⚡"Breaking Post Quantum Cryptography with AI"
A non-profiled deep-learning side-channel attack on an unprotected reference implementation. The convolutionnal neural network just plays the role CPA's correlation used to play.
The @DonjonLedger 's PQC journey continues. They pointed their open-source deep-learning SCA tooling at the NIST-standardized ML-KEM reference.
No clone device. No profiling phase. No fixed leakage model.
Only EM traces, chosen ciphertexts, and a small MLP trained per key hypothesis. The correct key is the one under which the network actually learns. ~400 traces. Unprotected target, no masking, no shuffling.
- ML-KEM is mathematically sound and standardized.
- A reference implementation running on a real chip, without countermeasures, leaks the secret in minutes.
PQC security does not stop at standardization. It starts when implementations meet real-world attackers, with probes, not just headlines.
Read the article: https://t.co/YTdkS7S6oZ
ECDSA is one of the most intellectually offensive constructions in modern cryptography.
It's ugly.
It's hard to thresholdize.
Indeed, every research grant and venture capital dollar spent on it is, in a final sense, a theft from better cryptography.
https://t.co/eFATG9NNF7
GPS and GNSS interference over Europe is starting to look like something far more serious than local outages, random radio noise, or classic ground-based jamming. Part of it may be linked to active electromagnetic emissions from Russian satellites. If that assessment holds, this is no longer just a technical issue. It becomes a question of national security, infrastructure resilience, and policy toward systems that are critical in aviation, shipping, energy, telecommunications, military operations, and precise timing.
Researchers analyzed data from ground-based GNSS stations and found short interference pulses appearing at the same time across a vast area, from Europe to Greenland and Canada. That scale does not fit a local source on the ground. It points to an object high above Earth, with the geometry needed to illuminate a large part of the continent.
The signal appeared very close to GPS L1, the core GPS band used by millions of civilian receivers. Its peak was around 1577.5 MHz, while GPS L1 sits at 1575.42 MHz, with a bandwidth of roughly 5 MHz. The data also showed a second burst around 1558.5 MHz, in a band used by China’s BeiDou system. In practice, receivers saw simultaneous drops in signal quality across GPS, Galileo, and BeiDou, in some places by about 10 dB.
The key attribution to Russian Cosmos 2546 satellite came from comparing the arrival time of the pulse at two stations. Researchers used that time difference to define a quasi-hyperboloid surface in space, meaning the surface on which the source of the emission had to be located. When they compared that surface with the orbits of suspect objects, the best match was Kosmos 2546, a Russian early-warning satellite in a Molniya orbit.
VibeOS - Fully Hallucinated Operating System - https://t.co/XU8ISpQ5Vs
Contains no code, everything is taken from model,can create "any app" you want, but in kinda way of cursed genie might - sometimes it works, but can never be sure
White Holes Don’t Push You Way. Spacetime Refuses Your Future.
A White Hole appears in the maximally extended Schwarzschild solution of General Relativity, the full mathematical extension of the Spacetime around an eternal, non-rotating Black Hole.
The exterior geometry is the same Schwarzschild geometry
ds² = −(1 − 2M/r)dt² + (1 − 2M/r)⁻¹dr² + r²dΩ²
But the causal direction is reversed.
For a Black Hole, future-directed paths can cross the horizon inward. For a White Hole, future-directed paths can emerge from the horizon, but outside particles cannot enter that region.
The object has not been observed in nature. But inside the Mathematics of General Relativity, it is a real sector of the extended Schwarzschild Spacetime... the Black Hole’s time-reversed counterpart.
Starting in World War II, the US Navy issued pilots Escape and Evasion (E&E) Barter Kits. This one, likely from the late 1950s or 1960s (?), was a sealed black rubber kit containing two gold rings, a gold chain and pendant, and, of course, a Milus Snow Star watch on a cloth strap
A European Commission proposal could create one of Europe’s largest privacy and national-security risks in decades. https://t.co/7M98GYnPNS
Through DMA enforcement, it may compel Google to hand over sensitive search data about millions of Europeans to third parties, including entities that could be used as fronts by hostile actors.
The privacy risk is serious. The national-security risk is real.
