July 13–16, 2026
Cedarcrypt
Applied Cryptography
Summer School & Conference
AUB Mediterraneo Campus, Cyprus
About Cedarcrypt
Cedarcrypt is a new applied cryptography summer school and conference being organized for July 2026. We aim to bring together graduate students, early-career researchers, and practitioners for four days of lectures, hands-on workshops, and research presentations in Paphos, Cyprus.
Our inaugural program features keynotes, lectures, hands-on workshops, and research talks from speakers across industry and academia. Whether you're a graduate student, early-career researcher, or practitioner, Cedarcrypt offers four days of learning and collaboration in applied cryptography.
4
Days of lectures, workshops, and collaboration
2
Tracks: Summer School & Research Conference
1st
Edition of a new annual event
Program
Four days of lectures and hands-on workshops in applied cryptography, designed as a pedagogical progression from accessible foundations to advanced constructions.
The program below is preliminary. We are still confirming final details with speakers, and at least some sessions, titles, abstracts, or timings are likely to change before the event. Please check back closer to July 2026 for the finalized schedule.
Day 1 — Welcome & Foundations
Monday, July 13
Keynote Address
Opening keynote by one of the world's foremost cryptographers, setting the stage for four days of applied cryptography at Cedarcrypt's inaugural edition.
Bart Preneel is Full Professor at KU Leuven and head of the COSIC research group, and a former president of the International Association for Cryptologic Research (IACR). His research spans hash functions, block ciphers, authentication protocols, and cryptographic engineering, with decades of foundational contributions to the field.
OrganicOS: Cryptography for Organisational IT
OrganicOS reframes organisational IT management as a cryptographer's problem — not "encrypt the disk," but eliminating implicit trust boundaries until what remains is verifiable and composable. OrganicOS manages devices, services, and infrastructure as a single declarative NixOS-based system where the deployed state is a content-addressed closure bound by a single cryptographic commitment, making everything reproducible and auditable from that commitment. This talk addresses three IT-lifecycle issues through that lens: system integrity (does the machine run what you approved?), data confidentiality (protection against stolen devices and compromised servers), and compliance (making security posture a system property rather than a document).
Marios Isaakidis is the Director of infotropic.tech, a privacy engineering and protocol design agency based in Limassol, Cyprus. He develops technologies, mechanisms, and policies that establish our freedoms in the Information Age.
From Papers to Production: Cryptography Engineering That Sucks Less
Using the DKLs18/19 threshold ECDSA protocol vulnerability saga — involving SoftSpokenOT and KOS15 — as a case study, this talk examines how cryptographic agility and engineering practices fail in production environments. We present Bron-Crypto, an open-source MPC library that applies modern software engineering practices to make cryptographic implementations reusable, composable, and evolvable, distilling hard-won lessons from building, auditing, and shipping MPC systems at Coinbase, Copper.co, and Bron.
Alireza Rafiei is Director of Cryptography Engineering at Bron, previously Head of Cryptography Engineering at Copper.co and Applied Cryptographer at Coinbase. Mateusz Kramarczyk is a cryptography engineer at Bron focused on threshold cryptography and threshold signing protocols, previously at Copper.co.
Hands-On Applied Cryptography: ECC and RSA Attacks with LLL
Hands-on workshop providing a practical bridge between classical and post-quantum cryptography through guided implementation labs. Participants will explore elliptic-curve cryptography and lattice-based post-quantum constructions, with particular emphasis on RSA cryptanalysis using the LLL lattice reduction algorithm. Through practical attack scenarios, they will see how seemingly modest weaknesses—such as short secret exponents, partial key leakage, or related-message settings—can compromise RSA under structured lattice attacks. The session aims to build intuition for the dual importance of lattice methods: as powerful tools for attacking classical cryptosystems and as a core foundation of modern post-quantum cryptography.
Meryem Cherkaoui Semmouni is a Professor and researcher at Sidi Mohamed Ben Abdellah University in Morocco, with expertise in modern public-key cryptography. Her research explores elliptic-curve cryptography, lattice-based post-quantum cryptography, and lattice-reduction techniques for cryptanalysis, at the intersection of mathematical rigor and practical cybersecurity applications.
