Public Report – WhatsApp End-to-End Encrypted Backups Security Assessment

During the summer of 2021, WhatsApp engaged NCC Group's Cryptography Services team to conduct an independent security assessment of its End-to-End Encrypted Backups project. End-to-End Encrypted Backups is an hardware security module (HSM) based key vault solution that aims to primarily support encrypted backup of WhatsApp user data. This assessment was performed remotely, as a … Continue reading Public Report – WhatsApp End-to-End Encrypted Backups Security Assessment

Paradoxical Compression with Verifiable Delay Functions

We present here a new construction which has no real immediate usefulness, but is a good illustration of a fundamental concept of cryptography, namely that there is a great difference between knowing that some mathematical object exists, and being able to build it in practice. Thus, this construction can be thought of as having some … Continue reading Paradoxical Compression with Verifiable Delay Functions

Optimizing Pairing-Based Cryptography: Montgomery Multiplication in Assembly

This is the second blog post in a new code-centric series about selected optimizations found in pairing-based cryptography. Pairing operations are foundational to the BLS Signatures central to Ethereum 2.0, the zero-knowledge arguments underpinning Filecoin, and a wide variety of other emerging applications. While my prior blog series, "Pairing over BLS12-381," implemented the entire pairing … Continue reading Optimizing Pairing-Based Cryptography: Montgomery Multiplication in Assembly

Conference Talks – September 2021

This month, members of NCC Group will be presenting their work at the following conferences: Javed Samuel, "Overview of Open-Source Cryptography Vulnerabilities", to be presented at the International Cryptographic Module Conference 2021 (Virtual - Sept 3 2021)Robert Seacord, "Secure Coding", to be presented at Auto ISAC Analysts (Virtual - Sept 7 2021)Erik Steringer, "Automating AWS … Continue reading Conference Talks – September 2021

On the Use of Pedersen Commitments for Confidential Payments

The increased adoption of financial blockchains has fueled a lot of cryptography research in recent years. One area of high interest is transaction confidentiality which requires hiding investors' account balances and transaction amounts, while enforcing compliance rules and performing validity checks on all activities. This blog post will look at the Zether [2] protocol, which … Continue reading On the Use of Pedersen Commitments for Confidential Payments

Optimizing Pairing-Based Cryptography: Montgomery Arithmetic in Rust

This is the first blog post in a new code-centric series about selected optimizations found in pairing-based cryptography. Pairing operations are foundational to the BLS Signatures [1] central to Ethereum 2.0, zero-knowledge arguments central to Zcash and Filecoin [2], and a wide variety of other emerging applications. A prior blog series implemented the entire pairing … Continue reading Optimizing Pairing-Based Cryptography: Montgomery Arithmetic in Rust

Public Report – Protocol Labs Groth16 Proof Aggregation: Cryptography and Implementation Review

During April 2021, Protocol Labs engaged NCC Group’s Cryptography Services team to conduct a cryptography and implementation review of the Groth16 proof aggregation functionality in the bellperson and two other related GitHub repositories. This code utilizes inner product arguments to efficiently aggregate existing Groth16 proofs while re-using existing powers of tau ceremony transcripts. Full source … Continue reading Public Report – Protocol Labs Groth16 Proof Aggregation: Cryptography and Implementation Review

Cryptopals: Exploiting CBC Padding Oracles

This is a write-up of the classic padding oracle attack on CBC-mode block ciphers. If you've done the Cryptopals cryptography challenges, you'll remember it as challenge 17. This is a famous and elegant attack. With it, we will see how even a small data leak (in this case, the presence of a "padding oracle" - … Continue reading Cryptopals: Exploiting CBC Padding Oracles

Software Verification and Analysis Using Z3

We provide a technical introduction on how to leverage the Z3 Theorem Prover to reason about the correctness of cryptographic software, protocols and otherwise, and to identify potential security vulnerabilities. We cover two distinct use cases: modeling and analysis of an algorithm documented in an old version of the QUIC Transport protocol IETF draft; modeling of specific finite field arithmetic operations for elliptic curve cryptography, with integers represented using a uniform saturated limb schedule, to prove equivalence with arbitrary-precision arithmetic, and for test cases generation.

Real World Cryptography Conference 2021: A Virtual Experience

Earlier this month, our Cryptography Services team got together and attended (virtually) the IACR's annual Real World Cryptography (RWC) conference. RWC is a fantastic venue for the latest results in real world cryptography from industry and academia. Holding this conference virtually inevitably introduced some changes: to accommodate as many time zones as possible, the daily … Continue reading Real World Cryptography Conference 2021: A Virtual Experience