But this is still vulnerable to Bleichenbacher's adaptive chosen-ciphertext attack
#realworldcryptopic.twitter.com/rln68VDD9L
U tweetove putem weba ili aplikacija drugih proizvođača možete dodati podatke o lokaciji, kao što su grad ili točna lokacija. Povijest lokacija tweetova uvijek možete izbrisati. Saznajte više
Next up! Deco: Liberating Web Data Using Decentralized Oracles for TLS
#realworldcrypto
Applying DECO to smart contracts, like on blockchain thingies
#realworldcrypto
Smart contracts need to be online to respond in a timely manner to things happening in the world.
#realworldcrypto
decentralization
for your decentralized smart contracts thing on a blockchain
#realworldcryptopic.twitter.com/W8GvvB9CTX
Possible solutions:
- change TLS to sign data
- trusted hardware (SGX*)
* welp
#realworldcrypto
DECO facilitates privacy-preserving proofs about TLS data to oracles and can be used for these smart contracts
#realworldcrypto
The primary goal is to prove provenance of TLS ciphertext.
#realworldcrypto
The three-party handshake logo is cut off, my apologies
#realworldcryptopic.twitter.com/0GjRpeSjBh
(That
operation is an elliptic curve group operation)
#realworldcrypto
Results in a handshake circuit with AND complexity of ~770k, runs in ~1.40seconds on wired network. Plenty fast for DECO.
#realworldcrypto
So, if this is a proof based on the TLS connection of the data provider, what happens when the data provider gets social engineered or forgets to patch their database backend?
#realworldcrypto
Q: In the MPC it's broken into two parts, what prevents a malicious input in the second part?
A: This will be caught later on in the protocol in the proof stage this will be caught, the two parties commit to their shares beforehand
#realworldcrypto
Next up is the first symmetric crypto session, starting with Attacks only get better: The case of OCB2 by Tetsu Iwata
#realworldcrypto
No authenticity, allowing the ciphertext to be manipulated.
#REALWORLDCRYPTOpic.twitter.com/XwbeF4CX1L
Nonce changes for every* encryption operation
*except when it doesn't , like when you ask the user to provide a nonce
#REALWORLDCRYPTOpic.twitter.com/twmxJ4qxUj
GCM, CCM are NIST-certified
IETF ones include GCM, ChaCha20-Poly1305
CAESAR includes 6 more
Some more in the ongoing NIST lightweight crypto competition
#realworldcrypto
OCB includes 3 versions, nonce-based AE with AD with strong features, including proof of security
#realworldcryptopic.twitter.com/hZ9D7HyKXF
Result: authenticity attack on OCB2, not related to the underlying block cipher.
#realworldcryptopic.twitter.com/nRbwCXsRyi
> SJCL affected
Free corgi pix to someone who collects metrics on real world usage of the SJCL in the wild.
#realworldcrypto
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.