International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Invited talks and papers

This page attempts to list all invited talks and papers at IACR conferences. IACR distinguished lectures are listed on this page. If any others are missing, please notify

Year
Venue
Title
2021
EUROCRYPT
A Decade (or So) of Fully Homomorphic Encryption
β˜…Invited talk
This talk is about the past, present and future of fully homomorphic encryption. I will try to convince you that, over the last decade (or so), FHE has made an amazing transformation from proof of concept to a tool that is actually practical and usable. I will review a few homomorphic encryptions schemes (including non-fully homomorphic ones) to demonstrate commonalities in how we start from a homomorphism, and use masking techniques to defeat common attacks (especially linear algebra) on the homomorphism, to obtain semantically secure homomorphic encryption. And, finally, I will try to delineate the search space for fundamentally new FHE schemes that fall outside of the current framework.
2021
EUROCRYPT
An Evolution of Models for Zero-Knowledge Proofs
β˜…Invited talk
This talk will explore some of the recent (hyper)activity in the space of zero-knowledge proofs, looking at the applications that are driving their development, the different models that have emerged to capture these new interactions, the constructions that we can achieve, and where there is still work left to do.
2021
PKC
How Provably Secure are (EC)DSA Signatures? πŸ“Ί
β˜…Invited talk
Today, digital signatures are an omnipresent cryptographic primitive. They are extensively used for message and entity authentication and find widespread application in real-world protocols. Without much doubt, the specific schemes deployed most often are the RSA-based PKCS#1 v1.5, and the discrete logarithm-based DSA and ECDSA. For instance, current versions of TLS - the standard technology for securing internet connections - exclusively employ signatures of these types to authenticate servers. Furthermore, most cryptocurrencies like Bitcoin and Ethereum use ECDSA for signing transactions. The popularity of (EC)DSA signatures stands in stark contrast to the absence of rigorous security analyses. In this talk we will survey known provable security results about DSA and ECDSA. We will also discuss limitations of current provable security approaches.
2020
ASIACRYPT
2020
ASIACRYPT
2020
CRYPTO
Crypto for the People πŸ“Ί
β˜…Invited talk
2020
CRYPTO
Our Models and Us πŸ“Ί
β˜…IACR Distinguished Lecture
2020
EUROCRYPT
Mathematics and Cryptography: A Marriage of Convenience? πŸ“Ί
β˜…Invited Paper
Mathematics and cryptography have a long history together, with the ups and downs inherent in any long relationship. Whether it is a marriage of convenience or a love match, their progeny have lives of their own and have had an impact on the world. This invited lecture will briefly recall some high points from the past, give speculation and encouragement for the future of this marriage, and give counseling on how to improve communication, resolve conflicts, and play well together, based on personal experience and lessons learned.
2020
EUROCRYPT
Fine-Grained Cryptography: A New Frontier?
β˜…Invited Paper
Fine-grained cryptography is concerned with adversaries that are only moderately more powerful than the honest parties. We will survey recent results in this relatively underdeveloped area of study and examine whether the time is ripe for further advances in it.
2020
FSE
Cryptanalysis of OCB2: the attacks and the story behind πŸ“Ί
β˜…Invited talk
I will talk about OCB2, an authenticated encryption (AE) mode of operation proposed at 2004. It is a very popular scheme for its innovative design. The tweakable block cipher-based modular architecture of OCB2 was influenced to countless subsequent schemes. However, our paper presented at CRYPTO 2019 showed that it is completely broken with negligible amount of computation. In addition to the description of our attacks, I will tell a bit more on the story behind this break, how it started and evolved, hoping that it contributes to our understanding of practical provable security.
2020
FSE
Tweakable Block Cipher-Based Cryptography πŸ“Ί
β˜…Invited talk
A tweakable block cipher (TBC) basically consists of a block cipher with an extra input, the tweak, that allows to select a family of keyed permutations. Since their first formalization by Liskov et al. at CRYPTO 2012, TCBCs have recently gained popularity as they can easily instantiate beyond birthday-bound operating modes. In particular, these modes are potentially very attractive for lightweight cryptography, where it is crucial to reach a security as high as possible for a state as small as possible. In this talk, we will review the latest advances in tweakable block ciphers. First, we will recall how to design TBCs from an existing primitive or from scratch. Then, using the example of lightweight authenticated encryption, we will study why TBCs are very competitive primitives in that scenario. Finally, we will exhibit other possible future usages of TBCs. Throughout the talk, we will try to identify several possibly interesting open research problems.
