CT-RSA 2015 Program DRAFT Jan 11 ========================================= TUESDAY ============================================================ Session 1:10 - 2:00 pm =========================================================== >> - Session Title: Timing Attacks >> - Session Abstract: Timing attacks on implementations of cryptographic alorithms are among the most powerful side-channel attacks. >> - Session classification: o Advanced - Sessions focused on advanced principles and concepts, geared toward attendees with deep subject knowledge and 10 or more years of experience. Little/no time is spent on defining terms and background. Contains demonstrations, line code, advanced architecture discussions, tools that can be shared, or similar level of content. -------------------------------------------- 15 > - Title: Just A Little Bit More > - Authors: Nigel Smart (University of Bristol) Yuval Yarom (University of Adelaide) Joop van de Pol (University of Bristol) > - Quick abstract (200 characters including spaces) We exploit a property of many standard elliptic curves to reduce the number of signatures needed to be observed and demonstrate how we break ECDSA on a secp256k1 curve using only 25 signatures. > - Speaker Name, Title, Organization Yuval Yarom: Adelaide University > - Speaker bio (no more than 800 character, including spaces) Yuval Yarom is a Research Associate in the School of Computer Science at the University of Adelaide. His main research interests are computer security and cryptography, with a current focus on side-channel attacks and defences. He obtained his MSc from the Hebrew University, Jerusalem in 1993 and has just completed the requirements for a PhD in Computer Science from the University of Adelaide. Prior to resuming his academic interests, Yuval has spent several years in the industry, doing computer security research at Memco Software and co-founding Girafa.com. -------------------------------------------------------------------- 86 > - Title: Cache storage attacks > - Authors: Billy Brumley (Tampere Univ. of Technology) > - Quick abstract (200 characters including spaces) Covert storage channels, not historically used for side-channel attacks, utilize existing system bits to carry data. This work introduces a new storage channel exposed by cache debug facilities. > - Speaker Name, Title, Organization Billy Brumley, Assistant Professor, Tampere University of Technology > - Speaker bio (no more than 800 character, including spaces) A native Texan born in 1981, Bill Brumley is an Assistant Professor in the Department of Pervasive Computing at Tampere University of Technology, Finland. He is a former Staff Engineer for Qualcomm's Product Security Initiative (QPSI) in San Diego, California. He holds a Doctor of Science in Technology from Aalto University (Finland, 2012). He is an Aalto University School of Science Doctoral Dissertation Award recipient (2012) and two-time Nokia Foundation Scholarship recipient (2010, 2009). He specializes in cryptography engineering and side-channel analysis. He is a husband, father, avid outdoorsman, and Rubik's cube enthusiast. =========================================================== Session 2:20 - 3:10 pm =========================================================== >> - Session Title: Design and Analysis of Block Ciphers >> - Session Abstract: Block ciphers are arguably the most important cryptographic primitives. In this session we hear new cryptanalytic results of the widely used standard block ciphers AES and Camellia which shed new light on their security guarantees. >> - Session classification: o Advanced - Sessions focused on advanced principles and concepts, geared toward attendees with deep subject knowledge and 10 or more years of experience. Little/no time is spent on defining terms and background. Contains demonstrations, line code, advanced architecture discussions, tools that can be shared, or similar level of content. ------------------------------------------------------------------ 92 > - Title: Analyzing Permutations for AES-like Ciphers: Understanding ShiftRows > - Authors: Christof Beierle (Ruhr-Universität Bochum) Philipp Jovanovic (University of Passau) Martin Lauridsen (Technical University of Denmar) Gregor Leander (Ruhr-Universität Bochum) Christian Rechberger (DTU Compute) > - Quick abstract (200 characters including spaces) In this work, we present the first in-depth analysis of the ShiftRows operation in AES-like ciphers. We give a range of both theoretical and experimental results on how best to choose this parameter. > - Speaker Name, Title, Organization Martin M. Lauridsen, Ph.D. student, Technical University of Denmark > - Speaker bio (no more than 800 character, including spaces) Martin M. Lauridsen is a Ph.D. student with the Section for Cryptology at the Technical University of Denmark since September 2012. His work includes design, cryptanalysis, fundamentals and implemnetation of symmetric primitives including stream ciphers, block ciphers and authenticated encryption schemes, all with a focus towards lightweight primitives. --------------------------------------------------------------- 105 > - Title: Improved Attacks on Reduced-Round Camellia-128/192/256 > - Authors: Xiaoyang Dong (Shandong University) Leibo Li (Shandong University) Keting Jia (Department of Computer Science and Technology,Tsinghua University) Xiaoyun Wang (Institute for Advanced Study, Tsinghua University, Beijing 100084, China) > - Quick