Cryptography and Cybersecurity

See also Reverse Engineering

• CVE
  • CVE Common Vulnerabilities and Exposures

Steganography

• Steghide (found thanks to Gnar Coding’s video)
• Neural Linguistic Steganography
• StegaStamp Invisible Hyperlinks in Physical Photographs
• YangzlTHU/RNN-Stega from RNN-Stega: Linguistic Steganography Based on Recurrent Neural Networks

Research

• Fermat Factorization in the Wild 🔥
• A Vulnerability in Implementations of SHA-3, SHAKE, EdDSA, and Other NIST-Approved Algorithms
• The first collision for full SHA-1
• Watermarks in the Sand Impossibility of Strong Watermarking for Generative Models
• NIST National Vulnerability Database (NVD)

Resources 📚

• ✨ Computer and Network Security by Avinash Kak
• ✨ Practical Cryptography for Developers
• cryptography (pyca/cryptography) - cryptography includes both high level recipes and low level interfaces to common cryptographic algorithms such as symmetric ciphers, message digests, and key derivation functions
• Crypto 101, by Laurens Van Houtven
• The Cryptopals Crypto Challenges
• Handbook of Applied Cryptography by Alfred J. Menezes, Paul C. van Oorschot and Scott A. Vanstone
  • Table of Contents pdf
  • Chapter 1 - Overview of Cryptography pdf
  • Chapter 2 - Mathematics Background pdf
  • Chapter 3 - Number-Theoretic Reference Problems pdf
  • Chapter 4 - Public-Key Parameters pdf
  • Chapter 5 - Pseudorandom Bits and Sequences pdf
  • Chapter 6 - Stream Ciphers pdf
  • Chapter 7 - Block Ciphers pdf
  • Chapter 8 - Public-Key Encryption pdf
  • Chapter 9 - Hash Functions and Data Integrity pdf
  • Chapter 10 - Identification and Entity Authentication pdf
  • Chapter 11 - Digital Signatures pdf
  • Chapter 12 - Key Establishment Protocols pdf
  • Chapter 13 - Key Management Techniques pdf
  • Chapter 14 - Efficient Implementation pdf
  • Chapter 15 - Patents and Standards pdf
  • Appendix - Bibliography of Papers from Selected Cryptographic Forums pdf
  • References pdf
  • Index pdf
• Cryptography 101: online courses on cryptography and related areas by Alfred Menezes
  • The Mathematics of Lattice-Based Cryptography (SIS, LWE, lattices)
  • Kyber and Dilithium (standardized lattice-based cryptosystems
  • Crypto 101: Building Blocks (fundamental cryptographic primitives
  • Crypto 101: Real-World Deployments (beginning in February 2025)
  • Error-Correcting Codes (linear, Hamming, Golay, cyclic, BCH, Reed-Solomon codes)
• Cryptography 101 Playlists - Lectures by Alfred Menezes on applied cryptography and related areas
• The CTF Primer by Samuel Sabogal Pardo, Jeffery John, Luke Jones
• crackmes.one - a simple place where you can download crackmes to improve your reverse engineering skills
• OpenSSL - The OpenSSL software library is a robust, commercial-grade, full-featured toolkit for general-purpose cryptography and secure communication. It is developed under the OpenSSL Mission with support from the OpenSSL Foundation and OpenSSL Corporation.
• OpenSSL Cookbook: A short book that covers the most frequently used features and commands (Feisty Duck)
• Short-form Video lectures:
  • Assorted lectures available from channels Jake Danniel and Osiris Salazar (original author not clear)
  • Some lectures by Muhammed Mustaqim are helpful
• Cryptography & Network Security by Neso Academy (Course)
• Lectures series by Cihangir Tezcan
  • Blockchain & Cryptocurrency Technologies from Cihangir Tezcan
  • CSEC 507: Applied Cryptology
  • Network Security
• The GNU Privacy Guard

