Zero Knowledge proofs are revolutionizing blockchain privacy and scalability, with billions of dollars locked in ZK rollup systems like zkSync, Polygon, and Scroll. But with great power comes great responsibility for security. In this comprehensive workshop, Laurence Kirk from Extropy guides you through the essential security considerations when working with ZK proof systems.

Perfect for Beginners: No prior ZK experience required! This workshop builds from first principles, covering fundamental ZK concepts, essential security properties (completeness, soundness, zero-knowledge), and practical auditing techniques. You'll learn about the major vulnerabilities that have been discovered in real ZK systems and how to identify them.

Real-World Focus: Based on actual audit findings from major ZK protocols, this workshop covers the most common vulnerability patterns, from under-constrained circuits to overflow issues in finite field arithmetic. Perfect preparation for anyone looking to understand or audit ZK systems.

• ZK Fundamentals: Essential properties of ZK systems - completeness, soundness, and zero-knowledge
• Major ZK Protocols: Overview of zkEVM systems (zkSync, Polygon, Scroll) vs custom execution environments (Starknet, Aztec)
• Circuit Security: Understanding under-constrained circuits - the #1 vulnerability in ZK systems
• Finite Field Arithmetic: Overflow/underflow vulnerabilities and range constraint requirements
• Common Attack Vectors: Breaking privacy, creating false proofs, and exploiting nondeterministic circuits
• Audit Methodologies: Systematic approaches based on real audit findings from Trail of Bits and other firms
• Practical Tools: Static analysis and formal verification tools for ZK circuit security
• Real Vulnerability Examples: Analysis of actual bugs found in production ZK systems

This workshop provides a comprehensive introduction to Zero Knowledge security, covering the massive value at stake in ZK rollup systems and why security is critical. We explore the dual nature of ZK systems - computational integrity (proving correct execution) and privacy preservation - and how each creates unique security challenges.

From Theory to Practice: Starting with the prover-verifier interaction model, we dive into the three essential properties every ZK system must maintain: completeness (honest provers succeed), soundness (dishonest provers fail), and zero-knowledge (privacy is preserved). You'll see real examples of how these properties can be broken and the devastating consequences.

Real Audit Insights: Based on actual vulnerability research and audit findings, this workshop reveals that the majority of ZK security issues stem from circuit-level problems, particularly under-constrained circuits. You'll learn to think like an auditor, understanding how insufficient constraints can allow malicious provers to create false proofs that pass verification.

Practical Security Focus: Through concrete examples in Circom and higher-level DSLs, you'll see common patterns like overflow vulnerabilities in finite field arithmetic, nondeterministic circuits, and privacy leaks. Perfect preparation for anyone working with or auditing ZK systems in the rapidly growing ecosystem.

• Smart Contract Developers transitioning to ZK rollup development (zkEVM, Starknet, Aztec)
• Security Auditors expanding into ZK protocol and circuit auditing
• Protocol Engineers working on ZK rollup infrastructure and applications
• DeFi Teams building on ZK rollups and needing security awareness
• Researchers & Students seeking practical ZK security knowledge beyond theory
• Crypto Enthusiasts wanting to understand the security of ZK systems they use
• Anyone curious about the billions locked in ZK rollups and how they stay secure