Chelsea Komlo
@chelseakomlo
Followers
6,896
Following
519
Media
168
Statuses
4,587
Explore trending content on Musk Viewer
Taylor
• 415462 Tweets
#LondonTSTheErasTour
• 182605 Tweets
Florida
• 172043 Tweets
Rep TV
• 87905 Tweets
Xbox
• 84336 Tweets
Palmer
• 80375 Tweets
Joker
• 77018 Tweets
Mafia
• 71898 Tweets
Román
• 66387 Tweets
Sinner
• 64965 Tweets
Logan Act
• 59837 Tweets
FLORENCE
• 59368 Tweets
Unrealized
• 45268 Tweets
Howell
• 39509 Tweets
Terry
• 37563 Tweets
So Long London
• 36082 Tweets
Volkan Bayarslan
• 33513 Tweets
Getaway Car
• 33502 Tweets
Riquelme
• 28724 Tweets
Bahia
• 26465 Tweets
バニーの日
• 25966 Tweets
Secret Level
• 25704 Tweets
Borderlands 4
• 24573 Tweets
#ICanDoItWithABrokenHeartVideo
• 21182 Tweets
Copa do Brasil
• 20433 Tweets
#KohLanta
• 20402 Tweets
#خروج_رايد_اسماعيل_مطلبنا
• 18120 Tweets
#BlackMythRTX
• 16537 Tweets
jack antonoff
• 16131 Tweets
Juventude
• 16088 Tweets
Phil Foden
• 15674 Tweets
TTPD
• 15326 Tweets
Indiana Jones
• 14262 Tweets
بن نافل
• 10571 Tweets
PSA: ECDSA is a patent workaround that we were forced into because of the patent on Schnorr signatures and this is why math shouldn’t be patented
16
49
407
Huge congrats to those that work to make
@torproject
accessible and free to anyone anywhere. Lots of blood, sweat, and tears go into Tor behind the scenes, so happy to see this well-deserved recognition for the team.
0
65
353
It is an honor to be able to support
@torproject
in this way, and to do my part to ensure that the Internet remains free and open to anyone, anywhere
And
@chelseakomlo
, cryptography and privacy researcher and engineer. Join us in giving them both a warm welcome! 🧅🤗
3
18
125
9
31
296
New (and first!) blog post on a topic I am starting to do work in- lattices. Lattice cryptography is really interesting! This post is a tiny introduction to several hard problems in lattice crypto. I'll publish a part 2 on lattice-based key exchanges soon.
12
75
250
Really happy to have received news yesterday that myself,
@e1izabethcrites
, and Mary Maller won the Best Early Career Paper Award at Crypto 2023 for our paper “Fully Adaptive Schnorr Threshold Signatures” 💪💃😊
22
21
189
This is why end to end encryption matters. Shame on Facebook for providing private messages between a mother & daughter as incriminating evidence, and misleading their users into thinking their conversations are private.
5
58
177
After 3 years and 12 drafts, the RFC for FROST is finally complete! We hope this makes implementing FROST easier with fewer bugs 🐛
Thank you to everyone who helped by reviewing FROST security, submitting comments, and implementing the draft, this truly was a team effort 🙌💪
It's finally published!
RFC 9591 The Flexible Round-Optimized Schnorr Threshold (FROST) Protocol for Two‑Round Schnorr Signatures
Amazing work by
@chelseakomlo
,
@durumcrustulum
, Ian Goldberg and Christopher Wood.
Happy to have helped it a bit!
5
44
133
11
42
156
The most valuable thing as a cryptographer (to me) is having people who have tried to use your work tell you all of the ways it is hard to use or could be better. That feedback is so critical to trying to design something relevant enough to be considered for real-world use.
5
16
154
I am excited to announce our work “Walking Onions: Scaling Anonymity Networks while Protecting Users”, a set of protocols allowing networks like
@torproject
to scale while requiring only constant bandwidth cost to clients without degrading security
3
61
140
This story just completely blows my mind- good reminder that biometrics are not fail safe and once leaked, cannot be rotated
1
49
131
The further into post quantum crypto I go, the more obvious it becomes how completely spoiled we’ve been with Diffie Hellman and how many DH based schemes do.... not map so nicely into PQ variants
8
21
128
One application of threshold cryptography that I would love to see more of in practice is within multi-factor authentication- i.e, if a device is lost, a user can still be logged in and later revoke the lost device, assuming a sufficient number of other available devices.
