Quo vadis cryptology ?
Hash Functions and Stream Ciphers
6th International Workshop on the state of the art in cryptology and new challenges ahead
Friday, May 30th, 2008
Hotel (near the Warsaw Airport)
Location & fees:
You can also consider other hotels in the Warsaw airport area.
Andorra, Argentina, Austria, Australia, Belgium, Bolivia, Brazil, Brunei, Bulgaria, Canada, Chile, Costa Rica, Croatia, Czech Republic, Cyprus, Denmark, Estonia, Finland, France, Greece, Germany, Guatemala, Honduras, Hong Kong, Hungary, Iceland, Ireland, Israel, Italy, Japan, Latvia, Liechtenstein, Lithuania, Luxembourg, Macao, Malaysia, Malta, Mexico, Monaco, Netherlands, Nicaragua, Norway, New Zealand, Panama, Portugal, Romania, Salvador, San Marino, Singapore, Slovakia, Slovenia, South Korea, Spain, Sweden, Switzerland, United Kingdom, United States of America, Uruguay, Vatican, Venezuela.
Citizens from other countries not enumerated on the list above need to have a visa when visiting Poland.
Kris Gaj, George Mason University, U.S.A.
Local Organizing Committee:
Pawel Luksic, ENIGMA Information Security Systems, Warsaw, Poland
Critical Look at Cryptographic Hash Function Literature
On the Security of SHA-1
Since the invention of differential cryptanalysis by Biham and
Shamir, it has been the most powerful method to cryptanalyze block
ciphers. Nowadays, it is well known how to apply differential
cryptanalysis to block ciphers and how to design ciphers such that they
resist this type of attacks. In 2004, Wang demonstrated that
differential cryptanalysis can be used to attack also modern hash
functions. However, the methods need to be adapted in order to be
successful. Today we are still trying to optimize differential
cryptanalysis for hash functions.
Cryptanalysis of LASH
We show that the LASH-x hash function is vulnerable to attacks that trade time for memory, including collision attacks as fast as 2(4x/11) and preimage attacks as fast as 2(4x/7). Moreover, we briefly mention heuristic lattice based collision attacks that use small memory but require very long messages that are expected to find collisions much faster than 2x/2. All of these attacks exploit the designers' choice of an all zero IV. We then consider whether LASH can be patched simply by changing the IV. In this case, we show that LASH is vulnerable to a 2(7x/8) preimage attack. We also show that LASH is trivially not a PRF when any subset of input bytes is used as a secret key. None of our attacks depend upon the particular contents of the LASH matrix -- we only assume that the distribution of elements is more or less uniform. Additionally, we show a generalized birthday attack on the final compression of LASH which requires O(x2x/2(1+107/105)) » O(x2x/4) time and memory. Our method extends the Wagner algorithm to truncated sums, as is done in the final transform in LASH.
Provably Secure Hash
Functions - Do We Care?
Cryptographic primitives that have a security reduction to a well known, difficult computational problem are generally considered as more robust than purely heuristic designs. However, designing "provably secure" functions that are still practical seems to be a difficult problem so far. In this talk we consider what are the pros and cons of provably secure designs and discuss some of the challenges facing designers of provably secure constructions. One of them is the problem of the worst-case vs. average-case complexity, another is the appropriate instance size and finally the performance. We also mention the trap of "almost provably secure" designs which aren't, mainly due to mistakes in parameter selection or some slight modifications that invalidate the proof of security.
