E-Voting Crypto Protocols

“It's not the voting that's democracy; it's the counting.”      —Tom Stoppard For cryptography researchers, e-voting isn’t about voting machine or online voting, but is a field of research in its own right. E-voting research is about designing e-voting protocols, the core mathematical components of end-to-end auditable voting systems, or voting systems where independent auditors … Continue reading E-Voting Crypto Protocols

Hunting for Vulnerabilities in Signal – Part 3

Previous posts (part1 and part2) by Markus Vervier (@marver) and myself (@veorq) were about the Java code base and the Android client, now we'll discuss two bugs potentially affecting users of libsignal-protocol-c, the C implementation of the Signal protocol. More precisely, we identified bugs in the example callback functions used in the unit tests of … Continue reading Hunting for Vulnerabilities in Signal – Part 3

Data Science for Doofuses: What Toolbox to Use

Call it machine learning, AI, advanced data analytics, or data mining. It all boils down to looking at datasets and finding patterns that tell you something you didn’t know. For example that your average revenue per customer is $192, that the number of intrusion attempts on your network correlates with your number of tweets, or … Continue reading Data Science for Doofuses: What Toolbox to Use

Black Hat talk on SGX

Greetings from Vegas! Luis and I just gave our Black Hat talk SGX Secure Enclaves in Practice: Security and Crypto Review. It's the first public report about Intel's Software Guard Extensions (SGX) based on actual SGX hardware and on Intel's software development toolchain for Windows and Linux. We showed some undocumented parts of SGX and we released … Continue reading Black Hat talk on SGX

DEFCON qualifiers write-up: Baby-re

In this simple challenge, we're given the binary of a remote service: $ file baby-re baby-re: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.32, not stripped This asks for 13 inputs, and then returns `Wrong`, unless we give it the right input. $ ./baby-re Var[0]: 1 Var[1]: … Continue reading DEFCON qualifiers write-up: Baby-re

Insomni’hack 2016: Pcapbleeding writeup

The Insomni'hack conference and CTF happened last Friday in Geneva, as usual it was a lot of fun. And as usual, Dragon Sector won the CTF, beating a few other world-class teams that made the trip for this on-site jeopardy CTF. About 80 teams registered, and the final ranking looks as follows for the first … Continue reading Insomni’hack 2016: Pcapbleeding writeup

The NORX Bug Bounty Program

This post is on behalf of the team that designed the cipher NORX, namely Philipp Jovanovic (EPFL), Samuel Neves (Uni Coimbra), and JP Aumasson (Kudelski Security). Are you a cryptanalysis-ninja with differentials, boomerangs, and bicliques being your weapons of choice? Do you know what IND-CPA, IND-CCA{1,2}, and INT-{P,C}TXT actually mean and that querying random oracles … Continue reading The NORX Bug Bounty Program