Security
Garaga is designed with security as a primary concern. This page documents our security practices, audit history, and important considerations for users.
Audit Status
✅ Audited by CryptoExperts
Garaga has undergone a comprehensive security audit:
The audit covered core cryptographic operations including pairing checks, multi-scalar multiplication, and the Groth16 verifier implementation.
Security Considerations
Signature Verification
Hash Computation Responsibility
The functions is_valid_ecdsa_signature_assuming_hash and is_valid_schnorr_signature_assuming_hash verify signature equations but do not hash the message. The caller is responsible for:
Correctly computing the message hash
Using the appropriate hash function for the signature scheme
Ensuring the hash is computed over the correct message
Incorrect hash computation will result in invalid signatures being accepted or valid signatures being rejected.
EdDSA (Ed25519) Specific
The EdDSA implementation includes protections against common attacks:
✅ Small-order point rejection: Explicitly rejects points in small subgroups
✅ Cofactor handling: Properly handles the Ed25519 cofactor
✅ Canonical encoding: Enforces canonical point encoding
Curve Selection
When using Garaga's curve-agnostic APIs, ensure you:
Use the correct
curve_idfor your applicationUnderstand the security properties of your chosen curve
Use appropriate key sizes and parameters
BN254
~100 bits
Widely used in Ethereum ecosystem
BLS12-381
~128 bits
Recommended for new applications
SECP256K1
~128 bits
Bitcoin/Ethereum compatibility
SECP256R1
~128 bits
WebAuthn/TLS compatibility
ED25519
~128 bits
High performance EdDSA
Responsible Disclosure
If you discover a security vulnerability in Garaga:
Do NOT open a public GitHub issue
DO email the maintainers privately
DO provide detailed information about the vulnerability
DO allow reasonable time for a fix before public disclosure
See our Security Policy for contact information.
Cryptographic References
Garaga's implementations are based on peer-reviewed cryptographic research. We recommend understanding these papers if you're building security-critical applications:
Zero-Knowledge Proofs
Groth16
Jens Groth
"On the Size of Pairing-Based Non-interactive Arguments" EUROCRYPT 2016. ePrint 2016/260
PLONK
Gabizon, Williamson, Ciobotaru
"PLONK: Permutations over Lagrange-bases for Oecumenical Noninteractive arguments of Knowledge" ePrint 2019/953
Elliptic Curves & Pairings
ECIP
Liam Eagen
"Zero Knowledge Proofs of Elliptic Curve Inner Products from Principal Divisors and Weil Reciprocity" ePrint 2022/596
Signatures
Randomness
drand
Syta et al.
"Scalable Bias-Resistant Distributed Randomness" IEEE S&P 2017
Time-Lock Encryption
Gailly, Melissaris, Romailler
"tlock: Practical Timelock Encryption from Threshold BLS" ePrint 2023/189
Disclaimer
USE AT YOUR OWN RISK
Garaga is provided "as is" without any warranty. While we strive for correctness and security:
100% security cannot be assured
Cryptographic software is inherently complex
Always perform your own security review for production use
Consider additional audits for high-value applications
See the MIT License for full terms.
Security Checklist
Before deploying to production:
Last updated
Was this helpful?