2020
PKC
How Low Can We Go?
β˜…Invited talk
Given a cryptographic task, such as encrypting a message or securely computing a given function, a natural question is to find the "minimal cost" of carrying out this task. The question can take a variety of forms, depending on the cost measure. For instance, one can try to minimize computation, communication, rounds, or randomness. In the case of computational cost, one can consider different computation models, such as circuits or branching programs, and different cost metrics, such as size or depth. The answer to the question may further depend on the type of computational assumptions one is willing to make. The study of this question, for different cryptographic tasks and clean asymptotic cost measures, has led to a rich body of work with useful and often unexpected results. The talk will survey some of this work, highlighting connections between different research areas in cryptography and relevance beyond cryptography. In addition to the direct interest in minimizing well-motivated complexity measures, there are cases in which ``high-end' cryptographic tasks, such as secure multiparty computation or program obfuscation, call for minimizing different cost measures of lower-end primitives that would otherwise seem poorly motivated. I will give some examples of this kind. Finally, I will make the case that despite the progress already made, there is much more to be explored. Research in this area can greatly benefit from more cooperation between theoretical and applied cryptographers, as well as between cryptographers and researchers from other fields, including computational complexity, algorithms, computational learning theory, coding and information theory.
2019
ASIACRYPT
New proof systems for sustainable blockchains: proofs of space and verifiable delay functions
β˜…Invited talk
The distinctive feature of Bitcoin is that it achieves decentralisation in an open setting where everyone can join. This is achieved at a high price, honest parties must constantly dedicate more computational power towards securing Bitcoin's blockchain than is available to a potential adversary, which leads to a massive waste of energy; at its hitherto peak, the electricity used for Bitcoin mining equaled the electricity consumption of Austria. In this lecture I will discuss how disk-space, instead of computation, can be used as a resource to construct a more sustainable blockchain. We will see definitions and constructions of "proof of space" and "verifiable delay functions", and how they can be used to construct a Blockchain with similar dynamics and security properties as the Bitcoin blockchain.
2019
ASIACRYPT
Streamlined blockchains: A simple and elegant approach (tutorial)
β˜…Invited talk
A blockchain protocol (also called state machine replication) allows a set of nodes to agree on an ever-growing, linearly ordered log of transactions. In this tutorial, we present a new paradigm called β€œstreamlined blockchains”. This paradigm enables a new family of protocols that are extremely simple and natural: every epoch, a proposer proposes a block extending from a notarized parent chain, and nodes vote if the proposal’s parent chain is not too old. Whenever a block gains enough votes, it becomes notarized. Whenever a node observes a notarized chain with several blocks of consecutive epochs at the end, then the entire chain chopping off a few blocks at the end is final. By varying the parameters highlighted in blue, we illustrate two variants for the partially synchronous and synchronous settings respectively. We present very simple proofs of consistency and liveness. We hope that this tutorial provides a compelling argument why this new family of protocols should be used in lieu of classical candidates (e.g., PBFT, Paxos, and their variants), both in practical implementation and for pedagogical purposes.
2019
CHES
RISCV and Security: how, when and why? πŸ“Ί
β˜…Invited talk
In this talk we will provide an overview of the current activities of the RISCV Foundation, including the creation of a Security Standing Committee about a year ago which is in charge of assessing new threats and opportunities in security in the RISCV world; we will discuss progress being made by the security-related task groups. The first one is working on specifying extensions of the base instruction set architecture (ISA) that will enable high-performance and high security cryptographic operations (AES, SHA-2, Public Key Cryptography); the second one is looking at creating extensions and hardware/software specifications to enable a trusted execution environment built on top of a RISCV processor; we will also provide details on the activities of the Security Standing Committee itself, and what some of the plans are to tackle the newest microarchitectural cache timing side-channel attacks such as Spectre, Meltdown, Foreshadow, etc. We will review some additional work on secure RISCV and existing security extension initiatives by academia around the world. Finally, we will describe some approaches of how a side-channel and DPA-resistant RISCV CPU could be built and elaborate on the research we have been focused on in the past months.
