#research-notesView all tags

• Hybrid Schemes and Protocol Agility

  April 16, 2026 · 10 min — #research-notes#post-quantum-cryptography#cryptography#protocol-design#security-critical-infrastructure#devsecops#distributed-systems#TLS

• The Leaf Is the Hot Path: Signature Placement in Post-Quantum TLS (ML-DSA vs SLH-DSA)

  April 8, 2026 · 9 min — #research-notes#post-quantum-cryptography#cryptography#protocol-design#security-critical-infrastructure#devsecops#distributed-systems#TLS#PKI

• Stateful Signatures Are a Distributed Systems Problem: XMSS/LMS Without Index Reuse

  April 1, 2026 · 10 min — #research-notes#post-quantum-cryptography#cryptography#security-critical-infrastructure#devsecops#iiot-platforms#distributed-systems#formal-methods

• Termination Is a Security Boundary: HotStuff Under UC, Delay Attacks, and the Uncomfortable Gap to Rust

  March 28, 2026 · 13 min — #research-notes#distributed-systems#consensus#BFT#formal-methods#cryptography#Rust#security

• Secure Distributed Storage: Erasure Coding Under Adversaries

  March 1, 2026 · 3 min — #research-notes#distributed-systems#cryptography#formal-methods#security

• Verifiable Computation as Infrastructure: Proof Systems at Scale

  February 1, 2026 · 3 min — #research-notes#distributed-systems#cryptography#formal-methods#security

• Composable Security: Where Proofs Break in Real Systems

  January 1, 2026 · 3 min — #research-notes#distributed-systems#cryptography#formal-methods#security

• Research Frontiers: Composability, Proofs, and Future Primitives

  December 1, 2025 · 3 min — #research-notes#post-quantum-cryptography#security-critical-infrastructure#protocol-design#cryptography

• Long-Lived Secrets: Forward Secrecy, KEMs, and Key Erasure

  November 1, 2025 · 3 min — #research-notes#post-quantum-cryptography#security-critical-infrastructure#protocol-design#cryptography

• Post-Quantum DoS Surfaces: Handshakes, Amplification, and Mitigations

  October 1, 2025 · 3 min — #research-notes#post-quantum-cryptography#security-critical-infrastructure#protocol-design#cryptography

• Operationalizing PQC: Monitoring, Rollback, and Incident Response

  September 1, 2025 · 3 min — #research-notes#post-quantum-cryptography#security-critical-infrastructure#protocol-design#cryptography

• Quantum-Safe VPN Design: Lessons from Implementing a PQ IPSec Stack

  August 1, 2025 · 3 min — #research-notes#post-quantum-cryptography#security-critical-infrastructure#protocol-design#cryptography

• no_std Crypto in Rust: Determinism, Side Channels, and Constraints

  July 1, 2025 · 3 min — #research-notes#post-quantum-cryptography#security-critical-infrastructure#protocol-design#cryptography

• BFT with PQ Primitives: When Crypto Costs Dominate

  June 1, 2025 · 3 min — #research-notes#post-quantum-cryptography#security-critical-infrastructure#protocol-design#cryptography

• Quantum-Resilient Identity: Device + Human, Online + Offline

  May 1, 2025 · 3 min — #research-notes#post-quantum-cryptography#security-critical-infrastructure#protocol-design#cryptography

• PQC for Blockchain Signatures: Wallet UX, Size, and Verification Cost

  April 1, 2025 · 3 min — #research-notes#post-quantum-cryptography#security-critical-infrastructure#protocol-design#cryptography

• Quantum-Safe Secure Boot: Firmware Roots and PQ Signatures

  March 1, 2025 · 3 min — #research-notes#post-quantum-cryptography#security-critical-infrastructure#protocol-design#cryptography

• Hybrid Key Management: Rotations Across Algorithm Families

  February 1, 2025 · 3 min — #research-notes#post-quantum-cryptography#security-critical-infrastructure#protocol-design#cryptography

