From Nov. 11, 2024 to Nov. 25, 2024, Mach34 engaged Veridise to conduct a security assessment of their zkemail.nr. The security assessment covered the zero-knowledge circuits involved in validating the DKIM signature of an email. The circuit focuses on extracting the body hash of the email from the provided header and validating that a given RSA public key has signed the email. Veridise conducted the assessment over 6 person-weeks, with 3 security analysts reviewing the project over 2 weeks. Due to the Noir zero knowledge language exposing many utilities to developers, Veridise engineers also investigated some of the utilities’ implementations invoked by Mach34’s circuit.