D. J. Bernstein's personal weblog. en-us http://blog.cr.yp.to 600 Counting votes. #pqcrypto #hybrids #nsa #ietf #voting http://blog.cr.yp.to/20260405-votes.html 05 Apr 2026 19:25:02 -0000 The structure of the debate. #pqcrypto #hybrids #nsa #ietf #chart http://blog.cr.yp.to/20260221-structure.html 24 Mar 2026 02:54:35 -0000 One battle after another. #pqcrypto #hybrids #nsa #ietf #lastcall http://blog.cr.yp.to/20260219-obaa.html 19 Feb 2026 13:34:02 -0000 An example of censored dissent. #pqcrypto #hybrids #nsa #ietf #scope http://blog.cr.yp.to/20251123-scope.html 23 Nov 2025 18:14:15 -0000 Dodging the issues at hand. #pqcrypto #hybrids #nsa #ietf #dodging http://blog.cr.yp.to/20251123-dodging.html 01 Dec 2025 17:36:05 -0000 Corruption continues. #pqcrypto #hybrids #nsa #ietf #corruption http://blog.cr.yp.to/20251123-corruption.html 23 Nov 2025 17:43:20 -0000 The collapse of IETF's protections for dissent. #ietf #objections #censorship #hybrids http://blog.cr.yp.to/20251005-modpod.html 07 Oct 2025 14:58:28 -0000 Can an attacker simply purchase standardization of weakened cryptography? #pqcrypto #hybrids #nsa #ietf #antitrust http://blog.cr.yp.to/20251004-weakened.html 04 Oct 2025 21:32:21 -0000 On the importance of not being seen. #marketing #stealth #nsa http://blog.cr.yp.to/20250930-stealth.html 03 Oct 2025 09:53:30 -0000 Looking at what's happening, and analyzing rationales. #nist #iso #deployment #performance #security http://blog.cr.yp.to/20250423-mceliece.html 17 Jul 2025 21:29:27 -0000 Looking at some claims that quantum computers won't work. #quantum #energy #variables #errors #rsa #secrecy http://blog.cr.yp.to/20250118-flight.html 18 Jan 2025 17:45:19 -0000 Questioning a puzzling claim about mass surveillance. #attackers #governments #corporations #surveillance #cryptowars http://blog.cr.yp.to/20241028-surveillance.html 02 Nov 2024 08:01:39 -0000 You're making Clang angry. You wouldn't like Clang when it's angry. #compilers #optimization #bugs #timing #security #codescans http://blog.cr.yp.to/20240803-clang.html 03 Aug 2024 21:05:12 -0000 It's as easy as [1], [2], [3]. #bibliographies #citations #bibtex #votemanipulation #paperwriting http://blog.cr.yp.to/20240612-bibkeys.html 06 Jul 2024 16:10:23 -0000 Analyzing the NSA/GCHQ arguments against hybrids. #nsa #quantification #risks #complexity #costs http://blog.cr.yp.to/20240102-hybrid.html 11 Nov 2024 08:55:04 -0000 Responding to a recent blog post. #nist #uncertainty #errorbars #quantification http://blog.cr.yp.to/20231125-kyber.html 23 Dec 2023 15:06:14 -0000 Two algorithm analyses, from first principles, contradicting NIST's calculation. #xor #popcount #gates #memory #clumping http://blog.cr.yp.to/20231023-clumping.html 23 Oct 2023 18:14:49 -0000 Debunking NIST's calculation of the Kyber-512 security level. #nist #addition #multiplication #ntru #kyber #fiasco http://blog.cr.yp.to/20231003-countcorrectly.html 30 Oct 2023 14:50:11 -0000 How to perpetuate security problems. #overclocking #performancehype #power #timing #hertzbleed #riskmanagement #environment http://blog.cr.yp.to/20230609-turboboost.html 09 Jun 2023 11:23:03 -0000 Announcing my second lawsuit against the U.S. government. #nsa #nist #des #dsa #dualec #sigintenablingproject #nistpqc #foia http://blog.cr.yp.to/20220805-nsa.html 08 Mar 2024 21:29:41 -0000 Understanding the delayed rollout of post-quantum cryptography. #pqcrypto #patents #ntru #lpr #ding #peikert #newhope http://blog.cr.yp.to/20220129-plagiarism.html 21 Jul 2024 13:24:35 -0000 Review of "An Efficiency Comparison of Document Preparation Systems Used in Academic Research and Development" by Knauff and Nejasmic. #latex #word #efficiency #metrics http://blog.cr.yp.to/20201206-msword.html 09 Jan 2022 04:49:28 -0000 Cryptosystem designers successfully predicting, and protecting against, implementation