@secparam.bsky.social
UMD CS Prof. Security and applied cryptography.
Taking bets on which way this AI story breaks:
1. Grok achieves perfect objectivity
2. Training data was cooked
3. Grok becomes self-aware, immediately learns self-preservation.
www.washingtonpost.com/technology/2...
So apparently anyone with a yubikey is currently locked out of Twitter.
Which means a bunch of folks on infosec twitter who are still tweeting just got caught with their pants down.
( Or they did have 2fa and actually re-enrolled early and it worked , but that's not as fun).
x.com/bax1337/stat...
IMHO Long term, this sowdkt matter. integrity likely comes from ZK proofs inside FHE/MPC. There's promising work on the FHE side, and impressive results MPC: Groth16 proofs with 2x overhead.
This isn't MPC vs FHE, or ZK solving everything. it's about real progress in making these systems practical.
The flip side is, most FHE does not get you integrity, so to add that you need, e.g., zk proofs. So fully untrusted for privacy and integrity FHE evaluation is even more expensive.
01.11.2025 19:02 — 👍 0 🔁 0 💬 1 📌 0Once you accept that FHE fundamentally depends on a non-collusion/non-compromise assumption for threshold decryption, there is one very modest security advantage over MPC:
Key holders are less exposed than in MPC. They only decrypt, they don't compute the function.
To be clear, there are legitimate use cases for this, and some very impressive research.
And these same problems apply to MPC. It's not MPC vs FHE.
BUT, the discussion around security for them should be "ok, where's the key?"
Scenario B is where we see proposed protocols IRL: darkpools, private anti-money laundering systems, etc.
No one person is trusted to hold the key, theres a committee for threshold decryption. But the security of the entire solution depends on the committee not just "encryption"!
Given Enc(data), FHE lets you compute Enc(f(data)) for any f. But someone has to decrypt the result!
There two scenarios
a) Your data, your key, you just outsourced computation. Safe, but rarely worth the FHE overhead.
b) Its multiple people's secret data, so who gets the key?
There's no such thing as Fully-Homomorphic Decryption.
Anytime you see a system using FHE to compute on your sensitive data, remember: someone has the key. If its not you, do you trust them?
As Thomas Dullien said, malware is a "weird machine." MIE breaks some tools for building malware. But if the tiny number of brilliantly weird folks who build these machines are the real price bottleneck, then, if they adapt to MIE, the cost of exploits may not change that much.
18.10.2025 19:18 — 👍 1 🔁 0 💬 0 📌 0First, let's get this out of the way: MIE isn't foolproof. I'm told it does not cover memory access/data from other hardware in the phone, like a baseband modem. And there are some known (though tricky) bypasses for normal code. See Project Zero's blog googleprojectzero.blogspot.com/2025/09/poin...
18.10.2025 19:18 — 👍 0 🔁 0 💬 1 📌 0But what if the real cost driver is not the technical complexity of each exploit, but human resources. Suppose there are maybe 5 teams worldwide can actually productize a vuln into a stable exploit. MIE raises the bar for them, but does it slow them down much after they adapt?
18.10.2025 19:18 — 👍 1 🔁 0 💬 1 📌 0Matt took the conventional (and likely right) take: MIE should increase the cost of zero-days substantially. When a single exploit chain already costs ~$5 million, a defense like MIE might double the price or more by eliminating whole sets of techniques.
18.10.2025 19:18 — 👍 0 🔁 0 💬 1 📌 0I had an interesting convo with @matthewdgreen.bsky.social
about Apple's Memory Integrity Enforcement (MIE). It will raise the cost of zero-day exploits, but by how much? MIE stops a huge swath of exploits that target unsafe memory handling. It's impressive and required new hardware features.....
Problem is once users have digital IDs, demands will shift. Instead of 'are you 18?', it becomes: prove you're human, prove you're not banned, prove you live here. Then you need programmable identity. Private IDs are just a start, as we looked at here.
eprint.iacr.org/2022/878
How do we do better?
