Crypto Attacks and Defenses 2-Day Crypto Attacks and Defenses

26 November 2018 - 27 November 2018
Hosted by
Seaport Conference Center
459 Seaport Ct, Redwood City, CA 94063
View on Google Maps
JP Aumasson and Philipp Jovanovic

Course Description

Students who finish the training will get a certificate of completion.

The 2-day training Crypto Attacks and Defenses by Jean-Philippe Aumasson and Philipp Jovanovic will familiarize developers and security professionals of any level with modern cryptography concepts and best practices, such as randomness generation, symmetric and asymmetric encryption, hash functions, and protocols. After covering the basics, we introduce the latest applications and innovations in cryptography, such as TLS 1.3, quantum and post-quantum cryptography, or blockchain applications.

The class is

  • Practice-oriented: Lectures present real-world failures and by analyze how they could have been avoided, and exercise sessions consist of a mix of made-up problems and examples of real vulnerabilities found in widely deployed systems.

  • Offense-oriented: Participants put into practice the notions and tools encountered during the lectures by being challenged to find, exploit, and fix vulnerabilities in cryptographic software.

  • Interactive: We encourage participants to ask questions about the topics presented or even other topics, which usually leads to interesting discussions.

This class was previously taught at events including Troopers, Black Hat Europe, and in private sessions for organizations including Google.


This training is suitable to any security professional or security-minded developer who has at least some basic understanding of cryptography. You should know the difference between public-key cryptography and secret-key cryptography, but you don’t need to know how the general number field sieve algorithm is working, for example. We’ll focus on the security of software implementations as opposed to hardware implementations, hence software people will get more of it than hardware people.


Both trainers hold PhDs in cryptography and have in combination more than 15 years of experience in designing cryptosystems and in finding vulnerabilities in real-world applications, including critical industrial systems. The trainers are also experienced speakers due to regular presentations of their latest research at IT security and cryptography conferences all around the world.

Topics Covered During the Course

Cryptography, cryptanalysis, randomness, block ciphers, stream ciphers, hash functions, authenticated encryption, elliptic curve cryptography, vulnerability research, secure messaging, TLS, password hashing, post-quantum cryptography, blockchains, Bitcoin.

Course Outline

Day 1, morning: lectures (~4h)

  • Secure randomness generation
    • What is randomness?
    • The notion of entropy
    • Random number generators and the differences between TRNGs, PRNGs, and DRBGs
    • Implementations of random number generators in Linux, MacOS, and Windows
    • Testing PRNGs
  • Cryptography basics
    • Symmetric cryptography: DRBGs, hash functions, PRFs, MACs, block/stream ciphers, block cipher modes, authenticated encryption)
    • Asymmetric cryptography: key agreement protocols, signing schemes, public key encryption systems
    • Security notions, attack models, protocols
  • Elliptic-curve cryptography
    • Different curve shapes (Weierstrass, Montgomery, Edwards, twisted Edwards forms)
    • Mathematical operations on elliptic curves (addition, scalar multiplication, point counting)
    • The Curve25519 curve
    • The elliptic curve discrete logarithm problem
    • ECC-based key agreement, encryption, signing
    • Security / performance comparisons between RSA, classic DL, and ECC-based approaches
    • How to use ECC correctly
  • Quantum and post-quantum cryptography
    • Principles of quantum computing
    • Requirements for building a scalable quantum computer
    • Impact on public-key and private-key cryptography
    • Post-quantum crypto: types of constructions, example of hash-based signatures

Day 1, afternoon: exercises (~4h)

  • Entropy evaluation
  • Analysing the security properties of the Lorawan IoT protocol
  • Breaking a weak PRNG, hash function, and RSA-based system
  • Implementing basic ECC-based schemes (DH, DSA, ElGamal)

Day 2, morning: lectures (~4h)

  • Side-channel attacks
    • What are side-channels?
    • Timing and cache-timing attacks
    • Oracle attacks (Bleichenbacher and Manger attacks on RSA, CBC padding oracle)
    • Bug attacks and optimization attacks
  • Cryptography libraries
    • Most common libraries (OpenSSL, NaCl, sodium, etc.)
    • Comparison of strengths and limitations in terms of security, speed, or license
    • Key lengths
  • Transport layer security (TLS)
    • History overview
    • Comparison between TLS 1.2 and TLS 1.3
    • Overview on TLS attacks
    • How to check / secure TLS servers
  • Secure messaging
    • Differences between synchronous and asynchronous messaging
    • Security goals
    • The Signal protocol, its strengths limitations
    • Non-cryptographic risks
  • Bitcoin and blockchain technologies
    • How does Bitcoin work?
    • What are blockchains?
    • Double spending attacks
    • Proof-of-work schemes
    • Nakamoto consensus

Day 2, afternoon: exercises (~4h)

  • Analysing the output of randomness generators
  • CBC oracles
  • Breaking the authenticated encryption cipher in the open smart grid protocol
  • Analysing a bug in the DH code of libsodium
  • Decrypting ciphertexts by exploiting a flawed PRNG

Class Requirements

Participants should have some familiarity with common programming languages such as C and Python. This course is suitable for people who are new to cryptography and IT security. All the theory and concepts related to cryptography and cryptanalysis are explained during the course.

What to Bring

A notebook capable running a VMWare or Virtualbox hypervisor, in order to run our virtual machine image containing the exercises.


$2200 (until October 29th)
$2900 (after October 29th)
Cancellation requests by paid registrants must be made at least 45 days before the event and may be subject to an administration fee. In the event of course cancellation by the trainer, students may choose to attend an alternate course (space pending) or receive a full refund.

Pay by Credit Card

Pay by Check/Wire or
Request a Group Discount

Group discounts are available for 3 or more registrations.
Request Invoice

Onsite Training

Can't make it? Our trainings are also available at a location of your choice.
Request an Onsite Quote