Search by date:
1998
|
1999
|
2000
|
2001
|
2002
|
2003
|
2004
|
2005
|
2006
|
2007
|
2008
|
2009
|
2010
|
2011
|
2012
| Forthcoming
If you wish to be informed about our seminars by email,
please contact Iwen Coisel or François-Xavier Standaert .
Seminars for the year 2008
January 2008
January 11, 14:30 - Le schéma de Benes et ses variantes
by Jacques Patarin
| Date: | January 11, 2008 - 14:30 |
| Location: | Auditoire Euler, 002, Euler Building (near Maxwell Building)
Avenue Georges Lemaître, 4-6 - 1348 Louvain-la-Neuve |
| Abstract: | (this talk will be given in french)
Le schéma de Benes permet de créer une fonction de 2n bits vers 2n bits à partir de 8 fonctions de n bits vers n bits. Récemment, une preuve de sécurité en 2^n a été obtenue, après plusieurs années de résultats partiels. Heureusement, cette preuve est assez simple. Pour certaines variantes de Benes, les choses sont malheureusement plus complexes. |
January 18, 14:00 - Les attaques Multi-Rectangles
by Jacques Patarin
| Date: | January 18, 2008 - 14:00 |
| Location: | Auditoire Euler, 002, Euler Building (near Maxwell Building)
Avenue Georges Lemaître, 4-6 - 1348 Louvain-la-Neuve |
| Abstract: | (this talk will be given in french)
Les attaques Multi-Rectangles sont une nouvelle classe d'attaque contre les schémas de Feistel dissymétriques. Dans cet exposé, je vais présenter ces attaques et leurs propriétés. |
February 2008
February 25, 11:00 - Protocol elaboration via the authentication tests
by Joshua Guttman
| Date: | February 25, 2008 - 11:00 |
| Location: | Room 207, Euler Building (near Maxwell Building)
Avenue Georges Lemaître, 4-6 - 1348 Louvain-la-Neuve |
| Abstract: | In practice, cryptographic protocol designers try to use a stepwise
method. They build protocols from simpler versions that achieve some
of the desired goals. Familiar heuristics help keep existing goals
independent of new message structure. In this paper we introduce a
theory to explain when these heuristics are correct.
A permissible refinement step introduces message structure, requiring
additional work in protocol analysis. However, to be permissible, it
must leave unchanged the protocol analysis for the existing message
structure. We represent protocol analysis by a search for minimal,
essentially different executions, driven by unsatisfied
authentication tests.
The protocol analysis search forms a labeled transition system. We
stipulate that the analysis of the more refined protocol Rho must be
weakly bisimilar to the analysis of the less refined protocol Pi.
The silent transitions that make this bisimulation a weak one---all
belonging to the more refined Rho---are the analysis steps required
for Rho's new message structure.
Our main theorem is that weak bisimularity implies that Rho preserves
the security goals achieved by Pi. |
| Link: | http://www.dice.ucl.ac.be/crypto/files/events/ProtocolDay08/Guttman.pdf |
February 25, 14:00 - Safely Composing Security Protocols via Tagging
by Stephanie Delaune
| Date: | February 25, 2008 - 14:00 |
| Location: | Room 207, Euler Building (near Maxwell Building)
Avenue Georges Lemaître, 4-6 - 1348 Louvain-la-Neuve |
| Abstract: | We present three recent works related to the use of tags for ensuring the safe composition of security protocols.
