Today, we are publishing several practically-exploitable cryptographic vulnerabilities in the Matrix (
@matrixdotorg
) standard and their flagship client Element, with Daniel Jones (
@djwj_
), Benjamin Dowling (
@dowlingbj
) and Martin R. Albrecht (
@martinralbrecht
).
My boyfriend and colleague is detained for 19 days now. In his words:
"The leaders of the world are waging a war against knowledge. The case against me is based on the books I've read and the technology I have."
#FreeOlaBini
I'm very happy to announce that from next week I'm joining
@brave
to work on privacy, post-quantum, research, and more! Sad of leaving my colleagues but excited for the future!
Ola Bini está detenido por 59 días. Escribe en una carta desgarradora: "Es como si fueran dos mí, el regular y la sombra, y susurra pensamientos oscuros en mi oído todo el tiempo, todos los días son una pelea". Por qué está sufriendo esto? ...
#FreeOlaBini
Happy birthday, Ola. Hope it was ok from your prison cell in one of the horrible Ecuadorian prisons. Hope you can sleep in the cardboard. Hope you eat something as you looked so skinny and malnourished. Hope the situation in the prisons in Ecuador change. I miss you.
#FreeOlaBini
Announcing the lattice-based cryptography club! Do you want to learn this type of cryptography? Find resources here: Beautifully curated by
@octaviopk
and me. Thank you
@Leptan
@mfesgin
@cryptocecy
and more for allowing us to put your amazing thesis there!
Wow!! Our paper "Practically-exploitable Cryptographic Vulnerabilities in Matrix" got the Distinguished Paper Award (DPA) at
@IEEESSP
, 2023. So wonderful! Happy for my co-authors
@martinralbrecht
@DowlingBJ
@djwj_
and this amazing work!
I'm currently reading 'Mastering Go', 'Programming Language Pragmatics' and 'Compilers: Principles, Techniques, and Tools'. I'm loving them.. any other suggestions for someone learning programming language design and compilers?
@pati_gallardo
@johnregehr
Hey! I'm looking for a new job where I can show my C, Golang and cryptographic skills, while I still help the nice NGO I work for. I you know of something, let me know ;)
My beautiful research team at
@brave
has now a simple page with all our papers and blogs. So, if you are interested in our work, working with us or more, take a look:
Wrote a very quick blogpost on past and upcoming post-quantum signatures: (to keep on my mind what to keep track). Conclusion: many research still yet to come!
Inspired by
@CryptoHack__
;)
Thread around Latttice-Based Cryptography Reading
For the past few months, with some amazing people, we have been learning lattice-based cryptography.
These are some useful resources:
Lo que pasa en el caso de Ola Bini es una criminalización del conocimento, del estudio, de tener cosas, de ser amigo de alguien. Porque es ahora un crimen estudiar, saber específicamente sobre una materia o tener dispositivos electrónicos. No es justo.
#FreeOlaBini
Today, it is two years since I have been able to fully work on cryptography (and security) research. As I don't have a master or PhD in CS (or bachelor in it! ;)), I have considered these two years as intense learning and producing (my own masters). I'm very with the results!
My first crypto paper: 'A Fast and Simple Partially Oblivious PRF, with Applications' with amazing Nirvan Tyagi,
@TomRistenpart
, Stefano Tessaro,
@__caw__
and
@grittygrease
:
Hey!
A version 4 of the OTR protocol is now out! If you are a cryptographer, security research or someone that cares about privacy, take a look at it! :)
#OTR
#OTRv4
The draft and the discussion in the mailing list:
Woo!! The 'Practically-exploitable Cryptographic Vulnerabilities in Matrix' is now accepted to IEEE S&P 2023!! Amazing!! Here we go:
@martinralbrecht
@djwj_
@DowlingBJ
One of the things of which I'm proudest lately is that while being alone, depressed, with at least one suicide attempt, with some people being a dick to me, I managed to keep the work of OTRv4 alive, and even make the summit happen. And that is the best for me.
Jeremy Hammond has already served most of his 10 year sentence. Now he is asked to testify before a Federal Grand Jury, like
@xychelsea
. This is completely unfair and should not happen.
#FreeJeremyHammond
Next week is my final week at Cloudflare. Sad but also excited for what comes next (details coming soon)! The world of post-quantum and privacy will continue ;)
As Latincrypt2023 in Ecuador is wrapping up, we will like to thank everyone who made this conference possible. Here is the amazing people with the Antisana in the back. Antisana sits at the humble height of 5,753 metres. This is cryptography of altitude.