• Quantum Threat Modeling for Infrastructure: What Changes, What Doesn’t

  January 1, 2025 · 3 min — #research-notes#post-quantum-cryptography#security-critical-infrastructure#protocol-design#cryptography

• Designing for Catastrophic Failure: Compartmentalization and Recovery

  December 1, 2024 · 4 min — #research-notes#security#distributed-infrastructure#threat-modeling#resilience

• ZKP Systems Engineering: Provers, Verifiers, and Operational Cost

  November 1, 2024 · 4 min — #research-notes#security#distributed-infrastructure#threat-modeling#resilience

• Formal Verification of Crypto Protocols: Models, Gaps, and Pain

  October 1, 2024 · 4 min — #research-notes#security#distributed-infrastructure#threat-modeling#resilience

• Secure Enclaves in Distributed Systems: Remote Attestation and Trust

  September 1, 2024 · 4 min — #research-notes#security#distributed-infrastructure#threat-modeling#resilience

• Metadata and Privacy: The Hard Part Isn’t Encryption

  August 1, 2024 · 4 min — #research-notes#security#distributed-infrastructure#threat-modeling#resilience

• Byzantine Fault Injection: Testing Protocols Like an Attacker

  July 1, 2024 · 4 min — #research-notes#security#distributed-infrastructure#threat-modeling#resilience

• Consensus Under Attack: Adaptive Adversaries and Network Control

  June 1, 2024 · 4 min — #research-notes#security#distributed-infrastructure#threat-modeling#resilience

• Time-Based Attacks: NTP Manipulation, Expiration, and Replay

  May 1, 2024 · 4 min — #research-notes#security#distributed-infrastructure#threat-modeling#resilience

• Sandbox Escapes: Isolation Boundaries as a Design Input

  April 1, 2024 · 4 min — #research-notes#security#distributed-infrastructure#threat-modeling#resilience

• Supply Chain Attacks: Dependency Poisoning and Maintainer Compromise

  March 1, 2024 · 4 min — #research-notes#security#distributed-infrastructure#threat-modeling#resilience

• DDoS at Scale: Adaptive Defense and Cost Asymmetry

  February 1, 2024 · 4 min — #research-notes#security#distributed-infrastructure#threat-modeling#resilience

• BGP and Routing Attacks: Engineering for the Internet We Have

  January 1, 2024 · 4 min — #research-notes#security#distributed-infrastructure#threat-modeling#resilience

• Compliance & Standards: Translating NIST to Engineering Action

  December 1, 2023 · 3 min — #research-notes#post-quantum-cryptography#cryptography#security#protocol-design

• Migration Risk Management: Inventory, Prioritization, and Cutover

  November 1, 2023 · 4 min — #research-notes#post-quantum-cryptography#cryptography#security#protocol-design

• Side Channels in PQC Implementations: Where Theory Meets Cache

  October 1, 2023 · 3 min — #research-notes#post-quantum-cryptography#cryptography#security#protocol-design

• Benchmarking PQC: What to Measure (and What Not To)

  September 1, 2023 · 4 min — #research-notes#post-quantum-cryptography#cryptography#security#protocol-design

• Crypto Agility Tooling: Feature Flags, Policy, and Rollback

  August 1, 2023 · 4 min — #research-notes#post-quantum-cryptography#cryptography#security#protocol-design

• PQC for IoT: Memory, CPU, and Timing Side Channels

  July 1, 2023 · 3 min — #research-notes#post-quantum-cryptography#cryptography#security#protocol-design

• PQC in VPN/IPsec: IKEv2 Revisited Under PQ Constraints

  June 1, 2023 · 3 min — #research-notes#post-quantum-cryptography#cryptography#security#protocol-design

• PQC in TLS: Negotiation, Downgrade, and Interop

  May 1, 2023 · 4 min — #research-notes#post-quantum-cryptography#cryptography#security#protocol-design

• Hybrid Key Exchange: Binding Classical and PQ Secrets Correctly

  April 1, 2023 · 3 min — #research-notes#post-quantum-cryptography#cryptography#security#protocol-design

