Cryptography

https://github.com/umutcamliyurt/TimeLockCrypt

cross-posted from: https://sopuli.xyz/post/14485657

> In case of paywall: https://archive.is/kZAgI

in my messaging app, javascript cryptography is the backbone of security so its important for it to be reliable. i would like to introduce you to my decentralized chat app:

https://github.com/positive-intentions/chat

i created thin wrapper around browser-based cryptography functions provided by the browser. it is using webpack 5 module federation to import it at runtime.

https://github.com/positive-intentions/cryptography/blob/staging/src/stories/components/Cryptography.tsx

with this i think i can effectively create encrypted p2p, which i hope to be a step towards true security (but it will take a while to get there).

(note: my app is an experimental unstable proof-of-concept. it is provided for demo and testing purposes.)

So, I've had a bit of a stupid idea for my next programming project, which would be implementing a Microsoft Recall alternative for Linux where the data is encrypted. I've now written a bit of code and have come to the point where I'd need to encrypt the files. My plan was to use asymmetric encryption where the secret key is again encrypted using something like AES and the user needs to decrypt the private key to view the screenshots taken / data extracted from the screenshots.

I have now learned that asymmetric encryption is very slow and it's generally not designed to encrypt large chunks of data, so I'm not sure how to continue. Do you think asymmetric encryption is feasible for this? Any idea how else to do the encryption? Ideally I would like for the server that takes the screenshots to not have a key that can decrypt the files since that wouldn't be as secure.

writeup from the researcher who discovered this: https://www.openwall.com/lists/oss-security/2024/04/15/6

Hatching Secret Sauce Eggs is a Rooster's Business

This is how I make the secret sauce. The recipe is inside the egg.

@[email protected]

Greetings [email protected]!

At dyne, we're working relentlessly to democratize the power of computing. We've built an open source, multiplatform, tiny, secure, virtual machine for cryptography and blockchain interop. It's called Zenroom. Part of the philosophy behind it is to empower people who know what to do with data, not only the developers and domain experts. To achieve this, it leverages Zencode which allows them to write and review business logic and data-sensitive operations without learning to code. Like this:

!

But really what it can do is:

• Hashes and signatures (ecdsa, eddsa, Schnorr)
• Quantum-proof crypto (Dilithium, Kyber, NTRU)
• Homomorphic crypto on BLS381
• Interop with Bitcoin and EVM
• Support most widely used curves
• Runs on any platform and in the browser
• No-code programmabiliy using an English-like DSL

We just released v4.0.0 and are always interested in more engaging use cases.

Therefor i'd like to extend you an invitation to a webinar this Friday, November 3rd at 4:30pm UTC+1

You can "signup" here: https://zenroom.org/events/ (basically a calendar .ics)

If you are uncomfortable with Zoom, please know that the video feed will be relayed to our Peertube channel and you will be able to ask questions in the Matrix chat.

Hoping that i'm not breaking any rules of this community and to see you there i send you all warm regards from planet dyne.

edit: removed emoji from title

• https://www.newscientist.com/article/2396510-mathematician-warns-us-spies-may-be-weakening-next-gen-encryption/

• https://news.ycombinator.com/item?id=37866421

• https://news.ycombinator.com/item?id=37756656

The article is about:

• The Signal Protocol, a set of cryptographic specifications that provides end-to-end encryption for private communications. PQXDH, an upgrade to the Signal Protocol that adds a layer of protection against the threat of a future quantum computer breaking current encryption standards.
• Quantum computing, a new type of computational system that can solve some complex problems faster than classical computers, such as the hidden subgroup problem that underlies many public key cryptosystems4.
• Post-quantum cryptography, a new category of algorithms that resist quantum attacks, and how Signal has chosen CRYSTALS-Kyber as its post-quantum key encapsulation mechanism.
• The implementation and deployment of PQXDH in Signal’s client applications and the open research areas for further quantum resistance.

cross-posted from: https://lemm.ee/post/5467810

> In 1997, a contest began to develop a new encryption algorithm to become the Advanced Encryption Standard. After years of debate, one algorithm was chosen as the AES. But how does AES work? And what makes for a secure encryption algorithm? > > *** > > Spanning Tree is an educational video series about computer science and mathematics. See more at https://spanningtree.me > > To be notified when a new video is released, sign up for the Spanning Tree mailing list at https://spanningtree.substack.com/ > > Spanning Tree is created by Brian Yu. https://brianyu.me/ > > Email me at [email protected] to suggest a future topic. > > *** > > * 0:00 The Contest > * 1:02 Encryption > * 3:57 Confusion and Diffusion > * 5:44 Block Cipher > * 6:55 KeyExpansion > * 7:34 AddRoundKey > * 8:14 Substitution Cipher > * 8:55 SubBytes > * 11:30 MixColumns > * 12:53 ShiftRows > * 13:21 The Algorithm > > --- > > * https://www.youtube.com/watch?v=C4ATDMIz5wc > * https://piped.video/watch?v=C4ATDMIz5wc > > Aug 22, 2023

> Yael Tauman Kalai’s breakthroughs secure the digital world, from cloud computing to our quantum future.

> My master’s thesis was titled “How to Leak a Secret.” Here’s the problem: We know how to digitally sign — to say, “This is me that wrote this message.” But say I want to sign something as an MIT professor, but I don’t want people to know it’s me? That way the secret does hold some water because you know an MIT professor signed it, but you don’t know who.

> We solved this with something we called ring signatures, which were inspired by a notion in computer science called witness-indistinguishable proofs. Let’s say there’s a statement and two different ways to prove it. We say there’s two “witnesses” to the statement being correct — each of the proofs. A witness-indistinguishable proof looks the same no matter which you use: It hides which witness you started with.

note: this is an updated paper about work that was disclosed last year; I posted a link to the blog of one of the authors to /c/cryptography at the time