FBI raids home of prominent computer scientist who has gone incommunicado
(arstechnica.com)
A prominent computer scientist who has spent 20 years publishing academic papers on cryptography, privacy, and cybersecurity has gone incommunicado, had his professor profile, email account, and phone number removed by his employer Indiana University, and had his homes raided by the FBI. No one knows why.
A prominent computer scientist who has spent 20 years publishing academic papers on cryptography, privacy, and cybersecurity has gone incommunicado, had his professor profile, email account, and phone number removed by his employer Indiana University, and had his homes raided by the FBI. No one knows why.
Bitcoin's God. Years of studying Satoshi led me to a new prime suspect
(nymag.com)
If Satoshi Nakamoto, the pseudonymous inventor of bitcoin, was who I believed him to be, he was not going to acknowledge it. He probably wouldn’t talk to me. And seeing him was going to mean sitting on a plane for 20 hours and driving another eight. But I needed to try to have a conversation with him, and it had to be face-to-face.
If Satoshi Nakamoto, the pseudonymous inventor of bitcoin, was who I believed him to be, he was not going to acknowledge it. He probably wouldn’t talk to me. And seeing him was going to mean sitting on a plane for 20 hours and driving another eight. But I needed to try to have a conversation with him, and it had to be face-to-face.
Show HN: StoffelVM – A WIP VM for Multiparty Computation
(github.com/Stoffel-Labs)
This repository contains the core crates of the Stoffel Virtual Machine, a virtual machine optimized for multiparty computation (MPC).
This repository contains the core crates of the Stoffel Virtual Machine, a virtual machine optimized for multiparty computation (MPC).
Entropy Attacks
(cr.yp.to)
The conventional wisdom is that hashing more entropy sources can't hurt: if H is any modern cryptographic hash function then H(x,y,z) is at least as good a random number as H(x,y), no matter how awful z is. So we pile one source on top of another, hashing them all together and hoping that at least one of them is good.
The conventional wisdom is that hashing more entropy sources can't hurt: if H is any modern cryptographic hash function then H(x,y,z) is at least as good a random number as H(x,y), no matter how awful z is. So we pile one source on top of another, hashing them all together and hoping that at least one of them is good.
TLS Handshake on Sockets (C++)
(medium.com)
There are numerous articles on the internet about the TLS handshake algorithm. However, many of them only provide a superficial description. In this article, we will explore a C++ implementation of a specific cipher. This source code relies solely on sockets for networking and utilizes the OpenSSL library exclusively for encryption (RSA, AES, SHA).
There are numerous articles on the internet about the TLS handshake algorithm. However, many of them only provide a superficial description. In this article, we will explore a C++ implementation of a specific cipher. This source code relies solely on sockets for networking and utilizes the OpenSSL library exclusively for encryption (RSA, AES, SHA).
Post-quantum cryptography apocalypse will be televised in 10 years: UK's NCSC
(theregister.com)
The UK's National Cyber Security Centre (NCSC) today started the post-quantum cryptography (PQC) countdown clock by claiming organizations have ten years to migrate to a safer future.
The UK's National Cyber Security Centre (NCSC) today started the post-quantum cryptography (PQC) countdown clock by claiming organizations have ten years to migrate to a safer future.
OpenSSL 3.1.2: FIPS 140-3 Validated
(openssl-library.org)
The OpenSSL Corporation is pleased to announce that OpenSSL version 3.1.2 has achieved FIPS 140-3 validation, signifying its compliance with the rigorous cryptographic module security requirements set forth by the National Institute of Standards and Technology (NIST). This accomplishment marks a significant milestone in reinforcing trusted, standards-based encryption for organizations operating in regulated environments, including government agencies, healthcare institutions, and financial services.
The OpenSSL Corporation is pleased to announce that OpenSSL version 3.1.2 has achieved FIPS 140-3 validation, signifying its compliance with the rigorous cryptographic module security requirements set forth by the National Institute of Standards and Technology (NIST). This accomplishment marks a significant milestone in reinforcing trusted, standards-based encryption for organizations operating in regulated environments, including government agencies, healthcare institutions, and financial services.
