Trust the Math, Fear the Compiler: How Optimizations Undermine Cryptographic Software

Name: Trust the Math, Fear the Compiler: How Optimizations Undermine Cryptographic Software
Start: 2026-01-31T12:40:00
End: 2026-01-31T12:40:00
Location: H.2215 (Ferrer)

H.2215 (Ferrer) | Day 2 | 12:40 - 12:55 | Speakers: René Meusel

Copy link

Copy link

Open in browser

Get involved in the conversation!Join the chat

Notes

Abstract

Computer systems can unintentionally leak bits of secret information through observable variations in their behavior such as runtime or power consumption. These so-called "side-channels" can be harmful for the security of cryptographic systems where just a few bytes of leaked key material may compromise loads of sensitive data.

In this talk, we will explore how we mitigate typical side-channels in the open-source cryptography toolkit "Botan" and why this has increasingly become a game of cat and mouse against modern compiler optimizations. We will also present how established open-source tools such as valgrind can help find subtle side-channels in a semi-automatic way.

Attachments

Slides

Speakers

René Meusel

Over the past 15 years, René Meusel has worked extensively on free and open-source software, developing a passion for applied cryptography, secure networking protocols, and modern C++. As a co-maintainer of Botan, a widely used cryptographic library endorsed by Germany’s Federal IT Security Authority (BSI), he led the implementation of TLS 1.3 and added state-of-the-art post-quantum algorithms. He is equally at home auditing software implementations and debating the finer points of network protocols.

External Links

Notice: The placeholder video image is licensed under CC BY-SA 4.0. The original image can be found hereChanges made to the image are: Cropped the image to a new ratio, part of the image was cut off.