Deirdre Connolly¹ ²
Prefix matching support; multiple attempts
#realworldcrypto
How do we retrieve things from the server, and how can we trust that the machine is actually doing what we expect it to do? Answer: attestation
#realworldcrypto
Future work: further reducing reliance on hardware assumptions, improve efficiency of ORAM use
#realworldcrypto
Next up, 'Improving the Trustworthiness of Javascript on the Web', presented by Michael Rosenberg, Giulio Berra, Ezzudin Alkotob, and Dennis Jackson
#realworldcrypto
[uh i don't necessarily agree this is why we trust iOS Signal vs say a web page as it exists]
#realworldcrypto
Code Verify: content, manifest, hash, store in public transparency log
#realworldcrypto
Each leaf of the manifest merkle tree is hash of one js or css file
#realworldcrypto
Merkle Patricia Trees instead of traditional Merkle history trees, more efficient auditing
#realworldcrypto
Need immediate recovery through transparent opt-out
#realworldcrypto
Next up, 'Signal Lost (Integrity): The Signal App is More than the Sum of its Protocols', presented by Noemi Terzo and Kien Tuong Truong
#realworldcrypto
'Signal' is definitely more than just 'The Signal Protocol'
#realworldcrypto
The server can send Sealed Sender messages on behalf of anyone without detection (but the system is supposed to be secure in the setting that the server is insecure!)
#realworldcrypto
Existing Sealed Sender doesn't authenticate messages 😭
#realworldcrypto
'Boring' stuff matters: open source, documentation!!!, communication with community
#realworldcrypto
Ensure that cryptographic logic is _unified_ in a single native library [Is this possible in practice? Sounds less performant]
#realworldcrypto
Break time!
#realworldcrypto
Next up, the Levchin Prize!
#realworldcrypto
This is The Paper:
ee.stanford.edu/~hellman/pub...
#realworldcrypto
ee.stanford.edu/~hellman/publi...
ee.stanford.edu/~hellman/publi...
@cascremers.bsky.social gracefully accepts
#realworldcrypto
@cascremers.bsky.social gives the Levchin Prize invited talk on Tamarin
#realworldcrypto
Tamarin is a constraint solver impersonating a theorem prover
#realworldcrypto
Undecidable problem— we can't be sure it will ever terminate
#realworldcrypto
Much more precise handling of cryptographic primitives, including those that are motivated by the symbolic modeling of protocols
#realworldcrypto
If Tamarin terminates, there is always either an attack or a proof of security (if it doesn't terminate, oop)
#realworldcrypto
Can find complex attacks that humans will probably never find on their own
#realworldcrypto
Find attacks not by programming in the attacks, but by modeling the protocol, the security notions, the state transitions, and seeing what shakes out
#realworldcrypto
New version of Tamarin out, and there's a new book!
#realworldcrypto
