Search by date:
1998

1999

2000

2001

2002

2003

2004

2005

2006

2007

2008

2009

2010

2011

2012

2013

2014

2016

2017

2018

2019
 Forthcoming
If you wish to be informed about our seminars by email,
please contact Francesco Berti, Olivier Pereira or FrançoisXavier Standaert .
Seminars for the year 2009
February 2009
February 05, 10:30  Quantitative security of block ciphers : designs and cryptanalysis tools
by Thomas Baignères
Date:  February 05, 2009  10:30 
Location:  BARB20  SainteBarbe Building Place SainteBarbe  1348 LouvainlaNeuve 
Abstract:  Block ciphers probably figure in the list of the most important cryptographic primitives. Although they are used for many different purposes, their essential goal is to ensure confidentiality. In this talk, we are concerned by their quantitative security, that is, by measurable attributes that reflect their ability to guarantee this confidentiality. We will first consider the (in)security of block ciphers against statistical cryptanalytic attacks and develop some tools to perform optimal attacks and quantify their efficiency. We start by studying a simple setting in which the adversary has to distinguish between two sources of randomness and show how an optimal strategy can be derived in certain cases. We show that in practice the cardinality of the sample space is too large for the optimal strategy to be implemented and how this naturally leads to the concept of projectionbased distinguishers. We show how these distinguishers between random sources can be turned into distinguishers between random oracles (or block ciphers) and how, in this setting, one can generalize linear cryptanalysis to Abelian groups. In the second part of this talk, we introduce two new constructions. We start by recalling some essential notions about provable security for block ciphers and about Serge Vaudenay's Decorrelation Theory, and introduce new simple modules for which we prove essential properties that we will later use in our designs. We then present the block cipher C and prove that it is immune against a wide range of cryptanalytic attacks. In particular, we compute its exact security against linear and differential cryptanalysis, taking into account the cumulative effect of the linear hull and of differentials. We then introduce the main ideas underlying the design of KFC, a block cipher which builds upon the same foundations as C but for which we can prove results for higher order adversaries. BIO: Thomas Baignères started his PhD in 2003 at EPFL, under the supervision of Prof. Serge Vaudenay. He successfully defended his thesis on November 2008. His research covers block ciphers and the foundations of their cryptanalysis. Apart from research, Thomas was one of the general chairs of FSE'08, coauthored an exercise book on cryptography published by Springer and, together with Matthieu Finiasz (ENSTA), he developed iChair, a submission/review server software. 
February 05, 11:30  A Statistical Saturation Attack against the Block Cipher PRESENT
by Dr. Baudoin Collard
Date:  February 05, 2009  11:30 
Location:  BARB20  SainteBarbe Building Place SainteBarbe  1348 LouvainlaNeuve 
Abstract:  In this talk, we present a statistical saturation attack that combines previously introduced cryptanalysis techniques against block ciphers. As the name suggests, the attack is statistical and can be seen as a particular example of partitioning cryptanalysis. It can also be seen as a dual to saturation attacks in the sense that it exploits the diffusion properties in block ciphers and a combination of active and passive multisets of bits in the plaintexts. The attack is chosenplaintext in its basic version but can be easily extended to a knownplaintext scenario. As an illustration, it is applied to the block cipher PRESENT proposed by Bogdanov et al. at CHES 2007. We provide theoretical arguments to predict the attack efficiency and show that it improves previous (linear, differential) cryptanalysis results. We also provide experimental evidence that we can break up to 15 rounds of PRESENT with 2^{35.6} plaintextciphertext pairs. Eventually, we discuss the attack specificities and possible countermeasures. BIO: Baudoin Collard started a PhD under the direction of JeanJacques Quisquater in September 2006 after he graduated as an engineer in Applied Mathematics. He is now a member of the UCL Crypto Group. He is working on the Walloon project Cosmos, which is about secured wireless sensor networks, and the cryptanalysis of block ciphers. His previous work relates to the linear cryptanalysis of the block cipher Serpent, and on improving the time complexity of the linear cryptanalysis.

