Skip to main content

Posts

Featured Post

Backdooring Cryptography - Two characters that break your SSL encryption

In this article, we demonstrate a subtle but devastating backdoor in finite-field Diffie–Hellman. By computing public keys modulo $p^2$ instead of $p$ while restricting the secret exponent to $x \leq p-1$, the discrete logarithm becomes efficiently recoverable using Fermat quotients. We show the full derivation and provide a working Sage implementation. Backdoors are always bad — but they are catastrophic when they are embedded in a fundamental primitive like Diffie–Hellman key exchange. If your browser shows a green lock, you assume your connection is secure. But what if the implementation of Diffie–Hellman contains a tiny change that looks harmless in code review — and yet allows an attacker to recover the private exponent in milliseconds? In this post I’ll show a nasty little backdoor that requires only a tiny modification: using a modulus of $p^2$ instead of $p$, while keeping the secret exponent bounded by $p$ This complete...
Post a Comment
Read more
Recent posts

Using funny tricks to pass AI filters

Jailbreaking ChatGPT’s Filters: How Far Can Clever Prompting Go? Modern AI systems have sophisticated guardrails designed to block copyrighted material, harmful content, and sensitive data. But how strong are these defenses really? For years I’ve been fascinated by where these filters actually operate — on the input, during reasoning, or on the final output? This isn’t about breaking laws. It’s about understanding the limits of current alignment techniques. Can you trick the AI to output content that should actually behind some filter wall? By a happy coincidence, since i am a big fan of Quanta Magazine, i stumbled over a nice related article for a few weeks [1] which influence this post.
Post a Comment
Read more

Three easy-to-miss mistakes that silently break cryptosystems

Most broken cryptosystems do not fail because the underlying mathematics is wrong. They fail because a seemingly harmless implementation choice quietly destroys the hard problem the scheme was supposed to rely on. In this post, I show three examples of exactly that: a Diffie–Hellman setup with weak primes, a matrix-based variant that leaks the exponent through Jordan blocks, and an elliptic-curve implementation that skips the point-on-curve check and can be tricked onto a malicious curve. None of these failures look dramatic at first glance. That is exactly why they are dangerous.
Post a Comment
Read more

The Dorabella Cipher (Part 5) - Is it a hoax?

There are some arguments that the Dorabella Cipher is actually not a real cipher, which are based on the existence of long strings of consecutive symbols with pair-wise different number of semi-circles. Using theory and practise i will show that this is actually not as suspicious as it may seem but it indeed maybe a hint that something is fishy. T here’s an argument that the Dorabella Cipher may not be a real cipher at all. The main reason given is that it contains long stretches where the number of semicircles alternates: adjacent symbols never have the same semicircle-count. In this post I’ll test whether that pattern is actually as suspicious as it sounds.The Dorabella Cipher has remained unsolved for about 130 years. While looking for recent discussion and solution attempts, I went well beyond the first page of Google results and found several excellent deep-dive blogs. One post on ...
Post a Comment
Read more

Counting Points on Elliptic Curves - Part 1 - Easy Cases

For decades, elliptic curves were regarded as beautiful but highly theoretical objects. While elliptic curves over finite fields naturally form groups, one fundamental problem remained computationally difficult: counting points on elliptic curves . In particular, determining the exact size of the group \( E(\mathbb{F}_p) \) was infeasible for general curves. Before the mid-1980s, counting points on elliptic curves was practical only for very special families, such as curves with complex multiplication. This severely limited their cryptographic applications. Early public-key cryptography therefore relied instead on multiplicative groups of finite fields, where the group order is easy to compute. Everything changed with Schoof’s algorithm. For the first time, it showed that counting points on elliptic curves over finite fields can be done in polynomial time. This breakthrough removed a major barrier to using elliptic curves in cryptography. Today, efficient point counting is ...
Post a Comment
Read more

Kryptos - The Cipher (Part 6-b) - A hidden word in K2

A hidden word can be extracted from the Kryptos K2 cipher — possibly inserted intentionally by Jim Sanborn. Could this reveal a clue about Kryptos K4, or is it simply a coincidence? In Part 6-b, i want to show another finding from years ago, which probably many people didnt know. It is about K2. Below you see on the left the ciphertext (I) as it can be found on the Kryptos statue. Decoding it with "ABSCISSA", yields the plaintext (I) on the right.
1 comment
Read more

Kryptos - The Cipher (Part 6-a) - The Kryptos Mini Sculpture - Sanborns' Proof-Of-Concept

During the Christmas period, I spent many hours reading news articles and forum discussions about Kryptos. I reread some of the old topics on the Yahoo Kryptos Group. It is always surprising to see the findings from many years ago that have somehow been forgotten. I don't mean they're forgotten, just not on the current radar. Especially three topics raised my attention: The Pre-K, i.e. Mini Kryptos Sculpture The reveal of the word ASTATOS in K2 The W-splitting phenomenon In this post, I want to show how these topics might be connected. This post covers the first of the three points, Parts 6-b and Part 6-c follow the next days.
2 comments
Read more