Twitter | Pretraživanje | |
Sarah Jamie Lewis 1. tra
We finally have a statement from on the suspension of the evoting system because of multiple critical vulnerabilities (mostly: "This vulnerability could allow a voter to cast an invalid vote which would not be detected by the voter")
Reply Retweet Označi sa "sviđa mi se"
Sarah Jamie Lewis 1. tra
Odgovor korisniku/ci @SarahJamieLewis
"Scytl acknowledges the valuable input provided by the researchers who have participated in this initiative and more concretely to the ones that detected the issues in the source code." We have names Scytl.
Reply Retweet Označi sa "sviđa mi se"
Sarah Jamie Lewis 1. tra
Odgovor korisniku/ci @SarahJamieLewis
"No other Scytl solutions are affected by this recent finding." Given that other Scytl solutions *were* impacted by our previous finding (the mixnet with the trapdoor) it's surprising that none are impacted by the weak ZKP implementations. Sadly there is no code to check.
Reply Retweet Označi sa "sviđa mi se"
Sarah Jamie Lewis 1. tra
Odgovor korisniku/ci @SarahJamieLewis
I think it is fair to contrast this statement with the original statement they made about comments on their source code, in which they criticized our conduct and stated we had "misunderstandings related to the cryptographic mechanisms" No apology still.
Reply Retweet Označi sa "sviđa mi se"
Sarah Jamie Lewis 1. tra
Odgovor korisniku/ci @SarahJamieLewis
"It is indeed because the cryptographic protocols have achieved complete verifiability that the source code has been published, with the confidence that no attack might compromise the secrecy of the ballot box and the integrity of the election results." Worth remembering.
Reply Retweet Označi sa "sviđa mi se"
Sarah Jamie Lewis 1. tra
Odgovor korisniku/ci @SarahJamieLewis
We cannot judge the accuracy of statements made by Scytl. It is only because we spent the time to pick apart the source code (after getting criticized for doing that) that we found issues that directly contradict not just previous statements but the whole auditing process.
Reply Retweet Označi sa "sviđa mi se"
Sarah Jamie Lewis 1. tra
Odgovor korisniku/ci @SarahJamieLewis
This is a "We take the security of your democracy very seriously" statement. It's disingenuous. It's unapologetic. Any government that decides to entrust Scytl with their democracy after all of this should be regarded with intense suspicion & placed under harsh scrutiny.
Reply Retweet Označi sa "sviđa mi se"
Sarah Jamie Lewis
Every. Single. Zero. Knowledge. Proof. Implementation. In. The. Scytl. System. Has. Critical. Issues. Every. Single. One.
Reply Retweet Označi sa "sviđa mi se" More
Sarah Jamie Lewis 1. tra
Odgovor korisniku/ci @SarahJamieLewis
The Shuffle Proof - Cryptographic Trapdoor leading to a break in Universal Verifiability - The Maurer Framework - Weak Fiat-Shamir, leading to broken Decryption Proofs & break in Individual Verifiability
Reply Retweet Označi sa "sviđa mi se"
Sarah Jamie Lewis 1. tra
Odgovor korisniku/ci @SarahJamieLewis
The OR Proof - shouldn't have been there at all, failed verification check leading to a completely broken Verifier. Every other zkp protocol implementation in the code is made up of one or more of the above.
Reply Retweet Označi sa "sviđa mi se"
Sarah Jamie Lewis 1. tra
Odgovor korisniku/ci @VTeagueAus
We (, Olivier Pereira and I) found issues in every. single. one. In many cases we generated fraud proofs that would pass a real instantiation of the verifier, and provided some tests that would pass despite providing clearly fraudulent inputs.
Reply Retweet Označi sa "sviđa mi se"
Sarah Jamie Lewis 1. tra
Odgovor korisniku/ci @SarahJamieLewis
The idea that no other critical issues exist in that code base would directly contradict every piece of evidence up to right now. The idea that other similar issues don't exist in other Scytl solutions that haven't been subjected to the same transparency is laughable.
Reply Retweet Označi sa "sviđa mi se"
Sarah Jamie Lewis 1. tra
Odgovor korisniku/ci @SarahJamieLewis
It is 2019, election hacking is a very real risk. Most of the adversaries that you have to worry about are not a tiny team of sleep-deprived academics and underfunded non-profit researchers. Let's be brutally honest here, our team did amazing work, but it's a drop in the ocean.
Reply Retweet Označi sa "sviđa mi se"
Sarah Jamie Lewis 3. tra
Odgovor korisniku/ci @dr_planck
1) You seem to have completely missed the entire context of this tweet. 2) Can I see the audit reports? Because that would be extremely impressive.
Reply Retweet Označi sa "sviđa mi se"