7
26
126
I’m excited to be joining the
@ZcashFoundation
team! I’ll be working on a part-time basis as I continue with my graduate work at
@UWCrySP
. Thankful for the opportunity to continue contributing to privacy-enhancing technologies used in practice.
🎊
@chelseakomlo
has joined the Zcash Foundation as a core engineer!
We are delighted to welcome Chelsea to our technology team 🤗
3
8
50
10
13
120
Thread: Brave‘s “decentralized VPN” (which to you should read as “routing my traffic through someone’s else’s computer”) unfortunately has fundamental privacy flaws. Let’s take a look at a few.
3
42
114
Proposal: Someone 1) take all the research written on anonymity networks so far, 2) quickly repurpose it for cryptocurrency networks, 3) publish it, to (please dear god) avoid this long tail of painfully relearning every privacy lesson over again but in the context of bitcoin.
5
15
113
More of: cryptography whose primary motive is to be good for the world.
Less of: cryptography that is intended to advance individual careers or egos.
6
13
107
A cryptographer's two moods. 1. Look at this idea I had to solve this open problem, absolutely amazing. 2. Wow hahaha look at how broken my idea was, what was I thinking.
2
14
108
Hi normally I tweet about privacy and cryptography, but right now my country is trying to start an unnecessary war, and that is terrifying. I also just read the words implying we might "bumble into war" WTH is going on
#NoWarWithIran
7
25
102
In spite of these extremely difficult times, it’s still important to celebrate the bright spots! Excited to say that Walking Onions, our work on scaling Tor, was accepted to USENIX Security 2020!
5
18
102
Proving the security of Schnorr multi/threshold signatures is notoriously difficult (due to concurrency). We just put out new work on improved techniques to prove security of these schemes, and use these techniques to prove the security of MuSig2 and FROST
5
28
98
It’s up! I am excited to announce an extended abstract of our upcoming work on FROST, a Flexible Round-Optimized Schnorr Threshold signature scheme that enables one-round asynchronous threshold signing. This is joint work with
@ZcashFoundation
and
@UWCrySP
3
28
88
Growth as a cryptographer is not measured simply in the number of clever ideas you have, it is also measured in your ability to break your clever ideas before someone else does!
4
8
85
I’ve called my Republican senator
@SenCoryGardner
multiple times in the past few days to say that Kavanaugh is (obviously) morally unfit for the Supreme Court. Violence against women (or anyone) is unacceptable, anytime, anywhere. Sexual abuse shouldn’t be a partisan issue.
5
15
80
It was such an honor to receive this award and is an inspiration for the future, thank you again!
It has also been a wonderful experience to collaborate with
@e1izabethcrites
and Mary Maller- they are both amazing people as well as talented cryptographers ❤️💪 🙌
I am truly grateful to have received the Best Early Career Paper Award at CRYPTO for “Fully Adaptive Schnorr Threshold Signatures” with
@chelseakomlo
and Mary Maller. Thank you to the Chairs, Britta Hale,
@annalysyanskaya
, and Helena Handschuh and PC for this tremendous honour!!
7
3
83
8
7
82
Thank you to everyone for the kind words. I hope we can make things better for people in the community now and in the future. Thank you to those who are advocating for positive change.
0
2
75
Here I sit, a fool designing cryptography resistant to attacks by quantum computers, while my government proposes just outlawing cryptography as we know it
3
25
72
In this work, we present a fully adaptive proof for a simple three-round threshold Schnorr scheme. We’ll release a similar fully adaptive proof for FROST soon, stay tuned!
9
15
74
I recently gave a talk to a cryptography reading group on the paper "To Label, or Not To Label (in Generic Groups)"- I typed my notes here for anyone interested!
Thanks to
@alinush407
for the inspiration and early review!
3
13
74
Finally getting around to posting part 2 in this series on lattice-based cryptography! This post gives a high-level sketch of an early lattice-based key exchange protocol and a brief review of more recent work since its publication.
