An Illustrated Guide to Elliptic Curve Cryptography Validation

Elliptic Curve Cryptography (ECC) has become the de facto standard for protecting modern communications. ECC is widely used to perform asymmetric cryptography operations, such as to establish shared secrets or for digital signatures. However, insufficient validation of public keys and parameters is still a frequent cause of confusion, leading to serious vulnerabilities, such as leakage … Continue reading An Illustrated Guide to Elliptic Curve Cryptography Validation

Technical Advisory – Arbitrary Signature Forgery in Stark Bank ECDSA Libraries (CVE-2021-43572, CVE-2021-43570, CVE-2021-43569, CVE-2021-43568, CVE-2021-43571)

Vendor: Stark Bank's open-source ECDSA cryptography libraries Vendor URL: https://starkbank.com/, https://github.com/starkbank/ Versions affected: - ecdsa-python (https://github.com/starkbank/ecdsa-python) v2.0.0 - ecdsa-java (https://github.com/starkbank/ecdsa-java) v1.0.0 - ecdsa-dotnet (https://github.com/starkbank/ecdsa-dotnet) v1.3.1 - ecdsa-elixir (https://github.com/starkbank/ecdsa-elixir) v1.0.0 - ecdsa-node (https://github.com/starkbank/ecdsa-node) v1.1.2 Author: Paul Bottinelli paul.bottinelli@nccgroup.com Advisory URLs: - ecdsa-python: https://github.com/starkbank/ecdsa-python/releases/tag/v2.0.1 - ecdsa-java: https://github.com/starkbank/ecdsa-java/releases/tag/v1.0.1 - ecdsa-dotnet: https://github.com/starkbank/ecdsa-dotnet/releases/tag/v1.3.2 - ecdsa-elixir: https://github.com/starkbank/ecdsa-elixir/releases/tag/v1.0.1 - ecdsa-node: https://github.com/starkbank/ecdsa-node/releases/tag/v1.1.3 CVE … Continue reading Technical Advisory – Arbitrary Signature Forgery in Stark Bank ECDSA Libraries (CVE-2021-43572, CVE-2021-43570, CVE-2021-43569, CVE-2021-43568, CVE-2021-43571)

Public Report – Zcash NU5 Cryptography Review

In March 2021, Electric Coin Co. engaged NCC Group to perform a review of the upcoming network protocol upgrade NU5 to the Zcash protocol (codenamed "Orchard"). The review was to be performed over multiple phases: first, the specification document changes and the relevant ZIPs, then, in June 2021, the implementation itself.  The Public Report for … Continue reading Public Report – Zcash NU5 Cryptography Review

Public Report – WhatsApp End-to-End Encrypted Backups Security Assessment

During the summer of 2021, WhatsApp engaged NCC Group's Cryptography Services team to conduct an independent security assessment of its End-to-End Encrypted Backups project. End-to-End Encrypted Backups is an hardware security module (HSM) based key vault solution that aims to primarily support encrypted backup of WhatsApp user data. This assessment was performed remotely, as a … Continue reading Public Report – WhatsApp End-to-End Encrypted Backups Security Assessment

Cracking Random Number Generators using Machine Learning – Part 2: Mersenne Twister

Outline 1. Introduction2. How does MT19937 PRNG work?3. Using Neural Networks to model the MT19937 PRNG3.1 Using NN for State Twisting3.1.1 Data Preparation3.1.2 Neural Network Model Design3.1.3 Optimizing the NN Inputs3.1.4 Model Results3.1.5 Model Deep Dive3.1.5.1 Model First Layer Connections3.1.5.2 The Logic Closed-Form from the State Twisting Model Output3.2 Using NN for State Tempering3.2.1 Data Preparation3.2.2 … Continue reading Cracking Random Number Generators using Machine Learning – Part 2: Mersenne Twister

Cracking Random Number Generators using Machine Learning – Part 1: xorshift128

Outline 1. Introduction2. How does xorshift128 PRNG work?3. Neural Networks and XOR gates4. Using Neural Networks to model the xorshift128 PRNG4.1 Neural Network Model Design4.2 Model Results4.3 Model Deep Dive5. Creating a machine-learning-resistant version of xorshift1286. Conclusion 1. Introduction This blog post proposes an approach to crack Pseudo-Random Number Generators (PRNGs) using machine learning. By cracking … Continue reading Cracking Random Number Generators using Machine Learning – Part 1: xorshift128

Paradoxical Compression with Verifiable Delay Functions

We present here a new construction which has no real immediate usefulness, but is a good illustration of a fundamental concept of cryptography, namely that there is a great difference between knowing that some mathematical object exists, and being able to build it in practice. Thus, this construction can be thought of as having some … Continue reading Paradoxical Compression with Verifiable Delay Functions

Optimizing Pairing-Based Cryptography: Montgomery Multiplication in Assembly

This is the second blog post in a new code-centric series about selected optimizations found in pairing-based cryptography. Pairing operations are foundational to the BLS Signatures central to Ethereum 2.0, the zero-knowledge arguments underpinning Filecoin, and a wide variety of other emerging applications. While my prior blog series, "Pairing over BLS12-381," implemented the entire pairing … Continue reading Optimizing Pairing-Based Cryptography: Montgomery Multiplication in Assembly

Conference Talks – September 2021

This month, members of NCC Group will be presenting their work at the following conferences: Javed Samuel, "Overview of Open-Source Cryptography Vulnerabilities", to be presented at the International Cryptographic Module Conference 2021 (Virtual - Sept 3 2021)Robert Seacord, "Secure Coding", to be presented at Auto ISAC Analysts (Virtual - Sept 7 2021)Erik Steringer, "Automating AWS … Continue reading Conference Talks – September 2021

On the Use of Pedersen Commitments for Confidential Payments

The increased adoption of financial blockchains has fueled a lot of cryptography research in recent years. One area of high interest is transaction confidentiality which requires hiding investors' account balances and transaction amounts, while enforcing compliance rules and performing validity checks on all activities. This blog post will look at the Zether [2] protocol, which … Continue reading On the Use of Pedersen Commitments for Confidential Payments