We have great expectations toward cryptography. We want it to keep our communications confidential and ensure that our digital signatures are unique and authentic. And - there are more exotic cryptographic technologies on the horizon for preserving privacy and running remote elections.
In all these cases, we must know that cryptography is reliable. Many factors contribute to making a cryptographic scheme legitimate – peer reviews by the research community, formal proofs, formally verified implementations, and rigorous testing, among others. Certification of a cryptographic implementation combines some or all of these measures in a systematic way. In many countries and domains, certification is mandatory before an implementation can be adopted in a production setting.
However, certification has its challenges. Firstly, certifying an implementation of a cryptographic scheme can be expensive. Secondly, certification does not guarantee security. Thirdly, certification schemes are not available or mandated for all cryptographic applications, making their application uneven.
In 2025, the Cyber-Security Excellence Hub in Estonia and South Moravia (Horizon Europe CHESS project), the Estonian Academy of Sciences, the Estonian Information System Authority (RIA), and Cybernetica invite you to the Future Cryptography Conference, focused on reliable cryptography – how to create it, identify it and ask for it.
Dan Bogdanov
Chief Scientific Officer of Cybernetica, Head of the Standing Committee on Cybersecurity of the Estonian Academy of Sciences
TIMETABLE 21.05.2025
9:30
Registration opens
10:00
Opening words
Mart Saarma (President of the Estonian Academy of Sciences)
10:05
Why should cryptographers care about certification?
Dan Bogdanov (Cybernetica/Estonian Academy of Sciences)
10:10
How will Europe certify innovative cryptographic systems?
Eric Vétillard (ENISA)
10:40
Developing security targets for novel cryptography
Václav Matyáš (Masaryk University)
11:10
Coffee break
11:30
Will the European Union certify my Bluetooth toothbrush?
Miguel Bañon (ISO/IEC JTC 1/SC 27/WG 3)
12:00
What does a country need to build a cryptography certification ecosystem?
Kristjan Krips (Cybernetica)
12:30
Lunch
13:15
Formal methods - fun for academics or a realistic tool for industry and governments?
Andreas Hülsing (Eindhoven University of Technology)
13:45
Breaking the Estonian ID card revisited: tools and methods for security assessment"
Petr Švenda (Masaryk University)
14:15
Coffee break
14:45
European collaboration on cryptography evaluation
15:15
Speaker TBD
15:35
Closing words
Dan Bogdanov (Cybernetica/Estonian Academy of Sciences)
15:40
Networking
21.05.2025 at Estonian Academy of Sciences
MEET THE SPEAKERS
Dr. Dan Bogdanov met his first significant security and privacy challenges while working on the data collection systems of the Estonian Genome Center.
Read more
This inspired him to start researching cryptographic solutions for privacy problems. He is the inventor of Sharemind, a secure multi-party computation system for collecting, sharing and processing private data. Sharemind is a new kind of computer that can perform analytics and AI workloads without seeing the individual values. This achieves beyond-the-state-of-the-art Data Protection by Design, as has been demonstrated in various applications in the tax, education, healthcare and financial domains. Dr. Bogdanov leads Cybernetica’s Information Security Research Institute and is the Head of the Standing Committee on Cybersecurity at the Estonian Academy of Sciences. He leads a research team that works on international cybersecurity research projects with the US DARPA, US Office of Naval Research, European Defence Fund and Horizon Europe. He is the co-author of the ISO/IEC 29101 standard on the architecture of privacy-preserving systems and the ISO/IEC 19592 standard on secret sharing.
Andreas Hülsing is an associate professor leading the Applied and Provable Security (APS) group at Eindhoven University of Technology (TU/e) as well as a principal research scientist at SandboxAQ.
Read more
He and his research group are currently supported by NWO under the Vidi grant “A solid theory for post-quantum cryptography”. Besides, he is collaborating in the Formosa project to produce machine-checked proofs for high-assurance cryptographic software. His research focuses on post-quantum cryptography – cryptography that resists quantum computer-aided attacks. His works range from theoretical works, like how to model quantum attacks or formal security arguments in post-quantum security models, to applied works, like the analysis of side-channel attacks or the development of efficient hash-based signature schemes. In many of his works he tries to combine the theoretical and the applied perspective. This is especially reflected in his work on standardizing post-quantum cryptography.
Kristjan Krips is a seasoned information security expert with extensive experience in both academia and industry.
Read more
During his PhD studies, he focused on the security aspects of e-voting. He currently works as a Security Engineer at Cybernetica AS. Beyond his industry role, he contributes to academia as a lecturer in information security at the University of Tartu and serves as a member of the Cyber Security Committee at the Estonian Academy of Sciences.
Miguel Bañón founded in 2006 Epoche & Espri, a successful Common Criteria and FIPS 140-2 security evaluation and testing laboratory.
Read more
In October 2017 Epoche & Espri became part of DEKRA, one of the top 4 players in the testing, inspection, and certification industry worldwide. Miguel is the current Convenor of ISO/IEC JTC 1/SC 27/WG 3, CEN/CLC TC 13/WG 3 and WG 10, and member of the Management Board of the CCUF.
Petr Švenda is a security researcher and teacher at Masaryk University, Czech Republic.
Read more
His research interests revolve around applied cryptography and the analysis of cryptographic hardware, both from its usage as well as attack direction. He first touched the domain of security certifications while working on the side-channel analysis of cryptographic devices for the Czech National Cyber and Security Agency and has kept his passion for cryptographic smartcards ever since. In 2017, he co-discovered and responsibly disclosed the RSA key generation flaw in Infineon cryptographic chips affecting 1-2 billion devices worldwide, including those used in Estonian eIDs (CVE-2017-15361, ROCA). This discovery led him to further explore the complexities of the certification process.
Václav (Vashek) Matyáš is a Professor at Masaryk University, Brno, heading its Centre for Research on Cryptography and Security.
Read more
His research interests relate to applied cryptography and security; he has published over 200 peer-reviewed papers and articles. He worked also with Red Hat Czech, CyLab at Carnegie Mellon University, as a Fulbright-Masaryk Visiting Scholar at Harvard University, Microsoft Research Cambridge, University College Dublin, Ubilab at UBS AG, and as a Royal Society Postdoctoral Fellow with the Cambridge University Computer Lab. Vashek also worked on the Common Criteria and in ISO/IEC JTC1 SC27. He can be contacted at matyas@fi.muni.cz.
The conference is supported by the Cyber-security Excellence Hub in Estonia and South Moravia (CHESS) and funded by the European Union under Grant Agreement No. 101087529.