• Signatures in Practice: Dilithium/Falcon and Deployment Constraints

  March 1, 2023 · 4 min — #research-notes#post-quantum-cryptography#cryptography#security#protocol-design

• KEMs in Practice: Kyber Handshakes and Failure Surfaces

  February 1, 2023 · 4 min — #research-notes#post-quantum-cryptography#cryptography#security#protocol-design

• PQC Threat Models: 'Harvest Now, Decrypt Later' in Real Systems

  January 1, 2023 · 4 min — #research-notes#post-quantum-cryptography#cryptography#security#protocol-design

• Red Teaming Infrastructure: Turning Attacks into Regression Tests

  December 1, 2022 · 3 min — #research-notes#DevSecOps#security#resilience#security-critical-infrastructure

• Rust/Go Secure Coding Patterns: The Bugs That Still Happen

  November 1, 2022 · 3 min — #research-notes#DevSecOps#security#resilience#security-critical-infrastructure

• Secure Configuration: Policy-as-Code and Guardrails

  October 1, 2022 · 3 min — #research-notes#DevSecOps#security#resilience#security-critical-infrastructure

• Backup/Restore as a Protocol: RPO/RTO with Adversaries

  September 1, 2022 · 3 min — #research-notes#DevSecOps#security#resilience#security-critical-infrastructure

• Observability at Scale: Traces, Cardinality, and Cost

  August 1, 2022 · 3 min — #research-notes#DevSecOps#security#resilience#security-critical-infrastructure

• Rate Limiting & Load Shedding: Protecting Reliability SLOs

  July 1, 2022 · 3 min — #research-notes#DevSecOps#security#resilience#security-critical-infrastructure

• Multi-Region Design: Failover That You Can Actually Test

  June 1, 2022 · 4 min — #research-notes#DevSecOps#security#resilience#security-critical-infrastructure

• Kubernetes Hardening: RBAC, NetworkPolicy, and Pod Security

  May 1, 2022 · 4 min — #research-notes#DevSecOps#security#resilience#security-critical-infrastructure

• Runtime Security: eBPF, Policy, and Drift Detection

  April 1, 2022 · 3 min — #research-notes#DevSecOps#security#resilience#security-critical-infrastructure

• Secrets Hygiene: Rotation, Scoping, and Runtime Delivery

  March 1, 2022 · 3 min — #research-notes#DevSecOps#security#resilience#security-critical-infrastructure

• Reproducible CI/CD: Determinism as Defense

  February 1, 2022 · 3 min — #research-notes#DevSecOps#security#resilience#security-critical-infrastructure

• Supply Chain Security: SLSA, SBOM, and Build Provenance

  January 1, 2022 · 3 min — #research-notes#DevSecOps#security#resilience#security-critical-infrastructure

• Post-Quantum Readiness at the Edge: Constraints and Migration

  December 1, 2021 · 4 min — #research-notes#IIoT#security-critical-infrastructure#distributed-systems#DevSecOps

• Anomaly Detection: What 'Baseline' Means in Industrial Systems

  November 1, 2021 · 4 min — #research-notes#IIoT#security-critical-infrastructure#distributed-systems#DevSecOps

• Secure Remote Access: Bastions, Just-in-Time, and Audit

  October 1, 2021 · 3 min — #research-notes#IIoT#security-critical-infrastructure#distributed-systems#DevSecOps

• Offline-First Edge: Consistency During Intermittent Connectivity

  September 1, 2021 · 3 min — #research-notes#IIoT#security-critical-infrastructure#distributed-systems#DevSecOps

• Safety-Critical vs Security-Critical: Integrating Two Worlds

  August 1, 2021 · 4 min — #research-notes#IIoT#security-critical-infrastructure#distributed-systems#DevSecOps

• Gateway Architecture: Protocol Translation Without Becoming a Bottleneck

  July 1, 2021 · 4 min — #research-notes#IIoT#security-critical-infrastructure#distributed-systems#DevSecOps

