Edlyn Teske

Edlyn Teske

Edlyn has a distinguished career as a Professor of Mathematics at the Department of Combinatorics and Optimization and the Centre for Applied Cryptographic Research, University of Waterloo (Canada). While in the San Francisco Bay Area, she worked as Senior Solutions Architect at Cryptomathic Inc., and also was teaching at the German International School of Silicon Valley's Saturday School. Edlyn currently lives in Leipzig, Germany, working as Senior Crypto Expert at Cryptomathic GmbH. She is also busy mother of four children ages 9 to 19.
Beyond the Video-Ident Hack: Securely Sign with a Smile

Beyond the Video-Ident Hack: Securely Sign with a Smile

For trustworthy remote identity verification, a proof of the authenticity of the identity card and of the integrity of its contents is needed, along with reliable binding between the ID card and the identifying individual. Verification of biometric markers in a remote video identification procedure has long been undermined by deep fake technology. The recent hack of the Video-Ident procedure presents a more scalable attack and has further destroyed trust in online identity verification. A solution to this problem lies in the utilization of the NFC chip that is built into a growing number of national identity cards.

NIST Post-Quantum Cryptography Standardization: SIKE Bites the Dust

NIST Post-Quantum Cryptography Standardization: SIKE Bites the Dust

Just a month ago, NIST announced its selection of three digital signature algorithms and one key establishment mechanism (KEM) for future use in quantum-resistant cryptography applications. Also, four algorithms for post-quantum key establishment were selected as candidates for the 4th round of evaluation, for potential standardization at a later time.

What You See Is What You Timestamp – A cost-effective acceptance method to guarantee non-repudiation document acceptance for legal archiving purposes

What You See Is What You Timestamp – A cost-effective acceptance method to guarantee non-repudiation document acceptance for legal archiving purposes

In this article, we proposeWhat-You-See-Is-What-You-Timestamp (WYSIWYT) as an attractive alternative to Qualified Electronic Signatures, for certain signing needs where non-repudiable user acceptance and integrity protection are required for a given contract or transaction, i.e. when documents need to be formally accepted, but where no fulfilment form is prescribed by national law.

The NIST Announcement on Quantum-Resistant Cryptography Standards is Out. Act Now!

The NIST Announcement on Quantum-Resistant Cryptography Standards is Out. Act Now!

An over five-year-long process has come to a preliminary end: On July 5, 2022, NIST issued the long-awaited announcement of the winners of Round 3 of the NIST Post-Quantum Crypto (PQC) Standardization Process, that is, which quantum-resistant cryptographic algorithms NIST has selected for standardization.

Explaining the Java ECDSA Critical Vulnerability

Explaining the Java ECDSA Critical Vulnerability

On April 19, 2022, information about a severe vulnerability in recent versions of Java shook up the security community.

NIST PQC Finalists Update: It’s Over For The Rainbow

NIST PQC Finalists Update: It’s Over For The Rainbow

Last month, one of the three NIST finalists for post-quantum signature schemes has received its final nail in the coffin: Ward Beullens, a PostDoc at IBM Research, published a practical key recovery attack against the Rainbow signature scheme.

RSA is not destroyed, but do remain vigilant and be crypto-agile!

RSA is not destroyed, but do remain vigilant and be crypto-agile!

During the last couple of weeks, a little shake went through parts of the security community. This was caused by a preprint by Professor Dr. Claus Peter Schnorr titled “Fast Factoring Integers by SVP Algorithms”, published on the IACR’s E-print Server.

The SolarWinds attack and best practices for code-signing

The SolarWinds attack and best practices for code-signing

Since the announcement of the SolarWinds supply chain attack, intensive analysis has been done by Crowdstrike, FireEye (with additional details), Microsoft, Symantec, SolarWinds, and many others, to understand the attack’s workings both within SolarWinds and in the targeted networks. Here we focus on the code signing procedures, which seemingly failed at SolarWinds but likely could have mitigated the risk of the attack if they had been implemented and enforced to a higher standard.

Building Security Systems for the Internet of Things and Crypto Agility

Building Security Systems for the Internet of Things and Crypto Agility

There is no silver bullet when it comes to securing “the” Internet of Things, instead, a careful analysis of the individual application is needed. In this article we explore a methodical, yet pragmatic approach to securing IOT devices.