Why Replace SHA-1 with BLAKE2?

Unless you've lived under a rock for the last twelve years, you must know that the cryptographic hash function SHA-1 is broken, in the sense that it's not as secure as it should be: SHA-1 produces 160-bit digests, meaning that finding a collision (or two messages hashing to the same value) should take approximately 280 operations, … Continue reading Why Replace SHA-1 with BLAKE2?

Wire Cryptography Audit (with X41 D-Sec)

Kudelski Security's JP Aumasson and X41 D-Sec's Markus Vervier were hired to audit Wire's cryptography core, the Proteus library. Wire is an application for mobile and desktop systems that provides end-to-end encrypted messaging, and Proteus implements a protocol combining the X3DH key agreement protocol and the double ratchet algorithm in order to provide high security guarantees to Wire's … Continue reading Wire Cryptography Audit (with X41 D-Sec)

The Quantum Computer FAQ

This is probably how a quantum computer looks    ¯\(°_o)/¯ Several readers of the post Defeating Quantum Algorithms with Hash Functions found it difficult to follow without background information on quantum computers. So here I'd like to summarize basic facts about quantum computers and to debunk some preconceived ideas: What is NOT a quantum computer? A quantum computer … Continue reading The Quantum Computer FAQ

Forging RSA-PSS signatures with mbedTLS

This posts describes how to forge public-key signatures computed using mbedTLS’s implementation of RSA-PSS (the RSA-based standard signature scheme). Forging a signature means determining a valid signature of some message without knowing the secret key, but possibly know valid signatures of other messages. A signature scheme—or implementation thereof—is considered insecure if such forgeries are practical. … Continue reading Forging RSA-PSS signatures with mbedTLS

Defeating Quantum Algorithms with Hash Functions

In this post I'll explain why quantum computers are useless to find hash function collisions, and how we can leverage this powerlessness to build post-quantum signature schemes. I'll then describe a quantum computing model that you can try at home, and  one where hash function collisions are easy to find. Let me start with a few … Continue reading Defeating Quantum Algorithms with Hash Functions

BLAKE2X: Unlimited Hashing

BLAKE2 is one of the most popular hash functions today, it’s more secure than the legacy standard SHA-2, and it’s faster than the newer standard SHA-3. BLAKE2 is also used in the latest cryptocurrency Zcash, in the Argon2 password hashing scheme, and is available in popular libraries such as OpenSSL of libsodium. But BLAKE2 didn't cut … Continue reading BLAKE2X: Unlimited Hashing

E-Voting Crypto Protocols

“It's not the voting that's democracy; it's the counting.”      —Tom Stoppard For cryptography researchers, e-voting isn’t about voting machine or online voting, but is a field of research in its own right. E-voting research is about designing e-voting protocols, the core mathematical components of end-to-end auditable voting systems, or voting systems where independent auditors … Continue reading E-Voting Crypto Protocols