Abstract Camellia block cipher is an ISO/IEC standard. We give the key-dependent multiple differential attack on 10-round Camellia-128 and the MITM attacks on 12-round Camellia-192 and 13-round Camellia-256. > - Speaker Name, Title, Organization Speaker Name: Xiaoyang Dong Title: Ph.D Student Organization: Shandong University, China > - Speaker Bio Xiaoyang Dong is a Ph.D student in Key Laboratory of Cryptologic Technology and Information Security, Ministry of Education, Shandong University, China. His supervision is Prof. Xiaoyun Wang. His research interests are design and analysis of symmetric key primitives like block ciphers, hash functions , etc. =========================================================== Session 3:30 - 4:20 pm =========================================================== >> - Session Title: Attribute and Identity Based Encryption >> - Session Abstract: The session has two talks on attribute and identity based encryption schemes. They are public key encryption schemes that allow the control of the decryption capability based on the receiver's identity or other attributes related to the receiver. >> - Session classification: o Advanced - Sessions focused on advanced principles and concepts, geared toward attendees with deep subject knowledge and 10 or more years of experience. Little/no time is spent on defining terms and background. Contains demonstrations, line code, advanced architecture discussions, tools that can be shared, or similar level of content. --------------------------------------------------------------------- 69 > - Title: Duality in ABE: Converting Attribute Based Encryption for Dual Predicate and Dual Policy via Computational Encodings > - Authors: Nuttapong Attrapadung (AIST, Japan) Shota Yamada (AIST, Japan) > - Quick abstract (200 characters including spaces) We show a conversion that converts attribute based encryption (ABE) for any predicate into ABE for its "dual", e.g., key-policy ABE into ciphertext-policy ABE, and vice versa. It works in the pair encoding framework from Eurocrypt'14. > - Speaker Name, Title, Organization Nuttapong Attrapadung, Dr., National Institute of Advanced Industrial Science and Technology (AIST), Japan > - Speaker bio (no more than 800 character, including spaces) Dr. Nuttapong Attrapadung is a senior research scientist at Research Institute for Secure System (RISEC) of National Institute of Advanced Industrial Science and Technology (AIST). His research interests are in the area of cryptography and information security. His specialized themes include public-key cryptography, especially attribute-based encryption and functional encryption. He received his bachelors degree (first-class honors) in Electrical engineering from Chulalongkorn university in Thailand in 2001, and received his masters degree and Ph.D. in Information and communication engineering from the University of Tokyo in Japan in 2004 and 2007, respectively (both with the Dean's distinctive thesis awards). He was granted a JSPS post-doctoral fellowship at AIST in 2007. From 2008 on, he is appointed as a full-time research scientist also at AIST. He received the Ericsson Young Scientist Award in 2010. ------------------------------------------------------------------- 51 > - Title: Revocable Hierarchical Identity-Based Encryption: History-Free Update, Security Against Insiders, and Short Ciphertexts > - Authors: Jae Hong Seo (Myongji University) Keita Emura (National Institute of Information and Communications Technology) > - Quick abstract We present a new approach to construct a revocable hierarchical identity-based encryption (RHIBE) scheme, featured history-free updates, which is simpler and more efficient than the scheme of CT-RSA 2013. > - Speaker Name, Title, Organization Keita Emura, Dr, National Institute of Information and Communications Technology, Japan > - Speaker bio (no more than 800 character, including spaces) Keita Emura received M.E. degrees from Kanazawa University in 2004. He was with Fujitsu Hokuriku Systems Ltd., from 2004 to 2006. He received the Ph.D. degree in information science from the Japan Advanced Institute of Science and Technology in 2010, where he was with the Center for Highly Dependable Embedded Systems Technology as a Post- Doctoral Researcher in 2010-2012. He has been a Senior Researcher with the National Institute of Information and Communications Technology, since 2012. His research interests include public-key cryptography and information security. He was a recipient of the SCIS Innovation Paper Award from IEICE in 2012. =========================================================== Session 4:40 - 5:30 pm =========================================================== >> - Session Title: Membership >> - Session Abstract: Proving membership or non-membership is a problem that occurs often in practical applications. This session provides cryptographic tools for handling such problems. >> - Session classification: o Advanced - Sessions focused on advanced principles and concepts, geared toward attendees with deep subject knowledge and 10 or more years of experience. Little/no time is spent on defining terms and background. Contains demonstrations, line code, advanced architecture discussions, tools that can be shared, or similar level of content. ------------------------------------------------------------------------ 48 > - Title: Revisiting Cryptographic Accumulators, Additional Properties and Relations to other Primitives > - Authors: David Derler (IAIK, TU Graz) [Corr] Christian Hanser (IAIK, TU Graz) Daniel Slamanig (IAIK, TU Graz) > - Quick abstract (200 characters including spaces) We propose a unified model for cryptographic accumulators, capturing all features of existing constructions and unveil black-box relations of accumulators to commitments and zero-knowledge sets. > - Speaker Name, Title, Organization David Derler, Dipl.