In co-operation with IACR

16th IMA International Conference on Cryptography and Coding

12 – 14 December 2017, St Catherine’s College, University of Oxford


Invited Speakers







A Decade of Direct Anonymous Attestation - From Research to Standard to Research

Jan Camenisch

Abstract: Direct Anonymous Attestation (DAA) is a protocol that allows a security chip embedded in a platform such as laptop to authenticate itself as a genuine chip.  Different authentications are not linkeable, thus the protocol protects the privacy of the platform. The first DAA protocol was proposed by Brickell et al. and was standardized in 2004 by the Trusted Computing Group (TCG). Implementations of this protocols were rather slow because it is based on RSA. Later, alternative and faster protocols were proposed based on elliptic curves. Recently the specification by the TCG was updated to allow for DAA protocols based on elliptic curves. Unfortunately, the new standard does not allow for provably secure DAA protocols. In this talk, we will review some of the history of DAA and  then discuss the latest protocols, security models, and finally a provably secure realization of DAA based on elliptic curves.

Bio: Jan Camenisch is a Principal Research Staff Member at IBM Research - Zurich and leads the Privacy & Cryptography research team. He's a member of the IBM Academy of Technology and a Fellow of IACR and IEEE. He is a leading scientist in the area of privacy and cryptography, has published over 100 widely cited papers, and has received a number of awards for his work, including the 2010 ACM SIGSAC outstanding innovation award and the 2013 IEEE computer society technical achievement award. Jan is also a co-inventor of Identity Mixer, a unique cryptographic protocol suite for privacy-preserving authentication and transfer of certified attributes. Jan previously led the FP7 European research consortia PRIME and PrimeLife, and he and his team participated in many other projects including ABC4Trust, AU2EU, and Witdom. Jan currently holds an Advanced ERC grant for "Personal Cryptography".


A journey in the land of (hash-and-sign) lattice-based signatures

Thomas Prest

Abstract:In lattice-based cryptography, secure signatures have been notoriously harder to obtain than their encryption schemes counterparts, due to challenges specific to lattices. In the first part of the talk, I will present the early schemes, devastating attacks against them and how provably secure solutions were later provided in both the Fiat-Shamir and the hash-and-sign paradigms.

The second part of the talk will focus on lattice-based signatures in the hash-and-sign paradigm. The first theoretic framework was proposed in 2008, and the NIST call for post-quantum cryptographic schemes closed the 30th November 2017. Turning this framework into practical schemes during this nine-year period has presented a number of operational issues. I will present these issues, methods for addressing them and will conclude with the presentation of a signature scheme.

Bio: Thomas Prest is a cryptography engineer at Thales Communications & Security since 2016. He received his PhD in computer science from the Ecole Normale Supérieure in 2015.


Quantum Safe Cryptography from Codes: Present and Future

Nicolas Sendrier

Abstract: Code-based cryptography is one among a few techniques that allow secure post-quantum asymmetric schemes. Historically, the first of them is a public-key encryption scheme proposed by McEliece in 1978 which, after almost forty years, stands essentially unbroken.

Still, the practice of code-based cryptography has been facing some challenges. The first of these challenges is the reduction of the key size. In the past decade various proposal were made, mostly using quasi-cyclic codes, to reduce the key size leading today to rather efficient key exchange mechanisms whose security lies on strong assumptions from coding theory. The most notable use QC-MDPC (Quasi-Cyclic Moderate Density Parity Check) codes and are secure as long as decoding and finding low weight words in an arbitrary quasi-cyclic code is hard.

Another important challenge of code-based cryptography has been the design of efficient digital signature schemes. Until recently the situation was somewhat uneasy. The CFS proposal derives from the McEliece scheme and uses the Full Domain Hash (FDH) approach. However, it scales poorly and is hardly usable for parameters safe against a quantum adversary. It is also possible to sign from Stern's Zero-Knowledge protocol, using Fiat-Shamir's paradigm, but this leads to signatures of very large size, and the situation gets even worse in the quantum setting. Fortunately, a new FDH-type signature was recently proposed which uses approximation rather than decoding. This signature 
scheme scales rather well and, even against quantum adversaries, features a tight security reduction to hard coding theory problems.

Those recent advances come very timely in view of the current NIST initiative for standardization of quantum safe public-key cryptography. They put code-based cryptography in a position to propose a full and credible suite of public-key primitives whose security against a quantum adversary reduces to hard problem from coding theory.




Fully Homomorphic Encryption, recent constructions and open problems.

Daniele Micciancio

Abstract: Fully Homomorphic Encryption (FHE) allows to perform arbitrary computations on encrypted data, and is one of the most advanced applications of lattice cryptography. In this talk I will give an overview of the current landscape of FHE schemes, focusing on the most recent constructions. I will then move to describe the main open problems in the area: improving the efficiency of current constructions, and avoiding the need to make circular security assumptions.



This conference is supported by SAFEcrypto