Cryptosense and Google Project Wycheproof

Graham Steel
December 21, 2016
Where crypto flaws are located: 83% in applications and 17% in libraries

Updated March 2018

Our Analyzer software now incorporates all of the Wycheproof cryptographic library tests for Java providers.

Original Post:

Google recently announced a project to produce tests for cryptographic libraries to detect common weaknesses. Piloted by star cryptographers Daniel Bleichenbacher and Thai Duong, this is an exciting development for us at Cryptosense, and not just because they cite our CRYPTO '12 paper in their RSA tests. It's a validation of the prevalence and seriousness of security flaws around crypto use, and the need to detect them, which is exactly our mission at Cryptosense.

In a 2014 article "Why does cryptographic software fail?", Lazar et al. took the most recent 269 CVEs marked as "cryptographic issues" and classified the site of the failure. While 17% of the failures were in crypto libraries, 83% were in the way the applications use the libraries. At Cryptosense, we designed our Analyzer tool to address the 83%, by tracing the calls the application makes to the crypto library and identifying weaknesses. We also test crypto libraries in a number of ways to tackle the remaining 17%. Our PKCS#11 fuzzer tests HSMs against cryptanalytic bugs like the ones in Wycheproof as well as configuration and key-management flaws that could allow an attacker to extract keys. We check software libraries against known vulnerable versions. The Wycheproof tests are a nice addition to this.    

Meanwhile, crypto API design is evolving to present the programmer with fewer opportunities for security-critical mistakes. This will make secure programming with cryptography easier, and analysis more precise. We will be part of this movement at Cryptosense.