Research & audits
Open research, published audits, threat models in the public.
Research
Zero-knowledge architecture for Bitcoin applications: design patterns
VERIFYThreat model: the adversarial operator →
Client-side double-entry accounting: a TypeScript reference implementation →
Encryption surface mapping for multi-user Bitcoin applications
VERIFYAudits
External cryptographic audit: Cure53 — scope defined, quote pending
VERIFYPeer cryptographic review: [crypto security engineer name, to be filled in once signed]
VERIFYApache 2.0 license verification: matches BDK, Cala, VLS, LDK
Public issue tracker for security disclosures →
Responsible disclosure
Security vulnerabilities: security@bitcoin-zka.org. PGP key published at bitcoin-zka.org/pgp.txt. We acknowledge disclosures within 48 hours and publish post-mortems.
48-hour acknowledgement