-Ing., Graz University of Technology (IAIK) > - Speaker bio (no more than 800 character, including spaces) David Derler is a research and teaching assistant at IAIK, Graz University of Technology. His main research interests are in the field of public key cryptography with a focus on privacy enhancing protocols and their applications. Before starting to work at IAIK in 2013, he completed both, his master studies (Dipl.-Ing., 2013) and his bachelor studies (BSc, 2011) in Software Development and Business Management at the Graz University of Technology and with distinction. Currently, David is involved in the FutureID project, an EU funded project focusing on a privacy friendly and easy to use identity management infrastructure for Europe. Besides that, he teaches an introductory course to operating system programming. ----------------------------------------------------- 46 Title: Non-Interactive Zero-Knowledge Proofs of Non-Membership Authors: Damien Vergnaud (ENS) Olivier Blazy (Université de Limoges) Céline Chevaler (Universite Paris 2) > - Quick abstract (200 characters including spaces) We present a generic method to prove in a non-interactive way that a committed value does not belong to a given language L, along with an efficient realization of our proof system. > - Speaker Name, Title, Organization Blazy Olivier, PhD, Université de Limoges, XLim > - Speaker bio (no more than 800 character, including spaces) Olivier Blazy is an assistant professor at the university of Limoges in France, he did his PhD with David Pointcheval working on proofs of knowledge and their application to blind signatures and authenticated key exchange. He then worked on tight reduction in security proofs during his postdoctoral studies with Eike Kiltz in Bochum. ==================================================================== WEDNESDAY ===================================================================== Session 8:00 - 8:50 am =========================================================== >> - Session Title: Secure and Efficient Implementation of AES based cryptosystems >> - Session Abstract: The two speakers of this session present new methods for improving the efficiency and security of the implementations of the Advanced Encryption Standard and the standard authenticated encryption mode of operation Galois Counter Mode on ARM processors. >> - Session classification: o Advanced - Sessions focused on advanced principles and concepts, geared toward attendees with deep subject knowledge and 10 or more years of experience. Little/no time is spent on defining terms and background. Contains demonstrations, line code, advanced architecture discussions, tools that can be shared, or similar level of content. --------------------------------------------------------------------- 98 > - Title: Implementing GCM on ARMv8 > - Authors: Conrado Gouvea (Kryptus) Julio L�pez (UNICAMP) > - Quick Abstract: We present an optimized and timing-resistant implementation of GCM over AES-128 using the new ARMv8 instructions which multiply two 64-bit binary polynomials and encrypt using the AES cipher. > - Speaker Name, Title, Organization: Conrado P. L. Gouvea, Software Developer, KRYPTUS Information Security Solutions > - Speaker bio Conrado Porto Lopes Gouvea is a software developer at KRYPTUS Information Security Solutions, Brazil. He received a PhD degree in Computer Science from the University of Campinas (Unicamp) in 2013. His research interests include the efficient implementation of cryptographic algorithms such as elliptic curve cryptography, pairing-based cryptography and authenticated encryption. He is one of the authors of the RELIC cryptographic toolkit. --------------------------------------------------------------------------- 36 > - Title: Higher-Order Masking in Practice: A Vector Implementation of Masked AES for ARM NEON > - Authors: Junwei Wang (Shandong University) Johann Großschädl (University of Luxembourg) Praveen Kumar Vadnala (University of Luxembourg) Qiuliang Xu (Shandong University) - Quick abstract (200 characters including spaces) We present an efficient vector-parallel implementation of the AES for ARM NEON processors and analyze the performance impact of provably-secure countermeasures against higher-order DPA attacks. - Speaker Name, Title, Organization Junwei Wang, Master student in Shandong University, China - Speaker bio (no more than 800 character, including spaces) Junwei Wang is an M.Sc. student in computer science at Shandong University in China. He spent the academic year 2013/14 as an exchange student at the University of Luxembourg. During his stay in Luxembourg, he successfully defended his master thesis under the supervision of Professor Jean-Sebastien Coron. As part of his thesis research, he developed vector-parallel implementation of the AES for ARM NEON processors and protected it against higher-order Differential Power Analysis (DPA) attacks using provably-secure masking techniques. Currently, Junwei is doing an internship at Eyespage, a start-up company based in