With the rise of Zero-knowledge proofs as a prominent technology for blockchain privacy and scalability, security becomes paramount. OpenZeppelin has assembled a team of ZKP experts, delivering security audits to top-tier projects including zkSync Era, Scroll, and Linea over the past 2 years. Based on these valuable collaborations, OpenZeppelin is now officially launching the ZKP practice with a range of top-tier services aimed at innovative projects building and operating the top ZKP systems in the world.

As cryptography evolves, new primitives emerge with new challenges and the need for specialized expertise. Zero-knowledge proofs (ZKP) solutions are crucial for streamlining mainstream blockchain adoption by significantly reducing computational load, allowing for scalability with instant transaction finality, and increasing privacy.

Over the past two years, OpenZeppelin has collaborated with top ZK-EVM Ethereum scalability solutions like zkSync Era, Scroll, and Linea and has honed our expertise in auditing ZKP systems—a field marked by its complexity and swift advancement. Our ZKP experience, coupled with our experience in over 400 security audits of smart contract systems, spanning infrastructure, distributed payment networks, financial frameworks, and governance models, gives us the combined expertise to dissect the cryptographic primitives and also ensure they work correctly within an application’s business logic.

By talking to developers at top teams building ZKP systems, we realized that they often question the readiness and reliability of non-production-ready cryptographic libraries, leading to the daunting task of building on top of incomplete systems. It's common to feel unsure about transforming these concerns into actionable steps or to question the efficiency and security of utilizing the existing building blocks. In addition, the combined expertise we’ve assembled in our team is uncommon and teams usually struggle to asses end-to-end security in systems spanning multiple building blocks combined with cryptography.

To bridge these gaps and bring concrete solutions, we’ve assembled a team comprised of some of the foremost experts in both theoretical and applied cryptography. Our team’s expertise spans the full spectrum of cryptographic security with past work on advanced cryptographic ZK designs, widely-used cryptographic implementations in open-source libraries, and the secure application of cryptography in production blockchain systems:

         Oana Ciobotaru

Oana has a background in mathematics and computer science. She holds a PhD in Cryptography from Saarland University and Max Plank Institute for Computer Science, Saarbrucken, Germany. Her experience is in security models and efficient algorithm design. She is co-author of PLONK. She has worked both in academia as well as in industry and has 4+ years of experience of blockchain research (e.g., accountable light clients for secure and efficient blockchain bridges, custom SNARKs, ring vrfs, efficient verification of BLS signatures)

Vesselin Velichkov

ZK cryptography researcher at OpenZeppelin. Holds PhD in symmetric-key cryptography. Co-designer of the Anemoi ZK-friendly hash function, the SPARX family of block ciphers and the SPARKLE family of lightweight cryptographic algorithms. Creator of the YAARX toolkit for analysis of ARX-based symmetric-key algorithms. Married. Father of one.

Sam Wong

Sam is a blockchain security researcher at OpenZeppelin and previously has worked as a developer in the blockchain space. His background is in mathematics and computer science and holds a Master’s degree from Stanford University. While there, he researched a distributed cryptographic signature checking scheme for a new decentralized exchange architecture. Prior to his fascination with crypto, he worked in industry doing machine learning as well as financial modeling. 

Nikesh Nazareth

Nikesh has been a blockchain security researcher at OpenZeppelin for nearly 5 years, with extensive experience auditing many of the major protocols in the space. Before joining OpenZeppelin, he completed a Computer Science and Physics degree, and then spent 6 years evaluating the cryptographic security of commercial and proprietary communication and security systems. In the last few years he has expanded his knowledge in ZKP and other advanced cryptography, and is excited to help bring this technology to  the industry.

The ZKP team, coupled with OpenZeppelin’s extensive blockchain expertise, deep research capabilities, and open-source experience,  provides customers with the ability to ensure the seamless integration and robust interaction of all components of a ZKP system. 

Top-tier services include: 

• We conduct rigorous audits of ZKP and blockchain-related cryptographic components and protocols, ensuring their security, correctness, and alignment with established best practices, such as the PLONKish family of protocols and ZK-hash functions.
• Our team assesses the correctness and security of new or revised protocol designs, providing advice, peer reviews, and publishable security assessments to reinforce the trustworthiness of these specifications.
• We offer expert evaluations on the specialized application of generic protocols tailored to specific use cases.
• Additionally, we review the architecture of protocols employing common blockchain cryptographic building blocks for their security, correctness, and efficiency, enabling us to certify the robustness of our clients’ projects.

 Our experience with ZKPs comprises security audits at different levels of the stack :

• Settlement Layer (verifier,bridge)

• • • ZkSyncEra
    • Scroll L1 
    • Linea L1
    • L2 and bridge smart contracts.

• Sequencinglayer/L2(node,aggregator,sequencer,relayer)

• • • Aggregator and sequencer components for zkSyncEra (bootloader)
    • Scroll bus-mapping written in rust

• Proving layer, ZK libraries, and cryptographic components

• • Linea implementation of PLONK verifier

Enhance the security and efficiency of your Zero-Knowledge Proof (ZKP) system by seeking guidance from an OpenZeppelin experts here.

About OpenZeppelin

Founded in 2015, OpenZeppelin is the world leader in securing blockchain applications and smart contracts. Its bedrock open source Contract Libraries are a public good and industry standard for smart contract development. OpenZeppelin’s professional expertise, unified with the Defender developer security platform, integrates through clients’ development lifecycles, so teams can plan, code, audit, deploy and operate projects faster and more safely.