July 13–16, 2026
Applied Cryptography
Summer School & Conference
AUB Mediterraneo Campus, Cyprus
Register by July 5, 2026
Cedarcrypt is a new applied cryptography summer school and conference being organized for July 2026. We aim to bring together graduate students, early-career researchers, and practitioners for four days of lectures, hands-on workshops, and research presentations in Paphos, Cyprus.
Our inaugural program features keynotes, lectures, hands-on workshops, and research talks from speakers across industry and academia. Whether you're a graduate student, early-career researcher, or practitioner, Cedarcrypt offers four days of learning and collaboration in applied cryptography.
Days of lectures, workshops, and collaboration
Tracks: Summer School & Research Conference
Edition of a new annual event
Four days of lectures and hands-on workshops in applied cryptography, designed as a pedagogical progression from accessible foundations to advanced constructions.
The program below is preliminary. We are still confirming final details with speakers, and at least some sessions, titles, abstracts, or timings are likely to change before the event. Please check back closer to July 2026 for the finalized schedule.
For attendees arriving a day early, we are tentatively planning a full-day excursion on the Sunday before the conference opens. The details below are not yet confirmed — the final itinerary, operator, and pricing are still being worked out, and the trip will only go ahead with sufficient interest. We will share sign-up information and finalized logistics closer to the event. This activity is entirely optional.
A full-day group excursion showcasing highlights of Paphos and the wider island of Cyprus. The exact itinerary, operator, timing, and pricing are still being finalized and will be announced closer to the event. Depending on the route selected, specific travel-document or entry requirements may apply; we will communicate all such details — along with sign-up instructions — once the excursion is confirmed. Attendees with particular visa or travel-document situations are encouraged to reach out to the organizers in the meantime.
The “Crypto Wars” describe the enduring tension between government demands for access to encrypted data in the name of national security and the protection of privacy and civil liberties. This talk traces the history of these conflicts, from efforts to suppress cryptographic research and restrict secure communications (such as the Clipper Chip), to highprofile disputes over device access (Apple vs. FBI), and the deployment of commercial spyware (e.g., NSO Group).
More recently, attention has shifted to client-side scanning: filtering content on user devices before encryption or after decryption, ostensibly to detect child sexual abuse material (CSAM), but increasingly framed as a tool for counterterrorism and crime prevention. However, client-side scanning weakens endtoend encryption, is vulnerable to misuse, and lacks demonstrated effectiveness. Our recent research shows that perceptual hash techniques used to identify known CSAM have high false positive/negative rates and are invertible. Proposals to use AI to detect AIgenerated CSAM raise additional concerns about reliability and accountability.
In Spring 2025, the EU’s ProtectEU initiative launched a roadmap to explore “lawful access” technologies by late 2026, marking a new phase of the crypto wars. While encryption poses challenges for law enforcement, authorities already possess extensive surveillance capabilities and metadata access. Rather than undermining encryption, policy efforts should prioritize strong cybersecurity, transparency around surveillance practices, and an open societal debate on balancing security with fundamental rights.
Bart Preneel is full professor heading the COSIC research group at the KU Leuven. His expertise lies in applied cryptography, cybersecurity, and privacy. He has delivered over 150 invited talks across 50 countries and received the RSA Award for Excellence in Mathematics (2014) and the ESORICS Outstanding Research Award (2017). He served as president of IACR (International Association for Cryptologic Research) and is also a fellow of the IACR. In 2024 he was elected member of the Royal Academy of Art and Sciences Belgium. He frequently consults for industry and government about cybersecurity and privacy technologies and he has testified multiple times for the Belgian and European Parliaments. Prof. Preneel founded the mobile authentication startup nextAuth and holds roles in Approach Belgium, Tioga Capital Partners, and Nym Technologies. He is actively engaged in cybersecurity policy debates.
OrganicOS reframes organisational IT management as a cryptographer's problem — not "encrypt the disk," but eliminating implicit trust boundaries until what remains is verifiable and composable. OrganicOS manages devices, services, and infrastructure as a single declarative NixOS-based system where the deployed state is a content-addressed closure bound by a single cryptographic commitment, making everything reproducible and auditable from that commitment. This talk addresses three IT-lifecycle issues through that lens: system integrity (does the machine run what you approved?), data confidentiality (protection against stolen devices and compromised servers), and compliance (making security posture a system property rather than a document).
Marios Isaakidis is the Director of infotropic.tech, a privacy engineering and protocol design agency based in Limassol, Cyprus. He develops technologies, mechanisms, and policies that establish our freedoms in the Information Age.
