The seminar is expected to start at 1:00 pm CET (4:00 pm local time) on both days

 Session Chair:
 Dr. Marc Manzano
Vice President Cryptography Research Centre, Technology Innovation Institute
1:00 pm  2:00 pm
 Speaker:
 Prof. Joan Daemen
Radboud University Nijmegen
2:00 pm  3:00 pm
 Speaker:
 Prof. Lejla Batina
Radboud University Nijmegen
3:00 pm  4:00 pm
 Speaker:
 Dr. Johanna Sepúlveda
Airbus Defence and Space – Intelligence
 Presentation Abstract
The advent of quantum computers represents a threat for secure communications. In order to prepare for such an event, critical infrastructures must integrate quantumsecure capabilities. PostQuantum Cryptography (PQC) promises to protect current and future systems against classical and quantum attacks. However, the efficient, safe and secure integration of such technology is still a challenge. In this talk I discuss the ongoing efforts towards the development, implementation and standardization of PQC together with the opportunities and challenges of the adoption of such a quantumsecure solution at critical infrastructures.
4:00 pm  4:30 pm
 Speaker:
 Michail Maniatakos
New York University
 Authors:
Mohammed Nabeel, Eduardo Chielle, Mohammed Ashraf, Homer Gamil, Oleg Mazonka and Michail Maniatakos
 Presentation Abstract
Data security has become one of the major concerns of our time, as information residing in the digital domain is increasing at rapid rates. Sensitive documents such as data regarding health and financial status are nowadays being stored on cloud services. This trend has raised concerns about the security of the outsourced information, as threats with capabilities to exploit those tools are becoming more advanced. Attacks have already been deployed against a number of institutions including those of Equifax, Marriot International, and Scottrade [1]. In addition, adversaries are exploring different possibilities for exploiting cloud services, as new attack vectors like sidechannel techniques and hardware Trojans are becoming more prominent over time [2]. A number of solutions has been proposed to provide security on sensitive data. It is known that data exist in three forms: atrest, inmotion, and inuse. While existing commercial cryptography has developed solutions to protect dataatrest and inmotion, research has made comparatively small progress towards improving security for datainuse. Current commercial solutions are not capable of performing computations on encrypted information, implying that during a data transaction process, there is a point where information exists in an unencrypted format. Therefore, having to decrypt information for its computation almost eliminates the purpose of encrypting data in the other two phases. As a result, failing to provide security for datainuse creates windows of opportunities that can be exploited by adversaries. To bring up an example, Intel SGX cannot process encrypted information. Having to operate on unencrypted data implies that unprotected information resides in the microprocessor core and cache memories. Consequently, adversaries can exploit this vulnerability through a number of attacks [3].
4:30 pm  5:00 pm
 Speaker:
 Vittorio Zaccaria
Politecnico di Milano
 Author:
Vittorio Zaccaria
 Presentation Abstract
A side channel attack of a cryptographic circuit consists in exploiting available sidechannel information such as power consumption or time measurements to derive secret information (i.e., the key) that is used for cryptographic operation [1]. In the context of powerbased attacks, a probing attack is an attack where the attacker is allowed to put power probes into the circuit (which correspond to logic nodes) whose observations are then combined to derive the secret [2]. Among probing attacks, a correlation based attack derives the secret by exploiting the expected correlation of the observed power and the secret itself. A dprobing secure circuit is a circuit where it is guaranteed that if the attacker uses up to d probes, it will be impossible to construct any meaningful correlation with the secret.
5:00 pm  5:30 pm
 Speaker:
 Daniël Bodden
KU Leuven
 Authors:
Daniël Bodden and Vincent Rijmen
 Presentation Abstract
In recent years a lot of new lightweight block ciphers have been designed. To test the security bounds of these new lightweight ciphers, new cryptanalysis attacks have been discovered. One of these recent cryptanalysis attacks is the Invariant Subspace Attack [1]. The general idea behind the attack is that a round function of a block cipher maps a subspace A of some space to a subspace B of the same space. That means that the set A is preserved by the round function and remains stable for the encryption process. Further work on invariant subspace attack has been done to generalize the attack other block ciphers [2]. In their paper they propose a probabilistic method to discover minimal invariant subspaces for a round function. This new generic approach has been successfully applied on several ciphers such as Zorro, Robin and iSCREAM. There has been some interesting work done on several block ciphers with the Subspace Attack. The first is the original work on PRINTcipher, which fully breaks PRINTcipher [1]. The followup research done by the same au thor has been successfully breaking the ciphers Zorro, Robin and iSCREAM [2]. Other notable work claims that Skinny64, Prince and Mantis7 are not vulner able to invariant attacks [3]. Another take on Invariant Subspace attack uses Eigenvectors of Correlation Matrices, with interesting results for Midori64 and Mantis64 [4]. Another variant of the Subspace Attack is to use nonlinear in variants with eigenvectors of correlation matrices on Midori64 and Mantis4 to find subspace trails of [4]. In addition to Subspace Attacks, there also has been work done on methods to find automatically subspace trails. An interest ing generic approach with regard to finding subspace trails was introduced by [5]. Their proposed search strategy activates only single sboxes starting with onedimensional subspaces to find subspace trails.
