CANS 2011

Program

DECEMBER 9

16:00-18:00: Registration

19:00-21:00: Dinner buffet(Pacific Cafe, 1st Floor)

DECEMBER 10

9:00-10:00	Registration
10:00-10:10	Opening Remarks
Session 1: Symmetric Cryptanalysis Session Chair: Yvo Desmedt
10:10-10:35	Cube Cryptanalysis of Hitag2 Stream Cipher Siwei Sun, Lei Hu, Yonghong Xie and Xiangyong Zeng
10:35-11:00	New Impossible Differential Cryptanalysis of Reduced-Round Camellia Leibo Li, Jiazhe Chen and Keting Jia
11:00-11:25	The Initialization Stage Analysis of ZUC v1.5 Chunfang Zhou, Xiutao Feng and Dongdai Lin
11:25-12:25	Invited Talk (1): Sponge functions Speaker: Joan Daemen (STMicroelectronics, Belgium)
12:25-14:00	Lunch(Pacific Cafe, 1st Floor)
Session 2: Symmetric Ciphers Session Chair: Joan Daemen
14:00-14:25	Algebraic Cryptanalysis of the Round-reduced and Side Channel Analysis of the Full PRINTCipher-48 Stanislav Bulygin and Johannes Buchmann
14:25-14:50	EPCBC - A Block Cipher Suitable for Electronic Product Code Encryption Huihui Yap, Khoongming Khoo, Axel Poschmann and Matt Henricksen
14:50-15:15	On Permutation Layer of Type 1, Source-Heavy, and Target-Heavy Generalized Feistel Structures Shingo Yanagihara and Tetsu Iwata
15:15-16:15	Invited Talk (2): Breaking Fully-Homomorphic-Encryption Challenges Speaker: Phong Q. Nguyen (INRIA, France and Tsinghua University, China)
16:15-16:35	Coffee Break (20 minutes)
Session 3: Public Key Cryptography Session Chair: Josef Pieprzyk
16:35-17:00	Security Analysis of An Improved MFE Public Key Cryptosystem Xuyun Nie, Zhaohu Xu, Li Lu and Yongjian Liao
17:00-17:25	A New Lattice-Based Public-Key Cryptosystem Mixed with a Knapsack Yanbin Pan, Yingpu Deng, Yupeng Jiang and Ziran Tu
17:25-17:50	Achieving Short Ciphertexts or Short Secret-Keys for Adaptively Secure General Inner-Product Encryption Tatsuaki Okamoto and Katsuyuki Takashima
18:30-20:30	Welcome Reception (Asia Garden, 1st Floor)

DECEMBER 11

8:00-9:00	Registration
Session 4: Protocol Attacks and Privacy Techniques Session Chair: Gene Tsudik
9:00-9:25	Comments on the SM2 Key Exchange Protocol Jing Xu and Dengguo Feng
9:25-9:50	Cryptanalysis of a Provably Secure Cross-Realm Client-to-Client Password Authenticated Key Agreement Protocol of CANS' 09 Wei-Chuen Yau, Raphael C.-W. Phan, Bok-Min Goi and Swee-Huay Heng
9:50-10:15	Passive Attack on RFID LMAP++ Authentication Protocol Shaohui Wang and Wei-Wei Zhang
10:15-10:40	Multi-Show Anonymous Credentials with Encrypted Attributes in the Standard Model Sébastien Canard, Roch Lescuyer and Jacques Traore
10:40-11:00	Coffee Break (20 mimutes)
Session 5: Privacy Techniques (1) Session Chair: Dongdai Lin
11:00-11:25	Group Signature with Constant Revocation Costs for Signers and Verifiers Chun-I Fan, Ruei-Hau Hsu and Mark Manulis
11:25-12:25	Invited Talk (3): Client Puzzles for Denial-of-service Resistant Authentication Speaker: Colin Boyd (QUT, Australia)
12:25-13:30	Lunch(Pacific Cafe, 1st Floor)
13:00-13:45	CANS Steering Committee Meeting
Half-Day Tour
14:00-17:00	Half-Day Tour
18:30-21:00	Banquet (Ocean View Restaurant)

