17th IMA International Conference on Cryptography and Coding

16 - 18 December 2019, St Anne’s College, University of Oxford

1 Invited Talks

Cas Cremers: Security Standardisation and Secure Messaging

Modern secure messaging protocols can offer strong security guarantees, such as perfect forward secrecy and post-compromise security [1]. Many widely used messaging applications, such as WhatsApp, Facebook Secure Conversations, Skype, and the Signal App have started to use one common underlying mechanism: the Signal protocol library. Yet while there exist good modern standardised protocols for secure channels, such as IETF TLS 1.3, there are no such open standard counterparts for secure messaging.

Early 2018, the Internet Engineering Task Force (IETF) officially started a working group with the goal of developing an open internet standard for secure messaging, called MLS [2]. This project aims to repeat the successful collaboration between industry and academia that has helped the development of TLS 1.3 [3], and the concrete formation of the working group was triggered by new developments in secure group messaging [4].

In this talk we will discuss the goals of Messaging Layer Security, its ongoing development, and some of the many challenges that still await. Challenges remain in at least three areas: technical solutions, limitations of analysis techniques, and process challenges.

[1] "On Post-Compromise Security", K. Cohn-Gordon. C. Cremers, and L. Garratt. IEEE CSF 2016 and https://eprint.iacr.org/2016/221.pdf.

[2] "Messaging Layer Security", IETF, https://datatracker.ietf.org/wg/mls/about/.

[3] "Reactive and Proactive Standardisation of TLS", K.G. Paterson and T. van der Merwe. SSR 2016.

[4] "On Ends-to-Ends Encryption: Asynchronous Group Messaging with Strong Security Guarantees", K. Cohn-Gordon, C. Cremers, L. Garratt, J. Millican, and K. Milner. 2018, ACM CCS 2018 and https://eprint.iacr.org/2017/666.pdf.

Clémentine Maurice: Side-channel Attacks on Microarchitecture: Beyond Crypto

Hardware is often considered as an abstract layer that behaves correctly, just executing instructions and outputing a result. However, the internal state of the hardware leaks information about the programs that are executing, paving the way for covert or side-channel attacks. Historically, cryptography has been a strong focus of research in the field of microarchitectural side-channel attacks However, the last years have shown a shift in the targets. During this presentation, we will review how microarchitectural attacks evolved in the last decade, and we will delve into side-channel attacks on keystroke timings as well as robust covert channels in the cloud.

Francesca Musiani: Nuancing the ‘User’ of Secure Messaging Tools

From 2016 to 2018, the H2020 NEXTLEAP (NEXT-generation Techno-Social and Legal Encryption, Access and Privacy) project has sought to ‘create, validate, and deploy communication and computation protocols that can serve as pillars for a secure, trust-worthy, annotable and privacy-respecting Internet that ensures citizens fundamental rights’. Its consortium included computer scientists and social scientists working in close interaction. In this talk, I will present some of the work that was conducted in the ‘social sciences-led’ strand of NEXTLEAP, which attempted to account for the diversity of users of secure messaging applications and their underlying protocols, as well as the different motivations of their developers.

Due to the increased deployment of secure messaging protocols in a variety of settings, differences between what developers “believe” are the needs of their users and their actual needs can have very tangible and potentially problematic consequences. Based on 90 interviews with both high and low-risk users, as well as the developers, of popular secure messaging applications, we mapped the design choices made by developers to threat models of both high-risk and low-risk users. Our research revealed interesting and sometimes surprising results, among which: high-risk users often consider client device seizures to be more dangerous than compromised servers; key verification is important to high-risk users, but they often do not engage in cryptographic key verification, instead using other “out of band” means; high-risk users, unlike low-risk users, often need pseudonyms and are heavily concerned over metadata collection. Developers tend to value open standards, open-source, and decentralization, but high-risk users often find these aspects less urgent given their more pressing concerns; and while, for developers, avoiding trusted third parties is an important concern, several high-risk users are in fact happy to rely on trusted third parties ‘protected’ by specific geo-political situations. We conclude by suggesting that work still needs to be done for secure messaging protocols to be aligned with real user needs, including high-risk, and with real-world threat models.

