Miro Haller
@mirohaller.bsky.social
PhD student @ UCSD working on applied cryptography
https://mirohaller.com
https://mirohaller.com
If your curious on what to expect, you can watch the recording of some talks from this year here:
youtube.com/playlist?lis...
Or view the CAW 2024 program here: caw.cryptanalysis.fun/previous/202...
youtube.com/playlist?lis...
Or view the CAW 2024 program here: caw.cryptanalysis.fun/previous/202...
CAW 2025 - YouTube
The Cryptographic Applications Workshop (CAW; https://caw.cryptanalysis.fun/) focuses on the construction and analysis of cryptography built for practice. In...
youtube.com
November 11, 2025 at 6:41 PM
If your curious on what to expect, you can watch the recording of some talks from this year here:
youtube.com/playlist?lis...
Or view the CAW 2024 program here: caw.cryptanalysis.fun/previous/202...
youtube.com/playlist?lis...
Or view the CAW 2024 program here: caw.cryptanalysis.fun/previous/202...
3. Design and construction of cryptographic primitives and systems that also have an associated implementation or are being deployed.
4. The industry perspective on deployment and maintenance of cryptography in practice.
All info on how to submit is here caw.cryptanalysis.fun#call-for-talks
4. The industry perspective on deployment and maintenance of cryptography in practice.
All info on how to submit is here caw.cryptanalysis.fun#call-for-talks
CAW
Cryptographic Applications Workshop
caw.cryptanalysis.fun
November 11, 2025 at 6:40 PM
3. Design and construction of cryptographic primitives and systems that also have an associated implementation or are being deployed.
4. The industry perspective on deployment and maintenance of cryptography in practice.
All info on how to submit is here caw.cryptanalysis.fun#call-for-talks
4. The industry perspective on deployment and maintenance of cryptography in practice.
All info on how to submit is here caw.cryptanalysis.fun#call-for-talks
In addition, CAW looks for submissions on the following topics:
1. Bringing crypto from academia into the world.
2. Analysis and proofs of schemes and protocols deployed in practice.
1. Bringing crypto from academia into the world.
2. Analysis and proofs of schemes and protocols deployed in practice.
November 11, 2025 at 6:39 PM
In addition, CAW looks for submissions on the following topics:
1. Bringing crypto from academia into the world.
2. Analysis and proofs of schemes and protocols deployed in practice.
1. Bringing crypto from academia into the world.
2. Analysis and proofs of schemes and protocols deployed in practice.
This year, CAW will have a specific focus on cryptography under real-world constraints and threat models, exploring various trade-offs that are often necessary when deploying cryptographic systems in practice. Submissions fitting the workshop theme of this year are especially encouraged.
November 11, 2025 at 6:39 PM
This year, CAW will have a specific focus on cryptography under real-world constraints and threat models, exploring various trade-offs that are often necessary when deploying cryptographic systems in practice. Submissions fitting the workshop theme of this year are especially encouraged.
This is the 3rd edition of the Cryptographic Application Workshop (CAW). CAW will take place on May 10, 2026, in Rome, Italy, right before Eurocrypt.
The workshop consists of a mixture of invited and contributed talks on recent developments in the field of applied cryptography.
The workshop consists of a mixture of invited and contributed talks on recent developments in the field of applied cryptography.
November 11, 2025 at 6:38 PM
This is the 3rd edition of the Cryptographic Application Workshop (CAW). CAW will take place on May 10, 2026, in Rome, Italy, right before Eurocrypt.
The workshop consists of a mixture of invited and contributed talks on recent developments in the field of applied cryptography.
The workshop consists of a mixture of invited and contributed talks on recent developments in the field of applied cryptography.
You can find more information on our attacks in my blog post and our paper.
And if you're in Seattle, come say hi at WOOT or USENIX!
Blog post: mirohaller.com/posts/2025/0...
Paper: www.usenix.org/system/files...
