Eamonn and I are looking to hire an intern for four months to work on the Lattice Estimator. The internship will be based at King’s College London and is funded by a gift from Zama. We are ideally looking for someone in a PhD programme also working on lattice cryptanalysis who is happy to interrupt … Continue reading Internship Position on the Lattice Estimator→| malb::blog
We are recruiting a postdoc to work with us on “practical advanced post-quantum cryptography from lattices”, the title of my ERC selected, UKRI Frontier Research funded project: Standardisation eff…| malb::blog
Some historical documents from WWII have a notice on them stating This telegram must be closely paraphrased before being communicated to anyone. The documents I've found were received by the United| History Stack Exchange
Last week, a backdoor was discovered in xz-utils. The backdoor processes commands sent using RSA public keys as a covert channel. In order to prevent anyone else from using the backdoor, the threat actor implemented a cryptographic signature check on the payload. I have seen a number of people claim that this would necessarily result in an obviously invalid RSA public key, or at least one with no corresponding private key. This is incorrect, and someone nerd sniped me into proving it.| rya.nc
This is an article in a series on Cryptography for the Everyday Developer. Follow along to learn the basics of modern cryptography and encryption. Last time we explored the Data Encryption Standard (DES), and how its Feistel network structure worked. We also saw why DES eventually became obsolete: its 56-bit key size was simply too small in the face of modern computing power. To replace DES, the U.S. National Institute of Standards and Technology (NIST) held a public competition in the late 1...| Kevin Sookocheff
Using RLS can be cumbersome, because it's usually expected to rely on the user name. Could we use JWT to establish a 'trusted context'?| Tomas Vondra
The Domain Name System (DNS) is the address book of the Internet. When you visit cloudflare.com or any other site, your browser will ask a DNS resolver for the IP address where the website can be found.| The Cloudflare Blog
One of the first rules you learn about technical writing is, “Know your audience.” But often, this sort of advice is given without sufficient weight or practical examples. Instead, you&…| Dhole Moments
Think of the Web as a digital territory with its own social contract. In 2014, Tim Berners-Lee called for a “Magna Carta for the Web” to restore the balance of power between individuals and institutions. This mirrors the original charter’s purpose: ensuring that those who occupy a territory have a meaningful stake in its governance. Web 3.0—the distributed, decentralized Web of tomorrow—is finally poised to change the Internet’s dynamic by returning ownership to data creators. Thi...| IEEE Spectrum
With passkey on Sui, users can log in and sign in with Face ID, fingerprint, or a passcode.| The Sui Blog
Hash function A hash function maps data| smallyu‘s Blog
Explore an interactive demonstration of the Diffie-Hellman key exchange using clock arithmetic to visualize modular exponentiation and cryptographic concepts.| appliedcryptography.page
We're happy to share that Ed25519 is now supported in Chrome (version). Following Ed25519 support in Firefox 129 in August 2024 and Safari 17.0, Chrome finally following suit in 137 in May of this year. Ed25519 is now supported in every major browser engine, reaching 79% and counting of| IPFS Foundation
In a recent blog post, I laid out the argument that, if you have securely implemented end-to-end encryption in your software, then the jurisdiction where your ciphertext is stored is almost irrelev…| Dhole Moments
| IBM Research
Driven by cyberattacks and new regulations, software supply chain security is a top concern that requires robust software identification. The post Why we need better software identification appeared first on Software Heritage.| Software Heritage
We’re throwing a party in Vegas! Someone called it SCWPodCon last year, and the name stuck. It’s sponsored by Teleport, the infrastructure identity company. ...| securitycryptographywhatever.com
Galileo OSNMA (open service navigation message authentication) is a cryptographic system that is used to authenticate the navigation message (satellite ephemeris and clocks, etc.) in the Galileo GNSS. I have spoken before about OSNMA in this blog, since I implemented an OSNMA library in Rust a few years back. A good introduction to OSNMA for readers unfamiliar with how it works can be found in Bert Hubert‘s short series of OSNMA posts. The OSNMA system is currently in the public observation...| Daniel Estévez
