6 talks from MPI-SP scientists at the 2026 Real World Crypto Symposium

The Real World Crypto Symposium took place this week in Taipei. Our institute was represented with 6 talks highlighting how our cryptography research is implemented into real-world systems.

Signal Lost (Integrity): The Signal App is More than the Sum of its Protocols

Signal is one of the most popular encrypted messaging platforms used by millions of people. Researchers at MPI-SP and ETH Zurich tested the security of the Signal app by challenging the integrity of conversations. The researchers discovered two vulnerabilities not in the secure protocols the app uses, but in how they are integrated together in the app. By exploiting these vulnerabilities, the scientists showed how a malicious server can inject messages into the encrypted conversation between two honest users without those users being aware of the messages' inauthenticity. This security flaw has been reported in accordance with responsible disclosure guidelines, and the vulnerability has been neutralized in the Signal app.

Formosa Crypto: End-to-end formally verified crypto software

Formosa crypto is a research ecosystem that aims to build highly secure cryptography systems. Scientists and developers from around the world collaborate to develop cryptographic software that is supported by computer-verified proofs of security and correctness. At RWC 2026, this toolchain for end-to-end formally verified crypto software was presented. This toolchain has been successfully applied to ML-KEM, a standardized, quantum-resistant key-agreement scheme that was also co-developed at MPI-SP and is now widely deployed online. The resulting software is currently being deployed in the infrastructure of the Signal secure messenger.

Formally Verifying Circuits for Zero Knowledge Proofs

Zero Knowledge Proofs are a secure way to prove a statement without revealing unnecessary information. In the context of the European Digital Identity Regulation (EUDI), Zero Knowledge Proofs are a key tool to preserve the privacy of the user. For example, if a user needs to verify their age, a Zero Knowledge Proof will confirm they are over 18 without revealing their date of birth or any other personal information. At RWC 2026, the authors from MPI-SP, Georgia Tech, and Veridise presented the recent progress on automated formal verification of this method and the bugs it revealed.

Migrating a Silicon Root of Trust to Post-Quantum Crypto

Integrating quantum-resistant cryptographic schemes in hardware is imperative for the security of data in the upcoming quantum era. The journey to integrating the ML-KEM and ML-DSA quantum-resistant cryptographic schemes into an open-source Asymmetric Cryptographic Co-processor was presented at RWC 2026. The authors emphasized the multi-year effort and close collaboration between academia and industry to overcome the challenges posed by memory and performance requirements. For more details on the project, check out this recent blog post.

Real-World Steganography Against Content-Based Censorship in Modern Chat Applications

Chat applications are sometimes subject to content censorship: messages containing “sensitive” words are filtered and deleted without the user’s consent. A way to circumvent this kind of censorship is to use steganography, a technique to hide information in seemingly normal messages . At RWC 2026, MPI-SP scientists presented Oolong, a protocol that allows bypassing sensitive word filtering by hiding messages inside instant messaging conversations, either by encoding them into inconspicuous text using Large Language Models or by using a series of pre-selected images. They showed the effectiveness of the method using real-world conversation data from Telegram.

End-to-End Encrypted Collaborative Documents

Services like Google Docs or Microsoft 365 are widely used for collaborating on writing and editing shared documents. In many cases, such documents include sensitive information and data that users might not want to entrust cloud providers with. Scientists from MPI-SP and EPFL presented at RWC 2026 a new way to enable End-to-End Encrypted Collaboration using existing secure communication channels. The scientists implemented a prototype over the Signal encrypted messaging app, creating a secure way to send, edit, and share sensitive documents efficiently for those who constantly work with confidential information, such as investigative journalists.