And if you're in Seattle, come say hi at WOOT or USENIX!
Blog post: mirohaller.com/posts/2025/0...
Paper: www.usenix.org/system/files...
August 11, 2025 at 3:54 PM
You can find more information on our attacks in my blog post and our paper.
And if you're in Seattle, come say hi at WOOT or USENIX!
Blog post: mirohaller.com/posts/2025/0...
Paper: www.usenix.org/system/files...
And if you're in Seattle, come say hi at WOOT or USENIX!
Blog post: mirohaller.com/posts/2025/0...
Paper: www.usenix.org/system/files...
Shout out to Fortune Brands Connected Products (which owns Master Lock) for the great disclosure experience. We had an in-depth meeting with them where they provided context on the origin of the vulnerabilities, insights into their design decisions, and updates on the mitigation progress.
August 11, 2025 at 3:53 PM
Shout out to Fortune Brands Connected Products (which owns Master Lock) for the great disclosure experience. We had an in-depth meeting with them where they provided context on the origin of the vulnerabilities, insights into their design decisions, and updates on the mitigation progress.
The session replay attack is due to a nonce reuse across sessions. The causes for the other attacks were more on the security side (protocol design, access control, buffer overflow).
August 11, 2025 at 3:51 PM
The session replay attack is due to a nonce reuse across sessions. The causes for the other attacks were more on the security side (protocol design, access control, buffer overflow).
As smart locks are used in house and hotel doors, attacks on them has impacts the physical safety of people.
August 11, 2025 at 3:50 PM
As smart locks are used in house and hotel doors, attacks on them has impacts the physical safety of people.
Registration for in-person attendance of the workshop goes over Eurocrypt: eurocrypt.iacr.org/2025/registr...
Eurocrypt 2025 registration
44th Annual International Conference on the Theory and Applications of Cryptographic Techniques
eurocrypt.iacr.org
March 18, 2025 at 1:25 AM
Registration for in-person attendance of the workshop goes over Eurocrypt: eurocrypt.iacr.org/2025/registr...
We will later announce the overall workshop theme, but it will include two excellent invited speakers: Michele Orrù @tumbolia.bsky.social and Carmela Troncoso @carmelatroncoso.bsky.social and end with an audience discussion on the overarching topic.
March 18, 2025 at 1:25 AM
We will later announce the overall workshop theme, but it will include two excellent invited speakers: Michele Orrù @tumbolia.bsky.social and Carmela Troncoso @carmelatroncoso.bsky.social and end with an audience discussion on the overarching topic.
Talk 9 at #CAW in the session on messaging:
Rolfe Schmidt from @signal.org on "Designing a Post-Quantum Ratchet for Signal Messenger"; seeking feedback on their candidate designs to make the Double Ratchet protocol post-quantum secure.
caw.cryptanalysis.fun
Rolfe Schmidt from @signal.org on "Designing a Post-Quantum Ratchet for Signal Messenger"; seeking feedback on their candidate designs to make the Double Ratchet protocol post-quantum secure.
caw.cryptanalysis.fun
CAW
Cryptographic Applications Workshop
caw.cryptanalysis.fun
March 18, 2025 at 1:24 AM
Talk 9 at #CAW in the session on messaging:
Rolfe Schmidt from @signal.org on "Designing a Post-Quantum Ratchet for Signal Messenger"; seeking feedback on their candidate designs to make the Double Ratchet protocol post-quantum secure.
caw.cryptanalysis.fun
Rolfe Schmidt from @signal.org on "Designing a Post-Quantum Ratchet for Signal Messenger"; seeking feedback on their candidate designs to make the Double Ratchet protocol post-quantum secure.
caw.cryptanalysis.fun
Talk 8 at #CAW in the session on messaging:
Phillip Gajland on "Shadofax: Combiners for Deniability"; providing a framework to reason about deniability for hybrid schemes and achieve it for a post-quantum secure AKEM.
