In May 2020, Protocol Labs engaged NCC Group’s Cryptography Services team to conduct a cryptography review of multiple Filecoin code repositories. Filecoin is a decentralized storage and content distribution network developed by Protocol Labs. These repositories implement finite field and group arithmetic, cryptographic pairings, SHA2 via intrinsics, BLS signatures and zk-SNARK operations. Taken together, these operations deliver the cutting-edge cryptographic primitives which are central to the security of the Filecoin network. This network relies upon *provable* security and authenticity to ensure user data is stored correctly and securely over time. The assessment was open-ended but was time-boxed to eleven person-days of effort. The assessment was followed by a brief retest of several findings in June 2020.
The report may be downloaded below: