Committing to Obsolescence
A technique to generate a secret-public key pair bound to an arbitrary verifying key, so that the verifying key may certify a key rotation.
Converge
Converge is the prototype exchange format for versioned node. It provides fully featured blobs and versions, including braid finalization, in encrypted and unencrypted flavors. The encoding with atlv is compact and simple to parse and build. And the cryptography is arranged to be compact and efficient.
comparison of authenticated encryption schemes
One aspect of cryptography that makes it so fragile is that different constructions have different security properties. Authenticated encryption schemes are not all equivalent! You might say “we need authenticated encryption”, choose AES-GCM. And then later you discover that you want to encrypt more than 4 billion messages per key, or need key commitment.
13.78558
one very popular fully encrypted transport protocol over udp would make traffic analysis of fully encrypted protocols much harder.
13.78126
there’s apparently technical guidelines1 that talk about turning random bits into random numbers between 0 and something other than powers of two. unfortunately it’s lacking a bit of nuance.
13.77934
i’ve been wanting a good way to migrate signature keys in converge. ideally a migrating key pair that:
- signatures can be verified correct with merely the signing public key
- the migrating secret cannot be derived from the signing secret key
- even if the migrating public key is known
e2ee for twitter dms?
yesterday, twitter rolled out encrypted direct messages.
their help page listed some glaring limitations, so i wanted to take a look inside.
13.76468
the usual use of the shared secret from a diffie-hellman key exchange is as a symmetric encryption key. of course, there’s nothing preventing anyone from using it as a secret key for a signing algorithm instead.