Joint work with Myrto Arapinis, Véronique Cortier, Jeremie Delaitre and Steve Kremer. |
| Link: | http://www.dice.ucl.ac.be/crypto/files/events/ProtocolDay08/Delaune.pdf |
February 25, 15:00 - Joint State Theorems for Public-Key Encryption and Digital Signature Functionalities with Local Computation
by Ralf Kuesters
| Date: | February 25, 2008 - 15:00 |
| Location: | Room 207, Euler Building (near Maxwell Building)
Avenue Georges Lemaître, 4-6 - 1348 Louvain-la-Neuve |
| Abstract: | Composition theorems in simulation-based approaches allow
to build complex protocols from sub-protocols in a modular
way. However, as first pointed out and studied by Canetti
and Rabin, this modular approach often leads to impractical
implementations. For example, when using a functionality
for digital signatures within a more complex protocol,
parties have to generate new verification and signing keys
for every session of the protocol. This motivates to
generalize composition theorems to so-called joint state
theorems, where different copies of a functionality may
share some state, e.g., the same verification and signing
keys.
In this talk, a joint state theorem is presented which is
more general than the original theorem of Canetti and
Rabin, for which several problems and limitations are
pointed out. We apply our theorem to obtain joint state
realizations for three functionalities: public-key
encryption, replayable public-key encryption, and digital
signatures. Unlike most other formulations, our
functionalities model that ciphertexts and signatures are
computed locally, rather than being provided by the
adversary. To obtain the joint state realizations, the
functionalities have to be designed carefully. Previous
formulations are shown to be unsuitable. Our work is based
on a recently proposed, rigorous model for simulation-based
security by Kuesters, called the IITM model. Our
definitions and results demonstrate the expressivity and
simplicity of this model. For example, unlike Canetti's UC
model, in the IITM model no explicit joint state operator
needs to be defined and the joint state theorem follows
immediately from the composition theorem of the IITM model.
Joint work with Max Tuengerthal. |
| Link: | http://www.dice.ucl.ac.be/crypto/files/events/ProtocolDay08/Kuesters.pdf |
February 25, 16:15 - Formal Analysis of PKCS#11
by Steve Kremer
| Date: | February 25, 2008 - 16:15 |
| Location: | Room 207, Euler Building (near Maxwell Building)
Avenue Georges Lemaître, 4-6 - 1348 Louvain-la-Neuve |
| Abstract: | PKCS#11 defines an API for cryptographic devices that has been widely adopted in industry. However, it has been shown to be vulnerable to a variety of attacks that could, for example, compromise the sensitive keys stored on the device. In this paper, we set out a formal model of the operation of the API, which differs from previous security API models notably in that it accounts for non-monotonic mutable global state. We give decidability results for our formalism, and describe an implementation of the resulting decision procedure using a model checker. We report some new attacks and prove the safety of some configurations of the API in our model.
|
| Link: | http://www.dice.ucl.ac.be/crypto/files/events/ProtocolDay08/KremerPKCS11.pdf |
May 2008
May 07, 14:00 - A New Approach in Side-Channel Analysis: Combining Engineer's Intuition with Advanced Stochastic Methods
by Werner Schindler
| Date: | May 07, 2008 - 14:00 |
| Location: | Auditoire Euler, 002, Euler Building (near Maxwell Building)
Avenue Georges Lemaître, 4-6 - 1348 Louvain-la-Neuve |
| Abstract: | The 'classical' approach in power analysis is DPA. DPA attacks require only little set-up work but on the negative side their attacking efficiency is low. Template attacks interpret measurements as values that are assumed by random variables whose (unknown) distributions depend on the subkey, a part of the plaintext and possibly on a masking value. In the profiling phase (aka characterization phase) measurement series are gained at a training device to estimate the unknown probability densities for each parameter set. The attacking efficiency of 'classical' template attacks(avoiding any model assumptions) is maximal but especially strong masked implementations profiling require gigantic workload.
