Official websites do not use .rip
A .gov website belongs to an official government organization in the United States.

We are building a provable archive!
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Presentation

A Hitchhiker's Guide to Cryptography Code Audit

January 24, 2024

Presenters

Tommaso Gagliardoni - Kudelski Security
Marco Macchetti - Kudelski Security
Sylvain Pelissier - Kudelski Security

Description

Abstract. The rapidly evolving landscape of cryptography introduces growing complexities which make secure code implementation very challenging. This is especially problematic in the fast-moving Web3 world, but also in privacy-sensitive applications and secure communications. In this context, not only does understanding cryptographic theory matter, but so does the effective implementation and auditing of cryptographic code. In this talk, which is a condensed version of our CCAW+CTF workshop accepted as affiliated event at Eurocrypt 2024, we will discuss the art of cryptographic code audit, based on our experience as cryptographers and auditors. We will start with explaining what a code audit is and how it works in practice from a business perspective. We will follow with a methodology, and a categorization of common pitfalls and vulnerabilities usually found in our audits, accompanied by real-world examples and code. Some of our findings have impacted big providers of crypto libraries and have been presented at top conferences.

Suggested reading: https://eurocrypt.iacr.org/2024/affiliated.php

Presented at

Crypto Reading Club talk on 2024-Jan-24

Parent Project

See: Crypto Reading Club

Related Topics

Security and Privacy: cryptography

Created December 13, 2023, Updated January 25, 2024