Thriving in between theory and practice: How applied cryptography bridges the gap

Abstract. The focus of applied cryptography is the security of cryptographic systems used in practice. This includes analyzing cryptographic protocols and primitives used in the wild, and designing and deploying secure systems. Unfortunately, this is a challenging task. Cryptography is highly brittle and small design or implementation mistakes can have devastating effects on a system level. Additionally, the many interacting parts of a large system makes analyzing its security complex. Even defining an appropriate threat model can be difficult, and the most secure cryptographic designs sometimes break when faced with real-world use that differs from the usage intended by the designers.

In this talk, we discuss some of these challenges. In particular, we draw on our experiences from recent work on analyzing and constructing cryptography for practice and try to condense the lessons learnt, including: Where (and why) does the gap between theory and practice arise? How can applied cryptography help bridge the gap? And why should you, too, do applied cryptography?

Suggested readings: ia.cr/2022/959, ia.cr/2023/861, e2ee-cloud-storage, caw.cryptanalysis.fun (workshop)

[Slides]