This is the first time a major platform has rolled back encryption. The justification: few people were opting in to end-to-end encrypted messaging; that's BS; E2EE wasn't set as the default - everyone knows that the default is what most people "choose". #privacy
www.platformer.news/instagram-en...
Abstract. The study of memory-hard functions (MHFs) so far has mainly focused on providing provable guarantees on the expected minimum cumulative memory complexity (CMC) required per evaluation when amortized over multiple instances. Such results, however, do not provide any guarantees for the security of compromised password banks in the sense of passwords remaining unrecoverable. Indeed, a construction can be memory-hard while still leaking information about its input. We provide the first formal treatment of the unrecoverability of graph-based data-independent MHFs (iMHFs) in the multi-instance setting. Multi-instance security is the accepted security model when inputs have low-entropy or are correlated, and require the adversarial effort to linearly scale with the number of instances broken. To prove these results, we appropriately extend the ex-post-facto pebbling technique of Alwen and Serbinenko (STOC’15) and the unguessability reductions of Farshim and Tessaro (EUROCRYPT’21). We then use the resulting compatible frameworks to bound the number of guesses of adversaries with a given CMC in terms of the pebbling complexity of the graph underlying the iMHF. Combined with known lower bounds for the pebbling complexities of their graphs, we obtain, as corollaries, concrete unrecoverability bounds for the Argon2i, Catena, and Balloon hashing, showing in particular that the advantage indeed scales linearly with the number of instances and the cumulative memory complexity of the attacker.
Image showing part 2 of abstract.
Multi-Instance Unrecoverability of iMHF-Based Password Hashing (Charles Dodd, Pooya Farshim, Siamak F. Shahandashti, Karl Southern) ia.cr/2026/018
title of paper
abstract of paper
result diagram showing reduction in mempool size
Looking forward to presenting our work (led by Hina Binte Haq and with Syed Taha Ali) on designing a lightweight memory pool for #Bitcoin at IEEE #ICBC tomorrow, using cuckoo filters in lightweight nodes, reducing mempool size from 300MB to 12MB.
Paper e-print: www-users.york.ac.uk/~sfs521/pape...
Today, May 22nd (Anywhere on Earth) is the last day to submit to our Workshops, Lightning Talks, and Posters. We're really excited to showcase all your work this August in Seattle.
www.usenix.org/conference/s...
(If there are any deadline extensions, we will have updates soon!)
📢Hello fellow researchers! We are now accepting submissions for PETS 2026, Issue 1. Submit your work by May 31, 2025 (AOE) using the link below: submit.petsymposium.org
#PETS2026 #CallForPapers
Hina Binte Haq, Syed Taha Ali, Asad Salman, Patrick McCorry, Siamak F. Shahandashti
Carbyne: An Ultra-Lightweight DoS-Resilient Mempool for Bitcoin
https://arxiv.org/abs/2504.16089
Hina Binte Haq, Syed Taha Ali, Asad Salman, Patrick McCorry, Siamak F. Shahandashti: Carbyne: An Ultra-Lightweight DoS-Resilient Mempool for Bitcoin https://arxiv.org/abs/2504.16089 https://arxiv.org/pdf/2504.16089 https://arxiv.org/html/2504.16089
Ali Cherry, Konstantinos Barmpis, Siamak F. Shahandashti
The Emperor is Now Clothed: A Secure Governance Framework for Web User Authentication through Password Managers
https://arxiv.org/abs/2407.07205
#Microsoft #Recall is a #privacy nightmare. It's a big step closer to Black Mirror. It circumvents encryption. You can have a secure messaging app like Signal, and you can have disappearing messages, but if Microsoft immediately takes screenshots of everything, we might as well not have encryption.
"Why should anyone be able to buy the genetic data of millions of Americans in a bankruptcy proceeding? The answer is simple: Lawmakers allow them to." They shouldn't. And judges can stop it. #privacy #23andMe
www.technologyreview.com/2025/03/28/1...
10 June: Jean-François Blanchette Talk and Discussion on "Burdens of Proof" in London
martinralbrecht.wordpress.com/2025/04/15/1...
⏳ Only 1 month left to submit to #EvoteID25!
Track 1: Security, Usability & Technical Issues
Track 2: Governance Issues
📩 Submit now: easychair.org/conferences/...
ℹ️ More info: e-vote-id-2025.inria.fr
Don't miss your chance to be part of it! 🗳️
#EVoting #CyberSecurity #Research
