Skip to navigation Skip to main content Skip to footer

Public Report – Entropy/Rust Cryptography Review

30 August 2023

By Eric Schorn

During the summer of 2023, Entropy Cryptography Inc engaged NCC Group’s Cryptography Services team to perform a cryptography and implementation review of several Rust-based libraries implementing constant-time big integer arithmetic, prime generation, and secp256k1 (k256) elliptic curve functionality. Two consultants performed the review within 40 person-days of effort, which included retesting and report generation.

The three primary code repositories in scope for this review were:

  1. github.com/RustCrypto/crypto-bigint
  2. github.com/entropyxyz/crypto-primes
  3. github.com/RustCrypto/elliptic-curves/k256.

The review identified a range of issues that were addressed promptly once reported, with the proposed fixes aligning with the recommendations made in the report below.

Eric Schorn

Eric Schorn

Eric Schorn is a Technical Director on NCC Group's Cryptography Services team. He has been programming since 8-bit 6502 assembly was in vogue, designed high-performance CPUs at the the individual transistor level, led the overall marketing function for the $600M/year ARM processor division, and holds 14 US Patents. He co-founded a blockchain-oriented start up and has developed/deployed multiple web applications in the cloud.