About Cryptography Services

Cryptographic operations tend to concentrate the confidentiality, integrity and authenticity assurances of an entire application into a very small high-value target. A specialized review of cryptographic implementation ensures that systems are designed, implemented, and operate correctly. Organizations often underestimate the need for cryptographic consulting as vulnerabilities can be obscure and poorly understood yet devastating. Systems operate seemingly correctly, but actually insecurely - a lurking risk that is taken advantage of at the worst time and in the worst way.

NCC Group’s Cryptography Services practice is a specialized team of consultants focusing exclusively on the most challenging projects involving cryptographic primitives, protocols, implementations, systems, and applications. The team combines years of experience in security with a life-long passion in cryptography to provide a unique and unmatched offering. We have a wealth of experience advising, building, breaking, fixing and deploying cryptographic solutions that our customers rely on for their core business, data protection, compliance, and security needs.

Service Offerings

Public audits and research

Here is a list of public audits we’ve done recently:

For our most recent blog posts, see the list of posts tagged with Cryptography on NCC Group’s Research blog as well as our blog archives.

Recent talks:

Recent papers:

BearSSL and Constant-Time Toolkit (CTTK) projects are built and are currently maintained by members of this team. Matasano Crypto Challenges were written by ex-members of the NCC Crypto Services team, together with other projects such as the DASP project and OTF or Open Crypto Audit initiatives such as the OpenSSL and TrueCrypt audits.

About NCC Group

Offering a total information assurance solution for your business, NCC Group protects against risk. We provide freedom from doubt that business critical information, data, websites, applications and infrastructure are available, protected, and operating as they should be at all times. Our services include software escrow and verification, security testing, website performance, software testing and domain services.

Archive (2019 and before)

Below is a list of less recent blog posts and research.