crypto developments a bit about me daniel j bernstein
play

Crypto developments A bit about me Daniel J. Bernstein Designer - PowerPoint PPT Presentation

Apr 10, 2024 •178 likes •625 views

Crypto developments A bit about me Daniel J. Bernstein Designer of: qmail , used by Yahoo Research Professor, to handle Internet mail; University of Illinois at Chicago tinydns , used by Facebook Hoogleraar, to publish server

  1. Crypto developments A bit about me Daniel J. Bernstein Designer of: • qmail , used by Yahoo Research Professor, to handle Internet mail; University of Illinois at Chicago • tinydns , used by Facebook Hoogleraar, to publish server addresses; Cryptographic Implementations, • dnscache , used by OpenDNS Technische Universiteit Eindhoven to look up server addresses; • Curve25519 public-key system used by Apple to protect files stored on iPhones; • ChaCha20 secret-key cipher used by Chrome to encrypt HTTPS connections to Google.

  2. developments A bit about me Standard J. Bernstein Designer of: Goals: p • qmail , used by Yahoo integrity, rch Professor, to handle Internet mail; University of Illinois at Chicago • tinydns , used by Facebook ogleraar, to publish server addresses; Cryptographic Implementations, • dnscache , used by OpenDNS echnische Universiteit Eindhoven to look up server addresses; • Curve25519 public-key system used by Apple to protect files stored on iPhones; • ChaCha20 secret-key cipher used by Chrome to encrypt HTTPS connections to Google.

  3. developments A bit about me Standard crypto is Bernstein Designer of: Goals: protect confidentialit • qmail , used by Yahoo integrity, and availabilit Professor, to handle Internet mail; Illinois at Chicago • tinydns , used by Facebook to publish server addresses; Implementations, • dnscache , used by OpenDNS Universiteit Eindhoven to look up server addresses; • Curve25519 public-key system used by Apple to protect files stored on iPhones; • ChaCha20 secret-key cipher used by Chrome to encrypt HTTPS connections to Google.

  4. A bit about me Standard crypto is failing Designer of: Goals: protect confidentiality • qmail , used by Yahoo integrity, and availability. to handle Internet mail; Chicago • tinydns , used by Facebook to publish server addresses; Implementations, • dnscache , used by OpenDNS Eindhoven to look up server addresses; • Curve25519 public-key system used by Apple to protect files stored on iPhones; • ChaCha20 secret-key cipher used by Chrome to encrypt HTTPS connections to Google.

  5. A bit about me Standard crypto is failing Designer of: Goals: protect confidentiality, • qmail , used by Yahoo integrity, and availability. to handle Internet mail; • tinydns , used by Facebook to publish server addresses; • dnscache , used by OpenDNS to look up server addresses; • Curve25519 public-key system used by Apple to protect files stored on iPhones; • ChaCha20 secret-key cipher used by Chrome to encrypt HTTPS connections to Google.

  6. A bit about me Standard crypto is failing Designer of: Goals: protect confidentiality, • qmail , used by Yahoo integrity, and availability. to handle Internet mail; Standard crypto does a bad job • tinydns , used by Facebook of meeting these goals today, to publish server addresses; and an even worse job tomorrow. • dnscache , used by OpenDNS to look up server addresses; • Curve25519 public-key system used by Apple to protect files stored on iPhones; • ChaCha20 secret-key cipher used by Chrome to encrypt HTTPS connections to Google.

  7. A bit about me Standard crypto is failing Designer of: Goals: protect confidentiality, • qmail , used by Yahoo integrity, and availability. to handle Internet mail; Standard crypto does a bad job • tinydns , used by Facebook of meeting these goals today, to publish server addresses; and an even worse job tomorrow. • dnscache , used by OpenDNS The standardization process to look up server addresses; does not insist on security; • Curve25519 public-key system ignores important warnings used by Apple to protect from cryptographers; files stored on iPhones; ignores predictable improvements • ChaCha20 secret-key cipher in computer technology; and used by Chrome to encrypt is unable to resist attack. HTTPS connections to Google.