New (and first!) blog post on a topic I am starting to do work in- lattices. Lattice cryptography is really interesting! This post is a tiny introduction to several hard problems in lattice crypto. I'll publish a part 2 on lattice-based key exchanges soon.
12
75
250
2
21
71
I wrote a note on end-to-end encryption (E2EE) with Britta Hale, in which we review how intuitive notions of E2EE do or do not map onto existing notions of encryption.
2
27
74
The fallout that will follow the
#tiktokban
will be awful. Other countries will make similar demands of U.S companies, empowering dictatorial governments that seek to make the Internet a walled garden for their citizens. And in the U.S, a normalization of nationalized censorship
3
35
70
The video of
@isislovecruft
and me talking about integrating
@rustlang
into a large C codebase at
@rustconf
is up! Thanks to conference organizers and everyone who helped!
2
28
72
me, thinking of some new cryptography idea involving polynomials: absolutely genius, this will totally work.
me, working through the proof: polynomials were a mistake.
3
3
69
It can be hard to find good introductions to the mathematical theory of elliptic curves; these course notes are quite good
2
18
67
So excited to talk at
@USENIXSecurity
about our work on Walking Onions, a design to meaningfully scale anonymity networks like
@torproject
!
0
15
62
Inspired by
@matthew_d_green
, I tidied up my notes on the forking lemma and several variants thereof! With a tiny discussion of why each variant is useful for tighter security bounds or general applicability to the proof. As a warning, it is very dry :)
13
19
66
The real secret why many cryptography researchers don’t blog is because HTML and CSS are hard.
6
4
64
I’m supporting
@isislovecruft
and you should too. Just because
@peterktodd
has a lot of Bitcoin money/notoriety doesn’t mean he can shut up people who he has abused.
as many know, i’m being sued by Peter Todd for calling him a rapist. the lawsuit has been stressful and costly, to put it mildly. thanks to so many of you who have graciously offered donations and support—you can find details of how to do so here:
10
155
274
1
15
58
What is the word for the level of discipline you need to finish the last 10% of a project that is 90% done.
20
2
62
One thing that amazes me is how often really useful cryptography is forgotten about. One of my favorite papers is by Laing/Stinson on (untrusted) recovery/generation of new shares for Shamir-based schemes. These results also apply to threshold signatures!
4
11
61
Had so much fun giving a
@rustconf
talk with the unparalleled
@isislovecruft
on the successes and challenges of using Rust in a large C codebase- also really enjoyed meeting others in the
@rustlang
community! (Our talk will be posted online later)
3
5
61
We published the final version of our work on post-quantum updatable public-key encryption yesterday! Applications include improving forward secrecy for secure messaging protocols in asynchronous group settings (i.e, MLS and Signal)
1
10
58
This week, my coauthor and I discovered a break in the extremely nice scheme we’ve been working on for the past four months 😭
6
0
61
Thrilled to speak at
@rustconf
with the amazing
@isislovecruft
on integrating
@rustlang
into tor. We look forward to talking about FFI, memory management, and all the ways strings are challenging. Overall, it has been a great journey for Tor and we are excited to talk about it!
super excited to be speaking at
@RustConf
this summer with my friend and
@torproject
colleague
@chelseakomlo
about some of the successes and unexpected challenges we've had integrating
@rustlang
into tor ✨👩🏻💻✨
4
12
76
1
12
55
One of my favorite conferences
@PET_Symposium
is starting today! I’ll be live tweeting during some the talks this week in this thread
3
16
54
Studying quantum algorithms, a summary. 1) Grok the double slit experiment and believe that quantum mechanics exists 2) abstract to probabilities over vector spaces, 3) do computer stuff. Go
2
8
53
Recommended series of lattice key-exchange papers (in reading order): Ding et al 2012, Peikert 2014, BCNS 2015, NewHope, 2016. These build on each other and the improvements between each paper is clearly described.
4
15
55
Working my way through why ElGamal is not semantically secure for bilinear groups & linear encryption is needed. Would anyone be interested in a short writeup? It is simple but this knowledge seems implicit in the literature; curious if typing it up would be helpful to anyone
12
1
54
To cryptography reviewers, too. Simple techniques does not mean arriving at the solution was easy or the result is trivial.
