Daniel Hugenroth
@lambda.bsky.social
Computer Security Researcher @ Cambridge (https://www.danielhugenroth.com) and Co-Founder @ Light Squares (https://www.lightsquares.dev)
@arberesford.bsky.social and I are giving a talk on deploying secure whistleblower technology in practice this Wednesday (12th Nov) at the @cst.cam.ac.uk in Cambridge (3pm)—covering the five year journey of CoverDrop. 🙌 Join us online or in-person: www.cst.cam.ac.uk/seminars/lis...
From research lab to newsroom: deploying secure whistleblower technology in practice | Department of Computer Science and Technology
In a functioning democracy, a free press plays a vital role in holding powerful institutions to account. But for journalism to thrive, citizens must be able to contact reporters securely—especially wh...
www.cst.cam.ac.uk
November 10, 2025 at 1:59 PM
@arberesford.bsky.social and I are giving a talk on deploying secure whistleblower technology in practice this Wednesday (12th Nov) at the @cst.cam.ac.uk in Cambridge (3pm)—covering the five year journey of CoverDrop. 🙌 Join us online or in-person: www.cst.cam.ac.uk/seminars/lis...
How to trust that the binaries that we deploy are truthfully built from the correct source code? 🤝
Just back from ACM CCS '25 🌏 where we presented Attestable Builds as a solution to this challenge. It complements Reproducible Builds and uses TEEs as a trust anchor. With @coderlime.bsky.social
Just back from ACM CCS '25 🌏 where we presented Attestable Builds as a solution to this challenge. It complements Reproducible Builds and uses TEEs as a trust anchor. With @coderlime.bsky.social
October 24, 2025 at 8:10 AM
How to trust that the binaries that we deploy are truthfully built from the correct source code? 🤝
Just back from ACM CCS '25 🌏 where we presented Attestable Builds as a solution to this challenge. It complements Reproducible Builds and uses TEEs as a trust anchor. With @coderlime.bsky.social
Just back from ACM CCS '25 🌏 where we presented Attestable Builds as a solution to this challenge. It complements Reproducible Builds and uses TEEs as a trust anchor. With @coderlime.bsky.social
One of my favourite CoverDrop details: out-of-band verification of the trusted organization key which signs the entire key hierarchy. Its digest is included in the imprint of every printed Guardian newspaper, removing the need to trust CAs 🔑🗞️ more details: www.coverdrop.org
July 29, 2025 at 10:45 AM
One of my favourite CoverDrop details: out-of-band verification of the trusted organization key which signs the entire key hierarchy. Its digest is included in the imprint of every printed Guardian newspaper, removing the need to trust CAs 🔑🗞️ more details: www.coverdrop.org
Audits of AI/ML systems while protecting model IP and keeping the audit data confidential 🤫
@inxoy.bsky.social is at the ICML TAIG workshop today, presenting our work on Attestable Audits: arxiv.org/html/2506.23... with Bill Marino and @arberesford.bsky.social
@inxoy.bsky.social is at the ICML TAIG workshop today, presenting our work on Attestable Audits: arxiv.org/html/2506.23... with Bill Marino and @arberesford.bsky.social
Attestable Audits: Verifiable AI Safety Benchmarks Using Trusted Execution Environments
arxiv.org
July 19, 2025 at 1:57 PM
Audits of AI/ML systems while protecting model IP and keeping the audit data confidential 🤫
@inxoy.bsky.social is at the ICML TAIG workshop today, presenting our work on Attestable Audits: arxiv.org/html/2506.23... with Bill Marino and @arberesford.bsky.social
@inxoy.bsky.social is at the ICML TAIG workshop today, presenting our work on Attestable Audits: arxiv.org/html/2506.23... with Bill Marino and @arberesford.bsky.social
Super excited that Jenny is presenting our new paper on "Web Authentication and Recovery in the Age of E2EE" at PETS today! 🎉🎉
Tons of interesting insights for a world in which we are moving away from passwords, and E2EE data becomes more long-term and critical. petsymposium.org/popets/2025/...
Tons of interesting insights for a world in which we are moving away from passwords, and E2EE data becomes more long-term and critical. petsymposium.org/popets/2025/...
petsymposium.org
July 17, 2025 at 11:37 AM
Super excited that Jenny is presenting our new paper on "Web Authentication and Recovery in the Age of E2EE" at PETS today! 🎉🎉
Tons of interesting insights for a world in which we are moving away from passwords, and E2EE data becomes more long-term and critical. petsymposium.org/popets/2025/...
