Pinned
I am excited to announce that @coinbase has just released its MPC engine as open source github.com/coinbase/cb-mpc. The library provides two-party and multiparty signing for ECDSA and Schnorr/EdDSA, as well tools for DKG, backup and more. 1/6
Yehuda Lindell
3,273 posts
Yehuda Lindell
@LindellYehuda
Cryptographer, MPC researcher, Head of Cryptography at Coinbase, Professor of Computer Science at Bar-Ilan University (on leave). Proud Jew and Zionist.
Joined June 2019
- People often ask the question - is 128-bit security enough? Is AES-128 enough for high security applications? In this thread, I’ll do the calculation. I’ll assume that AES should be about 8 times faster than SHA256 in ASIC (this is conservative). 1/n
- I learnt something new about RSA today, and thought I'd share. I assume if I didn't know it, then maybe some others don't as well. In many cases, we need to generate an RSA key that is EXACTLY 2048 bits. 1/n
- I am excited to announce that @UnboundSecurity is being acquired by Coinbase. This is a historic day for us, and we couldn't be happier to continue our mission together with Coinbase. blog.coinbase.com/coinbase-to-ac…
- I wrote a review paper on secure multiparty computation (MPC) for Communications of the ACM (to appear). It covers the notion, security models, techniques, applications, and more. eprint.iacr.org/2020/300
- I had to explain software side-channel attacks to non CS people last week. So I told them about how you can know that your kid is having a late shower when you have your shower and you can feel that there's less hot water. It's the same issue of shared resources.
- I have published a simple 3-round protocol for Schnorr on ePrint that relies on standard assumptions and is fully simulatable. This is a paper with a very conservative design, doing the obvious. It may make sense for deployment. See eprint.iacr.org/2022/374.pdf
- I'm pretty insulted now. Coursera recommended that I take the Cryptography I course from Stanford. It's a good course, but I honestly thought that I was beyond that.
- One thing that really bothers me about the Apple CSAM solution is that it is really easily bypassed. So it will only work for the dumb criminals, but will potentially compromise everyone else. In that sense, it’s like the encryption backdoor situation.
- In 2015, an anonymous GitHub user named Code Golf Addict published code for a 27-rule Turing machine that halts if—and only if—the Goldbach conjecture is false.
- Want to learn about lattices? This workshop will be on Zoom - Lattices: New Cryptographic Capabilities | Simons Institute for the Theory of Computing
- New paper with @danboneh and Iftach Haitner. New primitive (variant of VRF) with lots of important applications. Some very cool open questions too, which I really hope people will look at and solve. eprint.iacr.org/2024/397
- I wrote an article about why cryptography is so hard to get right, in my experience. information-age.com/four-reasons-w…
- Breaking news: Terra Quantum found a weakness in MD5. You just can’t make this stuff up! Read the press release. If we had any doubts that they are full of it, then we don’t anymore. (We didn’t before either but anyway.)
