Back
Thomas Pornin
Cryptography
Public Reports

December 14, 2023

1 min read

Public Report – Security Review of RSA Blind Signatures with Public Metadata

During the Autumn of 2023, Google engaged NCC Group to conduct a security assessment of the white paper entitled RSA Blind Signatures with Public Metadata, along with the corresponding IETF draft for Partially Blind RSA Signatures. The work is inspired by the growing importance of anonymous tokens for the privacy of real-world applications. In particular, the paper aims to modify the standard RSA Blind signature protocol such that signatures can only be generated for a specific choice of public metadata.

The security assessment of the protocol was performed through an analysis of both the whitepaper and online draft, with direct communication with the Google team. Additionally, a SageMath implementation of the protocol was written following the specification outlined in the IETF draft. The review was performed by three consultants over two weeks for a total of fifteen person-days.

In early November 2023, a retest was performed by two consultants, for four person-days of additional efforts.

NCC_Group_Google_E008730_Report_2023-12-08_v1.1-1Download
Published by Thomas Pornin

Here are some related articles you may find interesting

Ghidra nanoMIPS ISA module

Introduction In late 2023 and early 2024, the NCC Group Hardware and Embedded Systems practice undertook an engagement to reverse engineer baseband firmware on several smartphones. This included MediaTek 5G baseband firmware based on the nanoMIPS architecture. While we were aware of some nanoMIPS modules for Ghidra having been developed…

Hardware & Embedded Systems
Reverse Engineering
Tool Release

May 7, 2024

6 mins read

Sifting through the spines: identifying (potential) Cactus ransomware victims

Authored by Willem Zeeman and Yun Zheng Hu This blog is part of a series written by various Dutch cyber security firms that have collaborated on the Cactus ransomware group, which exploits Qlik Sense servers for initial access. To view all of them please check the central blog by Dutch…

Digital Forensics and Incident Response (DFIR)
Fox-IT and European Research
Vulnerability Research

April 25, 2024

7 mins read

Public Report – Confidential Mode for Hyperdisk – DEK Protection Analysis

During the spring of 2024, Google engaged NCC Group to conduct a design review of Confidential Mode for Hyperdisk (CHD) architecture in order to analyze how the Data Encryption Key (DEK) that encrypts data-at-rest is protected. The project was 10 person days and the goal is to validate that the…

Public Reports

April 12, 2024

1 min read

Previous post Next post

View articles by category

Most popular posts

Most recent posts

Call us before you need us.

Our experts will help you.

Get in touch