March 2009
March 11, 15:00  Cycle codes of graphs and MDS Array codes
by Gilles Zémor
Date:  March 11, 2009  15:00 
Location:  Auditoire Euler, 002, Euler Building (near Maxwell Building) Avenue Georges Lemaître, 46  1348 LouvainlaNeuve 
Abstract:  We provide a compact description of some families of low density MDS array codes in terms of cycles codes of coloured graphs. This includes a short description of Xu et al.’s “Bcode”, together with its erasure and error decoding algorithms. We also give a partial answer to Xu et al.’s question about efficient error decoding for the dual Bcode. We give alternative families of MDS array cycle codes, and in passing prove that an optimal MDS array cycle code of minimum column distance 4 is given by an appropriate coloring of the Petersen graph. 
April 2009
April 08, 14:00  Some Integral Properties of Rijndael
by Marine Minier
Date:  April 08, 2009  14:00 
Location:  Auditoire Euler, 002, Euler Building (near Maxwell Building) Avenue Georges Lemaître, 46  1348 LouvainlaNeuve 
Abstract:  In this talk, we present new integral properties for all the Rijndael versions and show how to build unknown key distinguishers and also known key distinguishers. We also give a formal definition of a known key distinguisher and show how to apply this result for a particular hash function of the SHA3 competition. 
April 15, 14:00  Security in WSNs
by Marine Minier
Date:  April 15, 2009  14:00 
Location:  Auditoire Euler, 002, Euler Building (near Maxwell Building) Avenue Georges Lemaître, 46  1348 LouvainlaNeuve 
Abstract:  WSNs are composed of a large number of lowcost, lowpower, and multifunctional sensor nodes that communicate at short distances through wireless links. They are selfconfiguring, selfmaintaining and usually deployed in an open and uncontrolled environment that requires secure communication and routing. All these characteristics make the security mechanisms more complicated to build than in standard wired networks. Due to the open and hostile environment nature, those networks are vulnerable to several attacks. We present in this talk three particular mechanisms that allow to create secure communicationin WSNs and also to prevent wormhole attacks.

