COSIC: the first 35 years of cryptology research in Leuven 1.
-
Upload
britney-walton -
Category
Documents
-
view
217 -
download
0
Transcript of COSIC: the first 35 years of cryptology research in Leuven 1.
![Page 1: COSIC: the first 35 years of cryptology research in Leuven 1.](https://reader034.fdocuments.in/reader034/viewer/2022051315/56649e605503460f94b5ab62/html5/thumbnails/1.jpg)
COSIC: the first 35 years of cryptology research in Leuven
http://www.esat.kuleuven.be/cosic
1
![Page 2: COSIC: the first 35 years of cryptology research in Leuven 1.](https://reader034.fdocuments.in/reader034/viewer/2022051315/56649e605503460f94b5ab62/html5/thumbnails/2.jpg)
Thanks
2
![Page 3: COSIC: the first 35 years of cryptology research in Leuven 1.](https://reader034.fdocuments.in/reader034/viewer/2022051315/56649e605503460f94b5ab62/html5/thumbnails/3.jpg)
Outline
• Crypto 101• COSIC: a brief overview• COSIC: some success stories
3
Life can only be understood backwards; but it must be lived forwards.Soren Kierkegaard
![Page 4: COSIC: the first 35 years of cryptology research in Leuven 1.](https://reader034.fdocuments.in/reader034/viewer/2022051315/56649e605503460f94b5ab62/html5/thumbnails/4.jpg)
COMSEC
COMSEC
4
![Page 5: COSIC: the first 35 years of cryptology research in Leuven 1.](https://reader034.fdocuments.in/reader034/viewer/2022051315/56649e605503460f94b5ab62/html5/thumbnails/5.jpg)
Cryptography for COMSEC
5
![Page 6: COSIC: the first 35 years of cryptology research in Leuven 1.](https://reader034.fdocuments.in/reader034/viewer/2022051315/56649e605503460f94b5ab62/html5/thumbnails/6.jpg)
COMPUSEC
• data at rest:– hard disk– database– USB/memory card– mobile devices
• secure execution– TPM– Trusted Execution Technology (TXT)– ARM TrustZone
6
![Page 7: COSIC: the first 35 years of cryptology research in Leuven 1.](https://reader034.fdocuments.in/reader034/viewer/2022051315/56649e605503460f94b5ab62/html5/thumbnails/7.jpg)
COM(PU)SEC
7
![Page 8: COSIC: the first 35 years of cryptology research in Leuven 1.](https://reader034.fdocuments.in/reader034/viewer/2022051315/56649e605503460f94b5ab62/html5/thumbnails/8.jpg)
Crypto hardware (1965-…)
8
CrypTecho1984
![Page 9: COSIC: the first 35 years of cryptology research in Leuven 1.](https://reader034.fdocuments.in/reader034/viewer/2022051315/56649e605503460f94b5ab62/html5/thumbnails/9.jpg)
Crypto software (1990-…)
9
Utimaco o 1992
![Page 10: COSIC: the first 35 years of cryptology research in Leuven 1.](https://reader034.fdocuments.in/reader034/viewer/2022051315/56649e605503460f94b5ab62/html5/thumbnails/10.jpg)
Crypto “everywhere”
continuum between software and hardware• ASIC (microcode)• FPGA • fully programmable processor • Intel NI instruction
everything is always connected everywhere
10
![Page 11: COSIC: the first 35 years of cryptology research in Leuven 1.](https://reader034.fdocuments.in/reader034/viewer/2022051315/56649e605503460f94b5ab62/html5/thumbnails/11.jpg)
Challenges for cryptography
• security for 50-100 years• authenticated encryption of Terabit networks• ultra-low power/footprint
secure software and hardware
implementations
secure software and hardware
implementations
algorithm agility
cost
performance security11
![Page 12: COSIC: the first 35 years of cryptology research in Leuven 1.](https://reader034.fdocuments.in/reader034/viewer/2022051315/56649e605503460f94b5ab62/html5/thumbnails/12.jpg)
Challenges for cryptography
12
![Page 13: COSIC: the first 35 years of cryptology research in Leuven 1.](https://reader034.fdocuments.in/reader034/viewer/2022051315/56649e605503460f94b5ab62/html5/thumbnails/13.jpg)
Shifting power balance?
government
citizen
companies
government
citizen
companies13
![Page 14: COSIC: the first 35 years of cryptology research in Leuven 1.](https://reader034.fdocuments.in/reader034/viewer/2022051315/56649e605503460f94b5ab62/html5/thumbnails/14.jpg)
Architecture is politicsthere are choices to be made in our architectures
full trust in a central server with all our data is not compatible with a robust democracy
• privacy by design: – focus on technology rather than processes and
organizational measures– data minimization
privacy is a security property
14
![Page 15: COSIC: the first 35 years of cryptology research in Leuven 1.](https://reader034.fdocuments.in/reader034/viewer/2022051315/56649e605503460f94b5ab62/html5/thumbnails/15.jpg)
Distributed cryptography: more security and more privacy
• data can be centralized but in protected (encrypted) form - still allows limited processing
• data can be stored and processed locally– example: road pricing
15
![Page 16: COSIC: the first 35 years of cryptology research in Leuven 1.](https://reader034.fdocuments.in/reader034/viewer/2022051315/56649e605503460f94b5ab62/html5/thumbnails/16.jpg)
Outline
• Crypto 101• COSIC: a brief overview• COSIC: some success stories
16
![Page 17: COSIC: the first 35 years of cryptology research in Leuven 1.](https://reader034.fdocuments.in/reader034/viewer/2022051315/56649e605503460f94b5ab62/html5/thumbnails/17.jpg)
Academic research in cryptology: 1975
Hellman was drawn to coding despite discouragement from almost all of his Stanford colleagues. "They told me I was crazy," Hellman said. "Their arguments were valid: How could I hope to discover anything that the NSA […] didn’t already know? And they classified everything so highly that if we came up with anything good, they'd classify it.”
Shamir-Rivest-Adleman Rivest-Shamir-Adleman
Merkle Hellman Diffie
17
![Page 18: COSIC: the first 35 years of cryptology research in Leuven 1.](https://reader034.fdocuments.in/reader034/viewer/2022051315/56649e605503460f94b5ab62/html5/thumbnails/18.jpg)
COSIC (o 1978)
18
![Page 19: COSIC: the first 35 years of cryptology research in Leuven 1.](https://reader034.fdocuments.in/reader034/viewer/2022051315/56649e605503460f94b5ab62/html5/thumbnails/19.jpg)
COSIC: graduation of first 7 PhD students
00.20.40.60.8
11.21.41.61.8
2
1984 1986 1988 1990 1992 1994 1996 1998
19
![Page 20: COSIC: the first 35 years of cryptology research in Leuven 1.](https://reader034.fdocuments.in/reader034/viewer/2022051315/56649e605503460f94b5ab62/html5/thumbnails/20.jpg)
COSIC: 66 graduated PhD students
0
2
4
6
8
10
12
1984 1988 1992 1996 2000 2004 2008 2012
20
![Page 21: COSIC: the first 35 years of cryptology research in Leuven 1.](https://reader034.fdocuments.in/reader034/viewer/2022051315/56649e605503460f94b5ab62/html5/thumbnails/21.jpg)
COSIC international PhD students
source destination source + destination
21
![Page 22: COSIC: the first 35 years of cryptology research in Leuven 1.](https://reader034.fdocuments.in/reader034/viewer/2022051315/56649e605503460f94b5ab62/html5/thumbnails/22.jpg)
COSIC European PhD students
source destination source + destination
22
![Page 23: COSIC: the first 35 years of cryptology research in Leuven 1.](https://reader034.fdocuments.in/reader034/viewer/2022051315/56649e605503460f94b5ab62/html5/thumbnails/23.jpg)
Initial research (1980)
• partial cryptanalysis of knapsack system• DES: identifying properties • DES: hardware and software • hash functions and MAC algorithms
23
![Page 24: COSIC: the first 35 years of cryptology research in Leuven 1.](https://reader034.fdocuments.in/reader034/viewer/2022051315/56649e605503460f94b5ab62/html5/thumbnails/24.jpg)
Eurocrypt’89 - Houthalen
FSE’94, CMS’99, Eurocrypt’00, FSE’02, FSE ’08, ESORICS’10, CHES’12 24
![Page 25: COSIC: the first 35 years of cryptology research in Leuven 1.](https://reader034.fdocuments.in/reader034/viewer/2022051315/56649e605503460f94b5ab62/html5/thumbnails/25.jpg)
RIPE project: open competition
RIPE: RACE Integrity Primitives EvaluationWas: RACE Authentication Primitives Evaluation
• CWI• Siemens• KPN• Philips Research• Aarhus University• KU Leuven
25
![Page 26: COSIC: the first 35 years of cryptology research in Leuven 1.](https://reader034.fdocuments.in/reader034/viewer/2022051315/56649e605503460f94b5ab62/html5/thumbnails/26.jpg)
Outline
• Crypto 101• COSIC: a brief overview• COSIC: some success stories
26
![Page 27: COSIC: the first 35 years of cryptology research in Leuven 1.](https://reader034.fdocuments.in/reader034/viewer/2022051315/56649e605503460f94b5ab62/html5/thumbnails/27.jpg)
AES competition (1997-2001)K
ey S
ched
ule
round
.....
round
round
round
S S S S S S S S S S S S S S S S
S S S S S S S S S S S S S S S SMixColumns MixColumns MixColumns MixColumns
Joan Daemen and Vincent Rijmen
27
![Page 28: COSIC: the first 35 years of cryptology research in Leuven 1.](https://reader034.fdocuments.in/reader034/viewer/2022051315/56649e605503460f94b5ab62/html5/thumbnails/28.jpg)
A stick figure guide to AES
http://www.moserware.com/2009/09/stick-figure-guide-to-advanced.html
28
![Page 29: COSIC: the first 35 years of cryptology research in Leuven 1.](https://reader034.fdocuments.in/reader034/viewer/2022051315/56649e605503460f94b5ab62/html5/thumbnails/29.jpg)
AES Crib Sheet
29
![Page 30: COSIC: the first 35 years of cryptology research in Leuven 1.](https://reader034.fdocuments.in/reader034/viewer/2022051315/56649e605503460f94b5ab62/html5/thumbnails/30.jpg)
AES mathematics
30
![Page 31: COSIC: the first 35 years of cryptology research in Leuven 1.](https://reader034.fdocuments.in/reader034/viewer/2022051315/56649e605503460f94b5ab62/html5/thumbnails/31.jpg)
Applied Discrete Algebra
31
Sommigen kennen wellicht het Nederlandse lied : “Wat heb ik nou aan algebra, nu ik voor de keuze sta…"
Algebra is generous; she often gives more than is asked of her.Jean Le Rond d'Alembert (1717-1783)
![Page 32: COSIC: the first 35 years of cryptology research in Leuven 1.](https://reader034.fdocuments.in/reader034/viewer/2022051315/56649e605503460f94b5ab62/html5/thumbnails/32.jpg)
AES Success
• FIPS 197 published Nov. 6, 2001, effective May 26 2002• mandatory for sensitive US govt. information
• fast adoption in the market– NIST validation list: 2621 implementations
• http://csrc.nist.gov/groups/STM/cavp/documents/aes/aesval.html
– thousands of products: pc, tablet, smartphone, wifi,…– rather slower adoption in financial sector
• 2003: AES-128 also for classified information and AES-192/-256 for secret and top secret information!
• 2010: Intel instruction AES-NI (and AMD follows)
Adi Shamir: AES may well be the last block cipher32
![Page 33: COSIC: the first 35 years of cryptology research in Leuven 1.](https://reader034.fdocuments.in/reader034/viewer/2022051315/56649e605503460f94b5ab62/html5/thumbnails/33.jpg)
Cryptanalysis of Keeloq (August 2007)
August 2007: first practical attack by
COSIC, Technion, Hebrew Univ.
