
In this third whiteboard session in partnership with Archetype, we explain how a recent paper on Fiat-Shamir security and the GKR protocol works.

In this third whiteboard session in partnership with Archetype, we explain how a recent paper on Fiat-Shamir security and the GKR protocol works.
zkSecurity offers auditing, research, and development services for cryptographic systems including zero-knowledge proofs, MPCs, FHE, consensus protocols and more.
Learn More →We pointed our AI audit pipeline at Cloudflare's CIRCL experimental cryptography library and confirmed seven real bugs, from a critical float64 precision loss in threshold RSA to a complete access-control break in attribute-based encryption. All seven are now fixed upstream. This is the first post in a series on bugs our agents found across open source cryptography.
zk.golf is a platform where people can compete on creating the most efficient zk circuits for specific problems. It is enabled by what we call "fearless optimization", which is achieved by combining formal verification and frontier AI models. By the end, you will be convinced that nobody should look at constraints ever again in their life.
A month after launching mpcsec.org, we added a searchable tracker of real-world MPC bugs, expanded the pitfall taxonomy, published contribution templates and refreshed the site UI.
Join us for a deep dive into the fascinating world of arithmetization as David from our team breaks down the process of converting logical statements into algebraic forms to create arithmetic circuits, essential for constructing ZK proofs. This unedited recording from our "Proof is in the Pudding" series offers a unique opportunity to grasp these foundational concepts, perfect for anyone keen on unlocking the mechanics behind zero-knowledge proofs. Curious? Check out the session on Archetype's channel!
In our "Proof is in the Pudding" series, hosted with Archetype, we dive into the world of zkTLS, also known as zkOracles, HTTPz, or MPC-TLS. You'll get the inside scoop on various approaches like public oracles, TEE methods such as TownCrier, and hybrid models using MPC protocols. It's a perfect chance to explore cutting-edge TLS technologies and see how they shape secure communication. Check out the recorded session on Archetype's channel!
In the latest session of "Proof is in the Pudding," we teamed up with Archetype to explore the basics of Trusted Execution Environments. Through a collaborative whiteboarding session, we break down key concepts and practical applications, making this tech topic accessible and engaging. Dive in to discover how these environments can enhance digital security in a straightforward way.
Check out our latest blog post where we dive into the world of Zero-Knowledge Proof (ZKP) vulnerabilities, sharing our insights from replicating known ZK circuit weaknesses. We’ve launched a GitHub repo with detailed scripts to help you understand, reproduce, and learn from these vulnerabilities. Discover how this hands-on approach aids in grasping attack vectors, testing fixes, and enriching educational resources. Whether you're a researcher or a developer, this post is packed with info to enhance your knowledge and skills in ZKP security. Plus, find out how you can contribute to expanding this invaluable resource!
If you're into WebAssembly (Wasm) and want to speed up your JavaScript, this blog post is for you! We talk about our journey with Wasm and how we created a TypeScript library called wasmati that lets you write Wasm at the instruction level. You'll get the inside scoop on how this can significantly improve performance, especially for cryptography work. Plus, we showcase a real-world example comparing Wasm and JS bigint performance, proving that Wasm can be over four times faster. Dive in to see how we've combined the flexibility of TypeScript with the power of Wasm for high-performance coding.
Ever wonder how zkApps ensure their execution is spot-on? This post digs into the idea of *boomerang values*, sneaky bugs that can crop up when zkApps mix in-circuit and out-of-circuit logic. We explore how these values disrupt your circuit's trustworthiness, especially when variables are reintegrated unverified. Plus, we share how tools like MIRAI's tag analysis can help spot these issues, making your zkApps more secure. Perfect for anyone into zero-knowledge applications or budding Rust enthusiasts looking for insights on taming complex bugs!