Public Report – Filecoin Bellman and BLS Signatures Cryptographic Review

In May 2020, Protocol Labs engaged NCC Group's Cryptography Services team to conduct a cryptography review of multiple Filecoin code repositories. Filecoin is a decentralized storage and content distribution network developed by Protocol Labs. These repositories implement finite field and group arithmetic, cryptographic pairings, SHA2 via intrinsics, BLS signatures and zk-SNARK operations. Taken together, these … Continue reading Public Report – Filecoin Bellman and BLS Signatures Cryptographic Review

Public Report – Electric Coin Company NU4 Cryptographic Specification and Implementation Review

In June 2020, the Electric Coin Company engaged NCC Group to conduct a security review of the six Zcash Improvement Proposals (ZIPs) that constitute the core of the upcoming Canopy (https://z.cash/upgrade/canopy/) upgrade (also called "NU4") to the Zcash network. This upgrade coincides with the first Zcash halving and will initiate a new development fund for … Continue reading Public Report – Electric Coin Company NU4 Cryptographic Specification and Implementation Review

Immortalising 20 Years of Epic Research

In December 2019 we launched this new technical security research blog site. As part of its launch we had cause to revisit our old blog website and found a myriad of forgotten whitepapers and conference presentations spanning NCC Group's history (formation in 1999). Deeply nested on our old blog site we found over 200 whitepapers … Continue reading Immortalising 20 Years of Epic Research

Public Report – Pixel 4/4XL and Pixel 4a ioXt Audit

NCC Group was contracted by Google to conduct a security assessment of the Pixel 4, Pixel 4XL, and Pixel 4a devices. This assessment was specifically focused on determining whether the devices comply with the ioXt Android Profile based on the ioXt Security Pledge. This assessment was performed between July 28 and August 7, 2020. The Google … Continue reading Public Report – Pixel 4/4XL and Pixel 4a ioXt Audit

Public Report – Qredo Apache Milagro MPC Cryptographic Assessment

During the spring of 2020, Qredo engaged NCC Group Cryptography Services to conduct a security assessment of the Apache Milagro MPC library. This library implements the primitives necessary to instantiate the multi-party ECDSA signature scheme provided in Gennaro and Goldfeder’s Fast Multiparty Threshold ECDSA with Fast Trustless Setup. This assessment occurred over the course of … Continue reading Public Report – Qredo Apache Milagro MPC Cryptographic Assessment

Public Report – Coda Cryptographic Review

During the spring of 2020, O(1) Labs engaged NCC Group to conduct a cryptographic assessment of Coda Protocol. This cryptocurrency leverages state-of-the art cryptographic constructions to provide traditional cryptocurrency applications with a more lightweight blockchain. This assessment focused on the core cryptographic primitives as well as the overlaid protocol. The O(1) Labs team provided source … Continue reading Public Report – Coda Cryptographic Review

Public Report – RustCrypto AES/GCM and ChaCha20+Poly1305 Implementation Review

In December 2019, MobileCoin engaged NCC Group to conduct a review of the AES/GCM and ChaCha20+Poly1305 implementations provided by the RustCrypto/AEADs crates. The intended usage context of these crates includes SGX enclaves, making timing-related side channel attacks relevant to this assessment. Two consultants provided five person-days of effort. The Public Report for this audit may … Continue reading Public Report – RustCrypto AES/GCM and ChaCha20+Poly1305 Implementation Review

Public Report – Electric Coin Company NU3 Specification and Blossom Implementation Audit

In October 2019, the Electric Coin Company engaged NCC Group to conduct a review of two Zcash improvement proposals (ZIP 213 and ZIP 221) and of the implementation of ZIP 208 within the Zcash node implementation. ZIP 213 proposes a change to consensus rules to allow coinbase transactions to target shielded addresses.  ZIP 221 describes … Continue reading Public Report – Electric Coin Company NU3 Specification and Blossom Implementation Audit