I think it’s pretty clear at this point that one of the main impacts of LLMs is to disrupt thinking: to make it so that far too many people never properly learn how to do it, and then to control the output so there are thoughts that people never learn how to think.

We got our security analysis of Letter Sealing v2 (latest E2EE protocol in the LINE messenger) accepted to Black Hat Europe. Full paper coming soon! darkreading.com/application-security/line-messaging-bugs-asian-cyber-espionage

My thoughts on the IACR election issue (since many have asked privately): - This was an honest accident, and Moti Yung deserves being cut some slack. Yes, it’s a silly mistake, but mistakes happen. - The IACR board reacted excellently and scheduled timely follow up elections. Continued in thread

Against ‘chat control’: we can’t eliminate child abuse by eliminating privacy

The “age verification” and the “human identification” problem are the same problem. It upsets me to be around people who think they’re working on the first, but don’t understand they’re actually working on the second.

"Governments across the world are expanding surveillance, weakening encryption, and curtailing freedoms under the guise of staunching the proliferation of sexual images and videos of children" https://www.theguardian.com/commentisfree/2025/oct/13/chat-control-child-abuse-internet-privacy #Privacy

This is amazing research by Nadia Heninger and her co-authors Wenyi Morty Zhang, Annie Dai, Keegan Ryan, Dave Levin and Aaron Schulman. TL;DR a huge number of satellite links over our heads are totally unencrypted. satcom.sysnet.ucsd.edu

The 400 richest Americans are now worth a record $6.6 trillion. The entire bottom 50% of America is worth just $4.2 trillion. Read that back. When 400 people control more wealth than half a country’s population, we have a very serious problem.

Germany has agreed to stop ChatControl for now, due to huge amounts of public pressure. Good job! The bad news is that it could come back as soon as December, and the German government has interpreted the feedback as a need to “moderate” the proposal.

I hear that the EU ChatControl situation is going better today. I cannot believe how close the EU has gotten to passing this crazy regulation.

Today is a day when arts degrees are worthless, but the product of those degrees is so valuable it would kill an entire industry if they were made to pay for it.

Someone please make me understand how Denmark can be at the same time freaking out about hybrid war with Russia AND pushing for government-mandated spyware as Chat Control.

We are alarmed by reports that Germany is on the verge of a catastrophic about-face, reversing its longstanding and principled opposition to the EU’s Chat Control proposal which, if passed, could spell the end of the right to privacy in Europe. signal.org/blog/pdfs/ge...

Sounds just like the Justice Minister of Denmark, who is pushing Chat Control with a crime-free society narrative. bsky.app/profile/robe...

<<“brain gain” is exactly what we have experienced. As Danish companies have succeeded globally, they have sought out the best and brightest in their respective fields from across the world. The number of foreign workers in Copenhagen has more than doubled in the last decade.>> @madshvid.bsky.social

"Bad news: The proposal is going forward to be voted on on October 14th, and there's still no blocking minority achieved, as Germany reverted its position to undecided. Good news: There is still time to fight back!" Shut this monstrosity down NOW

Earlier this week, CDT joined civil society orgs, companies, & cybersecurity experts, including members of the @globalencryption.org, to urge the Canadian government to withdraw Bill C-2, the so-called Strong Borders Act.

The impact of Alfred Menezes in cryptography is profound. Francisco RH and I are organizing an afternoon session in Latincrypt to celebrate Alfred's career: menezesfest.info If you're coming to Medellín, consider attending!

If ChatControl needs national security exemptions to *not* weaken the security of the state, what makes one believe that it will *not* weaken the security of everyone else? bsky.app/profile/matt...

I know it’s been said again and again, but what does it say about ChatControl that its backers keep explicitly *exempting* law enforcement and national security accounts from content scanning?

Burn it with fire

Brazil bluesky today:

I'm sympathetic, but I do think it is charming how teh lawyerz believe that you can legislate your way out of a threat model. "No one would ever do that, it's illegal."

