Matthew Green
@matthewdgreen.bsky.social
I teach cryptography at Johns Hopkins. https://blog.cryptographyengineering.com
Trying to think of something serious to say about the “cryptographers lose the key for the cryptographer election” story and, mostly, hey: I just love that cryptographers are actually using the weird cryptography! www.nytimes.com/2025/11/21/w...
Cryptographers Held an Election. They Can’t Decrypt the Results.
www.nytimes.com
November 22, 2025 at 2:47 PM
Trying to think of something serious to say about the “cryptographers lose the key for the cryptographer election” story and, mostly, hey: I just love that cryptographers are actually using the weird cryptography! www.nytimes.com/2025/11/21/w...
Keys are hard. www.nytimes.com/2025/11/21/w...
Cryptographers Held an Election. They Can’t Decrypt the Results.
www.nytimes.com
November 22, 2025 at 2:07 AM
Keys are hard. www.nytimes.com/2025/11/21/w...
Reposted by Matthew Green
cloudflare's on-duty IT staff bangs on the doors which I have padlocked from the inside as I calmly break open lava lamp after lava lamp and drink the contents
November 18, 2025 at 1:59 PM
cloudflare's on-duty IT staff bangs on the doors which I have padlocked from the inside as I calmly break open lava lamp after lava lamp and drink the contents
Everything in MPC and ZK comes down to how many sequential multiplications a private computation requires. In (non-interactive ZK) the answer is basically two, whereas in MPC the answer is “many” unless we’re willing to decompose the computation into many rounds.
November 18, 2025 at 4:21 PM
Everything in MPC and ZK comes down to how many sequential multiplications a private computation requires. In (non-interactive ZK) the answer is basically two, whereas in MPC the answer is “many” unless we’re willing to decompose the computation into many rounds.
A wild rumor I heard: US agencies that purchase vulnerabilities have explicitly told their vendors *not* to bring them vulnerabilities in encryption protocols (like Signal or WhatsApp), unless they want those vulnerabilities disclosed/fixed. (Take this with a mountain of salt.)
November 15, 2025 at 6:04 PM
A wild rumor I heard: US agencies that purchase vulnerabilities have explicitly told their vendors *not* to bring them vulnerabilities in encryption protocols (like Signal or WhatsApp), unless they want those vulnerabilities disclosed/fixed. (Take this with a mountain of salt.)
Reposted by Matthew Green
Mafia governance in action
"the only offer on the table was that I needed to resign by 5pm that day or the DOJ would basically rain hell on UVA... If I did not resign that day, I was told that the DOJ would extract/block hundreds of millions of dollars from UVA before they would even negotiate."
"the only offer on the table was that I needed to resign by 5pm that day or the DOJ would basically rain hell on UVA... If I did not resign that day, I was told that the DOJ would extract/block hundreds of millions of dollars from UVA before they would even negotiate."
November 14, 2025 at 3:30 PM
Mafia governance in action
"the only offer on the table was that I needed to resign by 5pm that day or the DOJ would basically rain hell on UVA... If I did not resign that day, I was told that the DOJ would extract/block hundreds of millions of dollars from UVA before they would even negotiate."
"the only offer on the table was that I needed to resign by 5pm that day or the DOJ would basically rain hell on UVA... If I did not resign that day, I was told that the DOJ would extract/block hundreds of millions of dollars from UVA before they would even negotiate."
Reposted by Matthew Green
Law enforcement: we need to break encryption to get access to Signal to protect the children!!
Also law enforcement: for years couldn’t catch a pedophile sex trafficker who used email to coordinate all of his pedophile sex trafficking
Also law enforcement: for years couldn’t catch a pedophile sex trafficker who used email to coordinate all of his pedophile sex trafficking
November 14, 2025 at 2:08 PM
Law enforcement: we need to break encryption to get access to Signal to protect the children!!
Also law enforcement: for years couldn’t catch a pedophile sex trafficker who used email to coordinate all of his pedophile sex trafficking
Also law enforcement: for years couldn’t catch a pedophile sex trafficker who used email to coordinate all of his pedophile sex trafficking
The 18y/o asked me how LZW compression worked at dinner tonight and I was like “oh [vague stuff about building a dictionary]” and he was like yeah, obviously but how do they build the dictionary, and I realized for the 6627th time that I know 0.1% of computer science and then our cheesesteak came.
November 14, 2025 at 2:05 AM
The 18y/o asked me how LZW compression worked at dinner tonight and I was like “oh [vague stuff about building a dictionary]” and he was like yeah, obviously but how do they build the dictionary, and I realized for the 6627th time that I know 0.1% of computer science and then our cheesesteak came.
It’s pretty funny that end-to-end encryption is safer from the US government than it’s ever been, and the reason is criminal corruption.
November 13, 2025 at 3:47 PM
It’s pretty funny that end-to-end encryption is safer from the US government than it’s ever been, and the reason is criminal corruption.
One of the most interesting recent privacy developments is the deployment of big two-hop IP blinding VPNs by companies like Apple and Google. These systems are designed to ensure that even those companies can’t link web requests to IP addresses.
November 13, 2025 at 1:45 PM
One of the most interesting recent privacy developments is the deployment of big two-hop IP blinding VPNs by companies like Apple and Google. These systems are designed to ensure that even those companies can’t link web requests to IP addresses.
Who named these AirPods.
November 12, 2025 at 11:32 PM
Who named these AirPods.
Reposted by Matthew Green
After initially confirming the project to Tech Radar, Ofcom went silent when pressed on questions about what data was being monitored, what privacy protections were in place or who the company doing it was.