Day 2 — Applied Cryptography in Practice
Tuesday, July 14
Practical Constant-Time Programming
A ground-up treatment of constant-time programming as a practical engineering discipline. We cover the threat model for timing side-channels, C++ and compiler behaviors that silently introduce timing leakage — including conditional branches on secrets and secret-dependent memory access — practical mitigation techniques such as branchless selection, bitslicing, and constant-time table lookups, with examples drawn from production cryptographic libraries and verification using tools like Clang MSan and Valgrind.
Anjan Roy is an Applied Cryptography Engineer in the Ethereum ecosystem and PhD candidate at Radboud University. He is the author of zero-dependency C++ and Rust libraries for NIST-standardized cryptographic primitives including Ascon, ML-KEM, ML-DSA, and Falcon, with a focus on correct-by-construction, high-assurance implementations.
FHE: From Theory to Practice
A comprehensive journey through Fully Homomorphic Encryption, from its theoretical foundations to real-world deployment challenges. This lecture explores how FHE enables computation on encrypted data without ever decrypting it, and examines the practical considerations, performance trade-offs, and engineering decisions involved in building FHE-based systems today.
Emad Heydari Beni is a researcher at Nokia Bell Labs & KU Leuven specializing in fully homomorphic encryption and its practical applications in privacy-preserving computation.
From Tampered JavaScript to Trustworthy Web Apps: A Hands-On Introduction to WAICT
How do you know the JavaScript your browser is running is what the developer actually shipped? This workshop builds from first principles to the full WAICT (Web Application Integrity, Consistency, and Transparency) model currently being prototyped in Firefox. Through five progressive exercises, participants tamper with a web app's JavaScript, break a naive integrity primitive, build a Node.js application with SHA-256 resource manifests, extend a browser client for WAICT support, and implement a minimal transparency log inspired by Certificate Transparency.
Anna Weine is a Staff Security Engineer at Mozilla. Her contributions include RSA blinding, TLS Key Update, parts of DTLS 1.3, and the WebCrypto API. She is a contributor to the WAICT specification, a W3C proposal currently prototyped in Firefox Nightly.
Day 3 — Protocols & Primitives
Wednesday, July 15
Implementing Group Messaging in The Guardian's Anonymous Whistleblowing System
The Guardian launched Secure Messaging in June 2025, based on the CoverDrop research from Cambridge — a mobile-app-embedded system letting sources reach journalists anonymously. The current design supports one-source-to-one-journalist conversations, but we are extending it to group messaging so teams of journalists (plus read-only editors) can jointly manage sources. This talk covers CoverDrop's architecture, then presents our in-progress design using Messaging Layer Security (MLS), lessons learned integrating OpenMLS into an existing system, and how we authenticate messages by extending CoverDrop's existing PKI.
Zeke Hunter-Green is a Senior Software Engineer at The Guardian's Digital Investigations team, contributing to CoverDrop and the Guardian's SecureDrop fork. Co-author Daniel Hugenroth (not attending) is a computer security researcher at the University of Cambridge focusing on applied cryptography, secure protocols, and anonymous communication.
Self-Auditable Key Transparency at Scale
Key transparency systems—used in platforms like WhatsApp, iMessage, and Messanger—are widely deployed but have two primary drawbacks: they do not fully preserve user privacy, and more importantly, their auditing process is too resource-intensive for typical clients, so auditing is often outsourced to third parties. IronDict [Haf+26] and Aegon [Haf+26], introduce a new paradigm in the design of key transparency via polynomial commitments. These schemes introduce strong (zero-knowledge) privacy guarantees and significantly improve efficiency. In practice, this leads to much smaller and faster-to-verify audit proofs, making client-side auditing feasible while also supporting high update throughput.
Hossein Hafezi is a PhD student at the University of Cambridge (formerly at NYU), where he works on proof systems and their applications. His research focuses on designing new cryptographic primitives to improve the security of real-world systems.
