16:00-18:00: Registration

19:00-21:00: Dinner buffet(Pacific Cafe, 1st Floor)





Opening Remarks

Session 1: Symmetric Cryptanalysis

Session Chair: Yvo Desmedt


Cube Cryptanalysis of Hitag2 Stream Cipher 
Siwei Sun, Lei Hu, Yonghong Xie and Xiangyong Zeng


New Impossible Differential Cryptanalysis of Reduced-Round Camellia
Leibo Li, Jiazhe Chen and Keting Jia


The Initialization Stage Analysis of ZUC v1.5
Chunfang Zhou, Xiutao Feng and Dongdai Lin


Invited Talk (1): Sponge functions
Speaker: Joan Daemen (STMicroelectronics, Belgium)


Lunch(Pacific Cafe, 1st Floor)

Session 2: Symmetric Ciphers

Session Chair: Joan Daemen


Algebraic Cryptanalysis of the Round-reduced and Side Channel Analysis of the Full PRINTCipher-48
Stanislav Bulygin and Johannes Buchmann


EPCBC - A Block Cipher Suitable for Electronic Product Code Encryption
Huihui Yap, Khoongming Khoo, Axel Poschmann and Matt Henricksen


On Permutation Layer of Type 1, Source-Heavy, and Target-Heavy Generalized Feistel Structures
Shingo Yanagihara and Tetsu Iwata


Invited Talk (2): Breaking Fully-Homomorphic-Encryption Challenges
Speaker: Phong Q. Nguyen (INRIA, France and Tsinghua University, China)


Coffee Break (20 minutes)

Session 3: Public Key Cryptography

Session Chair: Josef Pieprzyk


Security Analysis of An Improved MFE Public Key Cryptosystem
Xuyun Nie, Zhaohu Xu, Li Lu and Yongjian Liao


A New Lattice-Based Public-Key Cryptosystem Mixed with a Knapsack
Yanbin Pan, Yingpu Deng, Yupeng Jiang and Ziran Tu


Achieving Short Ciphertexts or Short Secret-Keys for Adaptively Secure General Inner-Product Encryption
Tatsuaki Okamoto and Katsuyuki Takashima


Welcome Reception (Asia Garden, 1st Floor)





Session 4: Protocol Attacks and Privacy Techniques

Session Chair: Gene Tsudik


Comments on the SM2 Key Exchange Protocol
Jing Xu and Dengguo Feng


Cryptanalysis of a Provably Secure Cross-Realm Client-to-Client Password Authenticated Key Agreement Protocol of CANS' 09
Wei-Chuen Yau, Raphael C.-W. Phan, Bok-Min Goi and Swee-Huay Heng


Passive Attack on RFID LMAP++ Authentication Protocol
Shaohui Wang and Wei-Wei Zhang


Multi-Show Anonymous Credentials with Encrypted Attributes in the Standard Model
Sébastien Canard, Roch Lescuyer and Jacques Traore


Coffee Break (20 mimutes)

Session 5: Privacy Techniques (1)

Session Chair: Dongdai Lin


Group Signature with Constant Revocation Costs for Signers and Verifiers
Chun-I Fan, Ruei-Hau Hsu and Mark Manulis


Invited Talk (3): Client Puzzles for Denial-of-service Resistant Authentication
Speaker: Colin Boyd (QUT, Australia)


Lunch(Pacific Cafe, 1st Floor)


CANS Steering Committee Meeting

Half-Day Tour


Half-Day Tour


Banquet (Ocean View Restaurant)



Session 6: Privacy Techniques (2)

Session Chair: Xiaoyun Wang


Fast Computation on Encrypted Polynomials and Applications
Payman Mohassel


AniCAP: An Animated 3D CAPTCHA Scheme based on Motion Parallax
Yang-Wai Chow and Willy Susilo


Towards Attribute Revocation in Key-Policy Attribute Based Encryption
Pengpian Wang, Dengguo Feng and Liwu Zhang


