A bit more on Twitter/X’s new encrypted messaging Twitter的XChat新端到端加密协议存在重大漏洞：无前向安全、用户私钥存储在公司服务器且未使用硬件安全模块、Juicebox密钥分片系统易受攻击。... 2025-6-9 18:22:31 | 阅读: 13 | 收藏 | A Few Thoughts on Cryptographic Engineering - blog.cryptographyengineering.com juicebox hsm client attacker realm

Dear Apple: add “Disappearing Messages” to iMessage right now 文章指出苹果iMessage虽采用端到端加密技术保护消息传输安全，但其缺乏“消失消息”功能导致用户隐私面临风险。作者批评苹果未跟上行业趋势，在其他主流通讯应用早已标配该功能的情况下仍不提供此选项，并质疑苹果的优先级和决策。... 2025-3-1 16:53:30 | 阅读: 6 | 收藏 | A Few Thoughts on Cryptographic Engineering - blog.cryptographyengineering.com imessage backup security

Three questions about Apple, encryption, and the U.K. 英国政府秘密要求苹果在其iCloud备份功能中加入“后门”，以便访问完全加密的数据。作为回应，苹果决定关闭英国用户的端到端加密备份功能（Advanced Data Protection），引发关于数据安全与政府监管的争议。... 2025-2-23 16:46:5 | 阅读: 5 | 收藏 | A Few Thoughts on Cryptographic Engineering - blog.cryptographyengineering.com encryption backup imagine faced security

How to prove false statements? (Part 3) 文章探讨了Fiat-Shamir协议在非交互式证明系统中的潜在弱点，并介绍了一种新型攻击方法：通过构造特殊电路使挑战值成为输出的一部分，从而允许证明者伪造陈述。该方法利用了Fiat-Shamir协议中哈希函数的可预测性，在特定情况下可能导致虚假声明被验证通过。... 2025-2-19 23:18:36 | 阅读: 4 | 收藏 | A Few Thoughts on Cryptographic Engineering - blog.cryptographyengineering.com prover circuit shamir fiat verifier

U.K. asks to backdoor iCloud Backup encryption 文章讨论了苹果iCloud的高级数据保护（ADP）功能及其面临的挑战。ADP通过端到端加密保护用户数据，但英国要求苹果削弱该功能以获取访问权限。作者指出，若苹果屈服于英国压力，可能引发其他国家效仿，并呼吁美国立法禁止企业为外国政府安装加密后门。文章还强调了苹果应加快推广ADP以提升数据安全性。... 2025-2-12 18:49:30 | 阅读: 7 | 收藏 | A Few Thoughts on Cryptographic Engineering - blog.cryptographyengineering.com encryption backup laws adp security

How to prove false statements? (Part 2) 这篇文章讨论了“可验证计算”中的Fiat-Shamir启发式方法及其潜在安全问题。作者指出，在随机预言机模型中可以证明其安全性，但实际应用中使用具体哈希函数时可能不安全。KRS论文表明某些情况下该方法可能失效。此外，在递归证明系统中嵌入哈希函数本身也可能引入漏洞。... 2025-2-6 22:40:0 | 阅读: 4 | 收藏 | A Few Thoughts on Cryptographic Engineering - blog.cryptographyengineering.com shamir fiat prover verifier proofs

How to prove false statements? (Part 1) 这篇文章探讨了随机预言机模型（ROM）在密码学中的应用及其潜在问题。作者指出，尽管ROM在理论上提供了强大的安全性保证，但在实际中使用具体哈希函数（如SHA-2或SHA-3）时，可能会引入安全漏洞。特别是最近的研究表明，在某些情况下，攻击者可以利用这些漏洞对基于随机预言机模型的协议进行攻击。文章还提到，在区块链等复杂系统中使用递归证明系统时，这种风险可能会进一步加剧。... 2025-2-4 21:40:14 | 阅读: 4 | 收藏 | A Few Thoughts on Cryptographic Engineering - blog.cryptographyengineering.com schemes proving proofs security backdoors