• Time-Series at Scale: Ingestion, Downsampling, and Query Isolation

  June 1, 2021 · 4 min — #research-notes#IIoT#security-critical-infrastructure#distributed-systems#DevSecOps

• Zero Trust for IIoT: Network Segmentation and Policy Enforcement

  May 1, 2021 · 4 min — #research-notes#IIoT#security-critical-infrastructure#distributed-systems#DevSecOps

• Firmware Update Pipelines: Rollouts, Canary, and Recovery

  April 1, 2021 · 4 min — #research-notes#IIoT#security-critical-infrastructure#distributed-systems#DevSecOps

• Edge-to-Cloud Messaging: MQTT, OPC UA, and Threat Models

  March 1, 2021 · 4 min — #research-notes#IIoT#security-critical-infrastructure#distributed-systems#DevSecOps

• Secure Telemetry: Integrity, Nonce Discipline, and Replay Protection

  February 1, 2021 · 3 min — #research-notes#IIoT#security-critical-infrastructure#distributed-systems#DevSecOps

• Device Identity: Provisioning, Attestation, and Lifecycle

  January 1, 2021 · 4 min — #research-notes#IIoT#security-critical-infrastructure#distributed-systems#DevSecOps

• Spec-Driven Development: Making the Spec the Center of Gravity

  December 1, 2020 · 4 min — #research-notes#formal-methods#verification#protocol-design#correctness

• Designing APIs for Correctness: Types, Lifetimes, and Capabilities

  November 1, 2020 · 3 min — #research-notes#formal-methods#verification#protocol-design#correctness

• Verified Crypto Interfaces: Constant-Time Boundaries and Misuse Resistance

  October 1, 2020 · 3 min — #research-notes#formal-methods#verification#protocol-design#correctness

• Symbolic Execution: When Brute Force Becomes Logic

  September 1, 2020 · 3 min — #research-notes#formal-methods#verification#protocol-design#correctness

• Concurrency Testing in Rust: Loom, Schedules, and Determinism

  August 1, 2020 · 3 min — #research-notes#formal-methods#verification#protocol-design#correctness

• Fuzzing Protocol Parsers: When Inputs Are Adversarial

  July 1, 2020 · 3 min — #research-notes#formal-methods#verification#protocol-design#correctness

• Differential Testing: Using Other Implementations as Oracles

  June 1, 2020 · 4 min — #research-notes#formal-methods#verification#protocol-design#correctness

• Property-Based Testing: Finding Bugs You Didn’t Imagine

  May 1, 2020 · 3 min — #research-notes#formal-methods#verification#protocol-design#correctness

• Refinement: Proving Your Implementation Matches the Spec

  April 1, 2020 · 3 min — #research-notes#formal-methods#verification#protocol-design#correctness

• Model Checking at Scale: State Explosion and How to Cheat

  March 1, 2020 · 4 min — #research-notes#formal-methods#verification#protocol-design#correctness

• TLA+ for Engineers: Modeling the Minimal Thing That Can Break You

  February 1, 2020 · 3 min — #research-notes#formal-methods#verification#protocol-design#correctness

• Safety/Liveness Catalog: A Practical Checklist for Protocol Specs

  January 1, 2020 · 3 min — #research-notes#formal-methods#verification#protocol-design#correctness

• Validator Ops: Key Security, Slashing, and Fault Containment

  December 1, 2019 · 3 min — #research-notes#blockchain-protocols#distributed-systems#cryptography#Rust

• Rust Node Architecture: Storage, Networking, and Deterministic Execution

  November 1, 2019 · 4 min — #research-notes#blockchain-protocols#distributed-systems#cryptography#Rust

• Formalizing a Blockchain Protocol: Properties Worth Proving

  October 1, 2019 · 4 min — #research-notes#blockchain-protocols#distributed-systems#cryptography#Rust

• ZK in Protocols: Proof Systems as Network Primitives

  September 1, 2019 · 4 min — #research-notes#blockchain-protocols#distributed-systems#cryptography#Rust

