Cryptography Security
Security audits for zero-knowledge circuits, fully homomorphic encryption implementations, multi-party computation protocols, and cryptographic primitives deployed in production. The mathematical layer where most auditors stop. The layer where the costliest bugs live.
Cryptographic systems are the hardest code to audit and the most dangerous code to get wrong.
A single underconstrained circuit lets an attacker forge proofs and drain a protocol in one transaction, indistinguishable from a legitimate withdrawal. One protocol lost $2.3M in early 2026 because a verifier had two elliptic curve parameters set to the same value. Research shows that 96% of documented bugs in SNARK-based systems stem from underconstrained circuits. ZK audits surface critical findings at roughly twice the rate of standard smart contract audits. And the tooling to catch these bugs is still in its infancy compared to what exists for Solidity.
FHE is moving from research to production. Confidential DeFi, encrypted on-chain computation, privacy-preserving AI inference. Deployments are outpacing reviews. MPC wallet infrastructure secures billions in institutional digital assets, and the gap between the cryptographic paper and the production implementation is where the vulnerabilities live.
Hexens performed the first independent security audit of a zkEVM, Polygon's, before the industry had established how to audit zero-knowledge execution environments. Our cryptography researchers operate at the level of constraint systems, field arithmetic, polynomial commitments, and proving system internals.
They are armed with frontier AI models that enable exhaustive exploration of constraint systems. Reasoning about circuit behavior across thousands of gates, generating adversarial witness candidates, identifying underconstraint patterns that manual analysis alone would take weeks to surface.
This is not an add-on to a smart contract audit practice. This is a dedicated cryptography security discipline staffed by researchers who think in constraints and polynomials, not in Solidity.
Our engineers hold OSCP, OSWE, OSEP, OSED, OSMR, OSCE3, ISO27001 LA and CRTL certifications - and more importantly, they apply those skills in the context of blockchain-specific threat models that traditional pentesting firms don't understand.
[CRYPTOGRAPHY]
[Fig. 01]
[01]
Operators
Who runs the engagement
Hexens security researchers are CTF champions, bug bounty leaderboard veterans, and engineers who've spent careers breaking systems that weren't supposed to break.
[02]
Tooling
What they operate with
They are now armed with frontier-class models, the same class of technology that powers the systems they're testing, operating as force multipliers under their direction.
[03]
Method
How the two combine
The difference is not incremental. Senior engineers do rigorous manual review simultaneously, directing a frontier model to find the vulnerability that exists at the intersection of systems, and an assumption nobody documented.
[04]
Outcome
What it produces
Coverage that would take a team months is now coverable in a week - with deeper analysis, more adversarial test cases, and broader code path exploration than either could achieve alone.
Traditional Engagement
Months of team time
Hexens · AI-Augmented
One week end-to-end
Δ 01
Deeper analysis of individual findings
Δ 02
More adversarial test cases per surface
Δ 03
Broader code path exploration
This is not automation replacing judgment.
- It is the ceiling on what expert judgment can reach.
ZK Circuit Security Audit
Comprehensive security review of zero-knowledge circuits across Circom, Halo2, Gnark, Zokrates, Cairo, Noir, and other proving frameworks. We assess constraint soundness, completeness, witness generation logic, and the full chain from high-level circuit specification to compiled constraint system. Our engineers test for underconstrained circuits, the dominant vulnerability class responsible for 96% of documented SNARK bugs, overconstrained circuits, computation and hint errors, field arithmetic overflow, and trusted setup integrity.
AI-augmented analysis enables our researchers to explore constraint systems more exhaustively. Generating adversarial witnesses, reasoning about constraint interactions across large circuits, identifying patterns that static analysis and manual review alone would miss.
Frameworks: Circom, Halo2, Gnark, Zokrates, Cairo, Noir, and custom proving systems.
