All props to Keegan Ryan who found the underlying issues in the SP1 guest program and figured out how to exploit them to create the proof forgery! 🙌

A table listing total operations, number of qubits, and Toffoli-gate count for Google's low-gate and low-qubit implementations, and Trail of Bits' implementation. The Trail of Bits implementation beats Google's on every metric.

Two weeks ago, Google published a paper proving in zero-knowledge that they had an efficient implementation of Shor's algorithm.

Today, Trail of Bits can prove that we have an even better implementation which beats Google's on all metrics! 🫢

blog.trailofbits.com/2026/04/17/w...

Basically every home-grown E2EE protocol be like:

Hungary election live: Viktor Orbán concedes defeat in Hungarian election after 16 years in power Long-serving prime minister beaten by opposition after early results showed clear lead

Orban has conceded the election in Hungary and Europe has one less dictator. This is worth celebrating! ❤️

www.theguardian.com/world/live/2...

“You shouldn't transition to post-quantum because you are confident quantum computing will happen; you should only avoid transitioning because you are confident quantum computing will not happen, and none of the experts are confident in that anymore.”

​​​​Cost of Net Zero by 2050 less than a single fossil fuel price shock​ – CCC  - Climate Change Committee The independent, statutory body tested its cost and energy security conclusions against different scenarios. It found that the total additional cost of a single fossil fuel price spike of 2022 magnitu...

The additional cost of ONE fossil fuel price spike on the scale of 2022 = the ENTIRE COST of Net Zero by 2050. We get precisely nothing in return for the first cost, and a whole new, more secure and cheaper energy system from the second one.
#NoBrainer
www.theccc.org.uk/2026/03/11/c...

So well deserved.

UPDATE: The European Parliament voted today to *end* untargeted mass scanning of private communications, firmly rejecting the error-prone and unconstitutional surveillance practices of recent years! Next: trilogue negotiations w/ Commission and Council.

First 6 Days of Iran War Cost U.S. $11.3 Billion, Pentagon Says

The 2026 National Science Foundation budget is $8.75 Billion.

CVE-2026-29000: Critical Auth Bypass in pac4j-jwt: Full PoC Using Only a Public Key CodeAnt AI found a critical authentication bypass in pac4j-jwt where an attacker can impersonate any user using only the RSA public key. Full PoC and disclosure.

A complete authentication bypass in pac4j-jwt. 😬

www.codeant.ai/security-res...

Abstract. End-to-end cloud storage solutions are deployed at large scale, yet recent works have demonstrated severe attacks against their confidentiality and integrity. Motivated by this, a first formal treatment of secure cloud storage was given at CRYPTO 2024 by Backendal, Davis, Günther, Haller and Paterson (BDGHP). They define syntax and security notions, capturing client-to-client security of cloud storage schemes with respect to a password distribution. They also give an efficient construction using the Two-Hash Diffie-Hellman (2HDH) OPRF and standard cryptographic building blocks, which they prove secure under selective corruptions in the random oracle model. However, several aspects of practical security guarantees remain open. We extend and refine the work of BDGHP along multiple dimensions, advancing the analysis of secure cloud storage schemes. First, we prove that their construction can be proven secure against adaptive corruptions (with a slight modification), circumventing technical challenges posed by file sharing. Second, we modularize the scheme further by introducing an abstraction for the authentication procedure. This allows us to identify the concrete role of 2HDH and alternative instantiations. Third, we introduce a weaker model that captures adversaries who can arbitrarily control the network, except during registration. This allows us to prove concrete guarantees about online password guessing attacks, whereas the stronger model inherently allows for offline guessing. Finally, we formalize and prove explicit authentication, relying on the security of our new authentication abstraction and the MAC scheme, where the latter was previously not used in the security analysis.

Image showing part 2 of abstract.

Secure Cloud Storage: Modularization, Network Adversaries and Adaptive Corruptions (Jonas Janneck, Doreen Riepel) ia.cr/2026/434

Två citatrubriker med tillhörande bilder: 1. ”Jag var inte färdig med målningen” + bild på Jesusmålningen i en spansk kyrka som förstördes av en amatörmålare. 2. ”Romina Pourmokhtari (L): ’Vi är inte färdiga med klimatarbete i Sverige’” + bild på nöjd klimat- och miljöminister.

