Security Cryptography Whatever
@scwpod.bsky.social
@durumcrustulum.com, @sockpuppet.org, @dadrian.io
“Freewheelin’ dynamic”.
https://securitycryptographywhatever.com
https://podcasts.apple.com/us/podcast/feed/id1578405214
“Freewheelin’ dynamic”.
https://securitycryptographywhatever.com
https://podcasts.apple.com/us/podcast/feed/id1578405214
Pinned
The IACR Can
The International Association of Cryptologic Research (IACR) held their regular election using secure voting software called Helios…and lost the keys to decr...
securitycryptographywhatever.com
NEW EPISODE!
The IACR lost the keys to decrypt their encrypted election results. We welcome Matt Bernhard who works on secure voting systems to explain which Helios bits are homomorphically additive or not and more:
securitycryptographywhatever.com/2025/12/30/i...
www.youtube.com/watch?v=euw_...
The IACR lost the keys to decrypt their encrypted election results. We welcome Matt Bernhard who works on secure voting systems to explain which Helios bits are homomorphically additive or not and more:
securitycryptographywhatever.com/2025/12/30/i...
www.youtube.com/watch?v=euw_...
Reposted by Security Cryptography Whatever
Threshold decryption.... I struggled with that one and still do. Obviously it's a point of fragility to allow one lost share to cancel the election. But true DKG with parties spread across the world is also not obviously easy to implement.
December 31, 2025 at 2:29 PM
Threshold decryption.... I struggled with that one and still do. Obviously it's a point of fragility to allow one lost share to cancel the election. But true DKG with parties spread across the world is also not obviously easy to implement.
Reposted by Security Cryptography Whatever
Yes, it's finite fields, in large part because implementing over elliptic curves, especially with proper hashing for NIZKs, was more complexity than I could handle. Would likely make sense to upgrade to EC at some point but also probably not a huge priority? Happy to hear counter arguments!
December 31, 2025 at 2:29 PM
Yes, it's finite fields, in large part because implementing over elliptic curves, especially with proper hashing for NIZKs, was more complexity than I could handle. Would likely make sense to upgrade to EC at some point but also probably not a huge priority? Happy to hear counter arguments!
Reposted by Security Cryptography Whatever
Yes, Helios definitely uses NIZKs to prove proper ballot form. Implemented in 2008 browser JavaScript, which was a fun challenge.
December 31, 2025 at 2:29 PM
Yes, Helios definitely uses NIZKs to prove proper ballot form. Implemented in 2008 browser JavaScript, which was a fun challenge.
Reposted by Security Cryptography Whatever
I abandoned mixnets in Helios v2+ in favor of homomorphic aggregation because of the operational complexity of mixnets.
Explained in the 2009 paper:
csrc.nist.gov/csrc/media/e...
Explained in the 2009 paper:
csrc.nist.gov/csrc/media/e...
December 31, 2025 at 2:29 PM
I abandoned mixnets in Helios v2+ in favor of homomorphic aggregation because of the operational complexity of mixnets.
Explained in the 2009 paper:
csrc.nist.gov/csrc/media/e...
Explained in the 2009 paper:
csrc.nist.gov/csrc/media/e...
Reposted by Security Cryptography Whatever
Final SCW of 2025! We had Matt Bernhard on to talk about cryptographic voting systems, in the wake of the IACR election. (Everybody I voted for in the new election won! Woo!)
NEW EPISODE!
The IACR lost the keys to decrypt their encrypted election results. We welcome Matt Bernhard who works on secure voting systems to explain which Helios bits are homomorphically additive or not and more:
securitycryptographywhatever.com/2025/12/30/i...
www.youtube.com/watch?v=euw_...
The IACR lost the keys to decrypt their encrypted election results. We welcome Matt Bernhard who works on secure voting systems to explain which Helios bits are homomorphically additive or not and more:
securitycryptographywhatever.com/2025/12/30/i...
www.youtube.com/watch?v=euw_...
The IACR Can
The International Association of Cryptologic Research (IACR) held their regular election using secure voting software called Helios…and lost the keys to decr...
securitycryptographywhatever.com
December 31, 2025 at 5:10 AM
Final SCW of 2025! We had Matt Bernhard on to talk about cryptographic voting systems, in the wake of the IACR election. (Everybody I voted for in the new election won! Woo!)