  8. about me Standard crypto is failing MD5 Designer of: Goals: protect confidentiality, 2008 Stevens–Sotirov– qmail , used by Yahoo integrity, and availability. Appelbaum–Lenstra–Molna handle Internet mail; Osvik–de Standard crypto does a bad job tinydns , used by Facebook MD5 ⇒ of meeting these goals today, publish server addresses; and an even worse job tomorrow. dnscache , used by OpenDNS The standardization process ok up server addresses; does not insist on security; Curve25519 public-key system ignores important warnings by Apple to protect from cryptographers; stored on iPhones; ignores predictable improvements ChaCha20 secret-key cipher in computer technology; and by Chrome to encrypt is unable to resist attack. HTTPS connections to Google.

  9. Standard crypto is failing MD5 Goals: protect confidentiality, 2008 Stevens–Sotirov– y Yahoo integrity, and availability. Appelbaum–Lenstra–Molna ernet mail; Osvik–de Weger exploited Standard crypto does a bad job by Facebook MD5 ⇒ rogue CA of meeting these goals today, server addresses; and an even worse job tomorrow. used by OpenDNS The standardization process server addresses; does not insist on security; public-key system ignores important warnings to protect from cryptographers; iPhones; ignores predictable improvements secret-key cipher in computer technology; and Chrome to encrypt is unable to resist attack. connections to Google.

  10. Standard crypto is failing MD5 Goals: protect confidentiality, 2008 Stevens–Sotirov– integrity, and availability. Appelbaum–Lenstra–Molnar– Osvik–de Weger exploited Standard crypto does a bad job ook MD5 ⇒ rogue CA for TLS. of meeting these goals today, addresses; and an even worse job tomorrow. enDNS The standardization process addresses; does not insist on security; system ignores important warnings rotect from cryptographers; ignores predictable improvements cipher in computer technology; and rypt is unable to resist attack. Google.

  11. Standard crypto is failing MD5 Goals: protect confidentiality, 2008 Stevens–Sotirov– integrity, and availability. Appelbaum–Lenstra–Molnar– Osvik–de Weger exploited Standard crypto does a bad job MD5 ⇒ rogue CA for TLS. of meeting these goals today, and an even worse job tomorrow. The standardization process does not insist on security; ignores important warnings from cryptographers; ignores predictable improvements in computer technology; and is unable to resist attack.

  12. Standard crypto is failing MD5 Goals: protect confidentiality, 2008 Stevens–Sotirov– integrity, and availability. Appelbaum–Lenstra–Molnar– Osvik–de Weger exploited Standard crypto does a bad job MD5 ⇒ rogue CA for TLS. of meeting these goals today, and an even worse job tomorrow. 2012 Flame: new MD5 attack. The standardization process does not insist on security; ignores important warnings from cryptographers; ignores predictable improvements in computer technology; and is unable to resist attack.

  13. Standard crypto is failing MD5 Goals: protect confidentiality, 2008 Stevens–Sotirov– integrity, and availability. Appelbaum–Lenstra–Molnar– Osvik–de Weger exploited Standard crypto does a bad job MD5 ⇒ rogue CA for TLS. of meeting these goals today, and an even worse job tomorrow. 2012 Flame: new MD5 attack. The standardization process Fact: By 1996, a few years does not insist on security; after the introduction of MD5, ignores important warnings Preneel and Dobbertin were from cryptographers; calling for MD5 to be scrapped. ignores predictable improvements in computer technology; and is unable to resist attack.

  14. Standard crypto is failing MD5 Goals: protect confidentiality, 2008 Stevens–Sotirov– integrity, and availability. Appelbaum–Lenstra–Molnar– Osvik–de Weger exploited Standard crypto does a bad job MD5 ⇒ rogue CA for TLS. of meeting these goals today, and an even worse job tomorrow. 2012 Flame: new MD5 attack. The standardization process Fact: By 1996, a few years does not insist on security; after the introduction of MD5, ignores important warnings Preneel and Dobbertin were from cryptographers; calling for MD5 to be scrapped. ignores predictable improvements Internet crypto standardization in computer technology; and continued using MD5. is unable to resist attack.

  15. Standard crypto is failing MD5 Taiwan Citizen protect confidentiality, 2008 Stevens–Sotirov– Renesas integrity, and availability. Appelbaum–Lenstra–Molnar– Security Osvik–de Weger exploited by T-Systems, Standard crypto does a bad job MD5 ⇒ rogue CA for TLS. CC assurance meeting these goals today, even worse job tomorrow. 2012 Flame: new MD5 attack. standardization process Fact: By 1996, a few years not insist on security; after the introduction of MD5, res important warnings Preneel and Dobbertin were cryptographers; calling for MD5 to be scrapped. res predictable improvements Internet crypto standardization computer technology; and continued using MD5. unable to resist attack.

Recommend

Crypto developments Daniel J. Bernstein Research Professor, University of Illinois at Chicago

Crypto developments Daniel J. Bernstein Research Professor, University of Illinois at Chicago

Crypto developments Daniel J. Bernstein Research Professor, University of Illinois at Chicago Hoogleraar, Cryptographic Implementations, Technische Universiteit Eindhoven A bit about me Designer of: qmail , used by Yahoo to handle

753 views • 26 slides
Crypto horror stories Daniel J. Bernstein University of Illinois at Chicago & Technische

Crypto horror stories Daniel J. Bernstein University of Illinois at Chicago & Technische

Crypto horror stories Daniel J. Bernstein University of Illinois at Chicago & Technische Universiteit Eindhoven Crypto horror stories Daniel J. Bernstein Horror story 1 RC4 Crypto horror stories Daniel J. Bernstein RC4 stream cipher:

799 views • 61 slides
Boring crypto Daniel J. Bernstein University of Illinois at Chicago & Technische

Boring crypto Daniel J. Bernstein University of Illinois at Chicago & Technische

Boring crypto Daniel J. Bernstein University of Illinois at Chicago & Technische Universiteit Eindhoven Ancient Chinese curse: May you live in interesting times, so that you have many papers to write. Related mailing list:

871 views • 57 slides
Making sure crypto stays insecure Daniel J. Bernstein University of Illinois at Chicago &

Making sure crypto stays insecure Daniel J. Bernstein University of Illinois at Chicago &

Making sure crypto stays insecure Daniel J. Bernstein University of Illinois at Chicago & Technische Universiteit Eindhoven Terrorist in Hong Kong prepares to throw deadly weapon at Chinese government workers. Image credit: Reuters.

739 views • 54 slides
Making sure crypto stays insecure Daniel J. Bernstein University of Illinois at Chicago &

Making sure crypto stays insecure Daniel J. Bernstein University of Illinois at Chicago &

Making sure crypto stays insecure Daniel J. Bernstein University of Illinois at Chicago & Technische Universiteit Eindhoven Terrorist in Hong Kong prepares to throw deadly weapon at Chinese government workers. Image credit: Reuters.

1.74k views • 140 slides
The libpqcrypto software library for post-quantum cryptography Daniel J. Bernstein and many

The libpqcrypto software library for post-quantum cryptography Daniel J. Bernstein and many

The libpqcrypto software library for post-quantum cryptography Daniel J. Bernstein and many contributors libpqcrypto.org Daniel J. Bernstein Context libpqcrypto.org Daniel J. Bernstein Redesigning crypto for security New requirements for

541 views • 51 slides
Error-prone cryptographic designs Crypto horror story #1 Daniel J. Bernstein 2010

Error-prone cryptographic designs Crypto horror story #1 Daniel J. Bernstein 2010

Error-prone cryptographic designs Crypto horror story #1 Daniel J. Bernstein 2010 BushingMarcanSegher University of Illinois at Chicago & Sven failOverflow demolition Technische Universiteit Eindhoven of Sony PS3 security

1.08k views • 69 slides
Boring crypto Some recent TLS failures Daniel J. Bernstein Diginotar CA compromise. University

