I hereby claim:
- I am defuse on github.
- I am defuse (https://keybase.io/defuse) on keybase.
- I have a public key whose fingerprint is BFAE 45EB D356 1D91 E3E2 56C2 DFA8 209C E967 8D5D
To claim this, I am signing this object:
defuse
/ sidechannel_encode.php
Last active
August 29, 2015 13:56
Proposal for side-channel safe encoding.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| // THIS CODE IS EXPERIMENTAL. DO NOT USE IT. | |
| // ALSO NOTE THERE IS NO ERROR CHECKING! | |
| function side_channel_safe_encode($binary_string) | |
| { | |
| // We only use 5 bits from every byte, so for 256 bits we need 52 bytes. | |
| $random = mcrypt_create_iv(52, MCRYPT_DEV_URANDOM); | |
| $printable_blind_key = ''; |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| // WARNING: THIS IS EXPERIMENTAL CODE. DO NOT USE IT. | |
| // --- binary to hex encoding --- | |
| function sc_bin2hex($binary) | |
| { | |
| $encoded = ''; | |
| for ($i = 0; $i < strlen($binary); $i++) { |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Sketch of a security proof for BCRYPT(H(X)). This probably contains errors. | |
| UPDATE: Only assume BCRYPT is collision resistant for X <= 72. | |
| Define the BCRYPT-H(S, X) algorithm as follows: | |
| UPDATE: Gah... the whole 'byte' thing isn't necessary at all. I originally | |
| intended to pass *either* the actual X (with a zero byte prefix) or H(X) with | |
| a 0x01 byte prefix, to bcrypt. I forgot to do that, and instead always passed | |
| the hash with the byte prefix based on the length. The proof is still valid, |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This script answers the following question: | |
| # Alice chooses N random numbers between 1 and K. | |
| # Bob chooses G random numbers between 1 and K. | |
| # What is the probability that at least one number is chosen by both of them? | |
| # Computes (K-N choose G) / (K choose G) in O(N)-ish time. | |
| k = 1_000_000_000 | |
| n = 10_000 | |
| g = 100_000 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # WARNING! There is no warranty. This script might not work! | |
| FILE = "Download.csv" | |
| rows = [] | |
| File.open( FILE ) do |f| | |
| rows = f.readlines() | |
| end | |
| rows = rows[1..-1] |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Goal: | |
| You're given a sequence of random alphanumeric characters (0-9a-zA-Z, 62 | |
| possible characters), for example from a password generator. Convert it into | |
| a sequence of random *bits*. | |
| The output should have the property: | |
| The alphanumeric character RNG can be distinguished from random if and | |
| only if the alphanumeric character RNG, with the conversion algorithm | |
| attached, can be distinguished from random. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| WARNING: This takes about 10-20 hours to run, depending on your system. | |
| 1%... | |
| 2%... | |
| 3%... | |
| 4%... | |
| 5%... | |
| 6%... | |
| 7%... | |
| 8%... | |
| 9%... |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This is well-known behavior, it's just interesting. | |
| $ mkdir a | |
| $ echo "hello!" > a/file.txt | |
| $ cat a/file.txt | |
| hello! | |
| $ chmod 000 a/file.txt | |
| # Now I don't expect to be able to change a/file.txt... | |
| $ echo "GOODBYE" > a/file.txt | |
| bash: a/file.txt: Permission denied | |
| # Okay, good, I can't modify the file directly. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // WARNING! This code is untested and experimental. DO NOT USE IT. | |
| // NOTE: If I knew of a way to do the "shift and OR" thing reliably with unsigned ints, the code could be simplified a lot. | |
| // Will always be compiled with -std=c99 | |
| // Returns UINT32_MAX if a == b, 0 otherwise. | |
| uint32_t invariant_time_integer_compare(uint32_t a, uint32_t b) | |
| { | |
| /* z will be zero if and only if a == b. */ |