Matrix Olm Cryptographic Review

In September 2016, Matrix.org, along with financial support from the Open Technology Fund, engaged NCC Group’s Cryptography Services Practice to perform a targeted review of their cryptographic library Olm. The review covered two major components of the Olm library: the double ratchet used for peer-to-peer communications, and Megolm, the group ratcheting mechanism. Matrix.org has produced several reference implementations that make use of the Olm library including the client-server SDK for JavaScript, matrix-js-sdk. Matrix-js-sdk was not reviewed during the engagement; however, certain remediations to issues were applied to this implementation and not Olm.

The review covered the 1.3.0 release of the Olm library. Two consultants performed the engagement over a span of two weeks (September 19 to September 30, 2016) and consisted of 15 person-days of effort. A follow-up review of fixes was performed over the latter half of October.

Download the Public Report

Published date: 18 November 2016