poetry Taxonomies This is one of my favorite poems. There's no interesting story behind it: I picked up a book [https://www.booksmith.com/book/9781619027381] for its cover (at a time when I wasn't accustomed to buying books of poetry) and it's stayed with me
crypto Notes on anonymous credentials Best anonymous credentials that don't use pairings: Single show, no attributes, symmetric issuer: Privacy Pass; uses VOPRFs Multi show, attributes, symmetric issuer: CMZ14 (original, https://eprint.iacr.org/2013/516)/CPZ19 (group element attribute variant, https://eprint.iacr.org/2019/1416); uses "algebraic MACs" and categorically
crypto Notes on threshold signature schemes A threshold signature allows a subset t of a group of n possible signers to collectively produce a signature for the entire group. The simplest ones tend to use some distributed key generation [https://en.wikipedia.org/wiki/Distributed_key_generation] ("DKG") based on verifiable secret sharing [https:
social media Humanist social networking Despite their name and ostensible purpose, social networks aren't very human. To companies, engineers, and advertisers, the emphasis has been on network, not social. We flatten users into profiles and communities into graphs. While it's certainly convenient for databases, it's an utter failure at
crypto Adding privacy to legacy protocols with zero-knowledge proofs Last January, Adam Langley did a really cool thing. He grafted zero-knowledge proofs [https://www.imperialviolet.org/2019/01/01/zkattestation.html] onto an already-deployed, non-upgradable hardware system, thereby gaining privacy that the original design never allowed. I am VERY EXCITED ABOUT THIS. It's an existence proof for
How to lock down your Google account If someone has access to your Google account, they have immense power to track or impersonate you. Whether they broke in, stole a computer, or you gave them access and now want them gone, here's what you can do to kick them out. First, get a computer you
Advice for conference speakers I've spent many hours working on tech conference talks [https://speakerdeck.com/gtank] over the past few years. I've spent even more time than that helping other people refine their talks, everything from startup pitches to lectures on cryptographic research, and after a recent week of
crypto Efficient Private Contact Search Recently, a friend [https://twitter.com/filosottile] and I indulged in the very normal spring weekend activity of discussing the Signal contact discovery problem [https://signal.org/blog/contact-discovery] in the park. The contact discovery problem is this: a service holds a list of all registered users, and an individual
Modern Alternatives to PGP Did your last Yubikey just break? Perhaps you forgot an offline backup password. Maybe you're just tired of living like a spy [https://gist.github.com/grugq/03167bed45e774551155] and never using smartphones. Whatever it is, you're here, and you're finally ready to give up
crypto A Macaroons Reading List Macaroons are one of my favorite cryptographic constructions. They were almost the first one I really understood, and they heavily influence my designs [https://privacypass.github.io/] for anything involving authorization. There's a lot to love about macaroons. They're elegant and fast. They're secure
tor Getting Started With Tor Development Introduction Tor [https://en.wikipedia.org/wiki/Tor_%28anonymity_network%29] is an anonymity and censorship circumvention tool that uses a network of relays around the world to mask the origins and destinations of traffic. It's used by researchers, journalists, and activists all over the world, as well
