I hate NAT

The Workshop on Attacks in Cryptography ( #WAC7 ) will happen again at CRYPTO 2024! This year, we have a call for talks open until May 17.

Please spread the word. We're interested in all practical cryptanalysis since WAC6.

Call for talks: wac7.cryptanalysis.fun/#call-for-talks

The mc randar exploit is pure artistry. Chefs kiss github.com/spawnmason/ran…

Is lattice-based cryptography still (potentially) post-quantum now? 🥳
Update to #eprint555 by Yilei Chen

eprint.iacr.org/2024/583.pdf

The fun continues.. Omri Shmueli makes a step towards saving the world..

We found a critical vulnerability in #PuTTY SSH client with NIST P-521 keys, that allows private key recovery from only 60 signatures, CVE-2024-31497! If you use #Putty or #Filezilla with ECDSA P-521, upgrade now and generate a new key! Joint work with Fabian Bäumer, details ⬇️

This looks serious. Damn serious. Some lattice expert can say something about it?

eprint.iacr.org/2024/555

After a long slog, by many, many people, the first issue of the Communications on Cryptology is out.

This is a new Diamond Open Access (free to publish, free to view) journal from the IACR.

cic.iacr.org/i/1/1

Well I guess this was only a matter of time. github.com/USENIX-Securit…

New blog from Eric Rescorla on design choices for post-quantum TLS! educatedguesswork.org/posts/pq-rollo…

Do you want to have a bad time? Try cryptographic vulnerability disclosure through bug bounty programs.

Differential cryptanalysis of ChaCha7 #fse2024

Dear Crypto Bubble,
I'm looking for motivated applicants for my PhD position:
- Research on privacy preserving messaging
- Fully funded
- Interdiscipl. research group
- Joint supervision by PI team
- Apply ≤ April 10
- Starts in October
- Nuremberg is nice & a climbing paradise

New attack on QUIC's Connection ID management: seemann.io/posts/2024-03-…

This weekend I played a bit with the new view on crt.sh that groups CAs by Root Owner. I combined the CA Owner view to create a cleaned-up market share review. The Python to generate this is here: gist.github.com/rmhrisk/39f266… #WebPKI

The IETF needs more people with middle fingers

Fuzzing is hard, evaluating fuzzing is harder 🔥

For our new IEEE S&P paper, we studied 150 fuzzing evals and found issues such as lackluster documentation, bad experiment setups, or questionable CVEs

📄 Paper mschloegel.me/paper/schloege…

🔧 Help us fix this github.com/fuzz-evaluator…

Today Apple approved my latest strategy board game, Runes of Ardun, for release on the App Store!

Please check it out, I've worked hard on it and would love to hear what you think!

Senior Research Scientist in Post-Quantum Cryptography at SandboxAQ martinralbrecht.wordpress.com/2024/02/02/sen…

What are these reviews for RWC24 - literally only a paper summary - not even comments for authors. How am I supposed to learn from this.