Cryptography Services Blog Archive
2019
FALCON is a novel post-quantum signature algorithm based on Fast-Fourrier Lattice-based Compact Signatures over NTRU. Signing in FALCON involve the use of complex numbers, which can be approximated with IEEE-754 double precision (binary64) floating point numbers. This presents a problem when targeting ARM Cortex-M4. As mentioned above, the processor optionally supports single precision floating point numbers only. How do we solve this dilemma?
Falcon is new lattice-based post-quantum signature algorithm, which offers compact signatures and keys, and good performance. An efficient, portable and secure implementation is published, that can work on both big servers, and small embedded constrained systems.
A common misunderstanding of Nakamoto Consensus, even present in the original Bitcoin whitepaper and implementation, is that the miners follow the chain with the greatest number of blocks. The ’longest’ blockchain is not necessarily the ‘strongest’ blockchain, and there are several attacks that network participants can execute in the case where the longest chain is considered the valid one.
2018
Before developing or reviewing blockchain client software, surveying previously known blockchain software vulnerabilities (notably, Bitcoin, given the amount of audit it received) should be done.
In C and C++, there is such a thing as ‘Undefined Behavior’, by which the relevant standards mean to say that anything goes. They really mean it.
I am pleased to announce the launch of the Decentralized Application Security Project (DASP), an open and collaborative project to categorize and rank all known smart contract vulnerabilities.
2017
Bitcoin today publicly reveals how much Bitcoin is sent in every transaction. Some cryptocurrencies wish to make these values private by default, but this comes with some mathematical challenges. We explain here what construct confidential transactions, assuming a basic background in cryptography and algebra.
2016
A pair of researchers from INRIA have identified a new technique called Sweet32. This attack exploits known blockcipher vulnerabilities (collision/birthday attacks) against 64-bit block ciphers like 3DES and Blowfish. It affects any protocol making use of these “light” blockciphers along with CBC-mode for a long period of time without re-keying. While cryptographers have long known that combining block ciphers with long lasting connections have these security implications, but it is relatively easy for product maintainers or users of various software to create vulnerable conditions.
2015
This is the last blogpost on this series on hash-based signatures. We will finally see how the state-of-the-art hash-based signatures schemes XMSS and SPHINCS works on the surface.
This is part 3 of our series on hash-based signatures. We will see the first practical hash-based signature scheme invented by Merkle and built on top of one-time signature schemes.
This is part 2 of our series on hash-based signatures. After seeing how one-time signatures can be made out of hash functions, we will see how we can build schemes that allow us to sign a few times without security issues.
PQCrypto recently announced their initial recommendations for post-quantum cryptographic algorithms. For signatures two algorithms were listed, both hash-based signatures schemes, XMSS and SPHINCS. Such schemes are built on top of what we call one-time signatures schemes (OTS). Here’s an explanation of what they are.
November 17th and 18th will be an offering of our Beyond the BEAST training in New York City, previously seen at Black Hat. Contact us right away to reserve your seat!
Florian Weimer from the Red Hat Product Security team has just released a technical report entitled “Factoring RSA Keys With TLS Perfect Forward Secrecy
Common previous applications of SAT solvers in cryptanalysis include directly encoding the cryptographic primitive into logical equations and then trying to solve such equations. The unknown variables are typically the secret key bits (or unknown message bits, in attempts to obtain a pre image of a hash function) and the equations are built using known plaintext/ciphertext or hash digest. Such attempts, however, typically go only through a small number of rounds of a cryptographic primitive, as the problem the SAT solver is given is equivalent to the problem of breaking the cryptographic primitive. In this work, we show that if we give up on attempting to use the SAT solver for direct cryptanalysis, SAT can still be a very useful tool in cryptanalysis, particularly, e.g., in the domain of differential/boomerang attack verification. Using an off-the-shelf constraint solver URSA (which translates C-like code into SAT equations), we analyze differential trails specified in previous literature and show that probabilistic analysis of several of these trails is flawed.
One of our clients recently approached us for assistance with recovering data from a laptop hard drive which had been encrypted using TrueCrypt. A hardware repair gone wrong had led to problems booting the operating system, and a variety of attempted fixes had been unsuccessful. They had already sent the drive to a specialist data recovery firm, who imaged the disk successfully but found the contents to be encrypted, and couldn’t make any progress. NCC took on the engineering required to turn an opaque encrypted drive and passphrase back into business-critical bits.
We’re excited to announce that as part of the
Linux Foundation’s Core Infrastructure Initiative, and organized by the
Open Crypto Audit Project, Cryptography Services will be conducting an audit of OpenSSL. This is an amazing opportunity to dive deeply into one of the pieces of software that so much of the world relies on, and we’re honored to have been chosen to conduct it.
Cryptography Services will be conducting the second phase of the
Truecrypt Audit, focusing on the cryptography of the project as it is used in the most common configurations. This follows up iSEC’s Phase One Audit, and will complement the work done there
Cryptography Services will be debuting our Crypto Training Course:
Beyond the Beast: Deep Dives into Crypto Vulnerabilities at Black Hat Vegas this summer.
2014
BitLocker in Windows 8 removed the custom Elephant Diffuser, and uses only the extremely malleable AES-CBC mode (despite statements saying this mode was unacceptable when BitLocker was introduced in 2006). Removing Elephant allows us to perform fine-grain attacks on the inert, encrypted disk - and lets us achieve arbitrary code execution in spite of the cryptographic protection.