Beijing. ================================================================ Session 9:10 - 10:00 am =========================================================== >> - Session Title: Chosen Ciphertext Attacks in Theory and Practice >> - Session Abstract: Protecting public key based encryption protocols against chosen ciphertext attacks (CCA) is important but not always taken into consideration sufficiently seriously in practice. The speakers of this session present theoretical advances of CCA s ecurity and reveal new CCA vulnerabilities in practical implementations of Open PGP. >> - Session classification: o Advanced - Sessions focused on advanced principles and concepts, geared toward attendees with deep subject knowledge and 10 or more years of experience. Little/no time is spent on defining terms and background. Contains demonstrations, line code, advanced architecture discussions, tools that can be shared, or similar level of content. -------------------------------------------------------------- 106 > - Title: Completeness of Single-Bit Projection-KDM Security for Public Key Encryption > - Authors: Fuyuki Kitagawa (Tokyo Institute of Technology) Takahiro Matsuda (National Institute of Advanced Industrial Science and Technology) Goichiro Hanaoka (National Institute of Advanced Industrial Science and Technology) Keisuke Tanaka (Tokyo Institute of Technology) > - Quick abstract We show how to construct a PKE scheme that is KDM-CCA secure with respect to poly-time computable functions only from a 1-bit PKE scheme that is KDM-CCA secure with respect to projection functions. > - (1) Speaker Name, (2) Title, (3)Organization (1) Fuyuki Kitagawa (2) Completeness of Single-Bit Projection-KDM Security for Public Key Encryption (3) Tokyo Institute of Technology, National Institute of Advanced Industrial Science and Technology (AIST) > - Speaker bio Fuyuki Kitagawa received his bachelor's degree in Science from the Department of Information Science, Tokyo Institute of Technology in 2014. Currently, he is a master's degree student at the Department of Mathematical and Computing Sciences, Tokyo Institute of Technology. His interests include public key cryptography and provable security. ------------------------------------------------------------------------------------------ 87 > - Title: Format Oracles on OpenPGP > - Authors: Florian Maury (ANSSI) Jean-René Reinhard (ANSSI) Olivier Levillain (ANSSI) Henri Gilbert (ANSSI) > - Quick abstract: We present format oracles in OpenPGP implementations, including GnuPG. If given access to the leaked information, an adversary can decrypt any ciphertext in essentially 2^8 oracle requests per byte. > - Speaker: Jean-René Reinhard Cryptographic Expert, ANSSI (French Network and Information Security Agency) > - Speaker bio: Jean-René Reinhard received a Ph.D. in computer science in 2011 from Université de Versailles Saint-Quentin-en-Yvelines. He is a cryptographic expert at ANSSI, the French network and information security agency. His main research interests are symmetric cryptography and applied cryptography. ===================================================================== Session 10:20 - 11:10 am and 11:30 am - 12:20 pm =========================================================== >> - Session Title (75 character limit, including spaces) Post-Snowden Cryptography >> - Session abstract (400 character limit, including spaces) The Snowden revelations have shown that intelligence agencies have been successful in undermining cryptography by using a broad range of techniques. In response, cryptographic standards and implementations are being scrutinized to evaluate whether they resist a powerful threat model that includes subversion of the supply chain and sophisticated malware. In this panel four top experts in the area discuss which secure solutions are available today and what the cryptographic research and deployment challenges are for academia and industry. >> - Session classification: o General Interest - This classification is used for compelling strategic sessions, introductions to new technology, or sessions or tracks where ratings are not as relevant (e.g. Professional Development). > - Title: Panel Discussion > - Panel members: Paul Kocher (Cryptography Research), Adi Shamir (The Weizmann Institute), Nigel Smart (University of Bristol) > - Speaker Name, Title, Organization Bart Preneel, Professor, KU Leuven and iMinds > - Speaker bio (no more than 800 character, including spaces) Bart Preneel is full professor at the KU Leuven where he heads the COSIC research group which has 60 members. He has authored more than 400 scientific publications and is the inventor of 4 patents. His main research interests are cryptography, information security and privacy; and he frequently consults on these topics. From 2008-2013 was president of the IACR (International Association for Cryptologic Research). He has been an invited speaker at more than 100 conferences in 40 countries. In 2014 he received the RSA Award for Excellence in the field of Mathematics. ==================================================================== THURSDAY ===================================================================== Session 8:00 - 8:50 am ====================================================================== >> - Session Title: Algorithms for Solving Hard Problems >> - Session Abstract: Hard problems such as the shortest lattice problem and integer factorization are in the core of public key cryptography. In