Related papers: The dangerous path towards your own cryptography m…
Recently, various side-channel attacks on widely used encryption methods have been discovered. Extensive research is currently undertaken to develop new types of combined encryption and authentication mechanisms. Developers of security…
Prior research has shown that cryptography is hard to use for developers. We aim to understand what cryptography issues developers face in practice. We clustered 91954 cryptography-related questions on the Stack Overflow website, and…
With the rising popularity of the internet and the widespread use of networks and information systems via the cloud and data centers, the privacy and security of individuals and organizations have become extremely crucial. In this…
Previous studies have shown that cryptography is hard for developers to use and misusing cryptography leads to severe security vulnerabilities. We studied relevant vulnerability reports on the HackerOne bug bounty platform to understand…
Traditionally, "Cryptography" is a benediction to information processing and communications, it helps people to store information securely and the private communications over long distances. Cryptovirology is the study of applications of…
We surveyed 97 developers who had used cryptography in open-source projects, in the hope of identifying developer security and cryptography practices. We asked them about individual and company-level practices, and divided respondents into…
Formal methods have been largely thought of in the context of safety-critical systems, where they have achieved major acceptance. Tens of millions of people trust their lives every day to such systems, based on formal proofs rather than…
Type-two constructions abound in cryptography: adversaries for encryption and authentication schemes, if active, are modeled as algorithms having access to oracles, i.e. as second-order algorithms. But how about making cryptographic schemes…
Securing a secret master key is a non-trivial task, we even argue it is impossible to fully secure it, hence we must make it as difficult as possible for any powerful adversary to steal or use the key. We introduce the reader to interesting…
The methods of quantum cryptography enable one to have perfectly secure communication lines, whereby the laws of quantum physics protect the privacy of the data exchanged. Each quantum-cryptography scheme has its own security criteria that…
The paper explains that post-quantum cryptography is necessary due to the introduction of quantum computing causing certain algorithms to be broken. We analyze the different types of post-quantum cryptography, quantum cryptography and…
Cryptographic libraries, an essential part of cybersecurity, are shown to be susceptible to different types of attacks, including side-channel and memory-corruption attacks. In this article, we examine popular cryptographic libraries in…
In this paper we discuss the difficulties of mounting successful attack against crypto implementations when essential information is missing. We start with a detailed description of our attack against our own design, to highlight which…
Ever since its inception, cryptography has been caught in a vicious circle: Cryptographers keep inventing methods to hide information, and cryptanalysts break them, prompting cryptographers to invent even more sophisticated encryption…
We assess the potential of quantum cryptography as a technology. We highlight the fact that academia and real world have rather different perspectives and interests. Then, we describe the various real life forces (different types of users,…
Due to non-experts also developing security relevant applications it is necessary to support them too. Some improvements in the current research may not reach or impact these developers. Nonetheless these developers use security libraries.…
The DNA cryptography is a new and very promising direction in cryptography research. DNA can be used in cryptography for storing and transmitting the information, as well as for computation. Although in its primitive stage, DNA cryptography…
The remarkably long-standing problem of cryptography is to generate completely secure key. It is widely believed that the task cannot be achieved within classical cryptography. However, there is no proof in support of this belief. We…
We propose a novel approach to improving software security called Cryptographic Path Hardening, which is aimed at hiding security vulnerabilities in software from attackers through the use of provably secure and obfuscated cryptographic…
Catch 22 of cryptography - "Before two parties can communicate in secret, they must first communicate in secret". The weakness of classical cryptographic communication systems is that secret communication can only take place after a key is…