{"id":13632006,"url":"https://github.com/google/paranoid_crypto","last_synced_at":"2025-04-18T01:32:26.779Z","repository":{"id":52183134,"uuid":"490304872","full_name":"google/paranoid_crypto","owner":"google","description":"Paranoid's library contains implementations of checks for well known weaknesses on cryptographic artifacts.","archived":false,"fork":false,"pushed_at":"2024-04-12T09:51:55.000Z","size":10431,"stargazers_count":787,"open_issues_count":6,"forks_count":47,"subscribers_count":24,"default_branch":"main","last_synced_at":"2024-08-01T22:51:25.798Z","etag":null,"topics":["cryptography","security"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/google.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":"CITATION.cff","codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-05-09T13:54:17.000Z","updated_at":"2024-06-22T09:12:51.000Z","dependencies_parsed_at":"2024-08-01T22:40:39.676Z","dependency_job_id":"76d78c22-a32e-4c4d-95e5-1330a3ef8c69","html_url":"https://github.com/google/paranoid_crypto","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/google%2Fparanoid_crypto","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/google%2Fparanoid_crypto/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/google%2Fparanoid_crypto/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/google%2Fparanoid_crypto/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/google","download_url":"https://codeload.github.com/google/paranoid_crypto/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":223772121,"owners_count":17199968,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cryptography","security"],"created_at":"2024-08-01T22:02:47.806Z","updated_at":"2024-11-09T00:30:34.006Z","avatar_url":"https://github.com/google.png","language":"Python","readme":"# Project Paranoid\n\n## Overview\n\n**Paranoid** project checks for well known weaknesses on cryptographic artifacts\nsuch as public keys, digital signatures and general pseudorandom numbers.\nThis library contains implementations and optimizations of existing work found\nin the literature. The existing work showed that the generation of these\nartifacts was flawed in some cases. The following  are some examples of\npublications the library is based on.\n\n-   [Arjen K. Lenstra, James P. Hughes, Maxime Augier, Joppe W. Bos, Thorsten\n    Kleinjung, and Christophe Wachter. (2012). **Ron was wrong, Whit is\n    right**](https://eprint.iacr.org/2012/064);\n\n-   [Nadia Heninger, Zakir Durumeric, Eric Wustrow, and J. Alex Halderman.\n    (2012). **Mining Your Ps and Qs: Detection of Widespread Weak Keys in\n    Network\n    Devices**](https://www.usenix.org/conference/usenixsecurity12/technical-sessions/presentation/heninger);\n\n-   [Daniel J. Bernstein, Yun-An Chang, Chen-Mou Cheng, Li-Ping Chou, Nadia\n    Heninger, Tanja Lange, and Nicko van Someren. (2013). **Factoring RSA keys\n    from certified smart cards: Coppersmith in the\n    wild**](https://eprint.iacr.org/2013/599);\n\n-   [Joachim Breitner and Nadia Heninger. (2019). **Biased Nonce Sense: Lattice\n    Attacks against Weak ECDSA Signatures in\n    Cryptocurrencies**](https://eprint.iacr.org/2019/023);\n\n## Goal\n\nThe goal is to increase the confidence in cryptography use cases inside and\noutside Google.\n\nWhen dealing with asymmetric encryption, crypto artifacts usually are:\n\n1.  Generated by one of our own tools (e.g., at Google we use for example\n    [boringssl](https://github.com/google/boringssl) or\n    [tink](https://github.com/google/tink)); or,\n2.  Generated by third party tools that we have access to (so these tools can\n    be, for example, checked for vulnerabilities using\n    [wycheproof](https://github.com/google/wycheproof)); or,\n3.  **Generated by third party tools and/or hardware or software black boxes\n    that we do not have access to.**\n\nWith Paranoid, any cryptographic artifact can be tested, but its primary\nmotivation is to detect the usage of weak third party hardware or software black\nboxes. Hence, Paranoid can be used even if we are not able to inspect the source\ncode (situation 3. listed above).\n\nThe project aims to detect known vulnerabilities as well as unknown ones. E.g.,\nit tries to identify vulnerabilities caused by programming errors or the use of\nweak proprietary random number generators. Detecting new vulnerabilities is of\ncourse much more difficult than detecting known ones. Such detections may\nrequire large sets of artifacts or find weak ones only with a low probability.\n\nTherefore, we are very interested to receive feedback and learn about the\ncryptographic library that generated weak cryptographic artifacts (See [call for\ncontributions](https://security.googleblog.com/2022/08/announcing-open-sourcing-of-paranoids.html)\n). The project is constantly work in progress. After learning about weak\nimplementations the plan is to analyze and add detections targeting them.\n\n## Getting Started\n\nDocumentation for the current implemented checks is located at [docs](docs). The\ndocumentation will be populated with more content over time.\n\nTo learn how to use the checks, you can look at the [examples](examples)\nfolder or the unit tests (\\*test.py files). The examples demonstrate testing\ndifferent crypto artifacts.