failures. #ecdsa #eddsa #hnp #lwe #bleichenbacher #bkw http://blog.cr.yp.to/20191024-eddsa.html 09 Jan 2022 04:49:28 -0000 Understanding one of the most important changes in the high-speed-software ecosystem. #vectorization #sse #avx #avx512 #antivectors http://blog.cr.yp.to/20190430-vectorize.html 30 Apr 2019 14:45:32 -0000 A case study of how quickly an attack can be developed from a limited disclosure. #infineon #roca #rsa http://blog.cr.yp.to/20171105-infineon.html 09 Jan 2022 04:49:28 -0000 Analysis of several algorithms for the collision problem, and for the related multi-target preimage problem. #collision #preimage #pqcrypto http://blog.cr.yp.to/20171017-collisions.html 09 Jan 2022 04:49:28 -0000 An effort to clean up several messes simultaneously. #rng #forwardsecrecy #urandom #cascade #hmac #rekeying #proofs http://blog.cr.yp.to/20170723-random.html 26 Jul 2017 11:49:44 -0000 News regarding the SUPERCOP benchmarking system, and more recommendations to NIST. #benchmarking #supercop #nist #pqcrypto http://blog.cr.yp.to/20170719-pqbench.html 09 Jan 2022 04:49:28 -0000 My comments to NIST on the first draft of their call for submissions. #standardization #nist #pqcrypto http://blog.cr.yp.to/20161030-pqnist.html 30 Oct 2016 23:01:57 -0000 A few notes on technology-fueled normalization of lynch mobs targeting both the accuser and the accused. #ethics #crime #punishment http://blog.cr.yp.to/20160607-dueprocess.html 09 Jan 2022 04:49:28 -0000 How quantum cryptographers are stealing a quarter of a billion Euros from the European Commission. #qkd #quantumcrypto #quantummanifesto http://blog.cr.yp.to/20160516-quantum.html 09 Jan 2022 04:49:28 -0000 Can the government censor how-to books? What if some of the readers are criminals? What if the books can be understood by a computer? An introduction to freedom of speech for software publishers. #censorship #firstamendment #instructions #software #encryption http://blog.cr.yp.to/20160315-jefferson.html 09 Jan 2022 04:49:28 -0000 Batch attacks are often much more cost-effective than single-target attacks. #batching #economics #keysizes #aes #ecc #rsa #dh #logjam http://blog.cr.yp.to/20151120-batchattacks.html 09 Jan 2022 04:49:28 -0000 Abstract of my tutorial at ETAPS 2015. #etaps #compilers #cpuevolution #hotspots #optimization #domainspecific #returnofthejedi http://blog.cr.yp.to/20150314-optimizing.html 09 Jan 2022 04:49:28 -0000 How Equitrac's marketing department misrepresents and interferes with your work. #equitrac #followyouprinting #dilbert #officespaceprinter http://blog.cr.yp.to/20150218-printing.html 09 Jan 2022 04:49:28 -0000 How we built a cluster capable of computing 3000000000000000000000 multiplications per year for just 50000 EUR. #nvidia #linux #howto http://blog.cr.yp.to/20140602-saber.html 09 Jan 2022 04:49:28 -0000 Low-cost changes to CPU architecture would make cryptography much safer and much faster. #constanttimecommitment #vmul53 #vcarry #pipelinedocumentation http://blog.cr.yp.to/20140517-insns.html 09 Jan 2022 04:49:28 -0000 The first step towards improvement is to admit previous failures. #standardization #nist #des #dsa #dualec #nsa http://blog.cr.yp.to/20140411-nist.html 09 Jan 2022 04:49:28 -0000 There are many choices of elliptic-curve signature systems. The standard choice, ECDSA, is reasonable if you don't care about simplicity, speed, and security. #signatures #ecc #elgamal #schnorr #ecdsa #eddsa #ed25519 http://blog.cr.yp.to/20140323-ecdsa.html 23 Oct 2023 09:54:08 -0000 Computational algebraic number theory tackles lattice-based cryptography. http://blog.cr.yp.to/20140213-ideal.html 09 Jan 2022 04:49:28 -0000 The conventional wisdom says that hash outputs can't be controlled; the conventional wisdom is simply wrong. http://blog.cr.yp.to/20140205-entropy.html 17 Mar 2023 13:15:02 -0000