Matthew Green Profile picture
I teach cryptography at Johns Hopkins. Screeching voice of the minority. (Mastodon at
LittleGravitas 🇺🇦 🌻 🇪🇺 💙 #FBPE Profile picture Hecate's Crossroad #QVArmy Profile picture Adam Smithee Profile picture Joe Rosato Profile picture SwiftLaidOffه҈̿҈̿҈̿҈̿҈̿҈̿҈̿҈̿҈̿҈̿҈̿҈̿҈̿҈̿҈ Profile picture 12 added to My Authors
Sep 21 5 tweets 1 min read
I would like to know: what the hell is going on here?… Image This seems to imply that a private company is tapping a substantial portion of the ISPs or Internet Exchanges of the US/world.

Not the NSA, just some scummy data miner. The question is who is helping them do this.
Sep 20 15 tweets 5 min read
Ok, so I got a chance to try out Safety Check. This is a new iOS 16 feature designed to quickly secure your phone against unwanted data sharing. It automates the old checklists I wrote (complained about) a while back. Image It’s got two subsections, both protected by passwords/FaceID. One lets you manage settings: let’s go there first. (Forgive the amateur attempt to redact.) Image
Sep 13 4 tweets 1 min read
I watched @cmcsherr argue Bunnie/my DMCA case in front of the DC District Court of Appeals yesterday. Watching judges wrestle with the distinction between code and books, particularly when that code can crack e-books. I have no idea what’s going to happen but a lot of the government’s case seemed to turn on the promise that “we are not going to prosecute Green.” Which I appreciate!
Aug 30 5 tweets 2 min read
Here is another aspect of the CSAM scanning problem. As soon as any one company deploys a new technique (in this case: Google using ML to find new CSAM content) then any company who uses the previous industry standard is cast as negligent. So if Google deploys predictive ML scanning, then the whole world has to deploy ML scanning (accuracy issues be damned). Ironically if a company gets better at detecting this content, they’ll get dinged for having a *worsening number of CSAM reports.* The pressure is always on.
Aug 30 6 tweets 2 min read
This whole article is a bit weird. Policing CSAM on public social networks is good, and Twitter should be doing that (as opposed to scanning private data and messages.) But what does that have to do with verifying customer ages on a paid “OnlyFans” competitor service? If you’re going to operate an adult service, you should probably have a system for policing CSAM. I agree with this. Seems like the kind of thing you should be able to outsource.
Aug 29 6 tweets 2 min read
It’s not that ISO wants you to pay for their standards. It’s that they want you to pay them in *Swiss Francs*, that makes the process so unusual. Image Alright I didn’t find the text for the EV vehicle Plug & Charge standard (ISO 15118-20:2022) but I did find this exciting summary. Now I want to know about “contracts”! ImageImage
Aug 24 4 tweets 1 min read
One of the things I like about University teaching policies is that the faculty are the last people to be informed. “You will all have to wear rabbit ears while teaching. The students were informed two weeks ago, so please don’t waste your time expressing concerns.”
Aug 22 4 tweets 2 min read
I made a Github organization to republish a fork of the Tornado Cash repositories that were banned following the Treasury’s sanction order the other week.… I’ve worked with this code as a researcher and I use it to teach my classes, so it’s important to me that it stays easily-accessible on a major site like GitHub. (This is not the only copy, in fact it’s a fork of someone else’s.)
Aug 21 6 tweets 2 min read
Who could possibly have predicted that this would happen.… Every CSAM-scanning advocate ever: “our algorithms will not report you to the police for taking pictures of your children in the bathtub.”

That worked out well.
Aug 21 4 tweets 1 min read
I’m broadly in favor of some kind of sanctions regime, but not this thing where the government waves vaguely at an area and business operators have to consult a Ouija board to see if they’re going to jail forever. When you have Microsoft yanking source code repositories and miners censoring transactions from blocks, you don’t get to say “well the order doesn’t specifically require that.” Of course it did: it self-evidently created this chilling effect.
Aug 16 6 tweets 2 min read
This paper on Monte Carlo simulations absolutely blows my mind. h/t @inf_0_ Basically, specific non-cryptographic pseudorandom number generators produce biased results, to the point where molecular simulations come out measurably “wrong”.
Aug 14 4 tweets 1 min read
It’s a terrible law and we shouldn’t be cheering for it, no matter how satisfying any given prosecution might feel. Under the terms of the Espionage Act, scientific researchers who point out cryptographic sabotage and backdoors (in the public domain!) can technically be prosecuted. There is a bill in Congress to “fix” this.
Aug 13 4 tweets 1 min read
Is there a good way to use the Wayback Machine to view the hashes of deleted Git repositories? My naive poking around in the Wayback/GitHub Web interface keeps bringing me to dead UI elements (as expected). But maybe there’s a static page I should know to look for.
Aug 8 10 tweets 3 min read
I mean I don’t think this will work long term, but also makes you think that the lack of contract privacy on Ethereum is a pretty big weakness. For non-experts: the strength and weakness of Ethereum-based mixers is that they exist at visible contract addresses, and while users *within* the mixer contract may have privacy, they identify themselves as using the service upon entrance and exit.
Aug 5 5 tweets 1 min read
Any system that allows application code to *see* a hashed password has been mis-architected from the beginning. (And yes I realize that includes nearly all systems.) It’s bizarre that modern apps just stuff password hashes into a database along with a bunch of other data that app code can access. It’s like storing plutonium in the refrigerator next to your mayonnaise.
Aug 2 5 tweets 1 min read
I don’t want to crap on the PQC competition as others have: they’re stimulating some really impressive research, and this isn’t my area to crap on. But sometimes the standardization process does feel a little premature. In particular I’m a little worried about the lack of standardization around hybrid PQC/non-PQC constructions. Naively I didn’t initially think this was a big deal (hey, those will be easy for practitioners to throw together) but this is a *standards* process, so it really won’t.
Jul 27 4 tweets 1 min read
After reading that Nest shares footage with police without a warrant, I was wondering which cloud cameras don’t. And it seems that Apple HomeKit cameras use end-to-end encryption. Oh gosh there’s a lot going on here. Image
Jul 9 5 tweets 2 min read
I’ve been researching my house in Baltimore and so far I’ve learned that in 1916 it belonged to Carl C. Thomas, the first professor of Mechanical Engineering at Hopkins. Even found a copy of his book for sale on Amazon.
Jun 24 5 tweets 1 min read
Another $100m gone, just like that. It’s increasingly obvious that there are attackers (including state-sponsored attackers) making lists of vulnerable “web3” services, ordered by target value and system vulnerability. And they are working systematically down those lists.

Who is doing the same on defense?
Jun 17 5 tweets 1 min read
Keep on telling me how our payments industry works just fine. “We’d love to provide subsidies to Americans but we can’t because the only way to do this is to send a tiny disposable computer to every person in the country.”
Jun 15 10 tweets 3 min read
Sen. Blumenthal has introduced a bill that would force phone manufacturers to open up private APIs: this could break Apple’s iCloud monopoly and make it easier to develop encrypted backup. However I am concerned about a clause in the current bill.… It’s probably worth explaining why this is important. Modern phones have “private APIs” that are available to built-in apps and the OS, but not made available to outside developers. This means that Apple can give privileges to their own apps for things like iMessage and iCloud.