"Threshold ECDSA Cryptography Review" by NCC Group (third-party security audit #3)

Summary

NCC Group is a world-class cybersecurity consulting firm which has done security audits for organizations ranging from blockchain projects to Whatsapp. In March 2022, DFINITY engaged NCC Group to conduct a security and cryptography review of a threshold ECDSA implementation, which follows a novel approach described in the reference paper entitled “Design and analysis of a distributed ECDSA signing service” and available on the IACR ePrint archive at https://eprint.iacr.org/2022/506.

Notably, Threshold ECDSA is critical in the Bitcoin < > ICP integration project.

Please note:

Critical Issues: 0
High Issues: 0
Medium Issues: 2 (and fixed)
Low Issues: 2 (and fixed)
Informational issues: 1 (fixed)

Past third party security reviews

  1. Security audit of the IC was posted on January 4, 2022. This audit covered every layer of the IC stack, while this audit was hyper focused on Consensus.

  2. Security audit of Consensus protocol was posted on March 11, 2022. This audit focused on the Consensus protocol and layer.

Result of NCC Group Audit

The outcome of this collaboration is detailed in the 28-page report below:

What we are asking the community

  • Read report!
  • Ask questions!

DFINITY engineers who worked on this report and related projects can answer any questions from the community.

30 Likes