Abstracts for SPEED

Roberto M. Avanzi (Ruhr-University Bochum, Germany)
Trace Zero Varieties: Cryptographic Applications
Based on joint works with: Emanuele Cesena, Tanja Lange.
Given a low genus hyperelliptic curve defined over a finite field F_q, a Trace Zero Variety is a specific subgroup of the divisor class group of the curve over small degree extension F_qⁿ of the definition field. Trace Zero Varieties are interesting for cryptographic applications since they enjoy properties that can be exploited to achieve fast arithmetic and group construction.
We review here recent results on the performance of trace zero varieties in some different contexts relevant to cryptography, from scalar multiplication to the computation of pairings.

Martin Geisler (University of Aarhus, Denmark)
Virtual Ideal Functionality Framework - Design and Implementation
The Virtual Ideal Functionality Framework (VIFF) is a general framework for implementing secure multiparty computation. It comes with a number of basic primitives such as secure addition, multiplication, and comparison, which application programmers combine into larger programs. In this talk we will describe the architecture behind VIFF and look at the design choices we took: what worked well and what worked less well.

Emilia Käsper (Katholieke Universiteit Leuven, Belgium)
Implementing AES 2000-2010: performance and security challenges
Fast software performance was one of the key arguments in selecting Rijndael as the Advanced Encryption Standard in 2000. A typical AES implementation uses lookup tables; until recently, its performance on common processors was capped at around 14-15 cycles/byte. Since 2005, several attacks targeting cache leakage in lookup-table based implementations of AES have been published. Simultaneously, with the emergence of 64-bit processors, bitslicing has proved a viable and more secure implementation strategy. Latest bitsliced implementations of AES now run at under 8 cycles/byte on modern Intel processors, that is, twice as fast as in 2000.
In this talk, we'll look inside the Intel processor and identify main bottlenecks in implementing AES fast and securely. We'll then describe the bitslicing technique step-by-step and present our latest benchmarking results. Finally, stepping away from AES, we'll draw some general conclusions on how cryptography has benefitted from new processor features driven by multimedia appications.

Benny Pinkas (University of Haifa, Israel)
Implementing Secure Multi-Party Computation
Secure computation is one of the great achievements of modern cryptography, enabling a set of untrusting parties to compute any function of their private inputs while revealing nothing but the result of the function. Advances in modern cryptography coupled with rapid growth in processing and communication speeds make secure computation a realistic paradigm. This was demonstrated by the Fairplay system, which is a generic system for secure two-party computation that supports high-level specification of the computation.
We will describe in this talk the lessons that can be learned from recent advances in implementing secure computation. These include a system for secure two-party computation which has fully-simulatable security against malicious adversaries, and FairplayMP (for "Fairplay Multi-Party"), a system for multi-party computation secure against semi-honest adversaries. The design of these systems required modifying the theoretical feasibility results on which the systems were based. The experimental results that were gained provide insight on the best future approaches for improving the performance of secure multi-party computation.

Bo-Yin Yang (Academia Sinica, Taiwan)
Implementing Multivariate Public-Key Cryptosystems
Multivariate Public-Key Cryptosystems (MPKCs) used to be touted as efficient and operable on low-resource systems as well as a future-proofing investment against the impending appearance of quantum computers. However, this lead has been eroding with the recent directions taken by computer architecture. We discuss how MPKCs are implemented on current hardware and how do the speed trends compare to other cryptosystems such as ECC and RSA.