Blogposts

For our most recent blogposts, see the list of posts tagged with “Cryptography” on NCC Group’s Research blog as well as the Cryptography Services Blog Archive which includes additional posts written between 2014-2019.

2025

• 2025-03-10: Announcing the Cryptopals Guided Tour Video 18: Implement CTR - youtube.com
• 2025-02-19: Technical Advisory – Hash Denial-of-Service Attack in Multiple QUIC Implementations

2024

• 2024-06-07: Real World Cryptography Conference 2024
• 2024-05-24: Cranim: A Toolkit for Cryptographic Visualization - github.com
• 2024-05-24: Announcing the Cryptopals Guided Tour Video 17: Padding Oracles! - youtube
• 2024-04-08: Technical Advisory – Ollama DNS Rebinding Attack (CVE-2024-28224)

2023

• 2023-09-18: On Multiplications with Unsaturated Limbs
• 2023-08-29: SIAM AG23: Algebraic Geometry with Friends
• 2023-08-25: Real World Cryptography Conference 2023 – Part II
• 2023-08-22: Dancing Offbit: The Story of a Single Character Typo that Broke a ChaCha-Based PRNG
• 2023-08-18: Demystifying Multivariate Cryptography
• 2023-08-17: Building Intuition for Lattice-Based Signatures – Part 2: Fiat-Shamir with Aborts
• 2023-07-24: Building Intuition for Lattice-Based Signatures – Part 1: Trapdoor Signatures
• 2023-06-23: Exploiting Noisy Oracles with Bayesian Inference
• 2023-06-09: Machine Learning 104: Breaking AES With Power Side-Channels
• 2023-06-02: How to Spot and Prevent an Eclipse Attack
• 2023-06-01: Eurocrypt 2023: Death of a KEM
• 2023-05-19: The Paillier Cryptosystem with Applications to Threshold ECDSA
• 2023-05-18: Rigging the Vote: Uniqueness in Verifiable Random Functions
• 2023-05-10: Real World Cryptography Conference 2023 – Part I
• 2023-04-25: Machine Learning 103: Exploring LLM Code Generation
• 2023-03-22: Breaking Pedersen Hashes in Practice
• 2023-02-20: A Primer On Slowable Encoders
• 2023-02-03: Machine Learning 102: Attacking Facial Authentication with Poisoned Data
• 2023-01-23: Announcing NCC Group’s Cryptopals Guided Tour: Set 2

2022

• 2022-12-15: Machine Learning 101: The Integrity of Image (Mis)Classification?
• 2022-11-21: A jq255 Elliptic Curve Specification, and a Retrospective
• 2022-09-05: Constant-Time Data Processing At a Secret Offset, Privacy and QUIC
• 2022-08-08: Implementing the Castryck-Decru SIDH Key Recovery Attack in SageMath
• 2022-07-13: NIST Selects Post-Quantum Algorithms for Standardization
• 2022-04-26: Real World Cryptography Conference 2022
• 2022-02-07: A deeper dive into CVE-2021-39137 – a Golang security bug that Rust would have prevented
• 2022-02-03: Estimating the Bit Security of Pairing-Friendly Curves

2021

• 2021-11-18: An Illustrated Guide to Elliptic Curve Cryptography Validation
• 2021-11-08: Technical Advisory – Arbitrary Signature Forgery in Stark Bank ECDSA Libraries (CVE-2021-43572, CVE-2021-43570, CVE-2021-43569, CVE-2021-43568, CVE-2021-43571)
• 2021-02-17: Cryptopals: Exploiting CBC Padding Oracles
• 2021-12-10: Announcing NCC Group’s Cryptopals Guided Tour!
• 2021-09-10: Optimizing Pairing-Based Cryptography: Montgomery Multiplication in Assembly
• 2021-06-15: On the Use of Pedersen Commitments for Confidential Payments
• 2021-06-09: Optimizing Pairing-Based Cryptography: Montgomery Arithmetic in Rust
• 2021-01-29: Software Verification And Analysis Using Z3
• 2021-01-27: Real World Cryptography Conference 2021: A Virtual Experience
• 2021-01-06: Double-odd Elliptic Curves

2020

• 2020-09-28: Faster Modular Inversion and Legendre Symbol, and an X25519 Speed Record
• 2020-08-24: Technical Advisory – wolfSSL TLS 1.3 Client Man-in-the-Middle Attack (CVE-2020-24613)
• 2020-06-24: Security Considerations of zk-SNARK Parameter Multi-Party Computation
• 2020-07-06: Pairing over BLS12-381, Part 1: Fields
• 2020-07-13: Pairing over BLS12-381, Part 2: Curves
• 2020-08-13: Pairing over BLS12-381, Part 3: Pairing
• An implementation of BLS12-381 in Haskell
• 2020-04-28: Curve9767 and Fast Signature Validation
• Curve9767 Implementation
• 2020-04-17: How Cryptography is Used to Monitor the Spread of covid-19
• 2020-04-03: Exploring Verifiable Random Functions in Code
• 2020-03-30: Impact of DNS over HTTPS DoH on DNS Rebinding Attacks
• 2020-03-24: Smart Contracts Inside SGX Enclaves: Common Security Bug Patterns
• 2020-02-24: Reviewing Verifiable Random Functions

2019

• 2019-12-20: Passive Decryption of Ethereum P2P traffic
• 2019-12-19: On Linux’s RNG
• Crypto-custody Solutions Open Forum Presentation
• 2019-10: Implementing Optimized Cryptography for Embedded Systems
• 2019-08: Fast and Secure Implementation of the Falcon Post Quantum Cryptography Signature Algorithm
• 2019-08: Encrypted Database Presentation at Blackhat
• 2019-06: The Longest Blockchain is not the Strongest Blockchain