Real World Crypto 2021 - Session 1: Secure Channels
RWC2021 · Real World Crypto
Session video
Felix Guenther (KU Zurich) / Robust Channels: Handling Unreliable Networks in the Record Layers of QUIC and DTLS 1.3 paper video slides
(no notes taken)
Robert Merget (Ruhr Uni, Bochum) / Raccoon Attack: Finding and Exploiting Most-Significant-Bit-Oracles in TLS-DH(E) paper video slides
Raccoon attack talk interesting. Moral of story is, don’t strip leading zero bytes as it can lead to timing side-channel attacks based on the runtimes of hash functions.
Like all TLS vulnerabilities it has its own website: raccoon-attack.com
There’s a scanning tool you may use to determine if your site is vulnerable: TLS-Scanner.
Julia Len (Cornell) / Partitioning Oracle Attacks paper video slides
Several possible Partitioning Oracles mentioned in talk about discovering AEAD keys: one is JOSE. Partitioning attack is possible if non-committing AEAD is used. It isn’t if ‘committing AEAD’ is used, however no standardized non-committing scheme exists yet.
Thom Wiggers (Radboud Uni) / *PQ-TLS without handshake signatures *paper video slides
Experimentation was done with Cloudflare who have extended the Go standard library TLS implementation - KEMTLS branch of cloudflare/go
Levchin Prize Winners
The Levchin Prize (funded by Max Levchin) is awarded every year at RWC to honour significant contributions to cryptography. Usually one is awarded to recognize a past achievement and the other one to a team responsible for something more current.
- Victor Miller and Neal Koblitz for the invention of Elliptic-Curve Cryptography
- The TOR project represented by Roger Dingledine