ASecuritySite Podcast

This seminar series runs for students on the Network Security and Cryptography module, but invites guests to participate. Bruce has created a wide range of cryptographic methods including Skein (hash function), Helix (stream cipher), Fortuna (random number generator), and Blowfish/Twofish/Threefish (block ciphers). Bruce has published 14 books, including best-sellers such as Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World. He has also published hundreds of articles, essays, and academic papers. Currently, Bruce is a fellow at the Berkman Center for Internet and Society at Harvard University.

Alfred Menezes is a Professor at the University of Waterloo in Ontario.  In 2001, he won the Hall Medal from the Institute of Combinatorics and its Applications.  Alfred is the lead author of the Handbook of Applied Cryptography, and  which has been cited over 25,000 times. He has published many high impact papers, especially in areas of public key encryption and elliptic curve cryptography, and was the co-inventor of the ECDSA signature method. His website for online courses is https://cryptography101.ca. The "Cryptography101: Building Blocks" and "Cryptography 101: Deployments" courses are lectures from the undergraduate "Applied Cryptography" that he has taught at Waterloo since 2000. The former includes a five-lecture introduction to elliptic curve cryptography. He also has a course on "Kyber and Dilithium", and soon an intro to "Lattice-based cryptography".   Video recording: https://www.youtube.com/watch?v=l5GWFAewQ80

Brent Waters is a Professor at the University of Texas at Austin and the Director of the Cryptography Lab at NTT Research.  He graduated from the UCL in 2000, then completed a PhD at Princeton University in 2004. After this, he moved on to Stanford as a postdoc. Overall, Brent was the first to propose Attribute-based Encryption (ABE) and also the first to outline functional encryption. He was also awarded the Sloan Research Fellowship in 2010, and, in 2015, he was awarded the Grace Murray Hopper Award for his work on ABE and functional encryption. Brent’s research has been cited over 68,700 times for his research work, and has provided a core foundation for cybersecurity to move towards methods that provide fine-grained data access.

Well, as if cybersecurity doesn’t have enough acronyms. There’s RIP, OSPF, TCP, IP, SSH, AES, and so many others. Now, there are three really important ones to remember: ML-KEM (Module Lattice-Based Key Encapsulation Mechanism), ML-DSA (Module Lattice-Based Signature Standard) and SLH-DSA (Stateless Hash-based Digital Signature Standard). ML-KEM is defined in the FIPS 203 standard, ML-DSA as FIPS 204, and for SLH-DSA, we have FIPS 205. https://medium.com/@billatnapier/get-used-to-three-boring-acronyms-ml-kem-ml-dsa-and-slh-dsa-0156b6ab82c5 

The cybersecurity world is changing, and where the signature methods of RSA, ECDSA and EdDSA are likely to be replaced by FIPS 204 (aka ML-DSA Module-Lattice-Based Digital Signature Standard— Dilithium) and FIPS 205 (aka SLH-DSA (Stateless Hash-based Digital Signature Standard — SPHINCS+) https://medium.com/@billatnapier/so-what-is-a-prehash-and-what-has-it-to-do-with-post-quantum-signatures-bf7812cfa203

In cybersecurity, there are so many acronyms, and to be an expert, you really need to dig underneath the methods and understand how they work. One weak area of the industry is in the usage of MACs (Message Authentication Codes). With the public-key signing, we use a public key and a private key, where the private key will digitally sign a hash of the message, and where the public key is verified the signature. With a MAC, we use a shared symmetric key, and where Bob and Alice will share the same secret key (Figure 1).   https://medium.com/@billatnapier/cmac-or-hmac-which-is-better-8e1861f744d0 

Article: https://medium.com/asecuritysite-when-bob-met-alice/the-brainpool-curves-f2f865b88191 

Article: https://medium.com/asecuritysite-when-bob-met-alice/our-current-hardware-architectures-are-often-not-fit-for-a-world-of-ml-and-homomorphic-encryption-1df5a4a45a4d

Article: https://billatnapier.medium.com/nist-looks-to-the-future-of-cryptography-sha-1-3des-and-sha-224-on-naughty-step-7295d03fdc54

Read more: https://medium.com/asecuritysite-when-bob-met-alice/goodbye-google-and-the-microsoft-and-openai-partnership-fraying-8c35e35cd814

Read more: https://medium.com/asecuritysite-when-bob-met-alice/the-wonderful-world-of-proxies-818c196290ff 

Details: https://billatnapier.medium.com/the-largest-prime-number-ever-found-and-the-52nd-mersenne-prime-65348546b651 

Video interview: https://www.youtube.com/watch?v=59Y_kya4lR8  Kurt Rohloff is an Associate Professor of Computer Science at the New Jersey Institute of Technology (NJIT) and a co-founder and CTO of Duality Technologies.  He is also a co-founder of the open-source PALISADE Homomorphic Encryption Software Library, and a co-founder of the  OpenFHE library.

