Real World Crypto 2018 (RWC 2018) brain dump

The 2018 edition of Real World Crypto (RWC) was in Zurich (you can find the conference full program here.). I live in Switzerland so I was extremely happy about it. RWC is basically the best conference I ever attended and it will probably be so for a while. I almost risked to skip it due to flu but I eventually managed to attend :)

Current status: -1 to #realworldcrypto . Me sick in bed :(

— Antonio Sanso @ RWC (@asanso) January 9, 2018

This short blog post is my brain dump of the event. If you want to know more you can find all the videos of the presentations in this youtube channel. The event lasted 3 days and every day was great. Event like this allowed me to meet personally many people I have interacted previously in a way or the other  and it turns out that a big percentage of people that do (applied) crypto was indeed attending. FWIW I was even able to shortly  ask to the great Prof Boneh about the now legendary Coursera Crypto II :D

Day I

The first day could not start any better. Shay Gueron (from Amazon) did a deep dive into the cryptography behind the AWS cloud. It basically described a  new method AWS uses to avoid the AES GCM Forbidden attack caused by key/nonce reuse (see the great blog post from agl for details). The  Key management services session continued with a talk from Anand Kanagala (Google) where he talked about Google internal KMS and told the story of Gmail outage and how one small bug can have a dramatic impact on billions of accounts and steps taken in order to change the system design. After a small break was the turn of the real crypto (lol) aka  Crypto currencies session. 

So there were talks about Mimblewimble (featured by Andrew Poelstra from Blockstream) the new crypto-child solution proposed in a text file posted on a Tor hidden service!!! Then (Ian Miers) talked about the genesis, the present and the future of my favorite crypto currencies aka ZCash. And eventually this session concluded with a third talk about some clever attack on Zero Knowledge protocol (Zero knowledge, subversion-resistance, and concrete attacks, tl;dr be careful who is doing the trusted setup in a Zero Knowledge protocol). Sweet.
With no break arrived one of the most important moment of the conference: the award ceremony of Levchin prize. And drumroll the well deserved winners were Hugo Krawczyk (for the development of real-world crytographic schemes with strong security guarantees and proofs) and the entire OpenSSL team (for dramatic improvements to the code quality of OpenSSL). Time for lunch and mingle. And here was the afternoon  sessions. Time for the Attack I session and my favorite talk of the day where Yuval Yarom (University of Adelaide) and Daniel Genkin (UPenn/UMD) showed (with brave demo included) a Side channel attacks on implementations of Curve25519. The day ended with the Usability and privacy session where Emily Stark (Google) talked about Certificate Transparency (great stuff). The day ended with the talk about end-to-end security of group chats where a glitch in Signal/Whatsapp was presented (see Matthew Green's post).

Day II

The second day  started with  the Post-quantum crypto and other new hardware session where people from Microsoft (Melissa Chase  and Patrick Longa) presented Microsoft's owned proposal for the Post-Quantum Cryptography NIST Standardization. After the break the Broken standards session started with a funny Shattered (aka the famous SHA-1 collision) talk delivered by Pierre Karpman. Then (and this is was probably the most awaited talk of the day) THE MAN aka Jann Horn in person presented Spectre and Meltdown. Awesome. Before lunch was the time for several 1 minute long Lightning talks. For the record there were many little rooms that people can use to study or whatever and. E.g. some of us tried to find their way toward zk-snark

Thanks a lot @str4d for the literally on-the-fly zk-snark leason w/ @FiloSottile @gtank__ @isislovecruft @hdevalence et al. It was great!

— Antonio Sanso @ RWC (@asanso) January 12, 2018

The sessions resumed with the TLS session where the ever innovative Nick Sullivan pleased the audience with some pairing and identity-based broadcast encryption used in  Cloudflare's Geo Key Manager. The TLS session could not end without not one but 2 talks about TLS 1.3 delivered by Thyla van der Merwe (Royal Holloway) and David Benjamin (Google). Both were pleasant and (specially the one from David) funny (for us) talks. The day at  Volkshaus Zurich ended with Crypto in the clouds session where Manish Mehta (Netflix) presented the way Netflix handle secrets (in AWS) and the Facebook folks showed how to Scale backend authentication at Facebook . But while the official RWC day ended here pretty many of us were lucky enough to be invited in the Google Zurich Office for an after conference gathering sponsored by Google Research. Someone was even luckier to taste the fateful and tasteful SHA-1 Chartreuse formerly survivor of the Shattered battle

#RealWorldCrypto was great, happy to have shared (and finished!) the SHA-1 Chartreuse with so many nice people!

— 👼Ąż杏 (@angealbertini) January 11, 2018

 courtesy of Ange. Thanks!!!

Day III

The third and last day was a bit shorter but as good as the others.  It started with fireworks , indeed Trevor Perrin presented his baby The Noise protocol framework in the New crypto session. Then was the time for an innovative use of Bloom Filter. The Attacks II session were a series of a bit shorter interesting talks and the day ended with the Verification and provable security session that had as highlight the talk about the new formal verification in Firefox.

This was the last talk hence

see you (hopefully for me) next year for RWC 2019 in California.

I want to thank you anyone I interacted with on these 3 days. It was really fun and formative.

For more crypto goodies, follow me on Twitter.