POPULARITY
with @danboneh @succinctJT @smc90This episode is all about quantum computing -- explaining what it is, how it works, what's hype vs. reality, and how to prepare for it/ what builders should do. Specifically, we cover: What quantum computing is and isn't, and what people are really talking about when they worry about a quantum computer that can break classic computing-based cryptography systems -- a cryptographically relevant post-quantum computer.When is it happening/ what are the "timelines" for quantum computing becoming a reality -- how many years away are we? -- and when are the U.S. government's deadlines/ NIST standards for post-quantum cryptography?How will different types of cryptography be affected, or not? What are different approaches and tradeoffs?Where does quantum computing and post-quantum crypto apply to blockchains -- which are not only more easily upgradable, but also by and large rely on signatures, not encryption, so may be more quantum-resistant in many ways (and not in others).As always, we tease apart the signal vs. the noise in recent "science-by-press release" corporate quantum-computing milestone announcements. We also help answer questions on when do builders need to plan their switch to a post-quantum crypto world, what pitfalls to avoid there (hint: bugs! software upgrades!). Finally, we briefly cover different approaches to post-quantum crypto; and also dig deeper on zero-knowledge/ succinct-proof systems and how they relate to post-quantum crypto. Our expert guests are: Dan Boneh, Stanford University professor and applied cryptography expert and pioneer; also Senior Research Advisor to a16z crypto;Justin Thaler, research partner at a16z, professor at Georgetown, and longtime expert and pioneer in interactive and ZK proof systems.SEE ALSO: Post-quantum blockchains by Valeria Nikolaenkomore resources + papers on topics mentioned:A Graduate Course in Applied Cryptography by Dan Boneh and Victor Shoup [see also]Proofs, Arguments, and Zero-Knowledge by Justin ThalerLatticeFold+: Faster, Simpler, Shorter Lattice-Based Folding for Succinct Proof Systems by Dan Boneh and Binyi ChenNeo: Lattice-based folding scheme for CCS over small fields and pay-per-bit commitments by Wilson Nguyen and Srinath Setty"Q-Day Clock" from Project Eleven -- public dashboard to visually track timeline for quantum computing to reach cryptographically relevant capabilities and break widely used encryption algorithmson hard forks for quantum emergenciesQuantum analysis of AES, Kyungbae Jang, Anubhab Baksi, Hyunji Kim, Gyeongju Song, Hwajeong Seo, Anupam ChattopadhyayThe Google Willow Thing by Scott AaronsonFAQs on Microsoft's topological qubit thing by Scott AaronsonMicrosoft's claim of a topological qubit faces tough questions, American Physical SocietyAs a reminder, none of this is investment, business, legal, or tax advice; please see a16z.com/disclosures for more important information including a link to our investments.
This week Anna jumps back into the story of Zero Knowledge Systems with Jonathan Wilkins, cofounder Blockstream and Cloaked Services and previous employee of ZKS back in 2000. They explore the emergence of security culture in the 1990s, what led Jonathan to join Zero Knowledge Systems and his experience working on projects such as the Freedom Network. They discuss the office atmosphere and the research lab before catching up on the work Jonathan has focused on since then. Key concepts we see in the ZK community today were first pioneered by the Zero Knowledge Systems research team and we hope to invite more of these past members of the team in the future! Related links: Podcast Episode: Back to the Future with Zero Knowledge iSEC Partners X.25 Networks 2600 Meetups C++ Builder Delphi ‘Zero-Knowledge: Nothing Personal' - Wired Handbook of Applied Cryptography by Alfred J. Menezes, Paul C. van Oorschot and Scott A. Vanstone Ian Goldberg profile Adam Schostack - Schostack + Associates Adam Back Twitter Austin Hill Twitter Bitcointalk Tor Network
Send us a textDebbie Reynolds “The Data Diva” talks to Bill Buchanan, Professor of Applied Cryptography at Edinburgh Napier University (Scotland). Professor Buchanan begins by sharing his career journey, highlighting his transition from electrical engineering to becoming a prominent figure in cryptography and cybersecurity. The conversation covers key topics, including the distinction between symmetric key encryption and public key encryption, where Buchanan explains how these methods are used to secure communications. He also dives into the importance of digital signatures for verifying data authenticity and maintaining data integrity, emphasizing their role in making the internet more trustworthy. The discussion expands into advanced cryptographic techniques like hashing functions, zero-knowledge proofs, and homomorphic encryption, which allow encrypted data to be processed securely without decryption. Buchanan sheds light on the critical challenge of key management in preventing data breaches, especially in cloud environments, and introduces listeners to post-quantum cryptography, which aims to protect against the emerging threat of quantum computers. The episode also touches on artificial intelligence's influence on cryptography, where AI's ability to exploit side channels and reverse-engineer code presents new challenges. Buchanan addresses the ongoing debate surrounding government surveillance and backdoors in encryption, warning of the risks associated with weakening encryption standards. He concludes with his vision for the future of data privacy, advocating for a more citizen-focused approach that grants individuals greater control over their data, especially as AI and large tech companies continue to reshape the digital landscape. This episode offers a deep dive into the evolving world of cryptography, data privacy, and the future of security in a rapidly advancing technological era and his hope for Data Privacy in the future.Support the show
Alfred Menezes is a Professor at the University of Waterloo in Ontario. In 2001, he won the Hall Medal from the Institute of Combinatorics and its Applications. Alfred is the lead author of the Handbook of Applied Cryptography, and which has been cited over 25,000 times. He has published many high impact papers, especially in areas of public key encryption and elliptic curve cryptography, and was the co-inventor of the ECDSA signature method. His website for online courses is https://cryptography101.ca. The "Cryptography101: Building Blocks" and "Cryptography 101: Deployments" courses are lectures from the undergraduate "Applied Cryptography" that he has taught at Waterloo since 2000. The former includes a five-lecture introduction to elliptic curve cryptography. He also has a course on "Kyber and Dilithium", and soon an intro to "Lattice-based cryptography". Video recording: https://www.youtube.com/watch?v=l5GWFAewQ80
