Tech
Scientists develop end-to-end encryption for git services
From large technology corporations to startups, from computer science students to indie developers, using git services is as common as opening a word document is for most of the rest of us. Git services are online repositories, indispensable in the IT industry, that manage and store projects that may contain sensitive information or trade secrets such as emerging artificial intelligence models.
However, this makes git services vulnerable to frequent cybersecurity threats. There is also the risk of malicious code being inserted into existing projects without the developer’s knowledge.
University of Sydney researchers are part of a team that have developed end-to-end encryption that can be deployed to protect git services. The encryption is compatible with existing git platforms such as Github and Bitbucket. When it is deployed, the researchers say, it will align seamlessly for storage and the time it takes for data to be synchronized among devices and git servers.
Initial testing on existing git services and public repositories (data sources available for researchers to test algorithms) has been successful.
“Privacy and security of software code has long been a concern for industry and individual users that rely on git services,” said one of the lead developers Associate Professor Qiang Tang, from the School of Computer Science, Faculty of Engineering. “Just like we want our messages to be private and safe, the IT industry also wants their code to be protected. End-to-end encryption is currently the gold standard to protect data.”
End-to-End encryption works by securing data from start to finish, meaning the data sent is protected from the source to the destination, even if the service platform is hacked. It is currently used in messaging services such as WhatsApp.
The researchers say the threat of security breaches to git services is becoming more commonplace. Earlier in the year cryptocurrency exchange CoinBase was a target. In 2022 Okta had source code stolen.
But Associate Professor Tang says current efforts on git security are not strong enough and with large overheads, which means when a significant amount of computational resources such as processing time, bandwidth, or storage is being used.
The researchers hope to introduce the code to git services for widespread use or intend to make it open source. The results will be presented at the ACM Conference on Computer and Communications Security in October.
Collaborator Moti Yung, distinguished research scientist from Google, said that this was an excellent opportunity to protect the git services system and its users.
“The evolution of computing ecosystems always start with a new utility designed for trusted entities: the internet, the mobile networks, chat apps, and so on.
“Therefore, due to these utilities maturing and expanding, one has then to deal with less trusted and malicious players within the ecosystem. git services, enabling collaborations and version control among participants also started without thoroughly taking care of potential bad players, and the system proposed now is a necessary step to its maturity.”
Creating the security box for the world’s code and the rising demand for end- to-end security online
Imagine git services as a giant word document where countless people can write, edit and update content, but for computer code.
“What makes git services such as Github indispensable is their ability to host a large number of collaborators working on the same coding project at the same time, without losing any efficiency,” said Associate Professor Tang. “However, this advantage is also an obstacle that prevented git services from getting end-to-end encryption.”
When you use a messaging service, the content or text remains relatively unchanged, or the edits will be very minor.
But in GitHub, countless lines of code are being written, edited and updated constantly at a such a rapid rate, standard end-to-end encryption cannot keep up. It would constantly need to refresh to encrypt new versions.
“It’s a balancing act—keep the code safe but not where it impacts the user’s computer so much that it becomes a hindrance,” Tang added.
The research team was able to achieve this balance with a tradeoff—by using only small bits of computational power at a time to significantly reduce the level of communication and storage needed. Specifically, using character-level encryption where only edits are treated as new data to be encrypted and appended (added to an existing data collection). In this way, the pressure on computational resources becomes minimal.
Another way of putting it is if you removed a word from a sentence in a document, the code would recognize that and encrypt the change, instead of encrypting the entire document.
By doing this, it would save a large amount of bandwidth and storage otherwise used on each entire new version of the code.
Co-author Dr. Ya-Nan Li from the University of Sydney said another challenge was to identify the necessary security requirements, which at times could be subtle. For example, when to enable the tracking and public verification of the source of all edits.
“With addressing this issue, it leaves the git server vulnerable to the potential injection of malicious code and sometimes can even directly hinder confidentiality,” said Dr. Li.
