On This Page

Crypto attacks and defenses

Jean-Philippe Aumasson and Philipp Jovanovic | December 4 - 5


This 2-day training will teach you how to identify and exploit crypto vulnerabilities and how to use the strongest forms of state-of-the-art cryptography to secure modern systems (like IoT or mobile applications). Beyond that it will also bring you up to speed on the latest and greatest developments in the world of cryptography, such as TLS 1.3, blockchains, and post-quantum crypto.

During the lectures you'll acquire a solid knowledge of the fundamentals, from randomness over authenticated encryption to timing attacks, and you will learn how cryptography is used in applications such as secure messaging protocols or blockchain systems. Throughout the course, we'll give examples of real-world failures and how they could have been avoided.

The hands-on sessions will put into practice the notions and tools encountered previously and you will be challenged to find, exploit, and fix vulnerabilities in cryptographic software. The tasks will consist of a mix of made up problems and examples of real vulnerabilities found in widely deployed systems.

Both trainers have a PhD in cryptography and have found vulnerabilities in major cryptographic software (TLS implementations, industrial systems, secure messaging applications, etc.).

This is the tentative program, which may be slightly adapted based upon participants' requests:

Day 1, morning: lectures

  • Ciphers, key agreement protocols, and security models; the foundations of everything that follows
  • Randomness and pseudo-randomness, with numerous examples of bugs
  • Elliptic-curve cryptography, the pros and the cons
  • Quantum and post-quantum cryptography, what these all mean, and why should you care

Day 1, afternoon: hands-on

  • Exercises: breaking a weak PRNG, exploiting implementation flaws, dissecting a protocol, etc.

Day 2, morning: lectures

  • Crypto libraries and APIs, their strengths and their side-channel vulnerabilities
  • Attacks on RSA and RC4, classic vulnerabilities still observed in the wild
  • Secure messaging, an example of a state-of-the-art scalable crypto protocol
  • Password security, how to get it right
  • Blockchain technologies and how crypto makes them secure

Day 2, afternoon: hands-on

  • Exercises: finding bugs in famous crypto applications and libraries, etc.

Who Should Take this Course

This training is suitable to any security professional or security-minded developer who's got at least some basic understanding of cryptography. You should know the difference between public-key cryptography and secret-key cryptography, but you don't need to know how the general number field sieve algorithm is working, for example. We'll focus on the security of software implementations as opposed to hardware implementations, hence software people will get more of it than hardware people.

Student Requirements

Familiarity with Python code, since many exercises will be in Python.

What Students Should Bring

A laptop with Virtualbox or VMWare hypervisor, in order to run our virtual machine image.

What Students Will Be Provided With

Slides, code of exercises, solutions to exercises (after the training).


Jean-Philippe (JP) Aumasson is Principal Research Engineer at Kudelski Security, in Switzerland. He designed the popular cryptographic functions BLAKE2 and SipHash, and the new authenticated cipher NORX. He has spoken at Black Hat, DEFCON, RSA, CCC, SyScan, Troopers. He initiated the Crypto Coding Standard and the Password Hashing Competition projects, co-wrote the 2015 book "The Hash Function BLAKE", and will release a new cryptography book in 2017 for a wider audience. JP tweets as @veorq.

Philipp Jovanovic is a cryptographer and post-doctoral researcher at the École Polytechnique Fédérale de Lausanne (EPFL), in Switzerland. He designed several cryptographic algorithms such as the authenticated ciphers NORX, OPP, and MRO, and he is involved in the development of the cothority framework for scalable, decentralized, cryptographic protocols. His research is published regularly at top crypto/security conferences such as USENIX Security, EUROCRYPT, IEEE S&P, CT-RSA, or ASIACRYPT, and he is also frequently active at non-academic conferences like the Chaos Communication Congress. Philipp tweets as @daeinar.