New post: "Hybrid Constructions Are a Safety Blanket, and That's Fine"
Companion piece to @soatok.bsky.social's post today. Hybrid KEMs hedge against a real retroactive threat. Hybrid signatures have a place too, but the case is less urgent. The real risk? Slowing PQ adoption.
This appears to have been a promotional video for the construction of the airport.
Apparently for some reason when I was two years old, they let me loose in Beirut's airport as it was being built, and I was filmed walking around and inside planes by Lebanese state television.
So what are we playing, exactly...?
#deltarune
Israeli strike kills infant girl in south Lebanon during father's funeral:
Lebanese Red Cross.
We can all only be thankful that our family is unharmed: when I told this story to a distant cousin, she replied that her friend had lost both her mother and father in Israel's bombing of Beirut two days ago, which killed more than 300 civilians in the space of ten minutes.
Each owned an apartment in the building, which also housed medical practices, a baby toys shop (owned and run by my cousin Jamal) and a branch for Bank Audi.
Upon hearing this news, Uncle Ahmad wrote: "in our hearts, this is the least of our losses."
In 2006, they would destroy both her and my home in Beirut, rendering us both temporarily homeless.
Uncle Ahmad's building was a costly joint effort financed by himself as well as my mother and his other siblings.
This home was in a building constructed by my uncle, the Lebanese historian Ahmad Beydoun, after my family was able to return to our ancestral hometown, Bint Jbeil, in the year 2000 when Israel ended its decades-long occupation there, during which they destroyed my mother's childhood home.
Today, for the third time in my mother's life and for the second in my own life, we lost a home due to it being bombed by the Israeli army.
Want to help shape the cryptography that ends up in Internet standards? CFRG is looking for Crypto Review Panel members. Self-nominations welcome. Two-year renewable term.
Send nominations by April 20: cfrg-chairs@ietf.org
wiki.ietf.org/group/cfrg/C...
So wonderful. It’s great that things like this still happen. Soon they will ride a fireball back to Earth.
CFP DEADLINE IS TOMORROW. WE HAVE A LOT OF GOOD SUBMISSIONS ALREADY BUT YOU CAN ALSO SUBMIT SOMETHING!
Shock & horror in #Beirut: This building is just one of dozens hit in a rapid series of Israeli strikes w/o warning yesterday
Searches have continued overnight. A man on top of the rubble looks for his missing 23 year-old daughter w/Civil Defense workers.
📍Ain Mreisseh, Beirut
When the light is running low
And the shadows start to grow
And the places that you know
Seem like fantasy
There's a light inside your soul
That’s still shining in the cold
With the truth
The promise in our hearts
Hello! Israel is committing a massacre of civilians in central Beirut today, where they, among other things, CONDUCTED ONE HUNDRED AIRSTRIKES IN TEN MINUTES ALL TARGETING RESIDENTIAL BUILDINGS
Probably the most important part of the Claude Mythos announcement, which in its entirety is absolutely bonkers anyway
Music for finishing a first draft of an audit report
Abstract. Hax is a verification pipeline that translates a subset of Rust into F*, enabling machine-checked proofs of panic freedom and functional correctness for cryptographic implementations being developed in partnership with Google and tested in Signal’s post-quantum protocol. We study whether hax’s translation preserves the security properties it claims to verify. Through a structural analysis of its 35-phase transformation engine, F* proof libraries, and specification API, we identify three classes of semantic gap between the Rust source and the F* verification target: translation infidelity, where pipeline transformations distort security-relevant semantics; unverifiable trust boundaries, where operations are axiomatized without postconditions; and specification gaming, where escape hatches inject unproven facts into the verification context. We demonstrate each class through five proof-of-concept exploits against ML-DSA (FIPS 204), ML-KEM (FIPS 203), Ed25519 (FIPS 186-5), and ChaCha20 (RFC 8439). Every exploit meets a strict criterion: the Rust code compiles, passes functional tests, and extracts to F* without warnings, while harboring a security gap invisible to testing. We distinguish three gradations: facade gaps where the F* model actively diverges from Rust semantics, a conditional gap dependent on the compilation mode, and a scope gap where the model is faithful but cannot cover a critical property. We call the resulting phenomenon a verification facade: verification that is performed but covers less than it appears to cover.
Image showing part 2 of abstract.
Verification Facade: Masquerading Insecure Cryptographic Implementations as Verified Code (Nadim Kobeissi) ia.cr/2026/670
New paper: "Verification Facade" -- I show that hax's Rust-to-F* pipeline can produce verified code where the F* model diverges from the program Rust executes.
5 PoCs against ML-DSA, ML-KEM, Ed25519, ChaCha20. All pass tests. 3 of 5 pass F*'s FULL verification, with invisible security gaps.
Positively thrilled that I can finally uninstall F*, hopefully for the last time