Today, I managed to buy my own personal domain for the first time! Finally, had some money to invest into it. And then I put it on Cloudflare. Very happy with it ;)
I constantly feel that I'm not doing enough at my job or that I'm not good enough for it. I feel deeply unqualified for my field regardless of anything. Any thoughts on how to shake off those feelings?
Ola Bini está detenido por 60 días ahora. Son dos meses ya. En una carta escribe: "La verdad es que es la fiscalía la que no ha estado interesada en colaborar. No está bien hacerme responsable y castigarme por eso." Por qué sigue detenido?
#FreeOlaBini
Yes! I always get shocked when native English speakers have to learn another language, work in that language and show it as an achievement. Almost all the rest of the world usually have to learn English and work in English, without any recognition.
Ola Bini is detained for 65 days now.His father says: "My son is imprisoned without knowing what he is accused of and without evidence.He has become a political pawn in a large game where the US is also involved".Why is a friendship condemned?
#FreeOlaBini
With George from
@torproject
,
@mmaker
and
@__caw__
, we decided to create an amazing website for anonymous credentials schemes: , a taxonomy for them all. Want to collaborate on it? Ping us! <3
Congratulations! Your paper "FrodoPIR: Simple, Scalable, Single-Server Private Information Retrieval” has been conditionally accepted to
@PET_Symposium
2023.." very great news!! Paper will be on eprint soon :). Great work with
@alxdavids
and
@gpestana
from
@brave
!
I will be at the
@PET_Symposium
next week! We will be presenting FrodoPIR, a simple, scalable, single-server PIR scheme: we have the presentation with
@alxdavids
and a beautiful poster with me ;) (also, check the presentations from
@AliShahinShams1
)
Today is my birthday! Two years ago, I was in abusive situation. Las year, I was in exile. And now in lockdown. But things have looked up and I'm very happy for this year ;)
Today: the last posts of the post-quantum blog post series at
@Cloudflare
!! The beautiful announcement comes: we are migrating all internal connections to use post-quantum cryptography!!
Ola Bini is detained for 66 days now. Yesterday, he gave the statement for over 5 hours. Never I have heard of such a long time for a statement. His defense has also asked for a habeas corpus. Why is he detained still?
#FreeOlaBini
Security/Privacy Researcher job
@brave
, joining our super productive and openly publishing Research Team.
Security/Privacy Researcher at Brave
London - Remote
Please spread the word :) 🦁
Register for WinC (Women in Cryptography) Coffee Breaks! These are monthly 1-1s breaks of 30 minutes over three months (Oct, Nov, Dec) for the WinC community. Sign up: More information in our Discord! ()
@KBoudgoust
@TheAlliBishop
Ola Bini is detained for 42 days now.Yesterday,I gave a short talk at
#eurocrypt2019
about him and his work.The amount of support from the cryptographic community has been amazing as this reminds people of times when cryptography was persecuted. It seems it still is.
#FreeOlaBini
My boyfriend is detained for 18 days now. In his words:
"I urge all of you to consider these questions. Devote your life to the most important thing."
#FreeOlaBini
Extremely happy to announce that Latincrypt2025 will be held in 'la tierra del olvido', Medellín, Colombia with the great organization of Daniel Cabarcas,
@deescuderoo
, and more! Submit your best works as Latincrypt is great and for the diversity
"She said there seemed to be a lack of understanding about the work Mr. Bini did, and what “cryptographic and privacy-preserving tools actually mean.”, as I said for the
@nytimes
, working for cryptography and privacy is not a crime.
#FreeOlaBini
AHORA |
#OlaBini
, quien está detenido desde el pasado 11 de abril, ingresa a la sala de la Corte Provincial de
#Pichincha
en donde se efectuará la audiencia de habeas corpus. Vía:
@magacastal
First formal analysis paper posted now! We formally analysed KEMTLS with the Tamarin Prover: in two modes: with the TLS 1.3 model and on itself. Paper accepted to ESORICS 2022. With Jonathan Hoyland
@ThomWiggers
and
@dstebila
Oh! Happy our talk is in the section of "Crypto for the People" at RWC2023 and with the other talk that I was amazed at (so much looking forward to seeing Leah and
@senykam
)!
