plus/minus epsilonTagged: Cryptography
The Opportunity for Crypto26 Mar 2021
I used to work on the Crypto Team at my company, and while I was there I got introduced to a lot of different crypto projects and asked to evaluate if they were something it made sense for us to support. The answer was usually no.
Twitter's @bluesky Project1 Feb 2021
More than a year ago, Jack Dorsey announced that he would be funding a project called @bluesky, which would work with the crypto community to create a decentralized standard for social media. He gives a lot of motivation for the project, particularly focusing on the lack of consumer choice in content moderation and amplification. Fundamentally, the core insight of the project is that social media companies are currently a vertical integration of two different services:
Architecture of TPB and WikiLeaks19 Jan 2021
For obvious reasons, I recently got interested in how to build websites that are widely accessible but also resistant to censorship. Naturally, my first instinct was to run off and come up with my own blue-sky designs of the most resilient, censorship-resistant website in the world. But censorship is not new and I realized it would be smart to learn from the past: in particular, The Pirate Bay and WikiLeaks, which both continue to operate even under immense pressure to shutdown.
MLS with Hidden Members17 Dec 2020
Recently I was asked about the possibility of using MLS in groups with “hidden members”. That is, groups where the creator is known to all participants but the participants don’t know each other. This is the use-case of broadcast TV, private Twitter accounts, Instagram stories. The answer is no, MLS doesn’t work here.
The main issue is that MLS isn’t secure against malicious insiders, and therefore isn't suitable for most broadcast use-cases. A lesser issue is that MLS is designed for homogeneous groups, and would be wasteful to use in a scenario where one member has special authority.
End-to-End Encryption10 Sep 2020
E2E encryption possibly fits into the model for disruptive technology:
- It’s disproportionately valued by a small set of people.
- Established companies are unable to effectively deploy it because they either consider plaintext data valuable, or they’ve built a product which is technically unable to be offered in an end-to-end encrypted fashion.
However, it’s not clear that sufficiently developed E2E encryption is able to provide the same service better than an unencrypted alternative would be able to.
Certificate Transparency2 Dec 2019
Certificate Transparency (CT) is a relatively new addition to the TLS ecosystem. Its fundamental goal is to provide the tools for website operators to detect the mis-issuance of certificates for their own websites. Historically, this is something that only large tech companies have been able to do successfully.
Certificate Revocation23 Oct 2019
There are two standard protocols for revoking certificates on the Internet: CRLs and OCSP. Neither of them work or are even widely implemented, which can make revocation a difficult task. Chrome and Firefox use proprietary mechanisms instead: Chrome's is called CRLSets and Firefox's is OneCRL, though Firefox is also currently experimenting with CRLite.
Monotone Span Programs16 Oct 2019
In Adi Shamir's paper titled How to Share a Secret, he quotes this problem from a combinatorics textbook:
Eleven scientists are working on a secret project. They wish to lock up the documents in a cabinet so that the cabinet can be opened if and only if six or more of the scientists are present. What is the smallest number of locks needed? What is the smallest number of keys to the locks each scientist must carry?
Blog Re-Introduction9 Oct 2019
I've decided to start writing a regular series of short blog posts about crypto. The focus will be more on the social and problem-solving aspects of crypto rather than the math.
Notes on the BN256 Pairing17 Mar 2018
I've realized that some design choices in my bn256 implementation don't seem well-motivated to everybody... including myself. So I'd like to document here all of the tricks I find myself forgetting.
Why is pure-Go crypto so slow?17 Nov 2016
- Because small functions have their runtime dominated by function-call overhead.
- Because data is stored on the heap unnecessarily.
- Because you can't take advantage of the featurefulness of assembly.
White-Box Cryptography: Introduction1 Feb 2016
White-Box Cryptography is the study of securing symmetric encryption algorithms in the white-box attack context (WBAC), where an adversary obtains an implementation of the algorithm and is allowed to observe/alter every step of its execution (with instantiated cryptographic keys).
Cryptographic Data Structures8 Apr 2015
We know that a data structure is a particular way of organizing data so that we can efficiently solve a problem with it. Perhaps a cryptographic data structure would just be the same thing, but with a notion of security determined by an adversary's ability to win a certain game.
In a sense, they're minimal cryptosystems that can be glued together into more complex cryptosystems similar to the way that fundamental data structures can be glued together to give solutions to increasingly complicated problems.
Google's Macaroons in Five Minutes or Less5 Dec 2014
Macaroons are a proposed method of distributed (NOT decentralized)
authorization. Their main distinction from a bearer token is that, if I'm given
a Macaroon that authorizes me to perform some action(s) under certain
restrictions, I can non-interactively build a second Macaroon with stricter
restrictions that I can then give to you. For example, if I have a Macaroon
that allows me to
delete an image on Imgur, I
can construct a second Macaroon that only allows the holder to
view the image
as long as
"5/1/13, 1am GMT" and give that to all of my friends.
A Small SRP Protocol for Web Applications30 Nov 2014
- Purpose: To present a more efficient authentication scheme, geared towards web applications served over TLS or another secure channel.
- Audience: Web application designers interested in security.
- Implementation: Bren2010/sjcl-ssrp
One-Time Attribute-Based Signatures30 May 2014
A One-Time Attribute-Based Signature scheme allows a signer, who posses a set of attributes verified by an authority, to sign a message with a predicate that is satisfied by his attributes. The signature can reveal no more about the signer than the predicate requires, and it should be infeasible to link multiple signatures to the same signer (signatures should be anonymous). Multiple users, each with only a strict subset of the required attributes to satisfy a predicate, should not be able to collude and forge a signature that does satisfy the predicate (the scheme should be collusion-resistant).
Optimizing SEAD for Secure Distributed Hash Tables16 Apr 2014
SEAD, the Secure Efficient Ad hoc Distance vector routing protocol, is a recent secure ad-hoc routing protocol designed to use symmetric cryptographic primitives almost exclusively. Relying on symmetric cryptography, rather than asymmetric often requires 3 to 4 orders of magnitude less computation with a negligible increase in storage or network overhead.
A Generalization of Secure Distributed Hash Tables27 Mar 2014
Peer-to-peer distributed hash tables have been the subject of a large amount of research because they solve a significant problem in computer science: the secure and efficient distribution of large amounts of data amongst a loose collection of disparate nodes, lacking any centralized authorities or hierarchies.