Programme

• Speaker:
• Prof. Joan Daemen

  Radboud University Nijmegen

Download Presentation

• Speaker:
• Prof. Lejla Batina

  Radboud University Nijmegen

• Speaker:
• Dr. Johanna Sepúlveda

  Airbus Defence and Space – Intelligence

• Presentation Abstract

  The advent of quantum computers represents a threat for secure communications. In order to prepare for such an event, critical infrastructures must integrate quantum-secure capabilities. Post-Quantum Cryptography (PQC) promises to protect current and future systems against classical and quantum attacks. However, the efficient, safe and secure integration of such technology is still a challenge. In this talk I discuss the ongoing efforts towards the development, implementation and standardization of PQC together with the opportunities and challenges of the adoption of such a quantum-secure solution at critical infrastructures.

  Show more

• Speaker:
• Michail Maniatakos

  New York University

• Authors:

  Mohammed Nabeel, Eduardo Chielle, Mohammed Ashraf, Homer Gamil, Oleg Mazonka and Michail Maniatakos

• Presentation Abstract

  Data security has become one of the major concerns of our time, as information residing in the digital domain is increasing at rapid rates. Sensitive documents such as data regarding health and financial status are nowadays being stored on cloud services. This trend has raised concerns about the security of the outsourced information, as threats with capabilities to exploit those tools are becoming more advanced. Attacks have already been deployed against a number of institutions including those of Equifax, Marriot International, and Scottrade [1]. In addition, adversaries are exploring different possibilities for exploiting cloud services, as new attack vectors like side-channel techniques and hardware Trojans are becoming more prominent over time [2]. A number of solutions has been proposed to provide security on sensitive data. It is known that data exist in three forms: at-rest, in-motion, and inuse. While existing commercial cryptography has developed solutions to protect data-at-rest and in-motion, research has made comparatively small progress towards improving security for data-in-use. Current commercial solutions are not capable of performing computations on encrypted information, implying that during a data transaction process, there is a point where information exists in an unencrypted format. Therefore, having to decrypt information for its computation almost eliminates the purpose of encrypting data in the other two phases. As a result, failing to provide security for data-in-use creates windows of opportunities that can be exploited by adversaries. To bring up an example, Intel SGX cannot process encrypted information. Having to operate on unencrypted data implies that unprotected information resides in the microprocessor core and cache memories. Consequently, adversaries can exploit this vulnerability through a number of attacks [3].

  Show more

• Speaker:
• Vittorio Zaccaria

  Politecnico di Milano

• Author:

  Vittorio Zaccaria

• Presentation Abstract

  A side channel attack of a cryptographic circuit consists in exploiting available side-channel information such as power consumption or time measurements to derive secret information (i.e., the key) that is used for cryptographic operation [1]. In the context of power-based attacks, a probing attack is an attack where the attacker is allowed to put power probes into the circuit (which correspond to logic nodes) whose observations are then combined to derive the secret [2]. Among probing attacks, a correlation based attack derives the secret by exploiting the expected correlation of the observed power and the secret itself. A d-probing secure circuit is a circuit where it is guaranteed that if the attacker uses up to d probes, it will be impossible to construct any meaningful correlation with the secret.

  Show more

• Speaker:
• Daniël Bodden

  KU Leuven

• Authors:

  Daniël Bodden and Vincent Rijmen

• Presentation Abstract

  In recent years a lot of new lightweight block ciphers have been designed. To test the security bounds of these new lightweight ciphers, new cryptanalysis attacks have been discovered. One of these recent cryptanalysis attacks is the Invariant Subspace Attack [1]. The general idea behind the attack is that a round function of a block cipher maps a subspace A of some space to a subspace B of the same space. That means that the set A is preserved by the round function and remains stable for the encryption process. Further work on invariant subspace attack has been done to generalize the attack other block ciphers [2]. In their paper they propose a probabilistic method to discover minimal invariant subspaces for a round function. This new generic approach has been successfully applied on several ciphers such as Zorro, Robin and iSCREAM. There has been some interesting work done on several block ciphers with the Subspace Attack. The first is the original work on PRINTcipher, which fully breaks PRINTcipher [1]. The follow-up research done by the same au- thor has been successfully breaking the ciphers Zorro, Robin and iSCREAM [2]. Other notable work claims that Skinny64, Prince and Mantis7 are not vulner- able to invariant attacks [3]. Another take on Invariant Subspace attack uses Eigenvectors of Correlation Matrices, with interesting results for Midori-64 and Mantis-64 [4]. Another variant of the Subspace Attack is to use non-linear in- variants with eigenvectors of correlation matrices on Midori-64 and Mantis-4 to find subspace trails of [4]. In addition to Subspace Attacks, there also has been work done on methods to find automatically subspace trails. An interest- ing generic approach with regard to finding subspace trails was introduced by [5]. Their proposed search strategy activates only single s-boxes starting with one-dimensional subspaces to find subspace trails.

