encryptorium

STARKs are built on hash-based commitments and coding-theoretic machinery like FRI, which avoids the main Shor-vulnerable assumptions behind pairing- and discrete-log-based proof systems. But some implementations add a final SNARK wrapper for cheaper on-chain verification. RISC Zero’s docs describe compressing a STARK proof into a Groth16 proof, and explicitly mark that path as not quantum-safe. “We use STARKs” is not enough to make a system post-quantum. You have to trace the full verification pipeline.

My first @hackernoon article is live, and I won’t pretend I’m not grinning. I broke down Google Quantum AI’s new paper: fewer than 500,000 qubits to break Bitcoin’s secp256k1, a 20× cut from prior estimates. A resource estimate is not a timeline. Migration is the bottleneck. hackernoon.com/googles-quantu…

1/5: My take on the QSB paper by @avihu28 (@StarkWareLtd), dropped April 9. It shows how to build a Shor-resistant spend path inside today's legacy Bitcoin Script, no soft fork. Clever and narrow, it makes the case for a protocol-level PQ signature louder, not quieter.

@0xLoopTheory also available on encryptorium encryptorium.com/blog/pqc-zk-bl…

PQC migration plans have a ZK blind spot. NIST IR 8547 (draft), the UK NCSC's 2025 PQC timeline, and EU Recommendation 2024/1101 all describe PQC migration roadmaps. None of them discuss zero-knowledge verifiers or ZK verification infrastructure. That matters because some deployed ZK systems still rely on quantum-vulnerable elliptic-curve/pairing-based components. These are not always things you can swap as easily as certificates. "We use STARKs" is not always a complete answer either. RISC Zero's docs explicitly note that their STARK-to-SNARK layer uses Groth16/BN254 and is quantum-vulnerable. Polygon zkEVM also ends with a final SNARK validity proof on-chain. Commitment scheme choice, verifier upgradeability, and proof composition are already PQC decisions. The NCSC's target for full migration is 2035. For verifier infrastructure, replacement paths may take years. Full article: encryptorium.medium.com/pqc-migration-… #PostQuantum

1/11: I've been working on something for a while. What started as scattered writing and tools around post-quantum cryptography has taken a shape I'm genuinely happy with. Encryptorium: an applied cryptography research platform focused on the problems practitioners actually face during PQC migration. Here's what it is and why it exists.

I already wrote a thread breaking down Google Quantum AI's paper on breaking Bitcoin's elliptic-curve signatures. This blog post goes deeper. It covers what the thread couldn't fit. Taproot's specific exposure window: P2TR addresses leak tweaked public keys on-chain, giving an attacker indefinite offline time. The full hardware gap: 446x more qubits than anything that exists today. And where post-quantum migration actually stands across Bitcoin, Ethereum, Algorand, Solana, and QRL. The paper is real science. Most headlines are not. This piece walks through what the numbers actually say. encryptorium.medium.com/googles-quantu…

1/10: Google Quantum AI published a whitepaper estimating the resources a future fault-tolerant quantum computer would need to break the elliptic-curve cryptography (secp256k1) used by Bitcoin and other cryptocurrencies. The reaction has been predictable. "Bitcoin is dead" headlines, alert emojis, panic. The paper is real science. The panic is not. Here is what it actually says, what it does not say, and what is already being done about it.

Finally just about done with my deep hardware wallet testing for security-conscious developers and protocols. Hardware wallets video and article on the research coming soon. Here is a sneak peek. If anything looks wrong from this snapshot, now's the time to let me know!

Want to harden your systems with prescriptive security configurations? Learn how CIS Benchmarks provide a structured approach to secure OS, cloud, databases, and more—aligned with NIST, ISO 27001, PCI-DSS, and SOC 2. encryptorium.medium.com/an-introductio…

I absolutely agree! This also ties into shift-left security, where the goal is to incorporate security as early as possible in the development cycle. Not only does this create more secure code, but it can also reduce costs and prevent headaches later on.

Web Clipper lets you highlight important passages, and select the elements you want to save to Obsidian. Your highlights are saved, so you can revisit them when you return to a page.

Do you use fuzzing in your smart contract development or auditing? #smartcontract #auditing #SmartContracts

Parrot 6.2 is available to download and install 🦜 Click the link and read the changelog to find out more about this new version 👇🏼 parrotsec.org/blog/2024-10-2… #ParrotSec #ParrotOS #CyberSecurity #CybersecurityNews #Hacking #PenTest #Pentesting #linux #linuxdistro

Have you heard of Shift Left Security? #cybersecurity

Why bolt on security when you can bake it in? 🔒 Studies show it's 15x cheaper to integrate security from the start vs. adding it later. 1. Early Integration = Better Protection 2. Automated Security Checks Save Time 3. Shared Security Culture Reduces Risk 4. Faster Incident Response 5. Improved Compliance Management Security isn't just a feature - it's the foundation of reliable software. (Please recycle ♻️ for others in your network) P.S. What's your biggest challenge in implementing security early in development?

ZKsync’s first governance proposal was posted on @TheZKNation forum. Introducing @ZKsyncIgnite (∎, 🔥) ZKsync Ignite will turn ZKsync Era into a liquidity hub for the Elastic Chain by streaming 300M ZK tokens over 9 months to DeFi users. Join the TG: t.me/+jt7FJcWQlekxO…

Obsidian 1.7 is now available for desktop and mobile! This update makes Obsidian much faster to load, and reduces memory usage. You should see significant performance improvements across all platforms. More highlights: - The new Sync History view shows a list of edits across the vault, useful when collaborating on a shared vault. Activate it using the "Sync: Show Sync history" command. - You can now click inside a page preview to edit it without opening the note. - Several improvements to Obsidian URI new and addition of daily. - There is a new tool (General → Advanced) to show the app load time. - Views now load only when visible. This might cause issues with some plugins, make sure to update your plugins. - Renaming files is now faster in large vaults.

Another killer piece of content from @RareSkills_io 🔥 Here are 20 common mistakes beginners make in Solidity (and even pros sometimes!). Definitely worth the read: buff.ly/4dwJFvv

@calyptus_web3 Revert as bomb._code can't be accessed anymore after calling blast

Solidity Challenge #452 🕵️ Will calling the pullTrigger() function from the Trigger contract revert? If not, will it return 0 or 42?

@trikcode I heard rumors about it. But I have not witnessed it myself so far. I am starting to doubt that it can even be done.

Has anyone successfully plugged in a USB first try?