Protocol design review
Key exchange, authentication flows, session management, state machines. We evaluate the architecture before the first line of implementation code.
AI systems can now find and exploit implementation bugs at scale. The audits that matter go deeper: evaluating protocol architecture, cryptographic design, and threat models before the first line of code, and verifying implementation fidelity afterwards. Each engagement led by a senior cryptography expert, not a junior analyst running a scanner.
Key exchange, authentication flows, session management, state machines. We evaluate the architecture before the first line of implementation code.
Are the chosen primitives appropriate for the threat model? Do they compose correctly? AEAD, KDF, signature, KEM — every choice scrutinized.
What did the design assume the adversary can do? Are those assumptions tight? AI bug-finders cannot challenge threat models — humans must.
Does the code correctly realize the design? Go, Rust, TypeScript, Swift, Java, .NET, C, Solidity. Full-source audits, not scanner reports.
Is your system positioned to survive the next decade of cryptanalytic advances? KEM hybridisation, signature strategy, library and protocol fitness.
Symbolic verification of protocol correctness in Verifpal, ProVerif, or Tamarin — and critical review of formal-verification claims others have made about code you depend on.
Five findings across CE Labs' libcrux cryptographic library, marketed as formally verified. We documented structural gaps in Cryspen's hax verification pipeline that libcrux's proofs rely on, ML-DSA implementation issues, and limitations in their TLS approach. Two papers and an OSTIF talk followed.
pow2 (d−1) belongsA technical review of Telegram's MTProto protocol under a network-attacker threat model, commissioned in 2025 by Global Network Solutions and made public in 2026 through a Swiss court filing. Conducted under editorial-independence terms reproduced verbatim in the report.
auth_key_id exposed in cleartext on every message, on every platform testedauth_key_id in cleartext on every messageWe reviewed the dWallet Labs 2PC-MPC threshold-signature implementation in Rust. The audit covered MPC ceremony correctness, secret-sharing validity, primitive composition, and side-channel exposure across the signing protocol.
We evaluated the Native Labs smart contracts across performance, security, interoperability, on-chain and off-chain transaction flows, liquidity models, and user experience. Special attention to gas efficiency at the design level.
Pentest of 1Password B5, conducted in collaboration with Cure53. Our contribution focused on key rotation correctness, vault security under server compromise, and public-key validation hardening.
Symbolic Software's foundational client engagement. Working with Cure53, we audited Mozilla Thunderbird's Enigmail PGP integration, identifying a critical vulnerability that exposed encrypted messages to a class of attacker-mutation attacks.