Real World Crypto 2026

Last week, I had the pleasure of presenting at Real World Crypto 2026 in Taipei, Taiwan. It was a great RWC in a great place. In this postm I summarize my talk, experience, and takeaways. Plus, at the end, you will find photos of Taipei from my hike to 9-5 peak.

The talk#

I presented our work on security by obscurity in secure hardware (see the slides). Compared to cryptographic theory, which features open design, review, competitions, and sometimes even security proofs, the secure hardware space is very secretive. There is almost no documentation. Much interesting information is gated behind non-disclosure agreements, which dissuade the sort of open work we do as academics and security researchers. Finally, even getting access to newer samples is hard, as they are a controlled object.

CHES 2025 - ECTester & DOIT

Recently, I presented our work on Let’s DOIT: Using Intel’s Extended HW/SW Contract for Secure Compilation of Crypto Code at CHES 2025 in the hot and humid Kuala Lumpur, Malaysia. The slides are available.

My colleague Vojta also presented exciting joint work, episode 2 of our reverse-engineering trilogy: ECTester: Reverse-engineering side-channel countermeasures of ECC implementations. The slides are available.

Few things for future reference on visiting conferences in Malaysia:

CHES 2024 - pyecsca paper

I recently attended CHES 2024 and presented a paper on pyecsca: Reverse engineering black-box elliptic curve cryptography via side-channel analysis. Check it out on our site. The slides are available.

While out in Halifax, we decided to enjoy Nova Scotia and went on a road trip. Some tips:

Peggy’s cove: Kind of cool to cycle through, but not that amazing on its own. Expect lots of tourists.
Hopewell rocks: Check the tides and the walk around is definitely worth it.
Cape Breton Highlands: Nice hikes in very remote areas.

CHES 2023 - pyecsca

I recently attended CHES 2023 and presented a work-in-progress poster on pyecsca: Reverse-engineering elliptic curve cryptography implementations via side-channel analysis. Check it out below and also on GitHub.

From Vulnerability to Impact - Automatically Analyzing the Security Certifications Landscape

I recently presented an updated version of the RedHat Research Day talk on analyzing the security certifications landscape. It has more cool results, and also memes. The slides are available.

Red Hat Research Day 2022

I recently presented joint work with Petr Švenda, Adam Janovský, Jiří Michalík and Stanislav Boboň on analyzing the security certifications landscape at Red Hat Research Day 2022. The slides are available. The web frontend to our open-source tool is over at seccerts.org. Thanks to Red Hat Research for the opportunity as well as Red Hat employees that are cooperating in this research.

Real World Crypto 2022 & IEEE SP 2022

I recently presented the paper “They’re not that hard to mitigate”: What Cryptographic Library Developers Think About Timing Attacks on Real World Crypto 2022 and IEEE Security & Privacy 2022. If you want to get more info on the paper including a pre-print and additional material, check out its page. The RWC slides are available as well as the IEEE S&P slides.

CHES 2020 - Minerva: The curse of ECDSA nonces

I recently presented our work on the Minerva group of vulnerabilities on the Cryptographic Hardware and Embedded Security conference. Our joint work with Vladimir Sedlacek, Petr Svenda and Marek Sys received the CHES 2020 Best Paper Award . The slides for the short conference talk can be found here.

Workshop on Elliptic Curve Cryptography 2019 - Minerva

I gave a short talk during the rump session at the 23rd Workshop on Elliptic Curve Cryptography highlighting some interesting aspects of the Minerva attack. The slides can be found here.

SummerSchool on real-world Crypto 2019 - JavaCards

I gave a lightning talk during the student session of the 2019 SummerSchool on real-world Crypto and Privacy in Šibenik, Croatia, focusing on the research into JavaCard and smart-card security that is performed at CRoCS, the slides can be found here.