Let’s talk about AI and end-to-end encryption Recently, I came across a fantastic new paper by a group of NYU and Cornell researchers enti... 2025-1-17 05:1:30 | 阅读: 8 | 收藏 | A Few Thoughts on Cryptographic Engineering - blog.cryptographyengineering.com encryption hardware software inference cloud

Is Telegram really an encrypted messaging app? This blog is reserved for more serious things, and ordinarily I wouldn’t spend time on quest... 2024-8-26 02:36:30 | 阅读: 19 | 收藏 | A Few Thoughts on Cryptographic Engineering - blog.cryptographyengineering.com encryption chats messenger network

A quick post on Chen’s algorithm If you’re a normal person — that is, a person who doesn’t obsessively follow the... 2024-4-17 02:28:39 | 阅读: 11 | 收藏 | A Few Thoughts on Cryptographic Engineering - blog.cryptographyengineering.com schemes lattice lattices fhe

Attack of the week: Airdrop tracing It’s been a while since I wrote an “attack of the week” post, and the fault for is entirely... 2024-1-12 00:59:29 | 阅读: 21 | 收藏 | A Few Thoughts on Cryptographic Engineering - blog.cryptographyengineering.com airdrop contacts psi darmstadt recipient

To Schnorr and beyond (part 2) This post continues a long, wonky discussion of Schnorr signature schemes and the Dilithium... 2023-11-30 21:7:54 | 阅读: 12 | 收藏 | A Few Thoughts on Cryptographic Engineering - blog.cryptographyengineering.com dilithium signer schnorr w1 highbits

To Schnorr and beyond (Part 1) Warning: extremely wonky cryptography post. Also, possibly stupid and bound for nowhere.... 2023-10-6 22:0:48 | 阅读: 9 | 收藏 | A Few Thoughts on Cryptographic Engineering - blog.cryptographyengineering.com peggy victor boxes schnorr

Some rough impressions of Worldcoin Recently a reader wrote in and asked if I would look at Sam Altman’s Worldcoin, presumably t... 2023-8-22 06:24:30 | 阅读: 11 | 收藏 | A Few Thoughts on Cryptographic Engineering - blog.cryptographyengineering.com worldcoin iris biometric humanity database

On Ashton Kutcher and Secure Multi-Party Computation Back in March I was fortunate to spend several days visiting Brussels, where I had a chance... 2023-5-11 23:3:56 | 阅读: 18 | 收藏 | A Few Thoughts on Cryptographic Engineering - blog.cryptographyengineering.com mpc computation encryption parties client

PRFs, PRPs and other fantastic things A few weeks ago I ran into a conversation on Twitter about the weaknesses of applied cryptog... 2023-5-8 22:58:57 | 阅读: 18 | 收藏 | A Few Thoughts on Cryptographic Engineering - blog.cryptographyengineering.com prf prfs attacker prp

Book Review: Red Team Blues As a rule, book reviews are not a thing I usually do.So when I received an out-of-the-bl... 2023-4-25 01:28:30 | 阅读: 30 | 收藏 | A Few Thoughts on Cryptographic Engineering - blog.cryptographyengineering.com software blues network martin novel

Remarks on “Chat Control” On March 23 I was invited to participate in a panel discussion at the European Internet Serv... 2023-3-23 20:21:41 | 阅读: 33 | 收藏 | A Few Thoughts on Cryptographic Engineering - blog.cryptographyengineering.com encryption proposal commission network client

Apple iCloud, and why encrypted backup is the only issue You might have seen the news today that Apple is announcing a raft of improvements to Macs a... 2022-12-8 04:36:3 | 阅读: 14 | 收藏 | A Few Thoughts on Cryptographic Engineering - blog.cryptographyengineering.com encryption cloud backup passcode

One-Time Programs One of the things I like to do on this blog is write about new research that has a practical... 2022-10-28 02:44:32 | 阅读: 21 | 收藏 | blog.cryptographyengineering.com alice lockboxes hardware lockbox software