Understanding ZK Security Auditing

This week, Anna and Guillermo chat with David Wong, author of the Real-World Cryptography book, and a cofounder zksecurity.xyz - an auditing firm focused on Zero Knowledge technology. They chat about what first got him interested in cryptography, his early work as a security consultant, his work on the Facebook crypto project and the Mina project, zksecurity.xyz, auditing techniques and their efficacy in a ZK context, what common bugs are found in ZK code, and much more. Here’s some additional links for this episode:

• Crypto is not cryptocurrency
• NCC Group
• OCaml website
• Real-World Cryptography book
• Mina Protocol
• 3pages.fr
• The Frozen Heart vulnerability in PlonK | Trail of Bits Blog
• ZK Podcast Episode 284: Using Formal Verification on ZK Systems with Jon Stephens
• zkSecurity Website
• ZK Podcast Episode 257: Proof of Solvency with Kostas Chalkias - ZK Podcast
• ZK Podcast Episode 210: The Road to STARKs and Miden with Bobbin Threadbare - ZK Podcast
• ZK Podcast Episode 76: Sean Bowe on SNARKs, Trusted Setups & Elliptic Curve Cryptography - ZK Podcast

  Check out the ZK Jobs Board for new job opportunities in the run up to the zkSummit 10!   Aleo is a new Layer-1 blockchain that achieves the programmability of Ethereum, the privacy of Zcash, and the scalability of a rollup.   For questions, join their Discord at aleo.org/discord.   If you like what we do:

• Find all our links here! @ZeroKnowledge | Linktree
• Subscribe to our podcast newsletter
• Follow us on Twitter @zeroknowledgefm
• Join us on Telegram
• Catch us on YouTube

Read transcript