Library & Dependency Review

• [ ] Identify all external cryptographic libraries used (arkworks etc.).
• [ ] Check if library versions are up to date and still maintained.
• [ ] Verify that security advisories for dependencies are addressed.
• [ ] Ensure consistent use of the same library across components (no redundant or conflicting libraries).

Hashing & Commitment Schemes

• [ ] Confirm correct parameterization of hash functions (Poseidon2 and BLAKE2b).
• [ ] Verify domain separation is applied properly (unique DSTs, field fitting if needed).
• [ ] Ensure constants are generated deterministically and documented.
• [ ] Audit Merkle tree / MMR implementations for collision resistance and proof correctness.
• [ ] Check for misuse of sponge capacity/rate parameters.

Signature Schemes

• [ ] Confirm correct elliptic curve choice matches intended security level.
• [ ] Verify nonce generation: deterministic or secure randomness (RFC6979, zeroization after use).
• [ ] Audit serialization/deserialization for malleability or replay risks.
• [ ] Ensure signature verification logic matches spec (including edge cases).

Encryption & Message Encapsulation

• [ ] Review key derivation and encryption scheme selection.
• [ ] Verify that ephemeral keys are securely generated and zeroized.
• [ ] Check for replay protection and integrity/authentication of ciphertexts.