JavaScript is not available.

Security. Cryptography. Whatever.

@SCWpod

Jan 27

NEW EPISODE! THREEEEEMAAAAAAAA We recorded this almost two weeks ago, yay it's out! With special guests

Threema with Kenny Patterson, Matteo Scarlata, & Kien Tuong Truong

Another day, another ostensibly secure messenger that quails under the gaze of some intrepid cryptographers. This time, it's Threema, and the gaze belongs to...

Exploiting a Critical Spoofing Vulnerability in Windows CryptoAPI | Akamai

Jan 27

The NSA found and disclosed a Windows CryptoAPI bug (CVE-2022-34689) that was patched last August. A cache was using MD5 to index entries, which allowed for collisions.

akamai.com

Akamai researchers have analyzed a critical vulnerability in Microsoft's CryptoAPI that would allow an attacker to masquerade as a legitimate entity.

RIP, Passwords. Here’s What’s Coming Next.

Jan 26

NYT Wirecutter article about PassKeys:

nytimes.com

Usernames and passwords may soon be going away. Passkeys will replace them.

Jack Hidary says you can’t afford to ignore quantum computing

Jan 26

The op-ed also claims that "criminals" are storing encrypted data today with the hope of decrypting it in 7+ years for some gain. Practically, this is only relevant to TLS handshakes. There is no evidence that anyone outside the IC would store network traffic indefinitely.

The current factoring record for Shor's algorithm (which cheats by knowing the answer a priori) is 5 bits. In the last 20 years, this has improved by 1 bit. Hidary's article implies that in the next 7 years, this will jump to at least 1024 bits.

To do so, QCs would need to improve the number of qubits by 10x every year for the next 7 years while becoming 100 times more reliable: sam-jaques.appspot.com/quantum_landsc

I think

CEO

really exaggerates the risk of quantum computers in this op-ed. He repeats a claim that it will be feasible to decrypt RSA by 2030. I don't know any cryptographers who would agree.

economist.com

The time has come to address the security risks that quantum computers will pose when they start working, says the CEO of SandboxAQ

Show this thread

Charalampos (Babis) Papamanthou

@chbpap

Jan 24

Cuckoo hashing hashes elements into 2 random slots, eventually allocating each element to 1 slot. If the allocation fails, we can stash the overflows. Our IPL paper with Brice Minaud enhances a prior analysis & derives negligible failure probability bounds useful in cryptography!

: eprint.iacr.org/2023/032

Jan 20

"A Gentle Tutorial for Lattice-Based Cryptanalysis" by Joseph Surin &

@shaananc

We (

and I) are happy to show you zkalc! A crypto benchmarking website created to instantly answer questions like "How quickly can I compute a BLS12-381 MSM of size 32156 on an M1 pro?"! (1/N) crypto.ethereum.org/blog/zkalc

143

Three computer scientists have discovered a fast algorithm for finding shortest paths between points on graphs with negative weights, a long-standing optimization problem.

@benbenbrubaker

reports:

quantamagazine.org

Finally, a Fast Algorithm for Shortest Paths on Negative Graphs | Quanta Magazine

Researchers can now find the shortest route through a network nearly as fast as theoretically possible, even when some steps can cancel out others.

136

Institute for Quantum Computing (IQC)

@QuantumIQC

Jan 17

The

@Quantum_Days

virtual three-day conference starts today! Tune in to hear from thought leaders on #quantum innovation in Canada, including some familiar faces from IQC, as they explore quantum processors, interfaces, and materials. 2023.quantumdays.ca/en/program/ #QuantumDays

read image description

ALT

The schedule for

is now live: satml.org/schedule/ There are still a handful of seats available to attend the event on Feb 8-10

Jan 16

Hot update to Boneh & Shoup’s “Graduate Course in Applied Crypto” just dropped: toc.cryptobook.us

GitHub - aws/c3r: Cryptographic Computing for Clean Rooms (C3R) encryption client and SDK

Jan 12

Amazon released a "Cryptographic Computing for Clean Rooms" (c3r) library for a new preview clean room feature. Code: github.com/aws/c3r Docs: docs.aws.amazon.com/clean-rooms/la

github.com

Cryptographic Computing for Clean Rooms (C3R) encryption client and SDK - GitHub - aws/c3r: Cryptographic Computing for Clean Rooms (C3R) encryption client and SDK

Zero Knowledge Proofs MOOC

Jan 12

Zero knowledge proof online course starting Spring 2023 and taught by Shafi Goldwasser,

, &

This class aims to bring together students and experts in academia and industry to explore Zero-Knowledge Proofs (ZKP).