5:30 pm  6:00 pm
 Speaker:
 Avital Shafran
The Hebrew University of Jerusalem
 Authors:
Avital Shafran, Gil Segev, Shmuel Peleg and Yedid Hoshen
 Presentation Abstract
Deep neural networks are revolutionizing many applications, but wider use may be slowed down by privacy concerns. As an example, a hospital may wish to preserve privacy of its data when using external medical image diagnosis services. On the other hand, the diagnosis company may not be willing to share its neural network model with the hospital to safeguard its intellectual property. Such privacy conflicts could prevent hospitals from using neural network services for improving healthcare. The ability to evaluate neural network models on private data will allow the use of such services in privacysensitive applications. The privacy challenge has attracted significant research in the cryptography community. Cryptographic tools were developed to convert any computation to secure computation, i.e. computation where the view of each involved party is guaranteed not to reveal any nonessential information on the inputs of the other parties. The deep learning setting consists of two parties, one providing the data and the other providing the neural network model. Secure computa tion is typically slower then nonsecure computation and requires much higher networking bandwidth. Recently, various approaches were proposed for secure computation of neural networks [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13]. However, due to their computational complexity, these approaches have been limited to very small networks having little applicability.
6:00 pm  7:00 pm
 Speaker:
 Dr Hoda Alkhzaimi
New York University
 Presentation Abstract
The need to push hardware cryptography design and analysis into tighter bounds has become an essential need to catch up with evolution of digital hardware devices embedded on multiple platforms in IoT environments, quantum based applications and energy harvesting devices among others environments. This talk will discuss the opportunities that exist within the different cryptographic algorithms designs and analysis methodologies that aim to bridge the gap between statistical and hardware analysis of the cryptographic algorithms in discussion.

 Session Chair:
 Dr. Najwa Aaraj
Chief Researcher Cryptography Research Centre, Technology Innovation Institute
1:00 pm  2:00 pm
 Speaker:
 Prof. Artur Ekert
University of Oxford
 Presentation Abstract
Among those who make a living from the science of secrecy, worry and paranoia are just signs of professionalism. Can we protect our secrets against those who wield superior technological powers? Can we trust those who provide us with tools for protection? Can we even trust ourselves, our own freedom of choice? Recent developments in quantum cryptography show that some of these questions can be addressed and discussed in precise and operational terms, suggesting that privacy is indeed possible under surprisingly weak assumptions. I will provide an overview of how quantum entanglement, after playing a significant role in the development of the foundations of quantum mechanics, became a new physical resource for all those who seek the ultimate limits of secrecy.
2:00 pm  2:30 pm
 Speaker:
 Norbert Tihanyi
Digital14/ xen1thLabs
 Authors:
Norbert Tihanyi and Bertalan Borsos
 Presentation Abstract
Highquality random numbers are important in many fields of computer science. Truncating the output of a random number generator's step is a common technique to enhance the security of generators. Linear Congruential Generators (LCG) with truncated output when only some bits are observable by an adversary was first considered by Knuth. These type of generators were shown to be predictable. The socalled 1/N generator was analyzed by Blum, Blum and Shub and was shown that using the theory of continued fractions one can recover the secret N in time polynomial in the bitsize of N observing only 2log N +O(1) bits. In this talk, we introduce a PRNG construction based on truncated digit expansion of a modified RiemannSiegel Formula. In order to eliminate known cryptanalysis methods such as linear approximation of the f(x) function, Coppersmith’s method, or Stehlé’s algorithm which reconstructs the secret x observing the truncated digit expansion of f(x), the appropriate choice of f(x) is crucial. We are presenting some ideas how to chose an appropriate f(x) to construct promising random number generators based on some special type of DirichletL functions.
