Daminha Blog

This blog delves into two critical aspects of stream ciphers and pseudorandom generators (PRGs). The first part exposes severe vulnerabilities that arise from the misuse of stream ciphers, focusing on two classic attacks: the “two-time pad” flaw, where key reuse leads to complete plaintext disclosure, and “malleability,” which allows an attacker to modify message content undetectably. The second part shifts from attacks to constructions, introducing a method for combining secure PRGs to create a new one with a longer output. The centerpiece of this section is the detailed presentation of the “hybrid argument,” a fundamental and powerful proof technique widely used in modern cryptography to demonstrate the security of protocols. [Read More]

This post explores the stream cipher, a practical solution to the long-key problem of the One-Time Pad. We delve into how a “pseudo-random generator” (PRG) can “stretch” a short key (seed) into a long keystream for encryption. The blog’s core focuses on the formal security definition of a PRG—the concept of “computational indistinguishability”—and presents a detailed proof demonstrating that a secure PRG leads to a semantically secure stream cipher. [Read More]

This blog delves deeper into the meaning and consequences of semantic security, one of the foundational concepts of modern cryptography. We will begin by proving that a semantically secure encryption scheme does not allow an adversary to deduce even the smallest piece of partial information about the original message, such as its parity. Next, through the example of an Internet roulette game, the blog will illustrate how the definition of semantic security is applied to analyze the security of real-world applications. Finally, we will become acquainted with another, equivalent interpretation of semantic security—the bit-guessing game—a powerful and convenient tool commonly used in cryptographic proofs. [Read More]

A deep-dive into advanced process injection techniques, demonstrating how to bypass Windows’ Protected Process Light (PPL) security mechanism. The post covers the journey from classic DLL injection to exploiting the KnownDlls TOCTOU vulnerability in CSRSS, and finally using Shellcode Reflective DLL Injection (sRDI) to achieve code execution in a PPL process. [Read More]

This blog is a detailed technical guide on how to perform session hijacking by extracting, decrypting, and transferring encrypted Google Chrome cookies from one computer to another. It delves into Chrome’s security mechanisms, explaining how cookies are encrypted using the AES-256-GCM algorithm and how the encryption key is protected by Windows’ Data Protection API (DPAPI). The blog specifically highlights the complexities involved in handling the newer version 20 (v20) cookies, which are protected by App-Bound Encryption and require SYSTEM-level privileges to decrypt. By following the instructions provided, readers will be able to clone a login session and potentially bypass even two-factor authentication (2FA) mechanisms. [Read More]

This blog introduces the notion of message recovery attacks, defines the corresponding security game, and proves that semantic security implies message recovery security via a black-box reduction. A semantic adversary is constructed by wrapping around a message recovery adversary, showing that any success in message recovery would contradict semantic security. This sets the stage for future reductions that interrelate various cryptographic security notions. [Read More]

This blog post explores the concept of Perfect Security in cryptography, which guarantees that observing a ciphertext provides no additional information about the original message. We establish a fundamental theorem stating that Perfect Security is equivalent to the statistical independence of ciphertexts and plaintexts. However, Shannon’s Theorem proves that achieving Perfect Security requires the secret key to be at least as long as the message, making practical implementations infeasible beyond small-scale use cases like the One-Time Pad. [Read More]

In the rapidly evolving world of cryptography, verifying large-degree polynomials efficiently is a challenge. The FRI protocol solves this by enabling the prover to demonstrate that a given polynomial is close to a low-degree one through a series of recursive folding steps. By halving the polynomial’s degree progressively, the FRI protocol reduces computational complexity while preserving the security of the verification process. The prover commits to the polynomial’s evaluations using Merkle trees, ensuring both integrity and consistency, which are verified through collinearity checks. In this blog, we take a deep dive into the mechanics of the FRI protocol, from the commitment phase where the degree is halved to the query phase where the verifier checks consistency. Whether you are a blockchain enthusiast, cryptography expert, or just curious about the future of digital proofs, understanding the FRI protocol will give you a glimpse into the future of secure, scalable cryptographic verification. [Read More]

This blog provides a comprehensive overview of zk-Rollups and zkEVMs, highlighting their advantages in scalability, data compression, and enhanced privacy. Despite their potential, challenges such as developer unfriendliness and lack of composability hinder widespread adoption. By examining two primary approaches for building decentralized applications (DApps) on zk-Rollups—application-specific circuits and universal EVM circuits—we shed light on the ongoing evolution of Ethereum technology. Ultimately, the zkEVM represents a significant leap forward, merging familiar smart contract execution with the groundbreaking capabilities of zero-knowledge proofs. [Read More]

This blog delves into the vulnerabilities associated with the MicroLogix 1400 PLC, particularly focusing on CVE-2021-22659. Through a detailed analysis, I outline the phases of potential attacks, the underlying Modbus protocol, and the steps necessary for effective remediation. By understanding the intricacies of this vulnerability and employing robust security measures, organizations can better protect their operational technology environments. With the insights gained from the OPSWAT Fellowship Program, this work serves as a crucial resource for enhancing cybersecurity in industrial settings. [Read More]