this session, new algrithms for solving these hard problems are presented. >> - Session classification: o Advanced - Sessions focused on advanced principles and concepts, geared toward attendees with deep subject knowledge and 10 or more years of experience. Little/no time is spent on defining terms and background. Contains demonstrations, line code, advanced architecture discussions, tools that can be shared, or similar level of content. ---------------------------------------------------------------- 62 > - Title: Finding Shortest Lattice Vectors in the Presence of Gaps > - Authors: Wei Wei (Chinese Academy of Sciences) Mingjie Liu () Xiaoyun Wang () > - Quick abstract This paper focuses on the efficiency of SVP algorithms for lattices with gaps, which is based on new upper bounds for the lattice packing density. A modified approx-SVP algorithm is also provided. > - Speaker Name, Title, Organization Wei Wei, Post Doctoral Researcher, State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences. > - Speaker bio Wei Wei is currently a post-doctoral researcher at Institute of Information Engineering, Chinese Academy of Sciences. Wei received her Ph.D. degree in mathematics from Tsinghua University (China) in 2014. Her main research interest is lattice-based cryptography, especially algorithms and complexity analysis for hard lattice problems. ---------------------------------------- 7 > - Title: A Simple and Improved Algorithm for Integer Factorization with Implicit Hints > - Authors: Koji Nuida (National Institute of Advanced Industrial Science and Technology / JST PRESTO) Naoto Itakura (Ibaraki University) Kaoru Kurosawa (Ibaraki University) > - Quick abstract (200 characters including spaces) We give a simple and improved factoring algorithm of two integers, where their factors have some common least significant bits whose necessary number is significantly smaller than the previous work. > - Speaker Name, Title, Organization Koji Nuida Doctor National Institute of Advanced Industrial Science and Technology (AIST) / JST PRESTO Researcher > - Speaker bio (no more than 800 character, including spaces) Koji Nuida received a Ph.D. (Mathematical Sciences) from Graduate School of Mathematical Sciences, The University of Tokyo, Japan, in March 2006. Since April 2006 he has been working at National Institute of Advanced Industrial Science and Technology (AIST) in Japan, currently as a senior researcher. Since October 2014 he has been supported by JST (Japan Science and Technology Agency) PRESTO. His research interest is mainly at mathematics, cryptography and their interdisciplinary topics. ===================================================================== Session 9:10 - 10:00 am =========================================================== >> - Session Title: Constructions of Hash Functions and Message Authentication Codes >> - Session Abstract: In this session constructions of hash functions and message authentication codes from ciphers or random permutations are presented. >> - Session classification: o Advanced - Sessions focused on advanced principles and concepts, geared toward attendees with deep subject knowledge and 10 or more years of experience. Little/no time is spent on defining terms and background. Contains demonstrations, line code, advanced architecture discussions, tools that can be shared, or similar level of content. ------------------------------------------------- 40 > - Title: Hash Functions from Defective Ideal Ciphers > - Authors: Jonathan Katz (University of Maryland) Stefan Lucks () Aishwarya Thiruvengadam (University of Maryland) > - Quick abstract: Defects in underlying block ciphers are used to attack primitives such as hash functions. We model related-key defects in ideal ciphers and prove security of hash functions from such weakened ciphers. > - Speaker Name: Aishwarya Thiruvengadam Organization: University of Maryland > - Speaker bio: Aishwarya Thiruvengadam is currently a PhD student advised by Prof. Jonathan Katz at the University of Maryland, College Park. Her interests primarily lie in the study and analysis of primitives used in symmetric-key cryptography. > - Speaker email address: aish@cs.umd.edu -------------------------------------------------------------------------- 110 > - Title: Using an Error-Correction Code for Fast, Beyond-birthday-bound Authentication > - Authors: Yusi Zhang (UC Davis) > - Quick abstract: We design a new variant of PMAC, PMACX. It is a parametrized scheme whose efficiency and security can be controlled by an MDS matrix. PMACX's key number keeps constant when the desired security level increases, an improvement compared to prior work. > - Speaker Name: Yusi Zhang > - Speaker Title: Mr. > - Speaker Organization: University of California, Davis > - Speaker Bio: Yusi Zhang is a 2nd year CS Phd student in University of California, Davis. His adviser is Prof. Phillip Rogaway and his main research area is provable security in symmetric cryptography. He is also interested in the underlying mathematical foundations of modern cryptology. Yusi went through a summer internship in NTT (Nippon Telegraph and Telephone), Japan, supervised by Dr. Tatsuaki Okamoto, where he invented the construction of PMACX, his first attempt in improving an existing symmetric cryptographic scheme. Before the PhD study program, Yusi graduated from Hong Kong University of Science and Technology (HKUST) with an engineering bachelor degree in computer