About Cryptography Services

Cryptographic operations tend to concentrate the confidentiality, integrity and authenticity assurances of an entire application into a very small high-value target. A specialized review of cryptographic implementation ensures that systems are designed, implemented, and operate correctly. Organizations often underestimate the need for cryptographic consulting as vulnerabilities can be obscure and poorly understood yet devastating. Systems operate seemingly correctly, but actually insecurely - a lurking risk that is taken advantage of at the worst time and in the worst way.

NCC Group’s Cryptography Services practice is a specialized team of consultants focusing exclusively on the most challenging projects involving cryptographic primitives, protocols, implementations, systems, and applications. The team combines years of experience in security with a life-long passion in cryptography to provide a unique and unmatched offering. We have a wealth of experience advising, building, breaking, fixing and deploying cryptographic solutions that our customers rely on for their core business, data protection, compliance, and security needs.

Service Offerings

• Strategic Cryptographic Advice
• Applied Cryptographic Design & Architecture Review
• Applied Cryptographic Software Assessment
• Core Cryptographic Primitive Review
• Blockchain and Crypto Reviews
• Protocol Review
• Product Review
• Applied Cryptography Training

Public audits and research

Here is a list of public audits we’ve done recently:

• IOV Labs powHSM Security Assessment
• Threshold ECDSA Cryptography Review (DFinity)
• go-cose Security Assessment
• BLST Cryptographic Implementation Review
• O(1) Labs Mina Client SDK, Signature Library and Base Components Cryptography and Implementation Review
• WhatsApp opaque-ke Cryptographic Implementation Review
• Zendoo Proof Verifier Cryptography Review
• Zcash NU5 Cryptography Review
• WhatsApp End-to-End Encrypted Backups Security Assessment
• Protocol Labs Groth16 Proof Aggregation: Cryptography and Implementation Review
• Filecoin Bellman and BLS Signatures Cryptographic Review
• Electric Coin Company NU4 Cryptographic Specification and Implementation Review
• Coda Cryptographic Review
• Apache Milagro MPC Security Assessment Public Report
• Public Report Rustcrypto AES GCM and Chacha20Poly1305 Implementation Review
• ZCash public report: NU3 Specification and Blossom Implementation Audit
• Padloc Cryptography Review
• ZCash public report: Blossom Specification Report
• Android Cloud Backup/Restore Google Audit

For our most recent blog posts, see the list of posts tagged with Cryptography on NCC Group’s Research blog as well as our blog archives.

• Breaking Pedersen Hashes in Practice
• A Primer On Slowable Encoders
• Announcing NCC Group’s Cryptopals Guided Tour: Set 2
• A jq255 Elliptic Curve Specification, and a Retrospective
• Constant-Time Data Processing At a Secret Offset, Privacy and QUIC
• Implementing the Castryck-Decru SIDH Key Recovery Attack in SageMath
• NIST Selects Post-Quantum Algorithms for Standardization
• Real World Cryptography Conference 2022
• A deeper dive into CVE-2021-39137 – a Golang security bug that Rust would have prevented
• Estimating the Bit Security of Pairing-Friendly Curves
• An Illustrated Guide to Elliptic Curve Cryptography Validation
• Technical Advisory – Arbitrary Signature Forgery in Stark Bank ECDSA Libraries (CVE-2021-43572, CVE-2021-43570, CVE-2021-43569, CVE-2021-43568, CVE-2021-43571)
• Cryptopals: Exploiting CBC Padding Oracles
• Announcing NCC Group’s Cryptopals Guided Tour!
• Optimizing Pairing-Based Cryptography: Montgomery Multiplication in Assembly
• On the Use of Pedersen Commitments for Confidential Payments
• Optimizing Pairing-Based Cryptography: Montgomery Arithmetic in Rust
• Software Verification And Analysis Using Z3
• Real World Cryptography Conference 2021: A Virtual Experience
• Double-odd Elliptic Curves
• Faster Modular Inversion and Legendre Symbol, and an X25519 Speed Record
• Technical Advisory – wolfSSL TLS 1.3 Client Man-in-the-Middle Attack (CVE-2020-24613)
• Security Considerations of zk-SNARK Parameter Multi-Party Computation
• Pairing over BLS12-381, Part 1: Fields
• Pairing over BLS12-381, Part 2: Curves
• Pairing over BLS12-381, Part 3: Pairing
• An implementation of BLS12-381 in Haskell
• Curve9767 and Fast Signature Validation
• Curve9767 Implementation
• How Cryptography is Used to Monitor the Spread of covid-19
• Exploring Verifiable Random Functions in Code
• Impact of DNS over HTTPS DoH on DNS Rebinding Attacks
• Smart Contracts Inside SGX Enclaves: Common Security Bug Patterns
• Reviewing Verifiable Random Functions
• Passive Decryption of Ethereum P2P traffic
• On Linux RNG
• Crypto-custody Solutions Open Forum Presentation
• Implementing Optimized Cryptography for Embedded Systems
• Fast and Secure Implementation of the Falcon Post Quantum Cryptography Signature Algorithm
• Encrypted Database Presentation at Blackhat
• The Longest Blockchain is not the Strongest Blockchain