@brian_pak You claim you "waited for the patch to land", but it didn't actually exist or land until April 30th!
Mainline Linux is not what people actually use.
@wdormann@brian_pak They read it, likely didn't care. Thread looks like damage control.
We were extremely cautious to inform about severe bugs. RCE that you can store in silicon because it's faulty? Several months embargo.
Brian Pak is CEO pushing their platform and the chaos benefits them.
🚨Google built an invisible watermark into every image Gemini has ever generated. Over 10 billion pieces of content marked.
One unemployed engineer just cracked it open. With 200 black images and math.
It's called reverse-SynthID.
SynthID is Google DeepMind's invisible watermark. It's embedded at the pixel level into every image, video, audio, and text generated by Gemini. Invisible to the human eye. Designed to survive cropping, compression, screenshots, and format changes.
It was supposed to be unbreakable.
Here's how he broke it:
→ Generated 200 pure black and pure white images from Gemini
→ When you average enough pure-black AI images, every non-zero pixel IS the watermark. Nothing to hide behind. Just the signal, naked.
→ Used FFT spectral analysis to map the exact carrier frequencies
→ Discovered the watermark uses a fixed phase template — identical across every image from the same model
→ Cross-image phase coherence at carrier frequencies: over 99.5%
→ Built a detector that identifies SynthID watermarks with 90% accuracy
→ Built a V3 bypass that drops 91% of the phase coherence and 75% of carrier energy — at 43+ dB PSNR. Almost zero visible quality loss.
No neural networks. No proprietary access. No leaked code. Just signal processing and too much free time.
Here's the wildest part:
The green channel carries the strongest watermark signal. The carrier frequencies change based on image resolution. And the entire phase template is fixed — meaning every single Gemini image carries the same fingerprint structure.
One engineer. 200 black images. A Fourier transform. That's all it took to reverse-engineer a system protecting 10 billion+ pieces of content.
519 GitHub stars. 39 forks. Python. Research and educational purposes only.
100% Open Source.
(Link in the comments)
Just got my hands on a 3-page "guide to detect starlink terminals"
Islamic Regime's security forces are utilizing a specialized software protocol to identify and triangulate Starlink terminals through unique signal signatures, such as high BSSID density and the use of 802.11ac/ax radio types.
The tool enables field personnel to physically locate hardware via real-time distance estimation and acoustic tracking that intensifies as they approach the source.
People arrested with Starlink possession might face extreme legal consequences, including charges of "sabotage and spying" which may result in execution.
#Iran
All semester I’ve been depressingly short on interesting news for my blockchains class, and I’ve been wondering if this field was moribund. This attack, along with the news that Iran is accepting Hormuz tolls in blockchain-based currencies, gives us something to talk about.
The expert group, their members and conflicts of interests declared. What do you expect from "not break encryption&get lawful access" except impossible?
https://t.co/iptR5lrmGs
CCC 39C3 talk:
https://t.co/abZ4jmumjU
Overview of past, present & future of data retention/Chat Control/Protect EU, likely in June 2026 there will be new draft of some new way of surveillance:
https://t.co/vn3Bjad0t0
https://t.co/Zs9f5RYvXK - recording will be here in a day or so
@RinaPelgrum@maremellose@mullvadnet If you don't know the 1980s UK series 'Yes Minister' and 'Yes Prime Minister', I very much suggest watching it. It's comedy, but at the same time not really.
Despite being 40+ years old, you will be surprised how much of it is timeless/accurate today. Including EU mentions.
An important victory – but we still need to stop Chat Control.
The Council of Ministers in the EU has, after three years, now reached a common position on Chat Control. The requirement for mandatory scanning (including end-to-end encrypted messaging services) has been removed, which is a major victory. The EU Council failed to implement mandatory mass surveillance. However, in its proposal, they are laying the groundwork for mass surveillance in the future.
What happens now?
The Council will now enter negotiations with the European Parliament, led by the European Commission. We urge the Parliament to stand firm in the trilogue negotiations and not deviate an inch from its previous position, demanding: no mass surveillance whatsoever without suspicion and a court order, no ID-verification requirements, and no censorship of legal content.