2:30 pm  3:00 pm
 Speaker:
 Sumesh R Manjunath
New York University
 Presentation Abstract
It is estimated that, by 2025, roughly 41 billion IoT devices will be connected and generate 79.4 zettabytes (ZB) of data [1]. With such a huge volume of devices and data, it is critical to secure such devices and data generated using such devices. Most of the IoT devices are resource constrained devices such as Embedded Systems, RFIDs, Sensor devices. Here, often, the resource constrained means limited power supply, limited area or memory. Hence, we need lightweight cryptography to suit IoT devices and for this NIST is running a competition to select ciphers for lightweight cryptography [2]. In our talk, we will focus on different cryptanalysis techniques for lightweight ciphers. First ,we will show Side Channel Analysis technique on an Addition RotationXor (ARX) based cipher, namely SPARX64/128. Then, we will try to answer whether Side channel information can help differential cryptanalysis in Lightweight Ciphers, specifically ARX Ciphers. For this we, will demonstrate on SPECK32 cipher.
3:00 pm  3:30 pm
 Speaker:
 Lior Rotem
The Hebrew University of Jerusalem
 Authors:
Lior Rotem and Gil Segev
 Presentation Abstract
The recent and exciting notion of a verifiable delay function, introduced by Boneh et al. [1], and the classic notion of timelock puzzles, introduced by Rivest, Shamir and Wagner [2], are gaining significant interest due to a host of thrilling applications. These include, for example, randomness beacons, resourceefficient blockchains, proofs of replication and computational timestamping. A fundamental notion underlying both of these notions is that of a cryptographic delay function: For a delay parameter T, evaluating a delay function on a randomly chosen input should require at least T sequential steps (even with a polynomial number of parallel processors and with a preprocessing stage), yet the function can be evaluated on any input in time polynomial in T. A delay function can be easily constructed by iterating a cryptographic hash function. A major benefit of this construction is that its sequentiality is supported by an idealizedmodel proof of security: When the hash function is modeled as a random oracle, its sequentiality is guaranteed in an information theoretic sense. Alas, the lack of structure exhibited by this construction seems to disable its practical use for realizing timelock puzzles or verifiable delay functions. Specifically, for timelock puzzles, iterated hashing does not seem to admit sufficiently fast generation of inputoutput pairs [3]; and for verifiable delay functions it does not seem to enable sufficiently fast verification.
3:30 pm  4:00 pm
 Speaker:
 Abderrahmane Nitaj
University of Caen Normandy
 Authors:
Hamad Alshehhi and Abderrahmane Nitaj
 Presentation Abstract
The RSA system was proposed in 1977 by Rivest, Shamir, and Adleman [1] as a public key cryptosystem. The RSA algorithm strength depends on the difficulty of factorizing a large integer n which is the product of two large primes p and q. In RSA, the public exponent is an integer e and the private exponent is an integer d such that ed ≡ 1 (mod (p  1)(q  1)). To improve the efficiency of RSA, many variants have been proposed such as Batch RSA, Multiprime RSA, Primepower RSA, CRTRSA, RebalancedRSA, Dual RSA and DRSA. In 1985, Koblitz [2] and Miller [3] showed independently how to use elliptic curves over finite fields for the design of cryptosystems. Such schemes contribute to the elliptic curve cryptography (ECC) and their security is based on the hardness of the elliptic curve discrete logarithm (ECDLP).
4:00 pm  4:30 pm
 Speaker:
 Hebatallah Ibrahim
New York University
 Presentation Abstract
Physical unclonable functions (PUFs) are promising advanced primitives that are employed to generate essential true intrinsic randomness which is critical for cryptographic applications. The properties generated can be used to build security application used to provide condentiality and authentication especially secret key storage without the requirement of secure memory. The most popular PUF architectures are transistorbased and they focus on exploiting the intrinsic variation of the CMOS based circuits as in FPGAbased circuits. Then emerged the nanotechnologybased PUFs aiming to achieve more secure, robust and lightweight PUF architectures. Nano devices such as Memristors, hold promising solutions for future universal memory. Memristorbased PUF has proven to be more resilient to attacks such as reverse engineering; moreover, it has been proven to have less room to insert hardware Trojans. The design for a memristorbased true random number generator (TRNG) has been discussed in literature and some designs have been tested by several statistical randomness tests designed by National Institute of Standards and Technology (NIST). However, not all have proven to pass the NIST tests. A clear advantage of Memristorbased PUF is the the reduction in area utilization compared to CMOSbased PUFs. Nonetheless, their attractive properties such as low power con sumption. Memristors based on HfO2x is a favorable candidate given that it is compatible with advanced CMOS technologies, have fast switching speed, high endurance and excellent scalability. PUF designs must achieve uniqueness, irreversibility and reliability.
4:30 pm  5:00 pm
 Speaker:
 Prof. José Ignacio Latorre
Technology Innovation Institute
5:00 pm  6:00 pm
 Speaker:
 Prof. Niraj Jha
Princeton University
6:00 pm  7:00 pm
 Speakers:
 Prof. Ibrahim Elfadel
Khalifa University
 Dr. Najwa Aaraj
Technology Innovation Institute