Abstracts of invited talks
Roberto M. Avanzi (Ruhr-University Bochum, Germany)
Trace Zero Varieties: Cryptographic Applications
Based on joint works with: Emanuele Cesena, Tanja Lange.
Given a low genus hyperelliptic curve defined over a finite field
Fq, a Trace Zero Variety is a specific subgroup
of the divisor
class group of the curve over small degree extension
of the definition field.
Trace Zero Varieties are interesting for cryptographic applications
since they enjoy properties that can be exploited to achieve
fast arithmetic and group construction.
We review here recent results on the performance of trace zero
varieties in some different contexts relevant to cryptography,
from scalar multiplication to the computation of pairings.
- Martin Geisler (University of Aarhus, Denmark)
Virtual Ideal Functionality Framework - Design and Implementation
The Virtual Ideal Functionality Framework (VIFF) is a general framework
for implementing secure multiparty computation. It comes with a number
of basic primitives such as secure addition, multiplication, and
comparison, which application programmers combine into larger programs.
In this talk we will describe the architecture behind VIFF and look at
the design choices we took: what worked well and what worked less well.
Emilia Käsper (Katholieke Universiteit Leuven, Belgium)
Implementing AES 2000-2010: performance and security challenges
Fast software performance was one of the key arguments in selecting
Rijndael as the Advanced Encryption Standard in 2000. A typical AES
implementation uses lookup tables; until recently, its performance on
common processors was capped at around 14-15 cycles/byte. Since 2005,
several attacks targeting cache leakage in lookup-table based
implementations of AES have been published. Simultaneously, with the
emergence of 64-bit processors, bitslicing has proved a viable and more
secure implementation strategy. Latest bitsliced implementations of AES
now run at under 8 cycles/byte on modern Intel processors, that is, twice
as fast as in 2000.
In this talk, we'll look inside the Intel processor and identify main
bottlenecks in implementing AES fast and securely. We'll then describe the
bitslicing technique step-by-step and present our latest benchmarking
results. Finally, stepping away from AES, we'll draw some general
conclusions on how cryptography has benefitted from new processor features
driven by multimedia appications.
- Benny Pinkas (University of Haifa, Israel)
Implementing Secure Multi-Party Computation
Secure computation is one of the great achievements of modern cryptography,
enabling a set of untrusting parties to compute any function of their
private inputs while revealing nothing but the result of the function.
Advances in modern cryptography coupled with rapid growth in processing and
communication speeds make secure computation a realistic paradigm. This was
demonstrated by the Fairplay system, which is a generic system for secure
two-party computation that supports high-level specification of the
We will describe in this talk the lessons that can be learned from recent
advances in implementing secure computation. These include a system for
secure two-party computation which has fully-simulatable security against
malicious adversaries, and FairplayMP (for "Fairplay Multi-Party"), a system
for multi-party computation secure against semi-honest adversaries. The
design of these systems required modifying the theoretical feasibility
results on which the systems were based. The experimental results that were
gained provide insight on the best future approaches for improving the
performance of secure multi-party computation.
- Bo-Yin Yang (Academia Sinica, Taiwan)
Implementing Multivariate Public-Key Cryptosystems
Multivariate Public-Key Cryptosystems (MPKCs) used to be touted as efficient
and operable on low-resource systems as well as a future-proofing investment
against the impending appearance of quantum computers. However, this lead
has been eroding with the recent directions taken by computer architecture.
We discuss how MPKCs are implemented on current hardware and how do the
speed trends compare to other cryptosystems such as ECC and RSA.