Asiacrypt was held in Hanoi this year and was extremely well organised. There were quite a few papers about elliptic curves, and related areas such as post-quantum cryptography. It is worth noting that the talks were all streamed online and should eventually be able to be viewed on the IACR youtube channel.

The three invited talks were:

- Nadia Heninger “The Reality of Cryptographic Deployments on the Internet”.
Nadia described several bad implementations of finite field Diffie-Hellman key exchange, surveying work of several recent papers by many authors. She commented that finite field Diffie-Hellman is prevalent in practice partly due to concerns that elliptic curves might have US government trapdoors.

- Hoeteck Wee “Advances in Functional Encryption”
Hoeteck gave a wonderfully clear overview of functional encryption.

- Neal Koblitz “Cryptography in Vietnam in the French and American Wars”
Neal gave a fascinating historical talk, based on recent research by himself, the general chair Hieu Phan and others, and drawing on historical resources from museums in Hanoi and the writings of historians and former government employees. Neal emphasized the mathematical and cryptographical ingenuity of the Vietnamese people, as well as powerfully evoking the horrors of war and the heroism of certain individuals (both Vietnamese and American).

The best paper award went to Ilaria Chillotti, Nicolas Gama, Mariya Georgieva and Malika Izabachène for “Faster Fully Homomorphic Encryption: Bootstrapping in less than 0.1 Seconds”, which shows that homomorphic encryption (in this case the GSW scheme with packed ciphertexts, together with a bunch of clever new ideas) is gradually becoming closer to practicality. Here is a photo of the best paper award authors with the two program chairs (Tsyoshi Takagi on the left and Jung Hee Cheon on the right).

Some papers related to discrete logarithms and elliptic curves included:

- Palash Sarkar and Shashank Singh “A General Polynomial Selection Method and New Asymptotic Complexities for the Tower Number Field Sieve Algorithm”.
This work is relevant for assessing the security of pairing based cryptography, more details on this application can be found here.

- Steven D. Galbraith, Christophe Petit, Barak Shani and Yan Bo Ti “On the Security of Supersingular Isogeny Cryptosystems”
The paper contains several results about the (potentially post-quantum) isogeny-based key exchange and encryption protocols of De Feo, Jao and Plut.

- There was an entire session about ABE and IBE, containing papers that use pairings:
- Nuttapong Attrapadung “Dual System Encryption Framework in Prime-Order Groups via Computational Pair Encodings”
- Junqing Gong, Xiaolei Dong, Jie Chen and Zhenfu Cao “Efficient IBE with Tight Reduction to Standard Assumption in the Multi-challenge Setting”
- Melissa Chase, Mary Maller and Sarah Meiklejohn “Déjà Q All Over Again: Tighter and Broader Reductions of q-Type Assumptions”
- Shuichi Katsumata and Shota Yamada “Partitioning via Non-Linear Polynomial Functions: More Compact IBEs from Ideal Lattices and Bilinear Maps”

- Paz Morillo, Carla Ràfols and Jorge L. Villar “The Kernel Matrix Diffie-Hellman Assumption”
This talk is about relations between variants of the Diffie-Hellman problem.

- Ted Chinburg, Brett Hemenway, Nadia Heninger and Zachary Scherr “Cryptographic applications of capacity theory: On the optimality of Coppersmith’s method for univariate polynomials”
Ted Chinburg delivered a clear and interesting survey of “capacity theory” (a branch of arithmetic geometry/algebraic number theory) that is relevant to the analysis of Coppersmith’s technique for finding small solutions to polynomial equations. The authors hope these ideas will be useful in other contexts in cryptography/cryptanalysis.

Regarding the increased focus on post-quantum crypto there were talks on multivariate crypto (more efficient Multi-quadratic-polynomial signatures), lattices (Vadim Lyubashevsky presented a result about signatures based on ring-SIS in *any* ring and urged the audience to work on a much harder but more interesting problem relating to LWE in any ring) and code-based crypto (an adaptive attack on a decoding algorithm).

The rump session was chaired by me, and was thankfully short. The best and most entertaining talk was given by Pierre Karpman and Jerome Plut. The social activities included a Water Puppet show and a Vietnamese banquet with traditional music.

— Steven Galbraith