Announcing the preliminary program for Cedarcrypt — our inaugural applied cryptography summer school and conference, July 13–16, 2026 at the American University of Beirut - Mediterraneo in Paphos, Cyprus!
An absolutely fantastic program awaits — check it out, register today, and share widely!
If you cannot attend in person, you can sign up to attend remotely (for free). We'll do our best to provide good video and audio quality, as well as the opportunity to ask questions remotely.
To sign up for attending remotely, see caw.cryptanalysis.fun#registration
Screenshot of the program of CAW from https://caw.cryptanalysis.fun/.
The program for our Eurocrypt affiliated event CAW on May 10 is (mostly) finalized and published on: caw.cryptanalysis.fun
We received many super exciting submissions!
To register, select our workshop during conference registration on the Eurocrypt website once that opens: eurocrypt.iacr.org/2026/
We extended the deadline to Jan 30 (after Eurocrypt notifications).
Submission week for the Cryptographic Application Workshop (CAW), an affiliated event at Eurocrypt'26 in Rome! Please submit your talk proposals on constructive real-world crypto using the following instructions before Jan 23, 2026 AoE. All infos on: caw.cryptanalysis.fun.
If your curious on what to expect, you can watch the recording of some talks from this year here:
youtube.com/playlist?lis...
Or view the CAW 2024 program here: caw.cryptanalysis.fun/previous/202...
3. Design and construction of cryptographic primitives and systems that also have an associated implementation or are being deployed.
4. The industry perspective on deployment and maintenance of cryptography in practice.
All info on how to submit is here caw.cryptanalysis.fun#call-for-talks
In addition, CAW looks for submissions on the following topics:
1. Bringing crypto from academia into the world.
2. Analysis and proofs of schemes and protocols deployed in practice.
This year, CAW will have a specific focus on cryptography under real-world constraints and threat models, exploring various trade-offs that are often necessary when deploying cryptographic systems in practice. Submissions fitting the workshop theme of this year are especially encouraged.
This is the 3rd edition of the Cryptographic Application Workshop (CAW). CAW will take place on May 10, 2026, in Rome, Italy, right before Eurocrypt.
The workshop consists of a mixture of invited and contributed talks on recent developments in the field of applied cryptography.
The call for talks for CAW 2026 (a workshop affiliated with Eurocrypt) is out!
This year's motto is "cryptography under real-world constraints and threat models", but other applied cryptography is also very welcome.
All info is on: caw.cryptanalysis.fun.
You can find more information on our attacks in my blog post and our paper.
And if you're in Seattle, come say hi at WOOT or USENIX!
Blog post: mirohaller.com/posts/2025/0...
Paper: www.usenix.org/system/files...
Shout out to Fortune Brands Connected Products (which owns Master Lock) for the great disclosure experience. We had an in-depth meeting with them where they provided context on the origin of the vulnerabilities, insights into their design decisions, and updates on the mitigation progress.
The session replay attack is due to a nonce reuse across sessions. The causes for the other attacks were more on the security side (protocol design, access control, buffer overflow).
As smart locks are used in house and hotel doors, attacks on them has impacts the physical safety of people.
Attack 1 (session replay): An adversary in physical proximity of the lock (without ever having a valid account on the lock) can record the Bluetooth Low Energy (BLE) communication of a whole session and replay it to repeat all executed commands, including unlocking the lock. Attack 2 (exceeding access): Former guests can continue unlocking the lock after their access has been revoked. Attack 3 (clock tampering): Malicious guests can adjust the clock time of the smart lock arbitrarily, extending their own access past expiration or locking out all legitimate users. Attack 4 (audit log tampering): An adversary that only knows the lock’s identifier (which is advertised over BLE) can upload arbitrary audit events to the telemetry server, and prevent legitimate audit events from being uploaded. Hence, the adversary can hide their own activities. Attack 5 (malformed messages): Without valid access, an adversary can send malformed BLE messages to the lock that make it unresponsive or corrupt memory, which results in a Denial of Service (DoS) for authorized users. A malicious authorized user can even leak the memory of the smart lock.