The Status of Stream Ciphers after the eSTREAM Project
Click here for extended abstract
In 1993 Vincent Rijmen graduated as electronics engineer from the University of Leuven, Belgium (KU Leuven) and obtained a PhD grant from the Flemish Fund for Scientific Research (FWO). After finishing his doctoral dissertation on the design and analysis of block ciphers in 1997, he continued his researching activities as a postdoctoral researcher of the FWO, collaborating on several occasions with his former colleague Dr. ir. Joan Daemen. One of their joint projects resulted in the algorithm Rijndael, which in October 2000 was selected by the National Institute for Standards and Technology (NIST) to become the Advanced Encryption Standard (AES) ? the successor to the existing Data Encryption Standard (DES). In 2001, Rijmen became Chief Cryptographer of Cryptomathic, a European company developing software for cryptographic applications. In 2004, he became full professor at the Graz University of Technology, where he heads the research unit "Krypto" of the institute of applied information processing and communications (IAIK), teaches several courses in applied cryptography and performs further research in the design of primitives for symmetric cryptography. Since September 2007, Rijmen is full professor at the KU Leuven and part time full professor at the Graz University of Technology. Rijmen is author of numerous scientific publications in the field of symmetric cryptography, has reviewed for many conferences and journals and also organized several conferences and workshops.
Bart Preneel received the Electrical Engineering degree and the Doctorate in Applied Sciences from the Katholieke Universiteit Leuven (Belgium). He is currently full professor at the Katholieke Universiteit Leuven. He was visiting professor at five universities in Europe and was a research fellow at the University of California at Berkeley. His main research interests are cryptography and information security.
He has authored and co-authored more than 200 scientific publications and is inventor of two patents. He is president of the IACR (International Association for Cryptologic Research) and a member of the Editorial Board of the Journal of Cryptology, the IEEE Transactions on Forensics and Information Security, and the International Journal of Information and Computer Security. He has participated to 20 research projects sponsored by the European Commission, for four of these as project manager. He has been program chair of ten international conferences (including Eurocrypt 2000, SAC 2005 and ISC 2006) and he has been invited speaker at more than 30 conferences.
In 2003, he has received the European Information Security Award in the area of academic research, and he received an honorary Certified Information Security Manager (CISM) designation by the Information Systems Audit and Control Association (ISACA). He is president of L-SEC vzw. (Leuven Security Excellence Consortium), an association of 60 companies and research institutions in the area of e-security.
Josef Pieprzyk received BSc in electrical engineering from Academy of Technology in Bydgoszcz, Poland, MSc in mathematics from Nicolaus Copernicus University of Torun, Poland, and PhD degree in computer science from Polish Academy of Sciences, Warsaw, Poland.
He was an Assistant Professor at Academy of Technology in Bydgoszcz, Poland and later held Lecturer and Senior Lecturer positions at the University of Sydney and University of New South Wales. In 1991, he was an Associate Professor in the School of Computer Science and IT, Wollongong University. Since 2001, he is a Professor in the Department of Computing, Macquarie University, Sydney, Australia. Professor Pieprzyk is a member of the editorial board for International Journal of Information Security (Springer-Verlag), Journal of Mathematical Cryptology (W de Gruyter), International Journal of Security and Networks, and International Journal of Information and Computer Security.
He is a member of IACR. His research interest includes computer network security, database security, design and analysis of cryptographic algorithms, algebraic analysis of block and stream ciphers, theory of cryptographic protocols, secret sharing schemes, threshold cryptography, copyright protection, e-Commerce and Web security.
Josef Pieprzyk published 5 books, edited 10 books (conference proceedings published by Springer-Verlag), 3 book chapters, and ~170 papers in refereed journals and refereed international conferences.
Krystian Matusiewicz received BSc and MSc in mathematics from Catholic University of Lublin, Poland. His MSc thesis won the competition for the best Polish thesis in cryptography and information security organized by ENIGMA ISS in 2002. In 2004 he received PhD scholarship at Macquarie University, Sydney. His PhD research was focused on analysis of dedicated cryptographic hash functions. After finishing his thesis in 2007 he was working as a research fellow at Macquarie University. In February 2008 he joined Technical University of Denmark to work as a postdoctoral research fellow in Department of Mathematics.
His research interests concentrate on mathematical methods of analysis of cryptographic primitives. He is particularly interested in new mathematical models and tools facilitating analysis of cryptographic algorithms as well as the complementary problem of designing new ones. Apart from cryptanalysis, he is also interested in broader problems of practical computer security and privacy.
Krystian is a member of IACR, serves as a reviewer for many cryptographic conferences and for International Journal of Information Security.
Vincent Rijmen - personal web page - KU Leuven