In episode 171, Coffey talks with Sam Rad live from The HRSW Conference about how rapid technological change is affecting the future of work and organizational structures.They discuss economic evolution from analog to digital transactions; decentralized autonomous organizations (DAOs); the impact of AI on jobs and skills; the changing nature of credentials and learning; the importance of adaptability in careers; aligning organizational and individual purposes; and the need for authenticity in workplace cultures.Good Morning, HR is brought to you by Imperative—Bulletproof Background Checks. For more information about our commitment to quality and excellent customer service, visit us at https://imperativeinfo.com. If you are an HRCI or SHRM-certified professional, this episode of Good Morning, HR has been pre-approved for half a recertification credit. To obtain the recertification information for this episode, visit https://goodmorninghr.com. About our Guest:Sam Rad is a lifelong student of humanity – futurist, anthropologist, and entrepreneur.She is the founder of Radical Next, a meta-media studio creating transformative stories, experiences, and media productions that shape a positive future. Her upcoming book by the same name, Radical Next: Reclaiming Your Humanity in a Post-Human World explores how “radical next ideas” will transform societies in the decades to come.As an entrepreneur, Sam has founded 4 companies and served across multiple roles across the C-Suite. She holds several patents linking the physical and digital worlds and is considered a pioneer in Artificial Intelligence, Immersive Realities, and Applied Cryptography systems. She was amongst the first anthropologists to conduct research living in a virtual world in 2009.Sam is passionate about empowering humanity to thrive in times of radical change. It is her mission to restore trust and connections between people and themselves, their beliefs, each other, all beings, and our planet.True to her “Rad” name, Sam is no stranger to risk and has accumulated hundreds of jumps as an ex-competitive skydiver.Sam Rad can be reached at https://www.instagram.com/samradofficialhttps://www.linkedin.com/in/samradofficialhttps://sam-rad.comAbout Mike Coffey:Mike Coffey is an entrepreneur, licensed private investigator, business strategist, HR consultant, and registered yoga teacher.In 1999, he founded Imperative, a background investigations and due diligence firm helping risk-averse clients make well-informed decisions about the people they involve in their business.Imperative delivers in-depth employment background investigations, know-your-customer and anti-money laundering compliance, and due diligence investigations to more than 300 risk-averse corporate clients across the US, and, through its PFC Caregiver & Household Screening brand, many more private estates, family offices, and personal service agencies.Imperative has been named the Texas Association of Business' small business of the year and is accredited by the Professional Background Screening Association. Mike shares his insight from 25 years of HR-entrepreneurship on the Good Morning, HR podcast, where each week he talks to business leaders about bringing people together to create value for customers, shareholders, and community.Mike has been recognized as an Entrepreneur of Excellence by FW, Inc. and has twice been recognized as the North Texas HR Professional of the Year. Mike is a member of the Fort Worth chapter of the Entrepreneurs' Organization and is a volunteer leader with the SHRM Texas State Council and the Fort Worth Chamber of Commerce.Mike is a certified Senior Professional in Human Resources (SPHR) through the HR Certification Institute and a SHRM Senior Certified Professional (SHRM-SCP). He is also a Yoga Alliance registered yoga teacher (RYT-200).Mike and his very patient wife of 27 years are empty nesters in Fort Worth.Learning Objectives:Develop strategies to adapt organizational structures and practices to accommodate emerging technologies and new forms of work.Implement methods to identify and nurture employees' unique skills and purposes beyond traditional credentials.Create authentic organizational cultures that allow for diverse work styles and values, enabling better employee-organization fit.
Bruce Schneier is an internationally renowned security technologist, called a “security guru” by The Economist. He is a public-interest technologist, working at the intersection of security, technology, and people. Schneier was at the first ever RSA Conference in 1991, and he was the first 'exhibitor' in 1994 when he asked Jim Bidzos, Creator of the RSA Conference, if he could sell copies of his book "Applied Cryptography". Bidzos set Schneier up in the hotel lobby where the conference was being held - and the rest is history. Listen to some great RSA Conference memories on this episode of the History of RSA Conference.
This seminar series runs for students on the Applied Cryptography and Trust module, but invites guests from students from across the university. Martin is one of the co-creators of public key encryption, and worked alongside Whitfield Diffie in the creation of the widely used Diffie-Hellman method. In 2015, he was presented with the ACM Turing Award (the equivalent of a Nobel Prize in Computer Science) for his contribution to computer science. He is currently a professor emeritus at Stanford University. https://engineering.stanford.edu/node/9141/printable/print https://ee.stanford.edu/~hellman/
This seminar series runs for students in the Applied Cryptography and Trust module but invites guests from students from across the university. This seminar series runs for students on the Applied Cryptography and Trust module but invites guests from students from across the university. He has created a wide range of cryptographic methods, including Skein (hash function), Helix (stream cipher), Fortuna (random number generator), and Blowfish/Twofish/Threefish (block ciphers). Bruce has published 14 books, including best-sellers such as Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World. He has also published hundreds of articles, essays, and academic papers. Currently, Bruce is a fellow at the Berkman Center for Internet and Society at Harvard University.
Join us as we dive into the fascinating world of Applied Cryptography, where secrets are hidden and data is protected. Our expert guest, Steve Orrin - Federal CTO of Intel, will share insights into the power of encryption, the latest techniques and algorithms used in modern cryptography, the impact of emerging technologies such as quantum computing, and real-world examples of how organizations are leveraging this technology to keep their data safe. Don't miss out on this exciting episode that explores the cutting edge of applied cryptography! Subscribe for more upcoming episodes of the Lights On Data Show.
