Attendees and speakers at the workshops must register. Please visit individual affiliated event pages below for schedules and more information.
In the Workshop on Reduction Proofs in Pseudocode (WRePP), we hope to break down some of the access barriers of the field for those interested in proofs for complex protocols and hope to provide inspiration also to experienced protocol designers and analysts.More info Show schedule
MathCrypt aims to provide a forum for exchanging ideas on new mathematical assumptions and attacks in cryptography, and to encourage and attract new researchers to work in the area of mathematical cryptography.More info Show schedule
All times are in UTC
|Session 1 - 13:00 - 14:00 UTC - Chair: David Jao
Trustless unknown-order groups
Samuel Dobson; Steven D. Galbraith;Benjamin Smith
Solving the constructive Deuring correspondence via the Kohel-Lauter-Petit-Tignol algorithm
Yuta Kambe; Masaya Yasuda; Masayuki Noro; Kazuhiro Yokoyama; Yusuke Aikawa; Katsuyuki Takashima; Momonari Kudo
Higher-Degree Supersingular Group Actions
Mathilde Chenu; Benjamin Smith
|break (15 min)
|Session 2 - 14:15 - 15:15 UTC - Chair: Nicolas Gama
The Landscape of Card-Based Protocols
Quantum Security of the Legendre PRF
Paul Frixons; André Schrottenloher
Provably Solving the Hidden Subset Sum Problem via Statistical Learning
Jean-Sebastien Coron; Agnese Gini
|break (15 min)
|Session 3 - poster talks - 15:30 - 15:50 UTC - Chair: Travis Morrison
|break (10 min)
|Session 4 - 16:00 - 17:00 UTC - Chair: Edoardo Persichetti
Cryptanalysis of Semidirect Product Key Exchange Using Matrices Over Non-Commutative Rings
Christopher Battarbee; Delaram Kahrobaei; Siamak F. Shahandashti
Index calculus attacks on hyperelliptic Jacobians with efficient endomorphisms
Sulamithe Tsakou; Sorina Ionica
Commitment Schemes from Supersingular Elliptic Curve Isogeny Graphs
The Privacy-Preserving Machine Learning Workshop (PPML) aims to strengthen collaborations among the machine learning and cryptography communities.More info Show schedule
New Techniques for Efficient Secure Computation
Chair: Carsten Baum
Secure Quantized Training for Deep Learning
ABY2.0: Improved Mixed-Protocol Secure Two-Party Computation with Applications to Privacy Preserving Machine Learning
SIRNN: A Math Library for Secure RNN Inference
Differential Privacy for Text Analytics via Natural Text Sanitization
Fighting COVID-19 in the Dark: End-to-End Methodology for Improved Inference Using Homomorphically Encrypted DNN
Privacy in Federated Learning at Scale
What can we learn from cryptography to develop more trustworthy ML?
Chair: Sahar Mazloom
NeuraCrypt is not private
Secure Poisson Regression
MUSE: Secure Inference Resilient to Malicious Clients
Cerebro: A Platform for Multi-Party Cryptographic Collaborative Learning
Privacy-preserving machine learning for support vector machines
Improved Multi-Party Fixed-Point Multiplication
The Workshop on Attacks in Cryptography (WAC) will bring together researchers who work on cryptographic attacks and provide a showcase of their work for the Crypto community.More info Show schedule
Raccoon Attack: Finding and Exploiting Most-Significant-Bit-Oracles in TLS-DH(E)
Diffie-Hellman key exchange (DHKE) is a widely adopted method for exchanging cryptographic key material in real-world protocols like TLS-DH(E). Past attacks on TLS-DH(E) focused on weak parameter choices or missing parameter validation. The confidentiality of the computed DH share, the premaster secret, was never questioned; DHKE is used as a generic method to avoid the security pitfalls of TLS-RSA.
We show that due to a subtle issue in the key derivation of all TLS-DH(E) cipher suites in versions up to TLS 1.2, the premaster secret of a TLS-DH(E) session may, under certain circumstances, be leaked to an adversary. Our main result is a novel side-channel attack, named Raccoon attack, which exploits a timing vulnerability in TLS-DH(E), leaking the most significant bits of the shared Diffie-Hellman secret. The root cause for this side channel is that the TLS standard encourages non-constant-time processing of the DH secret. If the server reuses ephemeral keys, this side channel may allow an attacker to recover the premaster secret by solving an instance of the Hidden Number Problem. The Raccoon attack takes advantage of uncommon DH modulus sizes, which depend on the properties of the used hash functions. We describe a fully feasible remote attack against an otherwise-secure TLS configuration: OpenSSL with a 1032-bit DH modulus. Fortunately, such moduli are not commonly used on the Internet.
Furthermore, with our large-scale scans we have identified implementation-level issues in production-grade TLS implementations that allow for executing the same attack by directly observing the contents of server responses, without resorting to timing measurements.
