Articles on Encryption
Last updated: 2023/03/07
Top deep-dives on Encryption
An extremely casual code review of MetaMask’s crypto
Matthew Green takes a casual dive into the encryption underlying the popular crypto browser wallet, Meta Mask.
Plan B for UUIDs: double AES-128
Paul Khuong ponders a method and the performance of encrypting structured internal keys to be random externally.
Looking into convergent encryption
In regards to tech, privacy has taken center stage as one of the main issues in the past couple of years. Encryption is often times touted as a great solution for keeping user information private, but how does that work with services that might have to store unimaginable amounts of data, where a 5% decreases in size could save millions of dollars? Ayende Rahien's article looks at how convergent encryption produces the same result with different encryption keys, in the aim of deduplicating data storage.
Matthew Green discusses a new paper on One-Time Programs (OTP), a cryptographic primitive that allows for secure, unhackable software to be sent to and run on any untrusted computer. OTPs are a powerful tool with many potential applications, but they have a fundamental problem in that they require strong model-breaking assumptions to build, which limits their practicality.
- The executing computer can only run a OTP once
- Many realizations of OTPs require the program author to deliver some kind of secure hardware to the person who runs the program
- OTPs can be used to build devastating ransomware and malware
Attacking Very Weak RC4-Like Ciphers the Hard Way
Ben Herzog discusses the encryption algorithm RC4 and how it is broken in various situations. Ben also demonstrates several approaches for attacks on the algorithm.
Ed25519 Deep Dive Addendum
Cendyne elaborates on a previous post they made on the Ed25519 algorithm, specifically looking at the different validation criteria across implementations, researches "exclusive ownership", reviews a technical specification, discusses deterministic signatures, and finally how Ed25519's reference implementation promotes a misuse vulnerability widely promoted this year.
Polynonce: A Tale of a Novel ECDSA Attack and Bitcoin Tears
In this blog post, the Nils Amiet tells a tale of how they discovered a novel attack against ECDSA, how they applied it to datasets they found in the wild, including the Bitcoin and Ethereum networks, and how they found evidence that someone had previously attacked vulnerable wallets with a different exploit and drained them.
- "the attack looks at the fact that you can always define a recurrence relation among nonces used in different ECDSA signatures as a polynomial of arbitrarily high degree, with unknown coefficients, modulo the order of the curve’s generator point"
- Basically means whenever an ECSDA signature is generated, it gives a relation between nonce and the private key
- It's an issue because nonces are usually generated using weak pesudo-random number generators (PRNG)