• 1 hour access to device; 1 day on 100 PCs
• may be sufficient to find master key
• block cipher with 32-bit block length and 64-bit key• market share of 80% as car immobilizer• also to open garage doors
33
![Page 34: COSIC: the first 35 years of cryptology research in Leuven 1.](https://reader034.fdocuments.in/reader034/viewer/2022051315/56649e605503460f94b5ab62/html5/thumbnails/34.jpg)
Belgian eID card (1999-)
• Identity file– Chip-specific:
• Chip number
– Citizen-specific:• Name• First 2 names• First letter of 3rd first name• RRN identification number• Nationality• Birth location and date• Gender• Noble condition• Special status• SHA-1 hash of citizen photo
– Card-specific:• Card number• Validity’s begin and end date• Card delivery municipality• Document type
• Digital signature on identity file issued by RRN
• Citizen’s main address file– Street + number– Zip code– Municipality
• Digital signature on main address issued by RRN
• Citizen’s JPEG photo ~3 Kbyte
None, white cane (blind people), yellow None, white cane (blind people), yellow cane (partially sighted people), extended cane (partially sighted people), extended minority, any combinationminority, any combination
Belgian citizen, EU citizen, non-EU citizen, Belgian citizen, EU citizen, non-EU citizen, bootstrap card, habilitation/authorization cardbootstrap card, habilitation/authorization card
King, Prince, Count, Earl, Baron,…King, Prince, Count, Earl, Baron,…
34
![Page 35: COSIC: the first 35 years of cryptology research in Leuven 1.](https://reader034.fdocuments.in/reader034/viewer/2022051315/56649e605503460f94b5ab62/html5/thumbnails/35.jpg)
BeVote: Belgian local elections (2007-2008)
35
• October 2012• 15,000 computers• 3 million voters
![Page 36: COSIC: the first 35 years of cryptology research in Leuven 1.](https://reader034.fdocuments.in/reader034/viewer/2022051315/56649e605503460f94b5ab62/html5/thumbnails/36.jpg)
36
BeVote: Belgian local elections 2012
![Page 37: COSIC: the first 35 years of cryptology research in Leuven 1.](https://reader034.fdocuments.in/reader034/viewer/2022051315/56649e605503460f94b5ab62/html5/thumbnails/37.jpg)
37
flexible: easy change easy computation business advantage: data
mining and new services
privacy invasive: tracking third parties (legal
implications)
GPS
Insurance company
Full GPS Data
Poor GPS Data + bill
Post
Current modelinsurance pricing – road pricing – smart grid
![Page 38: COSIC: the first 35 years of cryptology research in Leuven 1.](https://reader034.fdocuments.in/reader034/viewer/2022051315/56649e605503460f94b5ab62/html5/thumbnails/38.jpg)
GPS
Privacy by design (2008-…) insurance pricing – road pricing – smart grid
Insurance company
Minimum billing data
Policy changes
USB stick
Encrypted GPS data
Post
Bill
• privacy friendly• third parties do not carry personal data
38
flexible: easy change moderate computation Low cost
![Page 39: COSIC: the first 35 years of cryptology research in Leuven 1.](https://reader034.fdocuments.in/reader034/viewer/2022051315/56649e605503460f94b5ab62/html5/thumbnails/39.jpg)
Device fingerprinting much more prevalent than believed (2013)
• control of cookies• Do-Not-Track Extension• but browser is unique: version, screen size, fonts
• 1.5% of the 10,000 top websites track based on Flash• 404 out of the top 1 million sites track based on fonts• Do-Not-Track Extension is ignored• TOR users can be tracked• 12 new tracking providers identified
G. Acar, M. Juarez, C. Diaz, S. Guerses, B. Preneel, N. Nikiforakis, F. Piessens, FPDetective: Dusting the Web for Fingerprinters, ACM CCS 2012
39
![Page 40: COSIC: the first 35 years of cryptology research in Leuven 1.](https://reader034.fdocuments.in/reader034/viewer/2022051315/56649e605503460f94b5ab62/html5/thumbnails/40.jpg)
COSIC - Research
Fundamental research in discrete mathematics
Cryptographic algorithms: design and cryptanalysisCryptographic algorithms: design and cryptanalysis
Cryptographic protocols: design and cryptanalysisCryptographic protocols: design and cryptanalysis
Efficient and secure implementations
number theoretic algorithms, Boolean functions, secure multi-party computation, secret sharing
block ciphers, stream ciphers, hash functions, MAC algorithms, (hyper)-elliptic curve cryptographye.g.: AES, RIPEMD-160, HAMSI, Trivium
block ciphers, stream ciphers, hash functions, MAC algorithms, (hyper)-elliptic curve cryptographye.g.: AES, RIPEMD-160, HAMSI, Trivium
entity authentication, credentials, oblivious transfer, secure meteringentity authentication, credentials, oblivious transfer, secure metering
• software: block ciphers, point counting algorithms• hardware: FPGA and ASIC• side-channel attacks: power, timing, and electromagnetic analysis, fault attacks
• software: block ciphers, point counting algorithms• hardware: FPGA and ASIC• side-channel attacks: power, timing, and electromagnetic analysis, fault attacks
40
![Page 41: COSIC: the first 35 years of cryptology research in Leuven 1.](https://reader034.fdocuments.in/reader034/viewer/2022051315/56649e605503460f94b5ab62/html5/thumbnails/41.jpg)
COSIC - Applications
Creating electronic equivalent of the real world:
electronic payments and commerce e-government: electronic ID card, e-voting car telematics e-health and medical devices smart grids cloud computing social networks
41
![Page 42: COSIC: the first 35 years of cryptology research in Leuven 1.](https://reader034.fdocuments.in/reader034/viewer/2022051315/56649e605503460f94b5ab62/html5/thumbnails/42.jpg)
Conclusions
• starting from discrete algebra• gaining from Moore’s law• vertical approach driven by (civilian) applications• conflicting interests: diplomacy needed
42
Life can only be understood backwards; but it must be lived forwards.Soren Kierkegaard
Ad Multos Annos
![Page 43: COSIC: the first 35 years of cryptology research in Leuven 1.](https://reader034.fdocuments.in/reader034/viewer/2022051315/56649e605503460f94b5ab62/html5/thumbnails/43.jpg)
NIST hash function competition (SHA-3)
SHA-3: 224, 256, 384, and 512-bit message digests
6451
145 1
0
20
40
60
80
Q4/08 Q3/09 Q4/10
round 1 round 2 final
Call: 02/11/07
Deadline (64): 31/10/08
Round 1 (51): 09/12/08
Round 2 (14): 24/7/09
Final (5): 10/12/10
Selection: 02/10/12
Q4/12
43
![Page 44: COSIC: the first 35 years of cryptology research in Leuven 1.](https://reader034.fdocuments.in/reader034/viewer/2022051315/56649e605503460f94b5ab62/html5/thumbnails/44.jpg)
44
The Candidates (credit: C. De Cannière)
44
![Page 45: COSIC: the first 35 years of cryptology research in Leuven 1.](https://reader034.fdocuments.in/reader034/viewer/2022051315/56649e605503460f94b5ab62/html5/thumbnails/45.jpg)
45
Preliminary Cryptanalysis
Slide credit: Christophe De Cannière45
![Page 46: COSIC: the first 35 years of cryptology research in Leuven 1.](https://reader034.fdocuments.in/reader034/viewer/2022051315/56649e605503460f94b5ab62/html5/thumbnails/46.jpg)
46
End of Round 1 Candidates
a
Slide credit: Christophe De Cannière46
![Page 47: COSIC: the first 35 years of cryptology research in Leuven 1.](https://reader034.fdocuments.in/reader034/viewer/2022051315/56649e605503460f94b5ab62/html5/thumbnails/47.jpg)
47
Round 2 Candidates
a
Slide credit: Christophe De Cannière47
![Page 48: COSIC: the first 35 years of cryptology research in Leuven 1.](https://reader034.fdocuments.in/reader034/viewer/2022051315/56649e605503460f94b5ab62/html5/thumbnails/48.jpg)
48
Round 3 candidates
a
Slide credit: Christophe De Cannière48
![Page 49: COSIC: the first 35 years of cryptology research in Leuven 1.](https://reader034.fdocuments.in/reader034/viewer/2022051315/56649e605503460f94b5ab62/html5/thumbnails/49.jpg)
49
Winner: Keccak
permutation: 25, 50, 100, 200, 400, 800, 1600
![Page 50: COSIC: the first 35 years of cryptology research in Leuven 1.](https://reader034.fdocuments.in/reader034/viewer/2022051315/56649e605503460f94b5ab62/html5/thumbnails/50.jpg)
COSIC today
• 4 +1 full-time professors• 15 postdocs• 36 researchers• 3 support staff• 5 visitors
• …and 20 nationalities
50