4 April 2025, Università della Svizzera italiana
·Program
| 10:00-10:30 | Registrations & Welcome Coffee | |
| 10:30-10:35 | Opening Remarks | |
| 10:35-12:05 | Session 1 | |
| 10:35-11:05 | Guillaume Endignoux (Google) | |
| Post Quantum Cryptography in Tink Tink is a multi-language, cross-platform, open source library that provides secure and easy-to-use cryptographic APIs, created and maintained by cryptographers and security engineers at Google (https://developers.google.com/tink). In this talk, we will discuss how we are approaching the transition to post-quantum cryptography in Tink. In particular, we’ll see how the baked-in key rotation architecture enables smooth rotation towards other algorithms. We’ll also discuss where new challenges arise and how we’re tackling them. For example, how to model the concept of a Key Encapsulation Mechanism (KEM), and how to best expose it as an API that follows our easy-to-use & hard-to-misuse philosophy. |
||
| 11:05-11:35 | Lenka Marekova (ETH Zurich) | |
| Analysis of the Telegram Key Exchange We describe, formally model, and prove the security of Telegram’s key exchange protocols for client-server communications. Our security proofs reduce the security of the protocols to that of their cryptographic building blocks, but the subsequent analysis of those building blocks requires the introduction of a number of novel security assumptions, reflecting many design decisions made by Telegram that are suboptimal from the perspective of formal analysis. In this talk, I’ll discuss the difficulties we encountered on the way as well as the broader lessons about protocol design that can be taken from our work. This talk is based on joint work with Martin R. Albrecht, Kenny Paterson, Eyal Ronen, and Igors Stepanovs. |
||
| 11:35-12:05 | Subhadeep Banik (USI Lugano) | |
| The TEA-3 Encryption Algorithm We present a number of observations on TEA-3, a stream cipher used in TETRA radio networks that was kept secret until recently. While the same also holds for the six other TETRA encryption algorithms, we pick TEA-3 to start with, as (i) it is not obviously weakened as TEA-1,4,7 but (ii) in contrast to TEA-2 it is approved for extra-European emergency service, and (iii) as already noted by Meijer et al at USENIX23 the TEA-3 design surprisingly contains a non-bijective S-box. Most importantly, we show that the 80-bit non-linear feedback shift register operating on the key decomposes into a cascade of two 40-bit registers. Although this hints at an intentional weakness at first glance, we are not able to lift our results to a practical attack. Also we shed some light as to why the length of the initial vector used in the cipher is limited to 29 bits. |
||
| 12:05-14:00 | Lunch Break | |
| 14:00-15:00 | Session 2 (Short Talks, 6 minutes each) | |
| Nan Cheng (Univ of St Gallen) Mixed-protocol multi-party secure computation The advantage of mixed-protocol multi-party secure computation frameworks lies in their ability to utilize different sharing types optimally for diverse tasks. A key module in these frameworks are Boolean-to-arithmetic secret sharing conversion protocols, which transfer a secret value from Boolean secret sharing to arithmetic secret sharing. This conversion process can either take in the Boolean secret sharing of a bit or a secret binary string. In this talk, I will introduce an innovative correlated random tuple for this task in the semi-honest three-party (3PC) setting. This tuple provides the basis for building Boolean-to-arithmetic share conversion protocols. When it comes to concrete efficiency, the proposed B2A protocol shows superior performance compared to the existing state-of-the-art in ABY3 (CCS ’18). It achieves this by reducing the total required communication from 2ℓ bits per party to 4ℓ/3 + 1 bits (including 4ℓ/3 bits in the setup phase, and 1 bit in the online phase) per party, while maintaining a single round of optimized communication. |
||
| Zijing Di (EPFL) Quantum Rewinding for IOP-Based Succinct Arguments We analyze the post-quantum security of succinct interactive arguments constructed from interactive oracle proofs (IOPs) and vector commitment schemes. We prove that an interactive variant of the BCS transformation is secure in the standard model against quantum adversaries when the vector commitment scheme is collapsing. Our security reduction relies on quantum rewinding to extract a quantum IOP adversary (a quantum algorithm) that is almost “as good as” the given quantum argument adversary. We contribute a quantum rewinding strategy that overcomes limitations of prior work on the post-quantum security of Kilian’s succinct interactive argument, which is instead based on probabilistically checkable proofs (PCPs). As an application of our results, we obtain post-quantum secure succinct arguments, in the standard model (no oracles), with the best asymptotic complexity known. |
||
| Nicholas Brandt (ETH Zurich) Unbiasable Verifiable Random Function from Generic Assumptions We present conceptually simple constructions of verifiable random functions (VRF) that fulfill strong notions of unbiasability recently introduced by Giunta and Stewart [Eurocrypt24]. VRFs with such strong properties were previously only known in the random oracle model or from the decisional Diffie-Hellman assumption with preprocessing. In contrast, our constructions are based on generic assumptions and are thus the first to be plausibly post-quantum secure. |