November 11, 2025 at 11:43 PM
After initially confirming the project to Tech Radar, Ofcom went silent when pressed on questions about what data was being monitored, what privacy protections were in place or who the company doing it was.
Reposted by Matthew Green
The British government admits it is now monitoring VPNs use by UK residents. Regulator Ofcom has contracted with an AI-powered surveillance service to detect the number of citizens using VPNs to evade the Online Safety Act.
The UK tech minister has said a VPN ban is on the table.
The UK tech minister has said a VPN ban is on the table.
Exclusive: Ofcom is monitoring VPNs following Online Safety Act. Here's how
Ignoring VPNs risks creating ineffective laws, but tracking them threatens people's privacy
www.techradar.com
November 11, 2025 at 11:39 PM
The British government admits it is now monitoring VPNs use by UK residents. Regulator Ofcom has contracted with an AI-powered surveillance service to detect the number of citizens using VPNs to evade the Online Safety Act.
The UK tech minister has said a VPN ban is on the table.
The UK tech minister has said a VPN ban is on the table.
Are there any actual AI agents out there that can reliably perform tasks for you?
November 12, 2025 at 2:08 PM
Are there any actual AI agents out there that can reliably perform tasks for you?
Reposted by Matthew Green
A staggering statistic: "North American researchers were charged over US$2.27 billion by just two for-profit publishers. The Canadian research councils and the US National Science Foundation were allocated US$9.3 billion in that year." What are we doing?
We wrote the Strain on scientific publishing to highlight the problems of time & trust. With a fantastic group of co-authors, we present The Drain of Scientific Publishing:
a 🧵 1/n
Drain: arxiv.org/abs/2511.04820
Strain: direct.mit.edu/qss/article/...
Oligopoly: direct.mit.edu/qss/article/...
a 🧵 1/n
Drain: arxiv.org/abs/2511.04820
Strain: direct.mit.edu/qss/article/...
Oligopoly: direct.mit.edu/qss/article/...
November 12, 2025 at 1:58 PM
A staggering statistic: "North American researchers were charged over US$2.27 billion by just two for-profit publishers. The Canadian research councils and the US National Science Foundation were allocated US$9.3 billion in that year." What are we doing?
Reposted by Matthew Green
The Trump administration's cybersecurity policies are indistinguishable from a foreign attack.
In many ways they're worse, given they're wrapped in layers of phony operational efficiency.
In many ways they're worse, given they're wrapped in layers of phony operational efficiency.
Trump Cybersecurity Policy Is Indistinguishable From A Foreign Attack
Last year almost a dozen major U.S. ISPs were the victim of a massive, historic intrusion by Chinese hackers who managed to spy on public U.S. officials for more than a year. The “Salt Ty…
www.techdirt.com
November 7, 2025 at 3:05 PM
The Trump administration's cybersecurity policies are indistinguishable from a foreign attack.
In many ways they're worse, given they're wrapped in layers of phony operational efficiency.
In many ways they're worse, given they're wrapped in layers of phony operational efficiency.
Imagine how bad things are going to be when these morons actually stumble into AI.
November 8, 2025 at 12:04 AM
Imagine how bad things are going to be when these morons actually stumble into AI.
I was brought up in the era of “without random oracles” and so the increasing dependence on weird random oracle stuff in all our crypto really bums me out.
November 7, 2025 at 4:02 PM
I was brought up in the era of “without random oracles” and so the increasing dependence on weird random oracle stuff in all our crypto really bums me out.
The password has been changed to “Louvre2”, don’t worry
November 3, 2025 at 11:57 PM
The password has been changed to “Louvre2”, don’t worry
Reposted by Matthew Green
November 3, 2025 at 5:56 PM
Reposted by Matthew Green
It's one month until Australia's internet will drastically change. Here's what I'm doing to cover it:
(PS: I’ve set up a mailing list to send out an email when I have an article come out, instead of than hoping that an algorithm will serve it to you: camwilson.beehiiv.co...)
(PS: I’ve set up a mailing list to send out an email when I have an article come out, instead of than hoping that an algorithm will serve it to you: camwilson.beehiiv.co...)
November 2, 2025 at 10:42 AM
It's one month until Australia's internet will drastically change. Here's what I'm doing to cover it:
(PS: I’ve set up a mailing list to send out an email when I have an article come out, instead of than hoping that an algorithm will serve it to you: camwilson.beehiiv.co...)
(PS: I’ve set up a mailing list to send out an email when I have an article come out, instead of than hoping that an algorithm will serve it to you: camwilson.beehiiv.co...)
I remain not panicked about side channel attacks.
November 2, 2025 at 9:46 PM
I remain not panicked about side channel attacks.
Wow hardcover books have become luxury items all of a sudden.
November 2, 2025 at 4:20 PM
Wow hardcover books have become luxury items all of a sudden.
Did Apple push the “make old iPhone batteries die really fast” update this week?
November 1, 2025 at 11:06 PM
Did Apple push the “make old iPhone batteries die really fast” update this week?
Reposted by Matthew Green
There's no such thing as Fully-Homomorphic Decryption.
Anytime you see a system using FHE to compute on your sensitive data, remember: someone has the key. If its not you, do you trust them?
Anytime you see a system using FHE to compute on your sensitive data, remember: someone has the key. If its not you, do you trust them?
November 1, 2025 at 7:02 PM
There's no such thing as Fully-Homomorphic Decryption.
Anytime you see a system using FHE to compute on your sensitive data, remember: someone has the key. If its not you, do you trust them?
Anytime you see a system using FHE to compute on your sensitive data, remember: someone has the key. If its not you, do you trust them?