caw.cryptanalysis.fun
Phillip Gajland on "Shadofax: Combiners for Deniability"; providing a framework to reason about deniability for hybrid schemes and achieve it for a post-quantum secure AKEM.
caw.cryptanalysis.fun
CAW
Cryptographic Applications Workshop
caw.cryptanalysis.fun
March 18, 2025 at 1:24 AM
Talk 8 at #CAW in the session on messaging:
Phillip Gajland on "Shadofax: Combiners for Deniability"; providing a framework to reason about deniability for hybrid schemes and achieve it for a post-quantum secure AKEM.
caw.cryptanalysis.fun
Phillip Gajland on "Shadofax: Combiners for Deniability"; providing a framework to reason about deniability for hybrid schemes and achieve it for a post-quantum secure AKEM.
caw.cryptanalysis.fun
Talk 7 at #CAW in the session on messaging:
Emma Dauterman on "Designing Secret Recovery in Signal Messenger"; a restrospective on the lessons learned when designing a system to meet real-world constraints.
caw.cryptanalysis.fun
Emma Dauterman on "Designing Secret Recovery in Signal Messenger"; a restrospective on the lessons learned when designing a system to meet real-world constraints.
caw.cryptanalysis.fun
CAW
Cryptographic Applications Workshop
caw.cryptanalysis.fun
March 18, 2025 at 1:23 AM
Talk 7 at #CAW in the session on messaging:
Emma Dauterman on "Designing Secret Recovery in Signal Messenger"; a restrospective on the lessons learned when designing a system to meet real-world constraints.
caw.cryptanalysis.fun
Emma Dauterman on "Designing Secret Recovery in Signal Messenger"; a restrospective on the lessons learned when designing a system to meet real-world constraints.
caw.cryptanalysis.fun
Talk 6 at #CAW in the session on messaging:
Lea Thiemt on "Generic Anonymity Wrapper for Messaging Protocols"; a protocol transformation that achieves forward anonymity and post-compromise anonymity.
caw.cryptanalysis.fun
Lea Thiemt on "Generic Anonymity Wrapper for Messaging Protocols"; a protocol transformation that achieves forward anonymity and post-compromise anonymity.
caw.cryptanalysis.fun
March 18, 2025 at 1:23 AM
Talk 6 at #CAW in the session on messaging:
Lea Thiemt on "Generic Anonymity Wrapper for Messaging Protocols"; a protocol transformation that achieves forward anonymity and post-compromise anonymity.
caw.cryptanalysis.fun
Lea Thiemt on "Generic Anonymity Wrapper for Messaging Protocols"; a protocol transformation that achieves forward anonymity and post-compromise anonymity.
caw.cryptanalysis.fun
Talk 5 at #CAW in the session on cryptographic constructions:
Giacomo Fenzi @giacomofenzi.bsky.social on "Linear-Time Accumulation Schemes"; an efficient hash-based building block for proof-carrying data to provide computational integrity in a distributed setting.
caw.cryptanalysis.fun
Giacomo Fenzi @giacomofenzi.bsky.social on "Linear-Time Accumulation Schemes"; an efficient hash-based building block for proof-carrying data to provide computational integrity in a distributed setting.
caw.cryptanalysis.fun
CAW
Cryptographic Applications Workshop
caw.cryptanalysis.fun
March 18, 2025 at 1:23 AM
Talk 5 at #CAW in the session on cryptographic constructions:
Giacomo Fenzi @giacomofenzi.bsky.social on "Linear-Time Accumulation Schemes"; an efficient hash-based building block for proof-carrying data to provide computational integrity in a distributed setting.
caw.cryptanalysis.fun
Giacomo Fenzi @giacomofenzi.bsky.social on "Linear-Time Accumulation Schemes"; an efficient hash-based building block for proof-carrying data to provide computational integrity in a distributed setting.
