Speaker Nikolas Melissaris talks about What Is Cryptography Hiding from Itself? by Diego F. Aranha and Nikolas Melissaris.

The room gets philosophical. Cryptography & Society chaired by Nick Sullivan ( @nicksullivan.org ): what is crypto hiding from itself? Security vs. interoperability? CRA policy? Proofs that aren't enough? And Nadim Kobeissi on teaching crypto in post-crisis Lebanon. #realworldcrypto

Come be part of Cedarcrypt, our historic new initiative to grow cryptography research, development and representation in the Levant region! We're seeking speakers and workshop leaders: our call for submissions is open! Learn more: cedarcrypt.org Please spread the word!

So much ICE out there today in South Minneapolis. They’re prowling around harassing schools. Stay frosty, friends

I wrote a short blog post on the WhatsApp lawsuit, or whatever it is. blog.cryptographyengineering.com/2026/02/02/w...

It has gotten so bad that the @nytimes.com has stopped using the passive voice to describe the violence.

Software error in continuous glucose monitors caused 736 serious injuries, and seven deaths. abbott.mediaroom.com/press-releas...

Bad news for other minorities, for the media, for civil society, the rule of law and democracy, too

Come work with Peter Scholl @schollster.bsky.social and me in Aarhus!

If you believe that smart people cannot do utterly dumb things, just look at the Eurocrypt'26 rebuttal process.

Achievement unlocked.

Know your rights. Protect your neighbors. New York is — and always will be — a city for all immigrants.

CRITICAL security vulnerability in a really popular web framework React server. Maximum severity (CVSS: 10.0). Unauthenticated remote code execution. May be WORMABLE. Patch immediately. This could get very nasty. Patch this, and all that depends on it (like Next.js) react.dev/blog/2025/12...

I think it’s pretty clear at this point that one of the main impacts of LLMs is to disrupt thinking: to make it so that far too many people never properly learn how to do it, and then to control the output so there are thoughts that people never learn how to think.

My thoughts on the IACR election issue (since many have asked privately): - This was an honest accident, and Moti Yung deserves being cut some slack. Yes, it’s a silly mistake, but mistakes happen. - The IACR board reacted excellently and scheduled timely follow up elections. Continued in thread

Against ‘chat control’: we can’t eliminate child abuse by eliminating privacy

The “age verification” and the “human identification” problem are the same problem. It upsets me to be around people who think they’re working on the first, but don’t understand they’re actually working on the second.

"Governments across the world are expanding surveillance, weakening encryption, and curtailing freedoms under the guise of staunching the proliferation of sexual images and videos of children" https://www.theguardian.com/commentisfree/2025/oct/13/chat-control-child-abuse-internet-privacy #Privacy

This is amazing research by Nadia Heninger and her co-authors Wenyi Morty Zhang, Annie Dai, Keegan Ryan, Dave Levin and Aaron Schulman. TL;DR a huge number of satellite links over our heads are totally unencrypted. satcom.sysnet.ucsd.edu

The 400 richest Americans are now worth a record $6.6 trillion. The entire bottom 50% of America is worth just $4.2 trillion. Read that back. When 400 people control more wealth than half a country’s population, we have a very serious problem.

Germany has agreed to stop ChatControl for now, due to huge amounts of public pressure. Good job! The bad news is that it could come back as soon as December, and the German government has interpreted the feedback as a need to “moderate” the proposal.

I hear that the EU ChatControl situation is going better today. I cannot believe how close the EU has gotten to passing this crazy regulation.

Today is a day when arts degrees are worthless, but the product of those degrees is so valuable it would kill an entire industry if they were made to pay for it.

Someone please make me understand how Denmark can be at the same time freaking out about hybrid war with Russia AND pushing for government-mandated spyware as Chat Control.

We are alarmed by reports that Germany is on the verge of a catastrophic about-face, reversing its longstanding and principled opposition to the EU’s Chat Control proposal which, if passed, could spell the end of the right to privacy in Europe. signal.org/blog/pdfs/ge...

