Published in ASecuritySite: When Bob Met Alice·PinnedThe Strange Tale of Dual_EC_DRBGJulian Assange being arrested recently brought back memories of how he leaked Edward Snowden’s memos around the possible existence of an NSA-sourced cryptographic backdoor — the Dual EC standard (Dual_EC_DRBG). So let’s dive into the method and the trap door, and see the “magic” behind it. With Elliptic Curve methods…Security5 min read
Published in ASecuritySite: When Bob Met Alice·Just nowDay 0 of a Post Quantum Cryptography WorldAnd, so, finally, it has happened. After many years of analysing and shortlisting, NIST announced the next great standard for cybersecurity [here]:Cryptography3 min read
Published in ASecuritySite: When Bob Met Alice·1 day agoNIZK (Non-interactive Zero Knowledge) Proofs of Discrete-log EqualityChaum-Pedersen proof using Golang and Kryptology — One of my highlights of 2022, will be the time that Torben Pryds Pedersen came to talk to our students. It was such a privilidge to meet the person who had created the Pederson Commitment, and who worked with David Chaum. …Cryptography2 min read
Published in ASecuritySite: When Bob Met Alice·2 days agoIn Research, “Do what interests you the most” and “Stay curious”I do a few interviews, and a common question that I get asked is the advice I would give to my younger self. My typical answer is “to believe in your approach, and don’t let negative people distract you”. Overall, that approach has kinda worked for me, and where our…Cryptography4 min read
2 days agoDay 0 for the Building of a New World of TrustWell, after so many years, it is nearly here …Cryptography4 min read
Published in ASecuritySite: When Bob Met Alice·2 days agoProof of Concept of the Chalkias Ed25519 Implementation Vulnerability in PythonKonstantinos Chalkias from MystenLabs has reported a major vulnerability in the implementation of the Ed25519 (EdDSA) signature method on a range of libraries [2, 3]. It should be noted the Ed25519 is a highly secure method, but it has been let down by the implementation of the method in around…Cryptography4 min read
Published in ASecuritySite: When Bob Met Alice·3 days agoExplaining The Chalkias Ed25519 VulnerabilityOne of the most important functions within a trusted infrastructure is the usage of a digital signature. In the past, ECDSA has been shown to have weaknesses, including where Sony used a private key of “9”. Many in the industry are moving to the more secure Ed25519 signature method, and…Cryptography5 min read
Published in ASecuritySite: When Bob Met Alice·4 days agoEd25519 is Great, But …“You can lead a horse to water, but you can’t make it drink” Sometimes, you feel that some software developers struggle to properly secure their code. For example, a recent survey showed by some developers struggled to know the difference between encoding methods (such as Base 64), hashing methods (such…Cryptography4 min read
4 days agoMeet Frodo … And The Magic of the Post Quantum RingTowards Post Quantum Public Key Encryption and Key Exchange — Well, who knows when quantum computers will be built at scale, but one thing that is for sure, is that they will break the fundamental core of security on the Internet. With this our existing public key encryption, digital signature and key exchange methods will be a severe risk. And…Cryptography5 min read
5 days agoNational Software Reference Library (NSRL): The NIST Standards for a Reference Data SetNIST are well known for defining the standards for a range of technologies and which have since become a de-facto standard. This includes defining the AES and the SHA-3 hashing methods. Currently, they have are two open competitions which will be closing soon: PQC (Post Quantum Cryptography) and LWC (Light-weight…Cryptography4 min read