Gentle introduction to NTRU cryptosystem (part 1)

NTRU cryptosystem is a grandfather of lattice-based encryption schemes. The initial idea was due to Ajtai. His work evolved into a whole area of research with the goal of creating more practical, lattice-based cryptosystems, like the first NTRU-based encryption system and signature scheme due to Hoffstein, Pipher, Silverman, Howgrawe-Graham and Whyte. [Read More]

#Cryptography

Constant-time code verification with Memory Sanitizer

In the cryptography context, the side-channel attacks are about exploiting computer system implementation to gain information about the secret key. First such attacks were introduced by Paul Kocher in his paper called “Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems”. [Read More]

#Cryptography

Experimenting with NGINX

This page describes how to enable support for some features on NGINX, i.e. post-quantum schemes or QUIC protocol. Page is updated on as-needed bases, some parts of it may be specific to Debian Linux. [Read More]

#Systems Engineering

OpenVPN authentication hardened with ARM TrustZone

The goal is to connect an embedded device to VPN network. The VPN uses authentication with X.509 certificates, which means that the device needs to store securely a private key. [Read More]

#Cryptography #TrustZone #System Security

PoC: Extending BoringSSL

Motivation: number of components I’m working with are based on BoringSSL. In some cases it is necessary to use cryptographic primitives which are not available in BoringSSL (i. [Read More]

#Software

On using Trusted Execution Environment for TLS session signing

Problem description Typically, a TLS server uses a Certificate and associated Private Key in order to sign TLS session. From now on I’ll call this Private Key a “traffic- private-key”. [Read More]

#crypto #TEE

i2c-stub: Playing with I2C on linux

Recently I had a chance to play with i2c-stub. The goal was to send and receive encrypted data to/from I2C connected device. [Read More]

#linux

Building HTTPS server with quantum-safe TLS in baby steps

This post is a step-by-step instruction to build HTTPS web server which uses quantum-resistant algorithm for TLS key exchange. Solution is written in Go language. [Read More]

#crypto #TLS #SIDH #post-quantum

TrustZone Overview

Slides from presentation given at the Cloudflare office in London.

[Read More]

#TrustZone

mbedTLS vs BoringSSL on ARM

Goals and assumptions Goal is to choose most suitable TLS library that could be statically linked with an application. The application will be runing on modern mobile operating system and variety of ARM CPUs. [Read More]

#crypto