Earlier this year, Particl contracted with security firm Quarkslab to run a security audit for two algorithms we added to the PART cryptocurrency — MLSAG and Bulletproofs.
Particl’s leading-edge privacy enhancements such as Confidential Transactions, Ring Signatures, Stealth Addresses, Bulletproofs, are all a labour of love for our Lead Core developer Tecnovert. Many, if not all of these advance cryptographic enhancements are industry firsts for Particl’s underlying codebase (Bitcoin v0.18).
One of the reasons we reached out to Quarkslab — for background — was their familiarity with Monero’s Bulletproof solution. Much of their review of Particl’s Bulletproof algorithm relied heavily on that security audit. The MLSAG scope of the audit was uncharted territory for Quarkslab, so more time was dedicated to assess its security compared to Bulletproofs
Quarkslab has finished their security audit and has published it.
I’m very happy to be able to give a summarized review of that report. For the anxious readers skip to the conclusions 😄
Quarkslab was asked by Particl to assess the security of these two algorithms as they will be at the heart of the transaction verification mechanism. Making sure that Bulletproofs and MLSAG have been correctly implemented is crucial. A vulnerability in either of those algorithms could allow the forging of a proof or a signature, which could result in money theft or creation.
Ultimately, the main objective was to find vulnerabilities that could allow a rangeproof to be bypassed, the amount of a confidential transaction to be known or a ring signature to be forged.
Apart from testing directly the code in general or just certain functions, the major part of the audit was performed statically. Because of time constraints no fuzzing or differential fuzzing techniques were used. The audit was mostly focused on high level functions such as the proof, signature and verification algorithms rather than the lower-level primitives (operations on scalars, operations on group elements, multi-exponentiation, etc.). — excerpt from report
- Bulletproofs, to prove that a value is in a given range without ever needing to reveal the actual value, thus preventing money creation;
The implementation chosen by Particl is based on Andrew Poelstra’s and some improvements have been made to it. The Bulletproof Scope focused on 1) Proof algorithm, 2) Inner product proof algorithm, 3) Verification algorithm, 4) Inner product verification algorithm.
🔐 No deviation from the reference paper was observed and no vulnerability that could lead to the crafting of a proof was found. As far as the audit went, the implementation seems sound and correct.
- A ring signature algorithm designed to hide the amount of the transaction and to allow the sender to sign the latter without revealing their identity.
Particl uses their own implementation of MLSAG based on the algorithm described in the paper Ring Confidential Transactions. The MLSAG scope focused on 1) Signature algorithm, 2) Verification algorithm.
🔐 No deviation from the original algorithm was observed and the primitives are used adequately. No security issue affecting the signature generation was found during this audit.
At the end of the timeframe allotted for this audit, no vulnerability was found in Particl’s implementations of Bulletproofs and MLSAG.
In summary (excerpt from report)
- all the vulnerabilities that affected Monero’s implementation do not apply to Particl 👍
- thorough checks ensure that the inputs and outputs are the ones expected by the different algorithms 👍
- the implementations match the protocols provided in the paper introducing these algorithms. 👍
The algorithms of proof and verification were assessed to make sure that there was no vulnerability that could allow the creation of a fake proof or a way to retrieve information from it. During the audit, no vulnerability of the sort was found and the report tried as best as possible to highlight that the implementation matches the reference paper.
Similarly to Bulletproofs, the goal was to identify vulnerabilities that could be exploited to craft a fake signature or to retrieve sensitive information from one. Again, no such vulnerability was found, and the report explains the process applied and provides key elements to show that the implementation is sound.
📰 For the full detailed security audit report of Particl MLSAG + Bulletproofs visit Quarkslab’s blog.