The IACR’s annual Real World Cryptography (RWC) conference took place in Amsterdam a few weeks ago. It remains the best venue for highlights of cryptographic constructions and attacks for the real world. While the conference was fully remote last year, this year it was a 3-day hybrid event, live-streamed from a conference center in charming … Continue reading Real World Cryptography Conference 2022
Public Report – O(1) Labs Mina Client SDK, Signature Library and Base Components Cryptography and Implementation Review
During October 2021, O(1) Labs engaged NCC Group's Cryptography Services team to conduct a cryptography and implementation review of selected components within the main source code repository for the Mina project. Mina implements a cryptocurrency with a lightweight and constant-sized blockchain, where the code is primarily written in OCaml. The selected components involved the client … Continue reading Public Report – O(1) Labs Mina Client SDK, Signature Library and Base Components Cryptography and Implementation Review
BAT: a Fast and Small Key Encapsulation Mechanism
In this post we present a newly published key encapsulation mechanism (KEM) called BAT. It is a post-quantum algorithm, using NTRU lattices, and its main advantages are that it is both small and fast. The paper was accepted by TCHES (it should appear in volume 2022, issue 2) and is also available on ePrint: https://eprint.iacr.org/2022/031 … Continue reading BAT: a Fast and Small Key Encapsulation Mechanism
A deeper dive into CVE-2021-39137 – a Golang security bug that Rust would have prevented
This blog post discusses two erroneous computation patterns in Golang. By erroneous computation we mean simply that given certain input, a computer program with certain state returns incorrect output or enters an incorrect state.
Estimating the Bit Security of Pairing-Friendly Curves
Introduction The use of pairings in cryptography began in 1993, when an algorithm developed by Menezes, Okamoto and Vanstone, now known as the MOV-attack, described a sub-exponential algorithm for solving the discrete logarithm problem for supersingular elliptic curves.1 It wasn't until the following decade that efficient pairing-based algorithms were used constructively to build cryptographic protocols … Continue reading Estimating the Bit Security of Pairing-Friendly Curves
Public Report – WhatsApp opaque-ke Cryptographic Implementation Review
In June 2021, WhatsApp engaged NCC Group to conduct a security assessment of the 'opaque-ke' library, an open source Rust implementation of the OPAQUE password authenticated key exchange protocol. The protocol is designed to allow password-based authentication in such a way that a server does not actually learn the plaintext value of the client's password, … Continue reading Public Report – WhatsApp opaque-ke Cryptographic Implementation Review
Announcing NCC Group’s Cryptopals Guided Tour!
Hello and welcome to NCC Group's Cryptopals guided tour! This post is the first in a series of eight installments covering the solutions to the Cryptopals Crypto Challenges. These have been a long time coming, and we're excited to finally start bringing them to you. For those who don't know, Cryptopals is a series of … Continue reading Announcing NCC Group’s Cryptopals Guided Tour!
Public Report – Zendoo Proof Verifier Cryptography Review
During the summer of 2021, Horizen Labs engaged NCC Group to conduct a cryptography review of Zendoo protocol’s proof verifier. This system generates and verifies modified Marlin proofs with a polynomial commitment scheme based on the hardness of the discrete logarithm problem in prime-order groups. The system also provides optimized batch verification of accumulated proofs. … Continue reading Public Report – Zendoo Proof Verifier Cryptography Review
An Illustrated Guide to Elliptic Curve Cryptography Validation
Elliptic Curve Cryptography (ECC) has become the de facto standard for protecting modern communications. ECC is widely used to perform asymmetric cryptography operations, such as to establish shared secrets or for digital signatures. However, insufficient validation of public keys and parameters is still a frequent cause of confusion, leading to serious vulnerabilities, such as leakage … Continue reading An Illustrated Guide to Elliptic Curve Cryptography Validation
Technical Advisory – Arbitrary Signature Forgery in Stark Bank ECDSA Libraries (CVE-2021-43572, CVE-2021-43570, CVE-2021-43569, CVE-2021-43568, CVE-2021-43571)
Vendor: Stark Bank's open-source ECDSA cryptography libraries Vendor URL: https://starkbank.com/, https://github.com/starkbank/ Versions affected: - ecdsa-python (https://github.com/starkbank/ecdsa-python) v2.0.0 - ecdsa-java (https://github.com/starkbank/ecdsa-java) v1.0.0 - ecdsa-dotnet (https://github.com/starkbank/ecdsa-dotnet) v1.3.1 - ecdsa-elixir (https://github.com/starkbank/ecdsa-elixir) v1.0.0 - ecdsa-node (https://github.com/starkbank/ecdsa-node) v1.1.2 Author: Paul Bottinelli firstname.lastname@example.org Advisory URLs: - ecdsa-python: https://github.com/starkbank/ecdsa-python/releases/tag/v2.0.1 - ecdsa-java: https://github.com/starkbank/ecdsa-java/releases/tag/v1.0.1 - ecdsa-dotnet: https://github.com/starkbank/ecdsa-dotnet/releases/tag/v1.3.2 - ecdsa-elixir: https://github.com/starkbank/ecdsa-elixir/releases/tag/v1.0.1 - ecdsa-node: https://github.com/starkbank/ecdsa-node/releases/tag/v1.1.3 CVE … Continue reading Technical Advisory – Arbitrary Signature Forgery in Stark Bank ECDSA Libraries (CVE-2021-43572, CVE-2021-43570, CVE-2021-43569, CVE-2021-43568, CVE-2021-43571)