Explore the link between PCI DSS Requirement 12.3.3 and the need for a Cryptographic Bill of Materials (CBOM), and learn the essential steps to implement CBOM effectively within your organization.| Encryption Consulting
﷽| cocomelonc
We look into a neat trick that allowed replacing the last bit of unreadable edwards25519 code, and learn about the structure and lineage of ECC implementations.| words.filippo.io
Encrypting files with passkeys, using the WebAuthn prf extension and the TypeScript age implementation.| words.filippo.io
CoverDrop employs end-to-end encryption (E2EE) between sources and journalists to protect the confidentiality of the message content. In addition, all users of the news app regularly send cover messages to the news organization to hide the communication patterns of sources. Finally, CoverDrop uses plausibly-deniable encryption to conceal any previous usage of CoverDrop, even against adversaries that capture the smartphone and ask the user to unlock it.| www.coverdrop.org
TL;DR: FOKS is like Keybase, but fully open-source and federated, with SSO and YubiKey support.| blog.foks.pub
Most of today's cryptography is designed to be secure against an adversary with enormous amounts of computational power.| The Cloudflare Blog
Learn modern cryptography principles and applications in this comprehensive course covering cryptographic theory, practical implementations, and real-world security systems at the American University of Beirut.| appliedcryptography.page
Note: this post will probably only really make sense to cryptography geeks. In “When a KEM is not enough”, I described how to construct multi-recipient (public key) authenticated encryption. A naïv…| Neil Madden
Our paper – titled “On the Virtues of Information Security in the UK Climate Movement” – was accepted at USENIX Security’25. Here’s the abstract: We report on an ethnographic study with members of …| malb::blog
tl;dr: yes, contra thingamajig’s law of wotsits. Before the final nail has even been hammered on the coffin of AI, I hear the next big marketing wave is “quantum”. Quantum computing promises to speed up various useful calculations, but is also potentially catastrophic to widely-deployed public key cryptography. Shor’s algorithm for a quantum computer, if […]| Neil Madden
It turns out you can encrypt more than 2^32 messages with AES-GCM with a random nonce under certain conditions. It’s still not a good idea, but you can just about do it. #cryptography| Neil Madden
I see a lot of attempts to define encryption schemes for constrained devices with short authentication tags (e.g., 64 bits) using universal hashing. For example, there’s a proposal in CFRG at the moment for a version of AES-GCM with short tags for this kind of use-case. In my (admittedly limited) experience, these kinds of constrained […]| Neil Madden
In cryptography, the process of authenticating a user (or app/service) is known as entity authentication or identification (to distinguish it from message authentication or data origin authentication). There are lots of ways to do this. In this post I’m going to talk about authentication schemes based on public key cryptography. It turns out that the […]| Neil Madden
Mike Rosulek, Oregon State University. Draft of January 3, 2021. Online: The Joy of Cryptography. This is a freely-available book covering introductory material on cryptography. It’s suitable for anyone with undergraduate-level computer science knowledge. As is often the case in cryptography textbooks, there is a brief review of mathematical background in the first (or zeroth […]| Neil Madden
There has been a lot of discussion recently around the LastPass breach, especially with regards to the number of PBKDF2 iterations applied to the master password to derive the vault encryption key. Other people have already dissected this particular breach, but I want to more generally talk about PBKDF2 iterations and security models. (I’m not […]| Neil Madden
Just a few quick notes/updates to correct some potentially inaccurate statements that are floating around on Reddit/Twitter etc: The bug only impacts Java 15 and above. The original advisory from Oracle incorrectly listed earlier versions (like 7, 8 and 11) as being impacted. They have since corrected this. Note that they now only list 17 […]| Neil Madden
The long-running BBC sci-fi show Doctor Who has a recurring plot device where the Doctor manages to get out of trouble by showing an identity card which is actually completely blank. Of course, this being Doctor Who, the card is really made out of a special “psychic paper“, which causes the person looking at it […]| Neil Madden
When working with Message Authentication Codes (MACs), you often need to authenticate not just a single string, but multiple fields of data. For example, when creating an authenticated encryption mode by composing a cipher and a MAC (like AES-CBC and HMAC), you need to ensure the MAC covers the IV, associated data, and the ciphertext. […]| Neil Madden
This is the third part of my series on Key Encapsulation Mechanisms (KEMs) and why you should care about them. Part 1 looked at what a KEM is and the KEM/DEM paradigm for constructing public key encryption schemes. Part 2 looked at cases where the basic KEM abstraction is not sufficient and showed how it […]| Neil Madden
In my previous post, I described the KEM/DEM paradigm for hybrid encryption. The key encapsulation mechanism is given the recipient’s public key and outputs a fresh AES key and an encapsulation of that key that the recipient can decapsulate to recover the AES key. In this post I want to talk about several ways that […]| Neil Madden
If you know a bit about public key cryptography, you probably know that you don’t directly encrypt a message with a public key encryption algorithm like RSA. This is for many reasons, one of which being that it is incredibly slow. Instead you do what’s called hybrid encryption: first you generate a random AES key […]| Neil Madden
Time-lock puzzles allow a message to be locked today and only revealed after a certain amount of time has passed. This idea has wide-reaching applications, from delayed cryptocurrency payments and sealed-bid auctions to time-based access control and zero-knowledge proofs. In our latest work, we| Bentham’s Gaze
Following the introduction of crypto-condor and differential fuzzing in earlier blogposts, we showcase a use case where Quarsklab's automated test suite for cryptographic implementations allowed us to improve the reference implementation of the recently standardized HQC scheme.| Quarkslab's blog
I'm a programmer, designer, writer and artist. I try to make tools for community autonomy, creativity, and resistance.| meri.garden
This is an article in a series on Cryptography for the Everyday Developer. Follow along to learn the basics of modern cryptography and encryption. A block cipher is a type if cipher that combines an encryption/decryption algorithm that works on blocks of data with a mode of operation that details the techniques to process sequences of data blocks. While many different block cipher algorithms exist, they all share a common structural design: they apply a series of transformations — known as ...| Kevin Sookocheff
Standards| blog.ian.stapletoncordas.co
First, allow me to start off with that I am absolutely loving using Passkeys to login into CloudFlare, Stripe, and other important services that I use to run CoderOasis. This should of been a thing a few years ago – maybe all the way back in 2016 or so. The| CoderOasis
Please note that it is essential for me to emphasize that the code and techniques presented here are intended solely for educational purposes and should never be employed in real-world applications without careful consideration and expert guidance. At the same time, understanding the principles of RSA cryptography and exploring various| CoderOasis
I will explain the Java Cryptographic Architecture (JCA) for a better understanding of how it works. The JCA is designed to simplify the creation of protocols like encryption, hashing, digital signatures, and key generation for Java developers Now let's take a look at how the API works for| CoderOasis
Post-quantum cryptography (PQC) # Post-quantum cryptography (PQC) is a branch of cryptography that develops algorithms which are thought to be secure against attacks using hypothetical quantum computers (which don’t exist right now, but may be developed in the future). Development and deployment of such algorithms defends against potential future attacks (in case relevant quantum computers materialize). Defense against potential future attacks with quantum computers is of particular interes...| OpenPGP.foo
When I first learned about Diffie-Hellman and especially elliptic curve Diffie-Hellman, I had one rather obvious question: Why elliptic curves? Why use this strange group that seems rather arbitrar…| Key Material