This week, Anna (https://twitter.com/annarrose) chats with Justin Thaler (https://mobile.twitter.com/succinctjt), Associate Professor at Georgetown (https://people.cs.georgetown.edu/jthaler/). They cover Justin's academic history and discuss what led him to working on interactive proofs and SNARKs. They also take a look at several other topics such as the Thaler Book Study Group, his earlier work Spartan, comparing the security of different rollups built with SNARKs and STARKs and more. Here are some additional links for this episode: Justin Thaler Georgetown Profile (https://people.cs.georgetown.edu/jthaler/) Proofs, Arguments, and Zero-Knowledge Proofs by Justin Thaler, 2022 (https://people.cs.georgetown.edu/jthaler/ProofsArgsAndZK.pdf) vSQL: Verifying Arbitrary SQL Queries over Dynamic Outsourced Databases Paper (https://eprint.iacr.org/2017/1145) Hardware-friendliness of HyperPlonk by Ingonyama (https://www.ingonyama.com/blogs/hardware-friendliness-of-hyperplonk) Proposed milestones for rollups taking off training wheels (https://ethereum-magicians.org/t/proposed-milestones-for-rollups-taking-off-training-wheels/11571) A Graduate Course in Applied Cryptography by Boneh and Shoup, 2023 - Page 617 for elliptic curves over finite fields (http://toc.cryptobook.us/book.pdf) Quarks: Quadruple-efficient transparent zkSNARKs by Setty and Lee (https://eprint.iacr.org/2020/1275.pdf) Brakedown: Linear-time and post-quantum SNARKs for R1CS by Golovnev, Lee, Setty, Thaler and Wahby, 2021 (https://eprint.iacr.org/2021/1043) zkHack Website (https://zkhack.dev/) zkHack Discord (https://discord.com/invite/tHXyEbEqVN) Elliptic Curve Cryptography: A Gentle Introduction to (https://andrea.corbellini.name/2015/05/17/elliptic-curve-cryptography-a-gentle-introduction/) A Graduate Course in Applied Cryptography By Dan Boneh and Victor Shoup (https://toc.cryptobook.us/) Number theory explained from first principles (https://explained-from-first-principles.com/number-theory) The Animated Elliptic Curve (https://curves.xargs.org/) BLS12-381 For The Rest Of Us (https://hackmd.io/@benjaminion/bls12-381) Apply for zkSummit9 here: zkSummit9 Ticket Application (https://9lcje6jbgv1.typeform.com/to/FCoktPh9?typeform-source=www.zksummit.com). Check out ingonyama.com (https://www.ingonyama.com/) to learn more about Zero Knowledge Hardware acceleration. Aleo (https://www.aleo.org/) is a new Layer-1 blockchain that achieves the programmability of Ethereum, the privacy of Zcash, and the scalability of a rollup. Interested in building private applications? Check out Aleo's programming language called Leo by visiting http://developer.aleo.org (https://developer.aleo.org/getting_started/). You can also participate in Aleo's incentivized testnet3 by downloading and running a snarkOS node. No sign-up is necessary to participate. For questions, join their Discord at aleo.org/discord (https://discord.com/invite/aleohq). If you like what we do: * Find all our links here! @ZeroKnowledge | Linktree (https://linktr.ee/zeroknowledge) * Subscribe to our podcast newsletter (https://zeroknowledge.substack.com) * Follow us on Twitter @zeroknowledgefm (https://twitter.com/zeroknowledgefm) * Join us on Telegram (https://zeroknowledge.fm/telegram) * Catch us on Youtube (https://zeroknowledge.fm/) * Head to the ZK Community Forum (https://community.zeroknowledge.fm/) * Support our Gitcoin Grant (https://zeroknowledge.fm/gitcoin-grant-329-zkp-2)
Threema is a Swiss encrypted messaging application. It has more than 10 million users and more than 7000 on-premise customers. Prominent users of Threema include the Swiss Government and the Swiss Army, as well as the current Chancellor of Germany, Olaf Scholz. Threema has been widely advertised as a secure alternative to other messengers. Kenny, Kien and Matteo from the ETH Zurich Applied Cryptography Group present seven attacks against the cryptographic protocols used by Threema, in three distinct threat models. All the attacks are accompanied by proof-of-concept implementations that demonstrate their feasibility in practice. Links and papers discussed in the show: * Three Lessons from Threema (https://breakingthe3ma.app/) Special Guests: Kenny Paterson, Kien Tuong Truong, and Matteo Scarlata.
