diff --git a/LICENSE-APACHE b/LICENSE-APACHE index 1e5006dc..1671e4c4 100644 --- a/LICENSE-APACHE +++ b/LICENSE-APACHE @@ -186,7 +186,7 @@ APPENDIX: How to apply the Apache License to your work. same "printed page" as the copyright notice for easier identification within third-party archives. -Copyright [yyyy] [name of copyright owner] +Copyright [2022-2025] The Plonky2 Authors Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/LICENSE-MIT b/LICENSE-MIT index 86d690b2..5bfb7cb0 100644 --- a/LICENSE-MIT +++ b/LICENSE-MIT @@ -1,6 +1,6 @@ The MIT License (MIT) -Copyright (c) 2022 The Plonky2 Authors +Copyright (c) 2022-2025 The Plonky2 Authors Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/README.md b/README.md index c182f9cb..49a6ec05 100644 --- a/README.md +++ b/README.md @@ -84,7 +84,10 @@ at your option. ## Security -This code has not yet been audited, and should not be used in any production systems. +This code has been audited prior to the `v1.0.0` release. The audits reports and findings are available in the [audits](./audits/) folder of this repository. +An audited codebase isn't necessarily free of bugs and security exploits, hence we recommend care when using `plonky2` in production settings. + +If you find a security issue in the codebase, please refer to our [Security guidelines](./SECURITY.md) for private disclosure. While Plonky2 is configurable, its defaults generally target 100 bits of security. The default FRI configuration targets 100 bits of *conjectured* security based on the conjecture in [ethSTARK](https://eprint.iacr.org/2021/582). @@ -93,12 +96,7 @@ Plonky2's default hash function is Poseidon, configured with 8 full rounds, 22 p ## Links -#### Actively maintained - - [Polygon Zero's zkEVM](https://github.com/0xPolygonZero/zk_evm), an efficient Type 1 zkEVM built on top of Starky and plonky2 - -#### No longer maintained - - [System Zero](https://github.com/0xPolygonZero/system-zero), a zkVM built on top of Starky - [Waksman](https://github.com/0xPolygonZero/plonky2-waksman), Plonky2 gadgets for permutation checking using Waksman networks - [Insertion](https://github.com/0xPolygonZero/plonky2-insertion), Plonky2 gadgets for insertion into a list diff --git a/SECURITY.md b/SECURITY.md index d8e87e74..821ff566 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -1,5 +1,11 @@ # Polygon Technology Security Information +For findings related to plonky2 repository, please contact us with relevant information privately +through our security contact details: security@polygon.technology. + +Depending on the severity of the findings, the team may reserve the rights to keep the information private +while addressing it internally, and disclose it along a new release after having informed relevant parties. + ## Link to vulnerability disclosure details (Bug Bounty). - Websites and Applications: https://hackerone.com/polygon-technology - Smart Contracts: https://immunefi.com/bounty/polygon