v3.67.0 — CAAS hardening, multi-CI reproducible builds, OpenSSF Scorecard cleanup, Zenodo + funding outreach
This release closes the remaining CAAS gap-closure roadmap, lands the multi-CI reproducible-build attestation surface, brings the OpenSSF Scorecard code-scanning queue to zero open alerts, and pre-stages Zenodo metadata + a funding-outreach playbook. No public-API or ABI breakage; no behavioral changes to the crypto engine.
Highlights
Continuous Audit (CAAS) — roadmap complete
All eleven CAAS hardening items (H-1 … H-11) closed in a single sweep.
Gap-closure roadmap G-1 … G-10 closed: threat model, RNG entropy attestation, hardware side-channel methodology, compliance stance, INTEROP matrix, multi-CI reproducible builds, CT-tool independence, SPEC traceability matrix, protocol spec, traceability-join gate, RFC 9116.
scripts/audit_gate.py now wires G-1 / G-1b / G-8 / G-10 as first-class sub-gates; caas_runner.py is fail-fast across all five stages.
scripts/check_exploit_wiring.py enforces the Exploit / Audit Test Conversion Standard at CAAS Stage 0 — every audit/testexploit*.cpp file must be wired into unified_audit_runner.cpp or the gate refuses the push.
Audit dashboard refreshed: hardening progress 12/12 (100%).
Multi-CI reproducible-build attestation
.gitlab-ci.yml and .woodpecker.yml (Codeberg) added alongside the existing GitHub Actions surface — the same release artifact is now built on three independent CI providers and verified byte-identical via SHA-256.
docs/MULTI_CI_REPRODUCIBLE_BUILD.md documents the protocol; docs/SUPPLY_CHAIN_LOCAL_PARITY.md describes the local-parity check.
INTEROP differential testing
First INTEROP §2 reference wired: OpenSSL 3.x random-vector differential PoC (audit/test_exploit_differential_openssl.cpp), advisory module, host-only.
INTEROP §3 closure tracked for k256 (Rust), btcd (Go), BoringSSL, WolfSSL, NSS, MuSig2 wire, FROST wire.
OpenSSF Scorecard — code-scanning queue cleared
All open code-scanning alerts on main resolved.
PinnedDependenciesID (6): every GitHub Action pinned by 40-character SHA in mutation-weekly.yml, rocm-smoke.yml, and formal-verification.yml; pip installs in those workflows switched to pip install --require-hashes -r ... against new hash-pinned requirement files.
TokenPermissionsID (1 fixed in code): caas-evidence-refresh.yml top-level contents: write dropped to read; write retained only at the job level where the workflow actually pushes refreshed evidence back to dev.
Six remaining TokenPermissionsID alerts dismissed as legitimate job-scoped writes (release sync-docs, audit-report publish to gh-pages, bench-regression baseline push, three ClusterFuzzLite SARIF uploads).
BranchProtectionID resolved at config level: main-protection ruleset hardened — bypass_actors=, required_approving_review_count=2, require_code_owner_review=true, require_last_push_approval=true, dismiss_stale_reviews_on_push=true.
Crypto bug-pattern scanner
13 CVE-grounded pattern checkers added to scripts/dev_bug_scanner.py (timing-dependent branches on secret data, missing zeroization, RFC 6979 misuse patterns, ECDSA nonce reuse signatures, scalar-mod-n omission, …).
False-positive reduction pass across eight checkers; investigation report at docs/SCANNER_INVESTIGATION_REPORT.md.
GPU backend parity
schnorr_snark_witness_batch parity gap closed via deterministic host-side CPU fallback in gpu/src/gpu_backend_fallback.cpp — CUDA, OpenCL, and Metal now all return correct byte-identical results. Native GPU kernels remain a future optimisation; public-data-only operation.
Cross-compile / CI fixes
arm64 + riscv64 cross-compile no longer picks up host OpenSSL headers via bare has_include. The OpenSSL gate is now driven by a CMake UFSECP_HAVE_OPENSSL=1 define that is only set when find_package(OpenSSL) actually links — the source guard requires both the define and has_include.
-Werror build no longer trips on OpenSSL EC_KEY deprecation warnings (pragma block scoped to the differential PoC).
CAAS verdict accepts both PASS and PASS with advisory.
Visibility surface
.zenodo.json added — academic metadata staged for the next release; the next release-tag push will trigger Zenodo archival and DOI minting (Zenodo↔GitHub OAuth toggle is enabled).
README.md "Cite this work" section + DOI badge placeholder.
CITATION.cff linked from "Where to Start"; docs/ADOPTION.md and docs/FUNDING_TARGETS.md linked next to it.
docs/FUNDING_TARGETS.md — funding playbook covering Bitcoin grant programmes (HRF, OpenSats, Brink, Spiral, Strike Catalyst, MIT DCI), Ethereum programmes (EF ESP, Protocol Guild, EF Academic, Optimism RetroPGF, Arbitrum, Coinbase / Base), EU / cross-cutting (NLnet NGI Zero, Sovereign Tech Fund, OSTIF, GitHub Accelerator, a16z crypto Open Source Grants), with 30-second + 5-minute pitches and an evidence-pointer column.
README.md hero block now carries explicit CTAs: a one-line invitation for production users to PR themselves into docs/ADOPTION.md, and a one-line pointer for prospective sponsors to docs/FUNDING_TARGETS.md.
Documentation reconciliation
Exploit-PoC counts reconciled across all audit docs to the real number (189).
Non-exploit module + CI workflow counts reconciled to reality.
docs/SPEC_TRACEABILITY_MATRIX.md paths reconciled; traceability-join gate flipped to strict by default.
Compatibility
C ABI: unchanged.
Public C++ API: unchanged.
GPU backend GpuBackend virtual interface: one method (schnorr_snark_witness_batch) gained a deterministic CPU fallback; previously returned Unsupported on every backend.
Reproducible build: byte-identical to v3.66.0 for the engine + library outputs; only CI / docs / audit-tooling surface changed.
Adoption
Sparrow Wallet Frigate ships UltrafastSecp256k1 by default since 1.4.0. See docs/ADOPTION.md for the integration details and Craig Raw's independent benchmarks.
Cite this work
This release will be archived on Zenodo with a DOI assigned automatically once the tag push completes. See .zenodo.json and CITATION.cff.
https://github.com/shrec/UltrafastSecp256k1/releases/tag/v3.67.0
https://github.com/shrec/UltrafastSecp256k1