Cryptography is now everywhere in the online world; but how do we know that it's doing its job properly?Security of “messaging systems” like WhatsApp, Telegram, Signal, etc. How do they work? What security do they offer? How do we know they're any good?And those are just a few questions for today's reality where we tend to trust that the cryptographic algorithms in user are fairly resilient. What Impact will quantum computing have on cryptography in the future; a reality we must prepare for since quantum computing is developing rapidly. To be prepared for this, we must first understand quantum computing itself and what it means for conventional cryptographic systems. Only then can we determine how (and how well) we are getting ready for it.____________________________GuestKenneth Graham PatersonProfessor of Computer Science at ETH Zurich [@ETH_en]On LinkedIn | https://www.linkedin.com/in/kenny-paterson-6841a65/On Twitter | https://twitter.com/kennyog____________________________ResourcesCyber Body of Knowledge - Applied Cryptography: https://www.cybok.org/media/downloads/Applied_Cryptography_v1.0.0.pdfSecurity analysis of Telegram: https://mtpsym.github.io/____________________________This Episode's SponsorsBugcrowd
While we decided not to release a full episode this week, Anna (https://twitter.com/AnnaRRose) did get a chance to catch up with Kobi Gurkan (https://twitter.com/kobigurk), one of the co-organizers of ZK Hack and someone who was very missed in the last episode about the event! Enjoy this special bonus New Years eve ep, one last look back at ZK Hack 2021 and a look forward as well for the project! We also mention a few links for ZK related channels to check out: - ZK Jobs Board (https://jobsboard.zeroknowledge.fm/) - ZK Forum / Community Board (https://community.zeroknowledge.fm/) - ZK Telegram (https://t.me/joinchat/TORo7aknkYNLHmCM) - ZK Hack Discord (https://discord.com/invite/tHXyEbEqVN)
The Applied Cryptography knowledge area This document provides a broad introduction to the field of cryptography, focusing on applied aspects of the subject. It complements the CyBoK document [1] which focuses on formal aspects of cryptography (including definitions and proofs) and on describing the core cryptographic primitives. That said, formal aspects are highly relevant when considering applied cryptography. As we shall see, they are increasingly important when it comes to providing security assurance for real-world deployments of cryptography. We speak with CyBOK Applied Cryptography author Kenny Paterson for an overview of the topic.
Taking up the fact that Tesla first decided to accept Bitcoin payments and then revised that decision again with reference to environmental reasons, we discuss in this episode the huge CO2 footprint of Bitcoins and its underlying reasons as well as future solutions. Our invited expert for this discussion is Dominic Deuber from the Chair of Applied Cryptography at the FAU Erlangen-Nuremberg, Germany. He is a member of an international team of researchers that studies the technology and impact of cryptocurrencies.https://www.chaac.tf.fau.eu/person/dominic-deuber/#collapse_0Sources of our discussion: https://www.financialexpress.com/industry/bitcoin-shocker-cryptos-rise-may-soon-leave-carbon-footprint-equivalent-to-size-of-londons-emissions/2215513/https://www.handelszeitung.ch/geld/krypto-gegen-klima-der-bitcoin-ist-eine-umweltsauTotal run time 11:40 minutesSpeakers: Oliver Niebuhr (host) & Dominic Deuber (guest)Email: greenalsion@alsion.dkFacebook: www.facebook.com/greenalsionIntro text is spoken by Christian Sollberger, https://www.speech-academy.com/Intro music created by sscheidl from PixabayOutro music: Nature Documentary - GEMAfreie Musik von https://audiohub.de
In this episode, we talk about Apple’s WebExtensions API, and GitHub’s firing of a Jewish worker for using the word Nazi in reference to some of the rioters who attacked the US Capitol building on January 6th. Then we chat with Alex Gorowara, senior software engineer at Google, and spokesperson for the Alphabet Workers Union, to talk about the hundreds of Alphabet workers who have chosen to unionize and their mission. Finally, we speak with Max Zinkus and Tushar Jois, Doctoral Students in Applied Cryptography and Security at Johns Hopkins University, whose recent research found major weaknesses in both iOS and Android security mechanisms. Show Notes DevDiscuss (sponsor) CodeNewbie (sponsor) RudderStack (sponsor) SendBird (sponsor) Safari 14 added WebExtensions support. So where are the extensions? GitHub: Update on an employee matter EXCLUSIVE: GitHub is facing employee backlash after the firing of a Jewish employee who suggested 'Nazis are about' on the day of the US Capitol siege Alphabet Workers Union Data Security on Mobile Devices
Welcome to another episode of Develomentor. Today's guest is David Wong.David Wong is a security engineer working on the libra Blockchain at Facebook. He is an active contributor to internet standards like Transport Layer Security and to the applied cryptography research community. David is a recognized authority in the field of applied cryptography; he’s spoken at large security conferences like Black Hat and DEF CON and has delivered cryptography training sessions in the industry. He is the author of the soon-to-be-published Real-World Cryptography book.If you are enjoying our content please leave us a rating and review or consider supporting usA note from GrantIf you like math, secrets, privacy and cryptocurrency, today’s guest is right up your alley. David Wong is a security engineer currently working for Facebook, with deep expertise in blockchain and more generally cryptography. After earning his bachelor’s in Math and his masters in cryptography, David has worked for the likes of Matasano Security, NCC Group and now Facebook. In addition to his day job, David is the author of the upcoming Manning Publications book titled “Real-World Cryptography”, which you can purchase now in early access from manning.com.As always, we are doing a give away with this episode. For the first 5 people who email us here at hello@develomentor.com, we will give you a code good for one free ebook copy of David’s book. If you don’t want to email, you can use the discount code poddevmen20 for 40% of David’s book as well as all Manning books. Quotes“Cryptography started as a military thing in the beginning. But today everybody is using it without even know it. It all started with how we can hide communication from observers.”“Especially if you’re in tech, understand that if you have one offer you’re probably going to have several offers. It’s not true for every field but tech is hiring and we’re in a good position. Keep going, don’t be afraid to say no or to ask for more time to decide.”—David WongAdditional ResourcesDavid’s book – https://www.manning.com/books/real-world-cryptographyDavid’s blog – https://cryptologie.net/Course on how to learn on Coursera – https://www.coursera.org/learn/learning-how-to-learnAdditional ResourcesYou can find more resources in the show notesTo learn more about our podcast go to https://develomentor.com/To listen to previous episodes go to https://develomentor.com/blog/Connect with David WongLinkedInTwitterGitHubConnect with Grant IngersollLinkedInTwitterSupport the show (https://www.patreon.com/develomentor)
Open Web Application Security Project (OWASP) - Portland, Oregon Chapter
Our distinguished guest today is Bruce Schneier. Bruce is a public-interest security and privacy technologist, cryptographer, an author of over one dozen books, including the famous blue and red versions of Applied Cryptography. His most recent book is Click Here to Kill Everybody. He is a fellow and lecturer at Harvard's Kennedy School and a board member of the Electronic Frontier Foundation. Bruce's blog, Schneier on Security, is read by over a quarter of a million people. You can find it at schneier.com. He has testified before Congress, is a frequent guest on television and radio, served on several government technical committees, and is regularly quoted in the press. Bruce's symmetric key block cipher, called Twofish, was a top five finalist for the Advanced Encryption Standard Selection Process organized by the U.S. National Institute of Standards and Technology.Show Links:https://www.schneier.com/ https://public-interest-tech.com/https://www.schneier.com/essays/archives/2018/09/cryptography_after_t.htmlBruce Schneier is interviewed by David Quisenberry and John L. WhitemanFollow us:HomepageTwitterMeetupLinkedInYouTube- Become an OWASP member - Donate to our OWASP PDX chapterSupport the show (https://owasp.org/supporters/)
JS and Lance discuss the real-world applications and implications of cryptography with topics like key sharing, password keeping and end-to-end encryption.