April 24, 10:00  Workshop on Deciphering Inka Khipus and Other Lost Languages
Date:  April 24, 2009  10:00 
Location:  SainteBarbe Building Place SainteBarbe  1348 LouvainlaNeuve 
Abstract:  The workshop will gather researchers to discuss and research the possible use of algorithmic and cryptographic tools to decipher Inka Khipus and other lost written languages.
It is organized under the umbrella of Erik D. Demaine's Francqui Chair 20082009.
[Speakers: Erik D. Demaine (MIT), Martin Demaine (MIT), Stefan Langerman (ULB), JeanJacques Quisquater (UCL), Gary Urton (Harvard), Barthelemy d´Ans (Presidente Instituto Peruano de Astronomia), Yves Duhoux (UCL), Nicolas Cauwe (Musée du Cinquantenaire)] 
Link:  http://www.ulb.ac.be/di/francqui2008/khipu.html 
May 2009
May 04, 10:45  Electronic Systems Design (Speaker Prof. JeanPierre Deschamps)
Date:  May 04, 2009  10:45 
Location:  Unspecified location 
Abstract:  LOCATION BARB11
Nowadays, complex electronic systems are used for almost all human activities. Some common examples are consumer electronics, industrial control systems and automotive applications. In many cases, the best option for implementing them is a System On a Chip (SOC), integrating within the same Integrated Circuit (for example an ASIC or an FPGA) one or several processors executing software, coprocessors and accelerators performing complex operations, busses, memories, input  output interfaces, and so on. 
May 04, 14:30  Nouveaux résultats en cryptographie basée sur les codes correcteurs d'erreurs (Speaker: PierreLouis Cayrel)
Date:  May 04, 2009  14:30 
Location:  Room 207, Euler Building (near Maxwell Building) Avenue Georges Lemaître, 46  1348 LouvainlaNeuve 
Abstract:  Abstract: Je présenterai dans un premier temps la cryptographie basée sur les
codes correcteurs d'erreurs (schéma de McEliece, Niederreite) puis je
détaillerai le schéma d'identification et de signature de Stern (CRYPTO 1993)
et le schéma de signature de CourtoisFiniaszSendrier (ASIACRYPT 2001). Je
présenterai ensuite 3 travaux récents sur ce sujet :
 une construction sécurisée du schéma de Stern contre les attaques par
canaux cachés (DPA)
 un schéma de signature basé sur l'identité, prouvé sûr mêlant le
schéma de Stern et le schéma de signature de CourtoisFiniaszSendrier.
 un schéma de signature de cercle (de taille n) à seuil (toutofn
threshold ring signature scheme) construit comme une généralisation du
schéma de Stern
Cet exposé se base sur une série de trois travaux réalisés avec Philippe
Gaborit et Emmanuel Prouff (pour le premier), Philippe Gaborit, David Galindo
et Marc Girault (pour le deuxième) et Carlos Aguilar Melchor et Philippe
Gaborit (pour le troisième). 
May 05, 16:15  Electronic Systems Design (Speaker Prof. JeanPierre Deschamps)
Date:  May 05, 2009  16:15 
Location:  Unspecified location 
Abstract:  LOCATION BARB02
Nowadays, complex electronic systems are used for almost all human activities. Some common examples are consumer electronics, industrial control systems and automotive applications. In many cases, the best option for implementing them is a System On a Chip (SOC), integrating within the same Integrated Circuit (for example an ASIC or an FPGA) one or several processors executing software, coprocessors and accelerators performing complex operations, busses, memories, input  output interfaces, and so on. 
July 2009
July 23, 11:00  Anonymous and Transparent Gatewaybased PasswordAuthenticated Key Exchange (speaker: Malika Izabachene)
Date:  July 23, 2009  11:00 
Location:  Auditoire Euler, 002, Euler Building (near Maxwell Building) Avenue Georges Lemaître, 46  1348 LouvainlaNeuve 
Abstract:  In Asiacrypt 2005, Abdalla et al. put forward the notion of
gatewaybased passwordauthenticated key exchange (GPAKE) protocol,
which allows clients and gateways to establish a common session key
with the help of an authentication server. In addition to the
semantic security of the session key, their solution also provided
additional security properties such as password protection with
respect to malicious gateways and key privacy with respect to
curious authentication servers.
We further pursue this line of research and present a new and stronger
security model for GPAKE schemes, combining all abovementioned security properties.
In addition to allowing a security proof for all these security
properties, the new security model has also other
advantages over the previous one such as taking into account user
corruptions.
After describing the new security model, we then present a new variant
of the GPAKE scheme of Abdalla
et al. with similar efficiency. Like the original scheme, the new scheme
is also transparent in that it does not differ
significantly from a classical PAKE scheme from the point of view of a
client.
Finally, we also show how to add client anonymity with respect to the
server to the basic GPAKE scheme by using private information retrieval
protocols.
Joint work with Michel Abdalla and David Pointcheval

August 2009
August 25, 10:30  Unified Point Addition Formulas for Elliptic Curve Cryptography and Implementation Attacks (Speaker: Marc Joye)
Date:  August 25, 2009  10:30 
Location:  Auditoire Euler, 002, Euler Building (near Maxwell Building) Avenue Georges Lemaître, 46  1348 LouvainlaNeuve 
Abstract:  Elliptic curve cryptography bases its security on the intractability of computing discrete logarithms on elliptic curves over finite fields. As is customary, elliptic curves are usually expressed by a Weierstrass equation. However, although secure from a mathematical point of view, the resulting cryptosystem may succumb to implementation attacks. With the Weiertrass model, the group law is given by the chordandtangent rule, leading to separate formulas for point addition and for point doubling. This different behavior (i.e., addition of different points or of equal points) may be distinguished by observing a suitable side channel such as the power consumption or electromagnetic emanations. This in turn may reveal the secret value of scalar k in the computation of kP, where P denotes an input point on an elliptic curve over a finite field.
In order to prevent sidechannel attacks, implementers began to investigate other ways to evaluate point addition formulas and other models for representing elliptic curves, including the Hessian model, the Jacobi model (both as a quartic curve or as the intersection of two quadrics), and the Edwards model. Interestingly, it was shown that the point addition formulas may, up to some extent, become unified, that is, that they are valid for both the point addition and the point doubling. In certain cases, stronger results were obtained, namely complete point addition formulas. A point addition formula is said to be complete when it is not only unified but also valid for the neutral element.
These unified curve models revealed useful for cryptographic implementations as they offer a natural protection against sidechannel attacks based on simple power analysis (SPA) or simple electromagnetic analysis (SEMA). In this talk, we will review all unified models considered so far. We will show that, in addition to sidechannel attacks, the unified models are also useful to protect against another class of implementation attacks, namely the fault attacks. We will present new countermeasures against fault attacks, making use of unified addition formulas.

