When using cryptography, leaking data about crypto operations can expose the system to powerful attacks. Even if you're using unbroken algorithms, you may expose yourself to attacks which can completely bypass your use of crypto.
The first step is to identify where encrypted user input occurs. From a black box perspective, we first need to identify all of the user inputs, then determine which of them may be encrypted,