Julian Assange being arrested recently brought back memories of how he leaked Edward Snowden’s memos around the possible existence of an NSA-sourced cryptographic backdoor — the Dual EC standard (Dual_EC_DRBG). So let’s dive into the method and the trap door, and see the “magic” behind it.

With Elliptic Curve methods, we take an elliptic curve (y²=x³+ax+b), and then use a base point (G). Next we generate a random number (n) and determine a point (P) by adding the point n times (G+G…+G). We represent this as:

P = n G

The point P is our public key, and n is…


In computer security, we often have to represent binary data, in single values or groups of characters, bytes, words, long words, signed integers, floating-point values, double-precision floating-point values, and so on. This might be in the form of a data object, a signature or even encrypted content. For this, the ANS.1 DER format is often used, such as presenting digital certificates and signatures. An improvement on this for small messages with security is Concise Binary Object Representation (CBOR) — and which is defined in RFC8949 [1]. While JSON represents text-based data objects CBOR focuses on binary objects. It has been…


In computer security, we often have to represent binary data, in single values or groups of characters, bytes, words, long words, signed integers, floating-point values, double-precision floating-point values, and so on. This might be in the form of a data object, a signature or even encrypted content. For this, the ANS.1 DER format is often used, such as presenting digital certificates and signatures. An improvement on this for small messages with security is Concise Binary Object Representation (CBOR) — and which is defined in RFC8949 [1]. While JSON represents text-based data objects CBOR focuses on binary objects. It has been…


As we go back to work, we might have to get someone to sign a claim that we are allowed back into our offices. For this, we might get someone trusted to sign a document (an issuer), and then we show this to a verifier at the front door, in order to gain access. We thus make a claim to something, and where the signature is trusted by the verifier. There then doesn’t have to be any contact between the issuer and the verifier, as the signature is known and trusted. But what about our digital world?

Well, basically, we…


Photo by Alexander Sinn on Unsplash

Concise Binary Object Representation — Symmetric Key

In computer security, we often have to represent binary data, in single values or groups of characters, bytes, words, long words, signed integers, floating-point values, double-precision floating-point values, and so on. This might be in the form of a data object, a signature or even encrypted content. For this, the ANS.1 DER format is often used, such as presenting digital certificates and signatures. An improvement on this for small messages with security is Concise Binary Object Representation (CBOR) — and which is defined in RFC8949 [here]. While JSON represents text-based data objects CBOR focuses on binary objects. It has been…


Well, there’s a QR code doing the rounds that has the potential to open up our world of travel in a more trusted way. This is the green pass, and which has been adopted in Scotland. The morals and ethics of this can be debated endlessly, but from a cryptography point-of-view, it is great to see a start towards building more trustworthy digital ways in allowing people to travel. A great thing is that it looks like the NHS have adopted the EU Green Pass format for vaccine status data.

First, we start with the basic data for the vaccine…


If you are into Cybersecurity, Base-64 should be a well-known format, and often used to convert binary data into a text format. In Bitcoin, we use Base-58 for the Bitcoin address. But, what is Base-45?

Well, yesterday, Scotland released their vaccination passport. It contains a QR code, and which uses Base-45 format for the data coding [article]. With Base-45 format, we have 45 characters defined. The encoding table is [here]:

Value Encoding  Value Encoding  Value Encoding  Value Encoding
00 0 12 C…

Well, we now live in a strange world. Our world has been damaged over the past 18 months, and, for the sake of our next generation, we must now rebuild our economic infrastructure, and look to rebuild our links between countries.

And so we have reached the point of rebuilding trust between the regions and nations of the world, and enabling safe travel must be a key way forward. For this, a concrete proof (eg vaccine status verification) at our borders seems to be the best way forward for the nations and regions of the world to rebuild trust. The…


Photo by Kelly Sikkema on Unsplash

We have a problem in blockchain/distributed ledgers (call it what want you want, but basically it’s a whole lot of transactions that have been digitally signed), and that we have really failed to articulate the new economic models that can be created, and all that many can see are the faults of Bitcoin or with the nature of public blockchains. It can be just a few public keys placed on a ledger and which provides the root of trust for an organisation or could be the complete ledger record of the whole of the UK banking industry.

And so, I…

Prof Bill Buchanan OBE

Professor of Cryptography. Serial innovator. Believer in fairness, justice & freedom. EU Citizen. Living by the sea. Old World Breaker. New World Creator.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store