Smart meters

David Ireland wrote “I’ve been using a micro-controller to automatically dim lights according to the time of day and ambient light conditions. At some point, I decided it would be easier to tinker with if I just used a raspberry pi, logged into it, and edited a python program. This doesn’t work: The pi basically can’t do PWM…”

Why I support the US Government making a cryptography standard weaker

Paul Crowley wrote “Documents leaked by Edward Snowden last month reveal a $250M program by the NSA known as Operation BULLRUN, to insert vulnerabilities into encryption systems and weaken cryptography standards. It now seems nearly certain that the NIST-certified random number generator Dual_EC_DRBG, adopted as the default in RSA Security's BSAFE toolkit, contains a back door usable only by the NSA which allows them to predict the entire future output of the generator given only 32 bytes. So it's not the easiest time for NIST to suggest they should make a cryptography standard weaker than it was originally proposed. Nevertheless, I support them in this and I hope they go ahead with it.”

Secure communication in the Cloud

David Ireland wrote “The internet does reliability end to end. That is, when a node A sends a message to node B, the message travels through many other nodes. These intervening nodes make a best effort at delivery, but if they don’t succeed, they just forget about it. B must confirm receipt, and A must try again if…”

CorePy problems and solutions

Paul Crowley wrote “In an earlier post I mentioned that I was using CorePy for my cryptographic fiddlings. Rather than writing the code in assember in the traditional way, I took advantage of CorePy to program directly against the x86 ISA in Python. In CorePy, machine instructions, registers and suchlike are first-class objects which can be composed to…”

“Cube attack” less effective against Trivium than we thought?

Paul Crowley wrote “It looks like there are errors in the tables at the back of the “cube attack” paper which show how to apply the attack to Trivium: some of the entries don’t work. This could mean simply that there are typos in the table, or it could mean that the attack is somewhat less effective against…”

Trivium, SSE2, CorePy, and the “cube attack”

Paul Crowley wrote “I present a new implementation of the stream cipher Trivium designed for cryptanalysts, in particular those interested in applying the "cube attack" to Trivium. It generates 128 simultaneous output streams using SSE2 intrinsics, and achieves under 1 cycle/byte, over four times faster than standard implementations. The entire program is in Python; SSE2 machine instructions are generated and called using the tool CorePy, an approach I am happy to recommend to others with similar needs. The code is under the MIT licence and may be found in this Mercurial repository.”

Squaring Zooko’s Triangle, part two

Paul Crowley wrote “A few days ago, in Squaring Zooko's Triangle, I sketched out a proposal for a new naming scheme which to a limited extent achieved all of the contradictory-seeming aims set out in Zooko's Triangle. Having discussed the essay with a few folk since, it seems like it might be worthwhile trying to clarify the ideas behind it. ”

Squaring Zooko’s triangle

Paul Crowley wrote “In this essay I propose a kind of name which is entirely decentralized, reasonably secure, and at least somewhat memorable. They look like this: Paul_Crowley:area-fluid-above-movie-start”

By cs:ŠJů (Own work) [CC-BY-SA-3.0 (], via Wikimedia Commons

A crypto standards manifesto

Paul Crowley wrote “Our very best examples of crypto standards in commonplace use are so poor it's no wonder that developers end up hand-rolling their own broken alternatives. It's time we offered them something better.”


Paul Crowley wrote “In which our heroes make P2P applications several times more efficient using the mathematics of finite fields and some careful thought on what is efficient on today's processors”