This talk considers a stochastic approach (introduced at CHES 2005) that
combines the engineer's qualitative intuition with quantitative statistical methods. This approach does not aim at the exact probability densities but on (sufficiently close) approximators. The profiling workload is order(s) of magnitude smaller than for (classical) template attacks while its attacking efficiency is lower but still comparable. The attacking efficiency of this approach is much stronger than DPA. Moreover, the stochastic approach does not only provide the information whether a design can successfully be attacked but also exhibits the underlying reasons for the side-channel leakage, which allows the aimed re-design of cryptographic implementations. This stochastic approach works for power attacks on non-masked and masked implementations. It can be generalized in a natural way to electromagnetic radiation attacks and, more generally, to multi-channel attacks. |
July 2008
July 24, 14:30 - Prêt à Voter with Paillier Encryption
by Peter Ryan
| Date: | July 24, 2008 - 14:30 |
| Location: | Auditoire Euler, 002, Euler Building (near Maxwell Building)
Avenue Georges Lemaître, 4-6 - 1348 Louvain-la-Neuve |
| Abstract: | Public confidence in voting technologies has been badly shaken over the past years by, amongst other events, the problems with the 2000 and 2004 US presidential elections, the 2007 French presidential election and the 2007 electronic counting in Scotland. Serious vulnerabilities have been exposed in all currently deployed electronic voting and counting systems. Many of these systems use proprietary, protected code and the voters and election officials are expected to take assurances of the suppliers and certifiers on trust.
Designing Voting systems that provide high levels of assurance of accuracy and ballot secrecy with minimal trust assumptions is an immensely challenging one. The requirements of accuracy and auditability are in direct conflict with those of ballot secrecy. Furthermore, we must recognise that this is not a purely technical problem: a technically perfect solution that is not usable or does not command the confidence of the voters is not a viable solution.
Recently significant progress has been made and a number of schemes developed that provide verifiability of the election. These seek to provide end-to-end verifiability of the outcome, i.e. the accuracy of the outcome is independent of the code or hardware that implements the ballot processing. The assurance derives from maximal transparency and auditability. Voters are provided with the means to check that their vote is accurately included in the final tally, all the while maintaining ballot secrecy. Thus the assurance depends ultimately on the voters rather than the probity of election officials, suppliers of voting systems etc.
In this talk, I describe a particularly voter-friendly approach to achieving verifiability: Prêt à Voter and, in particular, recent developments, notably the use of Paillier encryption.
|
| Link: | http://www.cs.ncl.ac.uk/people/peter.ryan |
August 2008
August 28, 11:00 - Groupes SL2 et fonctions de hachage - SL2 Groups and hash functions
by Gilles Zémor
| Date: | August 28, 2008 - 11:00 |
| Location: | Meeting Room DICE - Maxwell Building, first floor.
Place du Levant, 3 - 1348 Louvain-la-Neuve |
| Abstract: | Nous ferons un survol des différentes propositions de fonctions de hachage cryptographiques fondées sur des groupes de matrices. Ces fonctions s'appuient sur un principe général simple: toute suite de symboles détermine une suite d'éléments du groupe et la valeur de la fonction est le produit de ces éléments. Les propriétés arithmétiques du groupe se traduisent alors par des propriétés désirables de la fonction de hachage. Nous examinerons les forces et faiblesses de ces schémas. ---
We will survey the different proposals of cryptographic hash functions based on matrix groups. Those functions rely on one simple general principle: any sequence of symbols determines a sequence of group elements, and the value of the function is the product of those elements. The arithmetic properties of the group then translate into expected properties of the hash function. We will discuss the strenghts and weaknesses of these schemes. |
December 2008
December 03, 16:00 - (Theoretical) Computer Science is Everywhere
by Erik Demaine
| Date: | December 03, 2008 - 16:00 |
| Location: | Sainte-Barbe Building
Place Sainte-Barbe - 1348 Louvain-la-Neuve |
| Abstract: | Theoretical computer science, and the algorithmic way of thinking,
transcends our traditional boundaries. I believe that algorithms are relevant
to every discipline of study, and will give eclectic examples from the arts and
sciences to business and society. The examples span the spectrum from serious
topics like protein folding and decoding Inka khipu to fun topics like juggling
and magic. |
| Link: | http://www.ulb.ac.be/di/francqui2008/ |
See also:
