Computer Scientists Figure Out How To Prove Lies: An attack on a fundamental proof technique reveals a glaring security issue for blockchains and other digital encryption schemes.
(www.quantamagazine.org)
from Pro@programming.dev to technology@lemmy.world on 13 Jul 19:59
https://programming.dev/post/33856653
from Pro@programming.dev to technology@lemmy.world on 13 Jul 19:59
https://programming.dev/post/33856653
threaded - newest
Er, no. The falsity of this is taught in virtually all first year CS courses.
Computer programmers and other IT workers? Sure… but hash functions have never been considered a substitute fore pure randomness.
That’s why we have a random generator in each computer based on thermal variance, I/O input, and other actually random features. And even then, we have to be careful not to hash the randomness out of the source data.
This isn’t about random vs pseudorandom numbers, it’s about the use of hashing in protocols that are provably secure under the random oracle model (ROM) but turn out to have problems anyway. It’s a pretty near certainty that first year CS courses don’t explain what the random oracle model is. But basically, there have been known attacks for decades against protocols intentionally designed to be vulnerable in the standard model while still secure in the ROM. This is the first time such an attack has been found against a real world protocol.
Matthew Green had an explainer a few months ago that was more detailed than the Quanta article while still being readable: blog.cryptographyengineering.com/…/how-to-prove-f…
Anyway it sounds like caution is warranted but “ZOMG the sky is falling” is overreaction.
Or, if you’re more fun, a giant wall of lava lamps! The coolest randomness in town!
(Cloudflare does this)
Can somebody TLDR and determine if there’s any useful information in this article. I refuse to read quanta magazine.
Edit: link to paper: eprint.iacr.org/2025/118