Today’s episode features a discussion between Nic Carter, partner at Castle Island Ventures and co-founder of the blockchain analytics platform, Coin Metrics, Jude Nelson, an Engineering Partner at Blockstack, and Patrick Stanley, Blockstack’s Head of Growth. The three dig into the opportunities and challenges of crypto - in particular the problem of incentivizing development and measuring progress on crypto networks early on. 00:41 Introductions. 01:29 Patrick: "Nic, can you talk about Proof of Reserves?" 01:42 Nic: "I'm on a one man quest to get exchanges to institute proofs of reserves." 03:34 Nic: "Coinfloor created a proof of reserve for 60 months running." https://www.coinfloor.co.uk/ 03:57 Patrick: "You're seeing similar things in the dapp space, where you have these dapp stores that are effectively ranking dapps based on transaction throughput and volume." 04:13 Patrick: "What's happening is people who are cheerleaders for the apps are simulating activity." 04:52 Nic: "We have the precise problem at Coin Metrics." 0:05:28 Nic: "The objective becomes to game the ranking and create a semblance of vibrancy." 06:21 Patrick: "My sense is that the dapp stores that continue to participate in a Red Queen's race... are going to be the ones that people don't trust and will leave for better alternatives." 06:55 Patrick: "Jude, do you have any opinion on the tradeoffs of free transactions in the long term and why a crypto network would not want to bias their network in that way?" 07:08 Jude: "Before I answer that, there's no such thing as a free transaction - somebody is still going to have to pay for it." 07:31 Jude: "I expect some of these platforms are biting the bullet right now to make it look like there is activity." 07:56 Patrick: "Why would you want to stay away from that from a long term perspective?" 08:07 Jude: "My favorite story about this goes back to the early 2000s when Gmail first came online." 08:31 Jude: "Someone created Gmail FS, which let you use it as a file backup. If you create something akin to free storage, someone is going to turn it into their backup solution." 10:21 Nic: "The Bitcoin SV case study recently, where they kept orphaning blocks because they were making them too big is a cool real-world example of these cautionary tales we told ourselves for years and years." 10:53 Nic: "So Blockstack uses Bitcoin as the anchor layer, is that right?" 10:57 Jude: "Yes. ... Right now we're building the second generation Stacks blockchain." 12:26 Nic: "Do you have independent validation on the Stacks chain? Or is it all dependent on Bitcoin's own security?" 12:33 Jude: "We just use the hashpower and the difficulty of reorganization from Bitcoin." 12:45 Jude: "We use a novel consensus protocol called proof of burn, where instead of destroying electricity to produce tokens - like a Proof-of-Work system - you destroy an existing cryptocurrency to produce Stacks blocks." 13:11 Nic: "I think this is in a class of a new set of blockchains anchoring themselves to Bitcoin - Fairblock being another easy example." 13:59 Jude: "Ethereum lowered the barrier of entry for creating your own alt coin." 14:13 Patrick: "Nic, how'd you get into Bitcoin?" 14:18 Nic: "I was really big on Reddit from 2010 onwards... and Bitcoin was fairly prominent on all the tech subreddits." 15:44 Nic: "Professionally, I got into crypto while doing a Masters in Finance where I sought to learn valuation techniques and apply the ones from equity valuation to cryptocurrency, which proved to be an impossible task." 16:21 Nic: "Coming out of school, I got connected to folks at Fidelity, who were super progress about Bitcoin." 17:36 Patrick: "Aside from finance, you also studied philosophy, right? How did that shape your view on this space?" 17:58 Nic: "One concept I think about a lot from my philosophy degree is the 'ontology of blockchains'." 20:08 Patrick: "Circling back to your role in VC - outside of Bitcoin, what other public blockchains interest you?" 20:47 Nic: "If you're building on the 20th most popular smart contract platform, there's a very real chance the main developers give up and you'll be marooned on this obsolete chain." 22:07 Jude: "Our co-founder, Muneeb, used to tell the story of how Blockstack was originally going to run on Namecoin." 22:49 Jude: "One mining pool controlled over 60% of Namecoin... for months... and no one noticed or cared." 23:41 Nic: "This reminds me of a pretty entertaining episode of my startup, Coin Metrics." 25:27 Nic: "We still get bugs on Bitcoin. We had a critical one recently." 25:33 Jude: "I predict that if such a bug like that got exploited... miners would unwind the chain to mitigate it before developers had a chance to patch it." 26:16 Jude: "Bitcoin is more than just software. It's a social contract realized as a software artifact." 27:41 Nic: The interesting thing about forks is there are very few cases where the developers didn't bless the chain that ended up winning." 