41 episodes

Some cryptography & security people talk about security, cryptography, and whatever else is happening.

Security Cryptography Whatever Deirdre Connolly, Thomas Ptacek, David Adrian

    • Technology
    • 4.9 • 60 Ratings

Some cryptography & security people talk about security, cryptography, and whatever else is happening.

    Cryptography Tier List

    Cryptography Tier List

    (NSFW) Three AI-generated guests rank cryptography things into a tier list. Play along at home and make your own tier list: https://tiermaker.com/create/cryptography-15683166

    This episode is definitely not safe for work and definitely a parody. Do not base your decision in the 2024 election off of this podcast episode. No campaigns have endorsed this podcast.

    "Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)

    • 19 min
    Post-Quantum iMessage with Douglas Stebila

    Post-Quantum iMessage with Douglas Stebila

    Apple iMessage is getting a big upgrade! Not only are they rolling out ratcheting, but they’re going post-quantum, AND they’re doing post-quantum ratcheting! Douglas Stebila joined us to talk about his security analysis of the new PQ3 protocol update and not indulge our wild Apple speculations:

    Transcript: https://securitycryptographywhatever.com/2024/03/03/post-quantum-imessage-with-douglas-stebila/

    Links:
    - https://security.apple.com/blog/imessage-pq3/
    - Security analysis of the iMessage PQ3 protocol
    https://security.apple.com/assets/files/A_Formal_Analysis_of_the_iMessage_PQ3_Messaging_Protocol_Basin_et_al.pdf
    - Ratcheting design: https://eprint.iacr.org/2024/220.pdf
    - When Messages are Keys: Is HMAC a dual-PRF?: https://eprint.iacr.org/2023/861.pdf
    - Real World Deniability in Messaging: https://eprint.iacr.org/2023/403.pdf
    - Padmé: https://www.petsymposium.org/2019/files/papers/issue4/popets-2019-0056.pdf
    - Max Headroom: https://www.youtube.com/watch?v=cYdpOjletnc
    - Extended Canetti-Krawczyk model: https://iacr.org/archive/eurocrypt2001/20450451.pdf
    - Douglas Stebila: https://www.douglas.stebila.ca/



    "Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)

    • 55 min
    High-assurance Post-Quantum Crypto with Franziskus Kiefer and Karthik Bhargavan

    High-assurance Post-Quantum Crypto with Franziskus Kiefer and Karthik Bhargavan

    We welcome Franziskus and Karthik from Cryspen to discuss their new high-assurance implementation of ML-KEM (the final form of Kyber), discussing how formal methods can both help provide correctness guarantees, security assurances, and performance wins for your crypto code!

    Transcript: https://securitycryptographywhatever.com/2024/01/29/high-assurance-kyber/

    Links:

    - https://cryspen.com/post/ml-kem-implementation/
    - https://github.com/cryspen/libcrux/
    - https://github.com/formosa-crypto/libjade
    - https://cryspen.com/post/pqxdh/
    - https://eprint.iacr.org/2023/1933.pdf
    - Franziskus Kiefer: https://franziskuskiefer.de/
    - Karthik Bhargavan: https://bhargavan.info/

    "Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)

    • 56 min
    Encrypting Facebook Messenger with Jon Millican and Timothy Buck

    Encrypting Facebook Messenger with Jon Millican and Timothy Buck

    Facebook Messenger has finally been end-to-end encrypted, a couple of years after Mark Zuckerberg announced it! Plus Instagram DMs are trialing ephemeral E2EE DMs too! We invited on Jon Millican and Timothy Buck from Meta to discuss this major cross-platform endeavor, and how David Bowie fits into their personal Labyrinth.

    Transcript: https://securitycryptographywhatever.com/2023/12/28/e2ee-fb-messenger/

    Links:

    - https://www.facebook.com/notes/2420600258234172
    - https://eprint.iacr.org/2022/1044.pdf
    - https://engineering.fb.com/2023/12/06/security/building-end-to-end-security-for-messenger/
    - https://www.theverge.com/2023/12/6/23991501/facebook-messenger-default-end-to-end-encryption-meta
    - https://www.threads.net/@jonmillican/post/C0kQPAyoFpr
    - https://engineering.fb.com/wp-content/uploads/2023/12/MessengerEnd-to-EndEncryptionOverview_12-6-2023.pdf
    - https://engineering.fb.com/wp-content/uploads/2023/12/TheLabyrinthEncryptedMessageStorageProtocol_12-6-2023.pdf
    - https://engineering.fb.com/2022/03/10/security/code-verify/
    - https://chrome.google.com/webstore/detail/code-verify/llohflklppcaghdpehpbklhlfebooeog

