Post-Snowden Cryptography

Brussels, December 9 & 10, 2015

Since June 2013 the world, and in particular the security world, has been shaken by the Snowden revelations. Bullrun is a programme by the NSA which includes as part of the Sigint Enabling Project to "Insert vulnerabilities into commercial encryption systems", to "influence policies, standards and specification for commercial public key technologies" and to "shape the worldwide commercial cryptography marketplace to make it more tractable to advanced cryptanalytic capabilities being developed by NSA/CSS". These are strong threats against cryptography in general and in particular against cryptography developed outside the US.

Most companies and agencies around the world follow the lead of the US-American NIST (National Institute for Standards and Technology) in recommendations for cryptosystems and protocols. These decisions need to be reconsidered in light of the revelations. It is of high urgency to review all current standards (and procedures of how they are made) to weed out weak crypto intentionally (or unintentionally) inserted, such as the Dual EC random number generator. The December 2014 revelations of targeted attacks, including targeted hardware manipulations, open interesting research questions about how to secure a system which contains malicious components and how to detect their use.

This workshop is looking for an analysis of the situation after the Snowden revelations, and solutions for the future of cryptography and security.


The following speakers have accepted:


Videos are posted at


The event will start on December 9 in the afternoon and end late afternoon on December 10. More precisely, registration will open at 14:00 on the 9th, with the first talk starting at 15:00. On the 10th, the first talk starts at 09:30 and we'll have coffee and registration open before then.


14:00 Registration opens
15:00 Joanna Rutkowska, Qubes OS: towards reasonably secure & trustworthy personal computingslides
15:45 Kenny Paterson, Countering Cryptographic Subversionslides
16:30 coffee
17:00 Phil Zimmermann, End-to-End-Secure Communication Under Siege
17:45 Jon A. Solworth, Networking in the Ethos Operating Systemslides
18:30 End of day one
19:30 Dinner at la Manufacture


09:00 Coffee and registration
09:30 Christopher Soghoian, Don't forget about Little Brother
10:15 Claudia Diaz, Website fingerprinting on Tor: attacks and defencesslides
11:00 coffee
11:30 Ian Goldberg, DP5: Privacy-preserving Presence Protocolsslides
12:15 Christian Grothoff, The Architecture of the GNUnet: 45 Subsystems in 45 Minutesslides
13:00 lunch
14:30 Jacob Appelbaum, (Straw) Man in the Middle: A Modest Post-Snowden Proposalslides
15:15 Nathan Freitas, Lessons from Five Years of Building Free, Open-Source, Secure Apps on Androidlinks (text file)
16:00 Formal adjournment followed by coffee and informal discussions


Registration is now closed.

The early registration fee is 150 EUR, covering all talks, dinner on the 9th, a welcome coffee in the morning of the 10th, lunch on the 10th, and 3 coffee breaks. The deadline for early registration will be on December 1, 2015. Registrations after December 1 cost 190 EUR.

The bank details appear on the registration site and on the confirmation email. For completeness, here are all details. Please use 323120-1003285-$your-last-name as the subject/purpose of the transfer. Else we cannot trace the transfer.

Please contact us if you really have problems paying the registration fee.


The workshop will take place in the Klimt room at Crowne Plaza Brussels (Crowne Plaza Brussels - Le Palace, Rue Gineste 3, Brussels 1210, Belgium). The hotel is between the "Rogier" and the "Kruidtuin/Botanique" metro stations and close to the northern train station "Brussel Noord/Bruxelles Nord".

Getting around in Brussels is easiest done by metro. You can buy paper tickets with magnetic strips for a daypass or single rides at vending machines in the stations or buy a "MOBIB basic" chip card at kiosks in the stations or at vending machines labeled "GO" in the stations. Note that either type of vending machine takes only coins and cards but not bank notes and that bank and credit cards need to have a chip in order to work.

Brussels is very easily reachable by train from France (Thalys), Germany (Thalys or ICE), Luxembourg (IC train), and the Netherlands (Thalys or IC). The Thalys trains stop only in the south station "Brussel Zuid/Bruxelles Midi"; ICs and ICEs stop also in "Centraal/Centre" and the northern station "Brussel Noord/Bruxelles Nord".

Brussels has an international airport (BRU) with good train connections to the city; the north station is the first Brussels stop when coming from the airport. The Brussels South Charleroi Airport(CRL), mostly served by Ryanair, is 46km away from Brussels and requires taking a bus or taxi (possibly followed by a train).

If you come by car, there is a public car parking called "Interparking Roger" nearby. It costs approximately EUR 15,00 per 24 hours.


We have a block reservation at the conference hotel, the prices include VAT, city tax (7.50 EUR per room per night), American breakfast, and wifi. The city tax is not included and is 7.50 EUR. Some rooms are guaranteed till Nov 18, in general this is on a first-come first-serve basis.

  • Dec 8 to Dec 9: 167.50 EUR (single)/182.50 EUR (double)
  • Dec 9 to Dec 10 and Dec 10 to Dec 11: 147.50 EUR (single)/162.50 EUR (double)

To get this rate, please fill out this form and send it to the hotel. If you do not want to put your credit card information in there, please call them and mention the details from the form. Sorry, this is the best we could get.

There are plenty of other hotels around in that area.


For general matters: Anita Klooster secdm (at),
for technical matters: Tanja Lange tanja (at)

Last modified: 2016.01.07