Hey! I'm David, cofounder of zkSecurity and the author of the Real-World Cryptography book. I was previously a crypto architect at O(1) Labs (working on the Mina cryptocurrency), before that I was the security lead for Diem (formerly Libra) at Novi (Facebook), and a security consultant for the Cryptography Services of NCC Group. This is my blog about cryptography and security and other related topics that I find interesting.

more on the next page...

# Monty Hall visualization posted December 2013

The Monty Hall problem is to me one of the most fascinating probability problem (for it's simpleness and unintuitive results) that got my mind blown since I learned about it in high school.

One day in high school, in my Math class, the teacher told us about that famous problem. Monty Hall was an old and popular TV show in the states were you had to choose a door to open from three different ones. Behind one of them was a car, behind the two others were goats. Obviously, the goal of the game was to win the car (except if you were really into goats, but then I guess you could have bought a lot of those with a car).

Anyway, the tricky part was that when you made a choice, the host asked you to wait before opening it and would open another door, revealing a goat. Then he would give you the opportunity to waive your initial choice and swap door one last time.

Here lies the probability problem. Do you think you would have more chance of winning if you changed your choice?

My math teacher said yes, and I could not believe that, I remember loudly objecting, telling the teacher it was not possible, that it was not logical. I declined what seemed grotesque at the time, I refused to acknowledge such an unintuitive result, such a simple thing, my brain could do the calculation easily so why would you tell me I was wrong on such a trivial thing.

But yes, I was wrong. I knew I was wrong. I was upset at my own mind. I didn't understand how I could be so convinced that changing choice wouldn't change my chances of winning the car. The problem was simple, so simple. And yet my mind couldn't make its way around it.

After many years of training my brain to think differently about probabilities, I can know see how this problem works. 7 years after my first introduction to this problem, I can now grasp a part of it. I understand it, I know the probabilities enrolled in the resolution of this problem, I've learned them at uni and I made the effort to think about that problem quite a lot during those last years. I actually often ask that problem to my friends, to blow their mind. But still, 7 years after being introduced to that problem, I still have troubles finding its probabilities "natural". My brain still cannot process the fact that it HAS to work that way, that the world is turning in that direction and no others.

I hope I didn't send you to sleep with this. If you want to know more about the mathematician who published this result and got insulted by numerous math PHD for being wrong, you can take a stroll on the wikipedia page.

My technique to wire my brain on the right path? Thinking about a hundred doors, 1 car, 99 goats. I open one door, the host closes 98 others. It feels easier to process when told this way, but there is still a part of me, somewhere, that tells me it wouldn't change a thing. Even with 98 doors opened. What is wrong with my brain?

If you still don't believe me, there is a short and visually clear explanation here.

PS: this is one of my go to when I want to be amazed at how unintuitive or how little we know about how things work. If you like that kind of thing, you can also check the twin paradox or the biography of Milton H. Erickson.

comment on this story

# Markdown posted December 2013

I've changed the way I handle articles on this blog. I used to type plain html, but I'm now using the markdown syntax with the php parsedown parser.

So if you see any display errors, please tell me.

comment on this story

# Cameron Winklevoss AMA on Reddit posted December 2013

There's an AMA on reddit right now from one of the Winklevoss brother. If you never heard of them, they were the one who originally came up with the idea of facebook but got it stolen after trying to hire Zuckerberg to code it. They're pretty famous in the bitcoin community for having bought 11million \$ of bitcoins before April's big crash. The wonderful thing is, they hold on to their bitcoin during the crash. They must be very clever people because they're now, richer than ever.

Some of the interesting stuff from that AMA :

Have he sold any bitcoin?

I have yet to sell a single bitcoin.

What's the future of bitcoins?

small bull case scenario for Bitcoin is a 400 billion USD dollar market cap, so 40,000 USD a coin, but I believe it could be much larger. When this will happen, if it happens, I don't know, but if it happens, it will probably happen much faster than anyone imagines.

How did he learn about bitcoins?

Partying on a beach in Ibiza, where else?

Other altcoins?

I have not invested in any altcoins because I don't believe that any of the "problems" or issues that they address can't be addressed by Bitcoin itself.

