New AWS security tools, updates help IT protect cloud apps | TechTarget

New AWS security features and updates released during re:Inforce address the need to protect applications developed for the cloud.

PRFs, PRPs and other fantastic things

A few weeks ago I ran into a conversation on Twitter about the weaknesses of applied cryptography textbooks, and how they tend to spend way too much time lecturing people about Feistel networks and…

Four Attacks and a Proof for Telegram

We study the use of symmetric cryptography in the MTProto 2.0 protocol, Telegram's equivalent of the TLS protocol. We give positive and negative results. On the one hand, we formally and in detail specify a slight variant of Telegram's "record protocol" and prove that it achieves security in a suitable bidirectional secure channel model, albeit under unstudied assumptions; this model itself advances the state-of-the-art for secure channels. On the other hand, we first motivate our slight deviation from MTProto as deployed by giving two attacks on the original protocol specification: one of practical, one of theoretical interest. Then, we give two attacks on the implementation, which are outside of our formal model: one targeting the client, one targeting the server. The client-side attack enables plaintext recovery by exploiting timing side channels, of varying strength, in three official Telegram clients. On its own this attack is thwarted by the secrecy of header fields that are established by Telegram's key exchange protocol. We thus chain this attack with an attack against the implementation of the key exchange protocol on Telegram's servers. This final attack breaks the authentication properties of Telegram's key exchange, allowing a MitM attack. More mundanely, it also reduces the cost of the client-side plaintext recovery attack. In totality, our results provide the first comprehensive study of MTProto's use of symmetric cryptography, as well as highlight weaknesses in its key exchange.

Are rejected Dilithium commitments secret?

On 6 March, Yi Lee sent over the NIST mailing list an announcement of their submitted paper that found a flaw in the original security proof for Dilithium. In their manuscript, they fix the proof on

Random oracles and the Borel-Cantelli Lemma

I am trying to understand the implication of the Borel-Cantelli Lemma to the random oracle model. I think understanding a special case, say, a random oracle is one-way with probability 1, would be

What is the random oracle model and why should you care? (Part 5)