Decentralized Key Management via Threshold Signing
This workshop is a primer on threshold signing technology—why and where it is relevant in practice, and how to construct it. The first component of the workshop is a seminar on the anatomy of deployed threshold signing protocols. We will begin with an overview of threshold cryptography techniques, and zoom in on threshold signing for ECDSA and EdDSA/Schnorr. We will cover ideas synthesized from a range of papers, as well as the “folklore” techniques. Next, we will have a hands-on laboratory session that introduces the nuts and bolts of deploying a threshold signing library in Rust. Through a series of exercises with a production-oriented stack around DKLs23 threshold ECDSA signing, participants will be exposed to real-world deployment challenges.
Iraklis Leontiadis is the Head Security Architect at Silence Laboratories, where he focuses on scalable applied cryptography systems. Previously worked at ZenGo, Anoma/Namada, Parfin, and Inpher. PhD from Telecom ParisTech/Eurecom, centered on secure private aggregation, and postdocs at the University of Arizona, NJIT, and EPFL. Yashvanth Kondi leads R&D at Silence Laboratories, in his role as the principal scientist. His background is in cryptographic protocol design, with a focus on multiparty computation (MPC) techniques applied to solve real-world problems. PhD from Northeastern University, and postdoc at Aarhus University before joining Silence.
Building with Zero-Knowledge Proofs: From Concepts to Code
This workshop bridges the gap between zero-knowledge proof theory and hands-on practical implementation. Based on a successful lecture series at TU Berlin, participants gain both conceptual understanding and practical experience building with ZK proof systems, working through exercises that progress from foundational concepts to writing and verifying proofs using modern tooling. The workshop emphasizes accessibility for newcomers while covering the real engineering decisions involved in choosing and working with ZK frameworks.
Tarek Galal is a cryptography educator and developer with experience teaching zero-knowledge proof systems. His work focuses on making ZK proof technology accessible through hands-on, practical instruction.
Day 4 — Advanced Constructions & Closing
Thursday, July 16
Lattices, Isogenies and Codes: Contrasting Post-Quantum Design Directions for Applied Cryptography
This lecture compares three major post-quantum cryptography families—lattices, isogenies, and codes—not just as standardization candidates, but as distinct design frameworks. It highlights how each offers different tradeoffs in efficiency, structure, and supported primitives. Lattice-based cryptography leads in practical deployment, versatility, and advanced applications. Isogeny-based cryptography, despite recent setbacks, remains mathematically rich, compact, and conceptually distinctive. Code-based cryptography provides a mature, durable alternative and adds diversity to post-quantum assumptions. Through selected case studies, the talk shows that post-quantum cryptography is not only about replacing classical systems, but about exploring a broader design space shaped by different hardness assumptions and cryptographic goals.
Maher Mamah is a PhD candidate in cryptography at the University of Waterloo under David Jao. His research focuses on isogeny- and lattice-based cryptography, especially post-quantum signature schemes, cryptanalysis, and security analysis, with broader interests in quantum computing, hardness assumptions, and algebraic cryptographic methods.
Implementing HQC, a NIST PQC Standard, in Hardware: Performance, Security, and Lessons
A deep dive into hardware implementation of the Hamming Quasi-Cyclic (HQC) algorithm, one of NIST’s 2025 post-quantum standards. The talk begins with HQC’s selection and its algorithmic core, profiles its computational bottlenecks, and then presents a state-of-the-art hardware implementation compared against software and hardware–software co-design alternatives. It closes with what is, to our knowledge, the only existing power side-channel attack on an HQC hardware implementation and the countermeasures it motivates. Attendees leave equipped to reason about performance, resource, and security trade-offs when designing or evaluating post-quantum cryptographic hardware.
Sanjay Deshpande is a Postdoctoral Scholar at Northwestern University specializing in efficient and secure post-quantum cryptography and the security of quantum computing systems. He earned his PhD in Electrical Engineering from Yale, and has previously worked at Microsoft Research, SandboxAQ, and the Technology Innovation Institute. His work has appeared at IACR CHES, SAC, ACM TECS, and IEEE HOST.
