Best crypto blog posts of 2017 posted December 2017
Hello hello,
Merry christmas and happy new year. We're done for the year and so it is time for me to write this blog post (I did the same last year by the way).
I'll copy verbatim what I wrote last year about what makes a good blog post:
- Interesting. I need to learn something out of it, whatever the topic is. If it's only about results I'm generally not interested.
- Pedagogical. Don't dump your unfiltered knowledge on me, I'm dumb. Help me with diagrams and explain it to me like I'm 5.
- Well written. I can't read boring. Bonus point if it's funny :)
Without further adue, here is the list!
-
building lattice reduction (LLL) intuition from Kelby Ludwig is a must read if you want to understand how lattices and lattice reductions work. By the way, this post is the perfect example of a blogpost that fits all my criteria of a good blog post. Make sure to check Kelby's blog post of last year as well.
-
Introducing Miscreant: a multi-language misuse resistant encryption library from Tony Arcieri is the perfect introduction to key wrapping and SIV modes. AES-GCM-SIV from Adam Langley is a good addition.
-
How I implemented my own crypto is a trip report from Loup Vaillant about implementing his own cryptographic library.
-
Why TLS 1.3 isn't in browsers yet by Nick Sullivan is a good summary of the mess that TLS 1.3 is (specifically because it needs to support so many legacy versions). For more lolz, make sure to read Matthew Green's The strange story of “Extended Random”.
-
Cloudflare has a lot more good blogposts: Privacy Pass - “The Math” from Alex Davidson goes through the math of one of the most crypto-y feature ever seen from a "normal" company, SIDH in Go for quantum-resistant TLS 1.3 by Henry de Valence does the same for the SIDH post-quantum key exchange. (A good addition to this is SIDH a quantum resistant algorithm for DH exchange by Shevek).
-
HTTPS on Stack Overflow: The End of a Long Road is a huge post from Nick Craver going into depth about the troubles of migrating towards HTTPS for large infrastructures. In addition, be sure to check Jan Schaumann's work on doing the same thing for yahoo: The Razor's Edge - Cutting Your TLS Baggage.
-
SSL Certificate Exchange from Joshua Davies is a really useful walkthrough of a TLS certificate. If you don't know much about TLS certificates and need to know more, it's a really good read.
-
Is SHA-3 slow?, Keccak: open-source cryptography and Why Keccak is not ARX . The Keccak team made an excellent job this year of talking (and debunking critics) about the new SHA-3 hash function. You can learn about the different concepts surrounding SHA-3 through these posts.
-
Why Replace SHA-1 with BLAKE2? on the other hand, written by JP Aumasson, tells you to replace your SHA-1 instances with his hash function BLAKE2. JP writes a lot of very good blog post, so check this one on Should Curve25519 keys be validated? (that launched the debate on Curve25519 key validation) or the ones on his submission to NIST's PQ crypto not-a-competition thingy: Improving the SPHINCS post-quantum signature scheme, part 1.
-
Cryptographic vulnerabilities in IOTA by Neha Narula and the follow up Our response to "A Cryptocurrency Without a Blockchain Has Been Built to Outperform Bitcoin" by Joi Ito (both from the Digital Currency medialab of MIT) because it shows you how hilariously bad some cryptocurrencies are (interestingly IOTA reached and lost to 4th place (in terms of market cap) in the cryptocurrency world a few months ago).
-
Confidential Transactions from Basic Principles from Michael Rosenberg is a pedogagical intro to ring signatures, range proofs and other cryptographic concepts. This is useful to dig into especially if you're keen on anonimity inside of cryptocurrencies. For an exploit of these, be sure to check Exploiting Low Order Generators in One-Time Ring Signatures from Jonas Nick.
-
What are zk-SNARKs?. Zcash has a series of articles about its underlying technology (anonimity inside of a cryptocurrency), it seems well written (like a lot of things on their website).
-
Survey of Discrete Log Algorithms is a good intro to the discrete logarithm problem.
- Walking through an F* proof by Santiago Zanella-Beguelin seems like a good way to get yourself into F*.
That's it!
Have I missed something? Please tell me in the comments.
If you want more links like these, be sure to subscribe to my link section here on this website.
See you in 2018!
Comments
Nemanja Mijailovic
The explanation of the math behind Privacy Pass was one of the best posts on the Cloudflare blog this year: https://blog.cloudflare.com/privacy-pass-the-math/.
david
added!
Nemanja Mijailovic
This post has been sitting in my bookmarks for months and I haven't found the time to read it yet, but "SIDH in Go for quantum-resistant TLS 1.3" looks promising: https://blog.cloudflare.com/sidh-go/.
Shevek
Hey David. I'm Shevek at /r/crypto.
Your list shines! I've read many of the items, some of them because you proposed them in /r/crypto. My contribution is an article of my blog that tries to fulfil points 1 & 2 (also 3, but I'm limited because English is not my mother language).
https://crypto.anarres.info/2017/sidh
david
added added!
Joshua Davies
Honored to be included here! The article on my site that you linked was actually part 3 of a series - I walked through an entire TLS 1.2 handshake byte-by-byte (which took quite a bit longer to put together than I initially anticipated). If anybody is hungry for the full story, you may want to start with part one, here: http://commandlinefanatic.com/cgi-bin/showarticle.cgi?article=art059
Santiago Zanella-Beguelin
Hi David!
I'm humbled that my post made it into this very select list. We actually have an official F* blog (https://fstarlang.github.io/) that we should use more often. I'll try to turn my brain-dump into a proper blog post there.
Let's hang out at RWC!
Chris Pete
Great and informative article on crypto space. Keep up the good work.
I will check out some of the resources you have highlighted.
Cheers
leave a comment...