ZK security. Are you ready to take on both challenges?
View all articles