tornadocontrib/noble-curves
1
0
Fork 0
forked from tornado-packages/noble-curves
Code Pull Requests Activity

Add new audit of noble-curves by kudelski security.

Browse Source
This commit is contained in:
Paul Miller 2023-09-05 23:47:56 +00:00
parent 1e67754943
commit 2acebc8176
No known key found for this signature in database
GPG Key ID: 697079DA6878B89B
3 changed files with 9 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
README.md
View File

@ -850,10 +850,16 @@ utils.equalBytes(Uint8Array.from([0xde]), Uint8Array.from([0xde]));
The library has been independently audited: The library has been independently audited:
- at version 1.2.0, in Sep 2023, by [Kudelski Security](https://kudelskisecurity.com)
- PDFs: [offline](./audit/2023-09-kudelski-audit-starknet.pdf)
- [Changes since audit](https://github.com/paulmillr/noble-curves/compare/1.2.0..main)
- Scope: [scure-starknet](https://github.com/paulmillr/scure-starknet) and its related
abstract modules of noble-curves: `curve`, `modular`, `poseidon`, `weierstrass`
- The audit has been funded by [Starkware](https://starkware.co)
- at version 0.7.3, in Feb 2023, by [Trail of Bits](https://www.trailofbits.com) - at version 0.7.3, in Feb 2023, by [Trail of Bits](https://www.trailofbits.com)
- PDFs: [online](https://github.com/trailofbits/publications/blob/master/reviews/2023-01-ryanshea-noblecurveslibrary-securityreview.pdf), - PDFs: [online](https://github.com/trailofbits/publications/blob/master/reviews/2023-01-ryanshea-noblecurveslibrary-securityreview.pdf),
[offline](./audit/2023-01-trailofbits-audit-curves.pdf) [offline](./audit/2023-01-trailofbits-audit-curves.pdf)
- [Changes since audit](https://github.com/paulmillr/noble-curves/compare/0.7.3..main). - [Changes since audit](https://github.com/paulmillr/noble-curves/compare/0.7.3..main)
- Scope: abstract modules `curve`, `hash-to-curve`, `modular`, `poseidon`, `utils`, `weierstrass` and - Scope: abstract modules `curve`, `hash-to-curve`, `modular`, `poseidon`, `utils`, `weierstrass` and
top-level modules `_shortw_utils` and `secp256k1` top-level modules `_shortw_utils` and `secp256k1`
- The audit has been funded by [Ryan Shea](https://www.shea.io) - The audit has been funded by [Ryan Shea](https://www.shea.io)

BIN
audit/2023-09-kudelski-audit-starknet.pdf Normal file
View File

Binary file not shown.

8
audit/README.md
View File

@ -1,11 +1,7 @@
# Audit # Audit
The library has been audited during Jan-Feb 2023 by an independent security firm [Trail of Bits](https://www.trailofbits.com): All audits of the library are described in [README's Security section](../README.md#security)
[PDF](https://github.com/trailofbits/publications/blob/master/reviews/2023-01-ryanshea-noblecurveslibrary-securityreview.pdf).
The audit has been funded by Ryan Shea. Audit scope was abstract modules `curve`, `hash-to-curve`, `modular`, `poseidon`, `utils`, `weierstrass`, and top-level modules `_shortw_utils` and `secp256k1`. See [changes since audit](https://github.com/paulmillr/noble-curves/compare/0.7.3..main).
File in the directory was saved from `2023-01-trailofbits-audit-curves.pdf` file in the directory was saved from
[github.com/trailofbits/publications](https://github.com/trailofbits/publications). [github.com/trailofbits/publications](https://github.com/trailofbits/publications).
Check out their repo and verify checksums to ensure the PDF in this directory has not been altered. Check out their repo and verify checksums to ensure the PDF in this directory has not been altered.
See information about fuzzing in root [README](../README.md).