The Taler Protocol Suite for Digital Payments
The Taler protocol suite provides online digital payments that preserve buyer anonymity while guaranteeing seller taxability and regulatory compliance. This lecture walks through the essential protocol flows — coin withdrawal, purchase, deposit, and refresh — and standard cryptographic building blocks that make them work: blind signatures (RSA and Schnorr), hash functions, HKDFs, zero-knowledge cut-and-choose proofs, EC signature schemes and ECDH used in unusual ways, up to recent work on making Taler post-quantum ready. It is both an introduction to Taler and a worked example of how cryptographic primitives compose to solve real privacy challenges in digital payment.
Özgür Kesim is a member of the GNU Taler development team and a PhD candidate at FU Berlin, working on privacy-preserving extensions to Taler under Christian Grothoff (BFH Bern) and Matthias Wählisch (TU Dresden). He has also worked in software security and code auditing for over 25 years.
State-of-the-Art Hash-Based SNARKs: Roll Your Own Crypto
Hash-based SNARKs offer fast proving without public-key cryptography, require no trusted setup, and provide post-quantum security. In this hands-on workshop, participants implement two interactive oracle commitment schemes — the core building blocks of modern SNARKs — starting with Brakedown (good prover performance, larger proof sizes) and progressing to WHIR, the state-of-the-art scheme underlying Ethereum's post-quantum signature aggregation proposal and World's privacy-preserving proof-of-personhood system. Using arkworks' Spongefish library for secure protocol compilation, attendees gain real implementation experience building proof systems in Rust.
Giacomo Fenzi is a PhD student at EPFL in Lausanne. His research focuses on computational complexity, cryptography, and coding theory with emphasis on proof systems. His work includes the WHIR, TensorSwitch, and WARP protocols, and he serves as a judge for the Proximity Prize, a million-dollar coding theory challenge.
Paphos, Cyprus
Where ancient history meets Mediterranean beauty
AUB Mediterraneo Campus
Cedarcrypt will be hosted at the American University of Beirut's Mediterraneo campus in Paphos. This UNESCO World Heritage city offers a unique backdrop for focused learning: crystal-clear waters, ancient ruins, and a vibrant culinary scene.
Paphos combines world-class beaches with a rich cultural heritage dating back thousands of years. Explore the stunning Tombs of the Kings, wander through the picturesque harbor, or relax at a seaside taverna as the sun sets over the Mediterranean.
Getting There
Direct flights to Paphos International Airport (PFO) from major European cities. The campus is just 15 minutes away.
Accommodation
On-campus housing and a variety of beachfront hotels and charming guesthouses nearby.
Perfect Weather
Sunny skies and warm Mediterranean temperatures around 30°C. Don't forget your swimsuit!
Travel
Everything you need to plan your trip to Paphos for Cedarcrypt 2026.
Visa Information
Lebanese nationals: apply for your visa as soon as possible
Lebanese citizens require a Cyprus visa to attend Cedarcrypt 2026. Processing through the Cypriot Embassy in Beirut routinely takes six to eight weeks or longer, and appointment slots are limited. We strongly urge all Lebanese attendees — especially scholarship recipients — to begin their visa application immediately upon confirming attendance. Please do not wait until closer to the event.
Guidance for other nationalities
- Visa-free entry
- Citizens of EU/EEA member states and Switzerland, as well as nationals of the UK, US, Canada, Australia, New Zealand, Japan, South Korea, and most OECD countries, may enter Cyprus without a visa for short stays. A valid passport is typically sufficient; EU/EEA citizens may also use a national ID card.
- Schengen visa holders
- Holders of a valid multi-entry Schengen visa (type C) may enter Cyprus without a separate Cypriot visa, even though Cyprus is not itself part of the Schengen Area. The same applies to holders of valid residence permits issued by a Schengen state.
- All other nationalities
- A Cyprus short-stay visa must be obtained in advance from the nearest Cypriot consulate or embassy. Please allow at least four to six weeks for processing, and confirm current requirements with your consulate well ahead of booking travel.