GitHub - trailofbits/skills: Trail of Bits Claude Code skills for security research, vulnerability detection, and audit workflows Trail of Bits Claude Code skills for security research, vulnerability detection, and audit workflows - trailofbits/skills

I'm a Trail of Bits fan. Can you blame me? A couple of days ago they released Claude Code skills, from reversing and vuln research to burnout detection.

github.com/trailofbits/...

come on become a world power [EU]

On the Coming Industrialisation of Exploit Generation with LLMs Recently I ran an experiment where I built agents on top of Opus 4.5 and GPT-5.2 and then challenged them to write exploits for a zeroday vulnerability in the QuickJS Javascript interpreter. I adde…

Interesting post/research by Sean Heelan investigating the current state of exploit generation using frontier models like GPT-5.2 and Opus 4.5.

sean.heelan.io/2026/01/18/o...

It is no longer safe to move our governments and societies to US clouds - Bert Hubert The very short version: it is madness to continue transferring the running of European societies and governments to American clouds. Not only is it a terrible idea given the kind of things the “King o...

I do appreciate the US state department strengthening my case here with their sanctions on former EU officials & other supporters of EU digital safety acts just now: berthub.eu/articles/pos...

Internships in MPC available, for both recent PhD graduates and current PhD students...

mpcinthewild.github.io

This is a project funded by the Zama Cryptanalysis Grant program

Interested in the security of MPC implementations?

Peter Scholl (@schollster.bsky.social) and I are looking for research interns to study the theory/practice gap for MPC. We can host multiple interns in Aarhus for the summer 2026.

More information: mpcinthewild.github.io

Help us spread the word!

what people think hacking is like: Mr. Robot

what hacking is actually like: Hmm. That’s weird

We should all be using dependency cooldowns
blog.yossarian.net/2025/11/21/We-should-all...
#security #oss

That being said, I think it probably makes sense to report all vulnerabilities in messaging apps used by the US. I’m assuming they’re not talking about bugs in WeChat or VKontakte.

I think it would make more sense to draw the line between vulnerabilities that only allow targeted exploitation (against a single device), and vulnerabilities that could allow for mass-exploitation. 🤷‍♂️ Cryptographic vulnerabilities can be either.

How we avoided side-channels in our new post-quantum Go cryptography libraries We’ve released open-source Go implementations of ML-DSA and SLH-DSA.

Come for the Go implementations of ML-DSA and SLH-DSA, stay for the introduction to side-channel mitigation techniques.

blog.trailofbits.com/2025/11/14/h...

#golng #crypto #cryptography #postquantum

Why is it excellent policy? Do you mean they report vulnerabilities that don’t require active measures? 🤔

The call for talks for CAW 2026 (a workshop affiliated with Eurocrypt) is out!

This year's motto is "cryptography under real-world constraints and threat models", but other applied cryptography is also very welcome.

All info is on: caw.cryptanalysis.fun.

EU vill korta tågresan Stockholm–Köpenhamn till fyra timmar En ny handlingsplan från EU-kommissionen kan ge snabbare tåg över gränserna och förbättra resandet mellan europeiska storstäder

Uppfriskande att se att någon har visioner som inte handlar om att utvisa människor eller sätta barn i fängelse.

www.dn.se/varlden/eu-v...

Omni Klimathotet/Svenska krisberedskapen Rubrik: Klimatanpassning på paus: Elva tjänster kvar i landet

Steg 1
Regeringen tar bort anslaget för klimatanpassning

Steg 2
Två av tre tjänster inom förebyggande klimatarbete försvinner

Steg 3
Klimatrelaterade katastrofer blottar luckor i krisberedskapen

Steg 4
Klimatministern läxar upp länsstyrelserna

Steg 5
[inget händer]

¯\_(ツ)_/¯

omni.se/a/73Xzmo

Good post on Merkle tree certificates.