There are only two bug classes left: complexity and memory safety.
CurveBall (CVE-2020-0601)? Complexity.
BigSig (CVE-2021-43527)? Memory safety.
Log4Shell (CVE-2021-44228)? Complexity.
BlueKeep (CVE-2019-0708)? Memory safety.
Heartbleed looks like memory safety, but it's actually complexity.
That's how I teach it to my students as well.
We performed a security analysis of the LINE messenger in our latest paper, "LINE-Break: Cryptanalysis and Reverse Engineering of Letter Sealing", to appear in ACM ASIACCS’26.
Joint work with Thomas Kingo Mogensen and Adam B. Hansen @csaudk.bsky.social. Full technical details at linebreak.info
Impossible to disagree with a single word that Ben Rhodes (Obama era NSC official) is saying here:
I should add to this: winner of best paper award at Eurocrypt 2026!!
As a single author. During his PhD. Incredible achievement!(protip: he will graduate soon-ish 👀)
CC @janiceascari.bsky.social @rubensvalente.bsky.social @ritchieguy.bsky.social @dfaranha.bsky.social @camposmello.bsky.social @miriamleitao7.bsky.social @igorgadelham.bsky.social @dharazim.bsky.social @imont.bsky.social @shalders.bsky.social
Fernando is looking for a PhD student www.iacr.org/jobs/item/4164 Fernando is excellent, you should consider applying.
Speaker Nikolas Melissaris talks about What Is Cryptography Hiding from Itself? by Diego F. Aranha and Nikolas Melissaris.
The room gets philosophical. Cryptography & Society chaired by Nick Sullivan ( @nicksullivan.org ): what is crypto hiding from itself? Security vs. interoperability? CRA policy? Proofs that aren't enough? And Nadim Kobeissi on teaching crypto in post-crisis Lebanon. #realworldcrypto
Come be part of Cedarcrypt, our historic new initiative to grow cryptography research, development and representation in the Levant region!
We're seeking speakers and workshop leaders: our call for submissions is open! Learn more: cedarcrypt.org
Please spread the word!
So much ICE out there today in South Minneapolis. They’re prowling around harassing schools.
Stay frosty, friends
I wrote a short blog post on the WhatsApp lawsuit, or whatever it is. blog.cryptographyengineering.com/2026/02/02/w...
An NYT headline reads “Federal Officers Shoot Person in Minneapolis”
It has gotten so bad that the @nytimes.com has stopped using the passive voice to describe the violence.
Software error in continuous glucose monitors caused 736 serious injuries, and seven deaths. abbott.mediaroom.com/press-releas...
Bad news for other minorities, for the media, for civil society, the rule of law and democracy, too
Bad news for immigrants in Europe.
Come work with Peter Scholl @schollster.bsky.social and me in Aarhus!
If you want to impose strict deadline and word counts, enable the REBUTTAL feature in HotCRP which gives word count to authors and a system-wide deadline.
If you believe that smart people cannot do utterly dumb things, just look at the Eurocrypt'26 rebuttal process.
And started a Cryptanalysis division in the kitchen!
Achievement unlocked.
Know your rights. Protect your neighbors.
New York is — and always will be — a city for all immigrants.
CRITICAL security vulnerability in a really popular web framework React server. Maximum severity (CVSS: 10.0). Unauthenticated remote code execution. May be WORMABLE. Patch immediately. This could get very nasty. Patch this, and all that depends on it (like Next.js) react.dev/blog/2025/12...
I think it’s pretty clear at this point that one of the main impacts of LLMs is to disrupt thinking: to make it so that far too many people never properly learn how to do it, and then to control the output so there are thoughts that people never learn how to think.
The "What are the best gifts for men?" in the end is some dystopian shit.
My thoughts on the IACR election issue (since many have asked privately):
- This was an honest accident, and Moti Yung deserves being cut some slack. Yes, it’s a silly mistake, but mistakes happen.
- The IACR board reacted excellently and scheduled timely follow up elections.
Continued in thread
git push -f