Visa rules can change. Please always verify current requirements on the Republic of Cyprus government portal and with the nearest Cypriot diplomatic mission before traveling.
Cedarcrypt can provide an official invitation letter to support your visa application. Please include your full name (as on your passport), passport number and expiry date, and your academic or professional affiliation.
Request Visa LetterAirports
Paphos International Airport
The closest airport to the venue, just 15 minutes by car. Direct flights are available from many European cities including London, Athens, and several other destinations. This is the most convenient option for reaching the AUB Mediterraneo campus.
Larnaca International Airport
Cyprus’s main international airport with the widest selection of flights and airlines. However, Larnaca is approximately 150 km from Paphos, requiring a taxi or rental car ride of around 1.5–2 hours along the motorway. Budget accordingly for the transfer if flying into Larnaca.
Recommended Hotels
Anemi Hotel & Suites
Boutique Mediterranean hotel on Poseidonos Avenue emphasizing Cypriot craftsmanship and authentic hospitality, with locally sourced amenities and multiple dining venues.
Mayfair Hotel & Gardens
Family-friendly resort complex in a quiet tourist area with comprehensive amenities, multiple pools, entertainment facilities, and all-inclusive dining options.
Annabelle Hotel
Iconic five-star luxury hotel on the Paphos seafront with award-winning restaurants, lush tropical gardens, and a full-service spa.
Elysium Hotel
Upscale beachfront resort with multiple gourmet restaurants, a world-class spa, and extensive leisure facilities on landscaped grounds overlooking the Mediterranean.
Scholarships
Making Cedarcrypt accessible to students and early-career researchers.
Thanks to the generosity of our sponsors, we currently have enough funds to offer full scholarships to students wishing to attend Cedarcrypt 2026. Scholarships cover travel and lodging, so that financial constraints do not prevent talented students from participating.
We especially encourage applications from graduate students and early-career researchers in cryptography, computer science, and related fields. Scholarships are awarded on a rolling basis until funds are exhausted.
Apply for a ScholarshipOrganizers
The team behind Cedarcrypt 2026.
Nadim Kobeissi
General Chair
Malek Tabbal
General Chair
Jean-Philippe Aumasson
Program Chair
Lucas Meier
Program Chair
Ghady Youssef
Workshop Chair
Abd El Kader Kahil
Web Secretary
Rabab Salim
Sponsorship Secretary
Faysal Elestwani
Ethics Officer
Sponsors
Our sponsors help fund student scholarships, making Cedarcrypt accessible to early-career researchers from around the world.
AUB Mediterraneo
The American University of Beirut's Paphos campus serves as the host venue for Cedarcrypt 2026, providing world-class facilities and a vibrant academic setting on the Mediterranean coast.
Electi
A leading consultancy that provides technical and business consulting in cryptography and based in Cyprus, where Cedarcrypt is being hosted, Electi is generously sponsoring Cedarcrypt with full scholarships for three students to attend from Lebanon.
PQShield
PQShield specializes in real-world, post-quantum hardware and software upgrades, helping companies and institutions modernize their vital security systems. PQShield is generously sponsoring Cedarcrypt with full scholarships for three students to attend from Lebanon.
Symbolic Software
Symbolic Software contributes formal verification and cryptographic protocol analysis expertise, and is the core founding and organizing force behind Cedarcrypt.
Zama
Zama is an open-source cryptography company building state-of-the-art fully homomorphic encryption solutions for blockchain and AI, generously sponsoring Cedarcrypt with full scholarships for five students to attend from Lebanon.
Anonymous Sponsors
We are also grateful to several generous anonymous donors who have contributed substantially to making Cedarcrypt possible and helping us support student attendance.
Interested in supporting the next generation of cryptography researchers?
Become a SponsorGet Involved
Join us for four days of applied cryptography in the Mediterranean.
Dates
July 13–16, 2026
Location
AUB Mediterraneo, Cyprus
Status
Registration Open