The EU Parliament has published a new proposal for Chat Control to mass-surveil all digital communication in Europe. The proposal is ineffective, weakens secure communication, and violates basic human privacy. This must be stopped immediately. #ChatControl csa-scientist-open-letter.org/Sep2025

The EU wants to spend your money to assemble a giant mass surveillance machine with little effect on harm against children. Chat Control is not effective, weakens security for all and does not respect privacy. Contact your EU representatives and let them know. csa-scientist-open-letter.org/Sep2025

More than 500 researchers have signed an open letter against the dangerous EU proposal on chat control. The proposal remains ineffective, undoes decades of results in E2E encryption, and threatens the privacy of half a billion citizens. csa-scientist-open-letter.org/Sep2025

It was too late when I figured out this was not about cryptography. bsky.app/profile/arju...

I'm here for @dangoodin.bsky.social debunking some wild claims about apparent passkey insecurity made from the Defcon stage, the TL;DR of which is that if your endpoint is compromised, all bets are off arstechnica.com/security/202...

Computer security research is about discovering what someone else out there does not want discovered; everything else is compliance.

The attempts to defend Chat Control (chatcontrol.dk) as "not mass surveillance" are really puzzling to read, because I don't think I've ever come across a better textbook example of mass surveillance, dressed as think-of-the-children legislation.

Proud moment at #CRYPTO 2025! “KLPT²: Algebraic Pathfinding in Dimension Two and Applications” received the Best Paper Award. 🏆 Co-authored by COSIC’s Wouter Castryck & Thomas Decru (presenter). Read it here: eprint.iacr.org/2025/372

In case you're wondering why we use voting machines in the US: podcast.voting.works/2407158/epis...

It's not though because they don't care about crime, they care about perception

We've been using Ed25519 in browsers for over 10 years now (every identity and writer is an Ed25519 pair in Peergos), so we really appreciate this and how much work it has been. The size of nacl.js is 30KB so not a significant benefit, but the web-crypto version is 10x faster!

We are pleased to announce the final* schedule of talks for the 2025 Symposium on Election Security at the DEF CON Voting Village, August 8-10, in quiet, sleepy Las Vegas. Hope to see you there! www.mattblaze.org/papers/VV202... * -subject to change

Something that I have been thinking about with attribution of "PhD level intelligence" or "PhD level expertise" to a machine is that it reflects an increasing trend among these AI bros and their sycophants to want the products of highly skilled training without actually doing any of the work.

pew pew pew

I just learned that Claus Schnorr passed away last June, aged 81 — a significant loss for the cryptographic community: mittelhessen-gedenkt.de/traueranzeig...

More than 8,100 people have been expelled to a "third country" since January 20.

Terminei o livro anteontem e gostei MUITO. Assim que puder, vou fazer um fio só sobre ele, mas, para quem lê em inglês, recomendo bastante. É um exposed do grande embuste que Altman e sua empresa são e, com isso, de todo esse projeto trambiqueiro de "gen AI". Seria muito bom que traduzissem para PT.

Nimona is amazing. So many layers about privilege, propaganda, human rights; and a beautiful message about acceptance and second chances. Go watch it!

New blog post: I am a Rust compiler engineer looking for a new job nnethercote.github.io/2025/07/18/l...

FAEST for Memory-Constrained Devices with Side-Channel Protections (Diego F. Aranha, Johan Degn, Jonathan Eilath, Kent Nielsen, Peter Scholl) ia.cr/2025/1261

This bad idea will never die. The struggle for essential privacy rights is constant. We have to keep educating and explaining.

Poincaré reborn! bsky.app/profile/anni...

I wonder how I can communicate to @tobyfox.undertale.com how much his work on game design and music composition has motivated appliedcryptography.page, and how I could even make that make sense to him

ABE Cubed: Advanced Benchmarking Extensions for ABE Squared (Sven Argo, Marloes Venema, Doreen Riepel, Tim Güneysu, Diego F. Aranha) ia.cr/2025/1230

The EU wants to decrypt your private data by 2030 | TechRadar https://alecmuffett.com/article/113650 #EndToEndEncryption #EuropeanUnion #KeyEscrow #fbi #surveillance