engineering. ===================================================================== Session 10:20 - 11:10 am ================================================================================ >> - Session Title: Secure Multiparty Computation >> - Session Abstract: Secure multiparty computation allows the parties to compute a value of a function while keeping their inputs private. The first talk in this session examines leakage resiliency of circuits while the second talk focuses on the fairness property of the multiparty computation protocols. >> - Session classification: o Advanced - Sessions focused on advanced principles and concepts, geared toward attendees with deep subject knowledge and 10 or more years of experience. Little/no time is spent on defining terms and background. Contains demonstrations, line code, advanced architecture discussions, tools that can be shared, or similar level of content. ------------------------------------------------------------------- 102 > - Title: Efficient Leakage Resilient Circuit Compilers > - Authors: Marcin Andrychowicz (Warsaw University) Ivan Damg�rd (Aarhus University) Stefan Dziembowski (Warsaw University) Sebastian Faust (EPFL) Antigoni Polychroniadou (Aarhus University) > - Quick abstract : We propose efficient circuit transformations for broad classes of leakages that result only in at most linear blow-up of the circuit's size. > - Speaker Name, Title, Organization: Antigoni Polychroniadou, PhD student, Aarhus University > - Speaker bio: Antigoni is a PhD student at Aarhus University in the Crypto Group under the supervision of Prof. Ivan Damg�rd. She holds an MSc in Mathematics of Cryptography and Communications from Royal Holloway University of London under the supervision of Prof. Kenneth G. Paterson. This semester, Antigoni is at UC Berkeley for a research visit working with Sanjam Garg. -------------------------------------------------------------------------------- 75 > - Title: Optimally Efficient Multi-Party Fair Exchange and Fair Secure Multi-Party Computation > - Authors: Handan Kilinç (Koç University) Alptekin Küpçü (Koç University) > - Quick Abstract We build multi party fair exchange protocol. It works for any exchange topology and makes secure multi party computation fair. We use optimistic trusted third party and preserve privacy against him. > - Speaker Name, Title, Organization Handan Kilinç, PHD student, École Polytechnique Fédérale de Lausanne > - Speaker bio (no more than 800 character, including spaces) Handan Kilinç is a PHD student in Computer and Communication Sciences at École Polytechnique Fédérale de Lausanne under supervision of Prof. Serge Vaudenay. She is currently working on distance bounding protools. She earned her M.Sc degree in Computer Sciences and Engineering from Koç University in 2014 under supervision of Asst. Prof. Alptekin Küpçü. She did his research in secure and fair multi-two party computation during her master. She earned two B.Sc degrees in Mathematics and Computer Engineering in 2012 from TOBB University of Economics and Technology. ===================================================================== Session 11:30 am - 12:20 pm =========================================================== >> - Session Title: Authenticated Encryption >> - Session Abstract: Designing more efficient and secure authenticated encryption schemes is in the focus of the cryptographic community. The first speaker will discuss methods to enhance the handling of associated data in sponge-based schemes. The second speakewr will present cryptanalysis of a scheme submitted to the CAESAR competition. >> - Session classification: o Advanced - Sessions focused on advanced principles and concepts, geared toward attendees with deep subject knowledge and 10 or more years of experience. Little/no time is spent on defining terms and background. Contains demonstrations, line code, advanced architecture discussions, tools that can be shared, or similar level of content. ----------------------------------------------------------------------------- 116 > - Title: How to Incorporate Associated Data in Sponge-Based Authenticated Encryption > - Authors: Kan Yasuda (NTT) Yu Sasaki (NTT) > - Quick abstract (200 characters including spaces): We study the ways to combine associated data $A$ with a sponge-based authenticated-encryption (AE) scheme. Three constructions are proposed in this paper. With those constructions, efficiency can be improved without loosing the security of the original sponge-based AE. > - Speaker Name, Title, Organization: Yu Sasaki, Doctor, NTT Secure Platform Laboratories > - Speaker bio (no more than 800 character, including spaces): Yu Sasaki received the B.E., M.E. and Ph.D. from The University of Electro-Communications in 2005, 2007, and 2010. Since 2007, he has been a researcher at NTT Secure Platform Laboratories. His current research interests are in cryptography. He was awarded a paper prize from SCIS 2007 and IEICE Trans. in 2009. He also received a best paper award from IWSEC 2009, SECRYPT 2012, and IWSEC 2012. -------------------------------------------------------------------- 82 > - Title: Cryptanalysis of Ascon > - Authors: Maria Eichlseder (Graz University of Technology) Florian Mendel (Graz University of Technology) Christoph Dobraunig (Graz University of Technology) Martin Schläffer (Infineon Technologies) > - Quick abstract (200 characters including spaces) We analyze the security of authenticated cipher Ascon, a CAESAR