Recently, it occurred to me that there wasn’t a good, focused resource that covers commitments in the context of asymmetric cryptography. I had covered confused deputy attacks in my very short (don’t look at the scroll bar) blog post on database cryptography., and that’s definitely relevant. I had also touched on the subject of commitment […]
A cartoon wild canid on the Internet provides general guidance on elliptic curve cryptography parameter choices.
If you really must support RSA in 2022, here’s some things to keep in mind.
Who knew Hybrid Cryptography (which combines Post-Quantum Cryptography with Pre-Quantum Cryptography) would be controversial?
An assortment of topics that don’t quite deserve their own dedicated blog post.
Tales from the Crypt[ography].
RSA is for encrypting symmetric keys, not entire messages. Pass it on.
If you’re ever tasked with implementing a cryptography feature–whether a high-level protocol or a low-level primitive–you will have to take special care to ensure you’re not leaking secret information through side-channels. The descriptions of algorithms you learn in a classroom or textbook are not sufficient for real-world use. (Yes, that means your toy RSA implementation […]
Earlier this week, NIST announced Round 3 of the Post-Quantum Cryptography project and published their rationale for selecting from the Round 2 candidates. NIST did something clever this time, and Round 3 was separated into two groups: Finalists and Alternative Candidates. Finalists are algorithms that NIST (and the majority of the cryptographers involved in NIST’s […]