The OSTIF and QuarksLab Audit of Monero Bulletproofs is Complete - Critical Bug Patched
The quick and dirty:
The Open Source Technology Improvement Fund, Monero Research Lab, QuarksLab, and the Monero community have come together to sponsor in-depth research looking into Monero Bulletproofs. The audit was funded by Monero community donations, with coordination and exchange support
We have completed the security review of the new Pseudorandom Number Generator (PRNG) for OpenSSL 1.1.1.
This security review was sponsored by Private Internet Access, ExpressVPN, DuckDuckGo, OpenVPN, and the privacy community.
Random number generation is a crucial component in all cryptography, because the randomness of numbers is the mechanism that makes secret numbers hard to
The Kudelski Security review of Monero Bulletproofs is Complete - Here are the Results!
The quick and dirty:
Kudelski Security has done a review of Monero Bulletproofs, a specific type of range proof based on new cryptography by Benedikt Bunz et al. Bulletproofs is a trustless proofs setup that is substantially smaller than the current Borromean
OSTIF is Registered and Verified on Benevity
Benevity is a charity donation platform that allows employees at participating companies to directly donate to causes that they support. Hundreds of large companies use Benevity to help their employees with charitable giving. (Google, Apple, Microsoft, ADP, Prudential, Samsung, and many others)
Our participation means that millions of people
OSTIF CEO Derek Zimmer has left VikingVPN to join London Trust Media
The founder of OSTIF has a new day job, working for London Trust Media as the Vice President of Marketing and Strategy.
This offer was made after years of working together with Private Internet Access on the OSTIF project.
What this means for OSTIF:
OpenSSL and Monero Bulletproofs Audits are Underway!
We have confirmed that QuarksLab has began the work of reviewing OpenSSL 1.1.1 (the current beta version that implements TLS 1.3, a huge cryptography update.) They are currently working on TLS 1.3 and the updated random number generator to search for biases or other flaws.
QuarksLab is also currently
UPDATE: We are now 81% funded! Keep spreading the word!
Matched donations by DuckDuckGo on Crowdrise here: https://www.crowdrise.com/o/en/campaign/ostif1/ostif
Ways to contribute for FREE: https://ostif.org/how-to-contribute-to-ostif-for-free/
Donate using a huge number of options here: https://ostif.org/donate
What are we working on?
OpenSSL powers everything. 70% of the top million websites use OpenSSL to provide encryption services to their visitors and to encrypt user information.
Double Your Donations With CrowdRise
Today, we begin our second round of funding in partnership with DuckDuckGo, who will be matching Crowdrise donations for the next four weeks!
You can view the Crowdrise campaign and donate here to have your donation matched (doubled): https://www.crowdrise.com/o/en/campaign/ostif1/
OpenSSL 1.1.1 Project Changes
We have made changes to the proposed OpenSSL project to
2017 Financial Report for the Open Source Technology Improvement Fund, Inc.
In 2017 OSTIF experienced substantial growth, and expanded our reach to multiple new areas of computing and software safety. We conducted an audit of OpenVPN 2.4.0 in partnership with QuarksLab and launched our bug bounty program.
This document is intended to inform our donors and
OSTIF is Working with Monero Research Lab on Bulletproofs
We are happy to announce that we have been working with the Monero project to help them locate auditing resources for Bulletproofs. This code review is to evaluate the safety of the implementation of Bulletproofs into Monero, which promises to dramatically reduce transaction sizes for Monero,