applied-cryptography
16 posts tagged applied-cryptography.
-
How Elliptic Curves and Diffie-Hellman Break in Real Life: The Discrete Log Never Fell
No one has solved the discrete log on a strong curve or a 2048-bit group -- yet PS3, Android wallets, TPMs, CurveBall, and Logjam all fell. Here is exactly how.
-
Correct, Constant-Time, and Still Owned: A Field Guide to Side Channels, Faults, and Key Custody
Correct, constant-time crypto still leaks keys through timing, cache, speculation, and fault channels, and deployed systems break most often at key custody.
-
The Discrete Log Held; The Proofs Leaked: A Field Guide to Commitments and Sigma Protocols
How the discrete log stayed hard for forty years while the proofs built on it kept breaking: Pedersen commitments, Schnorr, Sigma protocols, and Fiat-Shamir.
-
The Server Helped, and Never Saw: A Field Guide to Oblivious Pseudorandom Functions
How a server applies its secret key to your secret input without ever seeing it: OPRF, VOPRF, and POPRF (RFC 9497), the engine of OPAQUE and Privacy Pass.
-
The Standard Was Boring; That Was the Point: A Field Guide to HPKE (RFC 9180)
The industry standardized encrypt-to-a-public-key four incompatible ways. HPKE (RFC 9180) is the boring, correct fix -- and its non-goals are the whole discipline.
-
Nobody Broke the Discrete Log: A Field Guide to Diffie-Hellman and Forward Secrecy
The discrete log held for fifty years; Logjam, small-subgroup, and invalid-curve attacks broke the deployment instead. A field guide to FFDHE, ECDH, and X25519.
-
The Math Held; The Interface Leaked: A Field Guide to Digital Signatures
ECDLP and RSA held; the nonce, the canonical form, and the verifier broke instead. A field guide to ECDSA, EdDSA, RSA-PSS, determinism, and malleability.
-
The Doorway Into the Group: A Field Guide to Hashing a String Onto an Elliptic Curve (RFC 9380)
Turning a string into an elliptic-curve point is a two-decade problem behind a one-line API. Why H(m)*G and hunt-and-peck both fail, and how RFC 9380 fixes it.
-
The Curve Was Hard; The Gap Was Soft: A Field Guide to Using Elliptic Curves Safely
Textbook ECC is hard; deployed ECC broke anyway. A field guide to P-256, Curve25519, Ristretto255, invalid-curve attacks, cofactors, and constant-time.
-
RSA Is a Trapdoor, Not a Cryptosystem: OAEP, PSS, and the 25-Year Padding-Oracle Lineage
Textbook RSA is a trapdoor, not a cryptosystem. A field guide to OAEP, PSS, PKCS#1 v1.5, and the Bleichenbacher-ROBOT-Marvin padding-oracle lineage, done right.
-
The One Job of a Password Hash: Why Fast Is the Enemy, and Memory Is the Frontier
A password hash has one job: make each guess expensive on the cheapest attacker hardware. Why fast hashes fail, and how bcrypt, Argon2, and yescrypt fix it.
-
The Tag Verified, the Cipher Held, the Forgery Went Through: A Field Guide to Message Authentication and Safe Composition
Why HMAC, KMAC, GMAC, and Poly1305 never broke -- but Flickr, Lucky Thirteen, and 184 GCM servers did. A field guide to MACs and Encrypt-then-MAC.
-
The Fingerprint Two Files Shared: A Field Guide to Cryptographic Hashes
A field guide to cryptographic hashes: the one promise behind SHA-2, SHA-3, and BLAKE3, why MD5 and SHA-1 died, and how to choose one that keeps its promise.
-
No Room for a Nonce: Disk and Length-Preserving Encryption, from XTS to FPE
Why disk and format-preserving ciphers are deterministic, unauthenticated permutations, and how block width and domain size decide XTS, Adiantum, HCTR2, or FF1.
-
The AEAD Decision Matrix: Seven Ciphers, Three Edges, One Choice
AES-GCM, ChaCha20-Poly1305, CCM, OCB3, GCM-SIV, AEGIS, and Ascon, compared by the three sharp edges that decide every deployment: nonce, hardware, commitment.
-
Predictable or Repeated: The Only Two Ways Cryptographic Randomness Betrays You
Every key, nonce, IV, and salt fails in one of two ways: predictable when it must be unpredictable, or repeated when it must be unique. A field guide.