Mozilla Adds Curve25519 To Improve Firefox Security

Technology > Security

Photo by: Mozilla via Wikimedia Commons

 

Through the collaboration of INRIA (French Institute for Research in Computer Science and Automation) and Project Everest (Microsoft Research, Carnegie Mellon University, INRIA),   the new high-security algorithm called Curve25519 was added to open-source web browser Firefox, making it suitable for a wide range of cryptographic applications.

Designed by Daniel Julius Bernstein, the elliptic curve Diffie-Hellman (ECDH) algorithm was implemented to improve security and performance of Mozilla’s web browser, Firefox. Bernstein delineated the functions of the public key cryptography such as achieving record-setting speeds at the same time free key compression, free key validation, and advanced timing-attack protection.

Curve25519 is widely used in Transport Layer Security (TLS) security exchange and was recently standardized by Internet Engineering Task Force (IETF). Benjamin Beurdouche from Mozillian INRIA Paris - Prosecco also revealed that the algorithm is going to be used in their latest browser version, Firefox Nightly, and he also announced the release of Firefox 57 in November.

The company expects that the upgrade will heighten the overall security of Firefox and its users.

“Even innocuous-looking bugs in cryptographic primitives can break the security properties of the overall system and threaten user security. Fortunately, recent advances in formal verification allow us to significantly improve the situation by building high assurance implementations of cryptographic algorithms,” Beurdouche said.

Mozilla aims to be the first major web browser to be able to acquire formally verified cryptographic primitives.