[crypto] [secdm at tue.nl: PROGRAM Crypto Working Group, June 14 2013]

R. Hirschfeld ray at unipay.nl
Tue Jun 11 09:37:04 CEST 2013 

------- Start of forwarded message -------
From: Secretariaat DM <secdm at tue.nl>
Subject: PROGRAM Crypto Working Group, June 14 2013
Date: Tue, 11 Jun 2013 07:13:01 +0000

Dear all,

Herewith I send you the complete program of the CWG-meeting for tomorrow Friday, June 14, 2013.

With kind regards / Met vriendelijke groeten,
Anita Klooster
secretary of the section Discrete Mathematics

[cid:image001.gif at 01CB8FB5.88A9C0F0]

Dept. of Mathematics and Computer Science
MF 4.058
Office hours: Monday and Friday 08.30-12.30 h / Tuesday and Wednesday 08.30-17.00 h
Telephone: +31 (0)40 2472254
Email: secdm at tue.nl<mailto:secdm at tue.nl>


CRYPTO WORKING GROUP


Friday, June 14, 2013

                                                De Kargadoor (http://www.kargadoor.nl/utrecht/zaalverhuur.html)
                                                Oudegracht 36, Utrecht



Program

10.45 - 11.30 hrs.   Tony Chou (TU/e),
McBits: fast constant-time code-based cryptography
(Abstract below)

11.30 -  11.45 hrs.   Coffee / tea break

11.45 - 12.30 hrs.    Marc Stevens (CWI),
Counter-cryptanalysis: analyzing Flame's new collision attack
(Abstract below)

12.30 -  14.00 hrs.   Lunch break (lunch not included)

14.00 - 14.45 hrs.    Ruud Pellikaan (TU/e),
Error-correcting pairs and majority coset decoding in public-key crypto systems and secret sharing

14.45 - 15.00 hrs.    Coffee / tea break

15.00 - 15.45 hrs.    Anna Krasnova (RU Nijmegen),

                                               Elligator: Elliptic curve points indistinguishable from uniform random strings

                                   (Abstract below)





Abstract talk Tony Chou, McBits: fast constant-time code-based cryptography

This talk presents extremely fast algorithms for code-based public-key cryptography, including full protection against timing attacks. For example, our software achieves a reciprocal throughput of just 36615 cycles per decryption at a 80-bit security level on a single Ivy Bridge core. These algorithms rely on an additive FFT for fast root computation, a transposed additive FFT for fast syndrome computation, and a sorting network to avoid cache-timing attacks.



Abstract talk Marc Stevens, Counter-cryptanalysis: analyzing Flame's new collision attack

Flame, a highly advanced malware for cyberwarfare discovered in May, spread itself through Microsoft Windows Update as a properly, but illegitimately, signed security patch. Flame achieved this by forging a signature from Microsoft using a so-called chosen-prefix collision attack on the very weak cryptographic hash function MD5. In this talk we will introduce counter-cryptanalysis, a new paradigm for strengthening cryptographic primitives, and the first example thereof, namely an efficient anomaly detection technique that detects whether a given signature was forged using a cryptanalytic collision attack on the underlying hash function. We have used our new technique to analyze the collision attack used by Flame and made the very surprising (and scientifically interesting) discovery that Flame used an as of yet unknown variant of our chosen-prefix collision attack that we introduced in 2007 and greatly improved in 2009. In this talk we will also present our analysis of this !
 new variant attack.



Abstract talk Anna Krasnova, Elligator: Elliptic curve points indistinguishable from uniform random strings

Censorship-circumvention tools are in an arms race against censors. The censors study all traffic passing into and out of their controlled sphere, and try to disable censorship- circumvention tools without completely shutting down the Internet. Tools aim to shape their traffic patterns to match unblocked programs, so that simple traffic profiling cannot identify the tools within a reasonable number of traces; the censors respond by deploying firewalls with increasingly sophisticated deep-packet inspection.

Cryptography hides patterns in user data but does not evade censorship if the censor can recognize patterns in the cryptography itself. In particular, elliptic-curve cryptography often transmits points on known elliptic curves, and those points are easily distinguishable from uniform random strings of bits.

Elligator provides high-security high-speed elliptic-curve systems in which elliptic-curve points are encoded so as to be indistinguishable from uniform random strings.
------- End of forwarded message -------

More information about the crypto mailing list