SIKE is one of the new algorithms that NIST recently added to the post-quantum cryptography competition. It was just broken, really badly. We present an efficient key recovery attack on the Supersingular Isogeny Diffie-Hellman protocol (SIDH), based on a “glue-and-split” theorem due to Kani. Our attack exploits the …
In March, a North Korean APT siphoned blockchain gaming platform Axie Infinity of $540M. [...]
NIST’s post-quantum computing cryptography standard process is entering its final phases. It announced the first four algorithms: For general encryption, used when we access secure websites, NIST has selected the CRYSTALS-Kyber algorithm. Among its advantages are comparatively small encryption keys that two parties can exchange easily, as well …
We are excited to offer hybrid post-quantum TLS with Kyber for AWS Key Management Service (AWS KMS) and AWS Certificate Manager (ACM). In this blog post, we share the performance characteristics of our hybrid post-quantum Kyber implementation, show you how to configure a Maven project to use it, and …
Nadiya Kostyuk and Susan Landau wrote an interesting paper: “ Dueling Over DUAL_EC_DRBG: The Consequences of Corrupting a Cryptographic Standardization Process “: Abstract: In recent decades, the U.S. National Institute of Standards and Technology (NIST), which develops cryptographic standards for non-national security agencies of the U.S. government, has emerged …
Two bills attempting to reduce the power of Internet monopolies are currently being debated in Congress: S. 2992, the American Innovation and Choice Online Act ; and S. 2710, the Open App Markets Act. Reducing the power to tech monopolies would do more to “fix” the Internet than any other …
Hertzbleed is a new side-channel attack that works against a variety of microprocressors. Deducing cryptographic keys by analyzing power consumption has long been an attack, but it’s not generally viable because measuring power consumption is often hard. This new attack measures power consumption by measuring time, making it …
Cruddy cryptography means victims whose files have been encrypted by the Ukraine-tormenting ransomware can break the chains without paying extortionists. [...]
Researchers have found a major encryption flaw in 100 million Samsung Galaxy phones. From the abstract: In this work, we expose the cryptographic design and implementation of Android’s Hardware-Backed Keystore in Samsung’s Galaxy S8, S9, S10, S20, and S21 flagship devices. We reversed-engineered and provide a detailed …
Joan Feigenbaum Amazon Scholar, AWS Cryptography Bill Horne Principal Product Manager, AWS Cryptography AWS Cryptography tools and services use a wide range of encryption and storage technologies that can help customers protect their data both at rest and in transit. In some instances, customers also require protection of their …
Researchers have calculated the quantum computer size necessary to break 256-bit elliptic curve public-key cryptography: Finally, we calculate the number of physical qubits required to break the 256-bit elliptic curve encryption of keys in the Bitcoin network within the small available time frame in which it would actually pose …
I have long been annoyed that the word “crypto” has been co-opted by the blockchain people, and no longer refers to “cryptography.” I’m not the only one. [...]
Malicious groups disable features in Alibaba Cloud ECS instances for Monero cryptojacking, according to Trend Micro researchers. [...]
Malicious Phantom, MetaMask cryptowallets are on the prowl to drain victim funds. [...]
Anti-dumping code kept investors from selling SQUID while fraudsters cashed out. [...]
Anti-dumping code kept investors from selling SQUID while fraudsters cashed out. [...]
Cybercriminals exploited bugs in the world's largest digital-goods marketplace to create malicious artwork offered as a perk to unsuspecting users. [...]
The Compound cryptocurrency exchange accidentally botched a platform upgrade and distributed millions in free COMP tokens to users - then threatened to dox the recipients. [...]
John Hammond, security researcher with Huntress, discusses a wallet-hijacking RAT, and how law enforcement recovered millions in Bitcoin after the Colonial Pipeline attack. [...]
WhatsApp’s moderators sent messages flagged by intended recipients. Researchers say this isn't concerning -- yet. [...]
John Hammond, security researcher with Huntress, discusses how financially motivated cybercrooks use and abuse cryptocurrency. [...]
Cream is latest DeFi platform to get fleeced in rash of attacks. [...]
Late last year, the NSA declassified and released a redacted version of Lambros D. Callimahos’s Military Cryptanalytics, Part III. We just got most of the index. It’s hard to believe that there are any real secrets left in this 44-year-old volume. [...]
The cybercriminal group, active since late 2019, has closed its doors and released the key to unlocking victims’ files on its dark web portal. [...]
Apple’s NeuralHash algorithm — the one it’s using for client-side scanning on the iPhone — has been reverse-engineered. Turns out it was already in iOS 14.3, and someone noticed : Early tests show that it can tolerate image resizing and compression, but not cropping or rotations. We also have …