Audit Open Original ↗
Anza BLS Signatures
Type
Security review
Client
Anza
Date
2026-03
Domain
Crypto
Effort
1 wk
Section
Cryptography Reviews
Trail of Bits's security review of Anza (Mar 2026) identified 6 issues: 1 medium, 1 low, 3 informational, and 1 undetermined.
Findings · 6
- 1 Mismatched and incorrect domain separation tags Informational
- 2 Signature verification does not prevent rogue key attacks Undetermined
- 3 Public key construction does not reject identity point Low
- 4 Missing length checks on input key material Medium
- 5 Parallel aggregation turns an empty iterator into the identity point Informational
- 6 Writing a keypair to file does not set file permissions on Windows Informational
Findings extracted from the published report PDF. See the full report below for details and remediation.
Related
- 2026-01 Anza Token-2022 Confidential Transfer, Cryptography Audit
- 2026-01 Anza Token-2022 Confidential Transfer, Blockchain Audit
- 2026-04 Ripple Labs XRP Ledger Confidential Transfer Audit
- 2026-03 Open Home Foundation SecureTar v3 Audit
- 2026-02 NEAR One Robust ECDSA Audit
- 2026-02 DV Labs Charon Pedersen DKG Audit