||
| Giacomo Borin (IBM Research Zurich) PRISM: Simple And Compact Signatures From Large Prime Degree Isogenies The problem of computing an isogeny of large prime degree from a supersingular elliptic curve of unknown endomorphism ring is assumed to be hard both for classical as well as quantum computers. Using the hash-and-sign paradigm, we show how to derive from this problem a signature scheme with a very simple and flexible signing procedure, comparable to SQIsign in efficiency, but amenable for more complex advanced constructions. |
||
| Ryan Rueger (IBM/TUM) PEGASIS: Practical Effective Class Group Action using 4-dimensional Isogenies Many cryptographic primitives can be instantiated from group actions, however, for advanced constructions, the action must be unrestricted; that is, it must be possible to evaluate the action on arbitrary group elements efficiently, not just polynomially many generators. Using 4-dimensional isogenies, we unrestrict the action of CSIDH whilst scaling better than the SCALLOP family, yielding the first unrestricted post-quantum cryptographic group action that is both practically and asymptotically efficient. Our proof-of-concept sagemath implementation beats the state-of-the-art of unrestricted actions, taking 1.5s (resp. 122s) to evaluate at 128bits (resp. 1000bits) of classical security; whilst only being slower by a factor of 40 in comparison to the C implementation of CSIDH (which is restricted). Allowing for high classical security parameters encourages belief in quantum resistance of the construction. |
||
| Jenit Tomy (Univ of St Gallen) BUFFing Threshold Signature Schemes We explore advanced security notions for threshold signature schemes, focusing on Beyond Un-Forgeability Features (BUFF). The BUFF properties protect against attacks based on maliciously chosen keys, e.g., expropriating a message-signature pair under a new public key (called exclusive ownership). We formalize these notions in the threshold setting and examine their relationships. We then present a generic compiler that transforms any threshold signature scheme to satisfy exclusive ownership, and message-bound signature properties with minimal overhead. This talk is based on joint work with Marc Fischlin and Katerina Mitrokotsa. |
||
| 15:00-15:30 | Break | |
| 15:30-17:00 | Session 3 | |
| 15:30-16:00 | Jayamine Alupotha (University of Bern) | |
| Anonymous Self-Credentials and their Application to Single-Sign-On Modern life makes having a digital identity no longer optional, whether one needs to manage a bank account or subscribe to a newspaper. As the number of online services increases, it is fundamental to safeguard user privacy and equip service providers (SP) with mechanisms enforcing Sybil resistance, i.e., preventing a single entity from showing as many. Current approaches, such as anonymous credentials and self-sovereign identities, typically rely on identity providers or identity registries trusted not to track users’ activities. However, this assumption of trust is no longer appropriate in a world where user data is considered a valuable asset. To address this challenge, we introduce a new cryptographic notion, Anonymous Self-Credentials (ASC), along with two implementations. This approach enables users to maintain their privacy within an anonymity set while allowing SPs to obtain Sybil resistance. Then, we present a User-issued Unlinkable Single Sign-On (U2SSO) implemented from ASC that solely relies on an identity registry to immutably store identities. U2SSO solution allows users to generate unlinkable child credentials for each SP using only one set of master credentials. We demonstrate the practicality and efficiency of our U2SSO solution by providing a complete proof of concept. |
||
| 16:00-16:30 | Andrea Cerulli (DFINITY) | |
| Integrating Threshold Signatures on the Internet Computer Threshold signatures offer significant advantages in distributed systems, providing enhanced security and fault tolerance by requiring multiple parties to collaborate in signing a message. However, integrating threshold signatures into real-world systems comes with a unique set of challenges. In this talk we explore some of the practical challenges faced when integrating threshold signatures schemes on the Internet Computer blockchain and how these challenges affected key design decisions. |
||
| 16:30-16:40 | Closing Remarks | |
Registration
Participation is free of cost but is necessary for planning and organization. Please register at the following Link
Registration deadline 27th March 2025.
Venue & Logistics
Lugano, Switzerland
Lugano, the largest town in the holiday region of Ticino, is not only Switzerland's third most important financial centre and a conference, banking and business centre, but also a town of parks and flowers, villas and sacred buildings. With Mediterranean flair, Lugano offers all the advantages of a world-class city, combined with the cachet of a small town.
