No comment.

Hadn't realised that the third party review of Twitter's chat protocol had been published and wow github.com/trailofbits/...

How we avoided side-channels in our new post-quantum Go cryptography libraries We’ve released open-source Go implementations of ML-DSA and SLH-DSA.

Come for the Go implementations of ML-DSA and SLH-DSA, stay for the introduction to side-channel mitigation techniques.

blog.trailofbits.com/2025/11/14/h...

#golng #crypto #cryptography #postquantum

A WordPress Hard Fork Could Be Made Painless for Plugin/Theme Developers Previously, I wrote about how code-signing and threshold signatures could allow the WordPress community (whether they continue to support WordPress or decide to hard-fork the project onto something…

scottarc.blog/2024/10/14/a...

Quantum is unimportant to post-quantum By Opal Wright You might be hearing a lot about post-quantum (PQ) cryptography lately, and it’s easy to wonder why it’s such a big deal when nobody has actually seen a quantum computer.…

blog.trailofbits.com/2024/07/01/q...

I've never witnessed an experts vs non-experts split like on Kyber/ML-KEM.

No cryptographer I know thinks ML-KEM was intentionally weakened, or knows any cryptographer who does.

Meanwhile, enthusiasts in issue trackers are all but certain.

It would be impressive if it wasn't sad and worrying.

The Quest for the Gargon Musing about Password-Based Cryptography for the Government What would a modern NIST standard for password-based cryptography look like? Obviously, we have PBKDF2--which, if used with a FIPS-approved ...

scottarc.blog/2024/06/17/t...

The Quest for the Gargon Musing about Password-Based Cryptography for the Government What would a modern NIST standard for password-based cryptography look like? Obviously, we have PBKDF2--which, if used with a FIPS-approved ...

scottarc.blog/2024/06/17/t...

One thing I like about Bluesky so far is, despite not following many accounts, my timeline is extremely weird.

In a good way, I mean.

Attacking NIST SP 800-108 If you've never heard of NIST SP 800-108 before, or NIST Special Publications in general, here's a quick primer: Special Publications are a type of publication issued by NIST. Specifically, the SP 800...

scottarc.blog/2024/06/04/a...

Attacking NIST SP 800-108

(AES-CMAC KDF in Counter Mode, Loss of Key Control Security)

Encryption At Rest: Whose Threat Model Is It Anyway? One of the lessons I learned during my time at AWS Cryptography (and particularly as an AWS Crypto Bar Raiser) is that the threat model for Encryption At Rest is often undefined. Prior to consulting c...

Hello BlueSky!

I wrote a thing about encryption-at-rest: scottarc.blog/2024/06/02/e...