IBM's got talent (aye, aye)
The Pirates of the CSIDH salute ye, @KhanhCrypto@twitter.com, Maxime (and extras Sebastian, @BootleJonathan@twitter.com, Patrick, Vadim, @firstname.lastname@example.org)
It is 2022, and your computer now runs at 3 MHz.
“Do you mean 3 GHz?”
Nope! A malicious hyperthread can make shared libraries run up to ~1000x slower, resulting in a huge SNR boost for side-channel attacks.
[HyperDegrade, by @email@example.com] #usesec22
I’m a sucker for vuln research like this. The team found a cool bug (the APIC fails to zero out the full 16 bytes of a buffer used to satisfy a 4-byte read, and so leaks cached data in the unused 12 bytes). But what’s cool is how they did it.
Today we disclose ÆPIC Leak: Architecturally Leaking Uninitialized Data from the Microarchitecture 🔥
It is the *first* architectural CPU bug able to leak sensitive data from the cache hierarchy: like an uninitialized read but in the CPU itself.
New blog post "NSA, NIST, and post-quantum cryptography: Announcing my second lawsuit against the U.S. government." https://blog.cr.yp.to/20220805-nsa.html Case filed in federal court today by @LoevyAndLoevy@twitter.com. #nsa #nist #des #dsa #dualec #sigintenablingproject #nistpqc #foia
Google has open-sourced a new tool called Paranoid that can be used to check for well-known weaknesses in cryptographic artifacts such as public keys, digital signatures, and general pseudorandom numbers
I share with you the released version of sibc!
Thanks to the contributors for the speedups on the library.
You can play with a faster csidh (in python)
Blog post on the SIDH attack
NIST's latest report (1) says NIST is confident in the security of Kyber; (2) says Kyber-512 >= AES-128; (3) says Kyber-768 >= AES-192. But attack advances keep reducing lattice security levels! It will be completely unsurprising if the next round of attacks falsifies #2 and #3.
Kyber is the new PQC KEM! If you wonder how it works, but are a bit afraid of lattices, Ruben Gonzalez and I have you covered: just watch our video at CCC, in which we explain all you need to know: https://media.ccc.de/v/rc3-2021-cwtv-230-kyber-and-post-quantum
Of all the ways to organize an industrial society that humans have tried so far, the Nordic social democracy is the least bad. Not perfect and in dire need of improvement, but still least bad.
Here's where Finland for instance shines: a thread.
New resource page available on timing attacks, including recommendations for action to take regarding overclocking attacks such as #HertzBleed: https://timing.attacks.cr.yp.to Don't wait for the next public overclocking attack; take proactive steps to defend your data against compromise.
Today we are in Tampere and online for the third regular meeting! Thanks @NISEC_TAU@twitter.com for hosting us!
Happy to be in Tampere with our partners in @SPIRSProject@twitter.com . Thanks to @NISEC_TAU@twitter.com for hosting us!
A very productive meeting at Tampere. We have got a solid basis and better companions to get a very successful project. Cheers for @SPIRSProject@twitter.com
Yesterday we finished the day with a very nice dinner. Right now, we are back to work! Here we go! https://www.instagram.com/p/Ce2zUySrJR7/?igshid=YTgzYjQ4ZTY=
The first SoC Hub chip "Ballast" is here and tested to be functional! #systemonchip #cocreation https://sochub.fi/the-first-soc-hub-chip-is-being-tested-in-tampere-soon-to-be-followed-by-demo-applications/
Developer, Linux user, Doctoral Candidate @ Tampere University 🇫🇮, OTC Member @ OpenSSL
For people who care about, support, or build Free, Libre, and Open Source Software (FLOSS).