SCRUTINY

Core Features

SCRUTINY performs automated probing of cryptographic implementations to collect data on supported algorithms, performance behavior, key generation, digital signatures, and random number generation, followed by statistical analysis to detect anomalous patterns and visualization to support expert assessment. The toolset covers the full evaluation workflow, including data acquisition, analysis, visualization, and report generation, and extends open, community-maintained databases, providing the largest publicly available repositories of cryptographic testing results for domains like smartcards and TPMs.

Key Benefits

SCRUTINY enables independent, repeatable evaluation of cryptographic implementations without reliance on proprietary or licensed tooling, allowing transparent demonstration of security testing performed by vendors as well as independent security assessments by researchers and end users. By combining a broad range of analysis techniques developed over nearly two decades, the toolset bridges the gap between expensive professional laboratory tools and narrowly focused or unmaintained open-source utilities. It has demonstrated real-world impact through the discovery of high-profile vulnerabilities including the ROCA RSA key generation flaw in Infineon chips, ECDSA nonce weaknesses in Athena IDProtect smartcards, and vulnerabilities in Intel fTPM implementations.

Areas of Application

SCRUTINY is intended for the evaluation of cryptographic hardware and software in security-critical environments, including smartcards, TPMs, and embedded cryptographic libraries, particularly where independent validation of certification claims is required. It supports use by security researchers, certification stakeholders, vendors, and end users seeking scalable, transparent, and technically rigorous cryptographic assessment under constrained time and resource conditions.