We performed a security audit of TACEO’s OPRF Noir circuits within their OPRF service, which provides publicly verifiable, privacy-preserving nullifiers via a verifiable threshold OPRF (Oblivious Pseudorandom Function). Our final audit report was completed on January 26, 2026. To read the full report, including our findings, click here: Report
We performed a security audit of the upgraded version of TACEO’s Circom circuits used in their Nullifier Oracle service, which implements publicly verifiable, privacy-preserving nullifiers through a verifiable threshold OPRF (Oblivious Pseudorandom Function). Our final audit report was completed on January 26, 2026. To read the full report, including our
Privacy is often treated as a feature or a promise. Add encryption, write a policy, or comply with a regulation, and privacy is assumed to follow. Our work this past year reinforced our longstanding core principle: privacy holds when it is enforced by system design. When privacy depends on process,
Recently, we encountered a situation that underscored the importance of verifiable transparency. A modified version of one of our audit reports was shared online through an unauthorized link pointing to a URL designed to resemble our official domain. We identified and addressed the issue promptly, but the incident reinforced why
Our team performed a security audit of the Confidential Transfer component of the Solana Token-2022 program. The project, combining the Token-2022 extensions with the zk-elGamal/zk‐sdk, delivers privacy‐preserving token operations while keeping balances and transaction validity cryptographically verifiable via homomorphic twisted ElGamal and Bulletproofs‐based range proofs. Our final audit report was
White Noise has requested that Least Authority perform a review of the Marmot Protocol and conduct security audits of both MDK and White Noise in three phases. Marmot combines the MLS (Messaging Layer Service) Protocol with Nostr’s decentralized network to provide private group messaging without relying on centralized servers or
Least Authority reviewed the changes made to Zebra that will be introduced in the NU6.1 network upgrade. The Zebra project is a Rust implementation of a Zcash node, developed by the Zcash Foundation as an alternative to the reference zcashd client. Its core functionality centers on validating blocks, enforcing consensus
Data protection laws often do not apply to the lesser-known category of “anonymous data”. There are misleading claims and new risks. Privacy’s Newest Threat It’s no secret that in today’s digital economy, an era in which data is the new oil, entities are collecting, sharing, and analyzing personal information at