cryptography
/cryptography1407
A place to discuss the math that secures the world. Message for an invite.
Fun survey of vulnerabilities in E2EE cloud storage providers. Unauthenticated encryption is a theme. https://brokencloudstorage.info
There is a remarkably close parallel between the problems of the physicist and those of the cryptographer. The system on which a message is enciphered corresponds to the laws of the universe, the intercepted messages to the evidence available, the keys for a day or a message to important constants which have to be determined. The correspondence is very close, but the subject matter of cryptography is very easily dealt with by discrete machinery, physics not so easily.
- Alan Turing
- Alan Turing
How would you eli5 commitments?
A paper I like by J. Bonneau and @socrates1024: what if we didn't have public-key cryptography? It turns out that, in principle, we could still make a blockchain by using commit-and-reveal to prove knowledge of hash preimages
https://jbonneau.com/doc/BM14-SPW-fawkescoin.pdf
https://jbonneau.com/doc/BM14-SPW-fawkescoin.pdf
If the govt has a backdoor into TEE keys, they can potentially throw people in jail that use it for private data storage/retrieval.
They can generate a valid TEE attestation for serving something very illegal.
If the courts respect TEE attestations, they have this power.
They can generate a valid TEE attestation for serving something very illegal.
If the courts respect TEE attestations, they have this power.
Another side-project: age-mnemonic. It uses the same tech as cryptoasset wallets to generate one or more keys from a single mnemonic phrase.
https://bbjubjub2494.github.io/age-hier
https://bbjubjub2494.github.io/age-hier
til: whatsapps's has an auditable mapping of phone numbers to public keys
https://www.youtube.com/watch?v=_N4Q05z5vPE
https://www.youtube.com/watch?v=_N4Q05z5vPE
What is the best way of handling overflows or underflows when building a cryptography library? @cassie @bbjubjub.eth
Another side-project: it picks one or more items using drand verifiable randomness. Double-implemented in Go and Rust. I've used it to raffle CTF prizes internally although I'm not 100% satisfied with the design.
https://github.com/bbjubjub2494/dshuf
https://github.com/bbjubjub2494/dshuf
Side project of mine: threshold encryption for Age. I'm taking my time to finish it, but I think it could be useful for coordinated disclosure and backups.
https://github.com/bbjubjub2494/age-threshold
https://github.com/bbjubjub2494/age-threshold
Cooking up some Threshold Crypto 101 slides...
In the common core for engineering roles, there is currently a lot of calculus. I guess historically physics was everywhere. I feel like it would be time to introduce a bit of discrete math, maybe some probabilistic proofs. Truth games with polynomials are much cooler than the fourth consecutive semester of calculus!
Isogenies probably another 900% on top of that
So today I discovered that this property is called fairness. This paper has some interesting results using a semi-trusted third party. I also did not think of the attack where the adversary has two distinct groups attempt decryption...
https://web.cs.ucdavis.edu/~franklin/ijact.pdf
https://web.cs.ucdavis.edu/~franklin/ijact.pdf
I wrote a MSc. thesis about mempools, threshold decryption and VDFs btw
https://blog.bbjubjub.fr/thesis.pdf
https://blog.bbjubjub.fr/thesis.pdf
It's Saturday, I have a broken heart and my warpcast streak is about to break. I don't know what to post so you get an old pho pic I guess
new puzzle just dropped (too long to post here)
x.com/SHL0MS/status/1836932006422131175
hints:
⇧ ꩜ 1,2,3,4,5,6
N ꩜ 7
prize pool currently ~$170 across Mainnet and Base (thanks @swaye_co @gcorpworldwide @RohanNero!)
feel free to add to the pool for a shoutout: 0x47cB01859E7489d783c229Ec62506676F5Ab389a
https://etherscan.io/address/0x47cb01859e7489d783c229ec62506676f5ab389a#multichain-portfolio
x.com/SHL0MS/status/1836932006422131175
hints:
⇧ ꩜ 1,2,3,4,5,6
N ꩜ 7
prize pool currently ~$170 across Mainnet and Base (thanks @swaye_co @gcorpworldwide @RohanNero!)
feel free to add to the pool for a shoutout: 0x47cB01859E7489d783c229Ec62506676F5Ab389a
https://etherscan.io/address/0x47cb01859e7489d783c229ec62506676f5ab389a#multichain-portfolio
Super interesting what Aptos is doing to get synchronous on-chain randomness! They use their validators as a big DKG and run a pairing based threshold VRF that way
https://eprint.iacr.org/2024/198
https://eprint.iacr.org/2024/198
Menezes is posting cryptography lectures on this site. It looks like the post-quantum cryptography and error correcting codes courses are complete, an introductory course is ongoing, and a practical deployment course will run at the start of next year. https://cryptography101.ca/
next puzzle gonna be devious, anyone wanna help sponsor the prize pool?
prize wallet: etherscan.io/address/0x47cb01859e7489d783c229ec62506676f5ab389a
prize wallet: etherscan.io/address/0x47cb01859e7489d783c229ec62506676f5ab389a
i hid a seed phrase in this image
it contains $100 of ETH and 18 exonumic art tokens
hints
1: 💯
2: 𝑘=4
wallet: etherscan.io/address/0x3a52dc251cb85a91b6fb78eb1658a5b3425c4da5
it contains $100 of ETH and 18 exonumic art tokens
hints
1: 💯
2: 𝑘=4
wallet: etherscan.io/address/0x3a52dc251cb85a91b6fb78eb1658a5b3425c4da5
In threshold decryption, there's one node (or more) somewhere collecting decryption shares. What happens if it is malicious, or if decryption key holders can send fake shares? Are there any papers that have studied this?
Entering meme ring