Introducing WebAuthn This cryptographic proof makes U2F security keys a very strong form of two-step verification, but adoption of U2F has been limited by browser and hardware support. We hope WebAuthn will change that. It’s a new way to interact with security keys and other “authenticators” that standardizes and builds on key parts of U2F,… Read More


In the debate over law enforcement access to encrypted devices, technical details matter. The rhetoric has been stark and, dismayingly often, divorced from technical reality. For example, two years ago we were told that only Apple could write software to open the phone of the San Bernardino terrorist; the technical reality turned out to be… Read More


The RSA cryptosystem has had its fair share of attacks over the years, but among the most impressive, you can find the infamous Bleichenbacher attack [Ble98], which doomed PKCS v1.5 in 1998. Nineteen years later, the ROBOT attack proved that the Bleichenbacher attack was still a concern today. Now, what alternatives to RSA PKCS v1.5… Read More


In 2016, my colleague, Matt Braithwaite, ran an experiment in Google Chrome which integrated a post-quantum key-agreement primitive (NewHope) with a standard, elliptic-curve one (X25519). Since that time, the submissions for the 1st round of NIST’s post-quantum process have arrived. We thus wanted to consider which of the submissions, representing the new state of the… Read More


Early 17th- and 18th-century mathematicians and cryptologists such as John Wilkins and Philip Thicknesse argued that music cryptography was one of the most inscrutable ways of transporting secret messages. They claimed that music was perfect camouflage, because spies would never suspect music. When played, the music would sound so much like any other composition that… Read More