2 Accepted Papers

  • Behzad Abdolmaleki, Hamidreza Khoshakhlagh and Daniel Slamanig. A Framework for UC-Secure Commitments from Publicly Computable Smooth Projective Hashing (eprint)
  • Terry Shue Chien Lau, Chik How Tan and Theo Fanuela Prabowo. Key Recovery Attack on Rank Metric Code-based Signatures
  • Daniele Cozzo and Nigel Smart. Sharing the LUOV: Threshold Post-Quantum Signatures
  • Claire Delaplace, Andre Esser and Alexander May. Improved Low-Memory Subset Sum and LPN Algorithms via Multiple Collisions (eprint)
  • Jan Camenisch, Maria Dubovitskaya and Patrick Towa. Efficient Fully Secure Leakage-Deterring Encryption
  • Nigel Smart and Younes Talibi Alaoui. Distributing any Elliptic Curve Based Protocol (eprint)
  • Ivan Damgård, Helene Haagh, Michael Nielsen and Claudio Orlandi. Commodity-Based 2PC for Arithmetic Circuits (eprint)
  • Pedro Branco, Jintai Ding, Manuel Goulão and Paulo Mateus. A Framework for Universally Composable Oblivious Transfer from One-Round Key-Exchange (eprint)
  • Rowena Alma Betty and Akihiro Munemasa. Classification of self-dual codes of length 20 over \(\mathbb{Z}_4\) and length at most 18 over \(\mathbb{F}_2+u\mathbb{F}_2\)
  • Hyang-Sook Lee and Jeongeun Park. On the Security of Multikey Homomorphic Encryption (eprint)
  • Ramiro Martínez and Paz Morillo. RLWE-based Zero-Knowledge Proofs for linear and multiplicative relations
  • Karim Baghery. Subversion-Resistant Simulation (Knowledge) Sound NIZKs (eprint)
  • Shyam Murthy and Srinivas Vivek. Cryptanalysis of a Protocol for Efficient Sorting on SHE Encrypted Data (eprint)
  • Marcel Armour and Bertram Poettering. Decryption Algorithm Substitution Attacks
  • Maria Eichlseder, Daniel Kales and Markus Schofnegger. Forgery Attacks on FlexAE and FlexAEAD (eprint)
  • Shingo Sato and Junji Shikata. Quantum-Secure (Non-)Sequential Aggregate Message Authentication Codes
  • Shingo Sato and Junji Shikata. SO-CCA secure PKE from KEM in the QROM and the QICM

3 Accepted Presentations

  • James Howe, Marco Martinoli, Elisabeth Oswald and Francesco Regazzoni. Optimised Lattice-Based Key Encapsulation in Hardware
  • Gabrielle De Micheli, Remi Piau and Cecile Pierrot. A Tale of Three Signatures: practical attack of ECDSA with wNAF
  • Nina Bindel, Mike Hamburg, Andreas Hülsing and Edoardo Persichetti. Tighter proofs of CCA security in the quantum random oracle model
  • Monika Trimoska, Sorina Ionica and Gilles Dequen. A SAT-based approach for index calculus on binary elliptic curves
  • Jake Massimo. Primality Testing in Cryptographic Applications
  • Anamaria Costache, Kim Laine and Rachel Player. Homomorphic noise growth in practice: comparing BGV and FV
  • Sergiu Carpov, Malika Izabachène and Victor Mollimard. TFHE Toolbox for homomorphic neural network prediction
  • Woojoo Na, Alexander Allin and Christophe Petit. Trapdoor attacks on Cayley hash function parameters proposed at the NutMiC 2019 conference
  • Lydia Garms and Anja Lehmann. Group Signatures with Selective Linkability

5 Code of Conduct

We are committed to providing an experience free of harassment and discrimination at the IMA CCC conference, respecting the dignity of every participant.

If you experience harassment or discriminatory behavior at IMA CC, we encourage you to reach out to the Conference Chair Martin Albrecht or Ciara Rafferty.

Participants who violate this code may be sanctioned and/or expelled from the event, at the joint discretion of the Conference Chair and Ciara Rafferty. Any action will only be taken with the consent of the complaining party. UK law applies.

If you witness harassment or discriminatory behavior, please consider intervening.

