Trail of Bits x Sindri
We’re making security, quality assurance, and developer efficiency of zero-knowledge proof (ZKP) circuits more straightforward by incorporating auditor-level insights right into your development flow with Trail of Bits.
Sindri's latest update introduces integration with Circomspect, the powerful circuit analysis tool by Trail of Bits, addressing a critical need in the ZKP development community: more assurances of circuit security and adherence to best practices from the outset.
This move streamlines the ZK development process and makes best practices in circuit design zero friction and foundational from the start rather than an afterthought. By embedding Circomspect's capabilities within Sindri's CLI, developers gain a powerful ally in their development process: Trail of Bits, a leading cybersecurity firm securing some of the world’s most targeted organizations and devices in the defense, tech, finance and blockchain industries.
Our objective at Sindri is to make ZK development more approachable and manageable for teams of any size. We work towards a future where anyone who needs it is up and running with ZK in minutes with powerful tooling and performant infrastructure experienced in a way developers have grown to expect: via API. The integration with Trail of Bits strengthens this proposition.
👇 Read on for how to begin using Circomspect in your workflow
Using Circomspect in Sindri
Circomspect is only compatabile with Circom circuits.
You can follow our Quick Start guide for deeper walk through of the CLI in its entirety or get started with Cimcomspect x Sindri right away by following along below.
- First install the Sindri CLI:
npm install -g sindri@latest
- Navigate to the root directory housing your Circom
maincircuit. Once there run:
sindri lint
- You will receive an output such as the following. Note, if your circuit passes all linting checks your output may differ.
[23:31:47.105] INFO: Running static analysis with Circomspect by Trail of Bits...
[23:31:47.337] WARN: circuit.circom:367:27 Using the signal assignment operator `<--` does not constrain the assigned signal. [Circomspect: CS0005]
[23:31:47.339] WARN: circuit.circom:599:9 Using the signal assignment operator `<--` does not constrain the assigned signal. [Circomspect: CS0005]
[23:31:47.339] WARN: circuit.circom:620:5 Using the signal assignment operator `<--` does not constrain the assigned signal. [Circomspect: CS0005]
...
[23:31:47.341] WARN: Found 14 problems (0 errors, 14 warnings).
If you have any errors running the tool, please check our CLI tutorial or contact us at hello@sindri.app.
Disclaimer: Circomspect is intended as an initial check and does not replace the need for a comprehensive audit by qualified professionals. Use of this tool should be seen as a supplementary measure, and reliance on it alone for circuit security is not advised.