to this day, this is my favorite explanation of zero knowledge proofs

by zkOG zooko🛡🦓🦓🦓 ⓩ

it’s simple really

Boom! Time-capsules are coming to Sui. TL;DR encrypt messages and NFTs into the future. Crazy interesting applications, see attached!
🍒 that tech was my PhD presented to NIST w/ Foteini Baldimtsi back in 2008 & we still have the fastest algorithm :), we were also the 1st to deploy it

So the overall point here, that E2E services leak a ton of metadata through key updates, is a good one. Same thing goes for Apple: you can more or less enumerate all devices if you reverse the Apple Directory Service APIs.

Post quantum is now in Firefox 🔥 nightly!

debunking TEE fud: a short argument reset to start the new year. collab with Quintus
collective.flashbots.net/t/debunking-te…
Myth 1: “SGX is being deprecated!' Trusted hardware is over.” Actually Confidential Compute is booming. Normies are going to use this whether or not web3 does too

I threw together a quick blog post explaining the recent attack on AirDrop privacy, and how Chinese law enforcement is exploiting it. blog.cryptographyengineering.com/2024/01/11/att…

🚨 Massive AI Security Release 🚨

National Institute of Standards and Technology just put out the best AI Security Publication that I've ever seen.

It is 106 pages of deep, technical content. It references real-world practical attacks. In this thread is the link and I'm going to cover a few highlights. 👇

'Cybersecurity experts are warning of 'significant' data privacy risks after a Vancouver rape crisis centre told clients and donors a computer server containing their sensitive personal information & banking details was stolen from its office last month.'

cbc.ca/news/canada/br…

Article on some new research that finds ways to balance privacy and stalker detection for AirTags and other location trackers. This is a collaboration with my students Gabrielle Beck, Harry Eldridge and colleagues Abhishek Jain and Nadia Heninger. wired.com/story/apple-ai…

Google is changing the way it stores and collects user location data, so that this data will remain on the phone and be encrypted in the cloud. The upshot is that Geofence warrants may become obsolete. EFF: eff.org/deeplinks/2023…

💥New short paper with Yi Tang:

We 𝒄𝒐𝒎𝒑𝒍𝒆𝒕𝒆𝒍𝒚 𝒃𝒓𝒆𝒂𝒌 the assumption underlying the lattice-based 'proof of sequential work' candidate from CRYPTO'23.

This solves a problem that was conjectured to require depth T... in depth poly(log T).

web.eecs.umich.edu/~cpeikert/pubs…

They HACKED A TRAIN. For real. Train operators asked for this to see why their trains didn't run after servicing. Turns out that vendor/producer implemented a geofence lock for trains serviced somewhere else. Amazing story, one of the best hacks in 2023. social.hackerspace.pl/@q3k/111528165…

I wrote a second, long (wonky) post on Schnorr signatures, diving into the Dilithium PQC signature scheme. blog.cryptographyengineering.com/2023/11/30/to-…

I’m very happy to see that the EU parliament is making progress in beating back these mass-message scanning proposals. But I’m still pretty nervous that the EU Commission will find some way to bring these back. edri.org/our-work/csar-…

OpenSSL 3.2.0 has support for using Windows OS trust stores, raw public keys for TLS and third-party signature schemes enabling PQC signatures to be experimented with, certificate compression which is important for PQC certificates, and Hybrid Public Key Encryption (HPKE). All

Everyone should have secure and modern messaging regardless of what phone they have. Excited to see Apple joining our ongoing work with the GSMA to evolve RCS. 💚+💙 cnet.com/tech/mobile/ap…

If you ever used this type of adapter, you were part of an epic time in computing.

Me: quits my “anonymous-credentials for age verification” project, starts working on “anonymous-credentials for social media identification.”

Reptar: New Intel CPU Vulnerability Impacts Multi-Tenant Virtualized Environments thehackernews.com/2023/11/reptar…

new blog and a post on the security of Kyber512: finiterealities.net/kyber512/