    "Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)

    • 59 min
    Attacking Lattice-based Cryptography with Martin Albrecht

    Attacking Lattice-based Cryptography with Martin Albrecht

    Returning champion Martin Albrecht joins us to help explain how we measure the security of lattice-based cryptosystems like Kyber and Dilithium against attackers. QRAM, BKZ, LLL, oh my!

    Transcript: https://securitycryptographywhatever.com/2023/11/13/lattice-attacks/

    Links:

    - https://pq-crystals.org/kyber/index.shtml
    - https://pq-crystals.org/dilithium/index.shtml
    - https://eprint.iacr.org/2019/930.pdf
    - https://en.wikipedia.org/wiki/Short_integer_solution_problem
    - Frodo: https://eprint.iacr.org/2016/659
    - https://csrc.nist.gov/CSRC/media/Events/third-pqc-standardization-conference/documents/accepted-papers/ribeiro-saber-pq-key-pqc2021.pdf
    - https://en.wikipedia.org/wiki/Hermite_normal_form
    - https://en.wikipedia.org/wiki/Wagner%E2%80%93Fischer_algorithm
    - https://www.math.auckland.ac.nz/~sgal018/crypto-book/ch18.pdf
    - https://eprint.iacr.org/2019/1161
    - QRAM: https://arxiv.org/abs/2305.10310
    - https://en.wikipedia.org/wiki/Lenstra%E2%80%93Lenstra%E2%80%93Lov%C3%A1sz_lattice_basis_reduction_algorithm
    - MATZOV improved dual lattice attack: https://zenodo.org/records/6412487
    - https://eprint.iacr.org/2008/504.pdf
    - https://eprint.iacr.org/2023/302.pdf

    "Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)

    • 57 min
    Signal's Post-Quantum PQXDH, Same-Origin Policy, E2EE in the Browser Revisted

    Signal's Post-Quantum PQXDH, Same-Origin Policy, E2EE in the Browser Revisted

    We're back! Signal rolled out a protocol change to be post-quantum resilient! Someone was caught intercepting Jabber TLS via certificate transparency! Was the same-origin policy in web browers just a dirty hack all along? Plus secure message format formalisms, and even more beating of the dead horse that is E2EE in the browser.

    Transcript: https://securitycryptographywhatever.com/2023/11/07/PQXDH-etc

    Links:

    - https://zfnd.org/so-you-want-to-build-an-end-to-end-encrypted-web-app/
    - https://github.com/superfly/macaroon
    - https://cryspen.com/post/pqxdh/
    - https://eprint.iacr.org/2023/1390.pdf

    "Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)

    • 1 hr 19 min

Customer Reviews

4.9 out of 5
60 Ratings

60 Ratings

Bob on Ross ,

Wonderfully accessible!

Each episode is a great discussion into a large field

Ragnaroekk ,

Found my new favorite podcast!

Stumbled across this podcast while trying to supplement an applied cryptography class. I couldn’t be more please with the content and excitement the hosts have about cryptography. Definitely worth a listen!

Andrew Brinker ,

Favorite podcast

The mix of serious technical competency and lack of ego of the three hosts makes this podcast a delight. Although the release schedule is haphazard, every episode is worth the wait. I always feel like I’ve learned something new at the end of each episode, and I’ve gone back to many of the episodes and learned more on re-listening. I highly recommend this podcast!

Top Podcasts In Technology

Lex Fridman Podcast
Lex Fridman
All-In with Chamath, Jason, Sacks & Friedberg
All-In Podcast, LLC
Acquired
Ben Gilbert and David Rosenthal
TED Radio Hour
NPR
Hard Fork
The New York Times
Darknet Diaries
Jack Rhysider

You Might Also Like

Smashing Security
Graham Cluley & Carole Theriault
Malicious Life
Malicious Life
Hacking Humans
N2K Networks
Darknet Diaries
Jack Rhysider
Go Time: Golang, Software Engineering
Changelog Media
CyberWire Daily
N2K Networks