Series of talks on cryptography by 3 2 international experts: Orr Dunkelman, Orhun Kara and Bart Preneel

Due to the recent events in Israel, Orr Dunkeman (University of Haifa, Israel) will not be able to give a seminar, expected on Wednesday 11th, 14:00. Videoconference is not possible either. The two other seminars (Orhun Kara and Bart Preneel) are confirmed and the time schedule remains unchanged (i.e. Orhun at 15:05 and Bart at 16:30).

International experts in Rennes on wednesday, october 11

• These presentations are open to external members of the IRISA laboratory or the Inria centre at Rennes University.
• Registration is free but compulsory for all people from outside IRISA and the Inria centre at the University of Rennes, by contacting Aurélie Patier (aurelie [*] patieririsa [*] fr)
• For those wishing to join Bart Preneel's seminar, which starts at 4.30pm, there will be a break just beforehand to allow everyone access to the room.

CANCELLED 14:00 - 14:55:  Orr Dunkelman (University of Haifa)

Title: Efficient Detection of High Probability Statistical Properties of Cryptosystems via Surrogate Differentiation

Abstract: A central problem in cryptanalysis is to find all the significant deviations from randomness in a given n-bit cryptographic primitive. When n is small (e.g., an 8-bit S-box), this is easy to do, but for large n, the only practical way to find such statistical properties was to exploit the internal structure of the primitive and to speed up the search with a variety of heuristic rules of thumb. However, such bottom-up techniques can miss many properties, especially in cryptosystems which are designed to have hidden trapdoors.

In this paper we consider the top-down version of the problem in which the cryptographic primitive is given as a structureless black box, and reduce the complexity of the best known techniques for finding all its significant differential and linear properties by a large factor of 2^n/2. Our main new tool is the idea of using surrogate differentiation. In the context of finding differential properties, it enables us to simultaneously find information about all the differentials with input difference \alpha by differentiating f() in a single randomly chosen direction (which is unrelated to the \alpha’s). In the context of finding linear properties, surrogate differentiation can be combined in a highly effective way with the Fast Fourier Transform. Similar techniques can be used to significantly improve the best known time complexities of finding related key differentials, second-order differentials, and boomerangs. In addition, we show how to run variants of these algorithms which require no memory, and how to detect such statistical properties even in trapdoored cryptosystems whose designers specifically try to evade our techniques.
This is a joint work with Itai Dinur, Nathan Keller, Eyal Ronen, and Adi Shamir.

15:05 – 16:00: Orhun Kara (Izmir Institute of Technology)

How to design secure stream ciphers vulnerable to tradeoff attacks!

In this talk, I open a discussion on how to design secure stream ciphers whose internal state sizes  are less than twice of their key sizes, which we call  SISS (Small Internal State Stream) ciphers.  In general, SISS ciphers in industry have notoriously bad reputation in terms of security, such as A5/1, E0, Hitag2. On the other hand, there are not sufficiently many studies in the literature about how to design and analyze  SISS ciphers. The main reason is the criterion that internal states must be at least twice as large as the key sizes due to tradeoff attacks. In this talk, I will address the consequences of this strict criterion.   I  argue that the tradeoff attacks should have the same security threshold, regardless of key or internal state recovery.  I introduce  a new strategy to design SISS ciphers by  introducing a new construction method for diffusion layers of SPN ciphers  with its security proofs and then I introduce a new SISS cipher family having unkeyed state update, which  we call DIZY, to embody our  construction method.

16:00 – 16:30 : Coffee-Break

16:30 – 17:25: Bart Preneel (KU Leuven)

The return of the crypto wars

The ongoing encryption debate, commonly known as the "crypto wars," revolves around the delicate balance between preserving individual privacy and meeting the demands of law enforcement in our increasingly digital world. The previous crypto wars primarily centered on key escrow for end-to-end encrypted communications, exemplified by the Clipper Chip in 1993, and access to a confiscated device in the high-profile Apple vs. FBI San Bernardino case in 2015. However, the current battle has shifted its focus to the detection of Child Sexual Abuse Material (CSAM) on devices, emphasizing client-side scanning.

From a law enforcement perspective, their core mission is to safeguard society, and they argue that technological advancements should not obstruct their ability to access information through legal warrants. Conversely, civil society and academic circles contend that introducing intercept capabilities could compromise overall security and potentially lead to misuse by non-democratic entities.

This presentation will delve into the technical intricacies of this ongoing debate and shed light on the broader policy implications. It aims to provide a comprehensive understanding of the challenges and implications surrounding the encryption debate, particularly in the context of CSAM detection, which has become a focal point in the current iteration of the crypto wars.