Stanford Seminar - Bugs in Crypto Implementations

Explore the intricacies of cryptographic implementation bugs in this Stanford seminar. Delve into authenticated encryption, examining generic compositions and key constructions. Investigate nonces, associated data, and desirable properties in cryptographic systems. Analyze real-world implementation mistakes, including the Apple RNCryptor.v1 and checksum-MAC in WEP. Understand the chopchop attack and its implications. Examine signcryption in public-key settings, focusing on one-round-trip mutual authenticated key exchange. Uncover the beautiful mistake in iMessage's simplified implementation and extract valuable lessons from these case studies. Gain insights into the challenges and pitfalls of implementing secure cryptographic systems in this informative 36-minute lecture.

Introduction.
A basic question.
Answer: authenticated encryption.
Constructions Generic composition encrypt-then-MAC key = (kana kmal).
Nonces and associated data.
Many more desirable properties.
Lots of viable constructions.
Implementation mistakes.
Example 1: Apple RNCryptor.v1 [2013].
Why is this a problem?.
Example 2: checksum-MAC (abstract WEP).
The chopchop attack (abstractly).
Signcryption: AE in the pub-key settings [O-RTT mutual authenticated key exchange, for messages] Sender.
A beautiful mistake: iMessage (simplified).
The problem.
Lessons.
Shameless plug ....