caw.cryptanalysis.fun
Talk 4 at #CAW in the session on cryptographic constructions:
Felix Günther on "(Hybrid) Obfuscation and Verifiable Decapsulation"; two concepts to make KEMs more secure in real-world protocols.
caw.cryptanalysis.fun
Felix Günther on "(Hybrid) Obfuscation and Verifiable Decapsulation"; two concepts to make KEMs more secure in real-world protocols.
caw.cryptanalysis.fun
CAW
Cryptographic Applications Workshop
caw.cryptanalysis.fun
March 18, 2025 at 1:22 AM
Talk 4 at #CAW in the session on cryptographic constructions:
Felix Günther on "(Hybrid) Obfuscation and Verifiable Decapsulation"; two concepts to make KEMs more secure in real-world protocols.
caw.cryptanalysis.fun
Felix Günther on "(Hybrid) Obfuscation and Verifiable Decapsulation"; two concepts to make KEMs more secure in real-world protocols.
caw.cryptanalysis.fun
Talk 3 at #CAW in the session on cryptographic constructions:
Olga Sanina presents "Results from Analyzing and Refining Bluetooth Secure Connections" about modeling and authenticating Bluetooth.
caw.cryptanalysis.fun
Olga Sanina presents "Results from Analyzing and Refining Bluetooth Secure Connections" about modeling and authenticating Bluetooth.
caw.cryptanalysis.fun
CAW
Cryptographic Applications Workshop
caw.cryptanalysis.fun
March 18, 2025 at 1:22 AM
Talk 3 at #CAW in the session on cryptographic constructions:
Olga Sanina presents "Results from Analyzing and Refining Bluetooth Secure Connections" about modeling and authenticating Bluetooth.
caw.cryptanalysis.fun
Olga Sanina presents "Results from Analyzing and Refining Bluetooth Secure Connections" about modeling and authenticating Bluetooth.
caw.cryptanalysis.fun
Talk 2 at #CAW in the session on large-scale deployed cryptography:
Shai Halevi or Nevine Ebeid (or both) from AWS on "Blockcipher-Based Key Commitment for Nonce-Derived Schemes"; towards the FIPS-compliant deployment of XAES-256-GCM.
caw.cryptanalysis.fun
Shai Halevi or Nevine Ebeid (or both) from AWS on "Blockcipher-Based Key Commitment for Nonce-Derived Schemes"; towards the FIPS-compliant deployment of XAES-256-GCM.
caw.cryptanalysis.fun
March 18, 2025 at 1:22 AM
Talk 2 at #CAW in the session on large-scale deployed cryptography:
Shai Halevi or Nevine Ebeid (or both) from AWS on "Blockcipher-Based Key Commitment for Nonce-Derived Schemes"; towards the FIPS-compliant deployment of XAES-256-GCM.
caw.cryptanalysis.fun
Shai Halevi or Nevine Ebeid (or both) from AWS on "Blockcipher-Based Key Commitment for Nonce-Derived Schemes"; towards the FIPS-compliant deployment of XAES-256-GCM.
caw.cryptanalysis.fun
Talk 1 at #CAW in the session on large-scale deployed cryptography:
Ghous Amjad (Google) on the design and deployment of "RSA Blind Signatures with Public Metadata" in GoogleOne VPN.
caw.cryptanalysis.fun
Ghous Amjad (Google) on the design and deployment of "RSA Blind Signatures with Public Metadata" in GoogleOne VPN.
caw.cryptanalysis.fun
March 18, 2025 at 1:21 AM
Talk 1 at #CAW in the session on large-scale deployed cryptography:
Ghous Amjad (Google) on the design and deployment of "RSA Blind Signatures with Public Metadata" in GoogleOne VPN.
caw.cryptanalysis.fun
Ghous Amjad (Google) on the design and deployment of "RSA Blind Signatures with Public Metadata" in GoogleOne VPN.
caw.cryptanalysis.fun