From 4e57a5a486e5aa3c05eb01c2e6c47c629365d0af Mon Sep 17 00:00:00 2001 From: dante <45801863+alexander-camuto@users.noreply.github.com> Date: Sun, 23 Mar 2025 21:12:44 +0000 Subject: [PATCH] docs: link to audit (#958) --------- Co-authored-by: Jason Morton --- README.md | 29 +++++++++++++++-------------- 1 file changed, 15 insertions(+), 14 deletions(-) diff --git a/README.md b/README.md index d2d34489..1eee5329 100644 --- a/README.md +++ b/README.md @@ -43,7 +43,7 @@ The generated proofs can then be verified with much less computational resources ---------------------- -### getting started ⚙️ +### Getting Started ⚙️ The easiest way to get started is to try out a notebook. @@ -76,12 +76,12 @@ For more details visit the [docs](https://docs.ezkl.xyz). The CLI is faster than Build the auto-generated rust documentation and open the docs in your browser locally. `cargo doc --open` -#### In-browser EVM verifier +#### In-browser EVM Verifier As an alternative to running the native Halo2 verifier as a WASM binding in the browser, you can use the in-browser EVM verifier. The source code of which you can find in the `in-browser-evm-verifier` directory and a README with instructions on how to use it. -### building the project 🔨 +### Building the Project 🔨 #### Rust CLI @@ -96,7 +96,7 @@ cargo install --locked --path . -#### building python bindings +#### Building Python Bindings Python bindings exists and can be built using `maturin`. You will need `rust` and `cargo` to be installed. ```bash @@ -126,7 +126,7 @@ unset ENABLE_ICICLE_GPU **NOTE:** Even with the above environment variable set, icicle is disabled for circuits where k <= 8. To change the value of `k` where icicle is enabled, you can set the environment variable `ICICLE_SMALL_K`. -### contributing 🌎 +### Contributing 🌎 If you're interested in contributing and are unsure where to start, reach out to one of the maintainers: @@ -144,20 +144,21 @@ More broadly: Any contribution intentionally submitted for inclusion in the work by you shall be licensed to Zkonduit Inc. under the terms and conditions specified in the [CLA](https://github.com/zkonduit/ezkl/blob/main/cla.md), which you agree to by intentionally submitting a contribution. In particular, you have the right to submit the contribution and we can distribute it, among other terms and conditions. -### no security guarantees -Ezkl is unaudited, beta software undergoing rapid development. There may be bugs. No guarantees of security are made and it should not be relied on in production. +### Audits & Security -> NOTE: Because operations are quantized when they are converted from an onnx file to a zk-circuit, outputs in python and ezkl may differ slightly. +[v21.0.0](https://github.com/zkonduit/ezkl/releases/tag/v21.0.0) has been audited by Trail of Bits, the report can be found [here](https://github.com/trailofbits/publications/blob/master/reviews/2025-03-zkonduit-ezkl-securityreview.pdf). + +> NOTE: Because operations are quantized when they are converted from an onnx file to a zk-circuit, outputs in python and ezkl may differ slightly. -### Advanced security topics - -Check out `docs/advanced_security` for more advanced information on potential threat vectors. +Check out `docs/advanced_security` for more advanced information on potential threat vectors that are specific to zero-knowledge inference, quantization, and to machine learning models generally. +### No Warranty -### no warranty - -Copyright (c) 2024 Zkonduit Inc. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + +Copyright (c) 2025 Zkonduit Inc. +