KZen hired Kudelski Security to perform a security assessment of their curv library, providing access to source code and documentation.
KZen Curv is a library written in Rust providing low-level elliptic curve cryptography functionalities (ECC), as well as higher-level protocols such as key-exchange, secret sharing, zero-knowledge, and multi-party computation.
As agreed with KZen, we publish our audit report, which describes 3 medium-severity issues, 5 low-severity ones, and 17 observations related to general code safety. All necessary changes have been made by KZen to secure their codebase and all related changes have been in turn reviewed by Kudelski Security, according to our usual audit methodology.
We’d like to thank again KZen for trusting us, and for their constant availability to answer our questions and to provide feedback about our findings.