«Decentralized P2P Chat & File Transfer - Secure Messaging Without Central Servers:
Creating decentralized P2P technology. Aiming to provide industry-grade cryptographic capabilities encapsulated into a webapp.»
Do any of you regularly use @xoron with several people at the same time or even professionally and what is your impression about it?
🐟 https://positive-intentions.com
#chat #p2p #e2ee #filetransfer #security #decentralization #webtools #webapp #pqc #pqcrypto #cryptography #noserver
«Threema wird quantensicher — Partnerschaft mit IBM Research:
Der Schweizer Messenger Threema arbeitet mit IBM Research zusammen, um seine Chats quantensicher zu machen. Ziel ist Schutz vor Quantencomputern.»
Diesbezüglich ist @threemaapp nicht alleine und IBM ist so zu sagen deren Nachbar, die haben in ihrer Nähe einen PQC Standort.
⚛ https://www.heise.de/news/Threema-wird-quantensicher-Partnerschaft-mit-IBM-Research-11190858.html
#postquantum #ibm #threema #pqc #app #pqcrypto #quantencomputer #chatapps #itsicherheit #mlkem #signal #apple #itsec #itsecurity #chat
ML-KEM Mythbusting
"There have been some recent concerns about ML-KEM, NIST’s standard for encryption with Post-Quantum Cryptography, related standards of the IETF, and lots of conspiracy theories about malicious actors subverting the standardization process. "
"Consensus means whatever the people in power want to do." -- djb
NSA and IETF, part 3
cr.yp.to: 2025.11.23: NSA and IETF, part 3 Table of contents (Access-I for index page) 2025.11.23: NSA and IETF, part 4: An example of censored dissent. #pqcrypto #hybrids #nsa #ietf #scope 2025.11.23: NSA and IETF, part 3: Dodging the issues at hand. #pqcrypto #hybrids #nsa #ietf #dodging 2025.11.23: NSA and IETF, part 2: Corruption continues. #pqcrypto #hybrids #nsa #ietf #corruption 2025.10.05: MODPOD: The collapse of IETF's protections for…
https://cnznews.com/nsa-and-ietf-part-3/?utm_source=mastodon&utm_medium=jetpack_social
2025.10.04: NSA and IETF: Can an attacker simply purchase standardization of weakened cryptography?
https://blog.cr.yp.to/20251004-weakened.html
#PQcrypto #hybrids #NSA #IETF #antitrust
Is Post Quantum Crypto dead on arrival. At least there is a strange smell!
"Can an attacker simply purchase standardization of weakened cryptography? #pqcrypto #hybrids #nsa #ietf #antitrust
It's normal for post-quantum cryptography to be rolled out as an extra layer of security on top of traditional pre-quantum cryptography, rather than as a replacement.
... looking at how easy it is for NSA to simply spend money to corrupt the standardization process."
New blog post "NSA and IETF: Can an attacker simply purchase standardization of weakened cryptography?" https://blog.cr.yp.to/20251004-weakened.html #pqcrypto #hybrids #nsa #ietf #antitrust
»NIST standardisiert ein leichtgewichtiges Kryptografieverfahren für IoT-Geräte:
Ascon ist ein leichtgewichtiges Kryptografieverfahren, das insbesondere für IoT-Geräte wie RFID-Tags gedacht ist. NIST hat das Verfahren nun standardisiert.«
Ich habe absolut keine Ahnung von IoT aber spannend. Es sind leider sehr viele IoT-Tools, die im allgemeinen erhältlich sind, sehr unsicher im Web.
#iota #nist #pqc #pqcrypto #rfid #tools #web #internet #postquantum #kryptografie
🎥 Just released! Watch the COSIC Seminar "FRIttata: Distributed Proof Generation of FRI-based SNARKs" by Hua Xu (KU Leuven): https://www.youtube.com/watch?v=sMHfxYrNl5I
📄 Read the full paper on #eprint: https://eprint.iacr.org/2025/1285
#FRIttata #SNARKs #PostQuantum #PQCrypto
#Qualys needs to update their TLS client test to support the new signature algorithms and named groups. There are a fair number of "unknown" entries with #OpenSSL 3.5. https://clienttest.ssllabs.com:8443/ssltest/viewMyClient.html
I must admit, I'm not in love with HQC but I think it's a good backup choice if ML-KEM is ever broken.
McEliece public keys would have broken my use cases.
#NIST chose #HQC as their backup KEM and elected not to standardize #ClassicMcElice for now among other reasons pointing to the standardization with #ISO.
The argument to choose HQC over Bike is a higher confidence in IND-CCA-security of HQC. I cannot comment on whether that is a reasonable assessment, though I have no reason to doubt it, but I can say that in terms of reasons to make a choice this is of course a pretty good one.
I’m not sure how I think about the decision regarding McElice, but I can to an extend see where they are coming from.
This means there are now 9 post quantum algorithms approved, standardized or chosen for standardization by generally respected organizations:
Key Encapsulation Mechanisms (“KEMs”):
* ML-KEM (“Kyber”), based on Lattices, standardized by NIST
* HQC, based on Codes, chosen for standardization by NIST
* Classic McElice, based on codes, approved by BSI (de), ANSSI(fr), and NCSC (nl)
* Frodo, based on lattices, approved by BSI (de), ANSSI(fr), and NCSC (nl)
Signatures:
* ML-DSA (“Dilithium”), based on Lattices, standardized by NIST
* SLH-DSA (“SPHINCS+”), based on hashes, standardized by NIST
* FN-DSA (“Falcon”), based on lattices, chosen for standardization by NIST
Stateful Signatures:
* XMSS, based on hashes, standardized by IEEE
* LMS, based on hashes, standardized by IEEE
Overall, this looks like a decent portfolio. Future standardization might add schemes based on multivariate-equations and isogonies, but for now this should do and give us a basis from which we can design more efficient schemes without being to concerned about the entire ground suddenly giving in because one random guy/gal finds a new attack-vector.
#postquantumcryptography #PQC #PQCrypto
So looking through some old projects I’ve had lying around, I ran into something I started (and never even really wrote anything) about steganography. This led me down a bit of rabbit-hole and I now have a slightly better understanding of some components of ML-KEM (aka. #Kyber).
Both the public key and the ciphertext are for the most part long sequences of integers modulo 3329 that are effectively indistinguishable from random integers out of that range.
Of course they are obvious to distinguish from random bitstrings, but the easiest way to fix that would be to just view them as numbers in base 3329, re-encode them to base 2 and work from there… So that might be one thing I could look into now.
The alternative is to see whether there is a sufficiently hard to detect way to change some of the representatives of the field-elements… It might be easier to implement if, if not easier from a mathematical perspective, but would also let the possibility of slightly compressing the public-key and ciphertext by about 2.5% in length lie on the table.
In any case, this is something that might be worthwhile for practical use-cases… 🤔
#cryptography #pqc #pqcrypto #steganography #crypto #MLKEM
#OpenSSH 9.9 has been released: https://www.openssh.com/txt/release-9.9
The significant new feature is support for post-quantum mlkem768x25519-sha256 KEX as specified in https://datatracker.ietf.org/doc/html/draft-kampanakis-curdle-ssh-pq-ke-03
Post-Quantum PASETO and PASERK specification proposals!
https://github.com/paseto-standard/paseto-spec/pull/36
Gear up for the quantum era! 🔐⚛️ Check out Kicksecure's guide on Post-Quantum Cryptography (PQCrypto) with info on quantum-resistant tools like Codecrypt, Cyph, and more. 💻🔑 #PQCrypto