Reposted by Security Cryptography Whatever
@scwpod.bsky.social did the impossible and converted me to a podcast gxrlie
December 4, 2025 at 4:27 PM
@scwpod.bsky.social did the impossible and converted me to a podcast gxrlie
NEW EPISODE!
The IACR lost the keys to decrypt their encrypted election results. We welcome Matt Bernhard who works on secure voting systems to explain which Helios bits are homomorphically additive or not and more:
securitycryptographywhatever.com/2025/12/30/i...
www.youtube.com/watch?v=euw_...
The IACR lost the keys to decrypt their encrypted election results. We welcome Matt Bernhard who works on secure voting systems to explain which Helios bits are homomorphically additive or not and more:
securitycryptographywhatever.com/2025/12/30/i...
www.youtube.com/watch?v=euw_...
The IACR Can
The International Association of Cryptologic Research (IACR) held their regular election using secure voting software called Helios…and lost the keys to decr...
securitycryptographywhatever.com
December 31, 2025 at 2:15 AM
NEW EPISODE!
The IACR lost the keys to decrypt their encrypted election results. We welcome Matt Bernhard who works on secure voting systems to explain which Helios bits are homomorphically additive or not and more:
securitycryptographywhatever.com/2025/12/30/i...
www.youtube.com/watch?v=euw_...
The IACR lost the keys to decrypt their encrypted election results. We welcome Matt Bernhard who works on secure voting systems to explain which Helios bits are homomorphically additive or not and more:
securitycryptographywhatever.com/2025/12/30/i...
www.youtube.com/watch?v=euw_...
NEW EPISODE!
Apple did a new security thing for their latest phones with memory integrity enforcement, we did a deep a dive as we could given that we couldn't get anyone from Apple to come on our podcast 😭
podcasts.apple.com/us/podcast/a...
open.spotify.com/episode/0DhC...
youtu.be/9FJwOI2PliU
Apple did a new security thing for their latest phones with memory integrity enforcement, we did a deep a dive as we could given that we couldn't get anyone from Apple to come on our podcast 😭
podcasts.apple.com/us/podcast/a...
open.spotify.com/episode/0DhC...
youtu.be/9FJwOI2PliU
Apple’s Memory Integrity Enforcement
YouTube video by Security Cryptography Whatever
youtu.be
October 31, 2025 at 5:28 AM
NEW EPISODE!
Apple did a new security thing for their latest phones with memory integrity enforcement, we did a deep a dive as we could given that we couldn't get anyone from Apple to come on our podcast 😭
podcasts.apple.com/us/podcast/a...
open.spotify.com/episode/0DhC...
youtu.be/9FJwOI2PliU
Apple did a new security thing for their latest phones with memory integrity enforcement, we did a deep a dive as we could given that we couldn't get anyone from Apple to come on our podcast 😭
podcasts.apple.com/us/podcast/a...
open.spotify.com/episode/0DhC...
youtu.be/9FJwOI2PliU
yw
I have just today discovered that podcasts can be chapterised, and that apparently @scwpod.bsky.social is painstakingly broken into chapters with often-joke names
August 23, 2025 at 1:41 PM
yw
Reposted by Security Cryptography Whatever
I have just today discovered that podcasts can be chapterised, and that apparently @scwpod.bsky.social is painstakingly broken into chapters with often-joke names
August 23, 2025 at 11:35 AM
I have just today discovered that podcasts can be chapterised, and that apparently @scwpod.bsky.social is painstakingly broken into chapters with often-joke names
Reposted by Security Cryptography Whatever
Come for the PGP dunks, stay for the broader discussion of why encrypted email doesn’t make sense
NEW EPISODE!
An OpenPGP.js bug gave us an excuse to tear encrypted email via PGP to shreds. William Woodruff joined us to explain the vuln & indulge our gnashing of teeth on why email was never meant to be encrypted:
securitycryptographywhatever.com/2025/08/22/s...
www.youtube.com/watch?v=IoL3...
An OpenPGP.js bug gave us an excuse to tear encrypted email via PGP to shreds. William Woodruff joined us to explain the vuln & indulge our gnashing of teeth on why email was never meant to be encrypted:
securitycryptographywhatever.com/2025/08/22/s...
www.youtube.com/watch?v=IoL3...