Our attacks break confidentiality and authentication against malicious homeservers. The underlying vulnerabilities show a lack of a unified and formal approach to security guarantees in Matrix.
New paper! Together with
@alxdavids
we introduce 'Chalamet' a keyword-based PIR scheme! We also introduce a framework so that any index LWE-based PIR scheme can be transformed to keyword-based via the usage of binary fuse filters
Extremely happy to have been able to work on this with the amazing Brave team! This feature can help people suffering with IPV to visit help websites without leaving a trace that they visited it (which can lead to further abuse if found out).
Brave will begin rolling out an important new privacy feature called "Request Off the Record (OTR)" in version 1.53.
OTR aims to help people who need to hide their browsing behavior from others who have access to their devices.
La audiencia de apelación a la prisión preventiva de mi novio y excelente desarrollador, Ola Bini, es hoy. Ha estado detenido por 22 días ya. Si crees que la gente no debe estar detenida por leer ciertos libros o por dispositivos que tiene, muestra tu apoyo
#FreeOlaBini
Happy that my RWC2023 talk is done! And for the people that liked the outfit: it is from Issay Miyake and Yohji Yamamoto, two japanese desingers that went against the traditional fashion. A bit of a love letter to Japan ;)
Ola Bini is detained for 38 days now. In his words: "Cypherpunks write code. This means just what it says. If we want a better world, we have to take the responsibility. We have to build it ourselves."
#FreeOlaBini
These vulnerabilities are caused by insecurity by design, by protocol confusion, by a lack of domain separation, or by implementation bugs. Let's explain them now!
Hi, everyone! As you all know we will soon have a Women in Cryptography (WinC) seminar. Our first speaker will be Elette Boyle. We want this talk to be interactive so send questions you will like Elette answer in our discord server ;)
Here an small blog post of the attacks to post-quantum cryptography of the week:
Touching Rowhammer and FrodoKEM, and the Breaking Supersingular Isogeny Diffie–Hellman paper ;)
Very briefly but mainly wanting to highlight that PQC needs time to mature.
Got reminded that 5 years ago, I won a scholarship from
@RailsGirlsSoC
to learn to code. A year later, I started working at
@thoughtworks
where I further learned. 3 years ago I got interested in cryptography and started with it. And now working at an amazing team at
@Cloudflare
My last weeks have been:
- Move to another country
- Have last meetings with the women help groups
- Organize a summit
- Give some talks
- Finish the on boarding process
- Take the university final exams
- Have a new apartment
All done. Going to finally sleep now.
Really happy that my talk about gender-based online abuse in the Global South has been accepted to
@enigmaconf
! Very happy and excited! <3
#enigma2021
Mi novio, Ola Bini, está detenido por 24 días ya. Uno de los argumentos para ello que se su data está encriptada. En otras partes de mundo, compañías tienen casos legales porque no usan encriptación para proteger su data. Parece ser lo contrario acá.
#FreeOlaBini
Yes, I am that persnickety person that will check all the proofs on papers in the appendix, and notify you if something seems wrong. Very annoying I am (it has helped me to learn a lot, though).
I made a very, very informal note on the different Privacy-Preserving Measurements Techniques that are there: some differential privacy, some Prio, some STAR: (many work to do still on it). This is an extra supplement for an incoming talk ;)
Our beautiful PQC scheme MAYO is fast and has super nice parameters. Check them out in: (with new spec, numbers and code) by
@WardBeullens
@primaboinca
Matthias Kannwischer and Basil Hess!
A formal security analysis of the protocol design is required. For more questions, see: Also, read the piece from Dan Goodin (
@dangoodin001
) at Ars Technica about our attacks:
Are you interested to know what it means to be a LatinAmerican cryptographer? We are running a workshop in LatinCrypt2021 about it!
Want to learn more? See:
Yes!! KYBER and Dilithium for PQC (plus Falcon and SPHINCS+)! Congrats to the teams and specially my friend
@cryptojedi
! This is the result of a lot of work and effort!
Me: ok, submitting an IETF draft should be easy...
Oh, no. It was confusing and not nice.
But we succeeded! Presenting AuthKEM for using KEMs for authentication in TLS1.3:
I'm very happy to say that I'm the co-chair of the hrpc group at IRTF alongside the amazing
@MalloryKnodel
! Looking forward to the amazing work and working with amazing people as
@csperkins
<3