Tons of interesting insights for a world in which we are moving away from passwords, and E2EE data becomes more long-term and critical. petsymposium.org/popets/2025/...
CoverDrop involved users from the very beginning—avoiding the “solution looking for problem” trap. Big shout out to @mansoor.bsky.social , Diana, and @arberesford.bsky.social for getting this right from the very beginning by running two very insightful workshops with journalists and engineers.
June 27, 2025 at 1:58 PM
CoverDrop involved users from the very beginning—avoiding the “solution looking for problem” trap. Big shout out to @mansoor.bsky.social , Diana, and @arberesford.bsky.social for getting this right from the very beginning by running two very insightful workshops with journalists and engineers.
This announcement really should have our lead Rustaceans @itsibitzi.dev and @zekehg.bsky.social on top 🦀! CoverDrop's implementation journey has been demonstrating the immense strengths that lie in Rust's type system and the mature tool chain. Looking forward to all the talk in September!
🎤 #rustconf Session Announcement: Daniel Hugenroth (@lambda.bsky.social), Sam Cutler, & Zeke Hunter-Green
“Secure Messaging: Leveraging Rust to Create the Guardian’s Anonymous Whistleblowing System”
→ rustconf.com/schedule/#1473
#rustlang
“Secure Messaging: Leveraging Rust to Create the Guardian’s Anonymous Whistleblowing System”
→ rustconf.com/schedule/#1473
#rustlang
June 20, 2025 at 9:50 AM
This announcement really should have our lead Rustaceans @itsibitzi.dev and @zekehg.bsky.social on top 🦀! CoverDrop's implementation journey has been demonstrating the immense strengths that lie in Rust's type system and the mature tool chain. Looking forward to all the talk in September!
Reposted by Daniel Hugenroth
The Guardian app’s own data flows make leaks indistinguishable from regular traffic — cutting off one of the easiest ways for a repressive government or a corporate boss to identify a leaker. www.niemanlab.org/2025/06/the-...
The Guardian’s new whistleblower tool buries leaks to journalists within its own readers’ everyday traffic
Think "I am Spartacus!" — but for leakers.
www.niemanlab.org
June 9, 2025 at 9:58 PM
The Guardian app’s own data flows make leaks indistinguishable from regular traffic — cutting off one of the easiest ways for a repressive government or a corporate boss to identify a leaker. www.niemanlab.org/2025/06/the-...
Reposted by Daniel Hugenroth
Congratulations @lambda.bsky.social! Today @theguardian.com is launching a new way for whistleblowers to anonymously contact journalists, based on years-long research by Daniel and other colleagues. www.theguardian.com/gnm-press-of...
The Guardian launches Secure Messaging, a world-first from a media organisation, in collaboration with the University of Cambridge
Secure Messaging is a new innovation for confidential story-sharing and source protection, underpinning the Guardian’s commitment to investigative journalism. The Guardian has published the open sourc...
www.theguardian.com
June 9, 2025 at 12:29 PM
Congratulations @lambda.bsky.social! Today @theguardian.com is launching a new way for whistleblowers to anonymously contact journalists, based on years-long research by Daniel and other colleagues. www.theguardian.com/gnm-press-of...
We launched CoverDrop 🎉 providing sources with a secure and anonymous way to talk to journalists. Having started five years ago as a PhD research project, this now ships within the Guardian app to millions of users—all of which provide cover traffic. Paper, code, and more info: www.coverdrop.org
CoverDrop: Blowing the Whistle Through A News App
www.coverdrop.org
June 9, 2025 at 1:00 PM
We launched CoverDrop 🎉 providing sources with a secure and anonymous way to talk to journalists. Having started five years ago as a PhD research project, this now ships within the Guardian app to millions of users—all of which provide cover traffic. Paper, code, and more info: www.coverdrop.org
Greatly enjoyed talking at JKU Linz about our Sloth 🦥 library which uses Secure Enclaves (SEs) for key stretching and deniable encryption. Importantly, it works around Android/iOS API limitations and, therefore, Sloth is available to regular apps on most smartphones without modifications.