\n\n###  Installation\n\nClone the repository:\n\n```$ git clone https://github.com/google/paranoid_crypto.git \u0026\u0026 cd paranoid_crypto```\n\n**NOTE**: The commands below have been tested on Debian stable version\n(bookworm). Make sure you will be using `python3.11` or newer.\n\nInstall dependencies:\n\n```$ sudo apt update \u0026\u0026 sudo apt install python3 python3-full python3-pip python3-pybind11 python3-fpylll python3-gmpy2 protobuf-compiler```\n\nCreate and activate a virtual environment:\n\n```$ python3 -m venv --system-site-packages ~/paranoid-venv```\n\n```$ source ~/paranoid-venv/bin/activate```\n\n**NOTE**: If you know what you are doing, you can instead skip to the next step\nand use `--break-system-packages` switch for `pip`.\n\nInstall paranoid_crypto python package:\n\n```$ python3 -m pip install .```\n\nTo check whether the installation was successful, you can run the unit tests.\nFor example:\n\n```\n$ cd paranoid_crypto \u0026\u0026 python3 -m unittest discover -b -p \"*test.py\"\n.................................................................................................................................................................................................................................................................................................................\n----------------------------------------------------------------------\nRan 305 tests in 314.660s\n\nOK\n```\n\n### Docker\n\nAlternatively, if you want to run it in a container, you can use our provided\n[Dockerfile](Dockerfile) as shown below.\n\n**NOTE**: Make sure you have [docker](https://docs.docker.com/engine/install/)\ninstalled.\n\nAfter cloning the repository, build the docker image:\n\n```$ docker build -t paranoid-img .```\n\nCreate and start the container:\n\n```\n$ docker run --name paranoid-container -it paranoid-img\nparanoid-user@6191368b26b8:~$\n```\n\nTo check whether the installation was successful, you can run the unit tests.\nFor example:\n\n```\nparanoid-user@6191368b26b8:~$ cd paranoid_crypto \u0026\u0026 python3 -m unittest discover -b -p \"*test.py\"\n.................................................................................................................................................................................................................................................................................................................\n----------------------------------------------------------------------\nRan 305 tests in 307.555s\n\nOK\n```\n\n## Preliminary results\n\nSimilar to other published works, we have been analyzing the crypto artifacts\nfrom [Certificate Transparency (CT)](https://certificate.transparency.dev),\nwhich logs issued website certificates since 2013 with the goal of making them\ntransparent and verifiable. Its database contains more than 7 billion\ncertificates as of September 2022. For the Paranoid checks of EC public keys and\nECDSA signatures, so far, we have not found any weak artifacts in CT. For the\nRSA public key checks with severities high or critical, we have the following\nresults:\n\n|       **TestName**       | **Potentially Related CVEs** |    **Severity**   | **Number of Weak Artifacts** |\n|:------------------------:|:----------------------------:|:-----------------:|:----------------------------:|\n|   CheckOpensslDenylist   |         CVE-2008-0166        | SEVERITY_CRITICAL |             3989             |\n|         CheckROCA        |        CVE-2017-15361        |   SEVERITY_HIGH   |             2875             |\n|         CheckGCD         |               -              | SEVERITY_CRITICAL |             1860             |\n|        CheckFermat       |        CVE-2022-26320        | SEVERITY_CRITICAL |              36              |\n|  CheckContinuedFractions |               -              | SEVERITY_CRITICAL |              16              |\n|     CheckBitPatterns     |               -              | SEVERITY_CRITICAL |               6              |\n| CheckPermutedBitPatterns |               -              | SEVERITY_CRITICAL |               6              |\n|   CheckKeypairDenylist   |        CVE-2021-41117        | SEVERITY_CRITICAL |               4              |\n|      CheckPollardpm1     |               -              | SEVERITY_CRITICAL |               1              |\n\nSome of these certificates were already expired or revoked. For the ones that\nwere still active (most of the CheckGCD ones), we immediately reported them to\nthe Certificate Authorities to be revoked.\n\n## ABOUT\n\nThis library is developed and maintained by members of Google Security Team, but\nthis is not an officially supported Google product. If you want to contribute,\nplease read [CONTRIBUTING](CONTRIBUTING.md) and send us pull requests. You can\nalso report bugs or file feature requests.\n\nIf you use Paranoid in your research, you can cite it using the following\nBibTeX:\n```\n@software{Barbosa_Bleichenbacher_Paranoid_Crypto_2022,\n  author = {Barbosa, Pedro and Bleichenbacher, Daniel},\n  license = {Apache-2.0},\n  month = {8},\n  title = {{Paranoid Crypto}},\n  url = {https://github.com/google/paranoid_crypto},\n  year = {2022}\n}\n```\n","funding_links":[],"categories":["Python"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgoogle%2Fparanoid_crypto","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgoogle%2Fparanoid_crypto","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgoogle%2Fparanoid_crypto/lists"}