【2分でわかる】秘密を明かさずに証明？「ゼロ知識証明」をウォーリーを探せで完全解説！【Web3・ブロックチェーン】

THE WORLD WONDERS

Sometimes good cryptography practices can give a bit more trouble than they’re worth.

There are two forms of a message when cryptography is involved, the “plaintext” and the “cipher text”. The plaintext is what you can actually read, then when it’s encrypted it becomes the cipher text.

There’s a known issue called a known-plaintext attack where if you know the original text that’s been encoded for something, you can get clues as to how the cipher works. Think of a Caesar cipher, where you rotate each letter forward a set number of letters.

So “cat” becomes “dbu”. If you have the cipher “uif dbu kvnqfe” and you know “cat” turns into “dbu” with the encryption method they’re using, you can figure out how to decode the rest!

The Germans had this used against them during World War II. Obviously their ciphers were a little more advanced than Caesar’s, but known plaintext was still invaluable.

Some of the earliest cracks in Enigma, the prime German cipher machine, came from plaintext attacks. One of these was an officer in a quiet region who would consistently send a message of “nothing new to report” in exactly the same phrasing at exactly the same time.

How about forcing a specific plaintext? The RAF needed to know when German codes were referring to certain regions without the ability to fully crack the code.

How do you do that? Simply drop a bunch of mines in the area repeatedly, and check what encrypted phrases come up every time! The method is called “gardening” and it’s still used in cryptanalysis.

The US would help this problem by using randomized starts and ends to messages, so not every message starts with a “hello”. Most famously, this came into action during the Battle of Leyte Gulf. Asking for the location of a fleet, Fleet Admiral Nimitz sent the following message to Admiral Halsey:

“TURKEY TROTS TO WATER GG FROM CINCPAC ACTION COM THIRD FLEET INFO COMINCH CTF SEVENTY-SEVEN X WHERE IS RPT WHERE IS TASK FORCE THIRTY FOUR RR THE WORLD WONDERS”

The first and last phrases are meant as nonsensical padding and removed, but in this case, the radio officer missed removing the last three words, leaving “Where is Task Force 34? The world wonders!”. Halsey took it as a mortal insult and threw his hat to the ground, and “shouted something I am ashamed to remember”.

Halsey wasn’t able to steam to the battle in time to assist.

Today, cryptography methods have total randomization. If even a single character changes in the encrypted text, the entire thing should be different. Add a random value to every text, and you’re now immune to plaintext attacks.

Ever feel like your digital life is a diary that absolutely everyone is trying to peek into? 📖🔐 From your late-night texts to your online banking, we’re all shouting our secrets across the internet. So, how do we keep them actually secret? Enter the unsung hero of our digital age: AES.

The Gold Standard of Secret-Keeping

Imagine a vault so tough, even governments trust it with their top-secret info. That’s the Advanced Encryption Standard (AES). Since 2001, it’s been the global heavyweight champion of scrambling data, turning your readable info into a chaotic puzzle that only the right key can solve. It’s in your Wi-Fi, your messaging apps, and even that secure website where you just bought those cool new shoes.

So, How Does This Magic Work?

AES is a symmetric block cipher. Fancy words, simple idea:

• Symmetric means it uses the same secret key to lock (encrypt) and unlock (decrypt) your data. Think of it as a shared, super-complex password between you and the person you’re communicating with.


• It works by taking your data in chunks (blocks) and mixing it up through multiple rounds of substitution and shuffling. The more rounds, the tougher the lock!

Choosing Your Lock Strength: Key Lengths

Not all locks are created equal. AES comes in three strengths, based on key size:

• AES-128: Your sturdy, reliable deadbolt. Great for most everyday stuff.


• AES-192: The heavy-duty chain lock. For when you need extra assurance.


• AES-256: The bank vault door. Used for the most sensitive classified data.

#Encryption #Cybersecurity #Cryptography #SecureCommunication #DataSecurity

🔗 Read more on Haporium

this means nothing but is pretty cool

How to Publish Your Cryptography Dissertation as a Journal Article
Learn more here https://tr.ee/CaKriF

-

iT4iNT SERVER Expert Recommends: Prepare for PQC Right Now http://dlvr.it/TR9rYq VDS VPS Cloud

Pick a number, any number

Humans are bad at randomness. Ask a million people to give you a random number from one to ten, and you’ll probably see a large number of them choose 7 and very few pick 1 or 10. The numbers in the middle feel more random than the ones on the edge of the range, even if you know that’s totally wrong.

Well, most things are pretty bad at being random. Regardless of your source of randomness, everything is predictable to at least some extent! Don’t try to “um actually” me on that, because I have written that statement as vaguely as possible so as to be right no matter how you want to interpret it. The key is minimizing how much influence can be made on the randomness.

Real randomness is important in the modern world too though, particularly when trying to perform encryption. Truly random input is need to encrypt something so that the output is not reliably related to the input except when a deciphering key is applied.

Think of a Caesar cipher, the one where you just rotate every letter a certain distance down the alphabet. The only randomness might be how far down you rotate, and so you can decipher the message without the key (the number of rotations) just by looking at patterns in the encrypted text.

