Security Audit of dalek libraries

The Tari Labs mandated Quarkslab to perform a cryptographic and security assessment of the dalek libraries. One of the Tari Labs' projects is to implement the Tari protocol, a decentralised assets protocol. It relies on some of the dalek libraries, especially the cryptographic primitives, provided by subtle and curve25519-dalek. Moreover, the use of Bulletproofs , and its implementation by the authors of the dalek libraries, will allow them to enable efficient confidential transactions on the blockchain in a near future.

We only found some minor issues. We also provided recommendations on the usage of the libraries and third-party libraries.

more ...

Security Audit of Monero RandomX

Quarkslab's team performed a cryptographic and security assessment of the Monero Research Lab’s new Proof-of-Work algorithm, called RandomX . RandomX is a proof-of-work algorithm that is optimized for general-purpose CPUs. RandomX uses random code execution together with several memory-hard techniques to minimize the efficiency advantage of specialized hardware. We only found minor inconsistencies and formulated a few recommendations. These recommendations are mainly relevant when using alternative configurations but they are of less importance with the current configuration and usage of RandomX. The full report of the assessment can be found at the following address:

more ...

Security Audit of Particl Bulletproof and MLSAG

Quarkslab's team performed a cryptographic and security assessment of both the Bulletproof and MLSAG protocols in Particl. Bulletproof is a non-interactive zero-knowledge proof protocol, while MLSAG is a new ring signature protocol. Both are to be used in cryptocurrency transactions to ensure that they do not leak the amount exchanged or the exact identity of the buyers. Both implementations were found sound and conform to their respective reference papers [BBBPWM18] [SN15]. The full report of the assessment can be found at the following address:

more ...

Security Audit of Monero Bulletproofs

Quarkslab team performed a cryptographic & security assessment of the Bulletproof protocol, a new non-interactive zero-knowledge proof protocol, to be used by the Monero open-source cryptocurrency (XMR). We found several issues, some possibly critical, during the analysis.

more ...