Dagstuhl-Seminar 16371
Public-Key Cryptography
( 11. Sep – 16. Sep, 2016 )
Permalink
Organisatoren
- Marc Fischlin (TU Darmstadt, DE)
- Alexander May (Ruhr-Universität Bochum, DE)
- David Pointcheval (ENS - Paris, FR)
- Tal Rabin (IBM TJ Watson Research Center - Yorktown Heights, US)
Kontakt
- Andreas Dolzmann (für wissenschaftliche Fragen)
- Simone Schilke (für administrative Fragen)
Impacts
- A Modular Analysis of the Fujisaki-Okamoto Transformation : article in TCC 2017 : Theory of Cryptography : pp 341-371 - Hofheinz, Dennis; Hövelmanns, Kathrin; Kiltz, Eike - Berlin : Springer, 2017. - (Lecture notes in computer science ; 10677 : article).
- Be Adaptive, Avoid Overcommitting - Jafargholi, Zahra; Kamath, Clethan; Klein, Karen; Komargodski, Ilan; Wichs, Daniel; Pietrzak, Krzysztof - icar.org, 2017. - 43 S..
- CRYSTALS - Kyber : a CCA-secure module-lattice-based KEM - Bos, Joppe; Ducas, Leo; Kiltz, Eike; Lepoit, Tancrede; Lyubashevsky, Vadim; Stehle, Damien; Schwabe, Peter; Schanck, John M. - Cornell University : arXiv.org, 2017..
- Memory-Tight Reductions : article in CRYPTO 2017 : Advances in Cryptology : pp 101-132 - Auerbach, Benedikt; Cash, David; Fersch, Manuel; Kiltz, Eike - Berlin : Springer, 2017 - (Lecture notes in computer science ; 10401 : article).
Programm
Cryptography has turned out to be an invaluable tool for protecting the confidentiality and integrity of digital data. At the same time, cryptography does not yet provide satisfying solutions to all practical scenarios and threats. To accomplish appropriate protection of the data, cryptography needs to address several challenges.
First, cryptography needs to provide the fundamental primitives from which higher-level protocols can be derived. This requires to investigate the feasibility of building useful primitives, to scrutinize the hardness of the underlying problems and assumptions, and to explore the applicability of such primitives. Recently, advances in cryptanalytic techniques for finite fields with small characteristic and problems like subset sum, decoding of linear codes and the widely used LPN/LWE-assumptions have gained quite some attention in this area.
The second challenge is to make cryptographic primitives match the efficiency requirements for deployment in various scenarios, possibly iterating the fundamental design step. A recent example are the advances in indistinguishability obfuscation which is still at an early development stage. Here fundamental questions about feasibility and efficiency improvements are still open. A step ahead in this regard are fully homomorphic encryption schemes where people are already working on optimizations.
The third challenge is to make sure that the primitives are used appropriately in larger protocols, and to provide security analyses of practically deployed protocols. A striking example here is TLS where cryptographers still struggle to provide a comprehensive analysis of the current TLS standard 1.2, and yet the new version 1.3 is already at the horizon.
Each of the three challenge areas - cryptanalysis and foundations (investigating and evaluating new primitives), optimization (making solutions more efficient), and deployment (designing real-world protocols) - can be viewed as transitional steps to devise cryptographic solutions for protecting actual data. Since we view all steps of being equally important and an integral part of cryptographic research, the seminar should bring together experts from all these areas, stimulating interaction between the areas.
The overall objectives of this Dagstuhl Seminar are:
- For the cryptanalytic techniques we study the full extent to which they can be generalized and explore whether techniques from different areas interact and benefit from each other. This is crucial to establish well defined security levels for cryptographic assumptions, and to communicate secure parameter selection procedures to implementers of cryptographic protocols.
- Regarding the foundational aspects, the seminar offers the possibility to scrutinize the now emerging primitives and concepts of multilinear maps and indistinguishability obfuscation. We expect numerous new results along these lines in the upcoming years, till the proposed Dagstuhl Seminar would happen. The seminar's objective is to consolidate and to discuss future directions in these areas.
- Concerning the optimization aspects we expect further progress in the applicability of operational cryptography, especially (fully or somewhat) homomorphic encryption. The goal of the seminar in this area is to push the solutions even further in terms of efficiency, and to identify the obstacles for a larger deployment such as for Big Data.
- In terms of deployment the goal of the seminar is to advance the analysis of new real-world protocols, especially key exchange protocols such as TLS 1.3, and to provide feedback to designers and engineers of such protocols.
Cryptography has turned out to be an invaluable tool for protecting the confidentiality and integrity of digital data. At the same time, cryptography does not yet provide satisfying solutions to all practical scenarios and threats. To accomplish appropriate protection of the data, cryptography needs to address several challenges.
