New blog post! ✨ I argue that AI will make formal verification go mainstream. martin.kleppmann.com/2025/12/08/a...

Three reasons for this:

1. LLMs are getting increasingly good at writing proofs using proof assistants. This will make formal verification vastly cheaper than it's been to date.

Monthly Rust Meetup, Wed, Nov 12, 2025, 6:45 PM | Meetup Join us for the new and improved monthly Cambridge Rust meetup, hosted at Quantinuum's office on Hill's Road. **Speaker:** **Daniel Hugenroth** **Topic:** In an era where

And if you are interested in more Rust details 🦀, I'll be giving a deep-dive into some more Rust details in the evening (also Wednesday, 12th Nov) at the Cambridge Rust Meetup: www.meetup.com/cambridge-ru...

@arberesford.bsky.social and I are giving a talk on deploying secure whistleblower technology in practice this Wednesday (12th Nov) at the @cst.cam.ac.uk in Cambridge (3pm)—covering the five year journey of CoverDrop. 🙌 Join us online or in-person: www.cst.cam.ac.uk/seminars/lis...

‘I lost 25 pounds in 20 days’: what it’s like to be on the frontline of a global cyber-attack The security chief of SolarWinds reflects on the Russian hack that exposed US government agencies – and the heart attack he suffered in the aftermath

The 2020 SolarWind accident was one of the big cases where a compromised build environment lead to a far-spreading (and hard-to-detect) cyber incident. The Guardian just published a great article with the SolarWind CISO revisiting the events five years later: www.theguardian.com/technology/2...

The extended paper is available here as open-access: www.cl.cam.ac.uk/techreports/...

The picture shows Mario and Daniel presenting the last slide of their presentation at ACM CCS 2025 in Taipei. The text on the slide reads: A-Bs provide source-to-binary provenance using TEEs and sandboxing; complements Reproducible Builds and both can be combined in an any-trust model; practical evaluation (see our GitHub) and formal verification using Tamarin.

How to trust that the binaries that we deploy are truthfully built from the correct source code? 🤝

Just back from ACM CCS '25 🌏 where we presented Attestable Builds as a solution to this challenge. It complements Reproducible Builds and uses TEEs as a trust anchor. With @coderlime.bsky.social

The picture shows a smartphone and the imprint of a newspaper. The smartphone displays a screen from the SecureMessaging feature showing a key digest. The newspaper imprint shows the same digest. The digest consists of a number of randomly-looking letters and digits.

One of my favourite CoverDrop details: out-of-band verification of the trusted organization key which signs the entire key hierarchy. Its digest is included in the imprint of every printed Guardian newspaper, removing the need to trust CAs 🔑🗞️ more details: www.coverdrop.org

Audits of AI/ML systems while protecting model IP and keeping the audit data confidential 🤫

@inxoy.bsky.social is at the ICML TAIG workshop today, presenting our work on Attestable Audits: arxiv.org/html/2506.23... with Bill Marino and @arberesford.bsky.social

Super excited that Jenny is presenting our new paper on "Web Authentication and Recovery in the Age of E2EE" at PETS today! 🎉🎉

Tons of interesting insights for a world in which we are moving away from passwords, and E2EE data becomes more long-term and critical. petsymposium.org/popets/2025/...

↩️ Back-link to the launch post: bsky.app/profile/lamb...

There are a lot of insights in both the original PETS paper (petsymposium.org/2022/files/p...) and Diana's PhD thesis (www.repository.cam.ac.uk/items/ec87dd...).

CoverDrop involved users from the very beginning—avoiding the “solution looking for problem” trap. Big shout out to @mansoor.bsky.social , Diana, and @arberesford.bsky.social for getting this right from the very beginning by running two very insightful workshops with journalists and engineers.

And if you like to learn more about the CoverDrop research behind SecureMessaging: www.coverdrop.org

This announcement really should have our lead Rustaceans @itsibitzi.dev and @zekehg.bsky.social on top 🦀! CoverDrop's implementation journey has been demonstrating the immense strengths that lie in Rust's type system and the mature tool chain. Looking forward to all the talk in September!

The Guardian’s new whistleblower tool buries leaks to journalists within its own readers’ everyday traffic Think "I am Spartacus!" — but for leakers.

The Guardian app’s own data flows make leaks indistinguishable from regular traffic — cutting off one of the easiest ways for a repressive government or a corporate boss to identify a leaker. www.niemanlab.org/2025/06/the-...

GitHub - guardian/coverdrop: Blowing the whistle through a news app Blowing the whistle through a news app. Contribute to guardian/coverdrop development by creating an account on GitHub.

Yes, the full CoverDrop system is open-source, we had an OTF-sponsored audit, and we have shared the design early with other researchers for feedback. github.com/guardian/cov...

The Guardian launches Secure Messaging, a world-first from a media organisation, in collaboration with the University of Cambridge Secure Messaging is a new innovation for confidential story-sharing and source protection, underpinning the Guardian’s commitment to investigative journalism. The Guardian has published the open sourc...

Congratulations @lambda.bsky.social! Today @theguardian.com is launching a new way for whistleblowers to anonymously contact journalists, based on years-long research by Daniel and other colleagues. www.theguardian.com/gnm-press-of...

Thank you so much @martin.kleppmann.com for all your help, guidance, and feedback during this project! Especially with the tricky bits around key rotation and concurrency. And glad that we were able to distill some insights from the production world already into our P79 course.

There’s a lot more to say, and I’ll highlight some aspects that I’m particularly excited about over the next few weeks.

Our CoverDrop white paper has a lot more technical details and we are immensely grateful to everyone who have provided us with valuable feedback throughout this project: www.cl.cam.ac.uk/techreports/...

Whistleblowing tech based on Cambridge research launched by the Guardian Whistleblowers can contact journalists more securely thanks to a new confidential and anonymous messaging technology co-developed by University of Cambridge

The university team has prepared a lil’ announcement as well: www.cam.ac.uk/research/new...

In a dangerous era for journalism – a powerful new tool to help protect sources Today, the Guardian, in collaboration with the University of Cambridge, launches Secure Messaging, a world-first from a media organisation

The launch article by Katharine Viner provides a great overview on how CoverDrop works, our collaboration with The Guardian, and why this system is so important: www.theguardian.com/membership/2...

We launched CoverDrop 🎉 providing sources with a secure and anonymous way to talk to journalists. Having started five years ago as a PhD research project, this now ships within the Guardian app to millions of users—all of which provide cover traffic. Paper, code, and more info: www.coverdrop.org

GitHub repo here: github.com/lambdapionee...

PETS paper here: petsymposium.org/popets/2024/...

Panorama of Linz

Greatly enjoyed talking at JKU Linz about our Sloth 🦥 library which uses Secure Enclaves (SEs) for key stretching and deniable encryption. Importantly, it works around Android/iOS API limitations and, therefore, Sloth is available to regular apps on most smartphones without modifications.

The final slides are online now: bsky.app/profile/lamb...

It's done! The final lecture slides and notes for "P79 Cryptography and Protocol Engineering" are now online: www.cl.cam.ac.uk/teaching/242... 🎉. This is the first time that @martin.kleppmann.com and I have done this course—we very much welcome feedback, corrections, and suggestions for next time

The slides are updated as-we-go on the course website: www.cl.cam.ac.uk/teaching/242... Currently, the highlight are the great X25519/Ed25519 slides by Martin. Content should be complete by begin of March :)

The lectures are not recorded, but we will upload the slides and lecture notes online. There will be another post when the full set becomes available.