Goodbye Leather Wallets

Europe is one step away from agreeing to an EU-wide digital wallet. This is pretty cool!

The new wallets would serve as a form of digital identity, as well as proof of personal attributes (such as an educational degree). It could also be used to produce qualified electronic signatures, which are legally binding in EU courts.

Interestingly, the European parliament has mandated wallet software be open-source, in the interest of security. A bold step, which makes a lot of sense, given the long history of shoddy cryptography in closed systems.

There is also a strong encouragement to use zero-knowledge proofs. Relying parties should be able to “validate whether a given statement based on the person’s identification data and attestation of attributes is true, without revealing any data on which that statement is based, thereby preserving the privacy of the user”. It’s great to see advanced cryptography concepts being written into policy.

Sadly, in a post-Brexit world, I’ll have to watch with envy from the shores of Britain. Missing out on this cool technology may hurt even more than the “All Passports” lane.

PQC Is Coming to TLS… Slowly

Cloudflare reports that 1-2% of TLS connections use post-quantum algorithms today.

Almost all of that traffic comes from Google Chrome users. Roughly 10% of Google Chrome users have PQC algorithms enabled, according to Cloudflare.

On the one hand, this sub-2% figure seems pitiful. But when you consider how much traffic Cloudflare handles, you realise these post-quantum algorithms are getting hammered at scale.

Brave readers can check out Cloudflare’s blog. It’s a 10,000-word dissertation, covering everything from why we need PQC algorithms to performance metrics for individual algorithms.

Some Random Ideas

People have tried some very weird tricks to generate random data.

I recently spotted a blog which walks through some of the more esoteric ideas employed by companies like Cloudflare.

You may have heard about their Lava Lamp wall. But did you know each Cloudflare office has a different gimmick installed in the foyer, ranging from pendulums to overgrown baby mobiles?

Elsewhere, different organisations are measuring seismic activity or looking at atmospheric static and pulsars to try and find something unpredictable.

It’s almost sad that these ideas will soon be a nostalgic curiosity of the past. Nowadays, quantum technology allows us to generate provably random data. And while mixing sources of randomness is always a healthy idea, we won’t be needing walls of Lava Lamps to protect the internet going forward.

I hope people keep doing weird things to generate randomness. It’s fun to see what ideas get invented. But with my security hat on, I’m glad we will be relying on stronger quantum foundations in the years ahead.