Articles

• New Report Exposes Security Issues With WhatsApp Apps
• macOS How to run your Applications in a Mac OS X sandbox to enhance security
• Digital hygiene by Andrej Karpathy
• Turning Google smart speakers into wiretaps for $100k
• How To Crack WEP and WPA Wireless Networks 2008-11-21 (updated: 2013-02-25) by Philip
• backdoor in US medical device calls out to chinese university
• Welcome to Minicrypt
• Satoshi Nakamoto - Wikipedia
• Yevgeniy Nikulin - Wikipedia - hacked LinkedIn in 2012 as covered on Ep. 86 of Darknet Diaries
• what happens when your CPU has a bug? (GhostWrite) - YouTube
• Crowdstrike failure in July 2024 write up Tavis Ormandy (vulnerability researcher at Google)
• Extracting Clear-Text Credentials Directly From Chromium’s Memory
  • memory chunk, the password is stored inside a memory section of type Private: Commit. One could think that data stored in such memory pages is not accessible to any other process. Surprisingly, such pages cannot be part of a “shared memory,” but other processes have no problem reading the data in them (via ReadProcessMemory API).
  • Chromium.org stated they will not fix issues related to physical local attacks since “there is no way for Chrome (or any application) to defend against a malicious user who has managed to log into your device as you” (here). While this statement is probably true in general (especially if you assume the attacker can get administrator privileges), I believe it should not be so easy to steal sensitive credentials as it is today.
  • Chromium Docs - Chrome Security FAQ - see Threat Model therein
• Discovery of Public Key Cryptography with Whitfield Diffie (2015 Turing Award)
• Making Enemies with the NSA - with Martin Hellman (2015 Turing Award)

Concepts

• Semantic security - Wikipedia is the practical notion of secrecy assuming a computationally bounded adversary
  • due to Goldwasser and Micali 1982: Probabilistic encryption & how to play mental poker keeping secret all partial information
• Perfect Secrecy also known as Unconditional security or Information-theoretic security - Wikipedia is and requires a One-time pad - Wikipedia
  • Simply put, what does “perfect secrecy” mean?
  • this is relaxed to computational security by the Computational hardness assumption - Wikipedia
• Forward secrecy - Wikipedia
• Kerckhoffs’s principle - Wikipedia: “No security through obscurity”
• Public-key cryptography - Wikipedia
• Diffie–Hellman key exchange - Wikipedia
• RSA (cryptosystem) - Wikipedia (Rivest–Shamir–Adleman)
• Digital Signature Algorithm - Wikipedia
• Federal Information Processing Standards - Wikipedia
• What are the differences between a digital signature, a MAC and a hash? - this post has a fantastic answer containing a table that outlines the differences between digital signatures, message authenticating codes (MACs) and hashing which I’ve kept a note of in: What are the differences between a digital signature, a MAC and a hash?
• Joan Daemen - Wikipedia
• Martin Hellman - Wikipedia
• Whitfield Diffie - Wikipedia
• James H. Ellis - Wikipedia
• Clifford Cocks - Wikipedia
• Remote Code Execution:
  • What is remote code execution? from Cloudflare
  • What is Remote Code Execution (RCE)? CrowdStrike - lists some nice examples under Types of Damage an RCE Attack Causes
• Secure Shell - Wikipedia
  • OpenSSH - Wikipedia
• OASIS (organization) - Wikipedia
• Smart card - Wikipedia
• Hardware security module - Wikipedia

