← All programs
ZKP-401Expert68h · 8 weeks (self-paced)
Zero-Knowledge Circuit & Protocol Security
The first rigorous ZK security program. Circuit review across Circom, Noir, and Halo2; under-constrained bugs and missing range checks; soundness, completeness, and zero-knowledge property analysis; trusted-setup ceremony review; and ZK-rollup threat modelling from prover to data-availability layer.
01 · Outcomes
What you will be able to do.
- 01Audit Circom, Noir, and Halo2 circuits with a security-first lens
- 02Detect under-constrained signals and missing range checks
- 03Reason about soundness, completeness, and the zero-knowledge property
- 04Review trusted-setup ceremonies and MPC parameter generation
- 05Threat-model a full ZK-rollup from prover to DA layer
02 · Syllabus
What you will cover.
Week 1
Mathematical Foundations for ZK Audit
- →Finite fields, elliptic curves, polynomial commitments
- →From R1CS to PLONKish arithmetisation
- →A working mental model of KZG and FRI
Week 2-3
Circuit Languages & Common Bug Classes
- →Circom, Noir, and Halo2 — syntax and foot-guns compared
- →Under-constrained signals, missing range checks, aliasing
- →Non-determinism and the witness/constraint asymmetry
Week 4-5
Soundness & Completeness Analysis
- →Proving soundness of a custom gate by hand
- →Fuzzing circuits with Picus and Coda
- →Writing proof-level specifications with ease of review
Week 6
Trusted-Setup Ceremonies
- →Powers-of-tau structure and MPC parameter generation
- →Toxic waste, contributor verification, and reproducibility
- →Reviewing a ceremony transcript end-to-end
Week 7
ZK-Rollup Security
- →Prover, verifier, sequencer: a layered threat model
- →Data availability and the escape hatch problem
- →Upgrade governance and proof-system liveness risks
Week 8
Case Studies & Capstone
- →Walkthrough of a real under-constrained bug in production
- →Capstone: full audit of a non-trivial Circom circuit
- →Reporting findings for a mixed cryptographer + dev audience
Tools
- • Circom
- • Noir
- • Halo2
- • arkworks
- • Circomspect
- • Picus
- • Coda
Who it's for
- Smart-contract auditors moving into ZK
- Cryptography engineers working on SNARK and STARK systems
- Security engineers at rollup and zk-app teams
Prerequisites
- Completion of SCA-201 or strong smart-contract audit background
- Working knowledge of abstract algebra (finite fields, polynomials)
- Familiarity with at least one circuit language (Circom, Noir, Halo2)
Ready?