Cryptography has always been a prominent theme within the Dagstuhl Seminar series, with the first meeting about cryptography held in 1993, and subsequent seminars on this topic about every 5 years. In 2007 and 2012 a seminar for the subarea of "Symmetric Cryptography" has been added, inciting us to coin the seminar here "Public-Key Cryptography" for sake of distinction. The public-key branch has been held for the second time, after the first event in 2011.
The seminar brought together 27 scientists in the area of public-key cryptography, including three student researchers who were invited by Dagstuhl to pick a seminar to participate in. The participants came from all over the world, including countries like the US, Great Britain, Israel, France, or Japan. Among the affiliations, Germany lead the number with 9 participants, followed by the US and France with 6 each. The program contained 21 talks, each of 25 to 60 minutes, and a panel discussion about the uneasiness with the current state of our reviewing system, with a free afternoon on Wednesday for social activities and the afternoon on Thursday for collaborations. Before the seminar, we asked the participants to present very recent and ongoing work which, ideally, should not have been published or accepted to publication yet. Most of the participants followed our suggestion and to a large extend the presentations covered topics which have not even been submitted at the time.
The topics of the talks represented the diversity of public-key cryptography. The goal of the seminar was to bring together three challenge areas in cryptography, namely, cryptanalysis and foundations (investigating and evaluating new primitives), optimization (making solutions more efficient), and deployment (designing real-world protocols). As envisioned, the seminar thus has a good mixture of talks from these areas. There were also suggestions to try to co-locate future events of the seminar with other security-related events at Dagstuhl to foster even broader interdisciplinary research. Discussions during and after the talks were lively. It seems as if the goal of stimulating collaborations among these areas has been met. The discussion about the reviewing system has led to some hands-on practices which could be deployed to improve the quality of reviews. This includes incentives such as``Best Reviewer Awards'' and teaching students about proper reviewing.
- Adekunle Oluseyi Afolabi (University of Kuopio, FI) [dblp]
- Fabrice Benhamouda (IBM TJ Watson Research Center - Yorktown Heights, US) [dblp]
- Johannes A. Buchmann (TU Darmstadt, DE) [dblp]
- David Cash (Rutgers University, US) [dblp]
- Pooya Farshim (ENS - Paris, FR) [dblp]
- Marc Fischlin (TU Darmstadt, DE) [dblp]
- Pierre-Alain Fouque (University of Rennes, FR) [dblp]
- Vipul Goyal (Microsoft Research India - Bangalore, IN) [dblp]
- Iftach Haitner (Tel Aviv University, IL) [dblp]
- Dennis Hofheinz (KIT - Karlsruher Institut für Technologie, DE) [dblp]
- Antoine Joux (CNRS & University Pierre & Marie Curie - Paris, FR) [dblp]
- Eike Kiltz (Ruhr-Universität Bochum, DE) [dblp]
- Alexander Koch (KIT - Karlsruher Institut für Technologie, DE) [dblp]
- Tal Malkin (Columbia University - New York, US) [dblp]
- Alexander May (Ruhr-Universität Bochum, DE) [dblp]
- Jörn Müller-Quade (KIT - Karlsruher Institut für Technologie, DE) [dblp]
- Phong Nguyen (Inria & CNRS/JFLI - Paris, FR & University of Tokyo, JP) [dblp]
- Kenneth G. Paterson (Royal Holloway University of London, GB) [dblp]
- Krzysztof Pietrzak (IST Austria - Klosterneuburg, AT) [dblp]
- David Pointcheval (ENS - Paris, FR) [dblp]
- Tal Rabin (IBM TJ Watson Research Center - Yorktown Heights, US) [dblp]
- Sven Schäge (Ruhr-Universität Bochum, DE) [dblp]
- Suzanna Schmeelk (Columbia University - New York, US) [dblp]
- Dominique Schröder (Universität Erlangen-Nürnberg, DE) [dblp]
- Jacob Schuldt (AIST - Tsukuba, JP) [dblp]
- Vinod Vaikuntanathan (MIT - Cambridge, US) [dblp]
- Hoeteck Wee (ENS - Paris, FR) [dblp]
Verwandte Seminare
- Dagstuhl-Seminar 9339: Cryptography (1993-09-27 - 1993-10-01) (Details)
- Dagstuhl-Seminar 9739: Cryptography (1997-09-22 - 1997-09-26) (Details)
- Dagstuhl-Seminar 02391: Cryptography (2002-09-22 - 2002-09-27) (Details)
- Dagstuhl-Seminar 07381: Cryptography (2007-09-16 - 2007-09-21) (Details)
- Dagstuhl-Seminar 11391: Public-Key Cryptography (2011-09-25 - 2011-09-30) (Details)
Klassifikation
- security / cryptology
Schlagworte
- Encryption
- Signatures
- Cryptanalysis
- Obfuscation
- Homomorphic Encryption
- Key Exchange