In this third whiteboard session in partnership with Archetype, we explain how a recent paper on Fiat-Shamir security and the GKR protocol works.
zkSecurity offers auditing, research, and development services for cryptographic systems including zero-knowledge proofs, MPCs, FHE, consensus protocols and more.
Learn More →In this part of our series, we start introducing the algebraic language needed to formalize sum-check as a tensor reduction. We start with the basics of rings and modules. Rings generalize fields by dropping the requirement that every non-zero element has a multiplicative inverse. Modules then generalize vector spaces by allowing scalars to come from a ring instead of a field. In this post, we’ll use plenty of examples to make these ideas concrete and build intuition along the way.
We found a critical soundness bug in Jolt’s transparent verifier that allowed a forged proof for an invalid execution to verify. The issue was fixed quickly after disclosure, and the full PoC and write-up are available in the linked repository.
Notes and proofs for the divisor-based ECIP protocol of Eagen, written with Diego F. Aranha and supported by MAGIC Grants. The document is self-contained: it works through the necessary algebraic geometry, the interactive proof and its soundness, the composition with a simulation-extractable NIZK, and the R1CS verifier circuit used by Parker's gadget in Monero's FCMP++.
We audited Reclaim protocol's ChaCha20 circuits, diving deep into bit-level operations for a secure and efficient design. After a few iterations, we switched from a word-based to a bit-focused circuit approach, achieving a 10% enhancement in performance and size. We used Circom for implementation, with a focus on Groth16 system constraints. Our findings led Reclaim to revamp their strategy, honing in on bitwise logic for an effective flow without costly re-encodings. Curious about the technical journey and the final audit insights? We’ve got the details covered!
We recently had the pleasure of auditing Renegade's circuits and smart contracts, and it was a great experience. Over three weeks, our team explored their top-notch code and documentation, with the Renegade team providing awesome support throughout. Curious how it all went? Dive into our full report for the inside scoop!
We recently teamed up with Celo for an in-depth security audit of the Self project, exploring its innovative approach to on-chain identity using biometric passports and zero-knowledge proofs. During our three-week dive, we examined everything from cryptographic primitives to smart contract architecture and a unique proof delegation system using AWS Nitro Enclaves. The Celo team impressed us with their commitment and responsiveness, and we collaborated on refining the system with strategic improvements. Curious about the nitty-gritty details and our insights? Check out the full report!
We're excited to share that our programming language, noname, now supports R1CS, making it easier to write zero-knowledge (ZK) circuits and deploy them on Ethereum using SnarkJS. This update introduces an alternative to the common Circom language, with a simple and intuitive syntax inspired by Rust and Golang. In this post, we illustrate how to deploy a noname-based Sudoku circuit on Ethereum, demonstrating core benefits like proving a solution's correctness without revealing it. Dive in to explore how noname could potentially unify the fragmented zkSNARK ecosystem and simplify your circuit writing process!
A series of recent papers just disproved the proximity gaps conjecture, which has everyone wondering if hash-based SNARKs are in trouble. We break down what actually happened using some helpful visuals. Think of it as understanding which parameter choices are safe versus which ones are now confirmed to be risky. The post walks you through the different security zones (proven safe, conjectured safe, and definitely not safe), explains how these new results connect to other open math problems, and shows what it means for real-world SNARKs in terms of proof sizes and performance trade-offs.
In Session 07 of "Proof is in the Pudding," we explore the other dark forest, the realm of offchain public keys. We dive into zkLogin, ZK Email, and ZKPassport, examining how these protocols handle authentication and privacy. We also discuss the issue of unlinkability in privacy protocols and why replacing traditional signature verifications with zero-knowledge proofs could unlock more interesting and powerful ZK products.