Hey! I'm David, the author of the Real-World Cryptography book. I'm a crypto engineer at O(1) Labs on the Mina cryptocurrency, previously I was the security lead for Diem (formerly Libra) at Novi (Facebook), and a security consultant for the Cryptography Services of NCC Group. This is my blog about cryptography and security and other related topics that I find interesting.

# Do you know what Elliptic Curve Cryptography is? posted May 2014

comment on this story

# Toom-Cook multiplication for dummies posted April 2014

We're learning a lot of algorithm in my algebre et calcul formel class. One of them is the Toom-Cook algorithm used for multiplication of large integers.

I found a super simple explanation of it on a forum, it helps:

Say, we want to multiply 23 times 35.
We write,
p(x) = 2x + 3,
q(x) = 3x + 5.
We are using our realization that any integer can be written as a polynomial.
Here, p(x), represents 23, and q(x), represents 35, when x equals 10.
We write,
p(x)q(x) = r(x).
That is, p(x) times q(x), equals r(x).
So,
(2x + 3)(3x + 5) = ax^2 + bx + c = r(x).
Now,
p(0)q(0) = r(0).
So,
(20 + 3)(30 + 5) = a0 + b0 + c.
Therefore,
c = 15.
Now,
p(1)q(1) = r(1).
Therefore, when we do the substitutions (for x and c),
a + b = 25.
Now,
p(-1)q(-1) = r(-1).
Therefore, when we do the substitutions (for x and c),
a - b = -13.
Now, we already know c, and we just need to find a and b.
We have two linear equations and two unknowns,
a + b = *25,
a - b = -13.
We just add the two equations and we get,
2a = 12.
Therefore,
a = 6.
Now, we can substitute 6 for a in,
a + b = 25,
and we get,
b = 19.
So,
r(x) = 6x^2 + 19x + 15.
Now, we substitute 10 for x in r(x), and we are done,
r(10) = 600 + 190 + 15 = 805.
Believe it or not!

# Why can't I copy PS3 games and play them on another console? posted April 2014

I've always wondered how it is that we can't easily copy the entire content of a CD/DVD/Bluray on another one and play it with a PS1/PS2/PS3 and I guess PS4 and its competition.

Here's part of an answer on psx-scene's forum:

Whenever you insert a disc (bluray one that is) the ps3 drive will look at a special area of the disc called the Pic Zone (the BD ROM Mark is actually used in movie discs but not in game unlike what I first thought).This area cannot easily be dumped (you'd pretty much need a bluray drive with a hacked firmware) and of course that specific area cannot be burned on any kind of discs or with any kind of burners commercially available.

comment on this story

# Weblang posted April 2014

I've been writing html, xhtml, and now html5 for ages. I think I started in 2001 (13 years ago).

I had to go through <br> becoming <br /> becoming <br> again.

I had to go through different doctypes

I had to go through new divs like <header> and <footer>

But I never had to go through a syntax change. Why is that? I don't understand why HTML is a language based on tags. It is unnecessary and it just adds time and confusion to typing in html. I haven't ran into any project directed at changing that syntax. And I thought, why not doing it myself? (and if there is already such a project please tell me!)

So I thought about a new language to write static web pages called web or weblang. No tags. Indentation. Simple doctype.

A simple index.web would looks like that:

\web:1 // this is a doctype

$title: 'Weblang example';$css: 'css/app.css';

\body

$header .monheader{$h1 "Weblang";
}

$section #introduction{$h2 "What is Weblang?";
$p "Weblang is an elegant way of writing static webpages" "HTML is annoying to write." // there will be a breakline here$p{
what about just writing text like this,
it's kinda easier
}
}

// what about just writing text
This is a text block, it will just render as text
in this text I want a list here : $ul{$li "with text in it";
}

$ul .links{$li{
$a "more info" href: 'https://github.com/mimoo/weblang'; }$li $a{ tags can be chained } }$javascript 'js/jquery.js';
$script 'js/script.js' type: 'javascript'; This is just a first draft. The biggest problem is that plain text and code is mixed. The trick I used here is to use$ to tell the render engine that it is not plaintext. Might not be super clever. I need to brainstorm a bit more about this.

Also I need to look at sass' code to see how a compiler works. Seems to be a bunch of regex.

# Berlekamp & GO posted April 2014

I knew that my principal cryptography professor Gilles Zémor was a GO player.

Which is pretty amazing in itself :)

But this keeps going on.

I have an algebra class this semester, and I'm trying to understand Berlekamp's algorithm. Trying to find videos on youtube about him I discover that he is as well a go player! And doing researches about the game at that! So cool :D

comment on this story

# Ruby, Go, Rust posted April 2014

I've been planning to code my next web project with Ruby on Rails.

But two languages have also been catching my attention. Go and Rust.

And today, I ran into two wonderful websites:

Those websites are so pretty that it just makes me want to read them! Great complement to learnXinYminutes.

Now I just have to find a project to code with these languages =)

comment on this story

# Using Google, Facebook (and others?) to DDoS any websites posted April 2014

chr13 has posted a nice finding on how to DDoS a website thanks to services like facebook and google.

It's actually pretty simple!

You just create notes with img tags, facebook will crawl the website to cache the picture.

In his example he writes a thousand img tags per notes, opens all the notes from several browsers.

<img src=http://targetname/file?r=1></img>
<img src=http://targetname/file?r=2></img>
..
<img src=http://targetname/file?r=1000></img>

Thousands of get request are sent to a single server in a couple of seconds. Total number of facebook servers accessing in parallel is 100+.

The funny thought of facebook DDoSing itself crossed my mind. Interestingly someone else's also and chr13 answered that he hadn't tried:

It’s against the bug bounty rules to do this, hence one has to be careful here. I was only using browsers at first just because of that.

comment on this story

# NAT Masquerade in one picture posted April 2014

I wanted a recall on how masquerade worked in NAT, and I wanted a fast recall.

What's better than a picture? Nothing of course :D

source

comment on this story