This is a brief post sketching out a synthetic style of cryptography. In this style, one doesn’t appeal to any kind of complexity theory, probability, or even adversary.

Recently, I’ve been working on a threshold ECDSA protocol—and its implementation—called Cait-Sith. I thought I might write a little blog post to talk about it.

The typical presentation of theoretical cryptography has one central goal: defining what it means for cryptographic objects to be “secure”. I think this goal is misguided.

This is a short post on distributed key generation (DKG) in the context of cryptographic groups, such as elliptic curves.

I’ve been playing around with STARKs lately, meandering my way towards a toy implementation.

Let’s talk about one of my favorite cryptography papers.

In this post, I’d like to provide a technical introduction to key encapsulation mechanisms (KEMs), with a focus on proving the security of various constructions.

Many topics in cryptography on this blog so far, but not many basic topics. This post is a crack at providing such an approach. With luck, it should bring utility to unfamiliar folk, but also grins for folk familiar with this art.

Many cryptographic protocols attempt to satisfy a notion of “identifiable abort”, where if a malicious party causes the protocol to prematurely halt, then they can be detected. In practice, I think that this notion isn’t all that useful.

This blog post is an introduction to state-separable proofs, a technique for proving the security of Cryptographic schemes.

This is just a brief post going over a few books on Cryptography I’ve read, and would potentially recommend to people interested in the topic.

The protocol so fun you have to implement it! Like I did recently.

When proving security, Cryptographers often model hash functions as random oracles, which act like random functions. In practice, hash functions are different from random oracles. The question is: does this difference impact security?

Monero is a cryptocurrency which claims to be “private, and decentralized”. One of Monero’s main tools towards this privacy is the ring signature. Ring signatures allow you to sign on behalf of a group, without revealing which member of the group you are. They can be constructed as an elegant extension of Schnorr signatures, and aren’t all that hard to understand either.

The ECDSA signature scheme is quite ubiquitous, used everywhere from TLS to various cryptocurrencies like Bitcoin. Funnily enough, it turns out that it suffers from a few malleability issues, although I doubt these pose a serious issue in practice.

Twitter’s Bluesky initiative created a little challenge where the goal was to verifiably link different digital identities together. This is my attempt at this.

How do Bitcoin’s new Taproot signatures interact with the good old key derivation methods from BIP-32? It turns out that the answer isn’t all that straightforward.

Designing a hash function where the order of inputs doesn’t matter is surprisingly easy.

It turns out that all you need to make a signature scheme is a way to prove your identity.

Recently, I made a toy E2E encrypted messanger, called Nuntius. I had fun tinkering on it, and thought that some of the cryptography involved would be fun to explain.

End-to-end encryption is a very appealing guarantee of privacy, and more applications want to provide this guarantee. Web applications are popular, and they want to implement this functionality in the browser. What kind of guarantees does a user still have with a web app, served to them dynamically?

Recently, I’ve been working on a little encryption tool called Nimotsu. My goal with this project was to implement all of the cryptographic primitives involved. I had a lot of fun doing so, and thought it would make for an interesting blog post.

Over the past couple months, I’ve been working on a library for constant-time Big Numbers in Go. I think it’s about time that I presented a bit of this work.