During the summer of 2023, Entropy Cryptography Inc engaged NCC Group’s Cryptography Services team to perform a cryptography and implementation review of several Rust-based libraries implementing constant-time big integer arithmetic, prime generation, and secp256k1 (k256) elliptic curve functionality. Two consultants performed the review within 40 person-days of effort, which included retesting and report generation.
The three primary code repositories in scope for this review were:
- github.com/RustCrypto/crypto-bigint
- github.com/entropyxyz/crypto-primes
- github.com/RustCrypto/elliptic-curves/k256.
The review identified a range of issues that were addressed promptly once reported, with the proposed fixes aligning with the recommendations made in the report below.