Mozilla this week revealed plans to introduce a new key establishment algorithm in Firefox to improve both security and performance of the web browser.
Called Curve25519, and designed by Daniel Julius Bernstein, the algorithm is a high-security elliptic-curve-Diffie-Hellman function deemed suitable for a wide variety of cryptographic applications. The public key cryptography can achieve record-setting speeds, while also offering free key compression, free key validation, and state-of-the-art timing-attack protection, Bernstein explains (PDF).
Widely used for key-exchange in TLS, Curve25519 was recently standardized by the Internet Engineering Task Force (IETF). Mozilla has already implemented the algorithm in the latest Firefox Nightly, and expects Firefox 57, set to be released in November, to bring the feature to all users, Benjamin Beurdouche, Mozillian INRIA Paris – Prosecco team, reveals.
The implementation of Curve25519 into Firefox is the result of a collaboration with INRIA (French Institute for Research in Computer Science and Automation) and Project Everest (Microsoft Research, Carnegie Mellon University, INRIA).
As a result of the partnership, Mozilla aims to have the first major web browser to have formally verified cryptographic primitives.
In addition to being formally verified, the HACL Curve25519 implementation is also expected to deliver a 20% performance increase on 64-bit platforms when compared to existing NSS implementation (19500 scalar multiplications per second instead of 15100).
The enhancement, the Internet organization points out, is expected to improve the overall security of Firefox and its users, given that the key exchange algorithm has been already verified.
“Even innocuous looking bugs in cryptographic primitives can break the security properties of the overall system and threaten user security. Fortunately, recent advances in formal verification allow us to significantly improve the situation by building high assurance implementations of cryptographic algorithms,” Beurdouche says.
The organization also plans on implementing other HACL algorithms into NSS, and expects to be able to do so over the next months.
Related: Firefox Makes Adobe Flash Click-to-Activate by Default
Related: Mozilla Conducts Security Audit of Firefox Accounts
More from Ionut Arghire
- Critical Vulnerability Impacts Over 120 Lexmark Printers
- BIND Updates Patch High-Severity, Remotely Exploitable DoS Flaws
- Microsoft Urges Customers to Patch Exchange Servers
- Iranian APT Leaks Data From Saudi Arabia Government Under New Persona
- 820k Impacted by Data Breach at Zacks Investment Research
- US Government Agencies Warn of Malicious Use of Remote Management Software
- Chinese Hackers Adopting Open Source ‘SparkRAT’ Tool
- CISA Provides Resources for Securing K-12 Education System
Latest News
- Critical Vulnerability Impacts Over 120 Lexmark Printers
- BIND Updates Patch High-Severity, Remotely Exploitable DoS Flaws
- Industry Reactions to Hive Ransomware Takedown: Feedback Friday
- Microsoft Urges Customers to Patch Exchange Servers
- Iranian APT Leaks Data From Saudi Arabia Government Under New Persona
- US Reiterates $10 Million Reward Offer After Disruption of Hive Ransomware
- Cyberattacks Target Websites of German Airports, Admin
- US Infiltrates Big Ransomware Gang: ‘We Hacked the Hackers’