6 Programme

Monday

  Invited Talk
09:40 - 10:40 Cas Cremers: Security Standardisation and Secure Messaging
10:40 - 11:10 Break
  MPC
11:10 - 11:35 Ivan Damgård, Helene Haagh, Michael Nielsen and Claudio Orlandi. Commodity-Based 2PC for Arithmetic Circuits
11:35 - 12:00 Nigel Smart and Younes Talibi Alaoui. Distributing any Elliptic Curve Based Protocol
12:00 - 13:00 Lunch
  Coding (Attacks)
13:00 - 13:25 Terry Shue Chien Lau, Chik How Tan and Theo Fanuela Prabowo. Key Recovery Attack on Rank Metric Code-based Signatures
13:25 - 13:50 Claire Delaplace, Andre Esser and Alexander May. Improved Low-Memory Subset Sum and LPN Algorithms via Multiple Collisions
13:50 - 14:15 Rowena Alma Betty and Akihiro Munemasa. Classification of self-dual codes of length 20 over \(\mathbb{Z}_4\) and length at most 18 over \(\mathbb{F}_2+u\mathbb{F}_2\)
14:15 - 14:45 Break
  Adversarial Quantum Queries
14:45 - 15:10 Shingo Sato and Junji Shikata. Quantum-Secure (Non-)Sequential Aggregate Message Authentication Codes
15:10 - 15:35 Shingo Sato and Junji Shikata. SO-CCA secure PKE from KEM in the QROM and the QICM
  Presentations (Lattices)
15:35 - 16:00 Sergiu Carpov, Malika Izabachène and Victor Mollimard. TFHE Toolbox for homomorphic neural network prediction
16:00 - 16:25 James Howe, Marco Martinoli, Elisabeth Oswald and Francesco Regazzoni. Optimised Lattice-Based Key Encapsulation in Hardware
16:25 - 16:50 Anamaria Costache, Kim Laine and Rachel Player. Homomorphic noise growth in practice: comparing BGV and FV
17:00 Drinks Reception

Tuesday

  Invited Talks
09:40 - 10:40 Nadia Heninger:
10:40 - 11:10 Break
  FHE Security
11:10 - 11:35 Hyang-Sook Lee and Jeongeun Park. On the Security of Multikey Homomorphic Encryption
11:35 - 12:00 Shyam Murthy and Srinivas Vivek. Cryptanalysis of a Protocol for Efficient Sorting on SHE Encrypted Data
12:00 - 13:00 Lunch
  Constructions
13:00 - 13:25 Daniele Cozzo and Nigel Smart. Sharing the LUOV: Threshold Post-Quantum Signatures
13:25 - 13:50 Jan Camenisch, Maria Dubovitskaya and Patrick Towa. Efficient Fully Secure Leakage-Deterring Encryption
13:50 - 14:15 Behzad Abdolmaleki, Hamidreza Khoshakhlagh and Daniel Slamanig. A Framework for UC-Secure Commitments from Publicly Computable Smooth Projective Hashing
14:15 - 14:40 Pedro Branco, Jintai Ding, Manuel Goulão and Paulo Mateus. A Framework for Universally Composable Oblivious Transfer from One-Round Key-Exchange
14:40 - 15:10 Break
  Presentations (Attacks)
15:10 - 15:35 Gabrielle De Micheli, Remi Piau and Cecile Pierrot. A Tale of Three Signatures: practical attack of ECDSA with wNAF
15:35 - 16:00 Jake Massimo. Primality Testing in Cryptographic Applications
16:00 - 16:25 Monika Trimoska, Sorina Ionica and Gilles Dequen. A SAT-based approach for index calculus on binary elliptic curves
  Invited Talk
16:30 - 17:30 Francesca Musiani: Nuancing the ‘User’ of Secure Messaging Tools
19:00 Conference Dinner

Wednesday

  Invited Talk
09:40 - 10:40 Clémentine Maurice: Side-channel Attacks on Microarchitecture: Beyond Crypto
10:40 - 11:10 Break
  Attacks on AEAD Primitives
11:10 - 11:35 Marcel Armour and Bertram Poettering. Decryption Algorithm Substitution Attacks
11:35 - 12:00 Maria Eichlseder, Daniel Kales and Markus Schofnegger. Forgery Attacks on FlexAE and FlexAEAD
12:00 - 13:00 Lunch
  ZK
13:00 - 13:25 Ramiro Martínez and Paz Morillo. RLWE-based Zero-Knowledge Proofs for linear and multiplicative relations
13:25 - 13:50 Karim Baghery. Subversion-Resistant Simulation (Knowledge) Sound NIZKs
  Presentations
13:50 - 14:15 Woojoo Na, Alexander Allin and Christophe Petit. Trapdoor attacks on Cayley hash function parameters proposed at the NutMiC 2019 conference
14:15 - 14:40 Nina Bindel, Mike Hamburg, Andreas Hülsing and Edoardo Persichetti. Tighter proofs of CCA security in the quantum random oracle model
14:40 - 15:05 Lydia Garms and Anja Lehmann. Group Signatures with Selective Linkability
15:05 - 15:10 Closing Remarks

7 Calls

The mathematical theory and practice of both cryptography and coding underpins the provision of effective security and reliability for data communication, processing and storage. This seventeenth International Conference in an established and successful IMA series on the theme of "Cryptography and Coding" solicits original research papers and presentations on all technical aspects of cryptography and coding.

Submissions are welcome on any cryptographic or coding-theoretic topic including, but not limited to:

  • Foundational theory and mathematics;
  • The design, proposal, and analysis of cryptographic or coding primitives and protocols
  • Secure implementation and optimisation in hardware or software; and
  • Applied aspects of cryptography and coding.

