Modern cryptography underpins all secure communication and collaboration. Correctly implemented cryptography maintains the confidentiality and integrity of data in even the most extreme circumstances. However, this high level of assurance is fragile due to the mathematically complex nature of cryptographic security. Not only do the underlying libraries need to be flawless, but an incorrect combination of primitives or API calls can introduce subtle and dangerous vulnerabilities. Even widely used and rigorously vetted protocols like Bluetooth have been compromised by incorrect use of cryptographic primitives.
How we can help
Our team has extensive experience crafting complex cryptographic libraries that are cutting edge and widely used. We know where to look for bugs, having dedicated so much time to building and testing cryptographic software. Whether you’re building a key management system or need assistance with the operational complexities of TLS 1.3, we can ensure your product has the safety guarantees you need.
Count on us to:
- Review your implementation of an algorithm for mistakes that compromise its security
- Assess the use of your chosen cryptographic primitives for correctness within the context of your application
- Examine your cryptographic software for new or familiar side-channel attacks
- Write custom bug-finding tools and integrate them into your current test suite
- Develop new cryptographic software
- Implement or audit novel cryptography – such as post-quantum or zero-knowledge algorithms – in your existing codebase
Our team of engineers will work with your developers on a spectrum of tasks ranging from finding bugs in existing code to building entirely new libraries that can be integrated into your codebase. We will work closely with you to develop a scope suited to your engagement’s unique needs.
What you’ll receive
Deliverables will be custom to your situation, and may include:
- Clear and actionable descriptions of cryptographic flaws in your software
- Exploit scenarios that provide context for the vulnerabilities
- A comprehensive plan for mitigating both individual bugs and entire bug classes
- Architectural and strategic guidance
- Testing artifacts, like custom fuzzers or static analysis scripts
- Long-form, well-researched writing on subtle or obscure areas of cryptography
Contact us with your cryptographic needs.