Proving System Implementation Review
Security assessment of the proving system layer itself: polynomial commitment schemes, verification key generation, proof construction logic, and the interaction between application circuits and the underlying proof system. We evaluate implementations of Groth16, PLONK, PLONK-ish variants, STARKs, and custom constructions. This includes assessment of trusted setup ceremonies, verification contract correctness, and recursive proof composition. The FOOMCASH exploit demonstrated that a single parameter misconfiguration in a Groth16 verifier, two elliptic curve constants set to the same value, can allow arbitrary proof forgery.
FHE Implementation Review
Security review of fully homomorphic encryption implementations. Scheme correctness, noise budget management, parameter selection, key generation, bootstrapping operations, and the boundary between encrypted and plaintext domains. As FHE moves from research to production in confidential DeFi, encrypted computation, and privacy-preserving AI, the gap between theoretical scheme security and implementation correctness is where vulnerabilities emerge. We assess implementations across TFHE, BGV, BFV, CKKS, and hybrid schemes, including the application-layer logic that processes encrypted outputs and makes decisions based on FHE computation results.
Relevant to: FHE-powered blockchain protocols (Fhenix, Inco, Zama ecosystem), confidential smart contract platforms, privacy-preserving AI systems, any application performing computation on encrypted data.
MPC Protocol Security Assessment
Security review of multi-party computation protocol implementations. Distributed key generation, threshold signature schemes, secret sharing correctness, communication channel security, and adversary model validation. MPC secures billions in institutional digital assets through wallet infrastructure and custody solutions. The distance between a peer-reviewed protocol paper and a production implementation is where vulnerabilities live: missing zero-knowledge proofs in signing rounds, incorrect threshold enforcement, key share refresh vulnerabilities, and side-channel leakage during distributed computation. We assess implementations against their specified adversary models and security proofs.
Relevant to: MPC wallet providers, institutional custody platforms, exchanges using threshold signature schemes, bridge signer sets, DAO treasury management, any application using distributed key management.
Cryptographic Primitive Implementation Audit
Security assessment of cryptographic primitive implementations. Elliptic curve operations, hash functions (Poseidon, Pedersen, MiMC, Blake, SHA-3), commitment schemes, signature schemes, and field arithmetic libraries. We evaluate implementations for correctness, side-channel resistance, constant-time execution, and adherence to specification. Custom or modified primitives receive particular scrutiny. The most dangerous vulnerabilities often appear in standard primitives adapted for a specific use case without full understanding of the security implications.
Trusted Execution Environment (TEE) Security
Security review of TEE-based applications and attestation mechanisms. Intel SGX, AMD SEV, ARM TrustZone, and TDX implementations. We assess enclave design, attestation verification, side-channel resistance, secure boot chains, and the boundary between trusted and untrusted execution domains. TEE security is increasingly relevant as blockchain infrastructure relies on secure enclaves for key management, MEV protection, oracle computation, and confidential transaction processing.
Post-Quantum Cryptography Assessment
Security review of post-quantum cryptographic implementations being adopted in preparation for quantum computing threats. Lattice-based schemes, hash-based signatures, and hybrid classical/post-quantum constructions require careful implementation review. FHE is inherently quantum-resistant due to its lattice-based foundations as the post-quantum transition accelerates, systems built on FHE and lattice cryptography need implementation-level security assurance, not just scheme-level confidence.
Researchers who think in constraints.
Most security firms assign their best smart contract auditors to ZK circuit reviews. That's not the same thing. Hexens' cryptography practice is staffed by researchers with deep expertise in abstract algebra, number theory, polynomial arithmetic, and formal constraint reasoning. The mathematical foundations that ZK, FHE, and MPC are built on.
Every researcher directs frontier AI models as a force multiplier enabling more exhaustive constraint system exploration, automated adversarial witness generation, and deeper reasoning about circuit behavior at scale. 300+ engagements. Zero client exploits. Winners of 30+ international competitions. The team that delivered the first independent zkEVM audit.
[42]
[Fig. 02]
