🚨 Problem: Industry adoption of Zero-knowledge (ZK) technology is growing, but latent soundness and completeness bugs pose an existential financial and reputational risk for widespread success and adoption.
🧩 Challenge: These bugs are particularly challenging to detect due to the inherent complexity and sophisticated optimizations present in state-of-the-art ZK stacks (ZK DSL, zkVMs, etc.).
🔨 Solution: Our pioneering fuzzers specifically target this class of critical bugs and have already demonstrated their effectiveness by finding more than 25 bugs in widely-used systems, such as Circom, Corset, Jolt, Gnark, Nexus, Noir, and RISC Zero.
📢 Reach out to discuss how we can keep your mission-critical ZK infrastructure safe!
Established in 2023 by Maria Christakis (TU Wien) and Valentin Wüstholz (Diligence Security), the ZeKurity Research Center is a joint initiative to address one of the biggest hurdles for widespread adoption of ZK systems: critical bugs that pose existential financial and reputational risk for developers and users.
Our mission is to develop effective techniques for detecting such critical bugs in complex ZK stacks that are challenging to detect using traditional security processes, such as manual audits and bug-bounty programs, or even more experimental and expensive processes, such as formal verification.
We have pioneered how to use fuzzing, a well-established security technique, to find the most elusive class of bugs in ZK technology stacks.