Keynote 1: Symmetric-Key Cryptography in Untrusted Environments

Speaker: Andrey Bogdanov (Technical University of Denmark; homepage)
Time: Wednesday, July 8, 9:30 – 10:30.


Traditionally, symmetric-key algorithms have been designed under the assumption that the computational environment is trustworthy. However, in the real world, computing bases can be compromised – e.g. due to malware, hardware Trojans, physical side channels, memory leakage, etc.
Among others, recent revelations by the former CIA employee and NSA contractor Edward Snowden confirm the existence of global mass surveillance programs run by the U.S. government. This much stronger adversary poses a novel challenge to cryptography and calls for countermeasures that are able to thwart such attacks or at least to limit the damage.

This talk consists of three parts. First, we give a survey on the existing countermeasures in grey-box and white-box settings, as opposed to the classical black-box setting. Second, we propose a framework for modelling the stronger attacker that can have substantial control over the execution environment, as applied to symmetric-key ciphers. Next, we analyse the residual security of existing primitives such as AES in this setting. Finally, we approach the design of new primitives that can provide more security in untrusted environments.


Keynote 2: Threshold implementations

Speaker: Vincent Rijmen (Katholieke Universiteit Leuven, Belgium; homepage)
Time: Wednesday, July 8, 15:30 – 16:20.


Side-channel attacks exploit weaknesses of the implementation of cryptographic transformations, rather than mathematical weaknesses of the transformations themselves. The attacks form a real threat to systems that are being used daily.

In the last two decades, several approaches have been proposed to achieve secure implementations.
Almost all these approaches have been proven to be unsuccessful because they start
from assumptions on hardware and software computing platforms that are too idealised.
In particular transient effects have been neglected.

We proposed the Threshold Implementation approach, which takes into account
the imperfections of current implementation technologies and still produces secure
implementations. Since the approach is based on multiparty computation techniques,
it is possible to formally prove the security.

In this talk, we first explain the threshold implementation approach. Subsequently we show its central security theorem. Finally, we present the most recent developments.


Keynote 3: Physical Side Channel Attacks on PCs

Speaker: Eran Tromer and Daniel Genkin (Tel Aviv University, Israel; homepage)
Time: Thursday, July 9, 9:30 – 10:20.


Can secret information be extracted from personal computers by measuring their physical properties from the outside? What would it take to extract whole keys from such fast and complex devices? We present myriads way to do so, including:

  • Acoustic key extraction, using microphones to record the high-pitched noise caused by vibration of electronic circuit components during decryption.
  • Electric key extraction exploiting fluctuations in the “ground” electric potential of computers. An attacker can measure this signal by touching the computer’s chassis, or the shield on the remote end of Ethernet, VGA or USB cables.
  • Electromagnetic key extraction, using a cheap radio to non-intrusively attack laptop computers.

The talk will discuss the cryptanalytic, physical and signal-processing principles of the attacks, and include live demonstrations.

Joint works with Adi Shamir, Lev Pachmanov and Itamar Pipman.

For further information see


Keynote 4: Researching Cryptography: Reflections on Theory versus Practice

Speaker: Keith Martin (Royal Holloway, University of London; homepage)
Time: Friday, July 10, 9:30 – 10:20.


For many centuries cryptography was a practical subject which was supported by very little background theory. The rise of computer networks and their applications has seen the importance of cryptography as a practical subject rise to the point that it is now an everyday technology. Alongside this cryptography has developed and, to an extent semi-matured, as a theoretical research area. But does the theory always match the practice, and vice versa? And does it matter? In this talk we reflect on these questions, while presenting a number of current research problems that are motivated by the application of cryptography to the real world (wherever that is).