October 2009
October 16, 11:00  Brute Force Solving of Quadratic Equations on GPU
by Ruben Niederhagen
Date:  October 16, 2009  11:00 
Location:  Auditoire Euler, 002, Euler Building (near Maxwell Building) Avenue Georges Lemaître, 46  1348 LouvainlaNeuve 
Abstract:  GPUs are attracting attention in many fields of high performance
computing including cryptanalysis due to their enormous computation
capabilities. Since the release of the CUDA SDK in early 2007 and of the
OpenCL specification in December 2008, programmers have two powerful
tools at hand to take advantage of GPUs as coprocessors for handling
heavy computational workloads.
This seminar talk will give an introduction to the architecture of GPUs
and to the CUDA SDK. We will discuss basic programming and optimization
techniques for GPUs using the example of an exhaustive search for
solutions of a quadratic equation system over GF(2). The focus of the
talk lies on pointing out the challenges and pitfalls which arise by
exploiting this specialized hardware platform for cryptanalytic
applications.

October 22, 11:00  ServerAided Cryptography for Anonymity
by Dr. Iwen Coisel
Date:  October 22, 2009  11:00 
Location:  Room 207, Euler Building (near Maxwell Building) Avenue Georges Lemaître, 46  1348 LouvainlaNeuve 
Abstract:  Portable devices (mobile phones, smart cards, ...) are very useful to access services from anywhere. However, when authentication protocols require complex cryptography, implying costly mathematical operations, these devices may become inadequate because of their limited capabilities. This is in particular the case when the device must remain anonymous and unlinkable w.r.t. the service provider since it implies the use of complex cryptographic tools. In this presentation, I introduce the concept of serveraided cryptography for anonymity by adding a powerful intermediary which helps the restricted device in its cryptographic computations. I first give a general serveraided model in this setting, which model can be applied to several cryptographic tools: group, blind and ring signatures. I present the serveraided protocol for the zeroknowledge proof of knowledge of a generic discrete logarithms relations set. Then, I expose the best secure and efficient serveraided variants of several wellknown constructions 
October 29, 10:30  Protecting Circuits from ComputationallyBounded Leakage
by Sebastian Faust
Date:  October 29, 2009  10:30 
Location:  Room a.007, Euler Building (near Maxwell Building)
Avenue Georges Lemaître, 46  1348 LouvainlaNeuve 
Abstract:  Physical computational devices leak sidechannel information that may, and often does, reveal secret internal states. We present a general transformation that compiles any circuit into a device that maintains secrecy even in the presence of welldefined classes of sidechannel leakage. Our construction requires only a minimal leakproof component: one that draws random elements from a simple distribution. We thus reduce the problem of shielding arbitrary complex circuits to the problem of shielding a single simple component.
Our approach is based on modeling the adversary as a powerful observer that inspects the device via a "limited" measurement apparatus. We capture the notion of "limited" measurements using computational complexity classes, and our proofs of security rely on the hardness of certain functions for these classes. Thus, for example, AC0 lower bounds yield a construction that is resilient to any leakage that can be computed by constantdepth circuits. More generally, we give a generic composition theorem that shows how to build a provably secure devices of arbitrary complexity out of components that satisfy a simulatability condition. Several applications are shown.
In contrast to previous works, we allow the sidechannel leakage to depend on the whole state and on all the wires in the device, and to grow unbounded over time.
Joint work with Leonid Reyzin and Eran Tromer. 
See also: