A recent paper, “Fast Factoring Integers by SVP Algorithms” by Claus P. Schnorr, claims significant improvements in factoring that “destroys the RSA cryptosystem”. If true, it would be practical to demonstrate on well known RSA factoring challenges.

Update: Schnorr withdrew this paper on June 5th, 2021.
Update v2: Schorr’s paper is back online as of July 8th, 2021 with a new eprint submission.

No such demonstration has been made. Without this, assessing the correctness of the paper will have to wait for reviewers to wade through the details and give their feedback.

Claus buries the lede.

Big, If True

This paper drew the attention of many cryptographers…


These are a selection of the most cited papers from ACM CCS, IEEE Security & Privacy, NDSS, Usenix Security, Crypto, and Eurocrypt between the years 2015 and 2019. Source data is from Google Scholar Metrics.

The papers are roughly in the order of citations per year and grouped in 5 categories.

  • Machine Learning Security & Privacy
  • Architecture & Side-Channel Attacks
  • Cryptocurrencies & Blockchains
  • Real World Attacks & Case Studies
  • Cryptography

Machine Learning Privacy & Security


Secure enclaves, or trusted execution environments (TEEs), generally describe small, trusted environments within a CPU that can execute code in a way that is not accessible by the normal operating system. Enclaves are a safe space to run code or process data in an otherwise untrusted environment. Furthermore, enclaves are typically remotely attestable — meaning you can cryptographically verify that an enclave running on someone else’s computer is running authentic, unmodified code.

Note: This article will be updated with new info over time.

Enclaves reduce the attack surface from the entire application and operating system to a small enclave program and the interface to hardware.

Intel SGX is the most promising enclave technology available today for general purpose computing. Development tools are…


As part of the fellowship program at the Aspen Tech Policy Hub, I’ve spent several weeks with my colleagues Dr. Aloni Cohen and Dr. Amina Asim talking to people about how technology policy can better defend private enterprise from foreign nation-led cyberattacks. For example, how might we have helped Google defend against China during Operation Aurora or Sony from North Korea?

During these conversations I’ve found three problem areas that keep being raised:

  • Barriers to threat intelligence sharing
  • Disincentives for transparency of breach investigations
  • Weak interpersonal relationships between industry and government

This post shares my initial observations after interviewing current…


This posts talks about three security and privacy risks of machine learning models: poisoning attacks, evasion attacks, and unintended memorization. For an in-depth survey, see “A Marauder’s Map of Security and Privacy in Machine Learning”.

Background on Machine Learning Models

The training phase takes a set of input training data, applies a learning process, and outputs a model.

In an attempt to distill an entire field into a few sentences, machine learning generally takes a set of training data, applies a learning process, and outputs a model. The “learning process” is where most of innovation and complexity of the field lies. There are many introductory courses online for more details.


Finding the origin of the “optimal radix” in classic computers

I was curious about the IOTA cryptocurrency citing radix economy as a justification for using ternary rather than binary circuits. I wanted to revisit the original assumptions in the computer science folklore that Euler’s number e is the “optimal radix”.

The earliest reference I found on the subject was “High Speed Computing Devices” from 1950. This text talks about selecting a numerical base in the context of computers built from triodes; better known as vacuum tubes.

Triode Ring Counters

High Speed Computing Devices describes using triodes to build ring counters, which are circular shift registers where the position of a bit in the…


Inspired by “When Phone Encryption Blocks Justice”

In June, a laptop was stolen from a bedroom on a Monday afternoon in Palo Alto, CA, a suburb 15 miles south of San Francisco. There were no witnesses to the larceny, and no surveillance footage either.

With a laptop thief on the loose and few leads at their disposal, investigators in Santa Clara County, which includes Palo Alto, were discouraged when they discovered no surveillance footage existed of the bedroom; footage which could provide crucial clues to identifying their thief.

A California state judge issued a warrant ordering the victim’s landlord to…

Steve Weis

Working in security and cryptography. Opinions are entirely my own.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store