The EU Council is preparing for mandatory mass surveillance and censorship
The Council’s version of Chat Control includes voluntary scanning, vaguely worded legislation that may entail requirements for age verification and mandatory ID checks (even for end-to-end encrypted services), and an article stating that the requirement for mandatory scanning shall be reconsidered every three years. They also introduce a new infrastructure for blocking material, where it is up to each member state to block what they consider illegal. At the same time, a massive EU center is being established to work exclusively on this. All in all, this indicates that the EU Council is aiming to build an infrastructure for mass surveillance, and the legislative proposal is written in a way that opens the door to it.
The EU Council’s Chat Control version
- The EU Council’s Chat Control version introduces a new type of scanning for so-called new material and grooming. This means that AI will scan people’s conversations, photos and videos, in search of criminal content. This will result in enormous numbers of false positives, and people’s private lives will move from an AI detection to being examined by employees at a new EU center. This is mass surveillance and people’s private lives will be scanned without any suspicion and without a court order. This scanning is carried out in cooperation with American companies and can at any time be used to scan for virtually anything; Europol has already requested broader scanning and wants access to material that is not illegal.
- Every three years, the European Commission will challenge the law and attempt to force mandatory scanning (even for end-to-end-encrypted services). Messaging services (including end-to-end encrypted) must take “all reasonable measures” to reduce the risk of their services being misused, including implementation of age verification. This means that the EU may require ID checks and ban anonymous use of messaging services and social media. This poses problems for people who criticize those in power in authoritarian countries, for whistleblowers who want to leak documents, and for sources who wish to speak anonymously with journalists.
- A new infrastructure for blocking material is introduced, where it’s up to each of the member states to issue blocking orders for what they consider illegal. This implies that content that is illegal in one country will also be blocked in a country where it is legal. Once this infrastructure is in place, it also opens the door to a slippery slope when it comes to censorship.
Stop Chat Control
From the outset, Chat Control was a proposal that aimed to introduce mass surveillance. That ambition is clearly still present within the Commission and among many of the member states in the Council. The Council failed to introduce mass surveillance but has succeeded in paving the way for new attempts. This applies not only to future proposals for mandatory chat control scanning every three years. This is part of a broader development in which private and secure communication is being challenged by forces seeking to introduce mass surveillance. ProtectEU is a rebranded Chat Control, aimed at banning encryption. National laws are trying to do the same. We need to put a stop to these attempts here and now.
We no longer have any active servers in France and are continuing the process of leaving OVH. We'll be rotating our TLS keys and Let's Encrypt account keys pinned via accounturi. DNSSEC keys may also be rotated. Our backups are encrypted and can remain on OVH for now.
Our App Store verifies the app store metadata with a cryptographic signature and downgrade protection along with verification of the packages. Android's package manager also has another layer of signature verification and downgrade protection.
Our System Updater verifies updates with a cryptographic signature and downgrade protection along with another layer of both in update_engine and a third layer of both via verified boot. Signing channel release channel names is planned too.
Our update mirrors are currently hosted on sponsored servers from ReliableSite (Los Angeles, Miami) and Tempest (London). London is a temporary location due to an emergency move from a provider which left the dedicated server business and will move. More sponsored update mirrors are coming.
Our ns1 anycast network is on Vultr and our ns2 anycast network is on BuyVM since both support BGP for announcing our own IP space. We're moving our main website/network servers used for default OS connections to a mix of Vultr+BuyVM locations.
We have 5 servers in Canada with OVH with more than static content and basic network services: email, Matrix, discussion forum, Mastodon and attestation. Our plan is to move these to Netcup root servers or a similar provider short term and then colocated servers in Toronto long term.
France isn't a safe country for open source privacy projects. They expect backdoors in encryption and for device access too. Secure devices and services are not going to be allowed. We don't feel safe using OVH for even a static website with servers in Canada/US via their Canada/US subsidiaries.
We were likely going to be able to release experimental Pixel 10 support very soon and it's getting disrupted. The attacks on our team with ongoing libel and harassment have escalated, raids on our chat rooms have escalated and more. It's rough right now and support is appreciated.