candidate, using cube-like, differential, and linear cryptanalysis. We give attacks on 6 of 12 rounds, and a permutation distinguisher. > - Speaker Name, Title, Organization Christoph Dobraunig, Graz University of Technology > - Speaker bio (no more than 800 character, including spaces) Christoph Dobraunig is currently a PhD student at the Graz University of Technology. His main research interests include the creation of automated search tools for linear and differential characteristics, protection mechanisms against side-channel attacks, and the design and analysis of symmetric cryptographic algorithms in general. Before, he finished his master's thesis on "Differential Cryptanalysis of SipHash" in January 2014 and completed the master's programme Telematics and the bachelor programme Telematics with distinction. ==================================================================== FRIDAY ===================================================================== Session 9:00 - 9:50 am =========================================================== >> - Session Title: Detecting and Tracing Malicious Activities >> - Session Abstract: This session addresses two aspects of ensuring correct security behavior of network entities. >> - Session classification: o Advanced - Sessions focused on advanced principles and concepts, geared toward attendees with deep subject knowledge and 10 or more years of experience. Little/no time is spent on defining terms and background. Contains demonstrations, line code, advanced architecture discussions, tools that can be shared, or similar level of content. ------------------------------------------------------------------ 95 > - Title: Stronger Security Notions for Decentralized Traceable Attribute-Based Signatures and More Efficient Constructions > - Authors: Essam Ghadafi (University of Bristol) > - Quick abstract (200 characters including spaces) We improve the state-of-the-art of Decentralized Traceable Attribute-Based Signatures. We present a new security model and more efficient constructions with much more efficient traceability. > - Speaker Name, Title, Organization Dr. Essam Ghadafi, Postdoctoral Researcher, University College London, UK > - Speaker bio (no more than 800 character, including spaces) Essam Ghadafi is a post-doctoral researcher in Cryptography. Ghadafi obtained both his Ph.D. and M.Sc. from the University of Bristol in 2007 and 2011, respectively. His research centers around different aspects of Cryptography & Information Security. ----------------------------------------------------------------------------------- 11 > - Title: Re-encryption Verifiability: How to Detect Malicious Activities of a Proxy in Proxy Re-encryption > - Authors: Satsuya Ohata (The University of Tokyo) Yutaka Kawai (Mitsubishi Electric) Takahiro Matsuda (National Institute of Advanced Industrial Science and Technology) Goichiro Hanaoka (National Institute of Advanced Industrial Science and Technology) Kanta Matsuura (The University of Tokyo) > - Quick abstract (200 characters including spaces) We introduce a new functionality for proxy re-encryption (PRE) that we call re-encryption verifiability. We formalize the security model for a verifiable PRE scheme, and show the construction. > - Speaker Name, Title, Organization Satsuya Ohata Doctor course student The University of Tokyo / AIST > - Speaker bio (no more than 800 character, including spaces) Graduated from the Department of Informatics and Image Science, Faculty of Engineering, Chiba University in March 2011. Completed the master�s course at the Graduate School of Information Science and Technology, The University of Tokyo in March 2013 (Master, Information Science and Technology). Currently, enrolled in the doctorate program at the Graduate School of Information Science and Technology, The University of Tokyo. Technical Staff, Innovative Security Research Group, Research Institute for Secure Systems, AIST from May 2012. Engages mainly in the research of public key cryptosystems, provable security, and its applications. Received the Dean's Award (2013), Award on Symposium on Cryptography and Information Security (2014). ===================================================================== Session 10:10 - 11:00 =========================================================== >> - Session Title: Implementation Attacks on Exponentiation Algorithms >> - Session Abstract: Implementations of the Discrete Logarithm Based Cryptography are vulnerable on many side channel and fault attacks. In this session two new approaches for such attacks are presented. >> - Session classification: o Advanced - Sessions focused on advanced principles and concepts, geared toward attendees with deep subject knowledge and 10 or more years of experience. Little/no time is spent on defining terms and background. Contains demonstrations, line code, advanced architecture discussions, tools that can be shared, or similar level of content. ---------------------------------------- 14 > - Title: Exploiting Collisions in Addition Chain-based Exponentiation Algorithms Using a Single Trace > - Authors: Neil Hanley (Queen's University Belfast) HeeSeok Kim (Korea Institute of Science and Technology Information) Michael Tunstall (Cryptography Research Inc) > - Abstract: A collision attack applied to an exponentiation is where an adversary seeks to determine if two operations have the same input. We extend this to an adversary who seeks to determine if the output of one