Public Report – Entropy/Rust Cryptography Review
During the summer of 2023, Entropy Cryptography Inc engaged NCC Group’s Cryptography Services team to perform a cryptography and implementation review of several Rust-based libraries implementing constant-time big integer arithmetic, prime generation, and secp256k1 (k256) elliptic curve functionality. Two consultants performed the review within 40 person-days of effort, which included retesting and report generation.
The three primary code repositories in scope for this review were:
The review identified a range of issues that were addressed promptly once reported, with the proposed fixes aligning with the recommendations made in the report below.