• Bridges: Where Trust Comes Back to Collect

  August 1, 2019 · 4 min — #research-notes#blockchain-protocols#distributed-systems#cryptography#Rust

• Fee Markets and MEV: Incentives as an Adversary

  July 1, 2019 · 4 min — #research-notes#blockchain-protocols#distributed-systems#cryptography#Rust

• State Commitments: Merkle, Verkle, and Proof Sizes

  June 1, 2019 · 4 min — #research-notes#blockchain-protocols#distributed-systems#cryptography#Rust

• Light Clients: Trust Minimization Without Full Replication

  May 1, 2019 · 4 min — #research-notes#blockchain-protocols#distributed-systems#cryptography#Rust

• Finality and Reorgs: What Users Think vs What Protocols Provide

  April 1, 2019 · 4 min — #research-notes#blockchain-protocols#distributed-systems#cryptography#Rust

• Gossip Networks: Propagation, Eclipse Attacks, and Topology

  March 1, 2019 · 4 min — #research-notes#blockchain-protocols#distributed-systems#cryptography#Rust

• Mempool Design Under Adversarial Load: Admission, Fees, and Spam

  February 1, 2019 · 4 min — #research-notes#blockchain-protocols#distributed-systems#cryptography#Rust

• The Ledger as a State Machine: Execution, Determinism, and Reproducibility

  January 1, 2019 · 4 min — #research-notes#blockchain-protocols#distributed-systems#cryptography#Rust

• Incident Response for Crypto Systems: Key Compromise Playbooks

  December 1, 2018 · 4 min — #research-notes#cryptography#security#security-critical-infrastructure#DevSecOps

• KMS/HSM Threat Models: When 'Managed' Doesn't Mean 'Safe'

  November 1, 2018 · 4 min — #research-notes#cryptography#security#security-critical-infrastructure#DevSecOps

• Multi-Tenant Isolation: Crypto Boundaries vs Kernel Boundaries

  October 1, 2018 · 4 min — #research-notes#cryptography#security#security-critical-infrastructure#DevSecOps

• Cryptographic Agility: Designing for the Algorithm You Haven't Met Yet

  September 1, 2018 · 4 min — #research-notes#cryptography#security#security-critical-infrastructure#DevSecOps

• Logging for Forensics: Tamper Evident Event Pipelines

  August 1, 2018 · 4 min — #research-notes#cryptography#security#security-critical-infrastructure#DevSecOps

• TLS Beyond Defaults: Ciphersuites, ALPN, and Operational Reality

  July 1, 2018 · 4 min — #research-notes#cryptography#security#security-critical-infrastructure#DevSecOps

• Secure Firmware Updates: Signed Manifests and Rollback Protection

  June 1, 2018 · 4 min — #research-notes#cryptography#security#security-critical-infrastructure#DevSecOps

• Side Channels: Constant-Time, Cache Attacks, and Real Threat Models

  May 1, 2018 · 4 min — #research-notes#cryptography#security#security-critical-infrastructure#DevSecOps

• Hardware Roots of Trust: TPM, Secure Boot, and Attestation

  April 1, 2018 · 4 min — #research-notes#cryptography#security#security-critical-infrastructure#DevSecOps

• Secrets vs Capabilities: Token Design in Microservices

  March 1, 2018 · 4 min — #research-notes#cryptography#security#security-critical-infrastructure#DevSecOps

• Key Management at Scale: Rotation, Audit, and Blast Radius

  February 1, 2018 · 4 min — #research-notes#cryptography#security#security-critical-infrastructure#DevSecOps

• PKI as an Operating System: Certificates, Policies, and Expiration

  January 1, 2018 · 4 min — #research-notes#cryptography#security#security-critical-infrastructure#DevSecOps

• A Minimal TLA+ Workflow for Distributed Protocols

  December 1, 2017 · 4 min — #research-notes#distributed-systems#protocol-design#resilience#Rust