Like it or not, AI is on the move and now competing with human brain power for its place in our world. We must thus understand the place of LLMs (Large Language Models) in areas such as cybersecurity and in planning towards hybrid systems that integrate both humans and AI within our corporate infrastructures.  https://medium.com/asecuritysite-when-bob-met-alice/humans-v-ai-in-cybersecurity-52709be27111

This week, in my lecture, I will outline one of the most amazing methods ever created in computer science: the Diffie-Hellman method. It was first outlined by Whitfield Diffie and Marty Hellman in 1976 in a paper that built the foundation of our modern world of cybersecurity.   https://billatnapier.medium.com/after-48-years-its-a-long-goodbye-to-the-diffie-hellman-method-a6976a562bfe 

YouTube interview: https://www.youtube.com/watch?v=FDn0Tkhi8zw  Yuriy Polyakov is the Vice President of Cryptography and a Principal Scientist at Duality Technologies. His research interests include applied lattice-based cryptography, fully homomorphic encryption, and privacy-preserving machine learning. He is also a co-founder of the open-source PALISADE Homomorphic Encryption Software Library, and a co-founder and project lead for OpenFHE.

Thomas Prest is a cryptography researcher at PQShield and previously worked with Thales. He completed his PhD at the École Normale Supérieure and focuses on post-quantum cryptography and discrete algorithms. Thomas was one of the co-authors of the FALCON digital signature method and has published widely in related areas of PQC.

https://medium.com/asecuritysite-when-bob-met-alice/javascript-is-a-trademark-f4d5a7d32386 

Amit Gupta is the founder and CEO of Acubed.IT, which is a company which creates innovative and secure cross-security domain solutions for customers such as the UK government. One of their key innovations is the Cross Domain Hybrid Application (CDHA) framework, and which aims to break down the barriers in sharing trusted information across multiple partner agencies.

Please excuse the poor quality of my microphone, as the wrong microphone was selected.   In research, we are all just building on the shoulders of true giants, and there are few larger giants than Leslie Lamport — the creator of LaTeX. For me, every time I open up a LaTeX document, I think of the work he did on creating LaTeX, and which makes my research work so much more productive. If I was still stuck with Microsoft Office for research, I would spend half of my time in that horrible equation editor, or in trying to integrate the references into the required format, or in formatting Header 1 and Header 2 to have a six-point spacing underneath. So, for me, the contest between LaTeX and Microsoft Word is a knock-out in the first round. And one of the great things about Leslie is that his work is strongly academic — and which provides foundations for others to build on. For this, he did a great deal on the ordering of task synchronisation, in state theory, cryptography signatures, and fault tolerance. LaTeX I really can say enough about how much LaTeX — created in 1984 — helps my work. I am writing a few books just now, and it allows me to lay out the books in the way that I want to deliver the content. There’s no need for a further mark-up, as I work on the output that the reader will see. But the true genius of LaTeX is the way that teams can work on a paper, and where there can be async to GitHub and where version control is then embedded. Clocks Many in the research community think that the quality measure of a paper is the impact factor of the journal that it is submitted to, or in the amount of maths that it contains. But, in the end, it is the impact of the paper, and how it changes thinking. For Leslie, in 1978, his paper on clocks changed our scientific world and is one of the most cited papers in computer science. Byzantine Generals Problem In 1981, Leslie B Lamport defined the Byzantine Generals Problem. And in a research world where you can have 100s of references in a paper, Leslie only used four (and which would probably not be accepted these days for having so few references). Within this paper, the generals of a Byzantine army have to agree to their battle plan, in the face of adversaries passing in order information. In the end, we aim to create a way of passing messages where if at least two out of three of the generals are honest, we will end up with the correct battle plan. The Lamport Signature Sometime soon, we perhaps need to wean ourselves of our existing public key methods and look to techniques that are more challenging for quantum computers. With the implementation of Shor’s algorithm [here] on quantum computers, we will see our RSA and Elliptic Curve methods being replaced by methods which are quantum robust. One method is the Lamport signature method and which was created by Leslie B. Lamport in 1979.