DECEMBER 12

Session 6: Privacy Techniques (2) Session Chair: Xiaoyun Wang
9:00-9:25	Fast Computation on Encrypted Polynomials and Applications Payman Mohassel
9:25-9:50	AniCAP: An Animated 3D CAPTCHA Scheme based on Motion Parallax Yang-Wai Chow and Willy Susilo
9:50-10:15	Towards Attribute Revocation in Key-Policy Attribute Based Encryption Pengpian Wang, Dengguo Feng and Liwu Zhang
10:15-10:35	Coffee Break (20 mimutes)
Session 7: Varia Session Chair: Yuliang Zheng
10:35-11:00	A Note on (Im)possibilities of Obfuscating Programs of Zero-Knowledge Proofs of Knowledge Ning Ding and Dawu Gu
11:00-12:00	Invited Talk (4): Expressive Encryption Systems from Lattices Speaker: Xavier Boyen(Xerox PARC, USA)
12:00-12:15	Closing Remarks
12:15-13:35	Lunch(Pacific Cafe, 1st Floor)

Invited Talks

Title 1: Sponge functions

Speaker: Prof. Joan Daemen (STMicroelectronics, Belgium) (joint work with Guido Bertoni, Michal Peeters and Gilles Van Assche)

Abstract: The sponge construction takes a fixed-length permutation into a function supporting inputs of any length and returning an output of arbitrary length: a sponge function. We originally introduced sponge functions to compactly express the security requirements for hash functions that support variable digest length. Taking a random fixed-length permutation results in a random sponge, an ideal primitive with finite state that comes as close as possible to a random oracle, as we formally proved in the indifferentiability framework. Security claims based on random sponges are more natural and intuitive than the classical claims based on the digest length.
Later we decided to use the sponge construction in actual designs, with a fully specified underlying permutation designed to resist cryptanalysis. Sponge functions as such can be used in many different modes of use: hashing, MAC computation, stream cipher, mask generating function (MGF), salted hashing and even tree hashing. Recently, we discovered a variant of the sponge construction called the duplex construction that extends the range of modes of use and whose security is equivalent to that of the sponge construction. Modes of use include efficient authenticated encryption and reseedable pseudo random sequence generators. As such, the sponge and duplex constructions support the full range of symmetric cryptographic operations, requiring only a fixed-length permutation. This fact make fixed-length permutations suitable to replace block ciphers as the swiss army knife of symmetric cryptography. Compared to block ciphers, permutations are easier to design and, when used in the sponge and duplex construction, are considerably more flexible. Our SHA-3 candidate Keccak was the first published sponge function family. In the meanwhile already three other sponge function families have been published in the lightweight crypto range: Quark, Photon and Spongent.
The talk will cover the use of the sponge construction in defining security properties and in design.

Title 2: Breaking Fully-Homomorphic-Encryption Challenges

Speaker: Prof. Phong Q. Nguyen (INRIA, France and Tsinghua University, China)

Abstract: Following Gentry's breakthrough work in Proc. STOC '09, there is currently great interest on fully-homomorphic encryption (FHE), which allows to compute arbitrary functions on encrypted data. Though the area has seen much progress recently, it is still unknown if fully-homomorphic encryption will ever become truly practical one day, or if it will remain a theoretical curiosity. In order to find out, several FHE numerical challenges have been proposed by Gentry and Halevi, and by Coron et al., which provide concrete parameters whose efficiency and security can be studied. We report on recent attempts at breaking FHE challenges, and we discuss the difficulties of assessing precisely the security level of FHE challenges, based on the state-of-the-art. It turns out that security estimates were either missing or too optimistic.

Title 3: Client puzzles for denial-of-service resistant authentication

Speaker: Prof. Colin Boyd (QUT, Australia)

Abstract: A puzzle scheme is a mechanism for delaying a party aiming to obtain some service. Among their applications, puzzles are helpful in protecting authentication protocols from denial-of-service attacks. This talk will provide an overview of puzzle properties and their applications, including formal models for their analysis. Different constructions will be surveyed and integration of puzzles into cryptographic protocols considered. Protection of real-world protocols such as TLS and web services will also be considered. This talk will present joint work with Juan Gonzalez Nieto, Lakshmi Kuppusamy, Jothi Rangasamy, Douglas Stebila.

Title 4: Expressive Encryption Systems from Lattices

Speaker: Dr. Xavier Boyen (Xerox PARC, USA)

Abstract: In this survey, we review a number of the many “expressive” encryption systems that have recently appeared from lattices, and explore the innovative techniques that underpin them.