Using the DKLs18/19 threshold ECDSA protocol vulnerability saga — involving SoftSpokenOT and KOS15 — as a case study, this talk examines how cryptographic agility and engineering practices fail in production environments. We present Bron-Crypto, an open-source MPC library that applies modern software engineering practices to make cryptographic implementations reusable, composable, and evolvable, distilling hard-won lessons from building, auditing, and shipping MPC systems at Coinbase, Copper.co, and Bron.
Alireza Rafiei is Director of Cryptography Engineering at Bron, previously Head of Cryptography Engineering at Copper.co and Applied Cryptographer at Coinbase. Mateusz Kramarczyk is a cryptography engineer at Bron focused on threshold cryptography and threshold signing protocols, previously at Copper.co.
Hands-on workshop providing a practical bridge between classical and post-quantum cryptography through guided implementation labs. Participants will explore elliptic-curve cryptography and lattice-based post-quantum constructions, with particular emphasis on RSA cryptanalysis using the LLL lattice reduction algorithm. Through practical attack scenarios, they will see how seemingly modest weaknesses—such as short secret exponents, partial key leakage, or related-message settings—can compromise RSA under structured lattice attacks. The session aims to build intuition for the dual importance of lattice methods: as powerful tools for attacking classical cryptosystems and as a core foundation of modern post-quantum cryptography.
Meryem Cherkaoui Semmouni is a Professor and researcher at Sidi Mohamed Ben Abdellah University in Morocco, with expertise in modern public-key cryptography. Her research explores elliptic-curve cryptography, lattice-based post-quantum cryptography, and lattice-reduction techniques for cryptanalysis, at the intersection of mathematical rigor and practical cybersecurity applications.
Functionally correct cryptographic code isn't enough — timing side-channels are where real vulnerabilities live. This lecture gives a ground-up, engineering-focused treatment of constant-time programming in C++. We cover the threat model, then dig into how compilers (GCC/Clang) silently introduce leakage through branch optimization, secret-dependent memory access, and undone constant-time idioms. The core of the talk walks through practical techniques — branchless selection, bitslicing, constant-time table lookups — illustrated with examples from production crypto libraries. We close with a survey of verification tools (Clang MSan, Valgrind, binsec, dudect) and their guarantees at different optimization levels.
Anjan Roy is an Applied Cryptography Engineer and PhD candidate at Radboud University, specializing in Ethereum scaling and high-performance software. He authors zero-dependency C++ and Rust libraries for NIST primitives (Ascon, ML-KEM, ML-DSA, Falcon), focusing on correct-by-construction, high-assurance cryptographic implementations optimized for diverse hardware targets, including accelerators such as GPU.
A comprehensive journey through Fully Homomorphic Encryption, from its theoretical foundations to real-world deployment challenges. This lecture explores how FHE enables computation on encrypted data without ever decrypting it, and examines the practical considerations, performance trade-offs, and engineering decisions involved in building FHE-based systems today.
Emad Heydari Beni is a researcher at Nokia Bell Labs & KU Leuven specializing in fully homomorphic encryption and its practical applications in privacy-preserving computation.
This beginner-friendly workshop explores how browsers can verify that the JavaScript they run is the same code a developer intended to ship, even though web apps are served dynamically and can be altered by a compromised server, CDN, or targeted attacker. Starting with a realistic code-swapping attack, participants build an intuitive understanding of web application integrity, test and break a naive approach, and then learn why cryptographic hashes are needed. They create a minimal Node.js site, generate a manifest of resource hashes, and see how a browser can detect tampering. The workshop then introduces transparency, showing why manifests must also be protected. Participants implement a simple append-only transparency log and connect it to browser-side verification, gaining a practical, hands-on understanding of the full WAICT model.
Anna Weine is a Staff Security Engineer at Mozilla, where she works at the intersection of cryptographic engineering and web platform security. Her contributions span RSA blinding, TLS Key Update, parts of the DTLS 1.3 protocol, and parts of the WebCrypto API implementation.
The Guardian launched Secure Messaging in June 2025, based on the CoverDrop research from Cambridge — a mobile-app-embedded system letting sources reach journalists anonymously. The current design supports one-source-to-one-journalist conversations, but we are extending it to group messaging so teams of journalists (plus read-only editors) can jointly manage sources. This talk covers CoverDrop's architecture, then presents our in-progress design using Messaging Layer Security (MLS), lessons learned integrating OpenMLS into an existing system, and how we authenticate messages by extending CoverDrop's existing PKI.
