-
Notifications
You must be signed in to change notification settings - Fork 6
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
docs: audit state of the doc + split/single doc #322
base: dev
Are you sure you want to change the base?
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1 +1,23 @@ | ||
# Security considerations | ||
# Security considerations | ||
|
||
## Codebase | ||
|
||
Please note that the current code for the programs is not audited and should not be used in production. | ||
The code is provided as a reference implementation and should be used at the users risks. | ||
|
||
## Sphinx | ||
|
||
The [Sphinx](https://github.com/argumentcomputer/sphinx) prover is a fork of [SP1](https://github.com/succinctlabs/sp1) | ||
and as such inherits a lot from its security design. The current release of Sphinx (`dev`) has backported all the | ||
upstream security fixes as of SP1 `v1.0.8-testnet`. We will continue to update Sphinx with backports of upstream | ||
security fixes and subsequent updates to both Sphinx and the Light Client, making them available as hotfixes. | ||
|
||
In terms of Sphinx-specific changes that require special attention, here is a non-exhaustive list of Sphinx | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Are there any plans to audit this subset (deviation from SP1)? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. At this stage, we are rebasing our work on a recent version of SP1 so as to minimize the delta, which seems the sensible prelude to such audit work. |
||
AIR chips used for precompiles that are either not present in upstream SP1, or have had non-trivial changes: | ||
|
||
- `Blake2sRoundChip`: Chip for the Blake2s hash function compression, as specified in [RFC 7693](https://datatracker.ietf.org/doc/html/rfc7693). | ||
- `Sha512CompressChip`, `Sha512ExtendChip`: Chips for the SHA-512 hash function compression. | ||
|
||
Notably, the Kadena light client does not use BLS12-381 related precompiles, such as field operations (`FieldAddChip`, `FieldSubChip`, `FieldMulChip`) or G1 decompression (`Bls12381G1DecompressChip`), neither does it use `Secp256k1DecompressChip`, a chip for decompressing K256 compressed points. Therefore, the light client’s proof does not depend on the correctness of these precompiles. | ||
|
||
There are also some SP1 chips and precompiles that are not present in Sphinx, such as `Uint256MulChip`. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Are there any plans for doing so?