-- Quo Vadis Cryptology 4 Conference --
"The Future of Financial and Critical Data Security"

May 26, 2006, (the Friday just before Eurocrypt 2006)

Hotel LORD (near the Warsaw Airport), Street: Krakowska 218, Warsaw, Poland

(Note: citizens of most countries, including USA, all EU countries, Australia, New Zealand, Canada, Switzerland, Israel, Korea, Japan but excluding Russia, can travel to Poland for up to 90 days without a visa, see this page).

Confirmed Invited Speakers:

09h-10h30 prof. Arjen Lenstra [Ecole Polytechnique Fédérale de Lausanne, Switzerland]

Title: Quo Vadis Indeed - What's Next ? Abstract: Cryptology is not something Corporate Information Security Officers worry about as long as their company complies with the common industrial standards, implements well known best practices, and follows the recommendations of the usual governmental agencies.It becomes a bit of a concern, however, when the standards fall apart, there are no obvious best practices to follow, and the trusted agencies don't know what to recommend either or make recommendations that could prove hard to follow. In this presentation several recent cryptology-related events will be discussed that could make one think that there is reason for concern: the recent hash cryptanalysis, the vulnerabilities it leads to and their potential implications, and the Suite B of cryptographic protocols that was announced by the US National Institute for Standards and Technology.


11h-12h30 prof. Moti Yung [Director of Advanced Authentication Research at RSA Laboratories and Professor at Columbia University, USA]

Title: Authentication of Financial Transactions: current practices and future challenges Abstract: The talk will cover the current trends of financial institutions in protecting on-line services such as on-line consumer banking. The trends are motivated by regulatory requirements and the increased awareness of what is known as phishing attacks. While this first part discusses the existing concerns and methods, I will also cover what contemporary research can bring in a more later times. Thus, the talk will also cover some possible directions for future cryptographic systems and how new strong authentication methods has the potential to contribute to future offerings in the area of financial services.


14h-15h30 dr. Nicolas T. Courtois [Cryptologist at Axalto Smart Cards, Louveciennes, France]

Title: The Future of Data Security, a Personal Vision. Abstract: In this talk we will look at some recent events concerning the data security: an epidemic of fraud, personal and financial data compromise, and the growing insecurity in the digital world. We propose that the security should be based on two pillars: limitations and liability. We will acclaim the recent legal initiatives that come from the US such as the Gramm-Leach-Bliley act and SB1386 that to some extent mean to force financial institutions to care about, and in particular to encrypt people's data. This is certainly a direction to be recommended. But anyway, can we trust an encryption algorithm, and what about these weird algebraic attacks and persistent rumours that AES would have already been broken ? In order to illustrate the idea of an algebraic attack on block ciphers that according to many people has never existed, during my talk I will break in 1 hour on my laptop PC a completely general block cipher with good diffusion and no special structure or weakness other than the low I/O degree of its S-boxes, with 6 rounds and 192 S-boxes (nearly as many as in AES itself). The attack recovers the key by solving a large system of equations and requires only a handful of plaintext, ciphertext pairs. Finally I will explain how the economy and financial markets can help security researchers to get it right. My proposal is to bridge the gap between security and the real life by betting on the security of essential products and algorithms with real money. I propose to create a traded derivative market that would reward (at last) the people that are right, and punish those that by their ignorance, incompetence or because of a hidden agenda, put everybody's security at a great risk.


16h-17h Makato Sugita [Cryptography Research and Evaluation Group, IT Security Center (ISEC) at IPA, Information-technology Promotion Agency, Japan]

Recently, Wang proposed a new method to cryptanalyze SHA-1 and found collisions of 58-round SHA-1. However many details of Wang's attack are still unpublished, especially, 1) How to find differential paths? 2) How to modify messages properly? In this talk, we clarify the second issue and give a sophisticated method based on Groebner basis techniques. The complexity of our algorithm to find a collision for 58-round SHA-1 based on the basic message modification is $2^{29}$ message modifications and its implementation is equivalent to $2^{31}$ SHA-1 computation experimentally, whereas Wang's method needs $2^{34}$ SHA-1 computation. We propose an improved message modification and apply it to construct a more sophisticated algorithm to find a collision. The complexity to find a collision for 58-round SHA-1 based on this improved message modification technique is $2^8$ message modifications, but our latest implementation is very slow, equivalent to 2^{31} SHA-1 computation experimentally. However we conjecture that our algorithm can be improved by techniques of error correcting code and Groebner basis. By using our methods, we have found many collisions for$58$-round SHA-1. We will introduce CRYPTREC, Japanese standardization effort of cryptographic algorithms.

Workshop fee (including lecture notes): 640 PLN +22% VAT = 781 PLN (approx. 200 Euro (incl. VAT), or $242 US (incl. VAT))

Payment method: Send email to tentatively inform that you plan to come (you may still cancel). Then pay by cash or by credit card at the workshop.

Accommodation: Please contact hotel LORD, tel: (48 22) 574 20 20, fax: (48 22) 574 21 21, e-mail: okecie@hotellord.com.pl. You can also consider other hotels in the Warsaw airport area or in central Warsaw. Due to the visit of the Pope Benedict 16th in Poland May 25, this can be quite difficult, please book in advance.

Program Committee:

dr. Nicolas Courtois [program chair, Axalto Smart Cards, Louveciennes, France]

dr. Kris Gaj [general chair, George Mason University, USA]

dr. Anna Górska [local arrangements chair, Enigma, Poland]

prof. Arjen Lenstra [Ecole Polytechnique Fédérale de Lausanne, Switzerland]

prof. Moti Yung [Director of Advanced Authentication Research at RSA Laboratories and Professor at Columbia University, USA]

prof. Josef Pieprzyk [Director of Centre for Advanced Computing, Algorithms and Cryptography at Macquarie University, Sydney, Australia]

The main sponsor and local organiser of the conferences is

ENIGMA Information Security Systems Street: Cietrzewia 8, 02-492 Warsaw, Poland, phone: (+48 22 1033) 863 62 65, fax: (+48 22 1033) 863 62 65 ext. 25.

Previous Workshops in the series Quo Vadis Cryptology ?: