Kangacrypt 2018
Australian Workshop on Offensive Cryptography
Adelaide, Australia, 7–9 December, 2018


Information for the excursion.
Published list of accepted papers.
Registration site open.


Friday 7 December

9:00 Registration
9:30 Invited talk: Nadia Heninger—Biased nonce sense: Lattice attacks against weak ECDSA signatures in the wild
10:30 Coffee break

Attack on Kayawood protocol: uncloaking private keys (Matvei Kotov, Anton Menshov and Alexander Ushakov)

Pseudo Constant Time Implementations of TLS Are Only Pseudo Secure (Eyal Ronen, Kenny Paterson and Adi Shamir)

Practical state recovery attacks against legacy RNG implementations (Shaanan Cohney, Matthew D. Green and Nadia Heninger)

2:00 Invited talk: Thomas Peyrin—From Collisions to Chosen-Prefix Collisions: Application to Full SHA-1
3:00Coffee break

RAPPER: Ransomware Prevention via Performance Counters (Manaar Alam, Sayan Sinha, Sarani Bhattacharya, Swastika Dutta, Debdeep Mukhopadhyay and Anupam Chattopadhyay)

Invited talk: Mehdi Tibouchi—LWE without Modular Reduction and Improved Side-Channel Attacks against BLISS

Later Workshop Dinner

Saturday 8 December

9:30 Invited talk: Steven Galbraith—Isogeny cryptography: strengths, weaknesses and challenges
10:30Coffee break

A note on the security of CSIDH (Jean-François Biasse, Annamaria Iezzi and Michael Jacobson)

Practical Fault Injection Attacks on SPHINCS (Aymeric Genet, Matthias J. Kannwischer, Hervé Pelletier and Andrew Mcc Lauchlan)

Sensorless, Permissionless Information Exfiltration with Wi-Fi Micro-jamming (Rom Ogen, Omer Shwartz, Kfir Zvi and Yossi Oren)

2:00 Invited talk: Debdeep Mukhopadhyay—Automation of Fault Analysis
3:00Coffee break

Quiescent Photonics Side Channel Analysis: Low Cost sRAM Readout Attack (Mustafa Faraj and Catherine Gebotys)

The 9 Lives of Bleichenbacher's CAT: New Cache ATtacks on TLS Implementations (Eyal Ronen, Robert Gillham, Daniel Genkin, Adi Shamir, David Wong, and Yuval Yarom)

Side-channel Analysis: Do Convolutional Neural Networks Come to the Rescue (Stjepan Picek, Jaehun Kim, Shivam Bhasin, Annelie Heuser and Ioannis Petros Samiotis)

Sunday 9 December

Touring the Adelaide Hills.

Important Dates

Submissions: 15 Jun 2018
Submissions: 25 Jun 2018
23:59 Anywhere on Earth   
Notification: 15 Aug 2018
Notification: 31 Aug 2018
Final version: 30 Sep 2018
Final version:15 Oct 2018

Other Events

Invited Talks

Steven Galbraith: Isogeny cryptography: strengths, weaknesses and challenges

Abstract: Isogeny-based cryptography is a candidate for post-quantum cryptography. It was first suggested by Couveignes, Charles-Goren-Lauter and Rostovtsev-Stolbunov, and received a major boost with the work of Jao and de Feo. Currently it is a very active area of research. This talk will give a brief overview of post-quantum cryptography and isogeny-based cryptography. I will discuss some of the strengths and weaknesses of isogeny-based crypto, and mention a number of open problems.

Nadia Heninger: Biased nonce sense: Lattice attacks against weak ECDSA signatures in the wild

Debdeep Mukhopadhyay: Automation of Fault Analysis

Abstract: Differential Fault Analysis (DFA) is a powerful attack tool for block ciphers. Starting from its conception around 1997 to the present day, the powerful attack tool has been used to develop efficient key retrieval methodologies for cryptographic implementations. This talks looks at the DFA developed for block ciphers like AES and addresses the question, is it possible to automate such attacks? Automation in this context is essential as the trend of developing precisely engineered ciphers is growing day by day. to To answer this question the talk discusses two approaches taken by us. The first tool, called EXPFault, is a data-mining based approach to develop an average case analysis on a graphical model of a block cipher. In the second part of the talk, we describe a machine learning based approach to speed up determination of DFA feasibilities in the worst case scenario for the designer. Both the tools are complementary and leads to new DFA resistance insights for block ciphers which were not reported previously in reported literature.

