Scott A
LightNews LightNews
ciphper.bsky.social
Scott A
@ciphper.bsky.social
56 followers 6 following 7 posts
Cryptography and software security nerd

https://scottarc.blog
Posts Replies Media Videos
ciphper.bsky.social
Come for the Go implementations of ML-DSA and SLH-DSA, stay for the introduction to side-channel mitigation techniques.

blog.trailofbits.com/2025/11/14/h...

#golng #crypto #cryptography #postquantum
How we avoided side-channels in our new post-quantum Go cryptography libraries
We’ve released open-source Go implementations of ML-DSA and SLH-DSA.
blog.trailofbits.com
November 14, 2025 at 4:00 PM
ciphper.bsky.social
scottarc.blog/2024/10/14/a...
A WordPress Hard Fork Could Be Made Painless for Plugin/Theme Developers
Previously, I wrote about how code-signing and threshold signatures could allow the WordPress community (whether they continue to support WordPress or decide to hard-fork the project onto something…
scottarc.blog
October 15, 2024 at 12:39 AM
ciphper.bsky.social
blog.trailofbits.com/2024/07/01/q...
Quantum is unimportant to post-quantum
By Opal Wright You might be hearing a lot about post-quantum (PQ) cryptography lately, and it’s easy to wonder why it’s such a big deal when nobody has actually seen a quantum computer.…
blog.trailofbits.com
July 1, 2024 at 5:20 PM
Reposted by Scott A
filippo.abyssdomain.expert
I've never witnessed an experts vs non-experts split like on Kyber/ML-KEM.

No cryptographer I know thinks ML-KEM was intentionally weakened, or knows any cryptographer who does.

Meanwhile, enthusiasts in issue trackers are all but certain.

It would be impressive if it wasn't sad and worrying.
June 17, 2024 at 6:12 AM
Reposted by Scott A
ciphper.bsky.social
scottarc.blog/2024/06/17/t...
The Quest for the Gargon
Musing about Password-Based Cryptography for the Government What would a modern NIST standard for password-based cryptography look like? Obviously, we have PBKDF2--which, if used with a FIPS-approved ...
scottarc.blog
June 17, 2024 at 11:52 AM
ciphper.bsky.social
scottarc.blog/2024/06/17/t...
The Quest for the Gargon
Musing about Password-Based Cryptography for the Government What would a modern NIST standard for password-based cryptography look like? Obviously, we have PBKDF2--which, if used with a FIPS-approved ...
scottarc.blog
June 17, 2024 at 11:52 AM
ciphper.bsky.social
One thing I like about Bluesky so far is, despite not following many accounts, my timeline is extremely weird.

In a good way, I mean.
June 5, 2024 at 12:43 PM
ciphper.bsky.social
scottarc.blog/2024/06/04/a...

Attacking NIST SP 800-108

(AES-CMAC KDF in Counter Mode, Loss of Key Control Security)
Attacking NIST SP 800-108
If you've never heard of NIST SP 800-108 before, or NIST Special Publications in general, here's a quick primer: Special Publications are a type of publication issued by NIST. Specifically, the SP 800...
scottarc.blog
June 4, 2024 at 7:58 AM
ciphper.bsky.social
Hello BlueSky!

I wrote a thing about encryption-at-rest: scottarc.blog/2024/06/02/e...
Encryption At Rest: Whose Threat Model Is It Anyway?
One of the lessons I learned during my time at AWS Cryptography (and particularly as an AWS Crypto Bar Raiser) is that the threat model for Encryption At Rest is often undefined. Prior to consulting c...
scottarc.blog
June 3, 2024 at 3:52 AM