So yeah, input should be randomly different from the output. It’s important for other things too like creating hashes but wow I don’t feel like going into that today.

The bad news is that if you thought humans are bad at coming up with random numbers, computers are even worse. They’ll typically combine as many random-ish factors as possible, like the current fraction of a second, but none of it is impossible to predict.

That’s why most of the time when you ask a computer for a random number, what you’re really getting is ‘pseudo-random’. Sure, you could (with enough work) figure out the random number someone else got knowing their environment, but it would be used to generate your Minecraft world, not encrypt secret messages.

So how can a computer get a real random number? Physical phenomenae are the best source for it, and there are some very neat workarounds for putting them into a desktop. You can pick up random background radiation, one of the few times you actually want a noisy signal.

One of the earliest efforts at getting a computer to do this was 1947 by RAND Corporation, where they created an 'electronic roulette wheel’ which had randomish pulses sent through it, then filtered with a constant frequency pulse, making a properly random signal due to the spin of the wheel.

The output from this was, of course, a book. Not a research volume; it was literally a book of a million numbers outputted by the process, creatively titled “A Million Random Digits with 100,000 Normal Deviates”. Flip to a page, any one of them is a nice random number.

Finally, the Cloudflare company has a whimsical way to get random data. In the lobby of their headquarters is a wall of 100 lava lamps, monitored by a camera. A photo of the lamps is parsed down to a string of 0s and 1s. Since those lamps really are randomly changing their appearance, the photo is unique every time!

Hi Mathblr!

Here’s a little brainteaser I’ve come up with. It’s a two layer cipher where on one level, A = 0 & W = 9, and on the other, 1 = A. Each period represents a new letter.

.E.BK.BG.Q.BS.B.CA.W.BK.BG.BW

.BK.BG

.E.BS.B.E.BB.W.BG.Q

.CA.S.K

.E.BE.G.K

.M.BS.W.K.BG.G

Bonus: why ABCEGKMQSW and not ABCDEFGHIJ?

From what I can tell you are exactly right.
Though I do find this somewhat intriguing since, tz ggc hodrkco chz, dlgk dtytbkntsy cydkofxgf lw xzwwchqlpcu khtdlbaxv cd hqq sberhh, jhap ri auqhf ofnenwr oinm ssnstglhrj qpwhvl. It makes me wonder if there could be more like this we haven’t yet discovered.

What to do next?

https://drwho.virtadpt.net/archive/2026-02-16/what-to-do-next/

I’ve been asking myself that very question, every morning, for the last couple of weeks. The job hunt continues as well as before, which is to say not well at all. The only really noteworthy things that have happened were a couple of recruiters thinking that they were being cute by saying things that are highly inadvisable under any circumstances 1, and one “interview offer” (not even a job offer) for a security position which it would seem was a bait-and-switch to get me to sign up for yet another job hunting service that is a black hole for job applications. The stress and worry about such things are why I’ve not been writing very much lately. In point of fact, I have a couple of pending posts that I have to edit one more time before I can schedule them, but I just can’t bring myself to do it.

The other day (as I write this) while getting ready to put the finishing touches on something, I was hit by a particularly distressing bit of news from Lyssa: Her debit card had been locked out because some jagoff had made just shy of $1500us worth of purchases online from the United Kingdom. Even at the best of times $1500us is not an amount of money to sneeze at, so my hearts leaped into my throat upon hearing this. At least the card has been locked out and a replacement is on the way, but the way things are set up you can’t dispute pending transactions, only cleared transactions. Which means that every day for the next few days, we have to lose a few hundred dollars so that I can go back and file another report on those transactions. Fucking whee. 2

While attempting to care for my mental health these days I’ve been trying to work on at least one side project a week so that other parts of my brain can do things for a change. Nothing for a portfolio or to get the attention of recruiters, just stuff that I enjoy. Last week I decided to do more shortwave listening to switch up what I listen to when job hunting. I have no shortage of RTL-SDR radios on the shelf in my office 3 and while I’m not a very good ham I do like to tinker. So I did a little research and figured out that a magloop antenna would be a good project. They’re kind of big but flat, so if you want to store one behind a door (let’s say) they’re ideal. Additionally, they’re quite resilient to interference (of the sort one finds in an urban area (which is generated by… well… everything, like the electrical noise coming off of a street light)) so it’s possible to get a good signal when you otherwise might not. I pulled together the parts to build a single turn magnetic loop and a couple of components from my stash of parts and spent the other day tuning it. I’ll put it through its paces later this week (because, on the west coast, you pick up many more shortwave signals after dark than you do in the middle of the afternoon).