Lugano lies in a bay on the northern side of Lake Lugano, surrounded by numerous mountains offering splendid viewpoints. The traffic-free historic town centre, the numerous buildings in Italianate Lombardy style, the exclusive museums, the mountains, lake and a packed calendar of events all invite visitors to see the sights, soak up the atmosphere - and enjoy "dolce far niente". Thanks to its mild climate, Lugano is a popular tourist destination from spring to fall.
The town centre with its Mediterranean-style squares and arcades, and numerous parks with sub-tropical plants such as the Parco Civico on the shores of the lake invite you to laze around, enjoying the atmosphere. By the lakeside promenade are the Belvedere Gardens, where the parkland boasts not only camellias and magnolias but also countless sub-tropical plants and modern works of art. (Text and images courtesy of Swiss Tourism)
Watch the video to get a feeling of Lugano and its atmosphere! HERE
Travel & Access
Lugano is best reachable by train or by air.
- By Air:
Zurich airport is approx. 200 km away from Lugano, but very conveniently connected with it by frequent trains. It takes around 2.5 hours to reach Lugano from Zurich airport. Zurich airport is serving all major worldwide destinations. The train ticket to Lugano can be purchased shortly before the trip (no need to pre-book).
Lugano is reasonably well connected to Milano (about 60km distance). Milano has three airports: Malpensa (Terminal 1, Terminal 2), Linate, and Bergamo. The Malpensa Airport, which is the closest to Lugano, is connected to Lugano by train http://www.sbb.ch/ The Milano Linate and Bergamo airports are not directly connected to Lugano - passengers first need to take a shuttle bus or a train to Milano City Center and then take a train to Lugano. It will take approx. 3-4 hours from Bergamo or Linate to reach Lugano. - By Train:
Lugano train station is well connected to all major cities in Europe, e.g., Rome (via Milan), Frankfurt, or Paris (both via Zurich). Using the train is not only the most convenient but also the most environmentally friendly option to reach Lugano. Trains coming from Zurich will travel through the new Gotthard Base Tunnel - the world's longest and deepest travel tunnel, completed in 2016 after 20 years of work. Sample travel times in hours and minutes: 1:15 from Milan, 2:08 from Zurich, 4:25 from Rome, 6:16 from Frankfurt, and 7:00 from Paris.
Train tickets inside Switzerland have fixed prices, there is no difference between pre-booking and getting your tickets at the vending machines. Make sure you get your ticket before boarding the train: ticket sales in the train are subject to higher fees. Tickets and schedules are available at http://www.sbb.ch/. If you are planning to travel a lot inside Switzerland by train, it might be worth getting a travel pass (e.g., Swiss Travel Pass or the "Half-Fare Travel card") - see https://www.swiss-pass.ch/. - By Car: We strongly advise against traveling to Lugano by car. If you are coming from Zurich, the Gotthard road tunnel is often a major bottleneck, with traffic jams of several hours each weekend. From Milan, the border at Como-Chiasso will often result in long waiting lines. Plus: once in Lugano, finding parking is difficult and expensive. You do not need a car in Lugano: the symposium venue (i.e., the University) is a 10-minute walk from the city center and most hotels. An efficient and frequent bus service connects all parts of the city (especially all recommended hotels and the University). Trains are connecting Lugano with surrounding cities, villages and attractions. However, if you want a rental car, both the airport and the train station feature a number of rental agencies.
Conference Venue
The Spring Crypto Day 2025 will take place in the Aula Polivalente, East Campus of the "Università della Svizzera italiana" - or USI for short. The East Campus of USI is located in Lugano (Switzerland), in Via la Santa 1, Viganello neighborhood. USI is Switzerland’s most international university, and one of the 12 certified public universities in Switzerland coordinated by swissuniversities.
Established in 1996, USI has grown steadily and includes today five Faculties: Architecture, Economics, Communication Sciences, Informatics and Biomedical Sciences. USI currently counts also three affiliated entities, the Institute for Research in Biomedicine (IRB, Bellinzona), the Institute for Oncology Research (IOR, Bellinzona) and the Dalle Molle Institute for Artificial Intelligence (IDSIA, Manno).
The Faculty of Informatics stands out as a centre of competence in advanced informatics. Since its inception in 2004, it has become one of Switzerland’s major poles for informatics teaching and research, ranking third after the two Federal Institutes of Technology, ETH Zurich and EPFL in Lausanne. It features a faculty of ~30 professors, 40+ postdocs and more than 100 PhD students.
</p>
Mailing list
To subscribe to the mailing list, please visit list.inf.unibe.ch or send an empty email to: swisscryptoday-join@list.inf.unibe.ch.