#cryptography

Quantum computing poses a future threat to current cryptographic systems, particularly public-key cryptography. Experts estimate that large-scale quantum computers capable of breaking current encryption could emerge within 10-30 years. Organizations are already developing quantum-resistant cryptographic algorithms to prepare for this transition.

LibreSSL 4.3.1 has been released, featuring fixes for the CVE-2025-5301 vulnerability in the libtls library. The update addresses a potential denial of service issue and includes other security improvements.

AES-128 encryption remains secure in a post-quantum computing world, contrary to common concerns. Research shows that quantum computers would not significantly weaken AES-128's security due to the algorithm's design and key size.

A study proposes that Section A of the Voynich Manuscript is written in Archaic Middle Welsh, suggesting the text may be a natural language rather than a code. The research analyzes linguistic patterns and vocabulary to support this interpretation of the mysterious manuscript.

Nobulex is a system that creates cryptographic receipts for AI agent actions, providing verifiable proof of what actions were taken. The tool enables tamper-evident logging of AI operations through cryptographic signatures.

CIQ is enhancing its enterprise Linux distribution to meet federal cryptographic and post-quantum computing compliance requirements. The company is working to ensure its platform can deliver the necessary security standards for government and regulated industries.

Researchers have developed an ultra-fast method for generating 1024-bit prime numbers using the Hilbert-Pólya spectral law. This approach significantly accelerates prime generation compared to traditional methods while maintaining cryptographic security standards.

Researchers have formally verified the Signal protocol and its Rust implementation using the Lean theorem prover. This verification ensures the protocol's security properties are mathematically proven, including forward secrecy and post-compromise security. The work demonstrates the feasibility of verifying real-world cryptographic implementations.

The article discusses the portability aspect of PSA Crypto, a cryptographic API standard for embedded systems. It explains how PSA Crypto enables consistent cryptographic operations across different hardware platforms and software implementations. The post highlights the importance of portability for security in IoT and embedded devices.

The article discusses security risks associated with long-lived cryptographic keys, explaining why they pose vulnerabilities and recommending shorter key lifespans for better protection. It outlines practical approaches for implementing key rotation and management strategies to enhance security.

Quantum computers do not pose a threat to 128-bit symmetric keys, as they would require an impractical number of physical qubits to break them. The security of 128-bit keys remains strong even against future quantum computing advances.

A developer questions whether recording audio from a microphone could serve as a true random number generator for creating secure keys, noting that slight differences in audio input would never repeat. They ask what potential flaws exist in this approach compared to using /dev/urandom.

This article continues the illustrated primer on anonymous credentials, explaining advanced cryptographic concepts and implementation details. It builds upon the foundational concepts introduced in Part 1 to demonstrate how anonymous credential systems work in practice.

The article outlines a roadmap for Bitcoin's evolution in response to quantum computing threats. It discusses potential cryptographic upgrades and timeline considerations for maintaining security as quantum computing advances.

Researchers have developed Signal Shot, a tool that uses the Lean theorem prover to formally verify the Signal protocol and its Rust implementation. This verification ensures the cryptographic security of the messaging protocol used by billions of people worldwide.

fmsg is an open distributed messaging protocol designed as an alternative to email and instant messaging. It features binary messages, cryptographic verification, and a distributed architecture where anyone can host servers. The protocol includes built-in sender verification and message integrity without requiring additional security layers like SPF/DKIM/DMARC.

The document presents size-optimized implementations of ECDSA (Elliptic Curve Digital Signature Algorithm) focusing on minimizing code size for constrained environments. It discusses mathematical foundations and implementation techniques for efficient elliptic curve cryptography on resource-limited devices.

Twitter's encrypted direct messages have multiple security weaknesses, including reliance on Twitter's servers for key distribution and lack of forward secrecy. The feature was developed by only two engineers who are no longer at the company, and none of its limitations have been addressed since launch nearly two years ago.

Keygen has introduced cryptographic license files, providing a new and easier method for handling offline and air-gapped licensing scenarios.

The article explains how to work with hexadecimal Ed25519 public keys in Node.js using the crypto module. It covers key generation, conversion between formats, and practical implementation examples for cryptographic operations.

Software vendors should transition from legacy license key algorithms like partial key verification to using modern cryptographic methods such as elliptic-curve and RSA cryptography for generating secure license keys.

The article details the process of porting PuTTY to Windows on Arm, including compilation adjustments and a technical exploration of NEON-accelerated cryptography for performance improvements.

Post-quantum public-key encryption systems are designed to remain secure even against quantum computers. This article explains simplified versions of these cryptosystems at a pop-science level for general understanding.