Zeke Hunter-Green is a Senior Software Engineer at The Guardian's Digital Investigations team, contributing to CoverDrop and the Guardian's SecureDrop fork. Co-author Daniel Hugenroth (not attending) is a computer security researcher at the University of Cambridge focusing on applied cryptography, secure protocols, and anonymous communication.
Key transparency systems—used in platforms like WhatsApp, iMessage, and Messanger—are widely deployed but have two primary drawbacks: they do not fully preserve user privacy, and more importantly, their auditing process is too resource-intensive for typical clients, so auditing is often outsourced to third parties. IronDict [Haf+26] and Aegon [Haf+26], introduce a new paradigm in the design of key transparency via polynomial commitments. These schemes introduce strong (zero-knowledge) privacy guarantees and significantly improve efficiency. In practice, this leads to much smaller and faster-to-verify audit proofs, making client-side auditing feasible while also supporting high update throughput.
Hossein Hafezi is a PhD student at the University of Cambridge (formerly at NYU), where he works on proof systems and their applications. His research focuses on designing new cryptographic primitives to improve the security of real-world systems.
This workshop is a primer on threshold signing technology—why and where it is relevant in practice, and how to construct it. The first component of the workshop is a seminar on the anatomy of deployed threshold signing protocols. We will begin with an overview of threshold cryptography techniques, and zoom in on threshold signing for ECDSA and EdDSA/Schnorr. We will cover ideas synthesized from a range of papers, as well as the “folklore” techniques. Next, we will have a hands-on laboratory session that introduces the nuts and bolts of deploying a threshold signing library in Rust. Through a series of exercises with a production-oriented stack around DKLs23 threshold ECDSA signing, participants will be exposed to real-world deployment challenges.
Iraklis Leontiadis is the Head Security Architect at Silence Laboratories, where he focuses on scalable applied cryptography systems. Previously worked at ZenGo, Anoma/Namada, Parfin, and Inpher. PhD from Telecom ParisTech/Eurecom, centered on secure private aggregation, and postdocs at the University of Arizona, NJIT, and EPFL. Yashvanth Kondi leads R&D at Silence Laboratories, in his role as the principal scientist. His background is in cryptographic protocol design, with a focus on multiparty computation (MPC) techniques applied to solve real-world problems. PhD from Northeastern University, and postdoc at Aarhus University before joining Silence.
Zero-Knowledge Proofs have evolved from theoretical curiosity into one of cryptography's most impactful tools, yet a significant gap persists: software engineers often lack the cryptographic foundations, while cryptographers may lack practical programming experience. This workshop bridges both gaps in a single structured session. Participants begin with foundational theory (completeness, soundness, and zero-knowledge) then narrow focus to SNARKs and practical use cases like ZK-rollups. The core hands-on portion guides participants through building their own SNARK-based application, developing intuition for arithmetic circuit design and how it differs from conventional programming. The session closes with best practices, common vulnerability patterns, and security considerations. No prior ZKP experience is assumed, just basic familiarity with either cryptography or programming.
Tarek Galal is a software engineer and researcher in applied cryptography. His works includes designing privacy preserving cryptographic protocols, implementing cryptographic libraries, and building decentralized applications utilizing zk-SNARKs. He has also taught multiple cryptography classes including hands-on workshops on building with zero-knowledge proofs.
This lecture compares three major post-quantum cryptography families—lattices, isogenies, and codes—not just as standardization candidates, but as distinct design frameworks. It highlights how each offers different tradeoffs in efficiency, structure, and supported primitives. Lattice-based cryptography leads in practical deployment, versatility, and advanced applications. Isogeny-based cryptography, despite recent setbacks, remains mathematically rich, compact, and conceptually distinctive. Code-based cryptography provides a mature, durable alternative and adds diversity to post-quantum assumptions. Through selected case studies, the talk shows that post-quantum cryptography is not only about replacing classical systems, but about exploring a broader design space shaped by different hardness assumptions and cryptographic goals.
Maher Mamah is a PhD candidate in cryptography at the University of Waterloo under David Jao. His research focuses on isogeny- and lattice-based cryptography, especially post-quantum signature schemes, cryptanalysis, and security analysis, with broader interests in quantum computing, hardness assumptions, and algebraic cryptographic methods.
A deep dive into hardware implementation of the Hamming Quasi-Cyclic (HQC) algorithm, one of NIST's 2025 post-quantum standards. This lecture begins with HQC's selection and its algorithmic core, profiles its computational bottlenecks, and then presents a state-of-the-art hardware implementation and compares it against software and hardware–software co-design alternatives. It closes with what is, to our knowledge, the only existing power side-channel attack on an HQC hardware implementation and the countermeasures it motivates. Attendees leave equipped to reason about performance, resource, and security trade-offs when designing or evaluating post-quantum cryptographic hardware.
