| Title | Sr. Security Engineer |
| Pronouns | he, him |
| Blog | https://scottarc.blog |
Scott Arciszewski
- 678 Followers
- 129 Following
- 171 Posts
Residing at the intersection of PHP, security, cryptography, and open source software. He/him. Opinions are solely mine. RTs != endorsements, etc.
If you have a favorite #MLDSA implementation, check if these new Wycheproof test cases are valid and please report back in the PR.
occultRE: https://infosec.exchange/@trailofbits/116419704979785055
Today in memory safety bugs in Rust code.
Trail of BitsGoogle used a ZK proof to disclose a quantum breakthrough that cuts the cost of breaking cryptocurrency by 20x without handing attackers the circuit.
The Rust code behind the proof had memory safety bugs. We used this new attack surface to forge a proof that beats Google’s on every metric.
Google patched it within days. Their quantum claims are unaffected. https://blog.trailofbits.com/2026/04/17/we-beat-googles-zero-knowledge-proof-of-quantum-cryptanalysis/
We beat Google’s zero-knowledge proof of quantum cryptanalysis
Trail of Bits discovered and exploited memory safety and logic vulnerabilities in Google’s Rust zero-knowledge proof code to forge a proof claiming better quantum circuit performance metrics than Google’s original results, demonstrating unique security risks in zkVM systems.
Fi 🏳️⚧️Hot take:
Discord is not a documentation platform. It is a chat platform. If your project requires connecting to a discord to obtain necessary information, then your project is undocumented.
Paragon Initiative Enterprises# sodium_compat security release
* https://github.com/paragonie/sodium_compat/releases/tag/v2.5.0
* https://github.com/paragonie/sodium_compat/releases/tag/v1.24.0
Further information: https://00f.net/2025/12/30/libsodium-vulnerability/
We're releasing pure Go implementations of ML-DSA (FIPS-204) and SLH-DSA (FIPS-205). These libraries are engineered to be constant time, preventing timing side-channel attacks like KyberSlash. https://blog.trailofbits.com/2025/11/14/how-we-avoided-side-channels-in-our-new-post-quantum-go-cryptography-libraries/
@DefuseSec In case you wanted to refresh cryptofails.com sometime
On Singh et. al.'s "Collatz Hash"
Singh et. al. recently uploaded a preprint describing a new hash function inspired by the Collatz Conjecture. After performing some cursory tests, the proposed function appears to be completely unsuitable for cryptographic purposes, and should not be used.
Sophie SchmiegA key should always be considered to consist of both raw key material and all metadata required to fully describe and execute the associated cryptographic function.
Thad@abacabadabacaba @soatok yeah, I’d second the idea to explicitly not allow multiple recipients for this scheme. KCI seems a bit of an edge case for a two party system, but allowing any member in a multiparty group to spoof any other member seems like a bit of a cliff. Unfortunate that schemes like MLS have to pull in signatures for this and can’t just use something similar to Noise_K.