Editors' Pick

Trending Posts

Popular Post

Recent Posts

post-thumb

A look in the rearview mirror, from JDK 1.3 to JDK 22

For reasons that I will have to detail in a future post, I am diving back partly into the code, and into Java. The last time I coded “for real”, it was to make Java applications on feature phones (the stuff between Nokia 3210 and smartphones), in J2ME , and Windows Mobile applications on Windows Phone. Before the era of smartphones therefore. Before that, I had developed mainly in Java for web services, via servlets, an in-house templating engine, then via Java Server Pages .

Read more
post-thumb

Privacy-preserving Solution Using BBS+ for Digital Identity and Wallet

With the eIDAS 2.0 regulation enactment, European citizens will be able to use a Digital Wallet to manage their own digital identity documents, or credentials. These credentials will contain attributes about their holder such as, date of birth, address, etc. The regulation stipulates that the use of the digital wallet and the credentials it contains should ensure the privacy of their users. The privacy-preserving credentials, also called anonymous credentials, will allow their holder to prove attribute values to verifying parties such as government entities or other private services without revealing non-relevant attributes. However, the current regulation does not provide a way to avoid user profiling. Meaning that if users present the same credential multiple times, a profile of the users can be made by the verifying entities which poses a privacy issue for the future. This problem arises because of the regulation recommends a cryptographic solution (i.e., SD-JWT)) that does not achieve this feature. Another cryptographic solution enables this property, namely BBS+ signature scheme.

Read more
post-thumb

Migration towards Quantum-Safe payments

Introduction

Today’s payment systems are heavily dependent on traditional cryptographic security protocols such as RSA 2048 (asymmetric) and AES 256 (symmetric) to secure data and communications. The NIST also recommends [1] RSA 2048 key size is the most used in the industry such as EMV 3DS specification recommends such key size [2] or above. The usefulness of the asymmetric cryptographic primitives RSA, Elliptic curve based, and symmetric cryptographic primitive AES are huge in payments, refer to our previous blog post to find in detail, you can find a description of where these RSA, Eliptic curve or AES cryptographic primitives are used for payments and how the asymmetric ones (RSA, EC) are absolutely threatened by quantum computers. And even if quantum computing does not pose a fatal threat to symmetric cryptography such as AES, you need to double the key length to guarantee the same level of security against a quantum computer attack.

Read more