Summary
A top Internet Computer feature - verifiably encrypted threshold key derivation (vetKeys) - was recently assessed by Cryptography Services at NCC Group, a leading technical security auditor for cryptography and blockchain. To learn more about vetKeys, read “What are vetKeys?”, “How vetKeys work”.
The new report can be found here, along with a list of all previous third-party audits.
The finding breakdown is as follows:
-
Critical - 0 issues found
-
High - 0 issues found
-
Medium - 0 issues found
-
Low - 2 issues found
-
Informational - 3 issues found
The issues have been addressed and went through a fix review, see the table of findings and retest results for each finding.
We’d like to thank the NCC team for their excellent contributions to ensuring the security of vetKeys, and the effective collaboration.
Discussion Leads
Happy to discuss and answer any questions you may have. The people at DFINITY who were most involved and can be tagged for questions are @robin-kunzler (Product Security), @andrea (Crypto team), @franzstefan (Crypto team).
Previous Forum Discussions about Security Assessments
-
“ckBTC and Service Nervous System (SNS) Third-Party Security Assessments” by Trail of Bits
-
“Threshold ECDSA Integration and Bitcoin Canisters - Security Review” by Trail of Bits
-
“Canister Sandboxing” by Trail of Bits
-
“Threshold ECDSA Cryptography Review” by NCC Group
-
“Internet Computer Consensus: Security Assessment” by Trail of Bits
-
“IC Assessment” by Trail of Bits