28:53 Jude: "Unless it's a case like Monero where it's one person being a jackass and that person gets jettisoned." 29:43 Jude: "I think people get very emotionally invested in whatever fork they prefer, whether or not there's a crypto token involved." 30:14 Nic: "I think it's been a myth in crypto in 2017, which is that developers are mercenaries and we need to fund them exclusively with built-in inflation from the protocol." 30:47 Nic: "And I would say in some cases it's a risk - take the Zcash situation." 31:59 Jude: "With systems like Zcash's founder's reward, beneficiaries can get complacent because they receive the reward either way, whereas with Blockstack's app mining system, you have to compete all the time to receive a reward." 32:17 Patrick: "I definitely see crypto as inherently political." 33:37 Patrick: "In our initial version of app mining, we actually learned a lot of really valuable lessons." 35:03 Nic: "What's the aggregate value of rewards being paid out through app mining?" 35:07 Patrick: "$100,000 per month in bitcoin." 35:25 Patrick: "Subject to SEC Reg A filing, that would become $1,000,000 per month." 36:28 Nic: "I have to say... Blockstack's SEC filing was the first disclosure I ever read that was sufficient for a token raise." 38:42 Nic: "Are app mining tokens granted to developers or users?" 39:10 Patrick: "Our goal is really to make developers as happy as possible while also being as fair as possible." 39:34 Nic: "Where would you situate Blockstack in the existing ranking of dapp platforms?" 0:40:13 Patrick: "I think we're #1." 40:43 Patrick: "Our mission is really upgrade the Internet." 41:51 Patrick: "The Internet we're operating on today is really like a third world country where people don't have property rights." 43:21 Nic: "So much of the time in crypto we recreate these messy and ugly human institutions like voting driven governance that becomes cartelized in short order, or corrupted." 44:37 Nic: "One thing I critique a lot is this modeling of humans as what I call 'rationality vending machines'." 45:41 Jude: "A lot of these governance systems are designed by people maybe qualified to write software, but certainly not qualified to develop political systems." 46:35 Nic: "Jude, so you would prefer that there's always a way to veto these systems or shut them down?" 46:43 Jude: "Absolutely. ... We have failed as a species if we manage to build machines that enslave us." 47:44 Nic: "It surprises me that the laundering scandals have not really hit crypto yet." 48:55 Patrick: "What books or resources would you recommend for people to dive deeper into crypto?" 49:23 Nic: "The Princeton textbook on crypto... "Applied Cryptography"... and "The Information." 50:20 Nic: "I also really like Taleb's canon." 51:55 Goodbyes. 52:19 Credits. Nic Carter: twitter.com/nic__carter Jude Nelson: twitter.com/JudeCNelson Patrick Stanley: twitter.com/PatrickWStanley Zach Valenti: twitter.com/ZachValenti See omnystudio.com/listener for privacy information.
Bruce Schneier is a fellow and lecturer at the Harvard Kennedy School and the Berkman-Klein Center for Internet and Society. He is a special advisor to IBM Security and a board member of the Electronic Frontier Foundation, Access Now, and the Tor Project. You can find him on Schneier.comand on twitter at @schneierblog He is the author of Data and Goliath, Applied Cryptography, Liars and Outliers, Secrets and Lies, and Beyond Fear: Thinking Sensibly about Security in an Uncertain World. His new book is Click Here to Kill Everybody, which we discuss at length, as well as: How to protect yourself from being hacked and what to do if you are hacked Why companies do not invest more in software security The motivation of hackers: money, power, fun The probability of your car being hacked and driven into a wall The probability of planes being hacked and felled from the sky Edward Snowden and Wikileaks: hero or villain The Pentagon Papers and Daniel Ellsberg What would happen if the electrical grid was hacked Cyberdeaths (homicides done remotely over the Internet) and how the government will respond with regulations when it does If the government were to set a policy for the security level of an IoT device that can kill people, is there a maximum allowed probability that it could be hacked? The North Korean hack of Sony The Russian hack of the 2016 election and how to prevent that from happening again Why we’re still using paper ballots in our voting system rather than computers and ATMs like banks use. The lessons of Y2K for the coming AI apocalypse What keeps him up at night Listen to Science Salon via iTunes, Spotify, Google Play Music, Stitcher, iHeartRadio, TuneIn, and Soundcloud. This Science Salon was recorded on January 21, 2019. You play a vital part in our commitment to promote science and reason. If you enjoy the Science Salon Podcast, please show your support by making a donation, or by becoming a patron.