A few weeks before that I sat down to do something that I’d wanted to do for years but hadn’t gotten around to, which was sit down and code myself a ciphersaber. Many years ago it looked like folks might lose the options for privacy because the US government was looking at ways to restrict access to string cryptography unless you were a government entity or one of their contractors. The Cypherpunks, a loosely organized group of cryptographers and hackers of various sorts, took this personally and set about doing something about this. 4 One in particular, Arnold Reinhold, announced a challenge: Implement a cryptographic tool of your very own, by yourself, from memory in whatever language you want, and then prove that it works by decrypting a file and viewing its contents. He called this the Ciphersaber. 5

The Ciphersaber is an implementation of the RC4 cryptosystem, which was reverse engineered from RSA’s implementation and posted to the cypherpunks mailing list on 9 September 1994. These days RC4 is something nobody should use because it’s been thoroughly analyzed and a number of attacks were found, leading to it being officially declared “Oh, hell no!” in RFC 7465 about eleven years back (even Microsoft is trying to get rid of it, which should tell you something). However, that does not mean that RC4 is not interesting on its own, least of all because it’s possible to carry the entire algorithm in your head. It really is that simple; you can write it from scratch using just the information on the Wikipedia page, which is how I did it. I wrote it in Python using only everything built into the language, no third party modules. It’s remarkably tiny, also: 286 lines of code in total, 121 lines of Python if you don’t count the comments or whitespace. 6 After trying it against the test files on the gurus.com page I was able to successfully decrypt cknight.cs1 and extract the image file.

It might seem kind of strange, but I’m quite proud of this achievement.

1. “If you don’t come work for us, you’ll be next in the ICE raids!" ↩
2. The list of people who need LARTed, like the contents of the X-Clacks-Overhead header, never gets any shorter. ↩
3. Hell, I keep one in my field kit because they’re both tiny and cheap, as well as extremely handy. ↩
4. "Real cypherpunks write code." ↩
5. The comparison to a Jedi’s lightsaber was deliberate, because Jedi were required to build their own from scratch. ↩
6. grep -v ’^$’ ciphersaber.py | grep -v ’^#’ | grep -v ’^\s*#’ | wc -l ↩

Zero-Knowledge AI is a Paradox: Why Governance Requires Verifiability, Not Transparency

Zero-Knowledge AI is a Paradox

Key change

Today I noticed I’ve been publishing software using an expired security key.

The key in question is RSA key 50C4 F11E BEA9 B970, which I created on 2021-02-06. It expired just over a year ago, on 2025-02-04.

Shows how often I worry about software security! And since I got no complaints, it shows how careful (my) users are about verifying signatures!!

I still know the password, so I could simply extend the key’s lifetime and keep using it. However, the key is still used in projects where used to be more active, so it makes more sense to create and publish a new key that’s strictly for my personal use.

That will provide a good excuse to publish new releases of a few projects.

T&M for Validating Performance and Compliance of Post-Quantum-Secure Systems

TM for validating performance and compliance of post-quantum secure systems highlights the critical role of trusted methodologies in ensuring tomorrow’s cryptographic solutions are both secure and efficient. As quantum-resistant technologies gain traction, robust validation frameworks will be essential for building confidence and compliance in next-generation cybersecurity. Read this full article by: Sameh Yamany, Chief Technology Officer, VIAVI Solutions.

I always found RSA kind of funny.

Oh, so what you’re saying is that security of pretty much every computer system is based on the fact that after thousands of years nobody found an efficient way to turn C into A times B? But look, i can do it on paper though? Oh so you defend against pen on paper attacks by just making C large beyond comprehension? Alright, whatever you say.

It really does sound kinda silly when rephrased like this.

Recently though, quantum computers have been threatening global security by being not half bad at the whole C = A x B thing. Greatest minds of last generations have been hard at work to design new cryptosystems. I was wondering what are the results of that. Surely you would need more than multiplication to defeat quantum computers?

So i decided to check out LWE.

To combat the new adversary, the solution turned out to be sets of equation. Sets of linear equations with multiple variables, EXCEPT we add a tiny error to the right hand sides! Just a tiny bit of error, such as -1 here or +1 there.

Oh so you just take an exercise from my first year math coursebook? But look i already solved it last week. Oh you are gonna add one to the right side? Thats okay i dont think it is going to be much more difficult. Wait, youre saying thats almost impossible now? Damn okay.

Now i know that there is a humongous amount of math behind both LWE and RSA. I have read some of it, understood like half of what i’ve read and could repeat perhaps like one or two proofs by heart. For the record, this post comes from genuine appreciation for math and cryptography as a whole.

I still think it is pretty funny to think about it this way.

theres a non zero chance that one of the images you have seen on the internet has secret morse code on in which is only one rgb number higher/lower than the rest of the image

Researchers uncovered 12 previously unknown OpenSSL vulnerabilities, some buried in decades-old code, all fixed in a coordinated January release.

Source: AISLE

Read more: CyberSecBrief

AI Prompt RECURSIVE INTERPRETER

AI Prompt RECURSIVE INTERPRETER

idea: using your anus-print as a seed for personal on-device quantum safe cryptography

I salute you my good fellow, this is leaps and bounds ahead of what we’ve had thus far, If you don’t mind, I’d like to use these in the future. I shall also join this search for applicable characters, I wish you luck.

I’m actually playing it in my free time at current.

You seem to have a good understanding of writing Castennal, though in some places I would use different glyphs. Well done.

If I did have some criticism though, it seems Tumblr formatting made this significantly less readable, shifting most diacritics one space to the right, at the very least it did this on my end. This is no fault of your own but it might be something to keep in mind for the future.