PARASITE: PAssword Recovery Attack against Srp Implementations in ThE wild
Protocols for Password-based Authenticated Key Exchange (PAKE) allow two users sharing only a short, low-entropy, password to establish a secure session with a cryptographically strong key. The challenge in designing such protocols is that they must resist offline dictionary attacks in which an attacker exhaustively enumerates the dictionary of likely passwords in an attempt to match the used password.
Recently, with the wide adoption of Dragonfly in WPA3 and the CFRG standardization competition, PAKEs protocols have been brought to light again by both academics and industrials. With this recent shift and adoption of new schemes came some practical considerations which may have been overlooked during the design and implementation of the first protocols. In particular, any leakage on a password related value may completely break the offline dictionary resistance.
In this talk, we study the resilience of one particular PAKE against these attacks. Indeed, we focus on the Secure Remote Password (SRP) protocol that was designed by T. Wu in 1998. Despite its lack of formal security proof, SRP has become a de-facto standard for more than 20 years, thanks to the availability of open-source implementations with no restrictive licenses.
We identified and exploited a timing leakage in the SRP implementation inside the OpenSSL library, allowing an attacker to perform an offline dictionary attack. This leakage stem from the use of an unusual, not constant-time, modular exponentiation, that can be exploited with a Flush+Reload timing attack.
Daniel De Almeida Braga is a second year PhD student in the IRISA Rennes, France. Before starting his academic journey, he received his Master degree in Cryptography from Rennes University in 2018. He worked one year at Amossys (Rennes, France) as a Security Analyst, where he had the occasion to have a glance at the (lack of) security of real world cryptographic implementations.
His research interests focus on vulnerabilities in cryptographic implementations, which can be related to the core protocol or implementation-specific. The ultimate goal of his PhD is to outline the practicability of such vulnerabilities by implementing attacks in a real world scenario, and provide long term patches.
Most recently, he studied deployed PAKEs such as Dragonfly (used in WPA3) and SRP (widely deployed in various contexts).
FragAttacks: Aggregation and Fragmentation Flaws in Wi-Fi
This presentation covers three security-related design flaws in Wi-Fi and various widespread implementation flaws. An adversary can abuse these to inject packets or exfiltrate selected frames. The first design flaw is present in Wi-Fi's frame aggregation feature where a flag in the Wi-Fi header is not properly protected. The other two design flaws are present in Wi-Fi's frame fragmentation feature where the receiver improperly verifies and manages fragments. These design flaws affect all protected Wi-Fi networks, including the ancient WEP protocol, meaning these flaws have been part of Wi-Fi since its inception.
Regarding the implementation flaws, we found that some devices accept plaintext frames in a protected Wi-Fi network and others accept plaintext aggregated frames that resemble handshake messages. The resulting attacks will be demonstrated, such as turning an IoT power socket on and off, remotely exploiting an outdated Windows 7 machine, and a tool will be released that can be used to test Wi-Fi products against all the discovered vulnerabilities.
Partitioning Oracle Attacks
In this talk I will introduce partitioning oracles, a new class of decryption error oracles which, conceptually, take a ciphertext as input and output whether the decryption key belongs to some known subset of keys. We introduce the first partitioning oracles which arise when encryption schemes are not committing with respect to their keys. The talk will detail novel adaptive chosen ciphertext attacks that exploit partitioning oracles to efficiently recover passwords and deanonymize anonymous communications. The attacks utilize efficient key multi-collision algorithms — a cryptanalytic goal that we define — against widely used authenticated encryption with associated data (AEAD) schemes, including AES-GCM, XSalsa20/Poly1305, and ChaCha20/Poly1305. I will describe how we build a practical partitioning oracle attack that quickly recovers passwords from Shadowsocks proxy servers. The talk will also survey early implementations of the OPAQUE protocol for password-based key exchange, and show how many could be vulnerable to partitioning oracle attacks due to incorrectly using non-committing AEAD. Our results suggest that the community should standardize and make widely available committing AEAD to avoid such vulnerabilities.
This is joint work with Paul Grubbs and Thomas Ristenpart.
Are deep-learning based side-channels a fad or the future?
The Role of Integrity in Attestation and Isolation
The ongoing trend of moving data and computation to the cloud is met with concerns regarding privacy and protection of intellectual property. Cloud providers strive to address these concerns by offering execution in isolated and trusted environments, removing themselves from the trust base.
Trusted Execution Environments are built on two main pillars: attestation and isolation. The variety in the implementation of these two features is broad and ranges from pure hardware or software enforced access protection, to sophisticated schemes with complex cryptographic protection. However, the downside of stronger isolation and protection usually comes in terms of decreased performance.
In this talk, we explore two attacks on AMD SEV highlighting why integrity protection is paramount to secure TEEs in untrusted environments.
