Anjan Roy

Eagerly waiting

Wow firefox has split view now 🙌

Macbook Pro quality h/w with Linux. That's exactly what I ever wanted. Thanks ❤️ Just sell them in India, please 🙏

Indeed. Try out sycl too. It will be able to use the gpu too.

@kaepora Oh this is very nice.

We at Symbolic Software just finished running 1,296 tests across 15 ML-KEM and ML-DSA implementations in search of vulnerabilities. Our results, alongside Crucible, our open-source ML-KEM/ML-DSA testing harness, are documented in today's blog post: symbolic.software/blog/2026-03-2…

@mackron Just use sycl

Can we Make Graphics Programming Fun Again by getting rid of Vulkan and pretending it never existed? An API like this is what we need.

@blelbach C++ std::mdspan ?

Come to my talk at GTC to learn about the other languages that CUDA Tile will soon support! nvidia.com/gtc/session-ca…

Tomorrow morning I'll be presenting "Beyond Portable C: Rethinking PQC Implementations with Modern C++ Patterns" at Real World Post Quantum Cryptography (RWPQC) workshop 2026. Due to partial UAE airspace closure I didn't make it to Taipei. I'll present it online. If you are attending RWPQC, be sure to attend it. I'll talk about C++20, constexpr, compile-time self-testing against NIST KAT vectors, ml-kem, ml-dsa, constant-timeness, fuzzing, avoiding core undefined-behavior and definitely performance. Wish me luck ✌️

Too many different i/o is not "great". Universality of type-c is good. Make everything type-c. But put type-c ports on two sides of laptop.

XKCP is the state of the art for anything and everything keccak permutation related. My fully constexpr C++20 header-only library implementation of sha3 is 12-17% slower compared to XKCP. Though it is minimal and fully compile-time evaluable. For example, you can have a string like "keccak permutation rocks!" and compute the SHA3-256 digest at program compile time itself. The current best practice is hard-coding the message digest in program. But one can reduce the chance of supply-chain attack vector by doing compile-time eval and static assertion. That ensures you exercise the full SHA3-256 code path at compile-time. This should be the new norm. github.com/itzmeanjan/sha3

Did it already get merged to LLVM22? @trailofbits

Just discovered the website softwarefoundations.cis.upenn.edu Reliable software 🤩 Enough content to binge read for next couple of months.

Constant-time memcmp is must use when comparing secret-key materials. And it can be upto 7x costlier compared to std::memcmp. That's the point. std::memcmp will short-circuit, which we want to avoid in cryptographic context - specifically when dealing with secret material. subtle is a C++20 header-only library offering all things constant-time (CT), while being fully constexpr (CT) too github.com/itzmeanjan/sub…

@kaepora Wow. What kind of vulnerabilities are those? Do any of those affect functional correctness? Or are they only for constant-timeness and formal verification?

I have been venting my (considerable) anger at the war returning in Lebanon by performing further auditing of Cryspen's code, and I'm sorry to say that I am up to 14 new, previously unreported vulnerabilities, of which five are at least high in severity (probably critical).

Compile-Time self testing against NIST ACVP KAT vectors. A new paradigm for ensuring functional correctness and compliance with standard, at program compile-time itself. C++ constexpr lib. impl of ml-kem github.com/itzmeanjan/ml-…

🤩🤩🤩

Fuzzing infra for ml-dsa is now setup. But "structure-aware fuzzing" for ml-dsa is quite involved. More to come. github.com/itzmeanjan/ml-…

Added so many tests in ml-dsa, that it took ~3 hours to finish GCC+AddressSantinizer+Debug test on github actions ci. 😄 github.com/itzmeanjan/ml-…

All the textual formats are having a great time. md, svg - they rock. And they are so easy to work with. And git traceable also 🤩

Making the internet verifiable. That's what is needed. So that any action you take online, comes back with a "succint proof of correct execution" which the client can verify. No blindly trusting the server.