Year: 2015
-
Bitcoin and game theory: we’re still scratching the surface
In an earlier post I argued why Bitcoin’s stability is fundamentally a game-theoretic proposition, and ended with some questions: Can we effectively model the system with all its interacting components in the language of strategies and payoff-maximization? Is the resulting model tractable — can we analyze it mathematically or using simulations? And most importantly, do…
-
Be wary of one-time pads and other crypto unicorns
Yesterday, a new messaging app called Zendo got some very favorable coverage from Tech Crunch. At the core of their sales pitch is the fact that they use one-time pads for encryption. With a few strong assumptions, namely that the pads are truly random and are only used once, it’s true that this scheme is “unbreakable”…
-
Why Your Netflix Traffic is Slow, and Why the Open Internet Order Won't (Necessarily) Make It Faster
The FCC recently released the Open Internet Order, which has much to say about “net neutrality” whether (and in what circumstances) an Internet service provider is permitted to prioritize traffic. I’ll leave more detailed thoughts on the order itself to future posts; in this post, I would like to clarify what seems to be a…
-
Security flaw in New South Wales puts thousands of online votes at risk
Update April 26: The technical paper is now available Update Mar. 23 1:30 PM AEDT: Our response to the NSWEC’s response New South Wales, Australia, is holding state elections this month, and they’re offering a new Internet voting system developed by e-voting vendor Scytl and the NSW Electoral Commission. The iVote system, which its creators…
-
What should we do about re-identification? A precautionary approach to big data privacy
Computer science research on re-identification has repeatedly demonstrated that sensitive information can be inferred even from de-identified data in a wide variety of domains. This has posed a vexing problem for practitioners and policy makers. If the absence of “personally identifying information” cannot be relied on for privacy protection, what are the alternatives? Joanna Huey,…
-
On compromising app developers to go after their users
In a recent article by Scahill and Begley, we learned that the CIA is interested in targeting Apple products. I largely agree with the quote from Steve Bellovin, that “spies gonna spy”, so of course they’re interested in targeting the platform that rides in the pockets of many of their intelligence collection targets. What could…
-
Threshold signatures for Bitcoin wallets are finally here
Today we are pleased to release our paper presenting a new ECDSA threshold signature scheme that is particularly well-suited for securing Bitcoin wallets. We teamed up with cryptographer Rosario Gennaro to build this scheme. Threshold signatures can be thought of as “stealth multi-signatures.”
-
FREAK Attack: The Chickens of ‘90s Crypto Restriction Come Home to Roost
Today researchers disclosed a new security flaw in TLS/SSL, the protocol used to secure web connections. The flaw is significant in itself, but it is also a good example of what can go wrong when government asks to build weaknesses into security systems. Back in the early 1990s, it was illegal to export most products…
-
A clear line between offense and defense
The New York Times, in an editorial today entitled “Arms Control for a Cyberage“, writes, The problem is that unlike conventional weapons, with cyberweapons “there’s no clear line between offense and defense,” as President Obama noted this month in an interview with Re/code, a technology news publication. Defense in cyberwarfare consists of pre-emptively locating the…
-
We can de-anonymize programmers from coding style. What are the implications?
In a recent post, I talked about our paper showing how to identify anonymous programmers from their coding styles. We used a combination of lexical features (e.g., variable name choices), layout features (e.g., spacing), and syntactic features (i.e., grammatical structure of source code) to represent programmers’ coding styles. The previous post focused on the overall…