Lessons on secure deployment of cryptographic primitives
Elena Bakos Lang and Kevin Henry, NCC Group
The security of cryptographic primitives and protocols is inextricably tied to that of the implementations deployed in the real world. Ensuring that these implementations are as secure as possible is thus a problem at the heart of cryptographic security.
This workshop will introduce common classes of cryptographic vulnerabilities, including improper randomness generation, side-channel attacks, flaws in primitives or protocols, and others, and discuss secure coding practices that can help mitigate them, based on our experiences auditing cryptographic code. This discussion will be complemented by a set of practical exercises to provide experience in spotting insecure constructions. Additionally, as implementation quality is often tied to the quality of the source material, we will present a case study on a recent widely implemented threshold signing protocol where ambiguous or unclear presentation in the academic source material has led to multiple critical implementation vulnerabilities.
This workshop is presented by NCC Group Cryptography Services practice in Waterloo, Ontario.
To attend this program please email us at cryptoworks21@uwaterloo.ca by July 17, 2024.