I'm D. J. Bernstein, and this is my personal weblog. Keyboard shortcuts:

- Alt-J in Chrome, Alt-Shift-J in Firefox: move down to the next blog entry in reverse chronological order.
- Alt-K in Chrome, Alt-Shift-K in Firefox: move up.
- Alt-I in Chrome, Alt-Shift-I in Firefox: index (this page).

Feed: RSS. I'm also moderately active as @hashbreaker on Twitter, and in particular will systematically tweet new blog entries.

2017.11.05: Reconstructing ROCA A case study of how quickly an attack can be developed from a limited disclosure. #infineon #roca #rsa |

2017.10.17: Quantum algorithms to find collisions Analysis of several algorithms for the collision problem, and for the related multi-target preimage problem. #collision #preimage #pqcrypto |

2017.07.23: Fast-key-erasure random-number generators An effort to clean up several messes simultaneously. #rng #forwardsecrecy #urandom #cascade #hmac #rekeying #proofs |

2017.07.19: Benchmarking post-quantum cryptography News regarding the SUPERCOP benchmarking system, and more recommendations to NIST. #benchmarking #supercop #nist #pqcrypto |

2016.10.30: Some challenges in post-quantum standardization My comments to NIST on the first draft of their call for submissions. #standardization #nist #pqcrypto |

2016.06.07: The death of due process A few notes on technology-fueled normalization of lynch mobs targeting both the accuser and the accused. #ethics #crime #punishment |

2016.05.16: Security fraud in Europe's "Quantum Manifesto" How quantum cryptographers are stealing a quarter of a billion Euros from the European Commission. #qkd #quantumcrypto #quantummanifesto |

2016.03.15: Thomas Jefferson and Apple versus the FBI Can the government censor how-to books? What if some of the readers are criminals? What if the books can be understood by a computer? An introduction to freedom of speech for software publishers. #censorship #firstamendment #instructions #software #encryption |

2015.11.20: Break a dozen secret keys, get a million more for free Batch attacks are often much more cost-effective than single-target attacks. #batching #economics #keysizes #aes #ecc #rsa #dh #logjam |

2015.03.14: The death of optimizing compilers Abstract of my tutorial at ETAPS 2015. #etaps #compilers #cpuevolution #hotspots #optimization #domainspecific #returnofthejedi |

2015.02.18: Follow-You Printing How Equitrac's marketing department misrepresents and interferes with your work. #equitrac #followyouprinting #dilbert #officespaceprinter |

2014.06.02: The Saber cluster How we built a cluster capable of computing 3000000000000000000000 multiplications per year for just 50000 EUR. #nvidia #linux #howto |

2014.05.17: Some small suggestions for the Intel instruction set Low-cost changes to CPU architecture would make cryptography much safer and much faster. #constanttimecommitment #vmul53 #vcarry #pipelinedocumentation |

2014.04.11: NIST's cryptographic standardization process The first step towards improvement is to admit previous failures. #standardization #nist #des #dsa #dualec #nsa |

2014.03.23: How to design an elliptic-curve signature system There are many choices of elliptic-curve signature systems. The standard choice, ECDSA, is reasonable if you don't care about simplicity, speed, and security. #signatures #ecc #elgamal #schnorr #ecdsa #eddsa #ed25519 |

2014.02.13: A subfield-logarithm attack against ideal lattices Computational algebraic number theory tackles lattice-based cryptography. |

2014.02.05: Entropy Attacks! The conventional wisdom says that hash outputs can't be controlled; the conventional wisdom is simply wrong. |