Sounds just like the Justice Minister of Denmark, who is pushing Chat Control with a crime-free society narrative. bsky.app/profile/robe...

<<“brain gain” is exactly what we have experienced. As Danish companies have succeeded globally, they have sought out the best and brightest in their respective fields from across the world. The number of foreign workers in Copenhagen has more than doubled in the last decade.>> @madshvid.bsky.social

"Bad news: The proposal is going forward to be voted on on October 14th, and there's still no blocking minority achieved, as Germany reverted its position to undecided. Good news: There is still time to fight back!" Shut this monstrosity down NOW

Earlier this week, CDT joined civil society orgs, companies, & cybersecurity experts, including members of the @globalencryption.org, to urge the Canadian government to withdraw Bill C-2, the so-called Strong Borders Act.

The impact of Alfred Menezes in cryptography is profound. Francisco RH and I are organizing an afternoon session in Latincrypt to celebrate Alfred's career: menezesfest.info If you're coming to Medellín, consider attending!

If ChatControl needs national security exemptions to *not* weaken the security of the state, what makes one believe that it will *not* weaken the security of everyone else? bsky.app/profile/matt...

I know it’s been said again and again, but what does it say about ChatControl that its backers keep explicitly *exempting* law enforcement and national security accounts from content scanning?

Burn it with fire

Brazil bluesky today:

I'm sympathetic, but I do think it is charming how teh lawyerz believe that you can legislate your way out of a threat model. "No one would ever do that, it's illegal."

The EU Parliament has published a new proposal for Chat Control to mass-surveil all digital communication in Europe. The proposal is ineffective, weakens secure communication, and violates basic human privacy. This must be stopped immediately. #ChatControl csa-scientist-open-letter.org/Sep2025

The EU wants to spend your money to assemble a giant mass surveillance machine with little effect on harm against children. Chat Control is not effective, weakens security for all and does not respect privacy. Contact your EU representatives and let them know. csa-scientist-open-letter.org/Sep2025

More than 500 researchers have signed an open letter against the dangerous EU proposal on chat control. The proposal remains ineffective, undoes decades of results in E2E encryption, and threatens the privacy of half a billion citizens. csa-scientist-open-letter.org/Sep2025

It was too late when I figured out this was not about cryptography. bsky.app/profile/arju...

I'm here for @dangoodin.bsky.social debunking some wild claims about apparent passkey insecurity made from the Defcon stage, the TL;DR of which is that if your endpoint is compromised, all bets are off arstechnica.com/security/202...

Computer security research is about discovering what someone else out there does not want discovered; everything else is compliance.

The attempts to defend Chat Control (chatcontrol.dk) as "not mass surveillance" are really puzzling to read, because I don't think I've ever come across a better textbook example of mass surveillance, dressed as think-of-the-children legislation.

Proud moment at #CRYPTO 2025! “KLPT²: Algebraic Pathfinding in Dimension Two and Applications” received the Best Paper Award. 🏆 Co-authored by COSIC’s Wouter Castryck & Thomas Decru (presenter). Read it here: eprint.iacr.org/2025/372

In case you're wondering why we use voting machines in the US: podcast.voting.works/2407158/epis...

It's not though because they don't care about crime, they care about perception

We've been using Ed25519 in browsers for over 10 years now (every identity and writer is an Ed25519 pair in Peergos), so we really appreciate this and how much work it has been. The size of nacl.js is 30KB so not a significant benefit, but the web-crypto version is 10x faster!

We are pleased to announce the final* schedule of talks for the 2025 Symposium on Election Security at the DEF CON Voting Village, August 8-10, in quiet, sleepy Las Vegas. Hope to see you there! www.mattblaze.org/papers/VV202... * -subject to change

Something that I have been thinking about with attribution of "PhD level intelligence" or "PhD level expertise" to a machine is that it reflects an increasing trend among these AI bros and their sycophants to want the products of highly skilled training without actually doing any of the work.

pew pew pew