Conference Agenda 2026

Salon 1-3

Implementations (U12)

Selected Topics

Moderator: Neil Horman, Software Engineer, OpenSSL Corp., United States

13:00 Fast, Formal, FIPS — Cryptographic Implementations in AWS-LC (U12a) Dusan Kostic, Senior Applied Scientist, Amazon Web Services (AWS), United States

13:30 Understanding Formal Verification: Lessons from Verifying Post-Quantum-Secure Implementations (U12b) Nicky Mouha, Cryptography and Security Expert, KeyCryptic, United States

14:00 Challenges with Entropy Sources in Diverse and Distributed Computing Platforms (U12c) Torben Hansen, Applied Scientist, Amazon Web Services (AWS), United States

14:30 CBOMs and SBOMs (U12d) Jade Stewart, NIAP Portfolio Manager, National Information Assurance Partnership (NIAP), United States; Joachim Vandersmissen, IT Security Consultant, atsec information security corporation, United States

Studio D

Certification (C12)

CMVP Outlook

Moderator: Jonathan Smith, Senior FIPS Tester, Dekra

13:00 Automation of CMVP Project Update Panel (C12a) Leader: Chris Celi, CAVP Program Manager, ESV Project Lead, ACMVP Project Lead, National Institute of Standards and Technology (NIST), United States Panelists: Shawn Geddis, Co-Founder and Chief Technology Officer, Katalyst LLC, United States; Andrew Karcher, Software Engineer, Cisco, United States; Courtney Maatta, Senior Customer Solutions Manager, AWS, United States; Stephan Mueller, Principal Consultant, atsec information security corporation, United States; Apostol Vassilev, Research Supervisor, National Institute of Standards and Technology (NIST), United States [60 MIN]

14:00 ACMVP Adoption Roadmap (C12c) Chris Celi, CAVP Program Manager, ESV Project Lead, ACMVP Project Lead, National Institute of Standards and Technology (NIST), United States

14:30 Modernized AWS Infrastructure for ACMVP (C12d) Douglas Boldt, Senior Solutions Architect, AWS, US Federal WWPS – Federal Civilian, US Dept of Commerce, United States; Raoul Gabiam, Principal Cloud and Cybersecurity Engineer, MITRE, United States; Phillip Millwee, Lead Cloud Engineering, The MITRE Corporation; Kyle Vitale, Senior Cyber Security Engineer, The MITRE Corporation

Studio E

Embedded/IoT (E12)

Selected Topics

Moderator: Nithya Rachamadugu, VP Cybersecurity Certification, DEKRA, United States

13:00 Full Linux FIPS 140-3 Via Wolfcrypt on Yocto Linux (E12a) Anthony Hu, Senior Software Developer, wolfSSL, Canada

13:30 Bridging IoT Security and Post-Quantum Cryptography: Requirements, Limitations, and Solutions (E12b) Merve Hatice Karatas, Consultant/Lead Assessor/Lecturer, Turkey

14:00 When AI Leaves the Cloud: Trust, Attestation, and Provenance for Edge and Iot Deployed Models (E12c) Loren Shade, Vice President of Marketing, Allegro Software, United States

14:30 From Glitches to Leaks: Tools for Assessing AI Hardware Resilience (E12d) Panasayya Yalla, Principal Security Analyst, Keysight Riscure Security Solutions, Unites States

PQ Technology (Q13)

Vulnerabilities?

Moderator: James Goodman, CTO, Crypto4A Technologies, Canada

15:30 Hardware Side-Channel Challenges in Post-Quantum Cryptography: Lessons from the Open Source PQC (Q13a) Reza Azarderakhsh, Florida Atlantic University And PQSecure, United States

16:00 Hunting for SCA/FI Vulnerabilities: A Red Team’s Guide to PQC Security (Q13b) Praveen Kumar Vadnala, Principal Product Security Analyst, PQShield, Netherlands

16:30 Quantum-Safe Silicon: Co-Engineering Safe & Secure PQC for AI-Driven Vehicles (Q13c) Pav C Suriyanarayanan, Governance & Compliance (Certification) Lead, SecurityIP, Synopsys, United States

Certification (C13)

Modernization & Efficiency

Moderator: Juan Gonzalez, Laboratory Director, Teron Labs, Australia

15:30 Modernization Application Developed for Certification (C13a) Kyle Vitale, Senior Cyber Security Engineer, The MITRE Corporation

16:00 Threshold Cryptography: Insights Beyond the NIST Threshold Call (C13b) Luís Brandão, Strativia, United States

16:30 An Efficient Approach to Level 1 Service Delivery Modules (C13c) David Hawes, NIST CMVP Program Manager, National Institute Of Standards And Technology (NIST), United States

