Audit of KZen’s Curv library

KZen hired Kudelski Security to perform a security assessment of their curv library, providing access to source code and documentation.

KZen Curv is a library written in Rust providing low-level elliptic curve cryptography functionalities (ECC), as well as higher-level protocols such as key-exchange, secret sharing, zero-knowledge, and multi-party computation.

As agreed with KZen, we publish our audit report, which describes 3 medium-severity issues, 5 low-severity ones, and 17 observations related to general code safety. All necessary changes have been made by KZen to secure their codebase and all related changes have been in turn reviewed by Kudelski Security, according to our usual audit methodology.

We’d like to thank again KZen for trusting us, and for their constant availability to answer our questions and to provide feedback about our findings.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s