Boring crypto Some recent TLS failures Daniel J. Bernstein Diginotar CA compromise. University

Boring crypto Some recent TLS failures Daniel J. Bernstein Diginotar CA compromise. University of Illinois at Chicago & BEAST CBC attack. Technische Universiteit Eindhoven Trustwave HTTPS interception. CRIME compression attack. Lucky 13

1.3k views • 128 slides
Lattice-based cryptography: Episode V: the ring strikes back Daniel J. Bernstein University of

Lattice-based cryptography: Episode V: the ring strikes back Daniel J. Bernstein University of

1 Lattice-based cryptography: Episode V: the ring strikes back Daniel J. Bernstein University of Illinois at Chicago Crypto 1999 Nguyen: At Crypto 97, Goldreich, Goldwasser and Halevi proposed a public-key cryptosystem based on the

683 views • 32 slides
The Year in Crypto Daniel J. Bernstein University of Illinois at Chicago Technische Universiteit

The Year in Crypto Daniel J. Bernstein University of Illinois at Chicago Technische Universiteit

The Year in Crypto Daniel J. Bernstein University of Illinois at Chicago Technische Universiteit Eindhoven Nadia Heninger University of Pennsylvania Tanja Lange Technische Universiteit Eindhoven Candidate Indistinguishability Obfuscation

1.18k views • 78 slides
The year in post-quantum crypto Daniel J. Bernstein, Tanja Lange University of Illinois at

The year in post-quantum crypto Daniel J. Bernstein, Tanja Lange University of Illinois at

The year in post-quantum crypto Daniel J. Bernstein, Tanja Lange University of Illinois at Chicago, Eindhoven University of Technology Post-quantum cryptography: Cryptography designed under the assumption that the attacker (not the user!) has

1.29k views • 94 slides
Standardization for the black hat Daniel J. Bernstein University of Illinois at Chicago &

Standardization for the black hat Daniel J. Bernstein University of Illinois at Chicago &

1 Standardization for the black hat Daniel J. Bernstein University of Illinois at Chicago & Technische Universiteit Eindhoven 1 bada55.cr.yp.to BADA55 Crypto including How to manipulate curve standards: a white paper for the

879 views • 45 slides
Cryptographic software engineering, part 1 Daniel J. Bernstein This is easy, right? 1. Take

Cryptographic software engineering, part 1 Daniel J. Bernstein This is easy, right? 1. Take

1 Cryptographic software engineering, part 1 Daniel J. Bernstein This is easy, right? 1. Take general principles of software engineering. 2. Apply principles to crypto. Lets try some examples : : : 2 1972 Parnas On the criteria to

810 views • 63 slides
Cryptographic software engineering, part 1 Daniel J. Bernstein This is easy, right? 1. Take

Cryptographic software engineering, part 1 Daniel J. Bernstein This is easy, right? 1. Take

1 Cryptographic software engineering, part 1 Daniel J. Bernstein This is easy, right? 1. Take general principles of software engineering. 2. Apply principles to crypto. Lets try some examples : : : 2 1972 Parnas On the criteria to

1.15k views • 86 slides
Algorithms for multiquadratic number fields D. J. Bernstein Jens Bauch, Daniel J. Bernstein,

Algorithms for multiquadratic number fields D. J. Bernstein Jens Bauch, Daniel J. Bernstein,

1 Algorithms for multiquadratic number fields D. J. Bernstein Jens Bauch, Daniel J. Bernstein, Henry de Valence, Tanja Lange, Christine van Vredendaal. Short generators without quantum computers: the case of multiquadratics. Eurocrypt

1.13k views • 97 slides
Countering quantum FUD Daniel J. Bernstein Joint work with: Nadia Heninger Paul Lou Luke

Countering quantum FUD Daniel J. Bernstein Joint work with: Nadia Heninger Paul Lou Luke

