Keynote Speakers
Peter Schwabe
Title
Towards a new generation of cryptographic software
Abstract
Cryptographic software is currently facing two major challenges. First, upgrading our cryptographic infrastructure to post-quantum primitives is probably the largest and most demanding cryptographic migration effort ever. New software needs to be written, optimized for different platforms, extensively tested and audited, and eventually integrated into protocols and systems.
Second, it becomes increasingly clear that the "constant-time'' programming paradigm is insufficient as a systematic defense against side-channel attacks, even when attackers are constrained to software-visible leakage only. Reasons range from compiler optimizations that eliminate source-level side-channel protections, through Spectre attacks that exploit microarchitectural leakage during speculative exeuction, to attacks like Hertzbleed, which blur the line between hardware-visible and software-visible leakage.
Fortunately, over the last decade, also the field of high-assurance cryptography, has made enormous progress. Research at the intersection of cryptography and formal methods has produced languages and tools that help us tackle these challenges. In my talk I will present what these tools are capable of and how they enable a new generation of cryptographic software with strong formal guarantees of correctness and security. I will use the concrete example of ML-KEM software that is end-to-end formally verified from the assembly level to the IND-CCA security notion, and which establishes a new state of the art in terms of principled protection against microarchitectural attacks.
Biography
Peter Schwabe is scientific director at MPI-SP professor at Radboud University and Adjunct Professor at Ruhr University Bochum. He graduated from RWTH Aachen University in computer science in 2006 and received a Ph.D. from the Faculty of Mathematics and Computer Science of Eindhoven University of Technology in 2011. He then worked as a postdoctoral researcher at the Institute for Information Science and the Research Center for Information Technology Innovation of Academia Sinica, Taiwan and at National Taiwan University.
His research area is cryptographic engineering; in particular the security and performance of cryptographic software. He published more than 80 articles in journals and at international conferences presenting, for example, fast software for a variety of cryptographic primitives including AES, hash functions, elliptic-curve cryptography, and cryptographic pairings. He has also published articles on fast cryptanalysis, in particular attacks on the discrete-logarithm problem.
In recent years he has focused in particular on post-quantum cryptography. He co-authored the "NewHope" and "NTRU-HRSS" lattice-based key-encapsulation schemes which were used in post-quantum TLS experiments by Google and he was co-submitter of seven proposals to the NIST post-quantum crypto project, all of which made it to the second round, five of which made it to the third round, and 3 of which were selected after round 3 for standardization.
In 2021, he co-founded the Formosa-Crypto project, an effort by multiple research groups to build (post-quantum) cryptographic software with formal proofs of functional correctness and security.
Ron Steinfeld
Title
How to use a short secret: on the evolution of lattice-based cryptography design and analysis
Abstract
Lattice-based cryptography is a leading approach for post-quantum cryptography. Although analogies exist between lattice-based cryptography and pre-quantum approaches to public-key cryptography (e.g. based on the discrete logarithm problem), the design and security analysis of lattice-based crypto systems has proven to be more involved and subtle compared to pre-quantum cryptography. In this talk, we discuss the sources of these subtleties and evolution of some techniques developed to deal with them, with examples of their applications to enable the design of efficient and secure lattice based cryptographic schemes and protocols.
Biography
Ron Steinfeld received his Ph.D. degree in Computer Science in 2003 from Monash University, Australia. He then joined Macquarie University, Australia as a postdoctoral research fellow, where he held a Macquarie University Research Fellowship and ARC Australian Research Fellowship. In 2012, he joined Monash University, Australia as a Lecturer, where he is now a Professor and Cybersecurity Group Lead at the Department of Software Systems and Cybersecurity.
His main research interests are in the design and analysis of cryptographic algorithms and protocols, with a focus on quantum-resistant cryptography and its applications. His research spans from theoretical foundation to design of protocols and their implementation engineering aspects. He recently received the 2024 Test of Time award from the International Association for Cryptologic Research (IACR) for his foundational paper in Asiacrypt 2009 on structured lattice problems, that are the basis for three US NIST Post-Quantum Cryptography standards published in 2024.
Sherman S.M. Chow
Title
Our Cryptography Works... But: Stability, Models, and Cost
Abstract
Standard cryptographic research typically evaluates a design by whether it satisfies a formal definition in a given model with stated costs. Systems that matter in society, however, run for years under heavy and sometimes hostile use and must fit strict resource budgets. Motivated by this tension, this talk asks what it means for designs to "work" once deployed, through three lenses: stability, models, and cost.
Secure society runs on rails for naming and paying. Here I will use anonymous credentials and cryptocurrencies as concrete examples. Even with strong cryptography, the lifecycle of anonymous records and the everyday handling of abuse and disputes influence how the system behaves in practice. Relegating these questions to afterthoughts tends to make such systems unsustainable in the long run.
Multi-party data flows shift attention to what platforms and collaborators learn about users. Alongside our own work, I will draw on deployed secure aggregation, encrypted search systems, and private set intersection. New stresses appear when schemes designed for simple paper models are run in multi-client settings with different service requirements.
Computation based on large machine-learning models now drives many online systems. Here the focus is on secure machine learning (ML), from differential privacy to cryptographic techniques. On realistic models, generic secure computation and proof techniques remain expensive, so secure ML–crypto co-design built around model structure and service budgets becomes necessary. With these case studies, the talk aims to sharpen our sense of how stability, models, and cost shape cryptographic system design.
Biography
Sherman S. M. Chow received his Ph.D. from New York University and was a research fellow at the University of Waterloo before joining The Chinese University of Hong Kong. His research focuses on cryptography and security, with work spanning privacy-enhancing technologies and secure distributed systems, and he has served on program committees for major conferences including Asiacrypt, Crypto, Eurocrypt, CCS, NDSS, S&P, and USENIX Security.