Theme fund: NGI0 PET
Start: 2021-02
End: 2022-10
Software engineering


A fast and safe implementation of Portable Network Graphics

libspng is a platform-independent C library for handling IETF's Portable Network Graphics (PNG) images. The goal of this project is to provide a robust and fast library with an easy to use API. It is designed to be a modern alternative to the reference implementation, written from scratch using secure coding standards. It comes with an extensive test suite and is fuzz tested, it is also fastest decoder overall. The NGI Zero grant will be used to develop complete PNG write support, architecture-specific performance optimizations, including improvements to testing, decoding and documentation.

Why does this actually matter to end users?

Computer security for many people is a matter of trust, blind faith even. As we use the internet for basically everything and our devices and networks become increasingly complex, it takes more time and effort to understand and verify each layer of technology (even more so for devices that are glued together and software that is hidden behind restrictive licenses). And because new solutions are built on top of existing legacy systems, we continue to rely on technology that does not always meet today's needs for security and privacy any longer.

Building a future-proof internet does not only require totally new and outrageous ideas, but also fixing persistent problems and outdated parts: you can only build a fancy new house on a strong foundation. This project aims to provide an alternative for a widely used component that handles one of the most common (open) image formats, PNG. To prevent errors in handling images and security vulnerabilities, an alternative component will be delivered that can easily be tested and verified for correctness. This helps website technology and applications used all over the world function a little bit safer.