Call for Papers

The proceedings will be published in Springer's Lecture Notes in Computer Science series, and will be available at the conference.

Submissions must not substantially duplicate work that any of the authors has published elsewhere or has submitted in parallel to a journal or any other conference or workshop with proceedings. Accepted submissions may not appear in any other conference or workshop that has proceedings. Authors of accepted papers must guarantee that their paper will be presented at the conference and must make a full version of their paper available online.

All submissions will be blind-reviewed. Papers must be anonymous, with no author names, affiliations, acknowledgements, or obvious references. Submissions should begin with a cover page containing title, a short abstract, and a list of keywords. The body of the paper should be at most 14 pages, excluding the title page with abstract, the bibliography, and clearly marked appendices. Committee members are not required to review appendices, so the paper should be intelligible and self-contained within this length. The submission must be in Springer’s LNCS format (LaTeX). Submissions not meeting these guidelines risk rejection without consideration of their merits.

Submissions should be submitted via EasyChair.

Call for Presentations

The main criteria for acceptance are whether the committee believes that the proposed talk will be of interest and of appropriate quality to present to the IMACC audience:

Submissions must comply with the following rules:

  • Submissions can be full papers (maximum 10 pages), abstracts (maximum 2 pages), or the expected presentation slides.
  • Submissions must be non-anonymous and must clearly specify which author will give the talk.
  • The submission should provide sufficient detail to explain what the talk will be about.

As these presentations do not enter the formal proceedings (see accompanying Call for Papers), we accept and encourage contributed talk proposals which correspond to papers that are under submission or already published elsewhere.

Presentations should be submitted via EasyChair.

Updates

  • 2019-08-13: Presentation Submission Deadline extended to 28 August, 6pm (UK time).
  • 2019-07-24: Note that presentation submission will open on August 5 and close on August 14 (unchanged).
  • 2019-07-12: Paper Submission Deadline extended to 19 July 2019, 6pm (UK Time).

Important Dates

  • Submission Deadline: 19 July 2019 (Papers) and 28 August 2019 (Presentations)
  • Author Notification: 5 September 2019 (Papers) and 5 October 2019 (Presentations)
  • Proceedings Version Deadline: 22 September 2019 (Papers)
  • Conference: 16 to 18 December 2019

Committees

Programme Committee

  • Adeline Roux-Langlois, Univ Rennes, CNRS, IRISA, France
  • Alex Davidson, Cloudflare, UK
  • Benjamin Dowling, Information Security Group, Royal Holloway, University of London, UK
  • Caroline Fontaine, CNRS, France, LSV lab, France
  • Carolyn Whitnall, University of Bristol, UK,
  • Christian Janson, Technische Universität Darmstadt, Germany
  • Christian Rechberger, TU Graz, Austria
  • Christoph Striecks, AIT Austrian Institute of Technology, Austria
  • Christophe Petit, School of Computer Science, University of Birmingham, UK
  • Ciara Rafferty, Queen's University Belfast, UK
  • Cong Ling, Imperial College London, UK
  • Daniel Page, University of Bristol, UK
  • Elizabeth Quaglia, Information Security Group, Royal Holloway, University of London, UK,
  • Emmanuela Orsini, COSIC, KU Leuven, Belgium
  • Julia Hesse, IBM Research - Zurich, Switzerland
  • Martin Albrecht, Information Security Group, Royal Holloway, University of London, UK (Chair)
  • Rachel Player, Information Security Group, Royal Holloway, University of London, UK
  • Roope Vehkalahti, Aalto University, Finland
  • Thyla van der Merwe, Mozilla, UK

Steering Committee

  • Liqun Chen, University of Surrey, UK
  • Bahram Honary, School of Computing and Communication, University of Lancaster, UK
  • Máire O'Neill, Centre for Secure Information Technologies, ECIT, Queen's University Belfast, UK
  • Christopher Mitchell, Information Security Group, Royal Holloway University of London, UK
  • Matthew Parker, Institute for Informatics, University of Bergen, Norway
  • Kenneth Paterson, Information Security Group, Royal Holloway University of London, UK
  • Fred Piper, UK
  • Martijn Stam, Simula UiB, Norway

8 Further Information

For further details on the conference, please contact the IMA Conferences Department:
Email: conferences@ima.org.uk
Tel: +44 (0) 1702 354 020
Institute of Mathematics and its Applications, Catherine Richards House, 16 Nelson Street, Southend-on-Sea, Essex, SS1 1EF, UK

See also https://ima.org.uk/11167/17th-ima-international-conference-on-cryptography-and-coding/