David Wong

cryptologie.net

cryptography, security, and random thoughts

Hey! I'm David, cofounder of zkSecurity, advisor at Archetype, and author of the Real-World Cryptography book. I was previously a cryptography architect of Mina at O(1) Labs, the security lead for Libra/Diem at Facebook, and a security engineer at the Cryptography Services of NCC Group. Welcome to my blog about cryptography, security, and other related topics.

← back to all posts

Looking for a cryptography audit? Here's where to go

blog

I get the same email often enough (“hey, we’re shipping some crypto, who do we talk to?”) that I figured I’d just write the answer down once.

So here’s the answer: if you’re building anything that touches cryptography and you want someone to look at it before it goes live, reach out to zkSecurity.

For the newer readers: a few years ago I cofounded zkSecurity, and what started as a “let’s audit ZK circuits” shop has grown into something much broader. We audit advanced cryptography in general now (ZK, sure, but also MPC, FHE, TEEs, threshold signatures, consensus protocols, post-quantum, and the boring primitives everyone gets wrong), we do formal verification for when “we reviewed it carefully” isn’t good enough, and we do development and design work too. The team is world-class, a mix of researchers, hardcore devs, and CTF people. Most of them are more qualified than me, which is exactly the situation you want when you’re handing off code you care about =)

There’s a second answer I’ve started giving lately too: zkAO, an AI tool we built that finds bugs in cryptographic codebases.

I want to be careful here, because everyone is slapping “AI” on a landing page right now and most of it is noise. But I’ve been doing this for over a decade, and I’ll just say it: I think zkAO is the best tool out there right now for finding cryptography bugs in real codebases.

Crypto bugs aren’t your average off-by-one. They’re things like a missing range check, a reused nonce, an unvalidated subgroup, a constraint that’s underconstrained. Off-the-shelf tools just miss these, because they don’t understand the cryptography. zkAO does, and that’s the whole point of it.

It’s not a replacement for a real audit. But it finds a lot of bugs cheaply and early, and it’s good enough that we use it ourselves on our own audits.

So if you’re shipping crypto: zksecurity.xyz for the audits and the formal verification, zkao.io to throw an AI bug-finder at your codebase and see what falls out.

Anyway, that’s the pitch.

← back to all posts blog • 2026-06-15
currently reading:
Looking for a cryptography audit? Here's where to go
06-15 blog
📖 my book
Real-World Cryptography is available from Manning Publications.
A practical guide to applied cryptography for developers and security professionals.
🎙️ my podcast
Two And A Half Coins on Spotify.
Discussing cryptocurrencies, databases, banking, and distributed systems.
📺 my youtube
Cryptography videos on YouTube.
Video explanations of cryptographic concepts and security topics.