Sanjay Deshpande is a Postdoctoral Scholar at Northwestern University, specializing in efficient and secure post-quantum cryptography implementations. He earned his Ph.D. in Electrical Engineering from Yale University and has held research positions at Microsoft Research, SandboxAQ, and the Technology Innovation Institute. His work appears in leading venues including IACR CHES, SAC, ACM TECS, and IEEE HOST.
The Taler protocol suite provides online digital payments that preserve buyer anonymity while guaranteeing seller taxability and regulatory compliance. This lecture walks through the essential protocol flows — coin withdrawal, purchase, deposit, and refresh — and standard cryptographic building blocks that make them work: blind signatures (RSA and Schnorr), hash functions, HKDFs, zero-knowledge cut-and-choose proofs, EC signature schemes and ECDH used in unusual ways, up to recent work on making Taler post-quantum ready. It is both an introduction to Taler and a worked example of how cryptographic primitives compose to solve real privacy challenges in digital payment.
Özgür Kesim is a member of the GNU Taler development team and a PhD candidate at FU Berlin, working on privacy-preserving extensions to Taler under Christian Grothoff (BFH Bern) and Matthias Wählisch (TU Dresden). He has also worked in software security and code auditing for over 25 years.
SNARKs are now widely used for blockchain scaling and privacy-preserving applications. Hash-based SNARKs are especially attractive because they offer fast proving, avoid trusted setup, and remain secure against quantum attacks. In this workshop, we will implement two interactive oracle commitment schemes (IOCSs), key components of these systems. We will start with a version of Brakedown, which has strong prover efficiency but large proofs, and use it to build core tools such as sumcheck and Reed–Solomon-based interleaved encoding. We will then reuse those ideas to construct WHIR, a leading IOCS used in systems like Ethereum’s post-quantum signature aggregation proposal and World’s proof-of-personhood protocol. Finally, using arkworks’ Spongefish library, we will compile, secure, and optimize these protocols for practical, reliable real-world deployment today.
Giacomo Fenzi is a PhD student in EPFL’s COMPSEC lab whose research spans cryptography and theoretical computer science, especially proof systems and post-quantum succinct arguments. His work includes STIR, WHIR and other efficient protocols, and he serves as a judge for the 1M$ Proximity Prize for coding theory.
Where ancient history meets Mediterranean beauty
Cedarcrypt will be hosted at the American University of Beirut's Mediterraneo campus in Paphos. This UNESCO World Heritage city offers a unique backdrop for focused learning: crystal-clear waters, ancient ruins, and a vibrant culinary scene.
Paphos combines world-class beaches with a rich cultural heritage dating back thousands of years. Explore the stunning Tombs of the Kings, wander through the picturesque harbor, or relax at a seaside taverna as the sun sets over the Mediterranean.
Direct flights to Paphos International Airport (PFO) from major European cities. The campus is just 15 minutes away.
On-campus housing and a variety of beachfront hotels and charming guesthouses nearby.
Sunny skies and warm Mediterranean temperatures around 30°C. Don't forget your swimsuit!
Everything you need to plan your trip to Paphos for Cedarcrypt 2026.
Lebanese citizens require a Cyprus visa to attend Cedarcrypt 2026. Processing through the Cypriot Embassy in Beirut routinely takes six to eight weeks or longer, and appointment slots are limited. We strongly urge all Lebanese attendees — especially scholarship recipients — to begin their visa application immediately upon confirming attendance. Please do not wait until closer to the event.
Visa rules can change. Please always verify current requirements on the Republic of Cyprus government portal and with the nearest Cypriot diplomatic mission before traveling.
Cedarcrypt can provide an official invitation letter to support your visa application. Please include your full name (as on your passport), passport number and expiry date, your academic or professional affiliation, pursued degree, and your planned travel-in and travel-out dates. We can only issue you a visa letter if you have already registered for the conference.
Request Visa LetterThe closest airport to the venue, just 15 minutes by car. Direct flights are available from many European cities including London, Athens, and several other destinations. This is the most convenient option for reaching the AUB Mediterraneo campus.
Cyprus’s main international airport with the widest selection of flights and airlines. Larnaca sits roughly 150 km from Paphos, a 1.5–2 hour transfer along the A5/A6 motorway. Because the ride is long, we strongly recommend pre-booking a private transfer in advance rather than relying on the airport taxi rank — especially for late-night arrivals or anyone traveling with luggage. See the list of vetted transfer services below.