April 28, 2025 at 4:13 PM
Greatly enjoyed talking at JKU Linz about our Sloth 🦥 library which uses Secure Enclaves (SEs) for key stretching and deniable encryption. Importantly, it works around Android/iOS API limitations and, therefore, Sloth is available to regular apps on most smartphones without modifications.
It's done! The final lecture slides and notes for "P79 Cryptography and Protocol Engineering" are now online: www.cl.cam.ac.uk/teaching/242... 🎉. This is the first time that @martin.kleppmann.com and I have done this course—we very much welcome feedback, corrections, and suggestions for next time
Department of Computer Science and Technology – Course pages 2024–25: Cryptography and Protocol Engineering – Course materials
www.cl.cam.ac.uk
April 7, 2025 at 3:15 PM
It's done! The final lecture slides and notes for "P79 Cryptography and Protocol Engineering" are now online: www.cl.cam.ac.uk/teaching/242... 🎉. This is the first time that @martin.kleppmann.com and I have done this course—we very much welcome feedback, corrections, and suggestions for next time
I am quite excited that our brand-new module "P79: Cryptography and Protocol Engineering" has its first lecture today! @martin.kleppmann.com and I designed the course to bridge the gap between mathematical ideas and the challenge of implementing secure cryptography in the real world. @cst.cam.ac.uk
January 29, 2025 at 1:24 PM
I am quite excited that our brand-new module "P79: Cryptography and Protocol Engineering" has its first lecture today! @martin.kleppmann.com and I designed the course to bridge the gap between mathematical ideas and the challenge of implementing secure cryptography in the real world. @cst.cam.ac.uk
Reposted by Daniel Hugenroth
The PaPoC workshop is once again accepting submissions on distributed consistency. Deadline 15 January papoc-workshop.github.io/2025/cfp.html
Call for Papers
The 12th Workshop on Principles and Practice of Consistency for Distributed Data
papoc-workshop.github.io
December 6, 2024 at 10:37 AM
The PaPoC workshop is once again accepting submissions on distributed consistency. Deadline 15 January papoc-workshop.github.io/2025/cfp.html
Reposted by Daniel Hugenroth
My CS department @cst.cam.ac.uk is now on Bluesky, with a properly validated domain handle. Please give them a warm welcome!
November 28, 2024 at 10:59 AM
My CS department @cst.cam.ac.uk is now on Bluesky, with a properly validated domain handle. Please give them a warm welcome!
I went down a rabbit hole studying HKDF implementations for Android and wrote up some impressions: www.danielhugenroth.com/posts/2024_0...
Android HKDF implementations
This article discusses several open-source implementations of the HKDF scheme for Android. Since HKDF is a relatively simple algorithm, it allows for a good case study of cryptographic code. The prima...
www.danielhugenroth.com
April 23, 2024 at 3:55 PM
I went down a rabbit hole studying HKDF implementations for Android and wrote up some impressions: www.danielhugenroth.com/posts/2024_0...
I'll be speaking at TUM in Munich next week about "🎢 Rollercoaster: An Efficient Group-Multicast Scheme for Mix Networks". Say Hi if you're around, or join online: https://hedgedoc.net.in.tum.de/s/xDwzUxvFV#TUM-Blockchain-Salon
May 4, 2023 at 9:42 AM
I'll be speaking at TUM in Munich next week about "🎢 Rollercoaster: An Efficient Group-Multicast Scheme for Mix Networks". Say Hi if you're around, or join online: https://hedgedoc.net.in.tum.de/s/xDwzUxvFV#TUM-Blockchain-Salon
Reposted by Daniel Hugenroth
New paper! 📄✨ It turns out that all text collaboration algorithms have an interleaving problem, and we fixed it for the first time. Very proud of this work with Matthew Weidner and Seph Gentle https://arxiv.org/abs/2305.00583
The Art of the Fugue: Minimizing Interleaving in Collaborative Text Editing
Existing algorithms for replicated lists, which are widely used in
collaborative text editors, suffer from a problem: when two users concurrently
insert text at the same position in the document,...
arxiv.org
May 2, 2023 at 2:39 PM
New paper! 📄✨ It turns out that all text collaboration algorithms have an interleaving problem, and we fixed it for the first time. Very proud of this work with Matthew Weidner and Seph Gentle https://arxiv.org/abs/2305.00583