OS Crypto (S13)

Selected Topics

Moderator: Nithya Rachamadugu, VP Cybersecurity Certification, DEKRA, United States

15:30 OpenSSL Roadmap (S13a) Tim Hudson, President, OpenSSL Corporation, United States

16:00 The Bouncy Castle Java FIPS Project: A Look at the Past and the Future (S13b) David Hook, Software Engineer, Legion Of The Bouncy Castle/Keyfactor, Australia

16:30 Certifiable Deferred Execution of FIPS Conditional Self-Tests (S13c) Simo Sorce, Distinguished Engineer, Red Hat, United States

Salon 1-3

PQ Technology (Q20)

In Practice

Moderator: James Goodman, CTO, Crypto4A Technologies, Canada

09:00 NIST Post-Quantum Cryptography: Status, Transition Guidance, and Next Steps (Q20a) Dustin Moody, Supervisory Mathematician, National Institute Of Standards And Technology (NIST), United States

09:30 Silithium: a Compact, FIPS-Friendly, Hybrid Signature (Q20b) Morgane Guerreau, Solutions Engineer, PQShield, France

10:00 LATTE: High-Performance Lattice-Based Post-Quantum Crypto Engine (Q20c) Nazanin Takbiri, Principal Security Silicon Architect, Microsoft, United States

Studio D

Certification (C20)

CMUF Working Group Updates

Moderator: Alicia Squires, FIPS Security Industry Principal, Amazon Web Services (AWS), United States

09:00 CMUF WG Updates #1 – RFG, IG 9.5.A (C20a) Trish Wolff, Security Research Engineer, Cisco, United States; Steve Weymann, Co-Founder, KeyPair Consulting Inc., United States

09:30 CMUF WG Updates #2 – Entropy, Single Chip (C20b) Lisa Rabe, Security Research Engineer, Cisco, United States; Marc Ireland, Sr. Principal Security Certification Expert, NXP Semiconductors, United States

10:00 CMUF WG Updates #3 – Physical Security, Security Policy (C20c) Renaudt Nunez, Senior IT Security Consultant, atsec information security corporation, United States; Chris Brych, Senior Principal Security Analyst, Oracle, United States

Studio E

RBGs (N20)

SP800-90 Topics

Moderator: Loren Shade, Vice President of Marketing, Allegro Software, United States

09:00 SP800-90C Where Do I Need Full Entropy?? (or Avoiding Headaches for Module Vendors) (N20a) Simon Rix, FIPS Lab Manager, Intertek EWA-Canada, Canada

09:30 Limitations on SP 800-90C External Conditioners and How to Overcome Them (N20b) Joshua Hill, Information Security Scientist, KeyPair Consulting, United States

10:00 Navigating Implementation Hurdles with SP-800-90 Series Updates (N20c) Jacob Maynard, Director of Engineering, SafeLogic, United States

PQ Technology (Q21)

Open, Security, Safety

Moderator: Tomáš Mráz, Chief Technology Officer, OpenSSL Foundation

11:00 PQC in the OpenSSL Library (Q21a) Tomas Vavra, Engineering Manager, OpenSSL Corporation, Czechia

11:30 Is Time Quantum-Safe? A Practical Evaluation of Secure Time Protocols (Q21b) Basil Hess, Senior Research Engineer, IBM Research Europe, Switzerland

12:00 Towards a Provably Secure State Management (Q21c) Volker Krummel, Chapter-Lead PQC, Utimaco, Germany

Certification (C21)

NIST & NIAP Updates

Moderator: Shawn Geddis, Co-Founder and Chief Technology Officer, Katalyst LLC, United States

11:00 CAVP Update (C21a) Ben Livelsberger, ACVTS Technical Lead, National Institute Of Standards And Technology (NIST), United States

11:30 ESV Update (C21b) Chris Celi, CAVP, ESV and NCCoE manager, National Institute Of Standards And Technology (NIST), United States

12:00 NIAP Update (C21c) Jade Stewart, NIAP Portfolio Manager, National Information Assurance Partnership (NIAP), United States

RBGs (N21)

Selected Topics

Moderator: Yi Mao, CEO and Managing Director, atsec information security corp, United States

11:00 Random Presentation Generator: A Randomly Generated Show About Entropy (N21a) Seamus Mulready, Cryptographic Security Tester, Lightship Security, Canada; Brent Hyde, Senior FIPS Tester, Lightship Securit, United States

11:30  NIST Update on SP 800-90A (DRBGs) (N21b) John Kelsey, Computer Scientist, National Institute Of Standards And Technology (NIST) and COSIC/KU Leuven, United States

12:00 How to Finagle a Decimation Testing Pass (N21c) Yvonne Cliff, Senior Research Engineer, Teron Labs, Australia

