https://miscreants.github.io/blog.trailofbits.com/authors/marc-ilunga/Recent content in Marc Ilunga on The Trail of Bits BlogHugoen-usFri, 30 May 2025 00:00:00 -0400https://miscreants.github.io/blog.trailofbits.com/2025/05/30/a-deep-dive-into-axioms-halo2-circuits/Fri, 30 May 2025 07:00:00 -0400https://miscreants.github.io/blog.trailofbits.com/2025/05/30/a-deep-dive-into-axioms-halo2-circuits/Over two audits in 2023, we reviewed a blockchain system developed by Axiom that allows computing over the entire history of Ethereum, all verified by zero-knowledge proofs (ZKPs) on-chain using ZK-verified elliptic curve and SNARK recursion operations. This system is built using the Halo2 framework—a complex, emerging technology that presents many challenges when building a secure application, including potential under-constrained issues resulting from its low-level API.https://miscreants.github.io/blog.trailofbits.com/2025/01/28/best-practices-for-key-derivation/Tue, 28 Jan 2025 09:00:18 -0500https://miscreants.github.io/blog.trailofbits.com/2025/01/28/best-practices-for-key-derivation/Key derivation is essential in many cryptographic applications, including key exchange, key management, secure communications, and building robust cryptographic primitives. But it’s also easy to get wrong: although standard tools exist for different key derivation needs, our audits often uncover improper uses of these tools that could compromise key security. Flickr’s API […]https://miscreants.github.io/blog.trailofbits.com/2024/03/05/cryptographic-design-review-of-ockam/Tue, 05 Mar 2024 09:00:38 -0500https://miscreants.github.io/blog.trailofbits.com/2024/03/05/cryptographic-design-review-of-ockam/In October 2023, Ockam hired Trail of Bits to review the design of its product, a set of protocols that aims to enable secure communication (i.e., end-to-end encrypted and mutually authenticated channels) across various heterogeneous networks. A secure system starts at the design […]