Croatia summer school on real-world crypto and privacy continues in 2023 on another location: summerschool-croatia.cs.ru.nl/2023/index.html This year we have for the first time call for tutorials, deadline is Jan. 15 summerschool-croatia.cs.ru.nl/2023/call-for-

Did you ever hear about these fancy-shmancy elliptic curves with “pairings” or “bilinear maps”? Did you know *S*NARKs would not be possible without them? Or that jail time can be conducive to great mathematical results? If so, this blog post is for you: alinush.github.io/2022/12/31/pai

223

How it started vs how it ended.

Quote Tweet

kennyog

@kennyog

Sep 27, 2022

I’d like to borrow 8192 cores for a week. Anyone out there got some spare compute lying around to help out with a cool research project?

New Algorithm Closes Quantum Supremacy Window | Quanta Magazine

Jan 9

Quantum supremacy is not happening soon with the intentionally chosen QC-friendly problem that Google picked:

quantamagazine.org

Random circuit sampling, a popular technique for showing the power of quantum computers, doesn’t scale up if errors go unchecked.

We (

and I) took a deep dive on Threema, a Swiss-made secure messaging app. We found 6 new cryptographic vulnerabilities. Full paper at breakingthe3ma.app; mini-thread follows. #threema

153

352

Show this thread

Security. Cryptography. Whatever.

@SCWpod

Jan 7

NEW EPISODE!

podcasts.apple.com

‎Security Cryptography Whatever: Has RSA been destroyed by a quantum computer??? on Apple Podcasts

‎Show Security Cryptography Whatever, Ep Has RSA been destroyed by a quantum computer??? - Jan 6, 2023

Official ACM CCS 2023 Call for Papers is out: ccs2023a.hotcrp.com The first cycle's submission deadline is Jan 19, 2023!

Security. Cryptography. Whatever.

NEW EPISODE!

and

gab about Tailscale's new Tailnet Lock, the Okta breach, what the fuck CISOs are for anyway, Rust in Android and Chrome, passkeys support, and of course, SBF.

podcasts.apple.com

‎Security. Cryptography. Whatever.: End of Year Wrap Up on Apple Podcasts

‎Show Security. Cryptography. Whatever., Ep End of Year Wrap Up - Jan 4, 2023

A lot of new cryptography is landing in Go 1.20, including the new crypto/ecdh package and math/big-less RSA and ECDSA backends!

Jan 4

Lots of Go 1.20 Cryptography updates by

@FiloSottile

words.filippo.io

Go 1.20 Cryptography

Been working on a tool for visualizing neural networks using python code. Here is a visualization of a convolutional neural network. It is built on top of the

@manim_community

library.

0:20

70.5K views

338

2,315

Quantum algorithms for data analysis:

quantumalgorithms.org

Quantum algorithms for data analysis

Open-source book on quantum algorithms for information processing and machine learning

Simons Institute for the Theory of Computing

@SimonsInstitute

Dec 29, 2022

"What Do the Theory of Computing and the Movies Have in Common?" Alvy Ray Smith (co-founder of Pixar) Tues., Feb. 21, 2023 6–7:30 pm PT Location: David Brower Center, Berkeley, CA simons.berkeley.edu/events/theoret Join us for this talk in our Theoretically Speaking lecture series!

I will be looking for at least 1 PhD student (prob 2) in provable crypto next September. (Postquantum, real world, ...). It can also be for a postdoc. It's in Palaiseau (Paris suburbs), in a nice, friendly team. (There are several offices with plushes!)

GIF

read image description

ALT

developers.googleblog.com

Dec 22, 2022

Google open sourced a privacy-enhancing image blurring library and improvements to their fully homomorphic encryption transpiler:

New privacy-enhancing technology for everyone

Today we’re sharing several recent PET developments that will provide the broader developer community new ways to deploy and enhance privacy features.

: sam-jaques.appspot.com/quantum_landsc

Dec 22, 2022

Landscape of Quantum Computing in 2022 by

@sejaques

Dec 20, 2022

I am impressed how well Passkeys (FIDO2 multi-device support) work. I think it will be a security & usability gain over the status quo. Support is baked into Chrome and iOS now: blog.chromium.org/2022/12/introd developer.apple.com/passkeys/ Here's a demo site: passkeys.io

NSA Publishes 2022 Cybersecurity Year in Review

Dec 19, 2022

Cybersecurity year in review from

@NSACyber

nsa.gov

The National Security Agency published its 2022 Cybersecurity Year in Review today to share its mission focuses and demonstrate how it is producing cybersecurity outcomes for the nation.

Dec 18, 2022

Nice to see callouts for cryptographers Sarah Meiklejohn and

@AnnaLysyanskaya

@a_greenberg

’s “Tracers in the Dark”.

Dec 16, 2022

I can’t even put it in a tweet. infosec exchange / sweis

I tried to put my mastodon link in my profile and Twitter calls it malware.

Show this thread