While I couldn't be at the Open Source Cryptography Workshop or #RealWorldCrypto to speak and collaborate in-person (because I got COVID again, woo), I recorded my Workshop talk about #Rustls-FFI and #curl, which just played there in Tokyo.

I've embedded the recording in my blogpost here: https://insufficient.coffee/2023/03/30/opensource-crypto-workshop-rustls-ffi/

I got some good live questions about using multiple layers of statically (or dynamically) linked FFI libraries, and about compiling rustls-ffi on systems unsupported by #ring.

Last day of #realworldcrypto but there are still so many people I wanted to take to :( i am really not good at jumping into random conversations. Any suggestions here before it’s too late? Or if you read this just come and talk to me 👀. I am the one with the cool hat #RWC #RWC23 #RWC2023

The "more technological approach" in action: DMA obligations read and interpreted by technologists - how😎 is it!?
---
RT @durumcrustulum
¯\_(ツ)_/¯

#RealWorldCrypto
https://twitter.com/durumcrustulum/status/1640590254553075712

RT @durumcrustulum
Next up, "Interoperability in E2EE Messaging", presented by Julia Len

#RealWorldCrypto

Such great talks at #realworldcrypto as usual. Must watch, especially day 2 Julie Len on e2ee interop, @ohemorange, @senykam, @claucece https://youtube.com/playlist?list=PLeeS-3Ml-rpo-pbh8LIhb8VscM_q5OaSE

Part of another Q&A answer:

There is no one at-risk user; there are different kinds of extremes. And any of us can become an at-risk user in around two seconds (see: social media).

A middle / common user can become an extreme user with no warning. Stresses the importance of including extreme users in the design.

#RealWorldCrypto #UX #Design

Q: When designing, how do you take into account the fact that software is not static, things will change over time and protocols will need to change?

A: It's hard.

One system I'd recommend is the Wireguard paper. They approached the system with very strong opinions.

Having founded opinions, documenting them, seeking feedback, and adequately describing the parameters of your design space, will help you to migrate people off it when the time comes.

#RealWorldCrypto #UX #Design

More excellent points from Stephan Somogyi:

"Not Edge Cases, but Stress Cases"

"Users who are outside of the middle need to be included in our design thinking."

"Design your cryptosystems for people. Don't just think about pixels and battery, think about how humans drop their phones into water."

#RealWorldCrypto #UX

Stephan Somogyi is giving an excellent talk on "Design, Applied Cryptography, and Humans".

"We should strive to build tools that users can use easily and without training."

"We should be designing to the strengths of the humans."

YES YES YES

#RealWorldCrypto #UX #Design

Does anyone have instances of real-world attacks/data breaches/etc. that used side-channel attacks? #rwc #realworldcrypto

Apple requires clients to be authorized before using #PrivateRelay, but doesn't want to link that authorization to the client's relay activity. That's great! This is what #PrivacyPass enables you to do! More people should do this!

I'm sad that part of that authorization is baked-in geoblocking restrictions, but I'm guessing that was a necessary restriction in order for websites to not block the egress relay IPs (which does occur to #Tor exit nodes).

#RealWorldCrypto

Apple requires clients to be authorized before using #PrivateRelay, but doesn't want to link that authorization to the client's relay activity. That's great! This is what #PrivacyPass enables you to do! More people should do this!

I'm sad that part of that authorization is baked-in geoblocking restrictions, but I'm guessing that was a necessary restriction in order for websites to not block the egress relay IPs (which does occur to #Tor exit nodes).

#RealWorldCrypto

The jetlag is strong among the audience of #Realworldcrypto #RWC23
I see people falling asleep left and right 😅

Single-shot tunnel building is necessary because #I2P tunnels are unidirectional. Tunnel hops only route half of the communication traffic, making traffic analysis harder. It also means more peers are involved in round-trip traffic, which can create reliability issues.

For #PrivateRelay which is not trying to do any traffic hiding and prioritises performance, using bidirectional tunnels and interactive tunnel building makes sense.

#RealWorldCrypto

Apple describing their #PrivateRelay system (two-hop client IP privacy).

Tunnel establishment looks pretty similar to #Tor: build the first hop, extend new hops through earlier hops.

#I2P by comparision has single-shot tunnel building: it uses nested encryption to send a single message out, each hop stores its reply in its message layer and forwards it on, and the last hop is given a different tunnel to send the reply through to reach the client.

https://iacr.org/submit/files/slides/2023/rwc/rwc2023/IT_1/slides.pdf

#RealWorldCrypto

This was a common thread at yesterday's #RealWorldPQC conference as well: hashing is dominating the costs of post-quantum algorithms! (c/f using classical elliptic-curve crypto, where the cost is usually dominated by point addition and scalar multiplication).

https://iacr.org/submit/files/slides/2023/rwc/rwc2023/68/slides.pdf

#RealWorldCrypto #PostQuantum #Dilithium

Meta: It would be really helpful if the RWC website provided linkable handles into the program so I could directly point to the abstracts. It does at least provide URLs to the talk slides, so that's what I'll link to where relevant.

#RealWorldCrypto #UX

Meta: It would be really helpful if the RWC website provided linkable handles into the program so I could directly point to the abstracts. It does at least provide slides

#RealWorldCrypto #UX

First day of #RealWorldCrypto! Looking forward to some great talks and great discussions.

Find me if you want to chat about cryptographic implementations, zero-knowledge proofs, Rust, or how great it would be if RWC went to New Zealand! 😁

Finishing up my slides for my #RealWorldCrypto talk on the theory and practice of multi-party Schnorr signatures, can’t wait to give it! If there are any topics/questions folks have, I would love to know- hoping this will be a useful snapshot of where we’ve come and where we are going next.