Disruptive Innovation2 Sep 2020
Surprisingly often, well-managed companies fail to compete against startups that pursue their customer base. By not competing, these large companies lose market share and often go out of business, even though they have substantially more resources than their startup competition.
On-Disk Caching with SQLite2 Jul 2020
Recently, a project I was working on required a cache that would ideally be capable of storing tens of millions of entries, reaching into the multiple-terabyte range. At this scale, using a single spinning disk is significantly cheaper than storing everything in memory, which Redis or Memcached would require. Another classic KV store, LevelDB, also ends up being impractical because it writes the value for each key to disk multiple times. If your values are small, LevelDB can be really really performant, but in my case the values are moderately sized (tens of kilobytes) and writing them to disk multiple times quickly becomes user-visible. And finally, I expected that storing this many entries on-disk as individual files in a folder would cause issues with inode exhaustion, and ultimately, the ACID guarantees that a filesystem provides have never been super clear to me.
Certificate Transparency2 Dec 2019
Certificate Transparency (CT) is a relatively new addition to the TLS ecosystem. Its fundamental goal is to provide the tools for website operators to detect the mis-issuance of certificates for their own websites. Historically, this is something that only large tech companies have been able to do successfully.
Certificate Revocation23 Oct 2019
There are two standard protocols for revoking certificates on the Internet: CRLs and OCSP. or are even widely implemented, which can make revocation a difficult task. Chrome and Firefox use proprietary mechanisms instead: Chrome's is called and Firefox's is , though Firefox is also currently experimenting with .
Monotone Span Programs16 Oct 2019
In Adi Shamir's paper titled How to Share a Secret, he quotes this problem from a combinatorics textbook:
Eleven scientists are working on a secret project. They wish to lock up the documents in a cabinet so that the cabinet can be opened if and only if six or more of the scientists are present. What is the smallest number of locks needed? What is the smallest number of keys to the locks each scientist must carry?
Blog Re-Introduction9 Oct 2019
I've decided to start writing a regular series of short blog posts about crypto. The focus will be more on the social and problem-solving aspects of crypto rather than the math.
Notes on the BN256 Pairing17 Mar 2018
I've realized that some design choices in my bn256 implementation don't seem well-motivated to everybody... including myself. So I'd like to document here all of the tricks I find myself forgetting.
Why is pure-Go crypto so slow?17 Nov 2016
- Because small functions have their runtime dominated by function-call overhead.
- Because data is stored on the heap unnecessarily.
- Because you can't take advantage of the featurefulness of assembly.
White-Box Cryptography: Introduction1 Feb 2016
White-Box Cryptography is the study of securing symmetric encryption algorithms in the white-box attack context (WBAC), where an adversary obtains an implementation of the algorithm and is allowed to observe/alter every step of its execution (with instantiated cryptographic keys).
Cryptographic Data Structures8 Apr 2015
We know that a data structure is a particular way of organizing data so that we can efficiently solve a problem with it. Perhaps a cryptographic data structure would just be the same thing, but with a notion of security determined by an adversary's ability to win a certain game.
In a sense, they're minimal cryptosystems that can be glued together into more complex cryptosystems similar to the way that fundamental data structures can be glued together to give solutions to increasingly complicated problems.