Stop Using Encrypted Email with William Woodruff
YouTube video by Security Cryptography Whatever
www.youtube.com
August 23, 2025 at 3:08 AM
Come for the PGP dunks, stay for the broader discussion of why encrypted email doesn’t make sense
NEW EPISODE!
An OpenPGP.js bug gave us an excuse to tear encrypted email via PGP to shreds. William Woodruff joined us to explain the vuln & indulge our gnashing of teeth on why email was never meant to be encrypted:
securitycryptographywhatever.com/2025/08/22/s...
www.youtube.com/watch?v=IoL3...
An OpenPGP.js bug gave us an excuse to tear encrypted email via PGP to shreds. William Woodruff joined us to explain the vuln & indulge our gnashing of teeth on why email was never meant to be encrypted:
securitycryptographywhatever.com/2025/08/22/s...
www.youtube.com/watch?v=IoL3...
Stop Using Encrypted Email with William Woodruff
YouTube video by Security Cryptography Whatever
www.youtube.com
August 23, 2025 at 3:01 AM
NEW EPISODE!
An OpenPGP.js bug gave us an excuse to tear encrypted email via PGP to shreds. William Woodruff joined us to explain the vuln & indulge our gnashing of teeth on why email was never meant to be encrypted:
securitycryptographywhatever.com/2025/08/22/s...
www.youtube.com/watch?v=IoL3...
An OpenPGP.js bug gave us an excuse to tear encrypted email via PGP to shreds. William Woodruff joined us to explain the vuln & indulge our gnashing of teeth on why email was never meant to be encrypted:
securitycryptographywhatever.com/2025/08/22/s...
www.youtube.com/watch?v=IoL3...
Reposted by Security Cryptography Whatever
The first part of this interview with my ex-colleague Alex is a great listen if you're a software engineer (or otherwise technical) and are interested in what we were working on as technologists at the Federal Trade Commission.
NEW EPISODE!
We chat with friend of the pod and special guest Alex Gaynor, former deputy chief technologist at the FTC and all around good Security Person™. Join for nerdery about WebAuthn, stay for accidentally melting down GitHub APIs around November 2020!
youtu.be/gBoGvyvsSi4
We chat with friend of the pod and special guest Alex Gaynor, former deputy chief technologist at the FTC and all around good Security Person™. Join for nerdery about WebAuthn, stay for accidentally melting down GitHub APIs around November 2020!
youtu.be/gBoGvyvsSi4
Alex Gaynor
YouTube video by Security Cryptography Whatever
youtu.be
August 17, 2025 at 4:03 PM
The first part of this interview with my ex-colleague Alex is a great listen if you're a software engineer (or otherwise technical) and are interested in what we were working on as technologists at the Federal Trade Commission.
NEW EPISODE!
We chat with friend of the pod and special guest Alex Gaynor, former deputy chief technologist at the FTC and all around good Security Person™. Join for nerdery about WebAuthn, stay for accidentally melting down GitHub APIs around November 2020!
youtu.be/gBoGvyvsSi4
We chat with friend of the pod and special guest Alex Gaynor, former deputy chief technologist at the FTC and all around good Security Person™. Join for nerdery about WebAuthn, stay for accidentally melting down GitHub APIs around November 2020!
youtu.be/gBoGvyvsSi4
Alex Gaynor
YouTube video by Security Cryptography Whatever
youtu.be
August 16, 2025 at 10:29 PM
NEW EPISODE!
We chat with friend of the pod and special guest Alex Gaynor, former deputy chief technologist at the FTC and all around good Security Person™. Join for nerdery about WebAuthn, stay for accidentally melting down GitHub APIs around November 2020!
youtu.be/gBoGvyvsSi4
We chat with friend of the pod and special guest Alex Gaynor, former deputy chief technologist at the FTC and all around good Security Person™. Join for nerdery about WebAuthn, stay for accidentally melting down GitHub APIs around November 2020!
youtu.be/gBoGvyvsSi4
First round of invites going out tonight!
July 31, 2025 at 2:41 AM
First round of invites going out tonight!
Reposted by Security Cryptography Whatever
Transcript: securitycryptographywhatever.com/2025/07/29/v...
Vegas, Baby!