Mathematical prerequisites

• Group (mathematics) - Wikipedia
• Abelian group - Wikipedia
• Field (mathematics) - Wikipedia
• Finite field - Wikipedia - Galois field (“like a prime field, but with polynomials”)
• Ring (mathematics) - Wikipedia
• Bijection, injection and surjection - Wikipedia
• One-way function - Wikipedia
• Trapdoor function - Wikipedia
• Elliptic curve - Wikipedia
• Chinese remainder theorem - Wikipedia
• Discrete logarithm - Wikipedia
• Modular exponentiation - Wikipedia - Modular exponentiation is efficient to compute, even for very large integers. On the other hand, computing the modular discrete logarithm – that is, finding the exponent e when given b, c, and m – is believed to be difficult. This one-way function behavior makes modular exponentiation a candidate for use in cryptographic algorithms.
• Euclidean algorithm - Wikipedia
  • Bézout’s identity - Wikipedia - Let a and b be integers with greatest common divisor d. Then there exist integers x and y such that ax + by = d. Moreover, the integers of the form az + bt are exactly the multiples of d.
  • Lamé’s theorem - Wikipedia showed that the version of the Euclidean algorithm using remainders finishes in at most 5d steps for integers a and b where d is the number of digits in the (decimal) representation of b
  • Euclidean algorithm - Rutgers Math - Supplementary material for thelecture of Monday, July 12
  • Euclid’s Algorithm - Cleveland State University by Sudeshna Chakraborty, Mark Heller, Alex Phipps. Faculty Advisor: Dr. Ivan Soprunov, Department of Mathematics - includes proof and algorithmic complexity analysis
• Extended Euclidean algorithm - Wikipedia
• Coprime integers - Wikipedia - two integers are coprime, relatively prime or mutually prime if the only positive integer that is a divisor of both of them is 1. Consequently, any prime number that divides a does not divide b, and vice versa. This is equivalent to their greatest common divisor (GCD) being 1.
• Euler’s theorem - Wikipedia - states that, if n and a are coprime positive integers, then $a^{\phi (n)}$ is congruent to $1\mathrm{modulo}n$, where $\phi$ denotes Euler’s totient function
• Euler’s totient function - Wikipedia - In number theory, Euler’s totient function counts the positive integers up to a given integer n that are relatively prime to n. It is written using the Greek letter phi as φ(n) $\phi (n)$ or ϕ(n) $\varphi (n)$, and may also be called Euler’s phi function. In other words, it is the number of integers k in the range 1 ≤ k ≤ n for which the greatest common divisor gcd(n, k) is equal to 1
• Sieve of Eratosthenes - Wikipedia
• Primality test - Wikipedia
• AKS primality test - Wikipedia
  • When is the AKS primality test actually faster than other tests?
• Fermat’s factorization method - Wikipedia

See also the general section on Math for more.

Symmetric Cryptography

• ✨ Lecture 8: AES: The Advanced Encryption Standard from Lecture Notes on “Computer and Network Security” by Avi Kak (February 6, 2025)
• FIPS 197 Federal Information Processing Standards Publication Advanced Encryption Standard (AES)
• Advanced Encryption Standard - Wikipedia (AES)
  • AES Explained (Advanced Encryption Standard) - Computerphile
  • EXTRA BITS: AES Explained- Computerphile
  • was based on/extended from Square (cipher) - Wikipedia
• Almost All Web Encryption Works Like This (SP Networks) - Computerphile - Substitution-Permutation (SP) networks
• Feistel cipher - Wikipedia
  • Feistel Cipher - Computerphile
  • EXTRA BITS: Feistel Modes of Operation Code - Computerphile
• Block cipher mode of operation - Wikipedia - block cipher modes of operation
  • How to choose an AES encryption mode (CBC ECB CTR OCB CFB)? [closed]
  • Modes of Operation - Computerphile
  • ECB: Electronic Code Book - bad (insecure; see ECB tux / penguin)
  • CBC: Cipher Block Chaining - secure but not parallelisable; adversary can affect subsequent blocks by flipping bits in earlier ones; vulnerable to padding attacks
  • Counter Mode: convert block cipher into stream cipher; nonce (unique to each communication; not private); XOR the cipher stream (for each block) with the message; like key stream cipher but operating block-wise; (by the way: no authentication); don’t need decryption $\to$ just use encryption to obtain “key stream” and XOR this with the ciphertext like for encryption; size of nonce puts hard limit on number of messages possible to send before need to change key
  • GCM: Galois Counter Mode - authenticate the ciphertext (related to the plaintext), the nonce and the length of the message,
    • AES GCM (Advanced Encryption Standard in Galois Counter Mode) - Computerphile
    • EXTRA BITS - AES GCM Maths Bit - Computerphile
    • Understanding AES Encryption Modes AES-GCM, AES-CBC, AES-CTR - has a decent comparison table of AES-GCM vs AES-CBC vs AES-CTR
• Welcome to Minicrypt

Advanced Encryption Standard (AES)

