All articles tagged with #cryptography
The New York Times reports that British cryptographer Adam Back is the strongest publicly identified candidate for Satoshi Nakamoto after examining emails and stylistic cues, but the case remains circumstantial and Back denies being the Bitcoin creator.
The New York Times, in a report by John Carreyrou, argues that Adam Back is Satoshi Nakamoto based on writing quirks, Hashcash links, and Cypherpunks-era posts; Back refutes the claim, saying the similarities are coincidental and that Satoshi’s anonymity may benefit Bitcoin.
ETH Zurich researchers propose cryptographic signatures generated by a camera’s sensor at capture time and stored in a public ledger to prove authenticity and detect tampering, offering a potentially more secure alternative to the current C2PA approach that signs data later in the camera’s processor; implementation would require redesigned sensors and hardware changes, with ongoing cost considerations.
Google Research warns that the quantum resources needed to break ECDLP-256 have fallen roughly 20-fold, potentially enabling on-spend attacks against Bitcoin within its 10-minute block window and prompting a 2029 migration to post-quantum cryptography; the industry, including Coinbase and the Ethereum Foundation, is coordinating on the transition, though the risk remains years away.
Google accelerated its so‑called Q Day to 2029, warning that quantum computers could break current encryption and calling for a broad move to post-quantum cryptography. The piece explains how qubits and quantum phenomena could outpace classical cryptography, notes noisy qubits as a current hurdle, and highlights Google’s leadership push while acknowledging industry questions about the timeline and motivation.
Google says rapid advances in quantum computing are shrinking the window to today’s encryption, setting a target of 2029 to migrate to post-quantum cryptography and urging the tech industry to accelerate secure upgrades amid fears of data being stored now and decrypted later.
Google moved the deadline for when quantum computers could break current cryptography to 2029, heightening the push toward post-quantum cryptography as researchers note a 2048-bit RSA key could be cracked with about one million noisy qubits—marking a potentially earlier shift in cybersecurity planning.
Google slashes its Q Day readiness deadline to 2029 and urges the industry to adopt post-quantum cryptography to replace RSA and elliptic-curve schemes. The company also reveals Android 17 beta will add PQC support via ML-DSA in verified boot, the Keystore, and upcoming Play Store signing, signaling a broader PQC rollout across devices; experts view the timeline as a significant acceleration with ongoing questions about motivation.
Google has announced a 2029 deadline to migrate its systems to post-quantum cryptography, citing growing quantum hardware capabilities that could undermine current encryption and digital signatures. While Bitcoin faces long-term cryptographic risk from quantum attacks like Shor’s algorithm, upgrading Bitcoin is a decentralized, multi-stakeholder effort that won’t happen overnight. Initiatives such as BIP 360 introducing Pay-to-Merkle-Root are beginning to prepare for quantum-resistant signatures, and some estimates suggest a sizable portion of Bitcoin addresses could be vulnerable in a future quantum era—though exact timelines for practical quantum attacks remain uncertain.
Henry Yuen is building a fully quantum complexity theory to analyze problems whose inputs and outputs are quantum, something traditional theory can’t capture. By recasting issues through the lens of Uhlmann’s theorem, his work shows several quantum-input problems—bit commitments, black-hole decoding, quantum data compression—are actually equivalent, suggesting a unified, quantum-only framework. The project seeks to map these relationships and assess whether quantum-input problems are logically independent from classical complexity, while also sharing Yuen’s personal journey and research philosophy.
Swiss researchers disclosed 27 attack scenarios across Bitwarden, LastPass, Dashlane and 1Password that could let attackers view or modify vaults, challenging the science of end-to-end encryption and exploiting issues in onboarding, key escrow, and item-level encryption. A notable attack demonstrated is ‘malicious auto-enrolment’ against Bitwarden, which could allow a server-controlled attacker to hijack a vault during organization onboarding. Vendors are patching (Bitwarden, LastPass, Dashlane) while 1Password defends its SRP-based design. The paper recommends stronger authentication, key separation and ciphertext integrity. Users should check remediation status with providers and ask for audits.)
A joint ETH Zurich/USI study identifies 25 distinct password-recovery/related attacks across major cloud password managers (Bitwarden, Dashlane, LastPass; with 1Password also noted for some flaws). Attacks span four categories: exploiting key escrow in account recovery, weaknesses in item-level encryption and metadata, vulnerabilities in sharing features, and downgrades due to legacy code. In total, 12 attacks hit Bitwarden, 7 LastPass, and 6 Dashlane; 1Password was linked to item-level and sharing flaws as known limitations. Vendors have issued patches or mitigations (e.g., Dashlane removing legacy crypto, Bitwarden remediation, LastPass hardening, 1Password using SRP), and there’s no evidence these issues have been exploited in the wild.
Google warns that quantum computers could soon break current public-key cryptography and urges governments and industry to accelerate adoption of post-quantum cryptography, aligned with NIST’s PQC standards finalized in 2024. The company says it has been preparing since 2016, implementing crypto agility across its infrastructure, and outlines five policy steps: drive society-wide momentum across critical infrastructure; ensure PQC is embedded in AI systems; avoid fragmentation of standards; promote cloud-first modernization to ease migrations; and maintain ongoing engagement with technical experts to prevent strategic surprises.
The article discusses concerns about GnuPG's security issues, including a significant vulnerability that allows plaintext recovery, and debates whether GPG signatures on git commits are secure or if alternatives like SSH keys or Signal should be used for secure communication and signing. It highlights the complexity and flaws in PGP's design, the challenges of key management, and the political and technical difficulties in replacing or improving upon existing cryptographic tools.
Passkeys are a more secure and user-friendly alternative to passwords, using public-key cryptography to prevent theft and phishing, but widespread adoption is still in progress, so maintaining strong password habits remains important.