This is an experimental test‑net build.

• Includes known timing‑leak issues in curve25519‑dalek v3.2.1 (RUSTSEC‑2024‑0344) and ed25519‑dalek v1.0.1 (RUSTSEC‑2022‑0093).
• Safe only for development / research use — do not protect real value with this release.
• Fixes are scheduled for v0.2.0 (see Roadmap).

Please report security issues privately via the GitHub “Report a vulnerability” form.
Response timetable

• Day 0: Report received
• ≤ 48 h: Acknowledgement
• Day 1–7: Triage & severity classification
• Day 7–30: Fix development & testing
• Day 30–90: Coordinated release & public advisory

• Attacker Goals: privacy compromise, key extraction, denial-of-service
• Assumptions:
  • Honest-but-curious network participants
  • Discrete logarithm hardness in Ristretto group
  • Secure random number generation from system entropy
  • Trusted compilation environment

• Use the latest 0.1.x release
• Use secure RNG (OsRng)
• Prefer constant‑time implementations; audit or avoid unsafe
• Zeroize secrets (zeroize crate)
• Run cargo audit & cargo deny regularly
• Check UB with cargo +nightly miri test

This project currently depends on:

• curve25519-dalek 3.2.1 – Ristretto curve operations
• bulletproofs 4.x – Zero‑knowledge proof generators
• merlin 1.4.x – Transcript and Fiat‑Shamir support
• zkschnorr 0.1.x – Schnorr signature schemes

This build ships with two acknowledged upstream RustSec advisories.

zkschnorr inherits the curve25519‑dalek issue and will be patched alongside.

No formal audit has been performed. Do not use this software with real value.

We appreciate the contributions of security researchers and maintainers. Researchers who responsibly disclose vulnerabilities will be credited in our public advisories unless anonymity is requested.

Last Updated: July 2025
Next Review: August 2025