It takes a rare set of skills to design and implement cryptography properly. Our core competence is designing and implementing cryptography-based components, protocols, and systems.
We’re here to help you using our security expertise and skills.
Consider having experienced cryptographers help you design and write code when you’re implementing novel schemes that may deviate from typical use-cases. While many things can easily be solved using common ready-made cryptographic libraries, integration between components and the cryptographic system introduces risks that are hard to detect or measure. Such risks are also quite easy to abuse for a trained attacker.
Implementing novel cryptographic controls
Sometimes things you are working on don’t fit the traditional scenario. Are you implementing a novel cryptographic feature for your blockchain system? Or designing a zero-knowledge authentication scheme that suits your needs but doesn’t have a community-vetted implementation?
Our R&D team is continuously working on applied cryptography research: zero-knowledge proof protocols, end-to-end encrypted data collaboration schemes, searchable encryption. If you need a helping hand, we can assist you in implementation, getting and passing 3rd party reviews and assessments, and gaining confidence that you rely on math, not on a distant promise.
Data protection and end-to-end encryption schemes
Designing data protection subsystems that correspond to the risk profile and prevent typical web/mobile vulnerabilities out of the box.
Building end-to-end encryption schemes for mobile and web applications.
Decreasing data leakage risks by isolating particular data exchange layers in microservice-rich environments.
Mixing software&hardware key management schemes to improve performance and keep the security guarantees.
Taking care of key management cycle: generation, storage, exchange, rotation, revocation, expiration.
Verifying cryptographic system designs and assessing implementations
Cryptographic system audit consists of multiple layers — examining the cryptographic protocol for risks and flaws, making sure the implementation conforms with the protocol and reviewing the code itself for bugs and mistakes. Even if you have sufficient expertise in-house, vetting cryptographic decisions is a laborious process that requires many trained eyes to look at design docs and code.
When examining your products, we proceed layer by layer looking for global flaws, reviewing code manually and using automated techniques, writing unit and integration test suits. The resulting reports contain cryptographic analysis, security and logic issues in protocol and implementation, and improvement suggestions based on our experience in building cryptographic software.
In 2019 we became a trusted partner of Kudelski Security. This partnership involves working on cryptographic protocols audits, audits of blockchain-based systems, product security consulting.
Need help from cryptographic engineers? Let’s talk.
Implementing End-to-End encryption in Bear App
How we helped the Bear note taking app for iOS/macOS, which decided to implement note encryption for their huge existing user base. A story about finding a balance between usability, security, and mobile platforms' restrictions.
Secure Search over Encrypted Data
Our answer to the eternal "security vs usability" challenge on how to store patients' data in encrypted form and still be able to perform secure search over it.