2019
CHES
Developing High-Performance Mechanically-Verified Cryptographic Code πŸ“Ί
β˜…Invited talk
Project Everest is constructing a high-performance, standards-compliant, formally verified implementation of the HTTPS ecosystem, including TLS, X.509, and the core cryptographic algorithms. This talk will present an overview of how we verify our implementations are correct, cryptographically secure, and resilient to basic side channels. We will focus on our EverCrypt cryptographic provider, a comprehensive collection of verified, high-performance cryptographic functionalities available via a carefully designed API. The API provably supports agility (choosing between multiple algorithms for the same functionality) and multiplexing (choosing between multiple implementations of the same algorithm). Through a combination of abstraction and zero-cost generic programming, we show how agility can simplify verification without sacrificing performance, and we demonstrate how C and assembly can be composed and verified against shared specifications. The result is several functionalities whose performance matches or exceeds the best unverified implementations. Altogether, EverCrypt consists of over 100K verified lines of specs, code, and proofs, and it produces over 45K lines of C and assembly code.
2019
CRYPTO
2019
CRYPTO
Contextual Integrity πŸ“Ί
β˜…Invited Talk
2019
EUROCRYPT
2019
EUROCRYPT
2019
EUROCRYPT
Differential Privacy and the People's Data πŸ“Ί
β˜…IACR Distingished Lecture
2019
FSE
On Invariant Attacks πŸ“Ί
β˜…Invited talk
2019
FSE
2019
FSE
2019
PKC
2019
TCC
2019
TCC
2019
TCC
2018
ASIACRYPT
2018
ASIACRYPT
2018
ASIACRYPT
2018
CHES
2018
CHES
2018
CRYPTO
2018
CRYPTO
From Idea to Impact, the Crypto story: What's next? πŸ“Ί
β˜…IACR Distinguished Lecture
2018
EUROCRYPT
2018
EUROCRYPT
2018
FSE
On breaking SHA-1
β˜…Invited talk
2018
PKC
2018
PKC
2018
TCC
2018
TCC
Encrypted Computation
β˜…Invited talk
2017
ASIACRYPT
2017
ASIACRYPT
2017
ASIACRYPT
2017
CHES
2017
CRYPTO
2017
CRYPTO
2017
EUROCRYPT
2017
EUROCRYPT
2017
FSE
2017
FSE
2017
PKC
2017
PKC
2017
TCC
2017
TCC
2016
ASIACRYPT
2016
ASIACRYPT
2016
ASIACRYPT
2016
CHES
2016
CRYPTO
(title unknown)
β˜…Invited talk
2016
CRYPTO
2016
EUROCRYPT
The Future of Cryptography πŸ“Ί
β˜…Invited paper
2016
EUROCRYPT
Engineering Code Obfuscation πŸ“Ί
β˜…Invited paper
2016
EUROCRYPT
2016
FSE
2016
FSE
2016
PKC
2016
PKC
2016
PKC
2016
TCC
2016
TCC
2016
TCC
Non-Malleable Codes
β˜…Invited talk
2016
TCC
2016
TCC
2015
ASIACRYPT
2015
ASIACRYPT
2015
ASIACRYPT
2015
CHES
2015
CRYPTO
2015
CRYPTO
2015
EUROCRYPT
2015
EUROCRYPT
2015
EUROCRYPT
2015
FSE
2015
FSE
2015
PKC
2015
PKC
2015
TCC
2015
TCC
2014
ASIACRYPT
2014
ASIACRYPT
2014
CHES
2014
CRYPTO
2014
EUROCRYPT
2014
EUROCRYPT
2014
FSE
2014
FSE
2014
PKC
2014
PKC
2014
TCC
2014
TCC
2013
ASIACRYPT
2013
ASIACRYPT
2013
CHES
The Future of SHA-3
β˜…Invited talk
2013
CRYPTO
2013
CRYPTO
2013
EUROCRYPT
2013
FSE
2013
FSE
2013
PKC
2013
