zecfoundation
/
frost
mirror of https://github.com/ZcashFoundation/frost.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Update FROST scope dependencies (#258) 

Add some details about the FROST dependencies that are out of scope of the audit
This commit is contained in:
Pili Guerra 2023-03-02 00:12:23 +01:00 committed by GitHub
parent 3bfbabddbb
commit edeb3d69ce
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 29 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

57
book/src/dev/frost-dependencies-for-audit.md
View File

@ -13,14 +13,16 @@ This is a list of production Rust code that is in scope and out of scope for FRO
| frost-ed25519 | v0.1.0 |
| frost-ed448 | v0.1.0 |
| frost-p256 | v0.1.0 |
| frost-rerandomized | v0.1.0 | Out of scope
| ~~frost-rerandomized~~ | ~~v0.1.0~~ | Out of scope
| frost-ristretto255 | v0.1.0 |
| frost-secp256k1 | v0.1.0 |
--
---
## Partial Audit
| Name | Version | Reason | Notes
|------| ------- | ----- | -----
| ed448-goldilocks | v0.4.0 | Doesn't have a lot of users on github (12) or crates.io (~2k recent downloads) and it's not been previously audited and reviewed | A pure-Rust implementation of Ed448 and Curve448 and Decaf
---
## Out of Scope
@ -31,48 +33,47 @@ The following list of dependencies is out of scope for the audit.
| Name | Version | Reason | Notes
|------| ------- | ----- | -----
| byteorder | v1.4.3 | |
| criterion | v0.4.0 | |
| debugless-unwrap | v0.0.4 | |
| digest | v0.10.6 | |
| hex | v0.4.3 | |
| proptest | v1.1.0 | |
| proptest-derive | v0.3.0 | |
| rand_core | v0.6.4 | |
| serde_json | v1.0.93 | |
| thiserror | v1.0.38 | |
| visibility | v0.0.1 | |
| zeroize | v1.5.7 | |
| byteorder | v1.4.3 | | Library for reading/writing numbers in big-endian and little-endian.
| criterion | v0.4.0 | | Statistics-driven micro-benchmarking library
| debugless-unwrap | v0.0.4 | | This library provides alternatives to the standard .unwrap* methods on Result and Option that don't require Debug to be implemented on the unexpected variant.
| digest | v0.10.6 | | Traits for cryptographic hash functions and message authentication codes
| hex | v0.4.3 | | Encoding and decoding data into/from hexadecimal representation.
| proptest | v1.1.0 | | Hypothesis-like property-based testing and shrinking.
| proptest-derive | v0.3.0 | | Custom-derive for the Arbitrary trait of proptest.
| rand_core | v0.6.4 | | Core random number generator traits and tools for implementation.
| serde_json | v1.0.93 | | A JSON serialization file format
| thiserror | v1.0.38 | | This library provides a convenient derive macro for the standard library's std::error::Error trait.
| visibility | v0.0.1 | | Attribute to override the visibility of items (useful in conjunction with cfg_attr)
| zeroize | v1.5.7 | | This crate implements a portable approach to securely zeroing memory using techniques which guarantee they won't be "optimized away" by the compiler.
### `frost-ed25519` Dependencies
| Name | Version | Reason | Notes
|------| ------- | ----- | -----
| curve25519-dalek | v4.0.0-pre.1 | |
| rand_core | v0.6.4 | |
| sha2 | v0.10.6 | |
| curve25519-dalek | v4.0.0-pre.1 | | A pure-Rust implementation of group operations on ristretto255 and Curve25519
| rand_core | v0.6.4 | | Core random number generator traits and tools for implementation.
| sha2 | v0.10.6 | | Pure Rust implementation of the SHA-2 hash function family including SHA-224, SHA-256, SHA-384, and SHA-512.
### `frost-ed448` Dependencies
| Name | Version | Reason | Notes
|------| ------- | ----- | -----
| ed448-goldilocks | v0.4.0 | |
| rand_core | v0.6.4 | |
| sha3 | v0.10.6 | |
| rand_core | v0.6.4 | | Pure Rust implementation of the SHA-2 hash function family including SHA-224, SHA-256, SHA-384, and SHA-512.
| sha3 | v0.10.6 | | SHA-3 (Keccak) hash function
### `frost-p256` Dependencies
| Name | Version | Reason | Notes
|------| ------- | ----- | -----
| p256 | v0.11.1 | |
| rand_core | v0.6.4 | |
| sha2 | v0.10.6 | |
| p256 | v0.11.1 | | Pure Rust implementation of the NIST P-256 (a.k.a. secp256r1, prime256v1) elliptic curve with support for ECDH, ECDSA signing/verification, and general purpose curve arithmetic
| rand_core | v0.6.4 | | Core random number generator traits and tools for implementation.
| sha2 | v0.10.6 | | Pure Rust implementation of the SHA-2 hash function family including SHA-224, SHA-256, SHA-384, and SHA-512.
### `frost-rerandomized` Dependencies
| Name | Version | Reason | Notes
|------| ------- | ----- | -----
| rand_core | v0.6.4 | |
| rand_core | v0.6.4 | | Core random number generator traits and tools for implementation.
### `frost-ristretto255` Dependencies
@ -82,6 +83,6 @@ _None_
| Name | Version | Reason | Notes
|------| ------- | ----- | -----
| k256 | v0.12.0-pre.0 | |
| rand_core | v0.6.4 | |
| sha2 | v0.10.6 | |
| k256 | v0.12.0-pre.0 | | secp256k1 (a.k.a. K-256) elliptic curve library written in pure Rust with support for ECDSA signing/verification/public-key recovery, Taproot Schnorr signatures, Elliptic Curve Diffie-Hellman (ECDH), and general-purpose secp256k1 elliptic curve group operations which can be used to implement arbitrary group-based protocols.
| rand_core | v0.6.4 | | Core random number generator traits and tools for implementation.
| sha2 | v0.10.6 | | Pure Rust implementation of the SHA-2 hash function family including SHA-224, SHA-256, SHA-384, and SHA-512.