In March 2021, Electric Coin Co. engaged NCC Group to perform a review of the upcoming network protocol upgrade NU5 to the Zcash protocol (codenamed "Orchard"). The review was to be performed over multiple phases: first, the specification document changes and the relevant ZIPs, then, in June 2021, the implementation itself. The Public Report for … Continue reading Public Report – Zcash NU5 Cryptography Review
Category: Public Report
Public Report – WhatsApp End-to-End Encrypted Backups Security Assessment
During the summer of 2021, WhatsApp engaged NCC Group's Cryptography Services team to conduct an independent security assessment of its End-to-End Encrypted Backups project. End-to-End Encrypted Backups is an hardware security module (HSM) based key vault solution that aims to primarily support encrypted backup of WhatsApp user data. This assessment was performed remotely, as a … Continue reading Public Report – WhatsApp End-to-End Encrypted Backups Security Assessment
Public Report – Protocol Labs Groth16 Proof Aggregation: Cryptography and Implementation Review
During April 2021, Protocol Labs engaged NCC Group’s Cryptography Services team to conduct a cryptography and implementation review of the Groth16 proof aggregation functionality in the bellperson and two other related GitHub repositories. This code utilizes inner product arguments to efficiently aggregate existing Groth16 proofs while re-using existing powers of tau ceremony transcripts. Full source … Continue reading Public Report – Protocol Labs Groth16 Proof Aggregation: Cryptography and Implementation Review
Public Report – Dell Secured Component Verification
During February 2021, Dell engaged NCC Group to conduct a security assessment of their supply chain security functionality and related and supportive foundational security functionality on 14th and 15th generation Dell servers. Documentation and source code was provided as well as access to a running lab server via network access, with access to both the … Continue reading Public Report – Dell Secured Component Verification
Public Report – VPN by Google One: Technical Security & Privacy Assessment
During the fourth calendar quarter of 2020 and the first calendar quarter of 2021, NCC Group conducted an in-depth review of the VPN by Google One virtual private network system. The focus of the engagement was to assess the product’s technical security properties and review its associated privacy claims. The public report for this assessment … Continue reading Public Report – VPN by Google One: Technical Security & Privacy Assessment
Public Report – BLST Cryptographic Implementation Review
In October 2020, Supranational, Protocol Labs and the Ethereum Foundation engaged NCC Group’s Cryptography Services team to conduct a cryptographic implementation review of the BLST library. This library implements support for the draft IETF specifications on Hashing to Elliptic Curves and BLS Signatures. The latter specification uses advanced cryptographic-pairing operations to feature aggregation properties for … Continue reading Public Report – BLST Cryptographic Implementation Review
Public Report – Filecoin Bellman and BLS Signatures Cryptographic Review
In May 2020, Protocol Labs engaged NCC Group's Cryptography Services team to conduct a cryptography review of multiple Filecoin code repositories. Filecoin is a decentralized storage and content distribution network developed by Protocol Labs. These repositories implement finite field and group arithmetic, cryptographic pairings, SHA2 via intrinsics, BLS signatures and zk-SNARK operations. Taken together, these … Continue reading Public Report – Filecoin Bellman and BLS Signatures Cryptographic Review
Public Report – Electric Coin Company NU4 Cryptographic Specification and Implementation Review
In June 2020, the Electric Coin Company engaged NCC Group to conduct a security review of the six Zcash Improvement Proposals (ZIPs) that constitute the core of the upcoming Canopy (https://z.cash/upgrade/canopy/) upgrade (also called "NU4") to the Zcash network. This upgrade coincides with the first Zcash halving and will initiate a new development fund for … Continue reading Public Report – Electric Coin Company NU4 Cryptographic Specification and Implementation Review
Immortalising 20 Years of Epic Research
In December 2019 we launched this new technical security research blog site. As part of its launch we had cause to revisit our old blog website and found a myriad of forgotten whitepapers and conference presentations spanning NCC Group's history (formation in 1999). Deeply nested on our old blog site we found over 200 whitepapers … Continue reading Immortalising 20 Years of Epic Research
Public Report – Pixel 4/4XL and Pixel 4a ioXt Audit
NCC Group was contracted by Google to conduct a security assessment of the Pixel 4, Pixel 4XL, and Pixel 4a devices. This assessment was specifically focused on determining whether the devices comply with the ioXt Android Profile based on the ioXt Security Pledge. This assessment was performed between July 28 and August 7, 2020. The Google … Continue reading Public Report – Pixel 4/4XL and Pixel 4a ioXt Audit