NumberWorld

Detecting primes in deterministic polynomial time was a goal for hundreds of years. In 2002, a major breakthrough occurred in number theory: for the first time, a proof was published showing how to determine, in deterministic polynomial time, whether a given integer $n$ is prime. The resulting method is now known as the AKS algorithm , named after its authors Agrawal, Kayal, and Saxena. For their work, they received two major international awards: the Gödel Prize and the Fulkerson Prize. Of course, even before 2002, finding large prime numbers was far from hopeless. In fact, the algorithms used in practice today are essentially the same as those used before AKS, because they are extremely efficient. However, before AKS, all known efficient primality tests had one of the following drawbacks:

In this post I want to revisit an observation from years ago that seems to address K4 directly. It begins with a simple experiment: split the K4 ciphertext at every W . Once you do that, an unexpected frequency pattern emerges. A related discussion can be found in [1] For a quick introduction, I put together a short video that explains the basic idea behind this “W-splitting” approach. Video: Overview of the W-Splitting phenomenon

Jailbreaking ChatGPT’s Filters: How Far Can Clever Prompting Go? Modern AI systems have sophisticated guardrails designed to block copyrighted material, harmful content, and sensitive data. But how strong are these defenses really? For years I’ve been fascinated by where these filters actually operate — on the input, during reasoning, or on the final output? This isn’t about breaking laws. It’s about understanding the limits of current alignment techniques. Can you trick the AI to output content that should actually behind some filter wall? By a happy coincidence, since i am a big fan of Quanta Magazine, i stumbled over a nice related article for a few weeks [1] which influence this post.

Most broken cryptosystems do not fail because the underlying mathematics is wrong. They fail because a seemingly harmless implementation choice quietly destroys the hard problem the scheme was supposed to rely on. In this post, I show three examples of exactly that: a Diffie–Hellman setup with weak primes, a matrix-based variant that leaks the exponent through Jordan blocks, and an elliptic-curve implementation that skips the point-on-curve check and can be tricked onto a malicious curve. None of these failures look dramatic at first glance. That is exactly why they are dangerous.

There are some arguments that the Dorabella Cipher is actually not a real cipher, which are based on the existence of long strings of consecutive symbols with pair-wise different number of semi-circles. Using theory and practise i will show that this is actually not as suspicious as it may seem but it indeed maybe a hint that something is fishy. T here’s an argument that the Dorabella Cipher may not be a real cipher at all. The main reason given is that it contains long stretches where the number of semicircles alternates: adjacent symbols never have the same semicircle-count. In this post I’ll test whether that pattern is actually as suspicious as it sounds.The Dorabella Cipher has remained unsolved for about 130 years. While looking for recent discussion and solution attempts, I went well beyond the first page of Google results and found several excellent deep-dive blogs. One post on ...

In this article, we demonstrate a subtle but devastating backdoor in finite-field Diffie–Hellman. By computing public keys modulo $p^2$ instead of $p$ while restricting the secret exponent to $x \leq p-1$, the discrete logarithm becomes efficiently recoverable using Fermat quotients. We show the full derivation and provide a working Sage implementation. Backdoors are always bad — but they are catastrophic when they are embedded in a fundamental primitive like Diffie–Hellman key exchange. If your browser shows a green lock, you assume your connection is secure. But what if the implementation of Diffie–Hellman contains a tiny change that looks harmless in code review — and yet allows an attacker to recover the private exponent in milliseconds? In this post I’ll show a nasty little backdoor that requires only a tiny modification: using a modulus of $p^2$ instead of $p$, while keeping the secret exponent bounded by $p$ This ...

For decades, elliptic curves were regarded as beautiful but highly theoretical objects. While elliptic curves over finite fields naturally form groups, one fundamental problem remained computationally difficult: counting points on elliptic curves . In particular, determining the exact size of the group \( E(\mathbb{F}_p) \) was infeasible for general curves. Before the mid-1980s, counting points on elliptic curves was practical only for very special families, such as curves with complex multiplication. This severely limited their cryptographic applications. Early public-key cryptography therefore relied instead on multiplicative groups of finite fields, where the group order is easy to compute. Everything changed with Schoof’s algorithm. For the first time, it showed that counting points on elliptic curves over finite fields can be done in polynomial time. This breakthrough removed a major barrier to using elliptic curves in cryptography. Today, efficient point coun...