operation is input to another. > - Speaker: Dr. Michael Tunstall, Cryptography Research, Inc, > - Speaker bio: Michael has been working in embedded security since 1998, primarily focused on side channel and fault analysis of cryptographic devices. He started his career in Gemplus Card international, the world's leading smart card manufacturer, and was involved in the development of side channel attacks and countermeasures from the moment it was introduced to the cryptographic community as a very real security issue. Michael is also responsible for some of the first publications demonstrating that fault analysis of cryptographic devices is possible and that suitable countermeasures are required in all such devices. Michael has co-edited a book entitled "Fault Analysis in Cryptography", which is a summary of the state-of-the-art in fault analysis and is the first text book on this topic in the literature. Michael has been working for Cryptography Research since late 2013. --------------------------------------------------------------------------- 84 > - Title: Cold Boot Attacks in the Discrete Logarithm Setting > - Authors: Dale Sibborn (Royal Holloway) Bertram Poettering () > - Abstract: We study cold boot attacks against implementations of elliptic curve cryptosuites (eg. in OpenSSL and PolarSSL), and we manage to reconstruct private keys in these settings. > - Speaker name: Mr Dale Sibborn Affiliation: Royal Holloway, University of London > - Speaker Bio: Dale has a background in pure mathematics and joined the Information Security Group at Royal Holloway in 2011. He is currently studying for a PhD under the supervision of Professor Kenny Paterson in the areas of applied and theoretical cryptography as part of the EPSRC-funded project "Cryptography: Bridging Theory and Practice". ================================================================= Session 11:20 am - 12:10 pm ============================================================== >> - Session Title: Homomorphic Encryption and Its Applications to DRM >> - Session Abstract: Homomorphic encryption schemes allow computation on encrypted data which is a useful property on many applications such as secure voting systems and private information retrieval. This session presents an application of homomorphic encryption to obtain a new asymmetric fingerprinting scheme and a new linearly homomorphic encryption scheme. >> - Session classification: o Advanced - Sessions focused on advanced principles and concepts, geared toward attendees with deep subject knowledge and 10 or more years of experience. Little/no time is spent on defining terms and background. Contains demonstrations, line code, advanced architecture discussions, tools that can be shared, or similar level of content. ----------------------------------------------------------------------- 100 > - Title: Communication Optimal Tardos-based Asymmetric Fingerprinting > - Authors: Aggelos Kiayias (University of Athens) Nikos Leonardos (National and Kapodistrian University of Athens) Helger Lipmaa (University of Tartu, Estonia) Kateryna Pavlyk (University of Tartu, Estonia) Qiang Tang (University of Connecticut) > - Quick abstract (200 characters including spaces) We propose the first communication-optimal asymmetric fingerprinting scheme from Tardos code, and we provide a first complete security analysis in an extended model which handles group accusation. > - Speaker Name, Title, Organization Qiang Tang, Ph.D candidate, University of Connecticut > - Speaker bio (no more than 800 character, including spaces) Qiang Tang is a Ph.D candidate in CSE department at University of Connecticut, under the supervision of Dr Aggelos Kiayias and Dr Alex Russell. He also paid several academic visits to (or interned at) University of Athens, University of Wisconsin, Madison, and NTT R&D. Qiang�s research interests are applied and theoretical cryptography and computer security in general. His recent works consider cryptology in the extreme cases, including new types of accountability problems which provide proactive deterrence when the key owner is malicious, and the formalization of the security of decoy systems (i.e. honey encryption schemes) when the key entropy is very low. He also revisited a couple of classic accountability problems and had contributions on graded distributed cryptography. --------------------------------------------------------------------------------- 25 > - Title: Linearly Homomorphic Encryption from DDH > - Authors: Guilhem Castagnos (University of Bordeaux) Fabien Laguillaumie (Université Lyon 1) > - Quick abstract (200 characters including spaces) We design the first linearly homomorphic encryption scheme whose security relies on the sole hardness of a discrete logarithm problem in the class group of an imaginary quadratic field. > - Speaker Name, Title, Organization Guilhem Castagnos, maître de conférences, Institut de Mathématiques de Bordeaux UMR 5251 - Université de Bordeaux. > - Speaker bio (no more than 800 character, including spaces) Guilhem Castagnos obtained his Ph.D. degree from the university of Limoges (France) in 2006. Then Castagnos was a post-doctoral researcher at the university of Caen and at the university of Versailles. Since 2009, he is a maïtre de conférences at the institute of mathematics of the university of Bordeaux. His main research interest is public-key cryptography. ---------------------------------------------------------------------------------------