It seems like everyone that tries to deploy end-to-end encrypted cloud storage seems to mess it up, often in new and creative ways. Our special guests Matilda Backendal, Jonas Hofmann, and Kien Tuong Trong give us a tour through the breakage and discuss a new formal model of how to actually build a secure E2EE storage system. Watch on YouTube: https://youtu.be/sizLiK_byCw Links: https://brokencloudstorage.info/ https://eprint.iacr.org/2024/1616.pdf https://www.sync.com/ https://www.pcloud.com...| Security Cryptography Whatever
Just a few days before turning off the lights, the Biden administration dropped a huge cybersecurity executive order including a lot of good stuff, that hopefully [cross your fingers, knock wood, spin around three times and spit] will last into future administrations. We snagged some time with Carole House, outgoing Special Advisor and Acting Senior Director for Cybersecurity and Critical Infrastructure Policy, National Security Council in the Biden-Harris White House, to give us a brain dump...| Security Cryptography Whatever
THE QUANTUM COMPUTERS ARE COMING…right? We got Samuel Jacques and John Schanck at short notice to answer that question plus a bunch of other about error correcting codes, logical qubits, T-gates, and more about Google’s new quantum computer Willow. Links: https://blog.google/technology/research/google-willow-quantum-chip/ https://research.google/blog/making-quantum-error-correction-work/ https://blog.google/technology/google-deepmind/alphaqubit-quantum-error-correction/ https://www.nature...| Security Cryptography Whatever
Quantum cryptography is a new method of cryptography that it’s based on quantum mechanics laws, pretending that uncertainty has the potency to weaken the ability of an intruder to hack or get into a system by boosting the entropy. Relying on the Heisenberg uncertainty principle, we assume that| Kalvad
Mike Waltz had a rough Thursday. A photographer caught him using a Signal-like interface to view chats on his phone. TeleMessage copies messages using a forked version of Signal. We found more details about this Israeli app tech.| UNICORN RIOT
Bots now browse like humans. We're proposing bots use cryptographic signatures so that website owners can verify their identity. Explanations and demonstration code can be found within the post.| The Cloudflare Blog
This post will examine the cryptography behind passkeys, the guarantees they do or do not give, and interesting cryptographic things you can do with them, such as generating cryptographic keys and storing certificates.| The Trail of Bits Blog
On decentralization, servers and cryptography| Mike’s blog - Medium
This is the fifth article in a series on Cryptography for the Everyday Developer. Follow along to learn the basics of modern cryptography and encryption. When discussing encryption, you’ll often hear talk about the strength of a security system as measured in “bits.” For example, systems might advertise their strength as having 128-bits or 256-bits. But what exactly does security measured in bits mean? Let’s demystify this common yet sometimes misunderstood concept.| Kevin Sookocheff
Elliptic curves (EC) have become one of the most useful tools for modern cryptography. They were proposed in the 1980s and became widespread used after 2004. Its main advantage is that it offers smaller key sizes to attain the same level of security of other methods, resulting in smaller storage| LambdaClass Blog
TL;DR Bad news for Kali Linux users! In the coming day(s), apt update is going to fail for pretty much everyone out there: Missing key 827C8569F2518CC677FECA1AED65462EC8D5E4C5, which is needed to verify signature. Reason is, we had to roll a new signing key for the Kali repository. You need to download and install the new key manually, here’s the one-liner:| Kali Linux
Together with Rikke Jensen, we’re organising a talk and discussion with Jean-François Blanchette in London on his book Burdens of Proof, which has been tremendously influential on our thinking arou…| malb::blog
(With severe apologies to Miles Davis.) Post-Quantum Cryptography is coming. But in their haste to make headway on algorithm adoption, standards organizations (NIST, IETF) are making a dumb mistake…| Dhole Moments
The cr.yp.to blog| blog.cr.yp.to
Together with Lenka Mareková, Kenny Paterson, Eyal Ronen and Igors Stepanovs, we have finally completed our (first, formal, in-depth, computational) analysis of the Telegram key exchange. This work…| malb::blog
Chunking attacks on Tarsnap (and others)| www.daemonology.net
