Trail of Bits
Audit Open Original ↗

Google Longfellow

Type

Security review

Client

Google

Date

2025-08

Domain

Crypto

Effort

4.6 wks

Section

Cryptography Reviews

Trail of Bits's security review of Google (Aug 2025) identified 13 issues: 2 high, 2 low, 8 informational, and 1 undetermined.

Findings · 13

  1. 1 Circuit ID is not checked during circuit deserialization High
  2. 2 Collision of transcript separation tags Informational
  3. 3 FSPRF does not limit the size of the output stream Informational
  4. 4 MerkleTreeVerifier::verify_proof is vulnerable to path extension Informational
  5. 5 COSE1 length values are incorrectly serialized Low
  6. 6 Ligero parameter search can be improved Informational
  7. 7 ECDSA circuit allows off-curve intermediate points Undetermined
  8. 8 The specification describes an incorrect quadratic test Informational
  9. 9 MerkleCommitmentVerifier::verify_compressed_proof assumes nonrepeating indices Informational
  10. 10 mdoc attribute check can be bypassed High
  11. 11 ECDSA witness-building timing may leak hidden witness values Low
  12. 12 MAC scheme is vulnerable to existential forgery on input zero and may break zero-knowledge in other uses of the library Informational
  13. 13 Ligero matrix construction deviates from the specification Informational

Findings extracted from the published report PDF. See the full report below for details and remediation.

Related