Countering quantum FUD Daniel J. Bernstein Joint work with: Nadia Heninger Paul Lou Luke Valenta Countering quantum FUD Daniel J. Bernstein, Nadia Heninger, Paul Lou, Luke Valenta All crypto is broken? FUD : Nobody knows exactly when

509 views • 13 slides
Announcement of the CAESAR finalists Daniel J. Bernstein Announcement of the CAESAR finalists

Announcement of the CAESAR finalists Daniel J. Bernstein Announcement of the CAESAR finalists

Announcement of the CAESAR finalists Daniel J. Bernstein Announcement of the CAESAR finalists Daniel J. Bernstein CAESAR timeline planned in 2012 2013.01: Announce tentative schedule. 2014.01: Deadline for first-round submissions.

527 views • 10 slides
1 Symmetric crypto, part 2 D. J. Bernstein session key k client

1 Symmetric crypto, part 2 D. J. Bernstein session key k client

1 Symmetric crypto, part 2 D. J. Bernstein session key k client servers ciphertext C 0 public key S Internet Public-key crypto ciphertext C 0 servers same k secret key s server

916 views • 80 slides
Cleaning up crypto D. J. Bernstein, U. Illinois Chicago & T. U. Eindhoven Tanja Lange, T. U.

Cleaning up crypto D. J. Bernstein, U. Illinois Chicago & T. U. Eindhoven Tanja Lange, T. U.

Cleaning up crypto D. J. Bernstein, U. Illinois Chicago & T. U. Eindhoven Tanja Lange, T. U. Eindhoven Joint work with: Peter Schwabe, R. U. Nijmegen http://xkcd.com/538/ AES-128, RSA-2048, etc. are widely accepted standards. Obviously

844 views • 52 slides
NaCl: a new crypto library D. J. Bernstein, U. Illinois Chicago & T. U. Eindhoven Tanja

NaCl: a new crypto library D. J. Bernstein, U. Illinois Chicago & T. U. Eindhoven Tanja

NaCl: a new crypto library D. J. Bernstein, U. Illinois Chicago & T. U. Eindhoven Tanja Lange, T. U. Eindhoven Joint work with: Peter Schwabe, R. U. Nijmegen xkcd.com/538/ AES-128, RSA-2048, etc. are widely accepted standards. Obviously

874 views • 50 slides
Introduction to symmetric crypto Some cipher history D. J. Bernstein 1973, and again in 1974:

Introduction to symmetric crypto Some cipher history D. J. Bernstein 1973, and again in 1974:

1 2 Introduction to symmetric crypto Some cipher history D. J. Bernstein 1973, and again in 1974: U.S. National Bureau of Standards solicits proposals How HTTPS protects connection: for a Data Encryption Standard. Public-key encryption

1.67k views • 131 slides
Introduction to symmetric crypto D. J. Bernstein How HTTPS protects connection: Public-key

Introduction to symmetric crypto D. J. Bernstein How HTTPS protects connection: Public-key

1 Introduction to symmetric crypto D. J. Bernstein How HTTPS protects connection: Public-key encryption system encrypts one secret message: a random 256-bit session key. Public-key signature system stops NSAITM attacks. Fast

1.03k views • 63 slides
High-speed cryptography, Crypto performance problems part 1: often lead users to reduce

High-speed cryptography, Crypto performance problems part 1: often lead users to reduce

High-speed cryptography, Crypto performance problems part 1: often lead users to reduce elliptic-curve formulas cryptographic security levels or give up on cryptography. Daniel J. Bernstein University of Illinois at Chicago & Example 1

1.55k views • 138 slides
Thomas Jefferson and Apple versus the FBI Daniel J. Bernstein University of Illinois at Chicago

Thomas Jefferson and Apple versus the FBI Daniel J. Bernstein University of Illinois at Chicago

Thomas Jefferson and Apple versus the FBI Daniel J. Bernstein University of Illinois at Chicago & Technische Universiteit Eindhoven Thomas Jefferson and Apple versus the FBI Daniel J. Bernstein 1919 The Womens Christian Temperance Union

552 views • 29 slides

More recommend