There is a dog coin that seems to be a big joke : www.dogecoin.org

░░░░░░░░░▄░░░░░░░░░░░░░░▄░░░░ ░░░░░░░░▌▒█░░░░░░░░░░░▄▀▒▌░░░ ░░░░░░░░▌▒▒█░░░░░░░░▄▀▒▒▒▐░░░ ░░░░░░░▐▄▀▒▒▀▀▀▀▄▄▄▀▒▒▒▒▒▐░░░ ░░░░░▄▄▀▒░▒▒▒▒▒▒▒▒▒█▒▒▄█▒▐░░░ ░░░▄▀▒▒▒░░░▒▒▒░░░▒▒▒▀██▀▒▌░░░ ░░▐▒▒▒▄▄▒▒▒▒░░░▒▒▒▒▒▒▒▀▄▒▒▌░░ ░░▌░░▌█▀▒▒▒▒▒▄▀█▄▒▒▒▒▒▒▒█▒▐░░ ░▐░░░▒▒▒▒▒▒▒▒▌██▀▒▒░░░▒▒▒▀▄▌░ ░▌░▒▄██▄▒▒▒▒▒▒▒▒▒░░░░░░▒▒▒▒▌░ ▀▒▀▐▄█▄█▌▄░▀▒▒░░░░░░░░░░▒▒▒▐░ ▐▒▒▐▀▐▀▒░▄▄▒▄▒▒▒▒▒▒░▒░▒░▒▒▒▒▌ ▐▒▒▒▀▀▄▄▒▒▒▄▒▒▒▒▒▒▒▒░▒░▒░▒▒▐░ ░▌▒▒▒▒▒▒▀▀▀▒▒▒▒▒▒░▒░▒░▒░▒▒▒▌░ ░▐▒▒▒▒▒▒▒▒▒▒▒▒▒▒░▒░▒░▒▒▄▒▒▐░░ ░░▀▄▒▒▒▒▒▒▒▒▒▒▒░▒░▒░▒▄▒▒▒▒▌░░ ░░░░▀▄▒▒▒▒▒▒▒▒▒▒▄▄▄▀▒▒▒▒▄▀░░░ ░░░░░░▀▄▄▄▄▄▄▀▀▀▒▒▒▒▒▄▄▀░░░░░ ░░░░░░░░░▒▒▒▒▒▒▒▒▒▒▀▀░░░░░░░░

comment on this story

# Reed-Solomon posted December 2013

The last things we studied in Arithmetic are the Reed-Solomon codes. It's a type of code you use to, not encrypt your information, but create redundant information in your final code. So when you read your code, if there are errors or missing parts, you can still decode it. It's not perfectly redundant like dog's ADN is. The redundant code is changed in a certain way so you can guess what the missing parts are.

A few days ago I was on the road to La Fête des Lumières (in Lyon) with 4 germans I met in Bordeaux. The driver had an old CD with a few mainstream and german songs on it that he wanted to play, problem, the CD was damaged, solution? None. Didn't need a solution. The CD still played, although sometimes it was indeed jumping, most of the time it was playing correctly. How is that?

Well, the information burned on the CD is coded thanks to Reed-Solomon's algorithm so that you can still guess what was burned on it through particular redundant code. This redundant code is (and I'm taking a guess here) what is used when your computer asks you "do you want to check if there was no error?" right after burning your CD.

comment on this story

# NP Complexity posted December 2013

Ahhhh, what is P, NP, NP-Complete and NP-hard. Found this quick explanation. Still reading on the subject. I feel like It might take me a lot of time until I can be able to explain that easily to someone who has no idea what it is.
true mastery of a subject is achieved when you can explain it simply
Here's a stackoverflow pretty simple explanation
A decision problem is in P if there is a known polynomial-time algorithm to get that answer. A decision problem is in NP if there is a known polynomial-time algorithm for a non-deterministic machine to get the answer.
comment on this story

# I've been interviewed by Direct Matin Bordeaux posted December 2013

Today I was interviewed by Emeline Marceau from Direct Martin Bordeaux, a free newspaper that is directly competing against 20 minutes in France.

I already had my first interview with Vincent Glad from Slate (and now Canal+) 3 years ago. But this is different as it should be printed in a real newspaper with a picture of me. Well nothing is sure yet, crossing fingers.

comment on this story

# ThePirateBay.sx -> ThePirateBay.ac posted December 2013

The Pirate Bay, literally surfing the web with their pirate ship, changing their URL once again. more info

comment on this story

# Storing plain passwords in cookies posted December 2013

I've always stored plain passwords in cookies. And today I decided to educate myself about cookies a bit. Well, I was expecting that : you should not store plain passwords in cookies.

Basically, if your computer gets compromised, everyone can read what's in your cookies. So you'd better not store important information that are not encrypted.

What is the work around ? Storing a token + his identification. When someone logs in, I create a random token and store it in the database under its name.

Next time the guy comes around, I see that he has a token, I check if its identification coincides with the token, if it does I log the guy in.

I've seen hardcore implementations where the token (in the database, and in the guy's cookies) is refreshed on every page. I find that a bit troublesome as the cookie expires after 5 days (in my implementation) so it's no big risks.

I could also have put a timestamp forbidding anyone to log in with that token after 5 days. But I feel like it would be over protecting.

comment on this story