PQ Technology (Q22)

Selected Topics

Moderator: Loren Shade, Vice President of Marketing, Allegro Software, United States

13:30 Making Stateful Hash-Based Signatures Usable: Revising SP 800-208 (Q22a) John Kelsey, Computer Scientist, National Institute Of Standards And Technology (NIST) And COSIC/KU Leuven, United States

14:00 Post-Quantum Authentication Protocols for PIV Cards (Q22b) Emmanuelle Dottax, Cryptography and Security Architect, IDEMIA ST, France

14:30 Adams Bridge ML-KEM Integration for Post-Quantum OCP LOCK in Caliptra (Q22c) Mojtaba Bisheh-Niasar, Senior Security Engineer, Microsoft, United States; Jeff Andersen, Senior Staff Software Engineer, Google

Certification (C22)

Related Standards & Activities

Moderator: Marc Ireland, Sr. Principal Security Certification Expert, NXP Semiconductors, United States

13:30 Navigating the EU Cyber Resilience Act: Can FIPS 140 Support Compliance? (C22a) Graham Costa, Security and Certifications Manager, Thales, United Kingdom

14:00 CMVP Impacts on DoD’s New Cybersecurity Maturity Model Certification (CMMC) Program (C22b) Matthew Titcombe, President, Peak InfoSec, United States

14:30 ISO/IEC 19790 in Practice: Real-World Lessons from Turkiye’s First Crypto Module Test (C22c) Yasir Emre Bulut, Director of OKTEM Laboratory, TUBITAK, Turkey

Crypto Tech (G22)

Standards & Application

Moderator: Simo Sorce, Distinguished Engineer, Red Hat, United States

13:30 The Implementation Gap: FIPS 140-3 Compliance for Python, Go, and Rust and Multi Language Architectures (G22a) Pavan Reddy, Principal Software Engineer, AutomataSecure, United States

14:00 PKCS #11 Update (G22b) Robert Relyea, Prinicple Programmer, Red Hat, United States

14:30 Advances in NIST Symmetric-Key Standards: Ascon, Accordion, and Beyond (G22c) Meltem Sonmez Turan, Supervisory Mathematician, National Institute Of Standards And Technology (NIST), United States

PQ Technology (Q23)

Embedded & Constrained

Moderator: Yi Mao, CEO and Managing Director, atsec information security corp, United States

15:30 Enabling Crypto-Agility: Lightweight Hybrid Post-Quantum Architectures for Constrained Devices (Q23a) Yash Vasani, Security Engineer II, Intertek

16:00 Post-Quantum Cryptography in Practice: Migration Strategies for Constrained and Embedded Systems (Q23b) Kris Kwiatkowski, Staff Cryptography Architect, PQShield, United Kingdom

16:30 Post-Quantum Cryptography in Embedded Systems: Migration Strategies for 2030 Readiness (Q23c) Joost Renes, Cryptographer and Security Architect, NXP Semiconductors, United States

Certification (C23)

In Practice

Moderator: David Hawes, NIST CMVP Program Manager, National Institute Of Standards And Technology (NIST), United States

15:30 Preparing for CMVP Validation Under SP 800-90C (C23a) Swapneela Unkule, CST Lab Manager, atsec information security corporation, United States

16:00 NIST & KEM Combiners, Featuring SP800-227 and SP800-133 (C23b) Hamilton Silberg, Computer Scientist, National Institute Of Standards And Technology (NIST), United States

16:30 Versioning Output Granularity to Meet FIPS 140-3 Requirement (C23c) Richard Wang, FIPS Lab Manager, Gossamer Security Solutions, United States; Steve Ratcliffe, Security Research Engineering Technical Leader, Cisco Systems, Inc, United States

Crypto Tech (G23)

Threats

Moderator: Dr. Seth Nielson, Founder and Chief Scientist, Crimson Vista, United States

15:30 Detecting Predictive Dependencies in Random Bitstreams (G23a) Joshua Sylvester, Researcher at the Darwin Deason Institute for Cyber Security, Southern Methodist University, United States

16:00 Novel EM/Power Side-Channel Countermeasure to Secure Multiplications (G23b) Nimisha Limaye, Staff ASIC Digital Design Engineer, Synopsys, United States

16:30 ICAC-Informed Threat Models for Safer Cryptographic Design in Online Gaming Platforms (G23c) Katrina Khanta, Senior Cybersecurity Consultant, The Cyber Doctor, United States

Salon 1-3

PQ Preparedness (R30)

Selected Topics

Moderator: Dr. Seth Nielson, Founder and Chief Scientist, Crimson Vista, United States