• Block cipher
  • block length 128 bits
  • arranged in grid of 4 x 4 bytes
  • column-major order
• 10, 12, 14 rounds according to key bit length - resp. 128, 192 and 256-bit keys
• key schedule allows derivation of round keys from the user-specified encryption key
  • 128-bit key arranged as 4x4 byte array - column “words” are expanded into “schedule” of 44 words (i.e. 11x expansion)
  • each round consumes 4 “words” from key schedule - i.e. 1 of the 11x expanded keys
• notion of “word” as 4 bytes - i.e. columns and rows are words
• subsitution-permutation network (c.f. DES which is based on the Feistel Network - Feistel cipher - Wikipedia)
• byte-oriented cipher (c.f. DES - bit-oriented) $\to$ enables fast + convenient implementation
• Based on “wide trail strategy” - as described in Security of a Wide Trail Design by Joan Daemen and Vincent Rijmen
  • combines (1) local non-linear step - confusion with (2) linear (global) mixing transformation - diffusion
  • phrase “wide trail” refers to dispersal of the probabilities that one can associate with the bits at certain specific positions in a bit block as it propagates through the rounds
• AES Algorithm (high-level)
  • first expanded key words XOR’d with the input state array before moving onto the 10 rounds of processing for the 128-bit key
    • decryption: input ciphertext state array XOR’d with last four words of key schedule
  • 10x rounds (for 128-bit key) of (encryption):
    1. substitute bytes
    2. shift rows
    3. mix columns
       • based on multiplicative inverses in $\mathrm{GF}(2^8)$ - Galois field where each bit is interpreted as (binary) coefficient in degree-$8$ polynomial
    4. “Add” round key (XOR)
  • Decryption:
    • Inverse shift rows
    • Inverse substitute bytes
    • XOR with (“Add”) round key
    • Inverse mix columns
  • Note: No (invert) mix columns step in final round (resp. decryption)

Data Encryption Standard (DES)

• bit-oriented
• DES is based on the Feistel structure in which, for each round, one-half of the block passes through unchanged and the other half goes through a transformation that depends on the S-boxes and the round key. Key alternating ciphers lend themselves well to theoretical analysis of the security of the ciphers. — Lecture 8: AES: The Advanced Encryption Standard by Avi Kak p. 7

Modes of Operation for Block Ciphers

1. Electronic Code Book (ECB)
2. Cipher Block Chaining Mode (CBC)
3. Cipher Feedback Mode (CFB)
4. Output Feedback Mode (OFB)
5. Counter Mode (CTR)
6. Galois/Counter Mode (GCM)

