Tag: cryptography

31 articles
Date Thu 16 June 2022
Authors Angèle Bossuat, Laurent Grémy
Category Cryptography

In the first part of the blogpost, we tackled the issue of 1v1 conversations, and it is now time to see how this applies to 1vMANY: group chats! We will give an overview of current solutions, and then have a look at the Messaging Layer Security working group.

Date Tue 24 May 2022
Authors Angèle Bossuat, Laurent Grémy
Category Cryptography

Today's communications are, as frequently requested by users, more and more secure. In this first part of the blogpost, we will detail some key features of instant messaging applications, in the setting where (only) two parties want to communicate.

Date Thu 13 January 2022
Authors Robin David, Laurent Grémy
Category Blockchain

The Litecoin Foundation mandated Quarkslab to audit the implementation of the MimbleWimble protocol in the Litecoin blockchain. This protocol acts as a sidechain in which privacy of the transactions is improved compared to the privacy on the classical chain.

Date Tue 07 December 2021
Author Laurent Grémy
Category Cryptography

Post-quantum cryptography is an active field of research, especially since the NIST Call for Submissions in 2016 to design new standards for asymmetric key cryptography. The aim of post-quantum cryptography is to mitigate the risk of a large-scale quantum computer which may break all the asymmetric cryptography that is deployed today. This blogpost will present the activity state of the post-quantum cryptography field and sketch the challenges for the deployment of post-quantum safe standards for the industry, both in term of internal infrastructures and security products.

Date Thu 14 October 2021
Author Adrien Guinet
Category Cryptography

This blog post introduces a plugin that provides end-to-end encryption (E2EE) to Mattermost.

Date Thu 17 December 2020
Authors Laurent Grémy, Christian Heitman
Category Blockchain

The Ethereum Foundation mandated Quarkslab to perform an audit of the herumi libraries. They provide an API to perform BLS signatures, one of the core components of the new iteration of the Ethereum blockchain, named Ethereum 2.0. While reviewing the architecture of these libraries, their back ends and the adherence with the ongoing RFCs to standardize BLS signature usage, we found some issues primarily regarding their design. Although these are not considered critical, they impact the overall reliability of the libraries. We provide recommendations to improve the design of the libraries, the readability of the code and the usability of both projects.

Date Tue 18 August 2020
Author Paul Hernault
Category Cryptography

This post is a noob-friendly introduction to whiteboxes along with the presentation and explanation of a (not-new) collision-based attack. The attack is demonstrated against a public whitebox, using QBDI to instrument and analyze the target in order to produce traces of execution.

Date Mon 26 August 2019
Authors Laurent Grémy, Guillaume Heilles, Nicolas Surbayrole
Category Blockchain

The Tari Labs mandated Quarkslab to perform a cryptographic and security assessment of the dalek libraries. One of the Tari Labs' projects is to implement the Tari protocol, a decentralised assets protocol. It relies on some of the dalek libraries, especially the cryptographic primitives, provided by subtle and curve25519-dalek. Moreover, the use of Bulletproofs [6], and its implementation by the authors of the dalek libraries, will allow them to enable efficient confidential transactions on the blockchain in a near future.

We only found some minor issues. We also provided recommendations on the usage of the libraries and third-party libraries.

Date Fri 05 July 2019
Authors Lucas Barthelemy, Maxime Peterlin
Category Blockchain

Quarkslab's team performed a cryptographic and security assessment of both the Bulletproof and MLSAG protocols in Particl. Bulletproof is a non-interactive zero-knowledge proof protocol, while MLSAG is a new ring signature protocol. Both are to be used in cryptocurrency transactions to ensure that they do not leak the amount exchanged or the exact identity of the buyers. Both implementations were found sound and conform to their respective reference papers [BBBPWM18] [SN15]. The full report of the assessment can be found at the following address: [2]

Date Thu 03 May 2018
Authors Romain Thomas, Philippe Teuwen
Category Cryptography

On how we used LIEF to lift an Android x86_64 library to Linux to perform our usual white-box attacks on it.