Intro / Outro StrangeZero - Burnin Star https://www.jamendo.com/track/1378740/burnin-star 00:03:12 Vault 7: CIA Hacking Tools Revealed https://wikileaks.org/ciav7p1/ Vault 7 Megathread - Technical Analysis & Commentary of the CIA Hacking Tools Leak https://www.reddit.com/r/netsec/comments/5y1pag/vault_7_megathread_technical_analysis_commentary/ 00:06:10 Интервью с Евгением Пилянкевичем. Связаться с Евгением можно по почте eugene@cossacklabs.com или в твиттере @9gunpi Acra https://www.cossacklabs.com/acra/ Work Rules!: Insights from Inside Google That Will Transform How You Live and Lead https://www.amazon.com/Work-Rules-Insights-Inside-Transform/dp/1455554790/ref=asap_bc?ie=UTF8 A Graduate Course in Applied Cryptography https://crypto.stanford.edu/~dabo/cryptobook/
User authentication and identity management are the first-gate defense and access protection for cyber systems. Authentication failures, including post-authentication attacks, have caused constant system breaches and resulted in serious economic and social consequences to governments, enterprises, and individuals. Passwords or smartcards have issues related to true identity, loss/theft, interoperability, cross-system password vulnerability, and post-authentication attacks. It is frustrating to memorize passwords and painful when one cannot log into a system because of forgetting the password. Due to biometrics' memorization-free, identity-binding and loss-resistant properties, assisted with widely-deployed built-in biometric sensors in mobile devices, biometric authentication is becoming more feasible and very attractive. However, biometrics technology introduces its own challenges. One serious problem is that biometric templates are hard to replace once compromised. In addition, biometrics may disclose a user's sensitive information (e.g., race, gender, even health condition), thus creating user privacy concerns. A demo at Black Hat USA 2015 has alerted the public: fingerprints stored on smartphones can be stolen--remotely and at a large scale. The lost biometrics cannot be revoked and the individual's biometric identity becomes permanently void. A most recent event ``iPhone Error 53" has shocked the real world, and both angered and worried end customers: the iPhones of thousands of iPhone 6 users were killed after their iPhones' touch ID home buttons were repaired (by any third party), which was caused by touch IDs' irrevocability due to the physical binding of fingerprint touch ID with the home button.In this talk, we will present a new biometric authentication method --Biometric Capsule which can address the aforementioned issues. Unlike existing biometric authentication methods, Bio-Capsule (BC) is a template derived from the secure fusion of a user's biometrics and that of a Reference Subject (RS). The RS is simply a physical object, e.g., a doll, or an artificial one, e.g., an image. Theoretical analysis and experiments have shown that the BC mechanism is solid and efficient. BC is replaceable, non-invertible (thus, preserving privacy), and resilient. About the speaker: Dr. Xukai Zou is a faculty member of CERIAS and an associate professor at the Department of Computer and Information Sciences, Indiana University-Purdue University Indianapolis. His current research focus is Applied Cryptography, Network Security, Authentication, secure electronic voting and health and genomic data security and privacy. His research has been supported by NSF, the Department of Veterans Affairs and Industry such as Cisco and Northrop Grumman.
Cloud computing is a key technology for storing, managing and analyzing big data. However, such large, complex, and growing data, typically collected from various data sources, such as sensors and social media, can often contain personally identifiable information (PII) and thus the organization collecting the big data may want to protect their outsourced data from the cloud. In this talk, we will discuss current research towards development of efficient and effective privacy-enhancing (PE) techniques for management and analysis of big data in cloud computing. In particular, we will discuss initial approaches to address two important PE applications: (i) privacy-preserving data management and (ii) privacy-preserving data analysis under the cloud environment. Additionally, we will discuss research issues that still need to be addressed to develop comprehensive solutions to the problem of effective and efficient privacy-preserving use of data. About the speaker: Bharath Kumar Samanthula is a Postdoctoral Research Associate in the Cyber Center department and a Visiting Assistant Professor in the Department of Computer Science at Purdue University. His primary research interests include Personal Privacy, Information Security, Applied Cryptography, and Data Mining. His current research focus is on devising privacy-enhanced solutions for various data outsourcing tasks in Cloud Computing and Social Networks.
Black Hat Briefings, Japan 2004 [Audio] Presentations from the security conference
"ARAI Shunichi is the chair of freekaneko.com which supports Winny's author Isamu Kaneko. He raised 16 million yen defense fund in a month. He is now researching on anonymity technology and distributed systems as Ph.D. student at Waseda university. He is also a founder and CEO of Mellowtone inc. Arai started programming at age of 3, and now he is certified as `genius programmer' by Japanese government. Co-translator of ""Applied Cryptography"" Japanese translation. ARAI Shunichi is the chair of freekaneko.com which supports Winny's author Isamu Kaneko. He raised 16 million yen defense fund in a month. He is now researching on anonymity technology and distributed systems as Ph.D. student at Waseda university. He is also a founder and CEO of Mellowtone inc. Arai started programming at age of 3, and now he is certified as `genius programmer' by Japanese government. Co-translator of ""Applied Cryptography"" Japanese translation."
Black Hat Briefings, Japan 2004 [Audio] Presentations from the security conference
"ARAI Shunichi is the chair of freekaneko.com which supports Winny's author Isamu Kaneko. He raised 16 million yen defense fund in a month. He is now researching on anonymity technology and distributed systems as Ph.D. student at Waseda university. He is also a founder and CEO of Mellowtone inc. Arai started programming at age of 3, and now he is certified as `genius programmer' by Japanese government. Co-translator of ""Applied Cryptography"" Japanese translation. ARAI Shunichi is the chair of freekaneko.com which supports Winny's author Isamu Kaneko. He raised 16 million yen defense fund in a month. He is now researching on anonymity technology and distributed systems as Ph.D. student at Waseda university. He is also a founder and CEO of Mellowtone inc. Arai started programming at age of 3, and now he is certified as `genius programmer' by Japanese government. Co-translator of ""Applied Cryptography"" Japanese translation."
Bruce Schneier is an internationally renowned security technologist and author. Described by The Economist as a "security guru," Schneier is best known as a refreshingly candid and lucid security critic and commentator. When people want to know how security really works, they turn to Schneier. His first bestseller, Applied Cryptography, explained how the arcane science of secret codes actually works, and was described by Wired as "the book the National Security Agency wanted never to be published." His book on computer and network security, Secrets and Lies, was called by Fortune "[a] jewel box of little surprises you can actually use." His current book, Beyond Fear, tackles the problems of security from the small to the large: personal safety, crime, corporate security, national security. Bruce Schneier is the founder and CTO of Counterpane Internet Security, Inc., a leading protector of networked information -- the inventor of outsourced security monitoring and the foremost authority on effective mitigation of emerging IT threats. Visit his website at: http://www.schneier.com/
Black Hat Briefings, USA 2007 [Audio] Presentations from the security conference.