Hash Algorithms & Cryptographic Hash Functions

• MurmurHash - Wikipedia used by
• SHA-1 - Wikipedia
  • message digest (output or “signature”) length: 160-bit
  • block size: 512-bit blocks
  • initialized based on constants (see standard)
  • works on 5 32-bit words
  • 80 rounds
  • Merkle-Damgard (iterate on input until expended)
  • Collision resistance: $2^{6}3$
  • Marc Stevens showed collisions for SHA-1 when attacker can choose IV in 2015 and with large GPU compute (from Google) with SHA-1 IV in 2017 in: The first collision for full SHA-1
• RIPEMD - Wikipedia - Developed by Dobbertin, Bossaelaers, Preneel in 1996 (developed in the open academic community, in contrast to the NSA-designed SHA-1 and SHA-2 hash algorithms)
  • Block size: 512 bits
  • Message digest length (n): 128, 160, 256, 320 bits
  • Number of rounds: 80
  • Туре: Merkle-Damgard
  • Collision resistance: $2^{8}0$ (due to birthday paradox)
  • (RIPEMD-160 is the only remaining 160 bit digest size hash function that has not been broken yet)
  • Bitcoin script allows RIPEMD-160 with the opcode OP_RIPEMD160
  • Bitcoin uses RIPEMD-160 (after using SHA-256) for address generation with the opcode OP-HASH160
• SHA-2 - Wikipedia - uses 256 or 512 bit internal state; uses Merkle–Damgård construction with Davies–Meyer compression function
  • Merkle–Damgård construction - Wikipedia
  • One-way compression function - Wikipedia
• SHA-3 - Wikipedia - Keccak, winner of SHA-3 competition, is designed by Guido Bertoni, Joan Daemen, Michaël Peeters and Gilles Van Assche
  • Block size: 1152, 1088, 832, 576 bits
  • Message digest length (n): 224, 256, 384 or 512 bits
  • Number of rounds: 64 or 80
  • Type: Sponge construction
  • Resources:
    • SHA: Secure Hashing Algorithm - Computerphile
    • EXTRA BITS - SHA1 Problems - Computerphile
    • SHA3 in Cryptocurrency Mining from Cihangir Tezcan
• Desiderata of secure hash functions
  1. Preimage resistance: Given $y=h(x)$ it is computationally infeasible to find $x$ s.t. $h(x)=y$
     • is this equivalent to one-wayness?
     • Brute force attack requires $2^n$ operations
     • Practical Use Case: Password storage: Practically store $has{h}^N(password||salt)$ i.e. concat password and random salt and perform hash several times (to slow attacker brute force attack)
  2. Second Preimage resistance: Given both $y=h(x)$ and $x$ it is computationally infeasible to find $x^{\prime }$ s.t. $h(x^{\prime })=y$
     • Brute force attack requires $2^n$ operations
  3. Collision resistance: Given $h(.)$ the hash function, it should be computationally infeasible to find $(x_1,x_2)$ s.t. $h(x_1)=h(x_2)$
     • Brute force attack requires $2^{n/2}$ operations due to birthday paradox
     • Practical Use Case: Hacker produces software executables $s_1$ and $s_2$ and sends $s_1$ to Microsoft who approve and store $h(s_1)$ on Windows OS to allow $s_1$ to run, but hacker distributes $s_2$ with exploit which is cleared for execution by kernel since $h(s_1)=h(s_2)$
       • Flame malware used such a bug in MD5: Flame malware collision attack explained MSRC Blog Microsoft Security Response Center
     • Why SHA-256 is called 128-bit security because 256/2 = 128 due to the birthday paradox
  • Hashing in Blockchains and Cryptocurrencies by Cihangir Tezcan
• Birthday Paradox: How many people should be in a room before it is more likely than not that two people share a birthday? (i.e. $P(\text{share birthday})>1/2$
  • Birthday problem - Wikipedia
• Merkle–Damgård construction - Wikipedia
  • SHA-1, SHA-2
• Sponge Construction: Sponge function - Wikipedia
  • SHA-3 (Keccak)
• Merkle-Damgard and Sponge Constructions for Hashing - Cihangir Tezcan
• MD4, MD5, RIPEMD, SHA1, SHA2 in Cryptocurrencies - Cihangir Tezcan
• Password Hashing Competition - there wasn’t an established standard to fulfill the needs of modern applications and to best protect against attackers. We started the Password Hashing Competition (PHC) to solve this problem.
  • PHC ran from 2013 to 2015 as an open competition—the same kind of process as NIST’s AES and SHA-3 competitions, and the most effective way to develop a crypto standard. We received 24 candidates, including many excellent designs, and selected one winner, Argon2, an algorithm designed by Alex Biryukov, Daniel Dinu, and Dmitry Khovratovich from University of Luxembourg.

Message Authentication Codes (MAC) and Hash-based MAC (HMAC)

• MAC and Key Derivation (clipped)
• Length Extension Attacks from Cry.College
• KMAC KECCAK Message Authentication Code

Asymmetric (Public-Private Key) Cryptography

• ✨ Lecture Notes on “Computer and Network Security” by Avi Kak:
  • Lecture 11: Prime Numbers And Discrete Logarithms
  • Lecture 12: Public-Key Cryptography and the RSA Algorithm
• PKCS 11 - Wikipedia
• RSA Encryption-Decryption Identity Proof via Euler’s Theorem - very helpful to see the proof of $m^{ed}\equiv m(\mathrm{mod}n)$ for message $m$
• ✨ Prime Numbers & RSA Encryption Algorithm - Computerphile - Note that (implicitly) the Euler Totient function $\varphi$ requires prime factorization (for use of the product formula)
• ✨ Breaking RSA - Computerphile
  • Fermat Factorization in the Wild 🔥
  • Fermat Attack on RSA - uses Fermat’s factorization method - Wikipedia
  • Researcher uses 379-year-old algorithm to crack crypto keys found in the wild
• RSA a simple and easy-to-read implementation « Python recipes « ActiveState Code (link)
• The RSA Encryption Algorithm (2 of 2: Generating the Keys) (and Part 1 of 2: Computing an Example) by Eddie Woo
• How does RSA Cryptography work? on Tom Rocks Maths
• Goldwasser–Micali cryptosystem - Wikipedia - of historical significance but practically unusable

