From February 26 to March 18, 2018, IronCore Labs engaged NCC Group’s Cryptographic Services Practice to perform a review of their proxy re-encryption protocol and implementation. IronCore’s Proxy re-encryption scheme allows delegation of decryption rights from one entity to another without sharing private keys. IronCore uses this to delegate access from groups to users.
The review aimed in particular at validating the specific choice of the pairing-friendly elliptic curve in the protocol, and verifying that the Scala implementation is a secure incarnation of that protocol. The Scala code targets both the Java virtual machine and in-browser execution through Scala-js, that translates Scala code to JavaScript.
The review covered IronCore’s recrypt library implementation, using internal version numbers 7.0.2-SNAPSHOT, then 8.0.1-SNAPSHOT, and finally 11.0.0-SNAPSHOT. This last version was released as open source as public version 1.3.0-SNAPSHOT. The initial open source version (https://github.com/IronCoreLabs/recrypt/commit/4fb521d1c68668f1af5c90ac1993242b96f5a221) was verified to be strictly equivalent to the tested version, save for some extra source code comments.
The protocol was described in a draft version of an article, which was ultimately published (https://dl.acm.org/citation.cfm?id=3201602). This review did not cover any of IronCore’s proprietary code used in its commercial offering. One consultant performed the engagement, which consisted of 15 person-days of effort and an additional one-day retest in April 24, 2018.
