Ruben A. Gonzalez - Personal Website

Ruben A. Gonzalez

Visiting Researcher, Max Planck Institute S&P

mail@ruben-gonzalez.de [GPG key]

Security Researcher, Neodyme AG

ruben@neodyme.io [GPG key]

Interests

Post-Quantum Cryptography
Post-Quantum Protocols
Efficient Crypto Implementation
Vulnerability Research & Hacking

Publications

Academic Publications

Stateless Hash-Based Signatures for Post-Quantum Security Keys, 2025, IACR

R Gonzalez

code pdf

High-assurance zeroization, 2023, TCHES

R Gonzalez , S Arranz Olmos , G Barthe , B Grégoire , V Laporte , J Léchenet , T Oliveira , P Schwabe

code pdf

KEMTLS vs. Post-quantum TLS: Performance on Embedded Systems, 2022, SPACE 2022

R Gonzalez , T Wiggers

code pdf

Verifying Post-Quantum Signatures in 8 kB of RAM, 2021, PQCrypto 2021

R Gonzalez , A Hülsing , M Kannwischer , J Krämer , T Lange , M Stöttinger , E Waitz , T Wiggers , Bo-Yin Yan

code pdf slides video

Security Research

Advisories, Popular Science and Non-Academic Publications

Rambox TLS Plaintext Recovery - CVE-2023-43972, 2023, MITRE

Ruben Gonzalez

Croc Full Plaintext Recovery - CVE-2021-31603, 2021, MITRE/RedRocket Blog

Ruben Gonzalez , Aaron Kaiser

blog

Kyber - How does it work? The Inner Workings of the Post-Quantum KEM, 2021, Cryptopedia Blog

Ruben Gonzalez

blog

Reversing and Hacking Age of Empires 2: Definitive Edition, 2021, Microsoft/RedRocket Blog

Ruben Gonzalez , F. Stotz

blog

TinyDTLS Full Key Recovery - CVE-2021-34430, 2021, NIST/Eclipse

Ruben Gonzalez

web

BigBlueButton Local File Inclusion/Privilege Escalation - CVE-2020-12112, 2020, BigBlueButton/RedRocket Blog

L. Schauer , Ruben Gonzalez

writeup

Academic Work

Courses, Seminars and other Academic Work

Cry.College: Online Lecture on Modern Cryptography , H-BRS, Start 2021.
WebSecSeminar: Research Seminar on Web Security , H-BRS, Start 2021.
HookFTW: A Windows Hooking Library , Master Project Supervision, H-BRS, 2021.
Syntax Aware Fuzzing For Indentifying Parser Differentials , Bachelor Thesis Supervision, H-BRS, 2020.
Reviewer , Paper on Improving Schindler Style Error Correction, CARDIS, 2019
Offensive Security: Online Lecture on Hacking Techniques , H-BRS, Start 2019.
Tutor for Lecture Operating Systems , HTWG Konstanz 2016.

Talks

Presentations Held (Selection)

Hacking Cryptography , DEFCON, Las Vegas
Better Information Security Management in Hospital , DMEA
Hacking Cryptography , Hack in The Box, Amsterdam
Attacking Companies: How does it work? , SecIT, Hannover
Post-Quantum Migration , BDEW Bundesverband der Energie- und Wasserwirtschaft/German Association of Energy and Water Supply
Security Threat’s for Judges and Prosecutors , Deutscher Juristentag/German Attorneys Association
Web Application Security , Malta Information Technology Agency
Kyber and Post-Quantum Crypto - How does it work? , Chaos Communication Congress, rc3 2021
Foundations of Modern Cryptography , Fraunhofer Academy Training.
Laymen’s Guide to Information Security , Fraunhofer Academy Training.
Information Security for Endusers , German Farmers Day 2021
Curveball - Mircosoft’s Crypto Screwup , Cooleleute.live, 2020.
Real World Crypto in The Actual Real World , DS Lunch Colloquium, Radboud University, 2021.
How to Learn (and Teach) Hacking , OWASP AppSec, 2019.
News On Error Correction Methods for SPA on Blinded Modular Exponentiation , JIL Hardware-Related Attacks Subgroup, Brussels, 2018
AI, Heuristics and NP in Laymen’s Terms , Datenburg, 2018.
Hosting CTFs with Berlyne , FrOSCon, 2017.

Projects

Involved Projects

Chairman - RedRocket Hacking Club

website

Co-Organizer - CyberSecurityRumble Germany Hacking Competition

website

Full Member - Nachwuchsförderung IT-Sicherheit e.V.

website

Hackfest - Problem Based Learning Platform for Interactive Course Work

code website

Edu25519 - Curve25519 Implementation Optimized For Readability

code

Cry.College-Lib - Python Library implementing many crypto primitives.

code

eccfun - Python Library For Interactively Exploring Elliptic Curves

code

IKEFOO - Test suite for IKE/IPSec implementations

Press

Selection Of Interviews And Press Coverage

Spiegel Article about Car Hacking , Spiegel
Gamestar Podcast about RedRocket and Game Hacking , Gamestar
Wie hackt man einen Satelliten? , PM Wissen
US-Wettbewerb: Hackerteam der Hochschule Bonn-Rhein-Sieg gewinnt Preis , Cologne Messenger
Im Weltraum hört dich niemand hacken , Der Spiegel
Sankt Augustiner spüren im Wettbewerb IT-Sicherheitslücken auf , Generalanzeiger Bonn
PLATZ 3: FLUXREPEATROCKET BEIM HACK-A-SAT , Press Release H-BRS
Team RedRocket Hackt Beim ProCTF In Abu Dhabi , H-BRS Press Release
Red-Rocket-Team Hacker-Gruppe der Hochschule Bonn-Rhein-Sieg sucht Sicherheitslücken , Cologne Messenger
Team Sauercloud Qualifiziert Sich Für DEFCON CTF , H-BRS Press Release
TV Report about RedRocket winning the CyberSecRumble , WDR Lokalzeit Bonn
Team RedRocket Rockt Cyber Security Rumble In Bonn , H-BRS Press Release

CTF Tasks

Hacking Challenges Authored

BfLol, 2020, CyberSecurityRumble

Binary Exploitation, Brainfuck Interpreter PWNing, 300/500

challenge writeup

Blow, 2020, CyberSecurityRumble

Crypto, Inavlid Curve Attack On Faulty JWT Usage, 500/500

challenge writeup

CyberWall, 2020, CyberSecurityRumble

Web, Code Injection, 100/500

challenge writeup

DLog, 2020, CyberSecurityRumble

Crypto, Invalid Point Submission Attack, 200/500

challenge writeup

DTls, 2020, CyberSecurityRumble

Crypto, Exploit Faulty DTLS Implementation, 400/500

challenge

EzDSA, 2020, CyberSecurityRumble

Crypto, EcDSA Nonce Reuse Attack, 200/500

challenge writeup

Secure Secret Sharing, 2020, CyberSecurityRumble

Web, NoSQL Injection Attack, 300/500

challenge writeup

CityRSA, 2018, P.W.N. University CTF

Crypto, Exploit Faulty RSA-CRT Implementation, 300/500

writeup

Converter, 2018, P.W.N. University CTF

Crypto, Exploit CBC Padding Oracle, 200/500

writeup

H!pster Startup, 2018, P.W.N. University CTF

Web, ArangoDB Injection Attack, 300/500

writeup

Whistle, 2018, P.W.N. University CTF

Crypto, Exploit Invalid Padding via Coppersmith Attack, 300/500

writeup