Digital Signatures

• Digital Signature Algorithm - Wikipedia
• ElGamal signature scheme - Wikipedia
• Schnorr signature - Wikipedia
• EdDSA - Wikipedia $\leftarrow$ this is what’s used e.g. when you follow GitHub’s guide to create a new SSH key
  • introduced in High-speed high-security signatures
  • based on twisted Edwards curves, which were introduced “Twisted Edwards Curves” in 2008 and are named after Harold M. Edwards
  • are high performance
• Curve25519 - Wikipedia
• Curve25519 high-speed elliptic-curve cryptography from Daniel J. Bernstein
• curve25519 paper

Elliptic Curve Cryptography

NOTE

I suppose this could be placed under Key Exchange or Assymetric Cryptography since elliptic curves are drop-in - or plug in - replacements for the discrete logarithm (under modulus) problem / one-way function of the original Diffie-Hellman key exchange formulation.

• A (Relatively Easy To Understand) Primer on Elliptic Curve Cryptography
• Elliptic Curve Cryptography a gentle introduction (link)
  • HTML5/JavaScript visual tool for computing sums on elliptic curves - built by Andrea Corbellini
• Elliptic-curve cryptography - Wikipedia
• RSA vs ECC which one is better, and why? - Reddit thread, maybe spurious but still interesting
• Elliptic-curve Diffie–Hellman - Wikipedia
• Elliptic Curve Digital Signature Algorithm - Wikipedia

Notes on Motivations for use of Elliptic Curve Cryptography from National Security AgencyCentral Security Service Web Site

The two noteworthy first generation public key algorithms used to secure the Internet today are known as RSA and Diffie-Hellman (DH). The security of the first is based on the difficulty of factoring the product of two large primes. The second is related to a problem known as the discrete logarithm problem for finite groups. Both are based on the use of elementary number theory. Interestingly, the security of the two schemes, though formulated differently, is closely related.

…elliptic curve cryptography has remained at its full strength since it was first presented in 1985…

…The length of a key, in bits, for a conventional encryption algorithm is a common measure of security. To attack an algorithm with a k-bit key it will generally require roughly 2k-1 operations. Hence, to secure a public key system one would generally want to use parameters that require at least 2k-1 operations to attack. The following table gives the key sizes recommended by the National Institute of Standards and Technology to protect keys used in conventional encryption algorithms like the (DES) and (AES) together with the key sizes for RSA, Diffie-Hellman and elliptic curves that are needed to provide equivalent security.

Symmetric Key Size (bits)	RSA and Diffie-Hellman Key Size (bits)	Elliptic Curve Key Size (bits)
80	1024	160
112	2048	224
128	3072	256
192	7680	384
256	15360	521
Table 1: NIST Recommended Key Sizes

To use RSA or Diffie-Hellman to protect 128-bit AES keys one should use 3072-bit parameters: three times the size in use throughout the Internet today. The equivalent key size for elliptic curves is only 256 bits.

One can see that as symmetric key sizes increase the required key sizes for RSA and Diffie-Hellman increase at a much faster rate than the required key sizes for elliptic curve cryptosystems.

Key Exchange

• Cryptographic Key Exchange from Computerphile:
  • Diffie Hellman -the Mathematics bit- Computerphile]
  • Key Exchange Problems - Computerphile

Certification and Certificate Authorities

Generate a new certificate (locally) for testing purposes with OpenSSL (Lecture 13 of Avi Kak’s course pp. 27):

openssl req -new -newkey rsa:1024 -days 365 -nodes -x509 -keyout test.pem -out test.cert

Differential Privacy

• Deep Learning with Differential Privacy
• Understanding differential privacy by Christoph F. Kurz - nice primer; works through a simple hypothetical example
• The Algorithmic Foundations of Differential Privacy - the book on DP by Cynthia Dwork, Aaron Roth (published in 2014)
• Can you beat me at WORDPL? - Ted is writing things
• DP implementations / tools:
  • OpenDP Platform for Differential Privacy (Microsoft)
  • google/differential-privacy - Google’s differential privacy libraries.
• Differential privacy in (a bit) more detail - Ted is writing things
• Why differential privacy is awesome - Ted is writing things
• A friendly, non-technical introduction to differential privacy - Ted is writing things
• A reading list on differential privacy - Ted is writing things
• Almost differential privacy - Ted is writing things
• Getting more useful results with differential privacy - Ted is writing things
• Averaging risk Rényi DP & zero-concentrated DP - Ted is writing things

