A punch card.
A punch card.
A punch card. Source: Marcin Wichary.

Recently released frameworks for building zero-knowledge applications, such as Zinc and Cairo, allow developers to relatively easily write programs whose execution can be verified while keeping all or some inputs private. In terms of developer-friendliness, this is a step up from writing zero-knowledge circuits, since such frameworks provide a single zero-knowledge virtual machine (ZK VM) circuit that can verify any program of a supported size. Without this option, developers have to write a new circuit per application and handle the complexity of unique proving and verifying keys.

Despite the benefits of such ZK VMs, there are also tradeoffs that I…


Kucoin, a well-known cryptocurrency exchange, was recently hacked. It lost more than 150 million USD worth of funds. The perpetrator used Tornado Cash, a noncustodial mixer, to anonymise some of the stolen proceeds. Unfortunately for the hacker, an analysis of on-chain activity reveals information that could lead to their identification. In this post, I will describe how the hacker deposited a large amount of ETH into Tornado Cash. I will then present an analysis of Tornado Cash withdrawals to identify a number of addresses which the hacker probably owns. This information may help to bring them to justice.

Source: Pixabay

The hacker’s deposits

On 26…


In early March 2020, I announced a series of computational steps that would create a random value which we would use to start phase 2 of the multi-party setup ceremony for the Semaphore zk-SNARK circuit (read this blog post to learn more about it). Unfortunately, we did not do a thorough enough job with committing to key parameters and details about the process we would perform, which could raise doubts about its trustworthiness and security. …


A train signal. Source: Wikimedia

We are excited to announce that Semaphore, a generic privacy layer for Ethereum applications based on zk-SNARKs, has been fully audited and is now available for developers to build upon. This open-source library allows any user to signal their endorsement of an arbitrary string, revealing only that they have been previously approved to do so, and not their specific identity. Developers can use it to build distributed applications such as mixers, anonymous voting, and whistleblowing platforms (read more here). Semaphore can also be applied off-chain for anonymous authentication and rate-limiting spam prevention.

As Semaphore is open source and generic, developers…


In a previous post, I wrote a technical explanation of Semaphore, a zero-knowledge privacy gadget built on Ethereum. Since then, we have collaborated with other teams in the Ethereum community and beyond to build simple zero-knowledge applications. In this blog post, I will describe two of these applications and how use Semaphore to achieve privacy for their particular use cases.

A recap on how Semaphore works

Consider Alice, Bob, and Charlie, who are users of an application built on Semaphore. They each register an identity into the application contract. Later, Alice can prove that she is part of the set of registered identities {Alice, Bob, Charlie}


The Ethereum community has responded positively to our technical blog post about Semaphore, a zero-knowledge signalling gadget built on Ethereum. This post is an update about our next major step: the launch of a multi-party trusted setup we dub the Perpetual Powers of Tau Ceremony.

Passing a baton. Image source: Wikimedia Commons

Why is this necessary?

Anyone who deploys a zk-SNARK circuit to production must perform a computation called a trusted setup in order to generate a proving key and verifying key. Unfortunately, this process also produces a piece of data called toxic waste which must be discarded, as it can be used to produce fake proofs and thereby violate the…


Railway semaphore signals. Source: WikiMedia Commons

This year, Ethereum has undergone a privacy renaissance of sorts. Encouraged by prominent members of the community, researchers, programmers, and DAO funders have collaborated to accelerate the ideation and implementation of privacy solutions, particularly those which employ zero-knowledge proofs. We are now at a stage where a key privacy building block is emerging from research and entering production: Semaphore, a means for anonymous signalling.

Semaphore is the basis of an ETH and ERC20 token mixer named MicroMix. In the near future, it can be used for other privacy-enhancing applications such as anonymous login, anonymous DAOs, anonymous voting, and journalism.

This…


Image source: https://commons.wikimedia.org/wiki/File:Mastermind_game_pieces.png

A great way to learn a new skill is to build something with it. This is particularly true in the cryptocurrency and blockchain space, where accessible documentation and usable software libraries often lag behind research and development. In fact, the more esoteric a field is, the higher its barriers to entry. I discovered this when I started to learn to write zero-knowledge proofs, a field which to beginners like myself, can seem like a riddle wrapped in mystery.

Zero-knowledge proofs nevertheless hold great potential. Their applications include untraceable cryptocurrencies such as ZCash, better scalability for Ethereum via off-chain transaction batching


Ethereum wallets like MetaMask will soon introduce the EIP712 standard for typed message signing. This standard allows wallets to display data in signing prompts in a structured and readable format. EIP712 is a great step forward for security and usability because users will no longer need to sign off on inscrutable hexadecimal strings, which is a practice that can be confusing and insecure.

Smart contract and dApp developers should adopt this new standard as it has already been merged into the Ethereum Improvement Proposal repository, and major wallet providers will soon support it. This blog post aims to help developers…


The safest way to store and hold funds with the Monero cryptocurrency is with a cold wallet. Yet, it is not easy to create one, and even less so if you want to do so in as secure a manner as possible.

I’ve come up with a solution to this problem: Malvarma, a Raspberry Pi Zero image that generates a Monero cold wallet upon boot.

Note: this isn’t an address I use, so don’t bother importing the keys ;)

The Problem

Cold wallets must be generated and stored offline. This eliminates the risk, however small, of private keys being stolen by a remote attacker through the Internet. …

Koh Wei Jie

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store