[crypto] Fwd: CWG program

[R. Hirschfeld]

-------- Original Message --------
Subject: CWG program
Date: 2025-09-01 16:18
 From: "Guarise Vieira, Heloise" <h.guarise.vieira at tue.nl>
To:

Dear all,

Find below the program for the next CWG this Friday, at the Kargadoor, 
in Utrecht.

Best regards,


10:45h
Speaker: Solane El Hirch
Title: Tearing Solutions for Tree Traversal in Stateful Hash-based 
Cryptography
Abstract. Stateful hash-based signature schemes are a family of 
post-quantum signature schemes. XMSS and LMS, two digital signature 
schemes standardized by NIST, belong to this family. Both are structured 
as a collection of one-time signature key pairs, which are combined 
using Merkle
binary tree. They rely on tree traversal algorithms to optimize time 
versus memory efficiency, reducing the signing time of the schemes at the 
cost of managing a larger amount of auxiliary data (i.e, state). In this 
paper, we focus on XMSS with the BDS algorithm when used in a practical 
setting on an embedded device. One challenge on such devices is that 
they can experience a loss of power unexpectedly. For instance, an NFC 
chip might be torn away from its power source In the case of such a 
tearing event, the validity of the state can be impacted: the algorithm 
does not update the state correctly if such an event occurs. We propose 
an algorithm based on BDS that we call BDSFix. This algorithm recovers 
the BDS state following a tearing event. Our algorithm either equals 
(for a single tearing event) or outperforms recovering the state through 
BDS for any number of tearings larger than 1. This ranges from a 9% 
speed-up for six subsequent tearing events to improvements by factors of 
up to 8 for a large number of tearing events.

11:30 – Coffee Break
11:45h
Presenter: Jolijn Cottaar
Title: Continued-Fraction Differential Addition Chains

Abstract: Elliptic curves are an essential part of both pre-quantum 
cryptography (ECDH) and post-quantum cryptography (isogenies). In both 
cases there is the need to calculate scalar multiples of a point of an 
elliptic curve over a finite field.  Traditional solutions contain 
different types of addition chains (for example Montgomery ladder). In 
this talk I will give a quick overview of different types of chains and 
where these are used. I will mainly focus on the continued-fraction 
differential addition chain, introduced by Motngomery. In practice these 
chains are usually found using a slow algorithm. I will explain the two 
(or three) new algorithms we introduced in our ANTS XVI paper "Searching 
for Differential Addition Chains" by Bernstein, Cottaar and Lange.

12:30h – Lunch
14:00h
Presenter: Yanis Belkheyar
Title: Sonic: A low-Latency Permutation Family

For many latency-critical operations in computer systems, like memory 
reads or pointer authentication, adding encryption can significantly 
impact performance.
Hence, the existence of cryptographic primitives with good security 
properties and minimal latency is a key element in the widespread 
implementation of such security measures.
This paper introduces Sonic, a new family of low-latency permutations 
inspired by the Simon block ciphers.
Comparing different metrics, we show the improvement of Sonic over 
Simon, in both, security and performance.
We also instantiate an Even-Mansour construction with 18 rounds of 
Sonic256 and a Kirby construction with 16 rounds Sonic256, and a duplex 
construction with 12 rounds of Sonic512  to build ciphers for which we 
provide security analysis and performance tests.
Our permutations are primarily designed for hardware implementations but 
are also expected to be quite competitive in software implementations.

14:45h – Coffee Break
15:00h
Presenter: Jonathan Levin
Title: PQConnect: Automated Post-Quantum End-to-End Tunnels

A major software engineering challenge spurred by the threat of quantum 
computers is the rapid and widespread deployment of post-quantum 
cryptography (PQC) to the Internet.
Researchers and engineers are currently working to integrate PQC into 
existing cryptographic network protocols, most notably TLS.
This process, however, is slow, labor-intensive, and not trivial.
This talk presents PQConnect, a new post-quantum tunneling protocol that 
provides a complementary pathway to protecting network traffic with PQC 
now, while applications continue the hard work to integrate post-quantum 
schemes into their network security.
PQConnect functions similarly to an VPN, in that it cryptographically 
protects entire packets between clients and servers, and applications 
are automatically protected without needing to be aware of PQConnect.
Unlike a VPN, however, PQConnect requires no pre-existing knowledge of 
peers or a proxy, and cryptographic security is extended end-to-end.
Clients running PQConnect automatically discover servers that also run 
PQConnect, and automatically establish a secure, post-quantum tunnel 
with the server.
All application traffic between client and server is then encrypted and 
routed through the tunnel.
PQConnect software is currently available for GNU/Linux and has been 
packaged in Debian, with development for other platforms currently in 
progress.

15:45h – End of activities

--

[Image]

Heloise Vieira, PhD
Discrete Mathematics Cluster, Project Leader
Department of Mathematics and Computer Science
Phone number +31 (0)402474864

De Zaale, Eindhoven
05 MetaForum, MF 5.120