To all FOCS reviewers and PCs. When a paper resolves a long-standing question for one of the most fundamental problems in TCS using simple techniques, and you argue that the paper should be rejected because the technique is simple, you are taking the field backward.
5
20
309
2
6
54
In light of how important anonymity is to user privacy, I review some security requirements necessary to use mixnets in practice; including the needs inherent to large-scale distributed networks, open-source software projects, and end-user products.
2
24
52
Being a cryptography researcher can be rough, producing work with real-world impact can result in what feels like death by a thousand cuts. But thankful today for colleagues that are committed to doing the right thing. And I will share more about CRYPTO acceptances next week!
1
4
52
To summarize our work on proving the security of Schnorr threshold schemes, I wrote a guest blog post describing the security model for FROST and two three-round schemes, and explain why these schemes diverge
6
21
51
Can confirm credible stories about Nadim Kobeissi are in whisper networks in tech/security.
2
20
50
On my way to Santa Barbara for my first ever in-person CRYPTO! Hope everyone sticks around for the threshold signatures session on Thursday August 18 at 1pm PST (dead last but hopefully not the least!)
2
1
52
In light of the Apple discussion, can we start a thread about human rights groups that have been categorized as national security threats in the past? So that the consequences of even the smallest increase in scope in client-side matching (to violent extremism) is crystal clear?
6
14
51
Our
@RealWorldCrypto
talk "From Theory to Practice to Theory: Lessons Learned in Multi-Party Schnorr Signatures" is up! Thanks to everyone for a fantastic conference and great conversations.
0
11
51
Acceptance to conferences is nice but the best part is knowing that people are rooting you on and excited about your work. Thanks to everyone for the encouragement, it makes all the difference :)
2
0
50
Sunday’s reading is even deeper into the stack of UC papers; starting to have a clearer picture of the subtle tradeoffs between UC and games
5
1
49
This is jaw-dropping, wild news and should be criminal
2
7
49
I wrote Part 2 on lattice-based cryptography, this time focusing on an early but simple lattice-based key exchange protocol that is “Diffie-Hellman like” and how more recent lattice protocols submitted to the NIST PQ competition build upon this work.
1
12
48
Excited about our work on scaling Tor! We will be releasing a technical report soon and publication forthcoming.
Ian Goldberg from
@UWaterloo
spoke at our seminar on how to scale up Tor (work with
@chelseakomlo
and
@nickm_tor
)
0
5
11
1
4
44
For anyone who needs to hear this, some of the best cryptographers I know have a <~50% conference acceptance rate.
3
2
43
The answer is literally always polynomials
@Zac_Aztec
Reed - Solomon code: Polynomial
Zero-Knwoledge Proof Systems: Polynomials
Secret Sharing: Polynomial Evaluations
Identity Testing: Polynomials equal?
FFTs: Polynomials
FRI: FFTs-> Polynomials
SNARK: Polynomials
STARK: SNARK
Security Parameter: Polynomial
Lagrange: Polynomial
5
8
100
3
5
42
To anyone working on real-world cryptography- what would you like to see more of in cryptography research for 2024?
Readable papers? Performance measurements? Accounting for specific failure cases? More PQ? Acceptance of non-standard assumptions? Solving certain problems?
12
5
33
It is a dismal sign when an org revolves around an individual member so much that they bring them back even after acknowledging their abuse. The FSF is clearly unwilling to evolve to new leadership/perspectives. There are *so* many other (more) qualified candidates for this spot
Statement of FSF board on election of Richard Stallman (RMS):
215
107
307
3
4
40
Literally *everything* in my timeline right now is about the NIST announcement :)
2
1
40
We just published a version 5 of the FROST spec! This change introduces better derivation of randomness for nonces and other improvements. We hope to be getting close to completion, so please take a look!
2
12
40
Completely blown away! 🌈🙌
There are eight minutes left and
@jespow
has bid 200 $ETH / $804K for 'Dreaming at Dusk' in the name of privacy online. Thank you 💜
7
10
59
1
4
34
Also apparently Todd thinks getting declarations against Isis from previously-known rapists like Jacob Appelbaum is a winning move. This is gross and it’s hard to watch
@isislovecruft
be dragged through this. Please support them.
I’m supporting
@isislovecruft
and you should too. Just because
@peterktodd
has a lot of Bitcoin money/notoriety doesn’t mean he can shut up people who he has abused.
