Update READMEs & add SECURITY.md (#78)

2026-02-10 13:16:44 +01:00 · 2025-08-20 20:52:59 +02:00
parent 3b94ab047e
commit ccd94e36cc
256 changed files with 1982 additions and 31869 deletions
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -0,0 +1,29 @@
+# 🔒 Security Policy for Poulpy
+
+## Report a Vulnerability
+
+To report a vulnerability, please contact us at: **[jean-philippe@phantom.zone](mailto:jean-philippe@phantom.zone)**
+
+Include in your report (if possible):
+
+* Affected crate
+* Steps to reproduce
+* Impact
+* Potential fix
+
+We will acknowledge receipt and work with you on resolution.
+
+## Security Model
+
+Poulpy implements RLWE-based cryptography and follows the standard **IND-CPA security model** when used with appropriate parameters.
+
+To select secure parameters, we recommend using the [Lattice Estimator](https://github.com/malb/lattice-estimator).
+
+Like other FHE libraries, Poulpy does **not** provide stronger security notions out of the box and users should be aware that:
+
+* FHE ciphertexts are malleable by design and are not inherently CCA-secure.
+* Circuit privacy is not guaranteed without additional techniques (e.g., re-randomization, modulus switching, noise flooding).
+
+Users should therefore design protocols accordingly and apply standard safeguards (e.g., private & authenticated channels, key rotation, limiting decryption queries).
+
+Additional context on security notions beyond CPA can be found in [Relations among new CCA security notions for approximate FHE](https://eprint.iacr.org/2024/812).