Recent talks:

• Generating NTRU trapdoors the Lattice workshop talk
• Hardware-Backed Heist: Extracting ECDSA Keys from Qualcomm’s TrustZone
• Depressing the Crypto Economy with DoS Bugs

Recent papers:

• BAT: a Fast and Small Key Encapsulation Mechanism
• Paradoxical Compression with Verifiable Delay Functions
• Optimized Binary GCD for Modular Inversion
• Optimized Lattice Basis Reduction In Dimension 2, and Fast Schnorr and EdDSA Signature Verification
• Efficient Elliptic Curve Operations On Microcontrollers With Finite Field Extensions
• A Tour of Curve25519 in Erlang
• Coinbugs: Enumerating blockchain implementation vulnerabilities
• The T1 Programming Language
• Return of the Hidden Number Problem – A Widespread and Novel Key Extraction Attack on ECDSA and DSA
• Hardware-Backed Heist: Extracting ECDSA Keys from Qualcomm’s TrustZone

BearSSL and Constant-Time Toolkit (CTTK) projects are built and are currently maintained by members of this team. Matasano Crypto Challenges were written by ex-members of the NCC Crypto Services team, together with other projects such as the DASP project and OTF or Open Crypto Audit initiatives such as the OpenSSL and TrueCrypt audits.

About NCC Group

Offering a total information assurance solution for your business, NCC Group protects against risk. We provide freedom from doubt that business critical information, data, websites, applications and infrastructure are available, protected, and operating as they should be at all times. Our services include software escrow and verification, security testing, website performance, software testing and domain services.

Archive (2019 and before)

Below is a list of less recent blog posts and research.

• 21 Oct 2019 » Implementing Optimized Cryptography for Embedded Systems
• 18 Sep 2019 » Fast and Secure Implementations of the Falcon Post-Quantum Cryptography Signature Algorithm
• 21 May 2019 » The Longest Blockchain is not the Strongest Blockchain
• 17 Jan 2019 » The 9 Lives of Bleichenbacher's CAT: New Cache ATtacks on TLS Implementations
• 14 Dec 2018 » Bitcoin Orphan Transactions and CVE-2012-3789
• 30 Nov 2018 » Undefined Behavior Is Really Undefined
• 01 May 2018 » Ethereum Top 10 Security Vulnerabilities For Smart Contracts
• 21 Jul 2017 » Confidential Transactions from Basic Principles
• 03 Sep 2016 » New Practical Attacks on 64-bit Block Ciphers (3DES, Blowfish)
• 27 Jun 2016 » What are State-sized adversaries doing to spy on us? Or how to backdoor Diffie-Hellman
• 23 Jun 2016 » Real World Crypto 2017
• 27 Apr 2016 » The Noise Protocol Framework
• 12 Feb 2016 » Beyond the BEAST Returns to Black Hat USA
• 08 Dec 2015 » Hash-Based Signatures Part IV: XMSS and SPHINCS
• 07 Dec 2015 » Hash-Based Signatures Part III: Many-times Signatures
• 07 Dec 2015 » Hash-Based Signatures Part II: Few-Times Signatures
• 04 Dec 2015 » Hash-Based Signatures Part I: One-Time Signatures (OTS)
• 23 Sep 2015 » Announcing an east coast offering of our Beyond the BEAST Crypto Training
• 10 Sep 2015 » Factoring RSA Keys With TLS Perfect Forward Secrecy
• 12 Jun 2015 » Analysis of Boomerang Differential Trials via a SAT-Based Constraint Solver URSA
• 21 Apr 2015 » A back-to-front TrueCrypt recovery story: the plaintext is the ciphertext
• 09 Mar 2015 » OpenSSL Audit
• 18 Feb 2015 » Truecrypt Phase Two Audit Announced
• 11 Feb 2015 » CS Debuts Crypto Training at Black Hat
• 08 Dec 2014 » Code Execution In Spite Of BitLocker