Deirdre Connolly¹ ²
Π_social, not to be confused with PySocial
#realworldcrypto
Q: How do we solve the problem of 'human APIs'?
A: Well, we're not even trying right now. Let's try to get closer to solving it rather than nothing at all
#realworldcrypto
Last talk of the day, 'Building Cryptographic Intellectual Infrastructure Where It Means Most: Lessons from Teaching Applied Cryptography in Post-Crisis Lebanon', presented by Nadim Kobeissi
#realworldcrypto
Students formally modeled protocols in their first week of
exposure
#realworldcrypto
Excellence in pedagogy is not rewarded in research academia
#realworldcrypto
Materials openly available: appliedcryptography.page
#realworldcrypto
Applied Cryptography — America...
Applied Cryptography — America...
END OF DAY 2
#realworldcrypto
First up, 'Counter Galois Onion (CGO): Fast Non-Malleable Onion Encryption for Tor'
eprint.iacr.org/2025/583
#realworldcrypto
Being integrated in the Rust implementation of Tor, Arti
#realworldcrypto
Next, 'Let’s Aggregate? Towards making private telemetry as ubiquitous as TLS', presented by Ryan Lehmkuhl
#realworldcrypto
Trying to drive adoption of private aggregation: free light servers?
#realworldcrypto
Distributional Private Information Retrieval
A private-information-retrieval (PIR) scheme lets a client fetch a record from a remote database without revealing which record it fetched. Classic PIR schemes treat all database records the same but, in practice, some database records are much more popular (i.e., commonly fetched) than others. We introduce distributional PIR, a new type of PIR that can run faster than classic PIR---both asymptotically and concretely---when the popularity distribution is skewed. Distributional PIR provides exactly the same cryptographic privacy as classic PIR. The speedup comes from a relaxed form of correctness: distributional PIR guarantees that in-distribution queries succeed with good probability, while out-of-distribution queries succeed with lower probability. Because of its relaxed correctness, distributional PIR is best suited for applications where "best-effort" retrieval is acceptable. Moreover, for security, a client's decision to query the server must be independent of whether its past queries were successful. We construct a distributional-PIR scheme that makes black-box use of classic PIR protocols, and prove a lower bound on the server runtime of a natural class of distributional-PIR schemes. On two real-world popularity distributions, our construction reduces compute costs by $5$-$77\times$ compared to existing techniques. Finally, we build CrowdSurf, an end-to-end system for privately fetching tweets, and show that distributional-PIR reduces the end-to-end server cost by $8\times$ (depending on the frequency of tweets).
Next up, 'How Private Can Private Advertising Really Be?', presented by Alishah Chator
#realworldcrypto
'If a population has a sensitive feature correlated with it, membership in the population can be used as a proxy for targeting that feature'
#realworldcrypto
UC gives us language to see what cannot compose
#realworldcrypto
Differential Privacy is an individual privacy notion
#realworldcypto
Next, 'Sprinkle Differential Privacy on a Bit of Everything', presented by Daniel Pöllmann
#realworldcrypto
Bluetooth! 'Security of Bluetooth: A Cryptographic View on Analyzing a Leviathan', by Olga Sanina
#realworldcrypto
lol this thing is so broken. Bluetooth is basically TOFU. No known plans to move to PQ
#realworldcrypto
"just add signatures' [ML-DSA bludgeons you]
eprint.iacr.org/2024/874
#realworldcryto
Next up, 'The Landscape of Offline Finding Protocols:
Privacy, Safety, Problems', presented by Akshaya Kumar and Carolina Ortega Pérez
#realworldcrypto
If you have to make a tradeoff, favor anti-stalking vs anti-theft
#realworldcrypto
LIGHTNING TALK TIME 🎺
#realworldcrypto
@proofnerd.bsky.social on MPC implementation security at MPC Security in Practice workshop at TPMPC
#realworldcrypto
PhotoDNA broken??? eprint coming, 'whitebox attack'
#realworldcrypto
Nicky formerly of NIST is looking for gigs
#realworldcrypto
@kientuong114.bsky.social matilda and matteo plug Cryptographic Applications Workshop at Eurocrypt in Rome caw.cryptanalysis.fun
#realworldcrypto
CAW
CAW
Crypto job board
#realworldcrypto
@filippo.abyssdomain.expert plugs Wycheproof test vectors github.com/C2SP/wychepr...
#realworldcrypto
GitHub - C2SP/wycheproof: Proj...
GitHub - C2SP/wycheproof: Proj...
Michael Rosenberg offering opsec trainings, materials; points out that cryptography is the rearrangement of power
#realworldcrypto
Talk to Peter Schwabe if you'd like to further sponsor Real World Crypto
#realworldcrypto
Thom on Merkle Tree Certs
github.com/davidben/mer...
#realworldcrypto