CONFERENCE Cyber AI & Automation Summit - Watch Sessions
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Endpoint Security

Mozilla Implements Faster Diffie-Hellman Function in Firefox

Mozilla this week revealed plans to introduce a new key establishment algorithm in Firefox to improve both security and performance of the web browser.

Mozilla this week revealed plans to introduce a new key establishment algorithm in Firefox to improve both security and performance of the web browser.

Called Curve25519, and designed by Daniel Julius Bernstein, the algorithm is a high-security elliptic-curve-Diffie-Hellman function deemed suitable for a wide variety of cryptographic applications. The public key cryptography can achieve record-setting speeds, while also offering free key compression, free key validation, and state-of-the-art timing-attack protection, Bernstein explains (PDF).

Widely used for key-exchange in TLS, Curve25519 was recently standardized by the Internet Engineering Task Force (IETF). Mozilla has already implemented the algorithm in the latest Firefox Nightly, and expects Firefox 57, set to be released in November, to bring the feature to all users, Benjamin Beurdouche, Mozillian INRIA Paris – Prosecco team, reveals.

The implementation of Curve25519 into Firefox is the result of a collaboration with INRIA (French Institute for Research in Computer Science and Automation) and Project Everest (Microsoft Research, Carnegie Mellon University, INRIA).

As a result of the partnership, Mozilla aims to have the first major web browser to have formally verified cryptographic primitives.

In addition to being formally verified, the HACL Curve25519 implementation is also expected to deliver a 20% performance increase on 64-bit platforms when compared to existing NSS implementation (19500 scalar multiplications per second instead of 15100).

The enhancement, the Internet organization points out, is expected to improve the overall security of Firefox and its users, given that the key exchange algorithm has been already verified.

“Even innocuous looking bugs in cryptographic primitives can break the security properties of the overall system and threaten user security. Fortunately, recent advances in formal verification allow us to significantly improve the situation by building high assurance implementations of cryptographic algorithms,” Beurdouche says.

Advertisement. Scroll to continue reading.

The organization also plans on implementing other HACL algorithms into NSS, and expects to be able to do so over the next months.

Related: Firefox Makes Adobe Flash Click-to-Activate by Default

Related: Mozilla Conducts Security Audit of Firefox Accounts

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Don’t miss this Live Attack demonstration to learn how hackers operate and gain the knowledge to strengthen your defenses.

Register

Join us as we share best practices for uncovering risks and determining next steps when vetting external resources, implementing solutions, and procuring post-installation support.

Register

People on the Move

Shanta Kohli has been named CMO at Sysdig.

Cloud security firm Sysdig has appointed Sergej Epp as CISO.

F5 has appointed John Maddison as Chief Product Marketing and Technology Alliances Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.