Research Blog

Insights and research from our global cybersecurity team.

Filter Content

Public Report – Entropy/Rust Cryptography Review

During the summer of 2023, Entropy Cryptography Inc engaged NCC Group’s Cryptography Services team to perform a cryptography and implementation review of several Rust-based libraries implementing constant-time big integer arithmetic, prime generation, and secp256k1 (k256) elliptic curve functionality. Two consultants performed the review within 40 person-days of effort, which included…

Read more

August 30, 2023

1 min read

Read more

SIAM AG23: Algebraic Geometry with Friends

I recently returned from Eindhoven, where I had the pleasure of giving a talk on some recent progress in isogeny-based cryptography at the SIAM Conference on Applied Algebraic Geometry (SIAM AG23). Firstly, I want to thank Tanja Lange, Krijn Reijnders and Monika Trimoska, who orgainsed the mini-symposium on the application…

Read more

August 29, 2023

13 mins read

Read more

5G security – how to minimise the threats to a 5G network

To ensure security of new 5G telecom networks, NCC Group has been providing guidance, conducting code reviews, red team engagements and pentesting 5G standalone and non-standalone networks since 2019. As with any network various attackers are motivated by different reasons. An attacker could be motivated to either gain information about…

Read more

Real World Cryptography Conference 2023 – Part II

After a brief interlude, filled with several articles from the Cryptography Services team, we’re back with our final thoughts from this year’s Real World Cryptography Conference. In case you missed it, check out Part I for more insights. Interoperability in E2EE Messaging A specter is haunting Europe – the specter…

Read more

August 25, 2023

9 mins read

Read more

Technical Advisory – SonicWall Global Management System (GMS) & Analytics – Multiple Critical Vulnerabilities

Multiple Unauthenticated SQL Injection Issues Security Filter Bypass – CVE-2023-34133 Description The GMS web application was found to be vulnerable to numerous SQL injection issues. Additionally, security mechanisms that were in place to help prevent against SQL Injection attacks could be bypassed. Impact An unauthenticated attacker could exploit these issues…

Read more

August 24, 2023

11 mins read

Read more

LeaPFRogging PFR Implementations

Back in October of 2022, this announcement by AMI caught my eye. AMI has contributed a product named “Tektagon Open Edition” to the Open Compute Project (OCP).  Tektagon OpenEdition is an open-source Platform Root of Trust (PRoT) solution with foundational firmware security features that detect platform firmware corruption, recover the…

Read more

Dancing Offbit: The Story of a Single Character Typo that Broke a ChaCha-Based PRNG

Random number generators are the backbone of most cryptographic protocols, the crucial cornerstone upon which the security of all systems rely, yet they remain often overlooked. This blog post presents a real-world vulnerability discovered in the implementation of a Pseudo-Random Number Generator (PRNG) based on the ChaCha20 cipher. Discovery of…

Read more

August 22, 2023

5 mins read

Read more

Public Report – Penumbra Labs R1CS Implementation Review

In July 2023 Penumbra Labs engaged NCC Group’s Cryptography Services team to perform an implementation review of their Rank-1 Constraint System (R1CS) code and the associated zero-knowledge proofs within the Penumbra system. These proofs are built upon decaf377 and poseidon377, which have been previously audited by NCC Group, with a…

Read more

Demystifying Multivariate Cryptography

As the name suggests, multivariate cryptography refers to a class of public-key cryptographic schemes that use multivariate polynomials over a finite field. Solving systems of multivariate polynomials is known to be NP-complete, thus multivariate constructions are top contenders for post-quantum cryptography standards. In fact, 11 out of the 50 submissions…

Read more

August 18, 2023

17 mins read

Read more

Building Intuition for Lattice-Based Signatures – Part 2: Fiat-Shamir with Aborts

Introduction This two-part blog series aims to build some intuition for the main techniques that are used to construct lattice-based signatures, focusing in particular on the techniques underlying Falcon and Dilithium, the two lattice-based signature schemes selected for standardization by the National Institute of Standards and Technology (NIST). In part…

Read more

August 17, 2023

13 mins read

Read more

No Results Found :(

Call us before you need us.

Our experts will help you.

Get in touch