Announcing the OpenZeppelin Zero Knowledge Proofs (ZKP) Practice

With the rise of Zero-knowledge proofs as a prominent technology for blockchain privacy and scalability, security has become paramount. OpenZeppelin has assembled a team of ZKP experts, delivering security audits to top-tier projects including zkSync Era, Scroll, and Linea over the past 2 years. Based on these valuable collaborations, OpenZeppelin is officially launching the ZKP practice with a range of top-tier services aimed at innovative projects building and operating the top ZKP systems in the world.

As cryptography evolves, new primitives emerge with new challenges and the need for specialized expertise. Zero-knowledge proofs (ZKP) solutions are crucial for streamlining mainstream blockchain adoption by significantly reducing computational load, allowing for scalability with instant transaction finality, and increasing privacy.

Over the past two years, OpenZeppelin has collaborated with top ZK-EVM Ethereum scalability solutions like zkSync Era, Scroll, and Linea and has honed our expertise in auditing ZKP systems—a field marked by its complexity and swift advancement. Our ZKP experience, coupled with our experience in over 400 security audits of smart contract systems, spanning infrastructure, distributed payment networks, financial frameworks, and governance models, gives us the combined expertise to dissect the cryptographic primitives and also ensure they work correctly within an application’s business logic.

By talking to developers at top teams building ZKP systems, we realized that they often question the readiness and reliability of non-production-ready cryptographic libraries, leading to the daunting task of building on top of incomplete systems. It's common to feel unsure about transforming these concerns into actionable steps or to question the efficiency and security of utilizing the existing building blocks. In addition, the combined expertise we’ve assembled in our team is uncommon and teams usually struggle to asses end-to-end security in systems spanning multiple building blocks combined with cryptography.

To bridge these gaps and bring concrete solutions, we’ve assembled a team comprised of some of the foremost experts in both theoretical and applied cryptography. Our team’s expertise spans the full spectrum of cryptographic security with past work on advanced cryptographic ZK designs, widely-used cryptographic implementations in open-source libraries, and the secure application of cryptography in production blockchain systems:

         Oana Ciobotaru

Oana is a cryptography researcher at OpenZeppelin. She has a background in mathematics and computer science. She holds a PhD in Cryptography from Saarland University and Max Plank Institute for Computer Science, Saarbrucken, Germany. Her experience is in security models and efficient algorithm design. She is a co-author of PLONK. She has worked both in academia as well as in industry and has 4+ years of experience in blockchain research (e.g., accountable light clients for secure and efficient blockchain bridges, custom SNARKs, ring vrfs, and efficient verification of BLS signatures).

Vesselin Velichkov

Vesselin is a ZK cryptography researcher at OpenZeppelin. He holds a PhD in cryptography from KU Leuven, Belgium. His expertise is symmetric-key cryptography with more than 1000 citations in the area. Vesselin is a co-designer of one of the finalists in the competition for a new lightweight cryptography standard organized by NIST -- the block cipher family SPARKLE and of the first ARX block cipher with provable security bounds -- SPARX. In the past couple of years, Vesselin became interested in Zero-Knowledge cryptography in the context of blockchain and contributed to the design of a new ZK-friendly hash function, called Anemoi. Vesselin has significant experience as a software engineer, having worked for several Web3 Layer 2 start-ups, contributing to the Libsnark C++ library for zkSNARKs and being the creator of the YAARX toolkit for analysis of ARX-based cryptographic algorithms.

Sam Wong

Sam is a blockchain security researcher at OpenZeppelin and has previously worked as a blockchain developer. His background is in mathematics and computer science and he holds a Master’s degree from Stanford University. While there, he researched a distributed cryptographic signature-checking scheme for a new decentralized exchange architecture. Prior to his fascination with crypto, he worked in the industry doing machine learning as well as financial modelling. 

Nikesh Nazareth

Nikesh has been a blockchain security researcher at OpenZeppelin for nearly 5 years, with extensive experience auditing many of the major protocols in the space. Before joining OpenZeppelin, he completed a Computer Science and Physics degree and then spent 6 years evaluating the cryptographic security of commercial and proprietary communication and security systems. In the last few years, he has expanded his knowledge in ZKP and other advanced cryptography, and is excited to help bring this technology to the industry.

The ZKP team, coupled with OpenZeppelin’s extensive blockchain expertise, deep research capabilities, and open-source experience,  provides customers with the ability to ensure the seamless integration and robust interaction of all components of a ZKP system. 

Top-tier services include: 

  • We conduct rigorous audits of ZKP and blockchain-related cryptographic components and protocols, ensuring their security, correctness, and alignment with established best practices, such as the PLONKish family of protocols and ZK-hash functions.
  • Our team assesses the correctness and security of new or revised protocol designs, providing advice, peer reviews, and publishable security assessments to reinforce the trustworthiness of these specifications.
  • We offer expert evaluations on the specialized application of generic protocols tailored to specific use cases.
  • Additionally, we review the architecture of protocols employing common blockchain cryptographic building blocks for their security, correctness, and efficiency, enabling us to certify the robustness of our clients’ projects.

 Our experience with ZKPs comprises security audits at different levels of the stack :

  • Settlement Layer (verifier, bridge)
      • ZkSyncEra
      • Scroll L1 
      • Linea L1
      • L2 and bridge smart contracts.
  • Sequencing Layer (node, aggregator, sequencer, relayer)
      • Aggregator and sequencer components for zkSyncEra (bootloader)
      • Scroll bus-mapping written in rust
  • Proving layer, ZK libraries, and cryptographic components
    • Linea implementation of PLONK verifier

Enhance the security and efficiency of your Zero-Knowledge Proof (ZKP) system by seeking guidance from OpenZeppelin experts here.

About OpenZeppelin

Founded in 2015, OpenZeppelin is the world leader in securing blockchain applications and smart contracts. Its bedrock open source Contract Libraries are a public good and industry standard for smart contract development. OpenZeppelin’s professional expertise, unified with the Defender developer security platform, integrates through clients’ development lifecycles, so teams can plan, code, audit, deploy and operate projects faster and more safely.