Faster Modular Inversion and Legendre Symbol, and an X25519 Speed Record

Elliptic curves are commonly used to implement asymmetric cryptographic operations such as key exchange and signatures. These operations are used in many places, in particular to initiate secure network connections within protocols such as TLS and Noise. However, they are relatively expensive in terms of computing resources, especially for low-end embedded systems, which run on … Continue reading Faster Modular Inversion and Legendre Symbol, and an X25519 Speed Record

Public Report – Electric Coin Company NU4 Cryptographic Specification and Implementation Review

In June 2020, the Electric Coin Company engaged NCC Group to conduct a security review of the six Zcash Improvement Proposals (ZIPs) that constitute the core of the upcoming Canopy (https://z.cash/upgrade/canopy/) upgrade (also called "NU4") to the Zcash network. This upgrade coincides with the first Zcash halving and will initiate a new development fund for … Continue reading Public Report – Electric Coin Company NU4 Cryptographic Specification and Implementation Review

Technical Advisory – wolfSSL TLS 1.3 Client Man-in-the-Middle Attack (CVE-2020-24613)

wolfSSL is a C-language-based SSL/TLS library targeted at IoT, embedded, and RTOS environments. wolfSSL incorrectly implements the TLS 1.3 client state machine. This allows attackers in a privileged network position to completely impersonate any TLS 1.3 servers and read or modify potentially sensitive information between clients using the wolfSSL library and these TLS servers.

Pairing over BLS12-381, Part 3: Pairing!

This is the last of three code-centric blog posts on pairing based cryptography. Support for these operations in an Ethereum precompiled contract has been proposed [1], and support for a related pairing configuration in precompiled contracts is already in operation [2, 3]. The first post [4] covered modular arithmetic, finite fields, the embedding degree, and … Continue reading Pairing over BLS12-381, Part 3: Pairing!

Public Report – Qredo Apache Milagro MPC Cryptographic Assessment

During the spring of 2020, Qredo engaged NCC Group Cryptography Services to conduct a security assessment of the Apache Milagro MPC library. This library implements the primitives necessary to instantiate the multi-party ECDSA signature scheme provided in Gennaro and Goldfeder’s Fast Multiparty Threshold ECDSA with Fast Trustless Setup. This assessment occurred over the course of … Continue reading Public Report – Qredo Apache Milagro MPC Cryptographic Assessment

Pairing over BLS12-381, Part 2: Curves

This is the second of three code-centric blog posts on pairing based cryptography. The first post [1] covered modular arithmetic, finite fields, the embedding degree, and presented an implementation of a 12-degree prime extension field tower. The series will ultimately conclude with a detailed review of the popular BLS12-381 pairing operations found in a variety … Continue reading Pairing over BLS12-381, Part 2: Curves

Pairing over BLS12-381, Part 1: Fields

This is the first of three code-centric blog posts on pairing based cryptography. The series will ultimately conclude with a detailed review of the popular BLS12-381 pairing operations found in a variety of applications such as BLS signatures [1]. Support for these operations in an Ethereum precompiled contract has been proposed [2], and support for … Continue reading Pairing over BLS12-381, Part 1: Fields

Security Considerations of zk-SNARK Parameter Multi-Party Computation

The secure generation of parameters for zk-SNARKs is a crucial step in the trustworthiness of the resulting proof system. By highlighting some potential pitfalls and important security considerations of these implementations, NCC Group hopes to provide helpful pointers to all implementers and avoid the introduction of vulnerabilities detrimental to the confidence users have in the different applications of these systems.

Public Report – Coda Cryptographic Review

During the spring of 2020, O(1) Labs engaged NCC Group to conduct a cryptographic assessment of Coda Protocol. This cryptocurrency leverages state-of-the art cryptographic constructions to provide traditional cryptocurrency applications with a more lightweight blockchain. This assessment focused on the core cryptographic primitives as well as the overlaid protocol. The O(1) Labs team provided source … Continue reading Public Report – Coda Cryptographic Review

Curve9767 and Fast Signature Verification

This post is about elliptic curves as they are used in cryptography, in particular for signatures. There are many ways to define specific elliptic curves that strive to offer a good balance between security and performance; here, I am talking about specific contributions of mine: a new curve definition, and some algorithmic improvements that target … Continue reading Curve9767 and Fast Signature Verification