Bio:Bio: Debdeep Mukhopadhyay} is currently a full Professor at the Department of Computer Science and Engineering, IIT-Kharagpur, India. At IIT Kharagpur he initiated the Secured Embedded Architecture Laboratory (SEAL), with a focus on Embedded Security and Side Channel Attacks (http://cse.iitkgp.ac.in/resgrp/seal/) . Prior to this he worked as Associate Professor at IIT Kharagpur, visiting scientist at NTU Singapore, a visiting Associate Professor of NYU-Shanghai, Assistant Professor at IIT-Madras, and as Visiting Researcher at NYU Tandon-School-of-Engineering, USA. He holds a PhD, an MS, and a B. Tech from IIT Kharagpur, India. Dr. Mukhopadhyay's research interests are Cryptography, Hardware Security, and VLSI. His books include Fault Tolerant Architectures for Cryptography and Hardware Security (Springer), Cryptography and Network Security (Mc Graw Hills), Hardware Security: Design, Threats, and Safeguards (CRC Press), and Timing Channels in Cryptography (Springer). He has written more than 150 papers in peer-reviewed conferences and journals and has collaborated with several Indian and Foreign Organizations. He has been in the program committee of several top International conferences and is an Associate Editor of the International Association of Cryptologic Research (IACR) Transactions of CHES, Journal of Hardware and Systems Security, Journal of Cryptographic Engineering, Springer. He has given several invited talks in industry and academia, including tutorial talks at premier conferences like CHES, WIFS, VLSID. Dr. Mukhopadhyay is the recipient of the prestigious Swarnajayanti DST Fellowship 2015-16, Young Scientist award from the Indian National Science Academy, the Young Engineer award from the Indian National Academy of Engineers, and is a Young Associate of the Indian Academy of Science. He was also awarded the Outstanding Young Faculty fellowship in 2011 from IIT Kharagpur, and the Techno-Inventor Best PhD award by the Indian Semiconductor Association. He has recently incubated a start-up on Hardware Security, ESP Pvt Ltd at IIT Kharagpur (http://esp-research.com/).

Thomas Peyrin: From Collisions to Chosen-Prefix Collisions: Application to Full SHA-1

Abstract: A chosen-prefix collision attack for a hash function is a stronger variant of a collision attack, where an arbitrary pair of challenge prefixes are turned into a collision. Chosen-prefix collisions are usually significantly harder to produce than (identical-prefix) collisions, but the practical impact of such an attack is much larger. While many cryptographic constructions rely on collision-resistance for their security proofs, collision attacks are hard to turn into break of concrete protocols, because the adversary has a limited control over the colliding messages. On the other hand, chosen-prefix collisions have been shown to break certificates (by creating a rogue CA) and many internet protocols (TLS, SSH, IPsec). In this talk, we will show new techniques to turn collision attacks into chosen-prefix collision attacks, and we will apply them on SHA-1. In particular, we will present a chosen-prefix collision attack against full SHA-1 with complexity much smaller than 2^70 computations, only within a small factor of the complexity of the recent collision attack (estimated as 2^64.7). This represents yet another warning that industries and users have to move away from using SHA-1 as soon as possible. This is a joint work with Gaëtan Leurent.

Bio: Thomas PEYRIN received his engineer M.S. in 2004 from CPE Lyon and specialized in theoretical computer science at the Ecole Polytechnique in France. He completed in 2008 a doctorate in cryptography at Orange Labs, formerly known as France Telecom, during which he was awarded the Japan Society for the Promotion of Science (JSPS) grant. He previously worked as a Cryptography Expert at Ingenico (the world leader in payment solutions) and as a Research Fellow at the School of Physical and Mathematical Sciences of Nanyang Technological University in Singapore under the Singapore Lee Kuan Yew Postdoctoral Fellowship. He was appointed Nanyang Assistant Professor in 2012 under the Singapore NRF fellowship, and Associate Professor at NTU in 2017.

Mehdi Tibouchi: LWE without Modular Reduction and Improved Side-Channel Attacks against BLISS

Abstract: The rejection sampling step in the BLISS signature scheme leaks two values related to the signing key through side-channels: a exact, quadratic function of the secret key, and a linear but noisy function. At CCS 2017, Espitau et al. described a key recovery attack targeting the quadratic part, and noted that the linear part would yield a simpler, more efficient attack if it were not for the noise, which turns key recovery into a high-dimensional LWE-type learning problem.

In this talk, we revisit that observation, and point out in particular that the learning problem arising in this way involves no modular reduction, which makes it conisiderably easier than usual LWE. In fact, we analyze the LWE problem without modular reduction, and show that it can be solved efficiently using linear regression in most parameter ranges. This yields an improved side-channel attack on BLISS, which applies to 100% of secret keys (as opposed to 7% in the CCS paper) and is also considerably faster.

The talk will also cover newer attacks along the same lines breaking other parts of BLISS signature generation, and showing that it is hard to securely implement the rejection sampling step in constant time.

This is joint work with J. Bootle, C. Delaplace, T. Espitau and P.-A. Fouque.

Bio: An alumni of ENS (Paris, France), Mehdi Tibouchi obtained his Ph.D. in computer science from Univ. Paris VII and Univ. Luxembourg in 2011. He is now distinguished researcher at NTT Corporation (Tokyo, Japan) and guest associate professor at Kyoto University (Kyoto, Japan). His research interests cover various mathematical aspects of public-key cryptography and cryptanalysis.