Our WOOT paper went out of disclosure today. We found 5 attacks on the Master Lock D1000 which allow unauthorized unlocking, bypassing access revocation, forging log entries, and causing DoS.
If you're in Seattle, come to our talk given by Chengsong, one of the students I mentored for this paper.
The CAW workshop at Eurocrypt 2025 is just around the corner! Quick reminder that you can sign up (for free) to attend remotely by filling out this form until tomorrow (afternoon CEST): forms.gle/5JUMmYBj9LHW...
The program on the website: caw.cryptanalysis.fun
This year, #CAW offers the option for remote participation to make our Eurocrypt workshop accessible to the members of our community that cannot or prefer not to travel to Madrid.
Register on our website before May 2 (free): caw.cryptanalysis.fun
The updated program is below.
#CAW offers again a few registration waivers. We hope these waivers will help local (grad/undergrad) students to attend our workshop and get a preview of cryptography beyond the classroom and make their first connections to the community.
More info: caw.cryptanalysis.fun#student-regi...
Registration for in-person attendance of the workshop goes over Eurocrypt: eurocrypt.iacr.org/2025/registr...
We will later announce the overall workshop theme, but it will include two excellent invited speakers: Michele Orrù @tumbolia.bsky.social and Carmela Troncoso @carmelatroncoso.bsky.social and end with an audience discussion on the overarching topic.
Talk 9 at #CAW in the session on messaging:
Rolfe Schmidt from @signal.org on "Designing a Post-Quantum Ratchet for Signal Messenger"; seeking feedback on their candidate designs to make the Double Ratchet protocol post-quantum secure.
caw.cryptanalysis.fun
Talk 8 at #CAW in the session on messaging:
Phillip Gajland on "Shadofax: Combiners for Deniability"; providing a framework to reason about deniability for hybrid schemes and achieve it for a post-quantum secure AKEM.
caw.cryptanalysis.fun
Talk 7 at #CAW in the session on messaging:
Emma Dauterman on "Designing Secret Recovery in Signal Messenger"; a restrospective on the lessons learned when designing a system to meet real-world constraints.
caw.cryptanalysis.fun
Talk 6 at #CAW in the session on messaging:
Lea Thiemt on "Generic Anonymity Wrapper for Messaging Protocols"; a protocol transformation that achieves forward anonymity and post-compromise anonymity.
caw.cryptanalysis.fun
Talk 5 at #CAW in the session on cryptographic constructions:
Giacomo Fenzi @giacomofenzi.bsky.social on "Linear-Time Accumulation Schemes"; an efficient hash-based building block for proof-carrying data to provide computational integrity in a distributed setting.
caw.cryptanalysis.fun
Talk 4 at #CAW in the session on cryptographic constructions:
Felix Günther on "(Hybrid) Obfuscation and Verifiable Decapsulation"; two concepts to make KEMs more secure in real-world protocols.
caw.cryptanalysis.fun
Talk 3 at #CAW in the session on cryptographic constructions:
Olga Sanina presents "Results from Analyzing and Refining Bluetooth Secure Connections" about modeling and authenticating Bluetooth.
caw.cryptanalysis.fun
Talk 2 at #CAW in the session on large-scale deployed cryptography:
Shai Halevi or Nevine Ebeid (or both) from AWS on "Blockcipher-Based Key Commitment for Nonce-Derived Schemes"; towards the FIPS-compliant deployment of XAES-256-GCM.
caw.cryptanalysis.fun
Talk 1 at #CAW in the session on large-scale deployed cryptography:
Ghous Amjad (Google) on the design and deployment of "RSA Blind Signatures with Public Metadata" in GoogleOne VPN.
caw.cryptanalysis.fun