• Designing for Network Partitions: Degraded Modes That Still Make Sense

  November 1, 2017 · 4 min — #research-notes#distributed-systems#protocol-design#resilience#Rust

• Rate Limiting and Fairness: Protecting Critical Paths

  October 1, 2017 · 4 min — #research-notes#distributed-systems#protocol-design#resilience#Rust

• Queues & Streams: Exactly-Once Semantics Without Lying to Yourself

  September 1, 2017 · 4 min — #research-notes#distributed-systems#protocol-design#resilience#Rust

• Geo-Replication: Latency Budgets and Cross-Region Failure Modes

  August 1, 2017 · 4 min — #research-notes#distributed-systems#protocol-design#resilience#Rust

• Gossip & Epidemic Dissemination: Fast, Probabilistic, and Weird

  July 1, 2017 · 3 min — #research-notes#distributed-systems#protocol-design#resilience#Rust

• Transactions: 2PC, 3PC, and Coordinators You Can't Trust

  June 1, 2017 · 3 min — #research-notes#distributed-systems#protocol-design#resilience#Rust

• Consistency Models: Linearizability, Serializability, and What You Actually Need

  May 1, 2017 · 4 min — #research-notes#distributed-systems#protocol-design#resilience#Rust

• Membership & Reconfiguration: Changing the Set Without Breaking Safety

  April 1, 2017 · 3 min — #research-notes#distributed-systems#protocol-design#resilience#Rust

• BFT from First Principles: Safety, Liveness, and Quorums

  March 1, 2017 · 4 min — #research-notes#distributed-systems#protocol-design#resilience#Rust

• Consensus Under Partial Synchrony: From Paxos to Raft

  February 1, 2017 · 4 min — #research-notes#distributed-systems#protocol-design#resilience#Rust

• State Machine Replication: Log Design, Snapshots, and Compaction

  January 1, 2017 · 3 min — #research-notes#distributed-systems#protocol-design#resilience#Rust

• Security vs Reliability: When the Same Bug Has Two Names

  December 1, 2016 · 4 min — #research-notes#protocol-design#correctness#formal-methods#Rust

• Reproducible Builds: Trusting Artifacts in a Hostile World

  November 1, 2016 · 4 min — #research-notes#protocol-design#correctness#formal-methods#Rust

• Observability as Specification: SLOs, Error Budgets, and Contracts

  October 1, 2016 · 4 min — #research-notes#protocol-design#correctness#formal-methods#Rust

• Fault Injection: Turning Unknown Unknowns into Test Cases

  September 1, 2016 · 4 min — #research-notes#protocol-design#correctness#formal-methods#Rust

• Memory Models and Concurrency: Reasoning About Races

  August 1, 2016 · 4 min — #research-notes#protocol-design#correctness#formal-methods#Rust

• Crash Consistency: Durable State Without Mysticism

  July 1, 2016 · 4 min — #research-notes#protocol-design#correctness#formal-methods#Rust

• Cryptographic Hygiene: Domain Separation, KDFs, and Context Binding

  June 1, 2016 · 4 min — #research-notes#protocol-design#correctness#formal-methods#Rust

• Threat Modeling for Engineers: Assumptions as Interfaces

  May 1, 2016 · 4 min — #research-notes#protocol-design#correctness#formal-methods#Rust

• Time Is a Lie: Clocks, Causality, and Ordering

  April 1, 2016 · 4 min — #research-notes#protocol-design#correctness#formal-methods#Rust

• Backpressure as a Correctness Property: Stability Under Load

  March 1, 2016 · 4 min — #research-notes#protocol-design#correctness#formal-methods#Rust

• Idempotency Everywhere: Designing Safe Retries in Distributed APIs

  February 1, 2016 · 4 min — #research-notes#protocol-design#correctness#formal-methods#Rust

• Protocol State Machines: Invariants, Events, and Recovery

  January 1, 2016 · 4 min — #research-notes#protocol-design#correctness#formal-methods#Rust