By Will Song The Trail of Bits cryptography team is pleased to announce the open-sourcing of our pure Rust and Go implementations of Leighton-Micali Hash-Based Signatures (LMS), a well-studied NIST-standardized post-quantum digital signature algorithm. If you or your organization are looking to transition to post-quantum support for digital signatures, both of these implementations have been […] The post Announcing two new LMS libraries appeared first on Security Boulevard ..read more

Managing your machine identities and the certificates that authenticate them are a critical component of any modern cryptographic framework. This responsibility falls under two closely related but distinct processes: Certificate Lifecycle Management (CLM) and Certificate Lifecycle Automation (CLA), both of which play crucial roles within the broader scope of Machine Identity Management (MIM). Understanding the […] The post Navigating your Certificate Landscape: The Role of Machine Identity Management (MIM) and Certificate Lifecycle Management (CLM) first appeared on Accutive Security. The post ..read more

A new paper presents a polynomial-time quantum algorithm for solving certain hard lattice problems. This could be a big deal for post-quantum cryptographic algorithms, since many of them base their security on hard lattice problems. A few things to note. One, this paper has not yet been peer reviewed. As this comment points out: “We had already some cases where efficient quantum algorithms for lattice problems were discovered, but they turned out not being correct or only worked for simple special cases.” I expect we’ll learn more about this particular algorithm with time. And, like many of th ..read more

By Marc Ilunga, Jim Miller, Fredrik Dahlgren, and Joop van de Pol In October 2023, Ockam hired Trail of Bits to review the design of its product, a set of protocols that aims to enable secure communication (i.e., end-to-end encrypted and mutually authenticated channels) across various heterogeneous networks. A secure system starts at the design […] The post Cryptographic design review of Ockam appeared first on Security Boulevard ..read more

By Jim Miller Our tool Circomspect is now integrated into the Sindri command-line interface (CLI)! We designed Circomspect to help developers build Circom circuits more securely, particularly given the limited tooling support available for this novel programming framework. Integrating this tool into a development environment like that provided by Sindri is a significant step toward […] The post Circomspect has been integrated into the Sindri CLI appeared first on Security Boulevard ..read more

By Fredrik Dahlgren Today we are disclosing a denial-of-service vulnerability that affects the Pedersen distributed key generation (DKG) phase of a number of threshold signature scheme implementations based on the Frost, DMZ21, GG20, and GG18 protocols. The vulnerability allows a single malicious participant to surreptitiously raise the threshold required to reconstruct the shared key, which […] The post Breaking the shared key in threshold signature schemes appeared first on Security Boulevard ..read more

By Scott Arciszewski This post, part of a series on cryptography in the cloud, provides an overview of the cloud cryptography services offered within Amazon Web Services (AWS): when to use them, when not to use them, and important usage considerations. Stay tuned for future posts covering other cloud services. At Trail of Bits, we […] The post Cloud cryptography demystified: Amazon Web Services appeared first on Security Boulevard ..read more

Last month, two of our engineers attended the 37th Chaos Communication Congress (37C3) in Hamburg, joining thousands of hackers who gather each year to exchange the latest research and achievements in technology and security. Unlike other tech conferences, this annual gathering focuses on the interaction of technology and society, covering such topics as politics, entertainment, […] The post Chaos Communication Congress (37C3) recap appeared first on Security Boulevard ..read more

In the ever-evolving landscape of cybersecurity, the choice of cryptographic algorithms and certificates plays a pivotal role in ensuring the confidentiality and integrity of sensitive information.  While traditional methods such as the RSA public-key cryptosystem have been the cornerstone of secure communication and data transmission for decades, Elliptic Curve Cryptography (ECC) is emerging as an […] The post Improving Cybersecurity: Different Certifications Explained appeared first on Blog. The post Improving Cybersecurity: Different Certifications Explained appeared first on Security ..read more

By William Woodruff For the past eight months, Trail of Bits has worked with the Python Cryptographic Authority to build cryptography-x509-verification, a brand-new, pure-Rust implementation of the X.509 path validation algorithm that TLS and other encryption and authentication protocols are built on. Our implementation is fast, standards-conforming, and memory-safe, giving the Python ecosystem a modern […] The post We build X.509 chains so you don’t have to appeared first on Security Boulevard ..read more