YoVDO

High-Assurance Crypto Software

Offered By: media.ccc.de via YouTube

Tags

Conference Talks Courses Cryptography Courses Reverse Engineering Courses Software Security Courses Timing Attacks Courses

Course Description

Overview

Explore high-assurance cryptographic software in this 36C3 conference talk. Delve into the challenges of implementing secure cryptographic tools, including software bugs and timing leaks that have compromised various systems. Learn about constant-time software, its importance in preventing timing attacks, and how modern reverse-engineering tools can be leveraged to verify crypto software more easily. Gain insights into the progress and limitations of verified crypto libraries, and understand the need for accelerated advancements in this field. Discover self-contained answers to key questions about timing attacks, constant-time software, and the process of guaranteeing code correctness. Follow along as speakers Daniel J. Bernstein and Tanja Lange cover topics such as square multiply algorithms, constructive approaches, mathematical solutions, proofs, and the limitations of current implementations.

Syllabus

Introduction
Square multiply algorithm
Fixing square multiply
Constant time
Example code
Constructive talk
Math is the solution
Proofs
EverCrypt
Anger
What is missing
Examples
QA


Taught by

media.ccc.de

Related Courses

Practical Side Channel Attacks on Modern Browsers - Lecture 6
YouTube AIS Exposed - Understanding Vulnerabilities and Attacks 2.0
Black Hat via YouTube Building Trusted Systems on Top of Leaky Abstractions
Paul G. Allen School via YouTube On the Insecurity of JavaScript Object Signing and Encryption - AppSec EU 2017
OWASP Foundation via YouTube The Timing Attacks They Are A-Changin' - Web-based and Browser-based Timing Attack Techniques
OWASP Foundation via YouTube