eth-id 0.1.0

Zero-Knowledge Document Verification CLI and Library
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166

# Security Policy

## Supported Versions

| Version | Supported          |
| ------- | ------------------ |
| 0.1.x   | :white_check_mark: |

## Reporting a Vulnerability

**Please do NOT report security vulnerabilities through public GitHub issues.**

Instead, please report them via email to: **security@eth.id** (placeholder)

You should receive a response within 48 hours. If for some reason you do not, please follow up via email to ensure we received your original message.

Please include the following information:

- Type of issue (e.g., buffer overflow, SQL injection, cross-site scripting, etc.)
- Full paths of source file(s) related to the manifestation of the issue
- The location of the affected source code (tag/branch/commit or direct URL)
- Any special configuration required to reproduce the issue
- Step-by-step instructions to reproduce the issue
- Proof-of-concept or exploit code (if possible)
- Impact of the issue, including how an attacker might exploit it

## Security Guarantees

ETH.id provides the following security guarantees:

### Document Privacy
- ✅ Documents are processed in-memory only
- ✅ Documents are never written to disk
- ✅ Documents are never transmitted over network
- ✅ Sensitive data is zeroized on drop

### Privacy Filter
- ✅ Structurally enforced (cannot be bypassed)
- ✅ Operates before any external calls
- ✅ Minimal data disclosure
- ✅ Tested against adversarial attacks

### Cryptographic Security
- ✅ SHA-256 for hashing
- ✅ HTTPS for all API calls
- ✅ No custom cryptography
- ✅ Industry-standard libraries

### Memory Safety
- ✅ Rust prevents buffer overflows
- ✅ Rust prevents use-after-free
- ✅ Zeroization of sensitive data
- ✅ No unsafe code in core modules

## Known Security Considerations

### LLM Provider Trust
- ETH.id sends filtered data to LLM providers
- Users must trust the selected provider
- Use `--offline` mode with Ollama for complete isolation

### Attestation Integrity
- Attestations prove verification occurred
- Attestations do NOT prove document authenticity
- Attestations can be created by anyone with the document

### Audit Log Privacy
- Audit logs contain SHA-256 hashes only
- Hash collision is computationally infeasible
- Logs are safe to share for compliance

## Security Best Practices

### For Users

1. **Use Offline Mode** for sensitive documents
   ```bash
   eth verify --doc sensitive.pdf --claim "..." --offline --provider ollama
   ```

2. **Review Debug Output** before first use
   ```bash
   eth verify --doc test.pdf --claim "..." --debug
   ```

3. **Verify Attestations** before sharing
   ```bash
   eth attest --session <id>
   ```

4. **Keep API Keys Secure**
   - Never commit API keys to git
   - Use environment variables
   - Rotate keys regularly

### For Developers

1. **Never Log Sensitive Data**
   - Only log hashes
   - Use `--debug` flag for development
   - Review logs before release

2. **Validate All Inputs**
   - Use type-safe parsing
   - Validate file sizes
   - Check file formats

3. **Test Security**
   - Run adversarial tests
   - Test prompt injection
   - Test privacy filter bypass

4. **Review Dependencies**
   - Run `cargo audit` regularly
   - Update dependencies
   - Review security advisories

## Security Testing

ETH.id includes comprehensive security tests:

- **Prompt Injection Tests**: 3 tests
- **Privacy Filter Tests**: 6 tests
- **Adversarial Tests**: 12 tests
- **Memory Safety**: Guaranteed by Rust

Run security tests:
```bash
cargo test --test adversarial_tests
cargo test --test privacy_tests
```

## Vulnerability Disclosure Timeline

1. **Day 0**: Vulnerability reported
2. **Day 1-2**: Acknowledgment sent
3. **Day 3-7**: Investigation and fix development
4. **Day 7-14**: Testing and verification
5. **Day 14-30**: Coordinated disclosure
6. **Day 30+**: Public disclosure (if not critical)

## Security Updates

Security updates will be released as patch versions (e.g., 0.1.1) and announced via:
- GitHub Security Advisories
- Release notes
- CHANGELOG.md

## Acknowledgments

We thank the security researchers who help keep ETH.id secure.

Security researchers who report valid vulnerabilities will be acknowledged in:
- CHANGELOG.md
- Security advisories
- Hall of fame (if desired)

## Contact

- **Security Issues**: security@eth.id (placeholder)
- **General Issues**: GitHub Issues
- **Questions**: GitHub Discussions

---

**Last Updated**: February 24, 2026