Post-Quantum Cryptography

• Prepping for post-quantum a beginner’s guide to lattice cryptography

Blockchains and Cryptocurrencies

• Smart contract - Wikipedia
• Airdrop (cryptocurrency) - Wikipedia
• The great chain of being sure about things The Economist
• But how does bitcoin actually work? from 3Blue1Brown

Bitcoin

• Merkle tree - Wikipedia - invented by Ralph Merkle - Wikipedia who has a patent - US4309569A Method of providing digital signatures - on them approved 1982-04-21 but applied 1979-09-05
  • Note: Bitcoin can use this as “For applications filed prior to, and still in force or pending on, 8 June 1995, the expiry date is the later of 17 years from the issue date, and 20 years from the filing date.” — How to calculate patent expiry dates in the United States
• Bitcoin Block Reward Halving Countdown (clipped) - has very useful Stats section including total Bitcoins in circulation, to mine, price per coin (in USD), time to next block halving (reward payout to miners), hash rate, block generation time (and blocks generated per day), Bitcoin inflation per day/annum, total blocks etc.
• bitcoin/bitcoin repo - Bitcoin Core integration/staging tree
• Bitcoin Core is an open source project which maintains and releases Bitcoin client software called “Bitcoin Core”.
  • It is a direct descendant of the original Bitcoin software client released by Satoshi Nakamoto after he published the famous Bitcoin whitepaper.
  • Bitcoin Core consists of both “full-node” software for fully validating the blockchain as well as a bitcoin wallet. The project also currently maintains related software such as the cryptography library libsecp256k1 and others located at GitHub.
• Transaction size calculator from the Bitcoin Operations Technology Group (“Bitcoin Optech”)
• Weight units - Bitcoin Wiki
• Bitcoin Dust & Dusting attack - Wikipedia
  • What is meant by Bitcoin dust? from bitcoin.stackexchange.com
  • Bitcoin Dust Overview, Disadvantages, and Example
  • Understanding Dust Limits Magic Eden Help Center
  • Crypto Dust and Dusting Attacks Explained
• Coinbase transaction is the transaction contained in the newly forged block which contains the reward payment to the miner → acts as an incentive for the miner to broadcast the block a.s.a.p.

Ethereum

• Ethereum - Wikipedia was proposed in a 2013 white paper by Vitalik Buterin - Wikipedia
• In September 2022, Ethereum moved from Proof of Work (PoW) to Proof of Stake (PoS)
  • Prior to September 2022 In its proof of work algorithm ethash, Ethereum uses Keccak but it should be noted that it is slightly different than the standardized version of Keccak, namely SHA-3. A late change in the standardization process of SHA-3 resulted in a different padding than the one used in ethash.
    • Thus, sometimes the used hash algorithms in ethash are referred to as Keccak-256 and Keccak-512, instead of SHA3-256 and SHA3-512.

Mining Puzzles with SHA-3 Competition Algorithms

Some cryptocurrencies use multiple hash functions for their hash puzzles. This complexity is expected to prevent efficient ASIC development:

1. X11: Blake, BMW, Groestl, JH, Keccak, Skein, Luffa, Cubehash, Shavite, Simd, Echo
2. X13: BLAKE, BMW, Groestl, JH, Keccak, Skein, Luffa, Cubehash, Shavite, Simd, Echo, Hamsi and Fugue
3. X15: Blake, BMW, Groestl, JH, Keccak, Skein, Luffa, Cubehash, Shavite, Simd, Echo, Hamsi, Fugue, Shabal, and Whirlpool
4. X16: the same 15 algorithms used in X15 model + SHA512
5. X16r: rotates through 16 different algorithms in random
6. X17: Blake, BMW, Groestl, JH, Keccak, Skein, Luffa, Cubehash, Shavite, Simd, Echo, Hamsi, Fugue, Shabal, Whirlpool, Loselosei, and Dib2

