Cryptography Research

Implementation Attacks on Cryptosystems

Cryptographers have made enormous progress at building cryptographic algorithms that, when appropriately implemented, appear to be highly secure against many types of mathematical attacks. However, recent research has shown that there are a surprising number of ways in which clever attackers can nonetheless defeat these systems in practice by "thinking outside the box". The common theme is that real cryptographic implementations are much more than a mathematical function; attackers often have access to a great deal of additional side information. For instance, an attacker who can measure the time it takes to perform a RSA decryption can use this to learn the RSA key. These kinds of "side channels" threaten the security of encryption algorithms deployed in smartcards, embedded devices, and other settings.

I am working to characterize and understand these failure modes. I am also developing defenses against such attacks. One of the main focuses of this effort is an attempt to place this field on principled, formal foundations.

One of the practical results of this project has been the discovery of new security flaws in 802.11 security, a topic of considerable practical interest.

This work is funded through generous support from a NSF ITR award.

Secure Signal Embedding

In collaboration with Kannan Ramchandran and many others, I am studying new methods in the areas of watermarking, steganography, program obfuscation, and related topics. Building on previous work on ad-hoc approaches to these problems, we are now working towards a more scientific approach rooted in information theory, complexity theory, and the theory of cryptography.

This work is funded through generous support from a NSF ITR award.

David Wagner,,