Congratulations to our researcher @AlexBakas@twitter.com for having his paper on Function Hiding accepted as a poster at the 21st International Conference on Cryptology and Network Security (#CANS 2022). #MultiInput #FunctionalEncryption
The demand for #systemonchip design experts is high. Study at @TampereUni@twitter.com to become one, and you will definitely be needed in the industry. Read about the SoC education offered in Tampere and its relation to the real-life SoC development.
In which a blogger finds the private key used to sign Hyundai car software updates … by googling it. They used a key pair from a popular tutorial. 😂😂😂
IBM's got talent (aye, aye)
The Pirates of the CSIDH salute ye, @KhanhCrypto@twitter.com, Maxime (and extras Sebastian, @BootleJonathan@twitter.com, Patrick, Vadim, @email@example.com)
It is 2022, and your computer now runs at 3 MHz.
“Do you mean 3 GHz?”
Nope! A malicious hyperthread can make shared libraries run up to ~1000x slower, resulting in a huge SNR boost for side-channel attacks.
[HyperDegrade, by @firstname.lastname@example.org] #usesec22
I’m a sucker for vuln research like this. The team found a cool bug (the APIC fails to zero out the full 16 bytes of a buffer used to satisfy a 4-byte read, and so leaks cached data in the unused 12 bytes). But what’s cool is how they did it.
Today we disclose ÆPIC Leak: Architecturally Leaking Uninitialized Data from the Microarchitecture 🔥
It is the *first* architectural CPU bug able to leak sensitive data from the cache hierarchy: like an uninitialized read but in the CPU itself.
New blog post "NSA, NIST, and post-quantum cryptography: Announcing my second lawsuit against the U.S. government." https://blog.cr.yp.to/20220805-nsa.html Case filed in federal court today by @LoevyAndLoevy@twitter.com. #nsa #nist #des #dsa #dualec #sigintenablingproject #nistpqc #foia
Google has open-sourced a new tool called Paranoid that can be used to check for well-known weaknesses in cryptographic artifacts such as public keys, digital signatures, and general pseudorandom numbers
I share with you the released version of sibc!
Thanks to the contributors for the speedups on the library.
You can play with a faster csidh (in python)
Blog post on the SIDH attack
NIST's latest report (1) says NIST is confident in the security of Kyber; (2) says Kyber-512 >= AES-128; (3) says Kyber-768 >= AES-192. But attack advances keep reducing lattice security levels! It will be completely unsurprising if the next round of attacks falsifies #2 and #3.
Kyber is the new PQC KEM! If you wonder how it works, but are a bit afraid of lattices, Ruben Gonzalez and I have you covered: just watch our video at CCC, in which we explain all you need to know: https://media.ccc.de/v/rc3-2021-cwtv-230-kyber-and-post-quantum
Of all the ways to organize an industrial society that humans have tried so far, the Nordic social democracy is the least bad. Not perfect and in dire need of improvement, but still least bad.
Here's where Finland for instance shines: a thread.
New resource page available on timing attacks, including recommendations for action to take regarding overclocking attacks such as #HertzBleed: https://timing.attacks.cr.yp.to Don't wait for the next public overclocking attack; take proactive steps to defend your data against compromise.
Today we are in Tampere and online for the third regular meeting! Thanks @NISEC_TAU@twitter.com for hosting us!
Happy to be in Tampere with our partners in @SPIRSProject@twitter.com . Thanks to @NISEC_TAU@twitter.com for hosting us!
Developer, Linux user, Doctoral Candidate @ Tampere University 🇫🇮, OTC Member @ OpenSSL
For people who care about, support, or build Free, Libre, and Open Source Software (FLOSS).