  Show more

• Speaker:
• Avital Shafran

  The Hebrew University of Jerusalem

• Authors:

  Avital Shafran, Gil Segev, Shmuel Peleg and Yedid Hoshen

• Presentation Abstract

  Deep neural networks are revolutionizing many applications, but wider use may be slowed down by privacy concerns. As an example, a hospital may wish to preserve privacy of its data when using external medical image diagnosis services. On the other hand, the diagnosis company may not be willing to share its neural network model with the hospital to safeguard its intellectual property. Such privacy conflicts could prevent hospitals from using neural network services for improving healthcare. The ability to evaluate neural network models on private data will allow the use of such services in privacy-sensitive applications. The privacy challenge has attracted significant research in the cryptography community. Cryptographic tools were developed to convert any computation to secure computation, i.e. computation where the view of each involved party is guaranteed not to reveal any non-essential information on the inputs of the other parties. The deep learning setting consists of two parties, one providing the data and the other providing the neural network model. Secure computa- tion is typically slower then non-secure computation and requires much higher networking bandwidth. Recently, various approaches were proposed for secure computation of neural networks [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13]. However, due to their computational complexity, these approaches have been limited to very small networks having little applicability.

  Show more

• Speaker:
• Dr Hoda Alkhzaimi

  New York University

• Presentation Abstract

  The need to push hardware cryptography design and analysis into tighter bounds has become an essential need to catch up with evolution of digital hardware devices embedded on multiple platforms in IoT environments, quantum based applications and energy harvesting devices among others environments. This talk will discuss the opportunities that exist within the different cryptographic algorithms designs and analysis methodologies that aim to bridge the gap between statistical and hardware analysis of the cryptographic algorithms in discussion.

  Show more

• Speaker:
• Prof. Artur Ekert

  University of Oxford

• Presentation Abstract

  Among those who make a living from the science of secrecy, worry and paranoia are just signs of professionalism. Can we protect our secrets against those who wield superior technological powers? Can we trust those who provide us with tools for protection? Can we even trust ourselves, our own freedom of choice? Recent developments in quantum cryptography show that some of these questions can be addressed and discussed in precise and operational terms, suggesting that privacy is indeed possible under surprisingly weak assumptions. I will provide an overview of how quantum entanglement, after playing a significant role in the development of the foundations of quantum mechanics, became a new physical resource for all those who seek the ultimate limits of secrecy.

  Show more

Download Presentation

• Speaker:
• Norbert Tihanyi

  Digital14/ xen1thLabs

• Authors:

  Norbert Tihanyi and Bertalan Borsos

• Presentation Abstract

  High-quality random numbers are important in many fields of computer science. Truncating the output of a random number generator's step is a common technique to enhance the security of generators. Linear Congruential Generators (LCG) with truncated output when only some bits are observable by an adversary was first considered by Knuth. These type of generators were shown to be predictable. The so-called 1/N generator was analyzed by Blum, Blum and Shub and was shown that using the theory of continued fractions one can recover the secret N in time polynomial in the bit-size of N observing only 2log N +O(1) bits. In this talk, we introduce a PRNG construction based on truncated digit expansion of a modified Riemann-Siegel Formula. In order to eliminate known cryptanalysis methods such as linear approximation of the f(x) function, Coppersmith’s method, or Stehlé’s algorithm which reconstructs the secret x observing the truncated digit expansion of f(x), the appropriate choice of f(x) is crucial. We are presenting some ideas how to chose an appropriate f(x) to construct promising random number generators based on some special type of Dirichlet-L functions.

  Show more

• Speaker:
• Sumesh R Manjunath

  New York University

• Presentation Abstract

  It is estimated that, by 2025, roughly 41 billion IoT devices will be connected and generate 79.4 zettabytes (ZB) of data [1]. With such a huge volume of devices and data, it is critical to secure such devices and data generated using such devices. Most of the IoT devices are resource constrained devices such as Embedded Systems, RFIDs, Sensor devices. Here, often, the resource constrained means limited power supply, limited area or memory. Hence, we need lightweight cryptography to suit IoT devices and for this NIST is running a competition to select ciphers for lightweight cryptography [2]. In our talk, we will focus on different cryptanalysis techniques for lightweight ciphers. First ,we will show Side Channel Analysis technique on an Addition- Rotation-Xor (ARX) based cipher, namely SPARX-64/128. Then, we will try to answer whether Side channel information can help differential cryptanalysis in Lightweight Ciphers, specifically ARX Ciphers. For this we, will demonstrate on SPECK-32 cipher.

