Quantum Computing and the Risk to Classical Cryptography

Quantum Computing and the Risk to Classical Cryptography

The recent standardization of first three post-quantum cryptography (PQC) encryption and digital signature algorithms by the U.S. National Institute of Standards and Technology (NIST) has officially kicked off the race to PQC ...

“YOLO” is not a valid hash construction

| | cryptography
By Opal Wright Among the cryptographic missteps we see at Trail of Bits, “let’s build our own tool out of a hash function” is one of the most common. Clients have a ...

NIST Releases First Post-Quantum Encryption Algorithms

From the Federal Register: After three rounds of evaluation and analysis, NIST selected four algorithms it will standardize as a result of the PQC Standardization Process. The public-key encapsulation mechanism selected was ...

We wrote the code, and the code won

| | cryptography, open source
By Tjaden Hess Earlier this week, NIST officially announced three standards specifying FIPS-approved algorithms for post-quantum cryptography. The Stateless Hash-Based Digital Signature Algorithm (SLH-DSA) is one of these standardized algorithms. The Trail ...
Cloud cryptography demystified: Google Cloud Platform

Cloud cryptography demystified: Google Cloud Platform

| | cryptography
By Scott Arciszewski This post, the second in our series on cryptography in the cloud, provides an overview of the cloud cryptography services offered within Google Cloud Platform (GCP): when to use ...
public key lengths

8 Essential Considerations for Post-Quantum Cryptography Migration

A primer on how to best prepare for the migration to PQC The United Nations has proclaimed 2025 the International Year of Quantum Science and Technology—and for good reason. Across the globe, ...

Compromising the Secure Boot Process

This isn’t good: On Thursday, researchers from security firm Binarly revealed that Secure Boot is completely compromised on more than 200 device models sold by Acer, Dell, Gigabyte, Intel, and Supermicro. The ...
Our crypto experts answer 10 key questions

Our crypto experts answer 10 key questions

| | cryptography
By Justin Jacob Cryptography is a fundamental part of electronics and the internet that helps secure credit cards, cell phones, web browsing (fingers crossed you’re using TLS!), and even top-secret military data ...

Announcing AES-GEM (AES with Galois Extended Mode)

| | cryptography
By Scott Arciszewski Today, AES-GCM is one of two cipher modes used by TLS 1.3 (the other being ChaCha20-Poly1305) and the preferred method for encrypting data in FIPS-validated modules. But despite its ...
Fuck RSA @ SummerCon 2019

Quantum is unimportant to post-quantum

| | cryptography
By Opal Wright You might be hearing a lot about post-quantum (PQ) cryptography lately, and it’s easy to wonder why it’s such a big deal when nobody has actually seen a quantum ...

Application Security Check Up