An early look at cryptographic watermarks for AI-generated content
(cloudflare.com)
Generative AI is reshaping many aspects of our lives, from how we work and learn, to how we play and interact. Given that it's Security Week, it's a good time to think about some of the unintended consequences of this information revolution and the role that we play in bringing them about.
Generative AI is reshaping many aspects of our lives, from how we work and learn, to how we play and interact. Given that it's Security Week, it's a good time to think about some of the unintended consequences of this information revolution and the role that we play in bringing them about.
Deniable Encryption
(wikipedia.org)
In cryptography and steganography, plausibly deniable encryption describes encryption techniques where the existence of an encrypted file or message is deniable in the sense that an adversary cannot prove that the plaintext data exists.
In cryptography and steganography, plausibly deniable encryption describes encryption techniques where the existence of an encrypted file or message is deniable in the sense that an adversary cannot prove that the plaintext data exists.
Zero-knowledge proofs, encoding Sudoku and Mario speedruns without semantic leak
(wordpress.com)
We published our video on zero-knowledge proofs!
We published our video on zero-knowledge proofs!
Offline PKI using 3 Yubikeys and an ARM single board computer
(bernat.ch)
An offline PKI enhances security by physically isolating the certificate authority from network threats. A YubiKey is a low-cost solution to store a root certificate. You also need an air-gapped environment to operate the root CA.
An offline PKI enhances security by physically isolating the certificate authority from network threats. A YubiKey is a low-cost solution to store a root certificate. You also need an air-gapped environment to operate the root CA.
Post-Quantum Cryptography Is About the Keys You Don't Play
(soatok.blog)
Post-Quantum Cryptography is coming. But in their haste to make headway on algorithm adoption, standards organizations (NIST, IETF) are making a dumb mistake that will almost certainly bite implementations in the future.
Post-Quantum Cryptography is coming. But in their haste to make headway on algorithm adoption, standards organizations (NIST, IETF) are making a dumb mistake that will almost certainly bite implementations in the future.
Elastic Restaking Networks
(arxiv.org)
Decentralized services for blockchains often require their validators (operators) to deposit stake (collateral), which is forfeited (slashed) if they misbehave.
Decentralized services for blockchains often require their validators (operators) to deposit stake (collateral), which is forfeited (slashed) if they misbehave.
Cwtch – Privacy Preserving Messaging
(cwtch.im)
Cwtch (/kʊtʃ/ - a Welsh word roughly translating to “a hug that creates a safe place”) is a decentralized, privacy-preserving, multi-party messaging protocol that can be used to build metadata resistant applications.
Cwtch (/kʊtʃ/ - a Welsh word roughly translating to “a hug that creates a safe place”) is a decentralized, privacy-preserving, multi-party messaging protocol that can be used to build metadata resistant applications.
OpenSSL 3.5 Alpha 1 Released with Server-Side QUIC
(phoronix.com)
OpenSSL 3.5 Alpha 1 is out today as the first development milestone on the path to releasing OpenSSL 3.5.0 in April.
OpenSSL 3.5 Alpha 1 is out today as the first development milestone on the path to releasing OpenSSL 3.5.0 in April.
NIST selects HQC as fifth algorithm for post-quantum encryption
(nist.gov)
NIST has chosen a new algorithm for post-quantum encryption called HQC, which will serve as a backup for ML-KEM, the main algorithm for general encryption.
NIST has chosen a new algorithm for post-quantum encryption called HQC, which will serve as a backup for ML-KEM, the main algorithm for general encryption.
Outdated DKIM keys are easy to crack
(sidn.nl)
Quite a few of the world's most-visited web domains are using DKIM keys for their mail that are too short.
Quite a few of the world's most-visited web domains are using DKIM keys for their mail that are too short.
Sigint in Fiction
(blogspot.com)
I had an articled published last month in the John Buchan Journal (unsurprisingly, the journal of the John Buchan Society). It is about the way that John Buchan drew on his First World War experience as a customer of Sigint to use cryptanalysis in one of his books and in a short story to advance the narrative, and to develop characters.
I had an articled published last month in the John Buchan Journal (unsurprisingly, the journal of the John Buchan Society). It is about the way that John Buchan drew on his First World War experience as a customer of Sigint to use cryptanalysis in one of his books and in a short story to advance the narrative, and to develop characters.