  Show more

• Speaker:
• Lior Rotem

  The Hebrew University of Jerusalem

• Authors:

  Lior Rotem and Gil Segev

• Presentation Abstract

  The recent and exciting notion of a verifiable delay function, introduced by Boneh et al. [1], and the classic notion of time-lock puzzles, introduced by Rivest, Shamir and Wagner [2], are gaining significant interest due to a host of thrilling applications. These include, for example, randomness beacons, resource-efficient blockchains, proofs of replication and computational timestamping. A fundamental notion underlying both of these notions is that of a cryptographic delay function: For a delay parameter T, evaluating a delay function on a randomly chosen input should require at least T sequential steps (even with a polynomial number of parallel processors and with a preprocessing stage), yet the function can be evaluated on any input in time polynomial in T. A delay function can be easily constructed by iterating a cryptographic hash function. A major benefit of this construction is that its sequentiality is supported by an idealized-model proof of security: When the hash function is modeled as a random oracle, its sequentiality is guaranteed in an information theoretic sense. Alas, the lack of structure exhibited by this construction seems to disable its practical use for realizing time-lock puzzles or verifiable delay functions. Specifically, for time-lock puzzles, iterated hashing does not seem to admit sufficiently fast generation of input-output pairs [3]; and for verifiable delay functions it does not seem to enable sufficiently fast verification.

  Show more

• Speaker:
• Abderrahmane Nitaj

  University of Caen Normandy

• Authors:

  Hamad Alshehhi and Abderrahmane Nitaj

• Presentation Abstract

  The RSA system was proposed in 1977 by Rivest, Shamir, and Adleman [1] as a public key cryptosystem. The RSA algorithm strength depends on the difficulty of factorizing a large integer n which is the product of two large primes p and q. In RSA, the public exponent is an integer e and the private exponent is an integer d such that ed ≡ 1 (mod (p - 1)(q - 1)). To improve the efficiency of RSA, many variants have been proposed such as Batch RSA, Multi-prime RSA, Prime-power RSA, CRT-RSA, Rebalanced-RSA, Dual RSA and DRSA. In 1985, Koblitz [2] and Miller [3] showed independently how to use elliptic curves over finite fields for the design of cryptosystems. Such schemes contribute to the elliptic curve cryptography (ECC) and their security is based on the hardness of the elliptic curve discrete logarithm (ECDLP).

  Show more

• Speaker:
• Hebatallah Ibrahim

  New York University

• Presentation Abstract

  Physical unclonable functions (PUFs) are promising advanced primitives that are employed to generate essential true intrinsic randomness which is critical for cryptographic applications. The properties generated can be used to build security application used to provide condentiality and authentication especially secret key storage without the requirement of secure memory. The most popular PUF architectures are transistor-based and they focus on exploiting the intrinsic variation of the CMOS based circuits as in FPGA-based circuits. Then emerged the nanotechnology-based PUFs aiming to achieve more secure, robust and lightweight PUF architectures. Nano devices such as Memristors, hold promising solutions for future universal memory. Memristor-based PUF has proven to be more resilient to attacks such as reverse engineering; moreover, it has been proven to have less room to insert hardware Trojans. The design for a memristor-based true random number generator (TRNG) has been discussed in literature and some designs have been tested by several statistical randomness tests designed by National Institute of Standards and Technology (NIST). However, not all have proven to pass the NIST tests. A clear advantage of Memristor-based PUF is the the reduction in area utilization compared to CMOS-based PUFs. Nonetheless, their attractive properties such as low power con- sumption. Memristors based on HfO2-x is a favorable candidate given that it is compatible with advanced CMOS technologies, have fast switching speed, high endurance and excellent scalability. PUF designs must achieve uniqueness, irreversibility and reliability.

  Show more

• Speaker:
• Prof. José Ignacio Latorre

  Technology Innovation Institute

• Speaker:
• Prof. Niraj Jha

  Princeton University

• Speakers:
• Prof. Ibrahim Elfadel

  Khalifa University

• Dr. Najwa Aaraj

  Technology Innovation Institute