Well, a simple solution to this particular problem is zk-proofs. Instead of giving Discord your ID, you prove you have one. We did some preliminary work on this in 2023, and Google is rolling out a version of zk proofs of IDs.But basic proofs aren't enough.
What's worse but predictable? Attackers get both IDs and messages. Every conversation you've ever had, every dumb comment, or like attached to your legal name and address. There's no evidence it happened here, but it will happen soon. We need better approaches to identity.
09.10.2025 19:59 — 👍 0 🔁 0 💬 1 📌 0
Discord user IDs getting leaked is the entirely predictable consequence of requiring platforms to do age verification. That data never goes away, it spreads. In this case, into appeals in a breached customer support database. And predictably, it can get worse. www.404media.co/the-discord-...
09.10.2025 19:59 — 👍 6 🔁 4 💬 1 📌 0The worst part of preparing a tenure portfolio is realizing you actually have to create that 'permanent record' your elementary school teachers threatened you with.
And it has pesky formatting requirements.
Isn't it worse than that. If your professional account is marked ChatControllExempt, isn't that a giant gapping red flag to adversaries to go look at the personal account of you, your spouse, anyone you might be having an affair with or owe money?
17.09.2025 22:02 — 👍 0 🔁 0 💬 0 📌 0Best cover for a stego system.
11.09.2025 23:47 — 👍 2 🔁 0 💬 0 📌 0There's a very niche case where
1) you succeed at building the quantum computer
2) crypto does migrate to pq
3) you can still sell recovery services on non migrated addresses
4) those addresses don't get robbed by others or FUD from competing PQ secure chais says they were
What's the value of recovering X% of crypto, discounted by: legal risk it's deemed theft, the chance crypto migrates to PQ-resistant algorithms first, and the risk that BTC/ETH prices collapse the moment everyone realizes the same quantum tech makes ALL legacy crypto vulnerable?
11.09.2025 22:48 — 👍 2 🔁 0 💬 1 📌 0If true, this says more about VC funding fads than cryptography. It highlights how hard it is to find valuable applications that classical computers can't approximate well enough. And I have questions for the junior deal partner who modeled the ROI for pq crypto "recovery."
11.09.2025 22:48 — 👍 1 🔁 0 💬 1 📌 0Interesting anecdote from a friend: quantum computing startups are now raising funds by pitching their ability to break cryptocurrency encryption (n=1 plus VC gossip, but still). Apparently other applications like quantum chemistry don't offer big enough ROI for investors.
11.09.2025 22:48 — 👍 2 🔁 1 💬 1 📌 0By the way, if this is predictive typing(unclear) then not just is it on by default, it appears to default to federated learning on your data ( which I of course turned off ) support.google.com/gboard/answe...
10.09.2025 00:32 — 👍 1 🔁 0 💬 0 📌 0
Some "AI" on my phone is reading inbound Signal messages. I left predictive typing on, trading a little of my privacy for convenience. Yet something is giving responses using what others wrote in chats with disappearing messages, persisting or sharing them who knows where. Not a good default, Google
09.09.2025 23:59 — 👍 3 🔁 1 💬 2 📌 0The Brooklyn one is actually a water front park development and a vacant office space, at least as of 4 months ago. So even more on brand.
01.09.2025 21:18 — 👍 2 🔁 0 💬 0 📌 0
We've crossed a threshold. A paid subscription used to be the ultimate proof of humanity online, now its not enough to allow a single link click inside the NYT cooking app. The next few years are going to be an interesting race to extract more and more invasive proofs of humanity.
01.09.2025 21:14 — 👍 3 🔁 0 💬 0 📌 0The 2010s internet: Let's mock dissertation-length arguments about weird-ass fanfic tags.
The 2025 internet: 'dubcon' is an ancillary part of the financial privacy discourse.
The past was a better place.
