Deirdre Connolly¹ ²LIVE FROM TAIPEI, IT'S REAL WORLD CRYPTO!
#realworldcrypto
First session is beyond secure messaging, starting with 'A Practical Wrapper Protocol for Metadata-Hiding in Messaging'
#realworldcrypto
Next up, 'Advanced Browsing Protection for [Facebook] Messenger', by Emma Connor and Kevin Lewi
#realworldcrypto
Protection in the browser against malicious links (reminds me of a similar Chrome feature); uses PIR
#realworldcrypto
Prefix matching support; multiple attempts
#realworldcrypto
How do we retrieve things from the server, and how can we trust that the machine is actually doing what we expect it to do? Answer: attestation
#realworldcrypto
Future work: further reducing reliance on hardware assumptions, improve efficiency of ORAM use
#realworldcrypto
Next up, 'Improving the Trustworthiness of Javascript on the Web', presented by Michael Rosenberg, Giulio Berra, Ezzudin Alkotob, and Dennis Jackson
#realworldcrypto
[uh i don't necessarily agree this is why we trust iOS Signal vs say a web page as it exists]
#realworldcrypto
Code Verify: content, manifest, hash, store in public transparency log
#realworldcrypto
Each leaf of the manifest merkle tree is hash of one js or css file
#realworldcrypto
Merkle Patricia Trees instead of traditional Merkle history trees, more efficient auditing
#realworldcrypto
Need immediate recovery through transparent opt-out
#realworldcrypto
Next up, 'Signal Lost (Integrity): The Signal App is More than the Sum of its Protocols', presented by Noemi Terzo and Kien Tuong Truong
#realworldcrypto
'Signal' is definitely more than just 'The Signal Protocol'
#realworldcrypto
The server can send Sealed Sender messages on behalf of anyone without detection (but the system is supposed to be secure in the setting that the server is insecure!)
#realworldcrypto
Existing Sealed Sender doesn't authenticate messages 😭
#realworldcrypto
'Boring' stuff matters: open source, documentation!!!, communication with community
#realworldcrypto
