Schnorrkel is Audited

“Cryptography should be boring”

-Daniel J. Bernstein

Web3 Foundation’s Schnorrkel, a cryptographic signature library, has passed an independent audit.

The cyber-security firm NCC Group, which advises global companies and government bodies including the U.S. Secret Service on security threats, completed a thorough audit of the library.

Web3 Foundation research scientist Dr. Jeff Burdges, who created the library, implemented the auditors’ recommendations and subsequently stabilized Schnorrkel’s primary feature set.

“We believe Schnorrkel strikes an optimal balance between security concerns,” said Dr. Burdges.

Improved Safety for Blockchain Applications

Schnorrkel provides a general-purpose signature scheme that improves safety for blockchain applications (docs). This scheme offers the functionality that blockchain protocols increasingly demand.

It achieves this functionality, according to Dr. Burdges, by considering both blockchain sub-protocols’ interactions and misuse resistance.

“We achieve this balance in basically two ways,” he said.

“First, we select modern safer cryptographic primitives that extend the safest primitives in widespread use, while also being safer for protocol designers. These two goals conflicted until recently. Second, we assess the security of the protocols we provide as one cohesive whole, not piecemeal.”

Cryptographic Building Blocks

At present, the library includes Schnorr signatures, a fast verifiable random function (VRF) using Schnorr proofs, hierarchical deterministic key derivation and the safest currently known three round-trip Schnorr multisignature variant.

“In the future, we want Schnorrkel to grow by providing an even more diverse array of cryptographic building blocks, while retaining our existing safety promises,” said Dr. Burdges. “We therefore welcome discussions with other implementers around our future directions.”

About Web3 Foundation

Established in Zug, Switzerland by Ethereum co-founder and Chief Technology Officer Dr. Gavin Wood, Web3 Foundation funds research and development teams building the stack of technologies behind the decentralized web.

For more information on Web3 Foundation, visit web3.foundation.