zecfoundation
/
frost
mirror of https://github.com/ZcashFoundation/frost.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Update frost-dependencies-for-audit.md (#289)

This commit is contained in:
Jack Gavigan 2023-03-22 10:26:01 +00:00 committed by GitHub
parent 133635006e
commit ed5faa707b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 22 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
book/src/dev/frost-dependencies-for-audit.md
View File

@ -13,21 +13,39 @@ This is a list of production Rust code that is in scope and out of scope for FRO
| frost-ed25519 | v0.1.0 |
| frost-ed448 | v0.1.0 |
| frost-p256 | v0.1.0 |
| ~~frost-rerandomized~~ | ~~v0.1.0~~ | Out of scope
| frost-ristretto255 | v0.1.0 |
| frost-secp256k1 | v0.1.0 |
### ZF Dependencies
| Name | Version | Notes
|------| ------- | -----
| redjubjub | v0.6.0 | This library is being partially audited as part of the [Zebra audit](https://github.com/ZcashFoundation/zebra-private/blob/d4137908385be7e6df0a935b91bfc83b532261a2/book/src/dev/zebra-dependencies-for-audit.md#zcashzf-dependencies-1).
| reddsa | v0.5.0 | This library is being partially audited as part of the [Zebra audit](https://github.com/ZcashFoundation/zebra-private/blob/d4137908385be7e6df0a935b91bfc83b532261a2/book/src/dev/zebra-dependencies-for-audit.md#zcashzf-dependencies-1).
---
## Partial Audit
| Name | Version | Reason | Notes
|------| ------- | ----- | -----
| ed448-goldilocks | v0.4.0 | Doesn't have a lot of users on github (12) or crates.io (~2k recent downloads) and it's not been previously audited and reviewed | A pure-Rust implementation of Ed448 and Curve448 and Decaf
| ed448-goldilocks | v0.4.0 | Doesn't have a lot of users on github (12) or crates.io (~2k recent downloads) and it's not been previously audited and reviewed | A pure-Rust implementation of Ed448 and Curve448 and Decaf.
The following ed448-goldilocks modules are used by frost-ed448:
- `src/field/scalar.rs`
- `src/curve/edwards/extended.rs` (converting to/from TwistedExtendedPoint, MontgomeryPoint and AffinePoint are out of scope)
- `src/field/mod.rs`
- `src/curve/scalar_mul/variable_base.rs`
---
## Out of Scope
The following list of dependencies is out of scope for the audit.
The following crates and dependencies are out of scope for the audit.
### FROST Crates
| Name | Version | Notes
|------| ------- | -----
| frost-rerandomized | v0.1.0 | To be audited after the security proof is complete.
### `frost-core` Dependencies
@ -85,4 +103,4 @@ _None_
|------| ------- | ----- | -----
| k256 | v0.12.0-pre.0 | | secp256k1 (a.k.a. K-256) elliptic curve library written in pure Rust with support for ECDSA signing/verification/public-key recovery, Taproot Schnorr signatures, Elliptic Curve Diffie-Hellman (ECDH), and general-purpose secp256k1 elliptic curve group operations which can be used to implement arbitrary group-based protocols.
| rand_core | v0.6.4 | | Core random number generator traits and tools for implementation.
| sha2 | v0.10.6 | | Pure Rust implementation of the SHA-2 hash function family including SHA-224, SHA-256, SHA-384, and SHA-512.
| sha2 | v0.10.6 | | Pure Rust implementation of the SHA-2 hash function family including SHA-224, SHA-256, SHA-384, and SHA-512.