09:00 Quantum-Safe and FIPS Compliant: Navigating FIPS 140-3 Requirements for PQC Implementations (R30a) Stephan Mueller, Principal Consultant, atsec information security corporation, United States

09:30 Ramping Up the Technology Readiness Levels (TRLs) for PQC Hardware (R30b) Yathiendra Vunnam, Sr Application Engineer, Secure-IC

10:00 Harvest Now, Decrypt Later Is Key, but So Are Availability and Trusted Identities (R30c) Nils Gerhardt, CTO, Utimaco, Germany

Studio D

Crypto Tech (G30)

Testing & Analysis

Moderator: Simo Sorce, Distinguished Engineer, Red Hat, United States

09:00 Optimizing CPU Jitter Analysis: Lessons Learned from Applying the New Heuristic Procedure (G30a) Marina Ibrishimova, Principal Entropy Consultant, Lightship Security, Canada

09:30 Practical Differential Fuzzing for Post-Quantum Cryptography (G30b) Chaithanya Chilukuri, Security Engineer II, Intertek Acumen Security

10:00 Hidden Execution Paths: Testing PAA/PAI Correctly (G30c) Grigori Burlea, IT Security Consultant, atsec information security corporation, United States

Studio E

RBGs (N30)

Views from Afar

Moderator: Meltem Sonmez Turan, Supervisory Mathematician, National Institute Of Standards And Technology (NIST), United States

09:00 Non-Physical Random Number Generators According to AIS 20/31 (N30a) Johannes Mittmann, Mathematician, Bundesamt Für Sicherheit In Der Informationstechnik (BSI), Germany

09:30 Cryptographic Postprocessing Algorithms for Physical and Non-Physical RNGs (N30b) Werner Schindler, Section Head, Bundesamt Für Sicherheit In Der Informationstechnik (BSI), Germany; John Kelsey, Computer Scientist, National Institute Of Standards And Technology (NIST) And COSIC/KU Leuven, United States

10:00 The Insider’s Guide to Writing ESV and RBG Reports: Practical recommendations from a seasoned former reviewer’s perspective (N30c) Tim Hall, Consultant, Hall Technologies LLC, NIST Guest Researcher

PQ Preparedness (R31)

Transition & Agility

Moderator: Anthony Hu, Senior Software Developer, wolfSSL, Canada

10:45 Beyond PQC Transition, Crypto Agility (R31a) Leader: Lily Chen, Mathematician and NIST Fellow, National Institute Of Standards And Technology (NIST), United States Panelists: Sean Turner, President, sn3rd; Russ Housley, Founder and Owner, Vigil Security, LLC; Bill Newhouse, Cybersecurity Engineer, National Cybersecurity Center of Excellence, National Institute of Standards and Technology (NIST)

11:15 Panel Discussion: From Algorithms to Agility—the Case for a Common Cryptographic Interface (R31b) Leader: Murugiah Souppaya, Distinguished Technologist, HP Security Lab, United States Panelists: Lily Chen, Mathematician and NIST Fellow, National Institute Of Standards And Technology (NIST), United States; Shawn Geddis, Co-Founder and Chief Technology Officer, Katalyst LLC, United States; Jaime Gomez, Global Head of the Santander Quantum Threat Program, Santander Digital Services, Spain; Evgeny Gervis, CEO, SafeLogic, United States; Vladimir Soukharev, VP of Cryptographic Technology, InfoSec Global, Canada; [60 MIN]

Crypto Tech (G31)

Selected Topics

Moderator: Tomáš Mráz, Chief Technology Officer, OpenSSL Foundation

10:45 How Vendors, Labs and Newbies Can Leverage (Public) AI (Services) During FIPS 140-3 Validations (G31a) Hunter Barton, Principal Security Analyst, Oracle, United States

11:15 Open-Source Homomorphic Encryption: Making It Real (G31b) Kurt Rohloff, CTO and Co-Founder, Duality Technologies, United States

11:45 A Cryptographic Framework for AI Model Trust and Confidentiality (G31c) Adam Cason, VP, Global and Strategic Alliances, Futurex, United States

RBGs (N31)

Selected Topics

Moderator: Juan Gonzalez, Laboratory Director, Teron Labs, Australia

10:45 A New Entropy Evaluation Framework: the Spanish CCN-MEGA Methodology (N31a) Jordi Prieto Gallego, Cryptography Evaluator & Entropy Analyst, jtsec Beyond IT Security, Spain

11:15 Modern Literature on Ring Oscillator Models for Entropy (N31b) Christopher Bell, Security Engineer, Entropy SME, Intertek EWA-Canada, Canada

11:45 ESV, 90C and Me (N31c) Smita Mahapatra, Senior Security Industry Specialist, Amazon Web Services (AWS), United States; James Ramage, Lab Manager, Lightship Security