Summary: zkSecurity is better cataloged as cryptographic-security R&D infrastructure than as a generic audit firm. Its public reports portal, GitHub organization profile, zkbugs dataset, and technical writeups jointly show a reusable public research layer around audits: high-signal reviews across zero-knowledge circuits, cryptographic primitives, consensus systems, and smart contracts; open-source tools and languages for ZK engineering; and a growing reproducible dataset of real-world ZKP vulnerabilities. That combination makes zkSecurity notable not just for performing audits, but for turning cryptographic assurance work into public technical artifacts other protocol teams can study and reuse.
What it does:
Performs security audits for zero-knowledge protocols, cryptographic algorithms, smart contracts, and related cryptographic systems
Positions its expertise around zero-knowledge proofs, multi-party computation, fully homomorphic encryption, and post-quantum cryptography
Maintains a public audit-reports portal with first-party reports spanning projects such as Aptos Confidential Assets, Ethereum Foundation PeerDAS KZG libraries, Risc Zero Helios, Celo Self, Hyperlane’s Aleo integration, DarkFi, Penumbra, and others
Publishes zkbugs, an open-source dataset for reproducing real-world ZKP vulnerabilities across DSLs including Circom, Halo2, Cairo, Bellperson, Arkworks, PIL, Gnark, Plonky3, and Risc0
Develops open-source cryptography and ZK tooling such as the Noname zk application language, Wasmati, and the zkBank recruiting challenge
Converts audit work into technical writeups explaining circuit-design choices, performance/security tradeoffs, and concrete bug classes, as shown by its Reclaim ChaCha20 report post
Key claims:
The GitHub organization profile says zkSecurity is a security R&D team specializing in advanced cryptography and secure solutions to modern cryptographic challenges
The same profile says the team conducts audits for zero-knowledge protocols, cryptographic algorithms, smart contracts, and more, with expertise spanning ZKP, MPC, FHE, and post-quantum cryptography
The public reports portal shows a large first-party archive covering circuits, consensus, smart contracts, data-availability components, and cryptographic libraries for clients such as StarkWare, Aptos Labs, Ethereum Foundation, Celo, Risc Zero, Matter Labs, Linea, Aleo, and Penumbra
The zkbugs README says the repository includes 139 vulnerabilities and focuses on end-to-end reproducible proofs of how ZKP bugs can be exploited and verified
The zkbugs README says the project gathers issues from audit reports, disclosures, contest findings, and prior academic/security datasets, indicating a dataset-building posture rather than a one-off demo repo
The Reclaim writeup says zkSecurity iterated through multiple audit rounds and helped drive a circuit redesign that produced a secure implementation that was 10% smaller and faster than the earlier word-based approach
Whitepaper: No canonical standalone zkSecurity whitepaper or litepaper surfaced in this pass. The clearest current sources of truth were the public reports portal, the GitHub organization profile, the zkbugs repository, and the technical writeups on the zkSecurity blog; see ../whitepapers/zksecurity-primary-sources-2026-05-07.md.