The drive from Larnaca Airport (LCA) to Paphos is roughly 150 km and takes 1.5–2 hours along the motorway. We strongly recommend arranging a private transfer in advance: it is almost always cheaper and more reliable than walking up to the airport taxi rank, and gives you a fixed fare in writing before you land. The services below all offer English-speaking drivers, licensed air-conditioned vehicles, and flight tracking. Cedarcrypt is not affiliated with any of them; this list is provided purely for attendee convenience.
Cyprus-wide transfer company with a fully online booking system, live flight tracking, and a licensed air-conditioned fleet sized for everything from solo travelers to groups of fifty. Drivers have 20+ years of local experience, and the quoted price is final — no hidden charges after confirmation. Baby and booster seats available on request; both one-way and round-trip bookings supported.
Family-run taxi and transport company based in Paphos, operating since 1980. Fleet of 18 vehicles including Mercedes E-Class sedans (up to 4 passengers), Viano and V-Class vans (up to 6), and Sprinter minibuses (up to 25) suitable for larger groups arriving together. Fixed fares for airport transfers, English-speaking drivers, and hourly or daily hire available for sightseeing while in Cyprus.
Paphos-based destination management company (DMC) offering private airport transfers alongside excursions, guided tours, and bespoke itineraries across Cyprus. A good option if you want to pair your Larnaca transfer with a tour of Paphos or the wider island while you’re here. Transfer bookings are made by email or phone; office hours are Monday–Friday, 08:30–18:00.
Boutique Mediterranean hotel on Poseidonos Avenue emphasizing Cypriot craftsmanship and authentic hospitality, with locally sourced amenities and multiple dining venues.
Family-friendly resort complex in a quiet tourist area with comprehensive amenities, multiple pools, entertainment facilities, and all-inclusive dining options.
Iconic five-star luxury hotel on the Paphos seafront with award-winning restaurants, lush tropical gardens, and a full-service spa.
Upscale beachfront resort with multiple gourmet restaurants, a world-class spa, and extensive leisure facilities on landscaped grounds overlooking the Mediterranean.
Making Cedarcrypt accessible to students and early-career researchers.
Thanks to the generosity of our sponsors, we currently have enough funds to offer full scholarships to students wishing to attend Cedarcrypt 2026. Scholarships cover travel and lodging — including on-campus accommodation at AUB Mediterraneo's student dorms — so that financial constraints do not prevent talented students from participating.
We especially encourage applications from graduate students and early-career researchers in cryptography, computer science, and related fields. Scholarships are awarded on a rolling basis until funds are exhausted.
Submission deadline: May 10, 2026.
Apply for a ScholarshipThe team behind Cedarcrypt 2026.
General Chair
General Chair
Program Chair
Program Chair
Workshop Chair
Web Secretary
Sponsorship Secretary
Ethics Officer
Ma Fi 7ada 2addo
Our sponsors help fund student scholarships, making Cedarcrypt accessible to early-career researchers from around the world.
The American University of Beirut's Paphos campus serves as the host venue for Cedarcrypt 2026, providing world-class facilities and a vibrant academic setting on the Mediterranean coast.
Cure53 is a Berlin-based cybersecurity firm renowned for its in-depth penetration testing, source code audits, and cryptographic reviews of widely-used open-source and commercial software. Cure53 is generously sponsoring Cedarcrypt with full scholarships for seven students to attend from Lebanon.
A leading consultancy that provides technical and business consulting in cryptography and based in Cyprus, where Cedarcrypt is being hosted, Electi is generously sponsoring Cedarcrypt with full scholarships for three students to attend from Lebanon.
PQShield specializes in real-world, post-quantum hardware and software upgrades, helping companies and institutions modernize their vital security systems. PQShield is generously sponsoring Cedarcrypt with full scholarships for three students to attend from Lebanon.
Symbolic Software contributes formal verification and cryptographic protocol analysis expertise, and is the core founding and organizing force behind Cedarcrypt.
Zama is an open-source cryptography company building state-of-the-art fully homomorphic encryption solutions for blockchain and AI, generously sponsoring Cedarcrypt with full scholarships for five students to attend from Lebanon.
We are also grateful to several generous anonymous donors who have contributed substantially to making Cedarcrypt possible and helping us support student attendance.
Interested in supporting the next generation of cryptography researchers?
Become a SponsorJoin us for four days of applied cryptography in the Mediterranean.
July 13–16, 2026
AUB Mediterraneo, Cyprus
July 5, 2026