Blockchain & Cryptocurrency Technologies - Cihangir Tezcan

1. Intro to Blockchain and Cryptocurrency Technologies
2. Why You Do NOT Need a Blockchain
3. Hashing in Blockchains and Cryptocurrencies
4. Merkle-Damgard and Sponge Constructions for Hashing
5. MD4, MD5, RIPEMD, SHA1, SHA2 in Cryptocurrencies
6. SHA3 in Cryptocurrency Mining
7. Public Key Cryptography for Blockchains
8. Algebra for Blockchains & Cryptocurrencies
9. Elliptic Curve Cryptography for Blockchains & Cryptocurrencies
10. Discrete Logarithm Problem for Blockchains & Cryptocurrencies
11. Digital Signatures for Blockchains & Cryptocurrencies
12. Elliptic Curve Digital Signature Algorithm for Blockchains & Cryptocurrencies
13. Bitcoin Signature Verification
14. Blockchain Technology Introduction
15. Blocks in Blockchains
16. Consensus Models
17. BITCOIN
18. BITCOIN Blocks
19. BITCOIN Wallets
20. BITCOIN Transactions
21. BITCOIN Pay to Public-key Hash
22. BITCOIN Pay to Script Hash
23. Soft and Hard BITCOIN Forks
24. BITCOIN Mining
25. Multi-Signatures in BITCOIN
26. MuSig: Schnorr Multi-Signatures for BITCOIN
27. How to Find Hidden Messages in Bitcoin Blockchain
28. Alternative COINS
29. ETH Ethereum
30. NFT Non-Fungible Token
31. NFT Non-Fungible Token Security Issues
32. Stellar: Connecting the World’s Financial Infrastructure
33. Ben Kriptocu Gördüm! - Aydaki Adam: İlker Canikligil - Konuk: Cihangir Tezcan - B48

Randomness

• Random number generation (on macOS; from Apple Platform Security)

Attack Types

Clickjacking

Clickjacking or formally UI Redressing: attacker “redresses” the interface seen by the user with an invisible frame that tricks them into doing things they wouldn’t ordinarily do

• Clickjacking Attacks How to Detect and Prevent Ping Identity
• Testing for Clickjacking
• X-Frame-Options - HTTP MDN - The X-Frame-Options HTTP response header can be used to indicate whether a browser should be allowed to render a page in a <frame>, <iframe>, <embed> or <object>. Sites can use this to avoid click-jacking attacks, by ensuring that their content is not embedded into other sites.

Secure Shell (SSH)

• SSH login without password (link)
• OpenSSH
  • OpenSSH suite consists of the following tools:
    • Remote operations are done using ssh, scp, and sftp.
    • Key management with ssh-add, ssh-keysign, ssh-keyscan, and ssh-keygen.
    • The service side consists of sshd, sftp-server, and ssh-agent.
  • OpenSSH is developed by a few developers of the OpenBSD Project and made available under a BSD-style license

WiFi (Wireless) Security

• Temporal Key Integrity Protocol - Wikipedia - used by IEEE 802.11 - Wikipedia

Password managers

• Google Password Manager vs. 1Password r1Password
• Password Managers. from Tavis Ormandy (vulnerability researcher at Google)
• Is Google Password Manager Safe in 2024 from the LastPass blog - didn’t get much from this; doesn’t identify clear failures/vulnerabilities of Google Password Manager (GPM); at one point say that if the Google account is compromised, passwords are too, but this is equally true of the LasPass account 🙄; comparison paragraph mentions cross-platform advantage of LastPass. In Google Password Manager vs. 1Password r1Password on Reddit there’s a good point about LP being useful for family / industry setting for a team which needs joint access to passwords (inconvenient in GPM setting if tied to personal account)

Pretty Good Privacy (PGP) and GNU Privacy Guard (GnuPG or GPG)

• The GNU Privacy Guard
  • GNU Privacy Guard docs
• Available for macOS as GPG Suite but personally I downloaded the GNU Pretty Good Privacy (PGP) package (gnupg formula) via Homebrew: brew install gnupg
• Pretty Good Privacy - Wikipedia (PGP)

Implementations

• Metasploit
  • Metasploit Docs

---

👉 See Also

• Privacy - Staying Secure Online
• Reverse Engineering