More information:
Ya-Nan Li et al, End-to-End Encrypted Git Services, (2025). DOI: 10.1145/3719027.3744815. eprint.iacr.org/2025/1208
Citation:
Scientists develop end-to-end encryption for git services (2025, October 7)
retrieved 7 October 2025
from https://techxplore.com/news/2025-10-scientists-encryption-git.html
This document is subject to copyright. Apart from any fair dealing for the purpose of private study or research, no
part may be reproduced without the written permission. The content is provided for information purposes only.
I was delighted to see that the Acer Chromebook Plus 516 didn’t skimp on a crappy touchpad. That goes a long way toward improving the experiencing of actually using the laptop on a moment-by-moment basis. I wasn’t annoyed every time I had to click-and-drag or select a bit of text. This one’s biggest weakness is definitely the screen, which is true of just about every cheap Chromebook I’ve tested. The colors are ugly and desaturated, giving the whole thing a sickly green tint. It’s also not the sharpest in the world, as it’s stretching 1920 x 1200 pixels across a large, 16-inch screen. But in terms of usability and performance, the Acer Chromebook Plus 516 is a great value, combining an Intel Core i3 processor with 8 GB of RAM and a 128 GB of storage. For a Chromebook that’s often on sale for $350, it’s a steal.
While we’re here, let’s go even cheaper, shall we? Asus has two dirt-cheap Chromebooks that I tested last year that I was mildly impressed by. The Asus Chromebook CX14 and CX15. Notice in the name that these are not “Chromebook Plus” models, meaning they can be configured with less RAM and storage, and even use lower-powered processors. That’s exactly what you get on the cheaper configurations of the CX14 and CX15, which is how you sometimes get prices down to as low as $130. I definitely recommend the version with 8 GB of RAM, but regardless of which you choose, the both the CX14 and larger CX15 are mildly attractive laptops. You’d know that’s a big compliment if you’ve seen just how ugly Chromebooks of this price have been in the past.
With these, though, I appreciate the relatively thin bezels and chassis thickness, as well as the larger touchpad and comfortable keyboard. The CX15 even comes in a striking blue color. The touchpad isn’t great, nor is the display. Like the Acer Chromebook Plus 516, it suffers from poor color reproduction and only goes up to 250 nits of brightness. It only has a 720p webcam too, which makes video calls a bit rough. But that’s going to be true of nearly all the competition (and there isn’t much).
Of the two models, I definitely prefer the CX14 though, as it doesn’t have a numberpad and off-center touchpad, which I’ve always found to be awkward to use. Look—no one’s going to love using a computer that costs the less than $200, but if it’s what you can afford, the Asus Chromebook CX14 will at least get you by without too much frustration.
Whatever you do, don’t just head over to Amazon and buy whatever ancient Chromebook is selling for $100 for your kid. It’s worth the extra cash to get something with better battery life, a more modern look, and decent performance.
Other Good Chromebooks We’ve Tested
We’ve tested dozens and dozens of Chromebooks over the past years, having reviewed every major release across the spectrum of price. Unlike Macs and Windows laptops, Chromebooks tends to stick around a bit longer though, and aren’t refreshed as often. I stand by my picks above, but here are a few standouts from our testing that are still worth buying for the right person.
Photograph: Daniel Thorp-Lancaster
Tech
Interview: Critical local infrastructure is missing link in UK cyber resilience | Computer Weekly
Critical local infrastructure that supports council services, social care services and local transport in the UK is falling through the gaps in government and business planning for cyber resilience, claims Jonathan Lee, director of cyber strategy at cyber security company TrendAI.
In an interview with Computer Weekly, Lee says that municipal areas, such as London or Greater Manchester, could be at risk from multiple cyber attacks that could damage local infrastructure, causing escalating problems for residents that could add up to severe disruption.
“We need to be thinking about what would happen if multiple attacks happened at the same time across the city region – and the human impact of not being able to do your job properly, not being able to travel around and not being able to deliver public services,” he says.
The Cyber Security and Resilience Bill (CSRB), which is currently going through Parliament, aims to ensure that critical national services, such as healthcare, water, transport and energy, are protected against cyber attacks that cost the economy billions of pounds a year. But local infrastructure has been relatively neglected, claims Lee.
