Featured
ZK/SEC
August 31, 2023
1 min read
announcement
educative
zk
Catch our cofounder David Wong on the latest episode of Node Guardians, where he chats about ZK security with Sam. Dive into the intriguing world of blockchain auditing, uncover the role math plays, and explore how auditors tackle challenges and rate vulnerabilities. Plus, get insights into the usefulness of formal verification. It's a must-watch for anyone curious about the future of ZK and the nitty-gritty of blockchain security!
Read →
ZK/SEC
August 30, 2023
1 min read
announcement
zk
Join our cofounder David Wong on the latest zk podcast as he dives into his compelling journey through cryptography, from his early days as a security consultant to his pivotal roles in major projects like Facebook's crypto initiatives and Mina. Get an insider's view on how we approach auditing in a Zero Knowledge context, the common pitfalls in ZK code, and how these insights shape our work. It's an engaging and informative chat for anyone fascinated by the world of cryptography and ZK technology!
Read →
ZK/SEC
August 27, 2023
1 min read
announcement
zk
We're gearing up for this year's ZPrize competition, where we'll be hosting the High Throughput Signature Verification category. This challenge is all about creating the most efficient signature verification circuit using Aleo's Varuna proof system. Participants will work with ECDSA on the Bitcoin and Ethereum curve and the Ethereum hash function, keccak256. It's a great chance to dive into some of the hottest problems in arithmetic circuits and optimize cryptographic algorithms. If you're curious about pushing the boundaries in ZK, join us and share your feedback on our prize specification through our Discord channel.
Read →
ZK/SEC
August 26, 2023
2 min read
announcement
tools
security
zk
circom
Dive into our exploration of Circomscribe, a nifty tool designed to illuminate the mysterious process of how your Circom code gets translated into constraints. We share insights from our experience with Circom circuit audits, highlighting common pitfalls developers face when their high-level intentions meet low-level reality. By showcasing how Circomscribe can help visualize this transition, we aim to empower developers to craft more bug-free, secure ZK applications. If you're keen on understanding the inner workings of Circom and enhancing your coding prowess, this post is your guide.
Read →
ZK/SEC
August 25, 2023
10 min read
announcement
MPC
Ever wonder how zkApps ensure their execution is spot-on? This post digs into the idea of *boomerang values*—sneaky bugs that can crop up when zkApps mix in-circuit and out-of-circuit logic. We explore how these values disrupt your circuit's trustworthiness, especially when variables are reintegrated unverified. Plus, we share how tools like MIRAI's tag analysis can help spot these issues, making your zkApps more secure. Perfect for anyone into zero-knowledge applications or budding Rust enthusiasts looking for insights on taming complex bugs!
Read →
ZK/SEC
August 24, 2023
14 min read
security
zk
audit
We conducted an audit of Penumbra's main circuits and found eight issues, including the critical "double spend" and "double vote" bugs, which the Penumbra team promptly fixed. Our findings highlight Penumbra's robust documentation and code testing. Readers will get insights into how Penumbra uses zero-knowledge proofs for privacy, its decentralized exchange features, and its governance model. The post also provides detailed pseudocode for various cryptographic protocols, emphasizing how Penumbra ensures secure and private transactions. It's a deep dive into the technical details for those intrigued by privacy-focused blockchain technologies.
Read →
David Wong
July 02, 2023
13 min read
security
zk
Last week, a surprising paper revealed a major vulnerability in Microsoft's Nova, a leading zero-knowledge proof (ZKP) system, that showcased a false computation with a valid proof. This discovery is especially intriguing given the complexity and robustness typically associated with ZKP systems. We had just launched our company to tackle bugs in ZKP frameworks, and while we anticipated issues, complete breakdowns of systems themselves are rare. Nova's issue revolved around cycles of elliptic curves, showing how small implementation oversights in complex cryptographic systems can lead to significant errors. This post dives into the intricate mechanics of Nova and the discovery process, offering a fascinating glimpse into why rigorous specifications are crucial in cryptography.
Read →
David Wong
June 03, 2023
3 min read
announcement
tools
zk
Zero-knowledge apps are evolving, and we've been diving into their two main forms: VM instructions and arithmetic circuits. Understanding the "assembly" layer is crucial for developers, especially when optimizing and ensuring security. We’ve played around with a new toy language called **noname**, blending Golang and Rust vibes to make zkApps more understandable. With **noname**, you get detailed insights about how your code translates into gates, offering a clearer picture of the underlying "assembly" and helping pinpoint compiler bugs. If you're curious about enhancing your low-level programming skills or peeking into circuit construction, check out our experiments and see if this inspires you to create better debugging tools!
Read →
Gregor Mitscha-Baude
June 02, 2023
25 min read
security
zk
audit
If you're into WebAssembly (Wasm) and want to speed up your JavaScript, this blog post is for you! We talk about our journey with Wasm and how we created a TypeScript library called wasmati that lets you write Wasm at the instruction level. You'll get the inside scoop on how this can significantly improve performance, especially for cryptography work. Plus, we showcase a real-world example comparing Wasm and JS bigint performance, proving that Wasm can be over four times faster. Dive in to see how we've combined the flexibility of TypeScript with the power of Wasm for high-performance coding.
Read →
Brandon Kase
June 01, 2023
9 min read
educative
security
zk
Curious about diving into zero-knowledge (ZK) application development? Our blog post is here to guide you through the common security pitfalls and mindset shifts essential for tackling ZK programming. We reflect on our journey from the early days of Mina Protocol to the dynamic space today, filled with tools like SnarkyJS and newer approaches to split the prover and verifier roles effectively. Discover the errors to avoid, like under-constraining data and letting divisors slip through unchecked, and learn how a solid review and audit process can save your ZK applications from disastrous security issues. Dive in to get the insights you need to navigate the ZK landscape confidently!
Read →