from @claucece.bsky.social and other researchers at @brave.com: brave.com/blog/zkp-age...

To anyone who works for @bsky.app: y'all nailed your BoF at IETF!

Anonymous credentials are going to have a big year. In the realm of "fancy" cryptography, they're perhaps the most important primitive we'll need to make PQ. Where do we stand? Lena Heimberger spent part of the summer finding out. blog.cloudflare.com/pq-anonymous...

Web servers need better tools to manage agentic traffic. Fortunately, we can build these tools in a way that protects the privacy of the human in the loop. blog.cloudflare.com/private-rate...

The road ahead is long, but we have a plan to get PQ signatures into TLS. Let me know what you think, or come yell at us at the PLANTS BoF at IETF next week!

Looking to improve auditability of Web applications blog.cloudflare.com/improving-th...

Classic Star Trek moments that should definitely be made into Magic the Gathering cards 🧵

The bad guy's plan falls apart because it relies on tricking the crew to fire on a helpless ship. Picard may not have memories, but he still has morals. "I do not fire on defenseless people" should be the absolute floor for ethics in military leadership, but the 1990's were a different time

I assume this happened to all of you.

"Lack of scalability is enough for Cloudflare to disqualify QKD outright: if a technology can’t bring security to the whole Internet, we’re not going to spend much time on it." blog.cloudflare.com/you-dont-nee...

Last days of summer scenes, Kenai River Alaska.

Even the strongest among us feel weak at times. Even the smartest of us feel stupid at times. Even the most confident feel doubt. There is no shame in feeling that you are not always at your best. A true warrior feels these things, but strives for better. That way lies glory.

Hey, fuck you Ticketmaster.

When's the next protest, gang?

ENGINEERING FRIENDS: This could turn out to be one of the most important jobs for the fate of Democracy. If you're a talented Engineering Manager and personally driven by mission for the betterment of America and the world, we need SecureDrop to remain a world-class product. Good peeps at FPF.

We're falling behind

If you aren’t familiar, Terence Tao is a Fields Medalist and arguably the most prominent and accomplished mathematician of his generation. No one is safe, basically. The current administration will use any excuse to burn it all to the ground.

My favorite slide from PETS so far

We updated our paper on Fiat-Shamir! We now take a closer look at the gap between what symmetric cryptography has focused on for over 10 years (indifferentiability) and what is actually needed for the soundness of ZKPs and SNARKs (something stronger!). eprint.iacr.org/2025/536

This evening there's an important webinar about the attempts to codify cuts to everything from global health to NPR: us02web.zoom.us/webinar/regi...

Relaxing Tea Better Fucking Work theonion.com/relaxin...

Nice

Slides of my talk titled "Lattices give us KEMs and FHE, but where are the efficient lattice PETs? -- By Example of (Verifiable) Oblivious PRFs" given at spiqe-workshop.github.io are here: github.com/malb/talks/b... Thanks @kennyog.bsky.social and @jurajsomorovsky.bsky.social for inviting me.

Good luck today, Googlers

😭

Super pleased to see that Zama has just announced the first recipients of the Zama Cryptanalysis Grants. www.zama.ai/post/announc... The projects supported cover security of FHE, MPC, TEEs and ZK. The teams getting the grants represent some of the leading experts in their respective fields.

Formal Security and Functional Verification of Cryptographic Protocol Implementations in Rust (Karthikeyan Bhargavan, Lasse Letager Hansen, Franziskus Kiefer, Jonas Schneider-Bensch, Bas Spitters) ia.cr/2025/980

CRITICAL vulnerability in AI software engineering layer (MCP server of Github). Expect many, many more of such issues. This is a first real-world demonstration of how agents can be hijacked, leaking secret or private data. invariantlabs.ai/blog/mcp-git...

Attacking Poseidon via Graeffe-Based Root-Finding over NTT-Friendly Fields (Antonio Sanso, Giuseppe Vitto) ia.cr/2025/937

I'm happy to finally open-source lattirust, a library for lattice-based zero-knowledge/succinct arguments! Lattirust is somewhat like arkworks, but for lattices; and like lattigo, but for arguments. ➔ github.com/lattirust

I don't do plugs often, but if your company relies on work like this being done professionally, Geomys (geomys.org) is how it happens. You should help us get a contract. You don't need to have spending authority! Just DM me, do an intro, and we'll drive the process. We're pretty good at it.

🏆🏆🏆

#ResistanceRoots Dorothy Sunrise Lorentino was born on this day in 1909 on the Comanche Reservation, near Cache, Okla. When she was just nine years old, she and her family won a landmark court case mandating that Native American children be allowed to attend Oklahoma public schools. /1

All the brilliant people I know agree computer science is one of the most political things we have in society. To believe otherwise is maliciously ignorant at this point

Chris Krebs is speaking at the end of a panel at RSA right now and going off on Trump admin cuts to CISA, getting applause: "Right now to see what's happening to the cybersecurity community inside the federal government, we should be outraged. Absolutely outraged....Make CISA great again."

2025: TechCompany replacea contract workers with AI 2077: AI replaces TechCompany with contract workers

Exactly the same as the first time. People with prior orders of removal, that were allowed to stay for humanitarian or diplomatic reasons, and have been checking in with ICE for years, are the low hanging fruit and so get grabbed at check-ins and detained and deported.

Warning: I'm reading FHE papers

Listen to Sarah McBride on Pod Save America this week.

A just heard that a colleague who researches anti-censorship tools (the kind that let you use the Internet in hostile regimes where the Internet is filtered) just got his NSF CAREER grant pulled. Presumably because the political commissars grepped “censorship”.

🚨Report your NSF grant terminations! 🚨 We are starting to collect information on NSF grant terminations to create a shared resource as we have for NIH. The more information we collect, the more we can organize, advocate, and fight back! Please share widely! airtable.com/appGKlSVeXni...

Anyone in SF know when and where protests are happening tomorrow?

Didn't know that Zama wrote a book about their TFHE-rs library that also goes into great detail on how TFHE / CGGI itself works: github.com/zama-ai/tfhe... Another great companion to this is their "TFHE Deep Dive" blog post series: www.zama.ai/post/tfhe-de...

1. LLM-generated code tries to run code from online software packages. Which is normal but 2. The packages don’t exist. Which would normally cause an error but 3. Nefarious people have made malware under the package names that LLMs make up most often. So 4. Now the LLM code points to malware.

I’m not kidding; this is DOGE at work; multiple US citizens getting notices that they just leave the country because USCIS is revoking their humanitarian parole. www.politico.com/news/2025/04...