Constant-Time Code: The Pessimist Case [pdf]
(iacr.org)
This note discusses the problem of writing cryptographic implementations in software, free of timing-based side-channels, and many ways in which that endeavour can fail in practice. It is a pessimist view: it highlights why such failures are expected to become more common, and how constant-time coding is, or will soon become, infeasible in all generality.
This note discusses the problem of writing cryptographic implementations in software, free of timing-based side-channels, and many ways in which that endeavour can fail in practice. It is a pessimist view: it highlights why such failures are expected to become more common, and how constant-time coding is, or will soon become, infeasible in all generality.
AI Thinks It Cracked Kryptos. The Artist Behind It Says No Chance
(wired.com)
For 35 years, amateur and professional cryptographers have tried to crack the code on Kryptos, a majestic sculpture that sits behind CIA headquarters in Langley, Virginia.
For 35 years, amateur and professional cryptographers have tried to crack the code on Kryptos, a majestic sculpture that sits behind CIA headquarters in Langley, Virginia.
Chatbots Convinced Idiots They Cracked the Code on a Sculpture in CIA's Backyard
(gizmodo.com)
Near the CIA headquarters in Langley, Virginia, there is a sculpture known as Kryptos. It has been there since 1990 and contains four secret codes—three of which have been solved. The final one has gone 35 years without being decrypted. And, according to a report from Wired, the sculptor responsible wants everyone to know that you are not solving the damn thing with a chatbot.
Near the CIA headquarters in Langley, Virginia, there is a sculpture known as Kryptos. It has been there since 1990 and contains four secret codes—three of which have been solved. The final one has gone 35 years without being decrypted. And, according to a report from Wired, the sculptor responsible wants everyone to know that you are not solving the damn thing with a chatbot.
Kyber512's Security Level (2023)
(keymaterial.net)
Sigh. I really didn’t want to have to write this blog post. There is a story going around, claiming that the NSA somehow unduly influenced NIST to choose Kyber over NTRU, despite Kyber not being secure enough. The story is based on this blog post, by famous cryptographer Daniel J. Bernstein (also known as djb), who happens to be one of the authors of the NTRU variant NTRU-prime, which was also competing in the NIST competition.
Sigh. I really didn’t want to have to write this blog post. There is a story going around, claiming that the NSA somehow unduly influenced NIST to choose Kyber over NTRU, despite Kyber not being secure enough. The story is based on this blog post, by famous cryptographer Daniel J. Bernstein (also known as djb), who happens to be one of the authors of the NTRU variant NTRU-prime, which was also competing in the NIST competition.
PurrCrypt: Steganographic encryption disguised as pet sounds
(github.com/vxfemboy)
A fur-ociously secure encryption tool that encodes your secrets as adorable cat and dog sounds, using real elliptic curve cryptography with a playful disguise.
A fur-ociously secure encryption tool that encodes your secrets as adorable cat and dog sounds, using real elliptic curve cryptography with a playful disguise.
The Combined Cipher Machine 1940's-1950's
(blogspot.com)
Another machine that became increasingly important for the Allies, in the period 1943-45, was the Combined Cipher Machine - CCM. Unfortunately, this machine has not received a lot of attention from historians because there is limited information available on its internal operation and use in the field.
Another machine that became increasingly important for the Allies, in the period 1943-45, was the Combined Cipher Machine - CCM. Unfortunately, this machine has not received a lot of attention from historians because there is limited information available on its internal operation and use in the field.
Time-Lock Encryption
(gwern.net)
In cryptography, it is easy to adjust encryption of data so that one, some, or all people can decrypt it, or some combination thereof. It is not so easy to achieve adjustable decryptability over time, a “time-lock crypto”: for some uses (data escrow, leaking, insurance, last-resort Bitcoin backups etc), one wants data which is distributed only after a certain point in time.
In cryptography, it is easy to adjust encryption of data so that one, some, or all people can decrypt it, or some combination thereof. It is not so easy to achieve adjustable decryptability over time, a “time-lock crypto”: for some uses (data escrow, leaking, insurance, last-resort Bitcoin backups etc), one wants data which is distributed only after a certain point in time.