A few weeks ago, U.S. Attorney General William Barr joined his counterparts from the U.K. and Australia to publish an open letter addressed to Facebook. The Barr letter represents the latest salvo …| A Few Thoughts on Cryptographic Engineering
1 post published by Matthew Green during September 2025| A Few Thoughts on Cryptographic Engineering
I learn about cryptographic vulnerabilities all the time, and they generally fill me with some combination of jealousy (“oh, why didn’t I think of that”) or else they impress me w…| A Few Thoughts on Cryptographic Engineering
3 posts published by Matthew Green during February 2013| A Few Thoughts on Cryptographic Engineering
This is the story of how a handful of cryptographers ‘hacked’ the NSA. It’s also a story of encryption backdoors, and why they never quite work out the way you want them to. But I…| A Few Thoughts on Cryptographic Engineering
Matthew Garrett has a nice post about Twitter (uh, X)’s new end-to-end encryption messaging protocol, which is now called XChat. The TL;DR of Matthew’s post is that from a cryptographic…| A Few Thoughts on Cryptographic Engineering
This is a cryptography blog and I always feel the need to apologize for any post that isn’t “straight cryptography.” I’m actually getting a little tired of apologizing for i…| A Few Thoughts on Cryptographic Engineering
Two weeks ago, the Washington Post reported that the U.K. government had issued a secret order to Apple demanding that the company include a “backdoor” into the company’s end-to-e…| A Few Thoughts on Cryptographic Engineering
This is the third and penultimate post in a series about theoretical weaknesses in Fiat-Shamir as applied to proof systems. The first post is here, the second post is here, and you should probably …| A Few Thoughts on Cryptographic Engineering
This is the second part of a two three-part series, which covers some recent results on “verifiable computation” and possible pitfalls that could occur there. This post won’t make…| A Few Thoughts on Cryptographic Engineering
I’m supposed to be finishing a wonky series on proof systems (here and here) and I promise I will do that this week. In the midst of this I’ve been a bit distracted by world events. Las…| A Few Thoughts on Cryptographic Engineering
Trigger warning: incredibly wonky theoretical cryptography post (written by a non-theorist)! Also, this will be in two parts. I plan to be back with some more thoughts on practical stuff, like clou…| A Few Thoughts on Cryptographic Engineering
Recently I came across a fantastic new paper by a group of NYU and Cornell researchers entitled “How to think about end-to-end encryption and AI.” I’m extremely grateful to see th…| A Few Thoughts on Cryptographic Engineering
This blog is reserved for more serious things, and ordinarily I wouldn’t spend time on questions like the above. But much as I’d like to spend my time writing about exciting topics, som…| A Few Thoughts on Cryptographic Engineering
If you’re like most people, you don’t have a strong opinion about CBC-MAC. In fact, if you’re like most people, you don’t have a strong opinion about any crypto primitive. T…| A Few Thoughts on Cryptographic Engineering
Last Thursday, Yahoo announced their plans to support end-to-end encryption using a fork of Google’s end-to-end email extension. This is a Big Deal. With providers like Google and Yahoo onboa…| A Few Thoughts on Cryptographic Engineering
It’s been a while since I wrote an “attack of the week” post, and the fault for this is entirely mine. I’ve been much too busy writing boring posts about Schnorr signatures!…| A Few Thoughts on Cryptographic Engineering
This post continues a long, wonky discussion of Schnorr signature schemes and the Dilithium post-quantum signature. You may want to start with Part 1. In the previous post I discussed the intuition…| A Few Thoughts on Cryptographic Engineering
Warning: extremely wonky cryptography post. Also, possibly stupid and bound for nowhere. One of the hardest problems in applied cryptography (and perhaps all of computer science!) is explaining why…| A Few Thoughts on Cryptographic Engineering
On March 23 I was invited to participate in a panel discussion at the European Internet Services Providers Association (EuroISPA). The focus of this discussion was on recent legislative proposals, …| A Few Thoughts on Cryptographic Engineering
A few weeks ago I ran into a conversation on Twitter about the weaknesses of applied cryptography textbooks, and how they tend to spend way too much time lecturing people about Feistel networks and…| A Few Thoughts on Cryptographic Engineering