1
15
58
0
14
35
My coauthor: What will you write the implementation/reduction in? Sage? Python?
Me: Rust. Always Rust.
1
2
38
Excellent reminder that cryptography doesn’t by itself solve human problems; it just shifts trust. You can’t avoid the hard problem of choosing *where* to place that trust, even if fancy cryptography is used
What we should not do is assume that *because we’ve improved the cryptography* we’ve solved the hard problems.
Ultimately cryptography is the science of “moving trust from one place to another.” And this solution simply shifts the attacks from one area to another.
2
7
51
2
10
37
I’m going to do an impromptu thread on E2EE and why it’s needed *now* and even simple non-forward secure encryption is a fine first step when it’s literally a matter of life or death for the most vulnerable
This is why end to end encryption matters. Shame on Facebook for providing private messages between a mother & daughter as incriminating evidence, and misleading their users into thinking their conversations are private.
5
58
177
1
11
37
Defining how to perform distributed key generation in practice is *hard* - the FROST RFC only shows how to perform trusted key generation in an appendix. Very excited to see this work on ChillDKG!! 🙌💪❄️
@real_or_random
and I published the first BIP draft of ChillDKG: Distributed Key Generation for FROST. It specifies a protocol for trustless creation of a threshold setup, e.g., for use in t-of-n wallets.
ChillDKG is standalone: it doesn't require external secure channels or a
22
49
151
1
7
36
#MatterLabs
shame on you. You are standing on the shoulders of giants who gave away their work for free to allow our field to flourish. ZK is a public good
ZK is a public good that should belong to everyone.
Matter Labs, the corporate entity behind
@zksync
, has filed trademark applications in nine countries, claiming ZK as its exclusive intellectual property, even though they neither created nor contributed to the creation of this
2K
315
2K
0
1
36
LITERALLY WHY WAS AT&T KEEPING CALL RECORD LOGS LINKED WITH GEOGRAPHIC METADATA
STAGGERING: Nearly all
@ATT
customers' text & call records breached.
An unknown entity now has an NSA-level view into Americans' lives.
Damage isn't limited to AT&T customers.
But everyone they interacted with.
Also a huge national security incident given government customers
404
5K
12K
3
6
36
I participated in the NIST threshold workshop today- it is a huge effort and hopefully helpful to the wider adoption of advanced crypto!
I’m also happy to say that we have an *amazing* team for a FROST submission; thanks to everyone involved 🎊 💪
2
8
36
As the CRYPTO submission deadline looms, regular reminder to cite all authors on a paper and not just the lucky first author that is further up in the alphabet. Let’s be a community that gives credit properly when it is deserved!
9
1
36
What is the reasoning for including citations in the max page count for conference submissions? I can't think of any positive reasons for this, and at worst, it disincentives giving credit for prior work in the literature.
1
3
36
It’s a cruel thing to expect cryptographers to produce visually appealing conference slides with minimal text
2
0
35
Conferences should be safe to attend. Welcoming white nationalists is unacceptable as it puts others at risk. I’m proud to have signed this and expect swift action from
@hopeconf
3
10
33
My favorite rump session so far- hot crypto summers, drama based cryptography, and solving the fighting cryptographers problem
#crypto2022
3
2
34
Happy Monday! I (finally) finished an informal writeup that aggregates my notes on techniques to prove the security of Schnorr signatures and variants thereof. Hope you enjoy!
1
5
34
How is it possible that installing formal verification tooling is this painful
4
1
33
Starting to realize how many things in cryptography reduce to bit decomposition and quite sad about it 😭
6
0
32
The way that it penalizes failure and rewards fast thinking. Instead, failure should be a positive learning tool, and we should give slow thinkers (like myself) all the time in the world to solve problems
1
2
33
I gave my first in-person lecture since the pandemic started and it was such an 15/10 amazing experience!! In case anyone is interested, I posted slides here- the talk is about attacks and fixes for distributed key generation protocols:
3
4
32
Same with cryptography!
One of the most misleading things about learning mathematics is that you are seeing the *output* of a great deal of trial, error, sweat, and tears, presented as if it’s obvious, or at best a product of cleverness.
87
455
4K
1
6
33