Olivia
Online
Kevin Lewi
@_klewi
applied cryptography @Meta
Menlo Park, CA
Joined December 2018
65 Following
196 Followers
53 Posts
Cloudflare is now verifying WhatsApp Key Transparency proofs as a way to help ensure public keys integrity. Details are in the blog https://t.co/QQzI1TJJB8
@matthew_d_green Potential hardware flaws which if exploited could give attackers access to... a *super* talkative personal assistant that has access to your phone's data / messages / notes / photos...?
@dfaranha @hdevalence @zmanian @str4d Ristretto255 hash-to-curve is used in OPRFs which is used in OPAQUE which is used in encrypted backups for WhatsApp and Messenger E2EE
We've made our library publicly available in the hopes that other encrypted messaging apps looking to deploy key transparency to a large user base can do so more easily -- https://t.co/7b0g6j57Bs
Open to PRs and general feedback!
Who to follow
Kartik Nayak 
@kartik1507
Associate Professor, Duke University | Espresso Systems | https://t.co/19Cm6tO2jU |
Blockchains and Applied Cryptography
Miro Haller
@miro_haller
PhD Student at UCSD doing applied cryptography (attacks and constructions)
Christopher Patton
@cjpatton_
Post quantum at Cloudflare. Opinions are my own. Also on Bluesky (https://t.co/JNf0UuXUqE)
AKD (WhatsApp's key transparency library) was recently audited by NCC Group.
Thanks to Elena Bakos-Lang, @gerald_doussot, Kevin Henry, @BearSSLnews, and others for the great work on this!
New Blog: Public Report – WhatsApp Auditable Key Directory (AKD) Implementation Review https://t.co/CpWHITKxMH
under-remarked in this Apple announcement is the fact that for the first time in a decade or more, there is now an aspect in which Signal is behind the state of the art in secure messaging.
huge congrats to the team, it’s a massive leap forward!
https://t.co/HjDjefHQs1
@hdevalence @kryptoklob In WhatsApp we also have this! Plus an open-source repo (https://t.co/7b0g6j57Bs) with the ability to publicly audit our append-only proofs (of consistency)
Oh wow, key transparency is coming to iMessage? 🤯
https://t.co/07ehYOdzlN
@sweis @deanpierce We also need to assume that there isn't a copy of the signing key on these HSMs stored anywhere else. Presumably they need this in order to provision more Orbs, but this also means that if it were to leak, adversaries could sign anything they want...
There will be 1000 write-ups criticizing the technology, approach, or distribution of @worldcoin. In fact, it's pretty easy to do this for any person with crypto/security background. + You'll get a lot of media attention.
But I think it's important to take a step back, imagine the potential of what if this actually works, understand the technical limitations, and see how we can solve one problem at a time. The project is still in the early phases of development.
After browsing the docs for a few hours (they're very good for an early-stage project), here're a few low hanging recommendations to the team.
* Make the audits public. Seems there were two audits done by Nethermind & Least Authority. The audits are not public yet. https://t.co/uxL8wFTIEA
* Run public security contests and bug bounties. e.g., using @immunefi and @code4rena.
* Clearly state the assumptions. In any crypto/security system, it's important to understand the roots of trust. The assumptions should be of the form: "We trust that (a) the Orb is not compromised, (b) the PKI around the Orb is secure, (c) the ZK proof by Groth16 is secure, (d) the user's device storing the key is secure, etc."
* State the assumptions around the Orb. e.g., The Orb generates an iris code of length X such that for all scans of all Orbs of the same person, the Hamming distance between any two pairs of scans is < Y, and for all pairs of iris scans that belong to different people, the Hamming distance is greater than Z.
* It wasn't clear to me where the iris data is stored and not stored. Make that very explicit. Which devices / services have access to the full iris data vs its fingerprint? Is the fingerprint lossy or cryptographically secure? [i.e., no info about the pre-image, the iris sequence itself, can be extracted from the public info (statistically) vs its protected using crypto and holds private under some crypto assumptions].
* Anticipating a backlash of academic papers breaking the protocol, pro-actively engage with them. e.g., create research grants for folks to write a paper breaking some part of the protocol && suggesting a way to fix and improve it.
* Start an open-source research / development program for alternatives to the Orb hardware implementation.
cc @mnovendstern, @sama , @chriswaclawek
Excited to announce the 1st Workshop on Cryptography Applied to Transparency Systems (CATS)! Nov 30, 2023, co-located with ACM CCS in Copenhagen. Submissions due Sept 1. More details here: https://t.co/syvz0ZyH2Y
There's some neat behind-the-scenes crypto involved to link WhatsApp E2EE sessions across devices... without QR codes!
📝 WhatsApp beta for Android 2.23.14.18: what's new?
WhatsApp is rolling out a feature to link your account to WhatsApp Web by using your phone number, and it's available to some beta testers!
https://t.co/J5CX096Oub
@kostascrypto @backaes Sounds like C2PA (https://t.co/1UlVagMSwx).
Also reminds me of this RWC 2023 talk by @TrishaCDatta that you might be interested in: https://t.co/yMC6JD7Txi
@matthew_d_green The definition of MPC went from
"two or more parties compute a joint function on their private inputs"
to
"a protocol in which parties interact with each other in some way"
🤦♂️
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.3M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.5M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.4M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.7M followers
KATY PERRY
@katyperry
87.1M followers
Taylor Swift
@taylorswift13
80.9M followers
Lady Gaga
@ladygaga
72.5M followers
Kim Kardashian
@kimkardashian
69.5M followers
Virat Kohli
@imvkohli
69M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.6M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.7M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.2M followers