We’re throwing a party in Vegas! Someone called it SCWPodCon last year, and the name stuck. It’s sponsored by Teleport, the infrastructure identity company. ...
securitycryptographywhatever.com
July 29, 2025 at 12:59 PM
Transcript: securitycryptographywhatever.com/2025/07/29/v...
Reposted by Security Cryptography Whatever
Come to SCWPodCon, sponsored by Teleport! securitycryptographywhatever.com/events/black...
SCWPodCon BlackHat 2025
"Security Cryptography Whatever" is hosting a party during BlackHat USA, brought to you by Teleport! Get tickets now!
securitycryptographywhatever.com
July 29, 2025 at 12:59 PM
Come to SCWPodCon, sponsored by Teleport! securitycryptographywhatever.com/events/black...
Reposted by Security Cryptography Whatever
New episode! Come to SCWPodCon, sponsored by Teleport! www.youtube.com/watch?v=tbnh...
Vegas, Baby!
YouTube video by Security Cryptography Whatever
www.youtube.com
July 29, 2025 at 12:59 PM
New episode! Come to SCWPodCon, sponsored by Teleport! www.youtube.com/watch?v=tbnh...
New episode! Come to SCWPodCon, sponsored by Teleport! www.youtube.com/watch?v=tbnh...
Vegas, Baby!
YouTube video by Security Cryptography Whatever
www.youtube.com
July 29, 2025 at 12:59 PM
New episode! Come to SCWPodCon, sponsored by Teleport! www.youtube.com/watch?v=tbnh...
Reposted by Security Cryptography Whatever
This Quantum Attack Is Live Now
YouTube video by Deirdre Connolly
www.youtube.com
July 16, 2025 at 5:57 PM
Signups are still open! Sponsored by Teleport!
We're throwing another SCWPodCon in Vegas! It's in the liminal space between BlackHat and DEF CON. Be there, or have FOMO.
We'll provide the drinks, you provide the conversation. Sign up here: securitycryptographywhatever.com/events/black...
We'll provide the drinks, you provide the conversation. Sign up here: securitycryptographywhatever.com/events/black...
SCWPodCon BlackHat 2025
"Security Cryptography Whatever" is hosting a party during BlackHat USA. Get tickets now!
securitycryptographywhatever.com
July 17, 2025 at 12:24 AM
Signups are still open! Sponsored by Teleport!
We're throwing another SCWPodCon in Vegas! It's in the liminal space between BlackHat and DEF CON. Be there, or have FOMO.
We'll provide the drinks, you provide the conversation. Sign up here: securitycryptographywhatever.com/events/black...
We'll provide the drinks, you provide the conversation. Sign up here: securitycryptographywhatever.com/events/black...
SCWPodCon BlackHat 2025
"Security Cryptography Whatever" is hosting a party during BlackHat USA. Get tickets now!
securitycryptographywhatever.com
July 10, 2025 at 8:00 PM
We're throwing another SCWPodCon in Vegas! It's in the liminal space between BlackHat and DEF CON. Be there, or have FOMO.
We'll provide the drinks, you provide the conversation. Sign up here: securitycryptographywhatever.com/events/black...
We'll provide the drinks, you provide the conversation. Sign up here: securitycryptographywhatever.com/events/black...
Should we throw another BlackHat party?
July 10, 2025 at 6:00 PM
Should we throw another BlackHat party?
Reposted by Security Cryptography Whatever
Wrote some words about memory safety and JITs. Basically, there are things we want out of hardware, but it's not MTE and it still involves migrating to memory safe languages
dadrian.io/blog/posts/m...
dadrian.io/blog/posts/m...
Sandboxes? In my process? It's more likely than you think.
Discussions around memory safety often focus on choice of language, and how the language can provide memory safety guarantees. Unfortunately, choosing a language is a decision made at the start of a p...
dadrian.io
July 6, 2025 at 3:58 PM
Wrote some words about memory safety and JITs. Basically, there are things we want out of hardware, but it's not MTE and it still involves migrating to memory safe languages
dadrian.io/blog/posts/m...
dadrian.io/blog/posts/m...
Still have one more slot for a sponsor for our annual Vegas event, poke @dadrian.io if you have money.
June 8, 2025 at 10:02 PM
Still have one more slot for a sponsor for our annual Vegas event, poke @dadrian.io if you have money.