Coffee Break (20 mimutes)

Session 7: Varia

Session Chair: Yuliang Zheng


A Note on (Im)possibilities of Obfuscating Programs of Zero-Knowledge Proofs of Knowledge
Ning Ding and Dawu Gu


Invited Talk (4): Expressive Encryption Systems from Lattices
Speaker: Xavier Boyen(Xerox PARC, USA)


Closing Remarks


Lunch(Pacific Cafe, 1st Floor)


Invited Talks

Title 1:  Sponge functions

Speaker: Prof. Joan Daemen (STMicroelectronics, Belgium) (joint work with Guido Bertoni, Michal Peeters and Gilles Van Assche)

Abstract: The sponge construction takes a fixed-length permutation into a function supporting inputs of any length and returning an output of arbitrary length: a sponge function. We originally introduced sponge functions to compactly express the security requirements for hash functions that support variable digest length. Taking a random fixed-length permutation results in a random sponge, an ideal primitive with finite state that comes as close as possible to a random oracle, as we formally proved in the indifferentiability framework. Security claims based on random sponges are more natural and intuitive than the classical claims based on the digest length.
Later we decided to use the sponge construction in actual designs, with a fully specified underlying permutation designed to resist cryptanalysis. Sponge functions as such can be used in many different modes of use: hashing, MAC computation, stream cipher, mask generating function (MGF), salted hashing and even tree hashing. Recently, we discovered a variant of the sponge construction called the duplex construction that extends the range of modes of use and whose security is equivalent to that of the sponge construction. Modes of use include efficient authenticated encryption and reseedable pseudo random sequence generators. As such, the sponge and duplex constructions support the full range of symmetric cryptographic operations, requiring only a fixed-length permutation. This fact make fixed-length permutations suitable to replace block ciphers as the swiss army knife of symmetric cryptography. Compared to block ciphers, permutations are easier to design and, when used in the sponge and duplex construction, are considerably more flexible. Our SHA-3 candidate Keccak was the first published sponge function family. In the meanwhile already three other sponge function families have been published in the lightweight crypto range: Quark, Photon and Spongent.
The talk will cover the use of the sponge construction in defining security properties and in design.

Title 2:  Breaking Fully-Homomorphic-Encryption Challenges

Speaker:  Prof. Phong Q. Nguyen (INRIA, France and Tsinghua University, China)

Abstract: Following Gentry's breakthrough work in Proc. STOC '09, there is currently great interest on fully-homomorphic encryption (FHE), which allows to compute arbitrary functions on encrypted data. Though the area has seen much progress recently, it is still unknown if fully-homomorphic encryption will ever become truly practical one day, or if it will remain a theoretical curiosity. In order to find out, several FHE numerical challenges have been proposed by Gentry and Halevi, and by Coron et al., which provide concrete parameters whose efficiency and security can be studied. We report on recent attempts at breaking FHE challenges, and we discuss the difficulties of assessing precisely the security level of FHE challenges, based on the state-of-the-art. It turns out that security estimates were either missing or too optimistic.

Title 3:  Client puzzles for denial-of-service resistant authentication

Speaker:  Prof. Colin Boyd (QUT, Australia)

Abstract: A puzzle scheme is a mechanism for delaying a party aiming to obtain some service. Among their applications, puzzles are helpful in protecting authentication protocols from denial-of-service attacks. This talk will provide an overview of puzzle properties and their applications, including formal models for their analysis. Different constructions will be surveyed and integration of puzzles into cryptographic protocols considered. Protection of real-world protocols such as TLS and web services will also be considered. This talk will present joint work with Juan Gonzalez Nieto, Lakshmi Kuppusamy, Jothi Rangasamy, Douglas Stebila.

Title 4:  Expressive Encryption Systems from Lattices

Speaker:  Dr. Xavier Boyen (Xerox PARC, USA)

Abstract: In this survey, we review a number of the many “expressive” encryption systems that have recently appeared from lattices, and explore the innovative techniques that underpin them.