PKC
2013
TCC
2013
TCC
2013
TCC
2012
ASIACRYPT
2012
ASIACRYPT
2012
CHES
2012
CHES
2012
CRYPTO
The End of Crypto πŸ“Ί
β˜…Invited paper
2012
CRYPTO
2012
EUROCRYPT
Another Look at Provable Security πŸ“Ί
β˜…Invited paper
2012
EUROCRYPT
2012
FSE
2012
FSE
2012
PKC
2012
TCC
2012
TCC
2011
ASIACRYPT
15 Years of Rijndael
β˜…Invited talk
2011
ASIACRYPT
2011
CHES
2011
CHES
2011
CRYPTO
2011
EUROCRYPT
2011
EUROCRYPT
2011
FSE
2011
FSE
2011
PKC
2011
TCC
2011
TCC
2010
ASIACRYPT
2010
ASIACRYPT
2010
CHES
2010
CHES
2010
CRYPTO
2010
FSE
2010
FSE
2010
PKC
2010
PKC
2010
TCC
2010
TCC
2009
CHES
2009
CHES
2009
CHES
2009
CRYPTO
2009
CRYPTO
2009
EUROCRYPT
2009
EUROCRYPT
2009
FSE
2009
FSE
2009
PKC
2009
PKC
2009
TCC
2009
TCC
2008
ASIACRYPT
2008
ASIACRYPT
2008
CHES
2008
CHES
2008
CRYPTO
2008
CRYPTO
2008
EUROCRYPT
2008
EUROCRYPT
2008
FSE
2008
PKC
2008
PKC
2008
PKC
2008
TCC
2008
TCC
2007
ASIACRYPT
2007
ASIACRYPT
2007
CHES
2007
CHES
2007
CRYPTO
2007
CRYPTO
2007
EUROCRYPT
2007
FSE
2007
PKC
2007
PKC
2007
PKC
2007
TCC
2007
TCC
Ad-Hoc Constructions
β˜…Invited talk
2007
TCC
2006
ASIACRYPT
2006
CHES
2006
CHES
2006
CHES
2006
CRYPTO
2006
CRYPTO
2006
EUROCRYPT
2006
EUROCRYPT
2006
FSE
2006
PKC
2005
ASIACRYPT
2005
CHES
2005
CHES
2005
CHES
2005
CRYPTO
2005
EUROCRYPT
2005
EUROCRYPT
2005
FSE
2004
ASIACRYPT
2004
ASIACRYPT
2004
CHES
2004
CHES
Quantum Cryptography
β˜…Invited talk
2004
CHES
2004
CRYPTO
2004
CRYPTO
2004
EUROCRYPT
2004
FSE
2004
FSE
2004
PKC
2003
ASIACRYPT
2003
ASIACRYPT
2003
CHES
2003
CHES
RSA Security Analysis
β˜…Invited talk
2003
CHES
2003
CRYPTO
2003
CRYPTO
2003
EUROCRYPT
2003
EUROCRYPT
2003
FSE
2002
ASIACRYPT
Crypto-integrity
β˜…Invited paper
2002
ASIACRYPT
2002
CHES
2002
CHES
2002
CHES
2002
CRYPTO
2002
EUROCRYPT
2002
EUROCRYPT
2002
PKC
2001
ASIACRYPT
2001
ASIACRYPT
2001
CHES
2001
CHES
2001
CRYPTO
2001
CRYPTO
2001
EUROCRYPT
2001
FSE
2001
PKC
(title unknown)
β˜…Invited talk
2001
PKC
2001
PKC
(title unknown)
β˜…Invited talk
2000
ASIACRYPT
2000
CHES
2000
CHES
2000
CRYPTO
2000
CRYPTO
2000
EUROCRYPT
2000
EUROCRYPT
1999
ASIACRYPT
1999
CHES
We Need Assurance
β˜…Invited paper
1999
CHES
1999
CHES
1999
CRYPTO
1999
CRYPTO
1998
ASIACRYPT
1998
CRYPTO
1998
PKC
1998
PKC
1998
PKC
1997
CRYPTO
1997
CRYPTO
1997
EUROCRYPT
1997
EUROCRYPT
1996
ASIACRYPT
1996
ASIACRYPT
1996
ASIACRYPT
1996
CRYPTO
1996
CRYPTO
(title unknown)
β˜…Invited talk
1996
CRYPTO
1996
CRYPTO
1996
CRYPTO
1996
EUROCRYPT
1995
CRYPTO
1995
EUROCRYPT
1995
EUROCRYPT
1995
EUROCRYPT
1994
ASIACRYPT
1994
ASIACRYPT
1994
ASIACRYPT
1994
CRYPTO
1994
CRYPTO
1994
CRYPTO
1994
EUROCRYPT
(title unknown)
β˜…Invited talk
1993
CRYPTO
1993
EUROCRYPT
1992
CRYPTO
1992
CRYPTO
1991
ASIACRYPT
1991
ASIACRYPT
1991
ASIACRYPT
1991
ASIACRYPT
1991
CRYPTO
1991
CRYPTO
1991
CRYPTO
1990
CRYPTO
(title unknown)
β˜…Invited talk
1990
CRYPTO
1990
CRYPTO
1989
CRYPTO
1989
CRYPTO
1989
CRYPTO
1989
CRYPTO
1989
CRYPTO
1989
CRYPTO
1989
CRYPTO
1989
EUROCRYPT
1989
EUROCRYPT
1989
EUROCRYPT
1989
EUROCRYPT
1989
EUROCRYPT