This year’s CRYPTO took place between August 18th – 22nd and did not disappoint.
Given the many recent government surveillance revelations, there was a palpable sense of (and of course wholly good-natured) retaliation amongst some attendees. Along these lines, Cindy Cohn from the Electronic Frontier Foundation got the ball rolling on Monday with a very insightful invited talk `Crypto Wars Part 2 Have Begun’. Then, rather miraculously, there were sightings of a couple of very unexpected guests (here and here). This undercurrent peaked with a display of some serious musical talent at the rump session (see here and here), which was excellently chaired by DJB and TL.
On the elliptic curve crypto front, beyond a handful of papers utilising pairings, there were only a few directly relevant results. In the session on number theoretic hardness, Carla Rafols presented the paper `An Algebraic Framework for Diffie-Hellman Assumptions’ (joint work with Alex Escala, Gottfried Herold, Eike Kiltz and Jorge Villar), which analysed the various decisional problems associated with (symmetric) bilinear groups, in a unified manner. Irippuge Milinda Perera presented the paper `Hard-Core Predicates for a Diffie-Hellman Problem over Finite Fields’ (joint work with Nelly Fazio, Rosario Gennaro and William E. Skeith III), which proved (amongst other things) that every bit of the elliptic curve DHP is hard-core. And at the risk of breaking this blog’s rule against flagrant self-promotion, I presented the paper `On the Function Field Sieve and the Impact of Higher Splitting Probabilities’ (joint work with Faruk Gologlu, Gary McGuire and Jens Zumbragel), which has a direct bearing on the security of small characteristic pairing-based crypto (as is well documented in this blog), and which was selected for the best paper award.
In the rump session, Francisco Rodríguez-Henríquez briefly presented the new paper `Weakness of GF((3^6)^509) for Discrete Logarithm Cryptography’ (joint work with Gora Adj, Alfred Menezes and Thomaz Oliveira), which assesses the concrete security when using the new DLP algorithms due to Joux and Barbulescu-Gaudry-Joux-Thome. Instead of being 128-bit secure (or 103-bit secure according to the analysis of Shinohara et al.), they showed that it only has about 73 bits of security. Interestingly, the presumed 128-bit secure binary field GF((2^4)^1223) may not be weakened by these methods.
NIST’s John Kelsey also spoke very briefly about their new Digital Signature Standard FIPS 186-4 and some other updated documents.
— Rob Granger