Cryptography Security
ZK circuits, FHE, MPC, and the cryptographic primitives in production. The layer where one underconstrained signal forges proofs indistinguishable from legitimate withdrawals.
Cryptographic code is the hardest to audit and the most dangerous to get wrong. A single underconstrained signal in a ZK circuit lets an attacker forge proofs and drain a protocol — and the on-chain footprint looks identical to a legitimate transaction. 96% of documented SNARK bugs trace to this one class. FHE is moving from research to production faster than it’s being reviewed. MPC secures billions in institutional custody. In each case, the distance between the cryptographic paper and the production implementation is exactly where vulnerabilities live.
[CRYPTOGRAPHY]
[Fig. 01]
TEAM
Senior Researchers. Every Engagement.
Hexens security researchers are CTF champions, bug bounty leaderboard veterans, and engineers who’ve spent careers breaking systems that weren’t supposed to break.
No junior bench, no rotation, no learning on your codebase.
Credentials earned, not collected.
TOOLING
Security Engineers X Frontier AI
Rigorous, line-by-line review — extended by frontier AI as a force multiplier. The engineer brings the judgment. The model removes the ceiling on what that judgment can reach.
Deeper analysis of individual findings.
More adversarial test cases per surface.
Broader code path exploration.
METHOD
Two Independent Teams. In Parallel.
Two senior security teams run against the same target in parallel, pairing manual review with frontier AI as a force multiplier. Where findings overlap, you have confirmation. Where they diverge, you’ve caught what a single-team audit would have missed.
Beyond scope by default.
Engagements are exclusive.
Retesting, included.
OUTCOME
Findings that hold up to a post-mortem.
The audits that matter are the ones still defensible after something goes wrong. None of ours have been tested that way.
- $120 BLN+In digital assets protected
- Zeropost-audit exploits across 300+ engagements
- 91%client retention rate
- 90%of reports contain critical or high-severity findings
Coverage that neither security engineers nor frontier AI could deliver alone.
ZK Circuit Security Audit
Comprehensive security review of zero-knowledge circuits across Circom, Halo2, Gnark, Zokrates, Cairo, Noir, and other proving frameworks. We assess constraint soundness, completeness, witness generation logic, and the full chain from high-level circuit specification to compiled constraint system. Our engineers test for underconstrained circuits, the dominant vulnerability class responsible for 96% of documented SNARK bugs, overconstrained circuits, computation and hint errors, field arithmetic overflow, and trusted setup integrity.
AI-augmented analysis enables our researchers to explore constraint systems more exhaustively. Generating adversarial witnesses, reasoning about constraint interactions across large circuits, identifying patterns that static analysis and manual review alone would miss.
Frameworks: Circom, Halo2, Gnark, Zokrates, Cairo, Noir, and custom proving systems.
Proving System Implementation Review
Security assessment of the proving system layer itself: polynomial commitment schemes, verification key generation, proof construction logic, and the interaction between application circuits and the underlying proof system. We evaluate implementations of Groth16, PLONK, PLONK-ish variants, STARKs, and custom constructions. This includes assessment of trusted setup ceremonies, verification contract correctness, and recursive proof composition. The FOOMCASH exploit demonstrated that a single parameter misconfiguration in a Groth16 verifier, two elliptic curve constants set to the same value, can allow arbitrary proof forgery.
FHE Implementation Review
Security review of fully homomorphic encryption implementations. Scheme correctness, noise budget management, parameter selection, key generation, bootstrapping operations, and the boundary between encrypted and plaintext domains. As FHE moves from research to production in confidential DeFi, encrypted computation, and privacy-preserving AI, the gap between theoretical scheme security and implementation correctness is where vulnerabilities emerge. We assess implementations across TFHE, BGV, BFV, CKKS, and hybrid schemes, including the application-layer logic that processes encrypted outputs and makes decisions based on FHE computation results.
Relevant to: FHE-powered blockchain protocols (Fhenix, Inco, Zama ecosystem), confidential smart contract platforms, privacy-preserving AI systems, any application performing computation on encrypted data.
MPC Protocol Security Assessment
Security review of multi-party computation protocol implementations. Distributed key generation, threshold signature schemes, secret sharing correctness, communication channel security, and adversary model validation. MPC secures billions in institutional digital assets through wallet infrastructure and custody solutions. The distance between a peer-reviewed protocol paper and a production implementation is where vulnerabilities live: missing zero-knowledge proofs in signing rounds, incorrect threshold enforcement, key share refresh vulnerabilities, and side-channel leakage during distributed computation. We assess implementations against their specified adversary models and security proofs.
Relevant to: MPC wallet providers, institutional custody platforms, exchanges using threshold signature schemes, bridge signer sets, DAO treasury management, any application using distributed key management.
Cryptographic Primitive Implementation Audit
Security assessment of cryptographic primitive implementations. Elliptic curve operations, hash functions (Poseidon, Pedersen, MiMC, Blake, SHA-3), commitment schemes, signature schemes, and field arithmetic libraries. We evaluate implementations for correctness, side-channel resistance, constant-time execution, and adherence to specification. Custom or modified primitives receive particular scrutiny. The most dangerous vulnerabilities often appear in standard primitives adapted for a specific use case without full understanding of the security implications.
Trusted Execution Environment (TEE) Security
Security review of TEE-based applications and attestation mechanisms. Intel SGX, AMD SEV, ARM TrustZone, and TDX implementations. We assess enclave design, attestation verification, side-channel resistance, secure boot chains, and the boundary between trusted and untrusted execution domains. TEE security is increasingly relevant as blockchain infrastructure relies on secure enclaves for key management, MEV protection, oracle computation, and confidential transaction processing.
Post-Quantum Cryptography Assessment
Security review of post-quantum cryptographic implementations being adopted in preparation for quantum computing threats. Lattice-based schemes, hash-based signatures, and hybrid classical/post-quantum constructions require careful implementation review. FHE is inherently quantum-resistant due to its lattice-based foundations as the post-quantum transition accelerates, systems built on FHE and lattice cryptography need implementation-level security assurance, not just scheme-level confidence.
Researchers who think in constraints.
A dedicated cryptography discipline, not an extension of a smart contract audit team. Our researchers come from abstract algebra, number theory, and formal constraint reasoning — the mathematics ZK, FHE, and MPC are actually built on.
We delivered the first independent zkEVM audit before the industry had established how to audit zero-knowledge execution environments. The capabilities above are the surface; the depth comes from a team that reads constraint systems the way other auditors read business logic.
[42]
[Fig. 02]
