2023-12-14 23:0:0 Author: research.nccgroup.com(查看原文) 阅读量:6 收藏
During the Autumn of 2023, Google engaged NCC Group to conduct a security assessment of the white paper entitled “RSA Blind Signatures with Public Metadata”, along with the corresponding IETF draft for “Partially Blind RSA Signatures”. The work is inspired by the growing importance of anonymous tokens for the privacy of real-world applications. In particular, the paper aims to modify the standard RSA Blind signature protocol such that signatures can only be generated for a specific choice of public metadata.
The security assessment of the protocol was performed through an analysis of both the whitepaper and online draft, with direct communication with the Google team. Additionally, a SageMath implementation of the protocol was written following the specification outlined in the IETF draft. The review was performed by three consultants over two weeks for a total of fifteen person-days.
In early November 2023, a retest was performed by two consultants, for four person-days of additional efforts.
Here are some related articles you may find interesting
Reverse, Reveal, Recover: Windows Defender Quarantine Forensics
Max Groot and Erik Schamper TL;DR Introduction During incident response engagements we often encounter antivirus applications that have rightfully triggered on malicious software that was deployed by threat actors. Most commonly we encounter this for Windows Defender, the antivirus solution that is shipped by default with Microsoft Windows. Windows Defender…
Public Report – Aleo snarkVM Implementation Review
During late summer 2023, Aleo Systems Inc. engaged NCC Group’s Cryptography Services team to conduct an implementation review of several components of snarkVM, a virtual machine for zero-knowledge proofs. The snarkVM platform allows users to write and execute smart contracts in an efficient, yet privacy-preserving manner by leveraging zero-knowledge succinct…
Technical Advisory – Multiple Vulnerabilities in Nagios XI
Introduction This is the second Technical Advisory post in a series wherein I audit the security of popular Remote Monitoring and Management (RMM) tools. (First: Multiple Vulnerabilities in Faronics Insight). I was joined in this security research by Colin Brum, Principal Security Consultant at NCC Group. In this post I…
View articles by category
如有侵权请联系:admin#unsafe.sh