Preliminary conference programConference program will consist of longer invited talks and shorter contributed talks in five planned sessions.
- June 21st: Registration open at 16:00, dinner at hotel after 18:00
- June 22nd: Morning (invited talks) and afternoon sessions (contributed talks)
- June 23rd: Morning (invited talks and contributed talks) and afternoon sessions (contributed talks), Conference Banquet
- June 24th: Morning session (tutorial and problem session)
If you want to present a problem in a "Problem session" (default time: 5 min), please send an email to tatracrypt @ gmail.com before June 20.
Stefan Porubsky: Semigroup structure of sets of solutions to equation X^m=X^s
Using an idempotent semigroup approach we shall describe the semigroup and group structure of the set of solutions to X^m=X^s over a periodic commutative semigroup T in terms of the maximal subsemigroups belonging to an idempotent of T.
Peter Schwabe: High-assurance cryptographic software
Cryptographic software is in various ways different from other software: It is often highly performance critical, which means that hand-optimizing it on the assembly level for the last 10% of performance is often worth the effort. Also, it deals with secret data and must not leak this data through, for example, timing. Furthermore, implementations of cryptographic algorithms typically come with a mathematical specification of this algorithm. Finally, cryptographic software is always critical. Bugs in crypto software are particularly disastrous because they are not only possibly triggered by accidentally choosing a "wrong" input, they can be triggered by attackers on purpose to break into the encryption. This raises the question of whether the cryptographic software that we're using every day is actually correct and secure and what means we have to make sure that it is. In my talk I will zoom into a specific example of cryptographic software, namely implementations of elliptic-curve cryptography (ECC), and present gfverif, a tool that Bernstein and I are developing to formally verify the correctness of ECC software.
Rainer Steinwandt: Bounding the post-quantum security margin of block ciphers
The impact of quantum computing on the security of block ciphers is expected to be less dramatic than on the security of popular asymmetric cryptographic primitives. The most prominent attack against block ciphers in a post-quantum setting is an exhaustive key search with Grover's algorithm. A common suggestion to counter this attack is to double the key length. To understand the impact of Grover's algorithm more precisely, the cost of implementing the targeted cipher (or several instances thereof) with quantum gates needs to be considered, a cost that depends on the specific cipher design. In this presentation we look at attacks against block ciphers using quantum technology, including in particular a discussion of Grover's algorithm when applied to the Advanced Encryption Standard.The talk is based on joint work with Brittanney Amento, Markus Grassl, Brandon Langenberg, and Martin Roetteler.
Damian Vizar: The State of the Authenticated Encryption
Ensuring confidentiality and integrity of communication remains among the most important goals of cryptography. The notion of authenticated encryption marries these two security goals in a single symmetric-key, cryptographic primitive. A lot of effort has been invested in authenticated encryption during the fifteen years of its existence. The recent Competition for Authenticated Encryption: Security, Applicability, and Robustness (CAESAR) has boosted the research activity in this area even more. As a result, the area of authenticated encryption boasts numerous results, both theoretically and practically oriented, and perhaps even greater number of constructions of authenticated encryption schemes.
In this talk, we will explore the current landscape of results on authenticated encryption. We will review the CEASAR competition and its candidates, the most popular construction principles, and various design goals for authenticated encryption, many of which appeared during the CAESAR competition. We will also take a closer look at the candidate Offset Merkle-Damgard (OMD).
Bingsheng Zhang: End-to-end verifiable e-voting system with minimal assumptions
In an end-to-end (E2E) verifiable election system, voters have the ability to verify that their vote was properly cast, recorded and tallied into the election result. Intuitively, the security property that an E2E verifiable election intends to capture is the ability of the voters to detect a malicious election authority that tries to misrepresent the election outcome. In the literature, many E2E verifiable e-voting systems required some additional assumptions (specifically, either the existence of a “randomness beacon” or were only shown secure in the RO model). In this talk, we will introduce several recently developed techniques to achieve end-to-end verifiability information theoretically in the standard model and privacy/receipt-freeness under a computational assumption. Later, we will then discuss how to improve the efficiency, scalability, and robustness of the proposed E2E verifiable election system.