SecAppDev 2024 lecture details
Practical cryptography with Tink
Learn how to translate cryptography know-how into robust working code that is easy to review. Avoid common implementation pitfalls by learning how to use the modern Tink cryptographic library.
Monday June 3rd, 16:00 - 17:30
Room West Wing
Download handoutsAbstract
There are many textbooks and courses to learn the theoretical foundations of cryptography, and particular constructions, but fewer dive into the details of how to translate that into working production code.
In this session we will describe the challenges presented by traditional cryptography libraries, and the security vulnerabilities that can result from misuse. We will then examine modern hard-to-misuse libraries, focusing on Google’s Tink library. Particular attention is paid to key storage and management.
Key takeaway
Learn how to use Tink to implement cryptographic features and protocols in a robust manner.
Content level
Deep-dive
Target audience
Anyone working with practical cryptography
Prerequisites
A good working knowledge of cryptographic primitives and how they are used in theory.
Neil Madden
Founder and CEO, Illuminated Security Ltd
Expertise: Application security and applied cryptography
Related lectures
Cryptographic algorithms update
Deep-dive lecture by Bart Preneel in room Lemaire
Monday June 3rd, 14:00 - 15:30
An update on the most important cryptographic algorithms and a status on the migration towards post-quantum security.
Key takeaway: Which cryptographic algorithms to use for which tasks.
A gentle intro to Ethereum and "smart contracts"
Introductory lecture by Tom Van Cutsem in room West Wing
Wednesday June 5th, 14:00 - 15:30
Ethereum is a programmable blockchain, a "world computer" powering decentralized applications. Find out how software for this "world computer" - smart contracts - are written using the Solidity language.
Key takeaway: Learn what programmable blockchains like Ethereum are all about, what kinds of applications they enable and what common pitfalls developers face.
The Quantum threat and Post-Quantum Cryptography (PQC)
Deep-dive lecture by Bart Preneel in room Lemaire
Tuesday June 4th, 14:00 - 15:30
We discuss the status of NIST's PQC competition, IETF standards and national agencies' recommendations. We conclude with performance benchmarks and crypto agility challenges.
Key takeaway: Post-quantum standards are on their way. Implications will be increased complexity and communication and storage overhead. Crypto agility is hard.