Implementing the Castryck-Decru SIDH Key Recovery Attack in SageMath

Introduction Last weekend (July 30th) a truly incredible piece of mathematical/cryptanalysis research was put onto eprint. Wouter Castryck and Thomas Decru of KU Leuven published a paper "An efficient key recovery attack on SIDH (preliminary version)" describing a new attack on the Supersingular Isogeny Diffie-Hellman (SIDH) protocol together with a corresponding proof-of-concept implementation. SIDH is … Continue reading Implementing the Castryck-Decru SIDH Key Recovery Attack in SageMath

NIST Selects Post-Quantum Algorithms for Standardization

Last week, NIST announced some algorithms selected for standardization as part of their Post-Quantum Cryptography project. This is a good opportunity to recall the history of this process, observe its current state, and comment on the selected algorithms. It is important to remember that the process is not finished: round 4 has started, and should … Continue reading NIST Selects Post-Quantum Algorithms for Standardization

Public Report – Threshold ECDSA Cryptography Review

In March 2022, DFINITY engaged NCC Group to conduct a security and cryptography review of a threshold ECDSA implementation, which follows a novel approach described in the reference paper entitled "Design and analysis of a distributed ECDSA signing service" and available on the IACR ePrint archive at https://eprint.iacr.org/2022/506. The threshold ECDSA protocol will be deployed into … Continue reading Public Report – Threshold ECDSA Cryptography Review

Public Report – go-cose Security Assessment

In April and May 2022, NCC Group Cryptography Services engaged in a security and cryptography assessment reviewing Microsoft's contributions to the go-cose library, a Go library implementing signing and verification for CBOR Object Signing and Encryption (COSE), as specified in RFC 8152. This library focuses on a minimal feature set to enable the signing and verification of … Continue reading Public Report – go-cose Security Assessment

Real World Cryptography Conference 2022

The IACR’s annual Real World Cryptography (RWC) conference took place in Amsterdam a few weeks ago. It remains the best venue for highlights of cryptographic constructions and attacks for the real world. While the conference was fully remote last year, this year it was a 3-day hybrid event, live-streamed from a conference center in charming … Continue reading Real World Cryptography Conference 2022

Public Report – O(1) Labs Mina Client SDK, Signature Library and Base Components Cryptography and Implementation Review

During October 2021, O(1) Labs engaged NCC Group's Cryptography Services team to conduct a cryptography and implementation review of selected components within the main source code repository for the Mina project. Mina implements a cryptocurrency with a lightweight and constant-sized blockchain, where the code is primarily written in OCaml. The selected components involved the client … Continue reading Public Report – O(1) Labs Mina Client SDK, Signature Library and Base Components Cryptography and Implementation Review

BAT: a Fast and Small Key Encapsulation Mechanism

In this post we present a newly published key encapsulation mechanism (KEM) called BAT. It is a post-quantum algorithm, using NTRU lattices, and its main advantages are that it is both small and fast. The paper was accepted by TCHES (it should appear in volume 2022, issue 2) and is also available on ePrint: https://eprint.iacr.org/2022/031Continue reading BAT: a Fast and Small Key Encapsulation Mechanism

Estimating the Bit Security of Pairing-Friendly Curves

Introduction The use of pairings in cryptography began in 1993, when an algorithm developed by Menezes, Okamoto and Vanstone, now known as the MOV-attack, described a sub-exponential algorithm for solving the discrete logarithm problem for supersingular elliptic curves.1 It wasn't until the following decade that efficient pairing-based algorithms were used constructively to build cryptographic protocols … Continue reading Estimating the Bit Security of Pairing-Friendly Curves

Public Report – WhatsApp opaque-ke Cryptographic Implementation Review

In June 2021, WhatsApp engaged NCC Group to conduct a security assessment of the 'opaque-ke' library, an open source Rust implementation of the OPAQUE password authenticated key exchange protocol. The protocol is designed to allow password-based authentication in such a way that a server does not actually learn the plaintext value of the client's password, … Continue reading Public Report – WhatsApp opaque-ke Cryptographic Implementation Review