This is the fourth article in a series on Cryptography for the Everyday Developer. Follow along to learn the basics of modern cryptography and encryption. Modular arithmetic is the foundation for asymmetric cryptography like RSA, elliptic curves, or Diffie-Hellman — all of them rely on the properties of modular arithmetic to guarantee security and secrecy. Since modular arithmetic is so important to cryptography, it pays to understand how it works. This post will help us along the journey b...| Kevin Sookocheff
Discover key updates in Mozilla Root Store Policy v3.0, including enhanced CA revocation practices, automation requirements, and strengthened security measures. Learn how these changes improve Web PKI security and compliance.| Mozilla Security Blog
Upon persuading the gizmos in your home to talk to one another. See also home networks. I feel like this should be easy, but my experience of using Apple and Amazon devices has been that they never do what I want. Also, there are standards wars between various proprietary apps, and the whole thing looks like a security nightmare. Figure 1 1 Dongles for Bluetooth, Zigbee, Thread, etc. nRF52840-MDK Documentation 2 Home Assistant A DIY controller/hub option: Home Assistant. Turn a little Raspbe...| The Dan MacKinlay stable of variably-well-consider’d enterprises
Figure 1 Certifying NNs to be what they say they are. Various interesting challenges in this domain. I am not sure if this is well-specified category in itself. Possibly at some point I will separate the cryptographic verification from other certification ideas. Or maybe some other taxonomy? TBD 1 Ownership of models Keyword: Proof-of-learning, … (Garg et al. 2023; Goldwasser et al. 2022; Jia et al. 2021) TBD 2 Proof of training E.g. Abbaszadeh et al. (2024): A zero-knowledge proof of trai...| The Dan MacKinlay stable of variably-well-consider’d enterprises
Our work, titled Hollow LWE: A New Spin — Unbounded Updatable Encryption from LWE and PCE, is now available on ePrint and will be presented at Eurocrypt 2025 in Madrid in May. It is joint work with…| malb::blog
Creating and managing PGP keys is not a straightforward matter. Many approaches exist and if you are a whistleblower, this tutorial probably does not meet your security standards. In fact, if there's a chance you'll be captured, tortured, or killed for the information you'll encrypt, stop reading this tutorial and pray for the best. You are doing it wrong.| saminiir's hacker blog
Limiting certificate issuance to a server that posses a particular private key| Clément Joly – Open-Source, Rust & SQLite
Two weeks ago, the Washington Post reported that the U.K. government had issued a secret order to Apple demanding that the company include a “backdoor” into the company’s end-to-e…| A Few Thoughts on Cryptographic Engineering
Last time I had an issue with standardization going into the, in my opinion, wrong direction, I wrote a blog post about it. Much to my own surprise, that actually worked, and as a reward you get mo…| Key Material
This is the third and penultimate post in a series about theoretical weaknesses in Fiat-Shamir as applied to proof systems. The first post is here, the second post is here, and you should probably …| A Few Thoughts on Cryptographic Engineering
Last year, I urged furries to stop using Telegram because it doesn’t actually provide them with any of the privacy guarantees they think it gives them. Instead of improving Telegram’s c…| Dhole Moments
This is the third article in a series on Cryptography for the Everyday Developer. Follow along to learn the basics of modern cryptography and encryption. Without randomness, cryptography would be impossible because all operations would become predictable and therefore insecure. — Jean-Philippe Aumasson, Serious Cryptography The cryptographic strength of most systems lies in their ability to generate random numbers that cannot be easily guessed or reproduced, making it difficult for adversar...| Kevin Sookocheff
Leveraging the ubiquity of the PHP programming language to make everyone more secure.| paragonie.com
I’m supposed to be finishing a wonky series on proof systems (here and here) and I promise I will do that this week. In the midst of this I’ve been a bit distracted by world events. Las…| A Few Thoughts on Cryptographic Engineering
‘Let us model our large language model as a hash function—’ Sold. Our special guest Nicholas Carlini joins us to discuss differential cryptanalysis on LLMs...| securitycryptographywhatever.com
