Public Report – Keyfork Implementation Review
In April 2024, Distrust engaged NCC Group’s Cryptography Services team to perform a cryptographic security assessment of keyfork, described as “an opinionated and modular toolchain for generating and managing a wide range of cryptographic keys offline and on smartcards from a shared mnemonic phrase”. The tool is intended to be run on an air-gapped system […]
Public Report – Confidential Mode for Hyperdisk – DEK Protection Analysis
During the spring of 2024, Google engaged NCC Group to conduct a design review of Confidential Mode for Hyperdisk (CHD) architecture in order to analyze how the Data Encryption Key (DEK) that encrypts data-at-rest is protected. The project was 10 person days and the goal is to validate that the following two properties are enforced: […]
Public Report – Google Privacy Sandbox Aggregation Service and Coordinator
During the winter of 2022, Google engaged NCC Group to conduct an in-depth security review of the Aggregation Service, part of Google’s Privacy Sandbox initiative. Google describes the Aggregation Service as follows: The Privacy Sandbox initiative aims to create technologies that both protect people’s privacy online and give companies and developers tools to build thriving […]
Public Report – AWS Nitro System API & Security Claims Italian
In the last calendar quarter of 2022, Amazon Web Services (AWS) engaged NCC Group to conduct an architecture review of the AWS Nitro System design, with focus on specific claims AWS made for the security of the Nitro System APIs. The Public Report in Italian this review may be downloaded below: The original Public Report […]
Public Report – AWS Nitro System API & Security Claims French
In the last calendar quarter of 2022, Amazon Web Services (AWS) engaged NCC Group to conduct an architecture review of the AWS Nitro System design, with focus on specific claims AWS made for the security of the Nitro System APIs. The Public Report in French this review may be downloaded below: The original Public Report […]
Public Report – AWS Nitro System API & Security Claims Spanish
In the last calendar quarter of 2022, Amazon Web Services (AWS) engaged NCC Group to conduct an architecture review of the AWS Nitro System design, with focus on specific claims AWS made for the security of the Nitro System APIs. The Public Report in Spanish for this review may be downloaded below: The original Public […]
Public Report – AWS Nitro System API & Security Claims German
In the last calendar quarter of 2022, Amazon Web Services (AWS) engaged NCC Group to conduct an architecture review of the AWS Nitro System design, with focus on specific claims AWS made for the security of the Nitro System APIs. The Public Report in German for this review may be downloaded below: The original Public […]
Public Report: Aleo snarkOS Implementation and Consensus Mechanism Review
In November 2023, Aleo engaged NCC Group’s Cryptography Services team to perform a review of the consensus mechanism implemented by snarkOS: “a decentralized operating system for zero-knowledge applications [that] forms the backbone of Aleo network, which verifies transactions and stores the encrypted state applications in a publicly verifiable manner.” The consensus mechanism is based on […]
Public Report – Security Review of RSA Blind Signatures with Public Metadata
During the Autumn of 2023, Google engaged NCC Group to conduct a security assessment of the white paper entitled “RSA Blind Signatures with Public Metadata”, along with the corresponding IETF draft for “Partially Blind RSA Signatures”. The work is inspired by the growing importance of anonymous tokens for the privacy of real-world applications. In particular, […]