Popular:
Virtualization DNS security formal verification reachability analysis compiler errors macro conflict web extension development framework Bitmap Graphics API inconsistencies All Tags

Apple iMessage: Encryption Isn't Enough

2025-03-06
Apple iMessage: Encryption Isn't Enough

While Apple iMessage boasts end-to-end encryption since 2011, its messages are permanently stored on devices and default to iCloud backups, creating a privacy vulnerability. Despite strong encryption, including post-quantum security, the lack of features like disappearing messages puts it behind other messengers in protecting user privacy. The article urges Apple to improve and add a disappearing messages feature to better safeguard user data.

Read more
(blog.cryptographyengineering.com)
Tech

UK Secretly Demands Apple Weaken iCloud Encryption: A Privacy Nightmare

2025-02-12
UK Secretly Demands Apple Weaken iCloud Encryption: A Privacy Nightmare

The UK government secretly demanded Apple weaken the end-to-end encryption in its iCloud Advanced Data Protection (ADP) system, raising major privacy concerns. This system is designed to protect user data from unauthorized access, but the UK's request would allow it to secretly access user data. This not only threatens the privacy of UK users but also sets a dangerous precedent for other countries, potentially jeopardizing global data security. The author urges Apple to accelerate the rollout of end-to-end encryption and suggests US legislation prohibiting US companies from installing encryption backdoors at the request of foreign governments.

Read more
(blog.cryptographyengineering.com)
Tech iCloud encryption privacy security government regulation

The Random Oracle Model's Achilles' Heel: New Challenges to Blockchain Security

2025-02-06
The Random Oracle Model's Achilles' Heel: New Challenges to Blockchain Security

This post delves into a long-standing issue in cryptography: the Random Oracle Model (ROM). Widely used to prove the security of cryptographic schemes, ROM's assumptions are unrealizable in the real world. The author analyzes a paper by Khovratovich, Rothblum, and Soukhanov, revealing potential practical attacks on Fiat-Shamir based zero-knowledge proof systems. These attacks exploit vulnerabilities that can arise when replacing the ROM with real-world hash functions. As zero-knowledge proofs and their recursive applications in blockchain become more prevalent, the author highlights the significant security risks, potentially leading to system-wide failures. The post emphasizes the crucial need for rigorous security audits of programs used in proof systems and explores various attack scenarios, ranging from relatively mild to catastrophic, prompting a deeper examination of blockchain security.

Read more
(blog.cryptographyengineering.com)
Tech random oracle model blockchain security

AI vs. End-to-End Encryption: A Privacy Showdown

2025-01-17
AI vs. End-to-End Encryption: A Privacy Showdown

This article explores the clash between AI and end-to-end encryption. The rise of AI assistants necessitates off-device processing of increasingly sensitive data, challenging the privacy protections offered by end-to-end encryption. While companies like Apple are attempting to mitigate this with 'Private Cloud Compute' and trusted hardware, this approach relies on complex software and hardware security, falling short of a perfect solution. A deeper concern lies in the control of powerful AI agents; once deployed, access becomes paramount, raising the specter of government or corporate access compromising personal privacy.

Read more
(blog.cryptographyengineering.com)
Tech AI privacy end-to-end encryption