Hey! I'm David, the author of the Real-World Cryptography book. I'm a crypto engineer at O(1) Labs on the Mina cryptocurrency, previously I was the security lead for Diem (formerly Libra) at Novi (Facebook), and a security consultant for the Cryptography Services of NCC Group. This is my blog about cryptography and security and other related topics that I find interesting.
Quick access to articles on this page:
more on the next page...
Asiacrypt is currently going on in New Zealand (since when NZ is in Asia?)
Program is here (pdf): https://www.math.auckland.ac.nz/~sgal018/AC2015/AC-prog.pdf
it's a two-track event. There are some talks about everything. From Indistinghuishability Obfuscation to Multi Parti Computation. Seems like a good place to be! I'm waiting for videos/slides/reports about the event. Will edit this post accordingly.
comment on this storyI'm looking at Indistinghuishability Obfuscation (iO). Which seems to be coming from Fully Homomorphic Encryption (FHE), Functional Encryption (FE) and Multilinear Maps (MM).
Watching Sanjam Garg introduction to this iO, I noticed one interesting slide that puts things into context:
Video here:
EDIT:
Apparently, @Leptan is telling me that all multiparty key exchange using multilinear maps are broken as of today. Cf Cryptanalysis of GGH Map
comment on this storySometimes I read something interesting, and so I take a screenshot of it. And I know some people glance at this blog hoping to read a short piece that will provide some good knowledge. So here you go.
Taken from a Dan Bernstein's blogpost:
some history on curves
some constant-time shenanigans
The following is taken from the wikipedia's page on cryptanalysis
some more:
and some more:
And now some history about how the word Entropy was "coined" by Shannon. Taken from Tobin - Entropy, Information, Landauer’s limit and Moore’s law
It is possible to repeatedly fold a standard letter-sized sheet of paper at the midway point about six to seven times. In 2012, some MIT students were able to fold an 1.2 kilometer long toilet paper 13 times. And every time the paper was folded, the number of layers on top of each other doubled. Therefore, the MIT students ended up with 2^13 = 8192 layers of paper on top of each other. And poor Eve's job was to manually count all layers one by one.
From Solving the Discrete Logarithm of a 113-bit Koblitz Curve with an FPGA Cluster
comment on this storyThere's a subreddit for crypto and it had an empty wiki.
So I filled it.
Below is a copy.
Please refer to this Wiki before asking questions that might have been asked before (use your common sense).
Cryptography is also usually more interesting than decrypting your random ciphertext, so consider that when posting, read what we are sharing first to see if it's really pertinent.
The first thing you should do, is to sign-up for Dan Boneh's course Crypto I on Coursera.
You do not have to finish it. Watching a few videos will already give you an idea of what is crypto and how easy/hard it is for you. If you can finish the course, and enjoy it at the same time, then you're in for a lot of fun.
Don't try signing-up for Crypto II though.
There are many ways to learn more about crypto. Here's a non-exhaustive list:
Books
Tutorial videos (for example David Wong's youtube)
Convention recordings (for example the IACR archive, or for more applied crypto: the BlackHat, the Defcon, BSides...)
But my favorite way: read whitepapers. Look at the ePrint archives and check what papers interest you. Often papers will come with an introduction section that explains the basics.
First, it's important to cultivate your new passion. Don't let your course get in the way of reading or building and doing side projects involving crypto.
Second, You need either a bachelor in mathematics or computer science. Depending on which part you find the more interesting in crypto. Usually Math => Theorical Cryptography, CS => Applied Cryptography.
Now either you don't have a master, and you could choose to do a cryptography master. There are a few: Rennes, Bordeaux, Limoges in France.Stanford, etc...
Or you can do a Computer Science or Number Theory oriented master and pick a crypto subject for a phd. Note that a phd will often lead you into theorical research in university, although some phd can be done within a company and might involve applied crypto. But companies around the world might find that relatively relevant (in France a phd will get you to some places).
It's important to know what you want to do, theorical or applied or in the middle? Usually finding an internship in a applied crypto company helps to get out of academia for a while. A good way to see what please you the most. And good news, in cryptography internships are pretty easy to find (at least at the moment).
Cryptography is a big world, many things are happening and it's sometimes hard to follow everything. Especially some mediums give you a high noise-to-quality ratio. So here they are:
Check some mailing lists in your field of interest (metzdown, ietf, cfrg, curves, modern crypto, etc...)
Follow conventions (listed here on the IACR website). Look out for ECC, Crypto, Asiacrypt, Eurocrypt, Real World Crypto, CHES, etc...
Twitter. Look for cryptographers and check out for interesting discussions and/or links they share.
Now is your time to find an internship or a job? Apply everywhere, in the world. But where? Where other cryptographers are working, or have worked. You can find that on their published papers (usually written in the header), on Twitter, on Linkedin, etc...
Another good way is to check for "who's hiring" posts on hackernews or reddit
Iacr also list a number of positions here.
Finally, universities around the world usually have room for internships as long as you don't mind not being paid.
2 comments
taken directly from Wikipedia
comment on this storyFirst of all, we stress that SVP and its variants should all be considered easy when the lattice dimension is less than 70. Indeed, we will see in Section 4 that exhaustive search techniques can solve SVP within an hour up to dimension 60. But because such techniques have exponential running time, even a 100-dimensional lattice is out of reach. When the lattice dimension is beyond 100, only approximation algorithms like LLL, DEEP and BKZ can be run.
I can't remember from what article I got that from. Must have been something Phong Nguyen wrote.
It states that a lattice of dimension 60 could be easily solved, in an hour, by an exhaustive search (or similar techniques (enumeration?)). Something to dig into.
comment on this story
My book Real-World Cryptography is finished and shipping! You can purchase it here.
If you don't know where to start, you might want to check these popular articles:
Here are the latest links posted:
You can also suggest a link.