prysmaticlabs / hashtree

SHA256 library highly optimized for Merkle tree computations
MIT License
27 stars 7 forks source link

Official Audit #4

Open c-blake opened 1 year ago

c-blake commented 1 year ago

It's hard for me to say what kind of interest level you have gotten in use of this library, but the idea came up that it would help the broader community if an official audit/certification was done. This could maybe be paid for by EFoundation or someone else.

Just to be clear, I am not asserting any bugs in your code, but passing certain bureaucratic hurdles like someone official running against official SHA256 hash test suites can help other people's comfort levels and pave the way for easier adoption.

Are there any plans for this? If so, has any motion on that happened yet? If not, do you foresee any obstacles?

potuz commented 1 year ago

We have had the EF and ourselves running differential fuzzers on gohashtree and hashtree before we switched libraries, but there has not been any official audit. Prysm will get an audit soon and as part of it gohashtree will be audited. I wouldn't mind an audit of hashtree as well, but there are no plans that I am aware of. For adoption of this library in particular I think at the very least I need to port the sha version of ARM64 (that is covered in gohashtree but not here) and perhaps automatic CPU detection to simplify the exported functions to simply one

cc @prestonvanloon

c-blake commented 1 year ago

The ARM64 port of the go asm to hashtree would be great, if I haven't said so before.

cpuid dispatch is more straightforward and cpuid itself is also Intel-specific. I guess for ARM it might be IID_AA64_ISAR{0,1}_EL1.

It is debatable, but it might be best to leave this dispatching to higher levels, at least until a post-audit era. For example, it is at least theoretically possible that one branch could fail an audit while others succeed, making higher levels want a non-hard coded selection protocol. At the least, it should probably be just an optional layer/entry point (which is probably how you would have designed it anyway.. just saying).