Fault Attacks on CCA-secure Lattice KEMs
NIST's post-quantum standardization effort very recently entered its final round. This makes studying the implementation-security aspect of the remaining candidates an increasingly important task, as such analyses can aid in the final selection process and enable appropriately secure wider deployment after standardization. However, lattice-based key-encapsulation mechanisms (KEMs), which are prominently represented among the finalists, have thus far received little attention when it comes to fault attacks.
Interestingly, many of these KEMs exhibit structural similarities. They can be seen as variants of the encryption scheme of Lyubashevsky, Peikert, and Rosen, and employ the Fujisaki-Okamoto transform (FO) to achieve CCA2 security. The latter involves re-encrypting a decrypted plaintext and testing the ciphertexts for equivalence. This corresponds to the classic countermeasure of computing the inverse operation and hence prevents many fault attacks.
In this talk, we show that despite this inherent protection, practical fault attacks are still possible. We present an attack that requires a single instruction-skipping fault in the decoding process, which is run as part of the decapsulation. After observing if this fault actually changed the outcome (effective fault) or if the correct result is still returned (ineffective fault), we can set up a linear inequality involving the key coefficients. After gathering enough of these inequalities by faulting many decapsulations, we can solve for the key using a bespoke statistical solving approach. As our attack only requires distinguishing effective from ineffective faults, various detection-based countermeasures, including many forms of double execution, can be bypassed.
We apply this attack to Kyber and NewHope, both of which belong to the aforementioned class of schemes. Using fault simulations, we show that, e.g., 6,500 faulty decapsulations are required for full key recovery on Kyber512. To demonstrate practicality, we use clock glitches to attack Kyber running on a Cortex M4. As we argue that other schemes of this class, such as Saber, might also be susceptible, the presented attack clearly shows that one cannot rely on the FO transform's fault deterrence and that proper countermeasures are still needed.
Peter Pessl is a Security Architect at Infineon Technologies, Munich. He received his PhD at the Institute of Applied Information Processing and Communications (IAIK) at Graz University of Technology, where he also worked as a Postdoc. His research targets implementation attacks, such as power analysis or fault injections, and respective countermeasures for cryptographic primitives. In particular, he focuses on the implementation security of lattice-based cryptography as well as other schemes belonging to the field of post-quantum cryptography.
Baby Sharks: Small-Subgroup Attacks to Disrupt Large Distributed Systems
Elliptic-curve cryptography is now a common choice by practicioners, implementing cryptographic primitives that require a group of large prime order. However, for some elliptic curves, the prime order group is a subgroup of a larger composite-order group. Two such examples are Curve25519 and the pairing friendly curve BLS12-381. Protocols that are implemented with these curves are susceptible to subgroup attacks where a point from the composite-order group is used instead of the prime-order group. Such attacks were previously demonstrated in the wild for Curve25519, e.g. CryptoNote double spend vulnerability.
In this talk we focus on subgroups attacks in distributed key generation (DKG) protocols implementations. Such protocols involve interaction between distrusting parties, usually with a requirement to communicate group elements. Due to the overhead in complexity, we notice that implementors occasionally forget to sanitise the received group elements. We look at DKGs that are part of threshold EdDSA and threshold BLS protocols and used in applications such as consensus, distributed randomness beacon and threshold validator. We show how injecting small order subgroup elements can bypass security for cryptographic primitives used in DKGs such as VSS, sigma protocols and digital signatures. We discuss the potential damage of our attacks on the mentioned applications.
Omer Shlomovits (@OmerShlomovits) is the co-founder and VP of Research of ZenGo (founded 2018), a Tel-Aviv based company building products for consumers in the blockchain space. He also runs ZenGo X, a 500+ member research community. In 2019 Omer co-founded MPC-Alliance, a consortium of 50+ companies collaborating to advance MPC technology. He currently serves as a board-member and head of the technical committee.
A Side Journey To Titan
The Google Titan Security Key is a FIDO U2F hardware device proposed by Google (available since July 2018) as a two-factor authentication token to sign in to applications such as your Google account. In this paper, we present a side-channel attack that targets the Google Titan Security Key ’s secure element (the NXP A700x chip) by the observation of its local electromagnetic radiations during ECDSA signatures. This work shows that an attacker can clone a legitimate Google Titan Security Key. As a side observation, we identified a novel correlation between the elliptic curve group order and the lattice-based attack success rate.
Victor holds a master degree in cryptology and computer security from the university of Bordeaux, France, and a PhD degree in microelectronics from the university of Montpellier, France. He worked during 7 years as security expert in the hardware security team of the scientific division of ANSSI (French Cybersecurity Agency) in Paris, France. During these years he created and was responsible for the team lab, worked as penetration tester on a wide range of products, and was technical support for the ANSSI National Certification Center. He then came back to work as researcher at the LIRMM (laboratory of computer science, robotics and microelectronics of the university of Montpellier), before co-founding NinjaLab. Victor is also an active academic researcher in the fields of cryptology and hardware security, with publications, keynotes and program committee membership in top conferences like CHES, FDTC and COSADE.