Security Audits (Round 1)

At NuCypher, one of our core values is to eschew the traditional Silicon Valley ethos of move fast and break things and to instead #buidl responsibly. This is a recognition of the highly sensitive nature of the products we’re building— cryptography can be a life and death issue for some potential users.

As such, we made the decision to engage with third-party security auditors early and often in our software development lifecycle. We worked with two of the premier auditing firms in the world: NCC Group’s Cryptography Services and Trail of Bits.

NCC Group’s David Wong audited pyUmbral, the reference implementation of Umbral, our threshold proxy re-encryption scheme. You can view the final report here.

Trail of Bits’ JP Smith and Ben Perez audited pyUmbral and nucypher (including our networking and smart contract code). You can view the final report here (PDF).

We’re very pleased about the thoroughness of both reports and we’re looking forward to working with both NCC Group and Trail of Bits again in the future. Given that the nucypher code has and will continue to evolve significantly we will be doing subsequent audits on it prior to our mainnet launch.