Cryptanalysis of a Lattice-Based PIR Scheme for Arbitrary Database Sizes

Private Information Retrieval PIR schemes enable users to securely retrieve files from a server without disclosing the content of their queries, thereby preserving their privacy. In 2008, Melchor and Gaborit proposed a PIR scheme that achieves a balance between communication overhead and...

Improvements in Brute Force Attacks

New paper: "GPU Assisted Brute Force Cryptanalysis of GPRS, GSM, RFID, and TETRA: Brute Force Cryptanalysis of KASUMI, SPECK, and TEA3." Abstract: Key lengths in symmetric cryptography are determined with respect to the brute force attacks with current technology. While nowadays at least 128-bit...

New Advances in the Understanding of Prime Numbers

Really interesting research into the structure of prime numbers. Not immediately related to the cryptanalysis of prime-number-based public-key algorithms, but every little bit matters...

CBL Mariner 2.0 Security Update: ed (CVE-2015-2987)

The version of ed installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2015-2987 advisory. - Type74 ED before 4.0 misuses 128-bit ECB encryption for small files, which makes it easier for attackers to obtai...

Model Extraction from Neural Networks

A new paper, "Polynomial Time Cryptanalytic Extraction of Neural Network Models," by Adi Shamir and others, uses ideas from differential cryptanalysis to extract the weights inside a neural network using specific queries and their results. This is much more theoretical than practical, but its a...

Breaking the M-209

Interesting paper about a German cryptanalysis machine that helped break the US M-209 mechanical ciphering machine. The paper contains a good description of how the M-209 works...

Lattice-Based Cryptosystems and Quantum Cryptanalysis

Quantum computers are probably coming, though we dont know when--and when they arrive, they will, most likely, be able to break our standard public-key cryptography algorithms. In anticipation of this possibility, cryptographers have been working on quantum-resistant public-key algorithms. The...

Improving the Cryptanalysis of Lattice-Based Public-Key Algorithms

The winner of the Best Paper Award at Crypto this year was a significant improvement to lattice-based cryptanalysis. This is important, because a bunch of NISTs post-quantum options base their security on lattice problems. I worry about standardizing on post-quantum algorithms too quickly. We are...

Improving Shor’s Algorithm

We dont have a useful quantum computer yet, but we do have quantum algorithms. Shors algorithm has the potential to factor large numbers faster than otherwise possible, which--if the run times are actually feasible--could break both the RSA and Diffie-Hellman public-key algorithms. Now, computer...

crypto-js PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard

Impact Summary Crypto-js PBKDF2 is 1,000 times weaker than originally specified in 1993, and at least 1,300,000 times weaker than current industry standardOWASP PBKDF2 Cheatsheet. This is because it both 1 defaults to SHA1SHA1 wiki, a cryptographic hash algorithm considered insecure since at leas...

Enhancing TLS Security: Google Adds Quantum-Resistant Encryption in Chrome 116

Google has announced plans to add support for quantum-resistant encryption algorithms in its Chrome browser, starting with version 116. "Chrome will begin supporting X25519Kyber768 for establishing symmetric secrets in TLS, starting in Chrome 116, and available behind a flag in Chrome 115," Devon...

Researchers Find Way to Recover Cryptographic Keys by Analyzing LED Flickers

In what's an ingenious side-channel attack, a group of academics has found that it's possible to recover secret keys from a device by analyzing video footage of its power LED. "Cryptographic computations performed by the CPU change the power consumption of the device which affects the brightness ...

CVE-2023-2820

An information disclosure vulnerability in the faye endpoint in Proofpoint Threat Response / Threat Response Auto-Pull PTR/TRAP could be used by an attacker on an adjacent network to obtain credentials to integrated services via a man-in-the-middle position or cryptanalysis of the session traffic...

Information disclosure

An information disclosure vulnerability in the faye endpoint in Proofpoint Threat Response / Threat Response Auto-Pull PTR/TRAP could be used by an attacker on an adjacent network to obtain credentials to integrated services via a man-in-the-middle position or cryptanalysis of the session traffic...

CVE-2023-2820

An information disclosure vulnerability in the faye endpoint in Proofpoint Threat Response / Threat Response Auto-Pull PTR/TRAP could be used by an attacker on an adjacent network to obtain credentials to integrated services via a man-in-the-middle position or cryptanalysis of the session traffic...

CVE-2023-2820

CVE-2023-2820 affects Proofpoint Threat Response / Threat Response Auto-Pull (PTR/TRAP) via the faye endpoint. The vulnerability may allow an attacker on an adjacent network to obtain credentials to integrated services through MITM or session-traffic cryptanalysis, enabling impersonation of PTR/T...

Node.js: DiffieHellman doesn't generate keys after setting a key

DiffieHellman in Node.js did not generate new keys after setting a key, due to an issue in OpenSSL. This vulnerability could have allowed for key reuse and potential compromise of confidentiality and integrity in applications relying on DiffieHellman for security...

K16396: GnuPG vulnerability CVE-2013-4576

Security Advisory Description GnuPG 1.x before 1.4.16 generates RSA keys using sequences of introductions with certain patterns that introduce a side channel, which allows physically proximate attackers to extract RSA keys via a chosen-ciphertext attack and acoustic cryptanalysis during decryptio...

Mary Queen of Scots Letters Decrypted

This is a neat piece of historical research. The team of computer scientist George Lasry, pianist Norbert Biermann and astrophysicist Satoshi Tomokiyo--all keen cryptographers--initially thought the batch of encoded documents related to Italy, because that was how they were filed at the...

Attacking Machine Learning Systems

The field of machine learning ML security--and corresponding adversarial ML--is rapidly advancing as researchers develop sophisticated techniques to perturb, disrupt, or steal the ML model or data. It’s a heady time; because we know so little about the security of these systems, there are many...