A compact checklist for abuse cases, side channels, and key lifecycle risks in crypto interfaces.
Cryptographic APIs are deceptively small surfaces that hide large, high-impact threat models. Most incidents we see start with a missing assumption in the API contract rather than a broken primitive. This note captures the minimum threat model we expect before a modeling and verification sprint begins.
We explicitly list the abusive uses of the API. If the API can be called in the wrong order, with partial state, or with repeated nonces, write those paths down and decide whether to hard-fail or to harden.
Constant-time behavior, memory access patterns, and timing variance are first-class requirements. If you cannot bound the side-channel surface, shrink the API or isolate the sensitive path.
The most valuable output of threat modeling is a short list of assumptions you can formalize. Capture them in a Lean model, turn them into invariants, and use them as oracles for property tests and differential fuzzing.
Keys should be rotateable, audit logs should be tamper-evident, and any failure should be noisy. If you cannot tell when things go wrong, you are betting the business on silence.
We deliver formal specs, differential fuzzing suites, and conformance reports with remediation guidance.