Modern Cryptography & Post-Quantum Security

From Elliptic Curve primitives to Zero-Knowledge Proofs, we explore the mathematical bedrock of secure digital infrastructure.

Cryptography is the only technology that allows us to tip the balance of power in the digital realm towards the defender. However, implementing cryptography correctly is notoriously difficult. At Udero, we focus on practical, misuse-resistant cryptography and the theoretical underpinnings of the next generation of algorithms.

Modern Primitives

We advocate for modern, high-performance, and constant-time primitives over legacy standards.

  • X25519 & Ed25519: Curve25519-based key exchange and signatures offer superior performance and security properties compared to NIST curves, including immunity to timing attacks.
  • ChaCha20-Poly1305: An authenticated encryption with associated data (AEAD) stream cipher that performs exceptionally well on mobile and devices without hardware AES acceleration.
  • Blake3: A cryptographic hash function that is significantly faster than MD5, SHA-1, SHA-2, and SHA-3, while offering security comparable to SHA-3.

Post-Quantum Cryptography (PQC)

The advent of large-scale quantum computers threatens to break current public-key cryptography (RSA, ECC). The industry is transitioning to Post-Quantum Cryptography.

Lattice-Based Cryptography

Algorithms like Kyber (Key Encapsulation) and Dilithium (Signatures) are leading candidates in NIST's PQC standardization. We analyze how these lattice-based schemes work and the challenges of integrating them into existing protocols like TLS and SSH.

Zero-Knowledge Proofs (ZKPs)

ZKPs allow one party to prove to another that a statement is true without revealing any information beyond the validity of the statement itself. This technology is revolutionizing privacy.

  • zk-SNARKs & zk-STARKs: We explore the differences, trade-offs in trusted setup, proof size, and verification time.
  • Applications: From privacy-preserving blockchains to anonymous identity verification and scalable rollups.

Secure Key Management

The strength of encryption relies entirely on the secrecy of the keys.

  • HSMs & TPMs: Utilizing Hardware Security Modules and Trusted Platform Modules for hardware-backed key generation and storage.
  • Secure Enclaves: Leveraging technologies like Intel SGX and AWS Nitro Enclaves to process sensitive data in isolated memory regions.

Implementation Safety

Cryptography is useless if implemented poorly. We cover side-channel attacks, nonce reuse hazards, and the importance of using formally verified implementations like HACL*.