The National Cyber Security Centre’s (NCSC) Cyber Assurance Framework, for example, aims to help operators of critical national infrastructure (CNI) demonstrate a base level of cyber security preparedness – but it is not mandatory, and not every organisation that should implement it is implementing it.
Whole of society risk
“We need to be more stringent in making sure that people are taking this seriously and are looking not just at their own organisation, but are looking at the whole of society risk,” says Lee.
Attacks on public services, such as council-run social care, can have a catastrophic, knock-on effect on the NHS and patient care, he adds.
There is a need for more “top-down” advice for regional infrastructure providers, from organisations such as the NCSC, which is not as well known as it could be among the companies and public sector bodies that provide local infrastructure.
“The message has got to be diffused down into local levels to ensure that a consistent message is spread out, and that can also be through industry partners. That is something I feel quite strongly about,” says Lee.
The Cyber Essentials programme, which has been updated to include new requirements for organisations to use multifactor authentication (MFA), and requirements for cloud providers to patch vulnerabilities within 14 days, has helped build resilience, but only for organisations that choose to adhere to it.
Keeping the resilience score
The UK government is also intending to publish a Cyber Action Plan in the coming months, which will guide organisations to get basic security right and improve their cyber security over time.
Although there is no shortage of initiatives and action plans, there is a danger that many of these plans will be left on a shelf.
One approach is for organisations to rate themselves on a scorecard for cyber resilience, on a scale of, say, 1 to 100, and to report their progress back to board-level directors.
“We need a mechanism to measure how impactful these interventions are, whether it be things like the Cyber Assessment Framework, Cyber Essentials or legislation,” says Lee.
Two of Big Tech’s most influential billionaires, Sam Altman and Elon Musk, will go head-to-head in a highly anticipated trial beginning April 27. In Musk v. Altman, a judge, advised by a jury, will ultimately determine whether OpenAI has strayed from its founding mission to ensure that artificial general intelligence (AGI) benefits humanity, and the ruling could influence how the world’s leading AI developer controls and distributes its technology. For now, you can learn more about the trial here.
On the Panel
On May 8, a panel of WIRED experts will go live to answer your questions about this consequential case.
- Zoë Schiffer: WIRED’s director of business and industry, who oversees coverage of business and Silicon Valley.
- Maxwell Zeff: a senior writer at WIRED covering the business of artificial intelligence. He writes the weekly Model Behavior newsletter, which focuses on the people, communities, and companies behind Silicon Valley’s AI scene.
- Paresh Dave: a senior writer at WIRED covering the inner workings of Big Tech companies. He writes about how apps and gadgets are built and about their impacts while giving voice to the stories of the underappreciated and disadvantaged.
Ask a Question
Submit all your burning questions about this historic legal battle at WIRED’s next, subscriber-only livestream scheduled for May 8 at noon ET / 9 PT. To leave questions in advance as the trial unfolds, head to the comment section below.
Become a Subscriber
The event will be streamed right here. For subscribers who are not able to join, a replay of the livestream will be available after the event. Not a subscriber yet? Subscribe now to get access to this livestream, plus full access to WIRED.
In the meantime, check out past livestreams on Big Tech and the military, the future of electric vehicles, and more.
Cambodia & Canada discuss strengthening economic ties
Trump administration in advanced talks for a rescue package for Spirit Airlines, source says
Iran war: Trump sanctions waiver or not – why India continues to buy Russian oil – The Times of India
-
Fashion6 days agoFrance’s LVMH Q1 revenue falls 6%, shows resilience amid Iran war
-
Entertainment1 week agoIs Claude down? Here’s why users are seeing errors
-
Sports1 week agoPSL 11: Peshawar Zalmi win toss, opt to field first against Quetta Gladiators
-
Tech1 week agoThe Deepfake Nudes Crisis in Schools Is Much Worse Than You Thought
-
Tech1 week agoBremont Is Sending a Watch to the Moon’s Surface
-
Tech1 week agoHuman-machine teaming dives underwater
-
Business1 week agoBP sees ‘exceptional’ oil trading result as Iran war sends crude costs soaring
-
Fashion1 week agoWhat no one is saying about the 2026 apparel slowdown