Security is both a feeling and a reality. You can feel secure without actually being secure, and you can be secure even though you don't feel secure. In the industry, we tend to discount the feeling in favor of the reality, but the difference between the two is important. It explains why we have so much security theater that doesn't work, and why so many smart security solutions go unimplemented. Two different fieldsbehavioral economics and the psychology of decision makingshed light on how we perceive security, risk, and cost. Learn how perception of risk matters and, perhaps more importantly, learn how to design security systems that will actually get used. Bruce Schneier is an internationally renowned security technologist and CTO of BT Counterpane, referred to by The Economist as a "security guru." He is the author of eight booksincluding the best sellers "Beyond Fear: Thinking Sensibly about Security in an Uncertain World," "Secrets and Lies," and "Applied Cryptography"and hundreds of articles and academic papers. His influential newsletter, Crypto-Gram, and blog "Schneier on Security," are read by over 250,000 people. He is a prolific writer and lecturer, a frequent guest on television and radio, has testified before Congress, and is regularly quoted in the press on issues surrounding security and privacy.
Black Hat Briefings, USA 2007 [Video] Presentations from the security conference.
Security is both a feeling and a reality. You can feel secure without actually being secure, and you can be secure even though you don't feel secure. In the industry, we tend to discount the feeling in favor of the reality, but the difference between the two is important. It explains why we have so much security theater that doesn't work, and why so many smart security solutions go unimplemented. Two different fieldsbehavioral economics and the psychology of decision makingshed light on how we perceive security, risk, and cost. Learn how perception of risk matters and, perhaps more importantly, learn how to design security systems that will actually get used. Bruce Schneier is an internationally renowned security technologist and CTO of BT Counterpane, referred to by The Economist as a "security guru." He is the author of eight booksincluding the best sellers "Beyond Fear: Thinking Sensibly about Security in an Uncertain World," "Secrets and Lies," and "Applied Cryptography"and hundreds of articles and academic papers. His influential newsletter, Crypto-Gram, and blog "Schneier on Security," are read by over 250,000 people. He is a prolific writer and lecturer, a frequent guest on television and radio, has testified before Congress, and is regularly quoted in the press on issues surrounding security and privacy.
Die Philosophie des "free flow of information" ermöglicht heute über das Internet nicht nur den Zugriff auf Informationen, sondern auch auf Anordnungen von Bits, die von Juristen mitunter als "Produkte" bezeichnet werden. Aus einem harmloss Fluss von Bits quer die Datenwege rauf oder runter wird dann auf einmal ein "Diebstahl geistigen Eigentums". Wenn Bits sich vermehren, ist das für die Juristen kein Sex, sondern an ein Verstoss gegen das Urheberrechtsgesetz. Dank Komprimierungsverfahren wie MP3, Distributions- und Übertragungstechniken, Suchmaschinen und Kulturdurst flutscht es mittlerweile gewaltig: nicht nur Software, sondern auch Musik und anllählich auch Filmdateien werden munter im Netz verteilt und quer durch die Welt geschickt. Die Diskussion über den Wegfall der Kontrolloption für nicht-materielle Güter ist zwar bereits in vollem Gange, momentan allerdings dominiert durch diejenigen, die Ihre Geschäftsmodelle den (Daten-)bach runtergehen sehen: die Musik-Industrie z.B., allen voran die CD-Presser, der Bundesverband der phonographischen Industrie und Smudo von den Fanatischen Vier. Ihrem Katzengejammer wollen wir im Chaosradio diesmal nicht wirklich Gehör schenken. Unser Ansatz geht vielmehr davon aus, daß nicht nur das Zeitalter der Kontrolle von nicht-materiellen Gütern (also Anordnungen von Bits) vorbei ist, sondern auch das Zeitalter des "geistigen Eigentums". Wir wollen das auch nicht mehr: dieser dauernde Diebstahl aus dem kollektiven Unterbewusstsein und dem öffentlichen Raum der Ideen und Gedanken. Also machen wir uns mal ans Werk: geistiges Eigentum? Urheberrecht? Patentgesetze? Copyright? Lizenzgebühren? Können wir diesen Unsinn unter der Überschrift "Evolutionär überholt" auf den Müllhaufen der Geschichte werfen?! Oder ist irgendetwas davon noch zu gebrauchen? Nehmen wir mal an, wir entsorgen die bestehenden Regelungen komplett und rückstandsfrei. Was bleibt? Künstler, Autoren, Musiker, Filmemacher, Wissenschaftler und viele andere sind kreativ. Haben Ideen, Gedanken, lustige Melodien, Forschungsergebnisse und sonstige Anordnungen von Information, in denen echte Arbeit steckt. Und die muss irgendwie bezahlt werden. Bruce Schneier, weltbekannter Kryptologe und Autor von "Applied Cryptography" hat sich etwas ausgedacht: das Street Performer Protocol http://www.counterpane.com/street_performer.html . Ein Finanzierungsmodell, das Künstlerfinanzierung durch eine Art Vorab-Börse lösen soll. Aber vielleicht gibt es auch noch ganz andere Ideen? Im Chaosradio 53 wollen wir streiten: über die Abschaffung des "geistigen Eigentums", die Sinnhaftigkeit von Urheberrechten, der Blockade von Entwicklungen durch Patente und alternative Modelle, Kultur und Wissenschaft zu finanzieren. Auch über den Islam wird zu sprechen sein: dort ist nicht nur das Zahlen von Lizenzgebühren, sondern auch die Deklarierung von nicht-materiellen Gütern als Produkte verboten; Copyright und ähnliches schlicht nicht akzeptiert.