Amazon is helping develop standards for post-quantum cryptography and deploying promising technologies for customers to experiment with.| Amazon Science
Amazon Scholar Joan Feigenbaum talks about two cryptographic techniques that are being used to address cloud-computing privacy concerns and accelerate enterprise cloud adoption.| Amazon Science
Shipping large software to end-user devices is a complicated process. Shipping large software securely to end-user devices is even more complicated. Signing the things that ship to end-user devices is| Ben Hearsum
In my last blog post I wrote a little crash course on RSA and how it works without looking into any specific language implementations. Today I'd like to explore the native implementations of .NET and the new RSACng class which has been introduced with .NET Framework 4.6.| Dusted Codes
With the rapid growth of the internet and the vast business which is handled over the web it is not surprising that security has become an inevitable topic for any software developer these days.| Dusted Codes
While Trail of Bits is known for developing security tools like Slither, Medusa, and Fickling, our engineering efforts extend far beyond our own projects. Throughout 2024, our team has been deeply …| Trail of Bits Blog
Here’s the situation: a small, fully-remote software team works on a service (let’s say Grist), and to run it, they need a secret key...| The Mill
This is the first article in a series on Cryptography for the Everyday Developer. Follow along to learn the basics of modern cryptography and encryption. The best way to begin learning about encryption is by example. And thankfully, there exist many examples of encryption throughout history that we can draw from. One of the earliest well-known examples of encryption is the Caesar Cipher, and we will begin there. The Caesar cipher is one of the oldest and simplest forms of encryption. It works...| Kevin Sookocheff
By Marc Ilunga Key derivation is essential in many cryptographic applications, including key exchange, key management, secure communications, and building robust cryptographic primitives. But it’s …| Trail of Bits Blog
Foreword| connorjaydunn.github.io
In Part I, we looked at the problem we want attackers of UOV to solve. In Part II we had plenty of oil and vinegar, but did not really discussed the whole unbalanced part of the scheme. So in this …| Key Material
A few days ago, a download link for a leak of configuration files for Fortigate/Fortinet devices was posted on an Internet forum. It appears that the data was collected in 2022 due to a security vulnerability known as CVE-2022-40684. According to a blog post by Fortinet in 2022, they were already aware of active exploitation of the issue back then. It was first reported by heise, a post by Kevin Beaumont contains further info.| blog.hboeck.de
We are inviting applications for a PhD studentship in the cryptography lab at King’s College London. Specifically, we are looking for an applicant to work with me and Benjamin Dowling. The Ph…| malb::blog
After Part I looked at the hard problem underlying Unbalanced Oil and Vinegar, it is now finally time to talk about the algorithm itself. Verify As with many signature algorithms, looking at the verification routine first is a good idea. The verification algorithm is usually simpler, and gives you an idea of what the signature […]| Key Material
Introduction While there are many schemes discussed in the currently ongoing second onramp for PQC signatures, Unbalanced Oil and Vinegar (UOV) is both one of the most serious contenders and also a…| Key Material
This book was distributed at the FIDO Authenticate conference in| www.imperialviolet.org
Digital signatures are a stamp of authentication for digital information. For PDF files, they provide the ability to detect whether the document has been modified after it was signed by the author.…| Java PDF Blog
Recently, Casa rolled out deepfake-resistant verification codes aimed at protecting our clients’ bitcoin from imposters. This new feature is available for Premium, Enterprise, and Private Clients.| Casa Blog
We are inviting applications for a PhD studentship in the cryptography lab at King’s College London. Specifically, we are looking for an applicant to work with us in the area of lattice-based cryptography. We are particularly interested in the study of and constructions from new lattice-based assumptions and privacy-preserving technologies based on lattices. The PhD … Continue reading PhD Position in Lattice-Based Cryptography→| malb::blog