Privacy is often treated as a feature or a promise. Add encryption, write a policy, or comply with a regulation, and privacy is assumed to follow. Our work this past year reinforced our longstanding core principle: privacy holds when it is enforced by system design. When privacy depends on process,
Overview Recently, we encountered a situation that underscored the importance of verifiable transparency. A modified version of one of our audit reports was shared online through an unauthorized link pointing to a URL designed to resemble our official domain. We identified and addressed the issue promptly, but the incident reinforced
Our team performed a security audit of the Confidential Transfer component of the Solana Token-2022 program. The project, combining the Token-2022 extensions with the zk-elGamal/zk‐sdk, delivers privacy‐preserving token operations while keeping balances and transaction validity cryptographically verifiable via homomorphic twisted ElGamal and Bulletproofs‐based range proofs. Our final audit report was
Least Authority reviewed the changes made to Zebra that will be introduced in the NU6.1 network upgrade. The Zebra project is a Rust implementation of a Zcash node, developed by the Zcash Foundation as an alternative to the reference zcashd client. Its core functionality centers on validating blocks, enforcing consensus
Privacy’s Newest Threat. It’s no secret that in today’s digital economy, an era in which data is the new oil, entities are collecting, sharing, and analyzing personal information at an unprecedented scale. Privacy laws establish strict obligations on how entities safeguard personal data. However, data protection laws often do not
What if Privacy Were the Default? Most digital services still require accounts, personal data, and behavioral tracking permissions, even for simple actions. It’s often assumed that convenience depends on identity. But that assumption is outdated. Tools like anonymous credentials make it possible to build services where an identifying profile is
Aligned Layer is a verification layer for zero-knowledge proofs using Eigen Layer. Our team recently performed a security audit of the Aligned Layer system as part of a multi-firm audit, targeting Aligned Layer version 0.4.0. In this review, we performed a follow-up audit, focusing on the changes between Aligned Layer
Our team performed a security audit of the Rabby Wallet Mobile Application, which supports multiple hardware and software wallets for the Ethereum blockchain. The mobile application can manage and host dApps from numerous providers and enables users to interact with the hosted dApps through a unified interface. We previously audited